WO2023238230A1 - Système de chiffrement - Google Patents

Système de chiffrement Download PDF

Info

Publication number
WO2023238230A1
WO2023238230A1 PCT/JP2022/022942 JP2022022942W WO2023238230A1 WO 2023238230 A1 WO2023238230 A1 WO 2023238230A1 JP 2022022942 W JP2022022942 W JP 2022022942W WO 2023238230 A1 WO2023238230 A1 WO 2023238230A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
sbskl
fsk
generates
msk
Prior art date
Application number
PCT/JP2022/022942
Other languages
English (en)
Japanese (ja)
Inventor
冬航 北川
陵 西巻
Original Assignee
日本電信電話株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 日本電信電話株式会社 filed Critical 日本電信電話株式会社
Priority to PCT/JP2022/022942 priority Critical patent/WO2023238230A1/fr
Publication of WO2023238230A1 publication Critical patent/WO2023238230A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords

Definitions

  • the present invention relates to secret key functional cryptography.
  • an object of the present invention is to provide a private key functional cryptography technique that can prove that a function key has been deleted.
  • is a security parameter
  • q, n are parameters (q, n are integers greater than or equal to 1)
  • SKFE (SKFE.Setup, SKFE.KeyGen, SKFE.Enc, SKFE.Dec) is a private key.
  • CDSKE (CDSKE.KeyGen, CDSKE.Enc ⁇ , CDSKE.Dec ⁇ , CDSKE.Delete ⁇ , CDSKE.Vrfy) is a private key encryption that can delete ciphertext
  • F is a pseudorandom function
  • the security parameter ⁇ and parameters q, n a master secret key generation device that generates a master secret key i.msk, a secret key functional encryption SKFE, a secret key encryption CDSKE that can delete ciphertext, and a pseudorandom function F.
  • a key generation device that generates a function key i.fsk ⁇ and a verification key i.vk from a key i.msk and a function f, a secret key functional encryption SKFE, a secret key encryption CDSKE that can delete ciphertext, and a pseudorandom function F.
  • An encryption device that generates a ciphertext i.ct from a master secret key i.msk, an index idx (where idx satisfies idx ⁇ n), and a plaintext x using A decryption device that generates plaintext y from the function key i.fsk ⁇ and ciphertext i.ct using the private key encryption CDSKE that can delete the ciphertext, and a decryption device that generates the function key From i.fsk ⁇ , a verification key i .vk and the certificate i.cert, a certificate verification device that generates a verification result rslt of the certificate i.cert using the verification key i.vk.
  • is a security parameter
  • q, n are parameters (q, n are integers greater than or equal to 1)
  • SetHSS (SetGen, InpEncode, FuncEncode, Decode) is a set homomorphic secret sharing.
  • SKE (SKE.KeyGen, SKE.Enc, SKE.Dec) is a secret key cipher, and an index is required for ciphertext generation.
  • Private key functional encryption iSKFE-sbSKL and set homomorphism with function key deletion provable A master secret key generation device that generates a master secret key sbSKL.msk from security parameters ⁇ and parameters q, n using secret sharing SetHSS and secret key encryption SKE, and a function key that requires an index for ciphertext generation.
  • deletion-provable secret key functional encryption iSKFE-sbSKL set homomorphic secret sharing SetHSS, and secret key encryption SKE, from the master secret key sbSKL.msk and function f, function key sbSKL.fsk ⁇ and verification key sbSKL.
  • a master private key sbSKL.msk is created using a key generation device that generates vk, a private key functional encryption that can prove function key deletion iSKFE-sbSKL, and set homomorphic secret sharing SetHSS, which requires an index for ciphertext generation.
  • An encryption device that generates a ciphertext sbSKL.ct from plaintext
  • a decryption device that generates a plaintext y from a function key sbSKL.fsk ⁇ and a ciphertext sbSKL.ct, and a private key functional encryption iSKFE-sbSKL that requires an index to generate a ciphertext and can prove function key deletion.
  • a certificate generation device that uses sbSKL.fsk ⁇ to generate a certificate sbSKL.cert that proves that the function key sbSKL.fsk ⁇ has been deleted from the function key sbSKL.fsk ⁇ , and an index are required for ciphertext generation.
  • Function key deletion Proof that uses the provable private key functional encryption iSKFE-sbSKL to generate the verification result rslt of the certificate sbSKL.cert using the verification key sbSKL.vk from the verification key sbSKL.vk and the certificate sbSKL.cert. and a document verification device.
  • is a security parameter
  • q is the number of function keys that can be issued (q is an integer greater than or equal to 1)
  • n is the number of ciphertexts that can be used until function key deletion (n is an integer greater than or equal to 1).
  • SKFE-sbSKL (sbSKL.Setup, sbSKL.KeyGen ⁇ , sbSKL.Enc, sbSKL.Dec ⁇ , sbSKL.Cert ⁇ , sbSKL.Vrfy)
  • the number of ciphertexts that can be used before function key deletion is fixed.
  • SKFE-sbSKL a private key functional cryptography that can prove function key deletion, and the number of ciphertexts that can be used until function key deletion is fixed.
  • a master private key generation device that generates a master private key SKL.msk from a security parameter ⁇ and the number q of function keys that can be issued, and a function key whose number of ciphertexts that can be used before function key deletion is fixed.
  • the function key SKL.fsk ⁇ and the verification key are obtained from the master private key SKL.msk, the function f, and the number n of ciphertexts that can be used until the function key is deleted.
  • a key generation device that generates SKL.vk and a private key functional encryption SKFE-sbSKL that can prove function key deletion, in which the number of ciphertexts that can be used until function key deletion is fixed, the master private key SKL.
  • An encryption device that generates a ciphertext SKL.ct from .msk and plaintext Using sbSKL, a decryption device that generates plaintext y from function key SKL.fsk ⁇ and ciphertext SKL.ct, and function key deletion proof that the number of ciphertexts that can be used until function key deletion is fixed.
  • a certificate generation device that generates a certificate SKL.cert that proves that the function key SKL.fsk ⁇ has been deleted from the function key SKL.fsk ⁇ using the private key functional encryption SKFE-sbSKL; Using the private key functional encryption SKFE-sbSKL, in which the number of ciphertexts that can be used until key deletion is fixed, and which can prove function key deletion, the verification key SKL is obtained from the verification key SKL.vk and the certificate SKL.cert.
  • a certificate verification device that generates a verification result rslt of the certificate SKL.cert by .vk.
  • FIG. 1 is a block diagram showing the configuration of a cryptographic system 10.
  • FIG. 1 is a block diagram showing the configuration of a master private key generation device 100.
  • FIG. 3 is a flowchart showing the operation of the master private key generation device 100.
  • 2 is a block diagram showing the configuration of a key generation device 200.
  • FIG. 2 is a flowchart showing the operation of the key generation device 200.
  • 3 is a block diagram showing the configuration of an encryption device 300.
  • FIG. 3 is a flowchart showing the operation of the encryption device 300.
  • 4 is a block diagram showing the configuration of a decoding device 400.
  • FIG. 4 is a flowchart showing the operation of the decoding device 400.
  • 5 is a block diagram showing the configuration of a certificate generation device 500.
  • FIG. 1 is a block diagram showing the configuration of a master private key generation device 100.
  • FIG. 3 is a flowchart showing the operation of the master private key generation device 100.
  • 2 is a block diagram
  • FIG. 5 is a flowchart showing the operation of the certificate generation device 500.
  • 6 is a block diagram showing the configuration of a certificate verification device 600.
  • FIG. 6 is a flowchart showing the operation of the certificate verification device 600.
  • 1 is a block diagram showing the configuration of a cryptographic system 11.
  • FIG. 1 is a block diagram showing the configuration of a master private key generation device 101.
  • FIG. 2 is a flowchart showing the operation of the master private key generation device 101.
  • 2 is a block diagram showing the configuration of a key generation device 201.
  • FIG. 3 is a flowchart showing the operation of the key generation device 201.
  • 3 is a block diagram showing the configuration of an encryption device 301.
  • FIG. 3 is a flowchart showing the operation of the encryption device 301.
  • FIG. 4 is a block diagram showing the configuration of a decoding device 401.
  • FIG. 3 is a flowchart showing the operation of the decoding device 401.
  • 5 is a block diagram showing the configuration of a certificate generation device 501.
  • FIG. 5 is a flowchart showing the operation of the certificate generation device 501.
  • 6 is a block diagram showing the configuration of a certificate verification device 601.
  • FIG. 6 is a flowchart showing the operation of the certificate verification device 601.
  • 1 is a block diagram showing the configuration of a cryptographic system 12.
  • FIG. 1 is a block diagram showing the configuration of a master private key generation device 102.
  • FIG. 3 is a flowchart showing the operation of the master private key generation device 102.
  • 2 is a block diagram showing the configuration of a key generation device 202.
  • 3 is a flowchart showing the operation of the key generation device 202.
  • 3 is a block diagram showing the configuration of an encryption device 302.
  • FIG. 3 is a flowchart showing the operation of the encryption device 302. 4 is a block diagram showing the configuration of a decoding device 402.
  • FIG. 4 is a flowchart showing the operation of the decoding device 402.
  • 5 is a block diagram showing the configuration of a certificate generation device 502.
  • ⁇ (caret) represents a superscript.
  • x y ⁇ z indicates that y z is a superscript to x
  • x y ⁇ z indicates that y z is a subscript to x
  • _ (underscore) represents a subscript.
  • x y_z indicates that y z is a superscript to x
  • x y_z indicates that y z is a subscript to x.
  • f ⁇ negl indicates that f is a function that can be ignored
  • f>negl indicates that f is a function that cannot be ignored.
  • w represents a string that is the concatenation of strings r and w.
  • w represents a sequence of values that are the concatenation of the values r and w.
  • the secret key cipher SKE for plaintext space ⁇ X is a set of three stochastic polynomial time algorithms (SKE.KeyGen, SKE.Enc, SKE.Dec).
  • SKE.KeyGen(1 ⁇ ) ⁇ K The key generation algorithm SKE.KeyGen takes the security parameter ⁇ as input and outputs the secret key K ⁇ 0, 1 ⁇ ⁇ .
  • SKE.Enc(K, x) ⁇ ct The encryption algorithm SKE.Enc takes as input the secret key K and the plaintext x ⁇ X, and outputs the ciphertext ct of the plaintext x.
  • SKE.Dec(K, ct) ⁇ y The decryption algorithm SKE.Dec takes the private key K and the ciphertext ct as input, and outputs the plaintext y ⁇ X or ⁇ .
  • SKFE.Setup(1 ⁇ ) ⁇ msk The setup algorithm SKFE.Setup takes the security parameter ⁇ as input and outputs the master secret key msk. Note that to clearly indicate that the setup algorithm SKFE.Setup uses a random number r, it may be expressed as SKFE.Setup(1 ⁇ ;r). If there is an upper limit to the number of function keys that can be issued, it is expressed as SKFE.Setup(1 ⁇ , 1 q ) (where q is the function key that can be issued).
  • SKFE.KeyGen(msk, f) ⁇ fsk The key generation algorithm SKFE.KeyGen takes as input the master secret key msk and the function f ⁇ F, and outputs the function key fsk.
  • SKFE.Enc(msk, x) ⁇ ct The encryption algorithm SKFE.Enc takes as input the master secret key msk and the plaintext x ⁇ X, and outputs the ciphertext ct of the plaintext x.
  • SKFE.Dec(fsk, ct) ⁇ y The decryption algorithm SKFE.Dec takes the function key fsk and the ciphertext ct as input, and outputs y ⁇ Y or ⁇ .
  • Proposition If a one-way function exists, there exists a secret key functional cryptography that can generate a predetermined polynomial number of function keys and can be applied to a circuit of any polynomial size. Proposition: If indiscernibility obfuscation and one-way functions exist, then there exists a secret-key functional cryptography that can generate an unlimited number of polynomial function keys and for circuits of arbitrary polynomial size.
  • CDSKE is a secret key cipher that can delete ciphertext for plaintext space ⁇ X and key space ⁇ K.
  • CDSKE is a set of two stochastic polynomial time algorithms and three quantum polynomial time algorithms (CDSKE.KeyGen, CDSKE.Enc ⁇ , CDSKE.Dec ⁇ , CDSKE.Delete ⁇ , CDSKE.Vrfy).
  • CDSKE.KeyGen and CDSKE.Vrfy are stochastic polynomial time algorithms
  • CDSKE.Enc ⁇ , CDSKE.Dec ⁇ , and CDSKE.Delete ⁇ are quantum polynomial time algorithms.
  • CDSKE.KeyGen(1 ⁇ ) ⁇ sk The key generation algorithm CDSKE.KeyGen takes the security parameter ⁇ as input and outputs the secret key sk ⁇ K. Note that to clearly indicate that the key generation algorithm CDSKE.KeyGen uses a random number r, it may be expressed as CDSKE.KeyGen(1 ⁇ ; r).
  • the encryption algorithm CDSKE.Enc ⁇ takes as input the secret key sk and plaintext x ⁇ X, and uses the ciphertext ct ⁇ of plaintext x and the verification key vk Output. Note here that the ciphertext ct ⁇ is in a quantum state.
  • CDSKE.Dec ⁇ (sk, ct ⁇ ) ⁇ y The decryption algorithm CDSKE.Dec ⁇ takes the secret key sk and the ciphertext ct ⁇ as input, and outputs the plaintext y ⁇ X or ⁇ .
  • CDSKE.Delete ⁇ (ct ⁇ ) ⁇ cert The deletion algorithm CDSKE.Delete ⁇ takes the ciphertext ct ⁇ as input and outputs a certificate cert that proves that the ciphertext ct ⁇ has been deleted.
  • CDSKE.Vrfy(vk, cert) ⁇ T/ ⁇ The verification algorithm CDSKE.Vrfy takes the verification key vk and certificate cert as input, and outputs T or ⁇ .
  • T, ⁇ is the verification result of certificate cert by verification key vk, if the output is T, it means that certificate cert is verified by verification key vk, and if the output is ⁇ , certificate cert is verified. Each indicates that it was not verified by key vk.
  • plaintext x can be obtained.
  • the ciphertext ct ⁇ can be deleted by CDSKE.Delete ⁇ (ct ⁇ )
  • the certificate cert generated by CDSKE.Delete ⁇ (ct ⁇ ) can be deleted by CDSKE.Enc ⁇ (sk, x).
  • the verification using the verification key vk always passes. In other words, the output of CDSKE.Vrfy(vk, cert) is T. Even if an attacker obtains the private key after deleting the ciphertext, it is guaranteed that the attacker will not be able to know the contents of the plaintext of the deleted ciphertext.
  • Reference Non-Patent Document 2 a private key cryptosystem capable of deleting a ciphertext is described in Reference Non-Patent Document 2.
  • Reference Non-Patent Document 2 Taiga Hiroka, Tomoyuki Morimae, Ryo Nishimaki, and Takashi Yamakawa, “Quantum encryption with certified deletion, revisited: Public key, attribute-based, and classical communication,” In Mehdi Tibouchi and Huaxiong Wang, editors, Advances in Cryptology - ASIACRYPT 2021 - 27th International Conference on the Theory and Application of Cryptology and Information Security, Singapore, December 6-10, 2021, Proceedings, Part I, volume 13090 of Lecture Notes in Computer Science, pp.606-636, Springer, 2021.
  • [Set homomorphic secret sharing] The set homomorphic secret sharing SetHSS for the input space ⁇ X, output space ⁇ Y, and function space ⁇ F is a set of four stochastic polynomial time algorithms (SetGen, InpEncode, FuncEn
  • SetGen (1 ⁇ ) ⁇ (p, k, (T i ) i ⁇ [m] ):
  • the set generation algorithm SetGen takes the security parameter ⁇ as input, and generates the parameters p, k and a set of m (T i ) i ⁇ Output [m] .
  • params: (p, k, (T i ) i ⁇ [m] ).
  • InpEncode(params, x) ⁇ (x i ) i ⁇ [m] Input encryption algorithm InpEncode takes params and input x ⁇ X as input, and outputs the division of input x (x i ) i ⁇ [m] do.
  • FuncEncode(params, f) ⁇ (f i ) i ⁇ [m] Functional encryption algorithm FuncEncode takes params and function f ⁇ F as input, and outputs the division of function f (f i ) i ⁇ [m] do.
  • Decode ((f i ( x i )) i ⁇ [m] ) ⁇ y:
  • the decoding algorithm Decode is a set ( f i (x i )) Takes i ⁇ [m] as input and outputs y ⁇ Y.
  • Proposition If a one-way function exists, then secure set homomorphic secret sharing exists.
  • Reference Non-Patent Document 3 Aayush Jain, Alexis Korb, Nathan Manohar, and Amit Sahai, “Amplifying the security of functional encryption, unconditionally,” In Daniele Micciancio and Thomas Ristenpart, editors, CRYPTO 2020, Part I, volume 12170 of LNCS , pp.717-746, Springer, Heidelberg, August 2020.
  • a secret key functional cryptography with function key deletion provability for plaintext space ⁇ X, output space ⁇ Y, and function space ⁇ F is a set of three probabilistic polynomial time algorithms and three quantum polynomial time algorithms (Setup, KeyGen ⁇ , Enc, Dec ⁇ , Cert ⁇ , Vrfy).
  • Setup, Enc, and Vrfy are stochastic polynomial time algorithms
  • KeyGen ⁇ , Dec ⁇ , and Cert ⁇ are quantum polynomial time algorithms.
  • the setup algorithm Setup takes as input the security parameter ⁇ and the number of function keys q that can be issued, and outputs the master secret key msk.
  • the key generation algorithm KeyGen ⁇ uses the master secret key msk, the function f ⁇ F, and the number n of ciphertexts that can be used until the function key is deleted. It takes as input and outputs function key fsk ⁇ and verification key vk. Note here that the function key fsk ⁇ is a quantum state.
  • Enc(msk, x) ⁇ ct The encryption algorithm Enc takes as input the master secret key msk and the plaintext x ⁇ X, and outputs the ciphertext ct of the plaintext x.
  • Dec ⁇ (fsk ⁇ , ct) ⁇ y The decryption algorithm Dec ⁇ takes the function key fsk ⁇ and the ciphertext ct as input, and outputs the plaintext y ⁇ Y or ⁇ .
  • Cert ⁇ (fsk ⁇ ) ⁇ cert The certificate algorithm Cert ⁇ takes the function key fsk ⁇ as input and outputs a certificate cert that proves that the function key fsk ⁇ has been deleted.
  • Vrfy(vk, cert) ⁇ T/ ⁇ The verification algorithm Vrfy takes the verification key vk and certificate cert as input, and outputs T or ⁇ .
  • T, ⁇ is the verification result of certificate cert by verification key vk, if the output is T, it means that certificate cert is verified by verification key vk, and if the output is ⁇ , certificate cert is verified. Each indicates that it was not verified by key vk.
  • private key functional cryptography that can prove function key deletion.
  • private key functional encryption iSKFE-sbSKL which requires an index for ciphertext generation and can prove function key deletion
  • (2) a fixed number of ciphertexts that can be used before function key deletion (3) private key functional encryption SKFE-sbSKL that can prove function key deletion, and (3) private key functional encryption SKFE-SKL that can prove function key deletion.
  • the secret key functional encryption iSKFE-sbSKL is a set of three probabilistic polynomial time algorithms and three quantum polynomial time algorithms (i.Setup, i.KeyGen ⁇ , i.Enc, i.Dec ⁇ , i.Cert ⁇ , i.Vrfy).
  • i.Setup (1 ⁇ , 1 q , n):
  • i.KeyGen ⁇ (i.msk, f):
  • the key generation algorithm i.KeyGen ⁇ takes as input the master secret key i.msk and the function f ⁇ F, and executes the following steps.
  • Decompose master secret key i.msk (q, n, K).
  • decomposition means parsing.
  • For j 1, ..., n, r j
  • the secret key functional encryption iSKFE-sbSKL requires an index for ciphertext generation. It is a private key functional cryptography that can prove key deletion and is safe.
  • SKFE-sbSKL is a set of three stochastic polynomial time algorithms and three quantum polynomial time algorithms (sbSKL.Setup, sbSKL.KeyGen ⁇ , sbSKL.Enc, sbSKL.Dec ⁇ , sbSKL.Cert ⁇ , sbSKL .Vrfy).
  • sbSKL.Setup (1 ⁇ , 1 q , n):
  • the setup algorithm sbSKL.Setup takes the security parameter ⁇ and parameters q, n as input and executes the following steps.
  • the parameter q represents the number of function keys that can be issued.
  • sbSKL.KeyGen ⁇ (sbSKL.msk, f):
  • sbSKL.Enc (sbSKL.msk, x):
  • sbSKL.Dec ⁇ (sbSKL.fsk ⁇ , sbSKL.ct):
  • sbSKL.Vrfy (sbSKL.vk, sbSKL.cert):
  • SKFE-sbSKL secret key functional encryption
  • iSKFE-sbSKL private key functional cryptography with provable function key deletion
  • set homomorphic secret sharing SetHSS private key cryptography SKE
  • private key cryptography SKE private key cryptography is possible.
  • SKFE-sbSKL is a private key functional encryption that can prove function key deletion and is secure, with a fixed number of ciphertexts that can be used until function key deletion.
  • SKFE-SKL is a private key functional encryption with provable function key deletion, in which the number of ciphertexts that can be used until function key deletion is fixed.
  • SKFE-SKL (sbSKL .Setup, sbSKL.KeyGen ⁇ , sbSKL.Enc, sbSKL.Dec ⁇ , sbSKL.Cert ⁇ , sbSKL.Vrfy).
  • SKFE-SKL is a set of three stochastic polynomial time algorithms and three quantum polynomial time algorithms (SKL.Setup, SKL.KeyGen ⁇ , SKL.Enc, SKL.Dec ⁇ , SKL.Cert ⁇ , SKL .Vrfy).
  • SKL.KeyGen ⁇ (SKL.msk, f, 1 n ):
  • the key generation algorithm SKL.KeyGen ⁇ is a master secret key SKL.msk, a function f ⁇ F, and the number n of ciphertexts that can be used before deleting the function key.
  • SKL.Vrfy (SKL.vk, SKL.cert): The verification algorithm SKL.Vrfy takes the verification key SKL.vk and certificate SKL.cert as input and executes the following steps. (1) Output sbSKL.Vrfy(SKL.vk, SKL.cert).
  • the secret key functional encryption SKFE-SKL is functional. It is a private key functional cryptography that can prove key deletion and is safe.
  • FIG. 1 is a block diagram showing an example of the configuration of a cryptographic system 10.
  • the cryptographic system 10 includes a master private key generation device 100, a key generation device 200, an encryption device 300, a decryption device 400, a certificate generation device 500, and a certificate verification device 600.
  • the master private key generation device 100, the key generation device 200, the encryption device 300, the decryption device 400, the certificate generation device 500, and the certificate verification device 600 are connected to a network 800 such as the Internet and can communicate with each other.
  • the master private key generation device 100, key generation device 200, encryption device 300, decryption device 400, certificate generation device 500, and certificate verification device 600 will be explained. do.
  • FIG. 2 is a block diagram showing an example of the configuration of the master private key generation device 100.
  • the master private key generation device 100 includes a first key generation section 110, a second key generation section 120, a transmission/reception section 180, and a recording section 190.
  • the transmitting/receiving unit 180 is a component for appropriately transmitting/receiving information that the master private key generation device 100 needs to exchange with other devices.
  • the recording unit 190 is a component that appropriately records information necessary for processing by the master private key generation device 100.
  • the recording unit 190 records, for example, the security parameter ⁇ and the parameters q, n (q, n are integers of 1 or more). Note that the parameter q represents the number of function keys that can be issued.
  • the operation of the master private key generation device 100 will be explained with reference to FIG.
  • the master private key generation device 100 generates a master private key i.msk from the security parameter ⁇ and parameters q, n. This will be explained in detail below.
  • the first key generation unit 110 generates the key K of the pseudorandom function F using K ⁇ 0, 1 ⁇ ⁇ .
  • the master private key generation device 100 records the master private key i.msk in the recording unit 190. Further, the master private key generation device 100 uses the transmitting/receiving unit 180 to transmit the master private key i.msk to the key generation device 200 and the encryption device 300. The key generation device 200 and the encryption device 300 record the received master private key i.msk in the recording unit 290 and the recording unit 390, respectively.
  • FIG. 4 is a block diagram showing an example of the configuration of the key generation device 200.
  • the key generation device 200 includes a decomposition section 210, a first key generation section 220, a second key generation section 230, a third key generation section 240, a fourth key generation section 250, a transmission/reception section 280, and a recording section 290.
  • the transmitting/receiving unit 280 is a component for appropriately transmitting/receiving information that the key generation device 200 needs to exchange with other devices.
  • the recording unit 290 is a component that appropriately records information necessary for processing by the key generation device 200.
  • the operation of the key generation device 200 will be explained according to FIG. 5.
  • the key generation device 200 uses the secret key function encryption SKFE, the secret key encryption CDSKE that can delete ciphertext, and the pseudorandom function F to verify the function key i.fsk ⁇ from the master secret key i.msk and the function f. Generate key i.vk. This will be explained in detail below.
  • the decomposition unit 210 obtains parameters q, n and key K from master private key i.msk.
  • the fourth key generation unit 250 generates the function key i. Generate fsk ⁇ and verification key i.vk.
  • FIG. 6 is a block diagram showing an example of the configuration of the encryption device 300.
  • the encryption device 300 includes a decomposition section 310, a key generation section 320, a first ciphertext generation section 330, a second ciphertext generation section 340, a transmission/reception section 380, and a recording section 390.
  • the transmitting/receiving unit 380 is a component for appropriately transmitting/receiving information that the encryption device 300 needs to exchange with other devices.
  • the recording unit 390 is a component that appropriately records information necessary for processing by the encryption device 300.
  • the decomposition unit 310 obtains parameters q, n and key K from master private key i.msk.
  • the key generation unit 320 generates r idx
  • the first ciphertext generation unit 330 generates ct idx by ct idx ⁇ SKFE.Enc(msk idx , x).
  • the encryption device 300 records the ciphertext i.ct in the recording unit 390. Furthermore, the encryption device 300 uses the transmission/reception unit 380 to transmit the ciphertext i.ct to the decryption device 400. The decryption device 400 records the received ciphertext i.ct in the recording unit 490.
  • the decryption device 400 generates plaintext y from the function key i.fsk ⁇ and the ciphertext i.ct using the secret key functional encryption SKFE and the secret key encryption CDSKE from which the ciphertext can be deleted. This will be explained in detail below.
  • the key generation unit 420 generates fsk idx by fsk idx ⁇ CDSKE.Dec ⁇ (cd.sk idx , cd.ct ⁇ idx ).
  • the plaintext generation unit 430 generates plaintext y by y ⁇ SKFE.Dec(fsk idx , ct idx ).
  • the decryption device 400 records the plaintext y in the recording unit 490.
  • FIG. 10 is a block diagram showing an example of the configuration of the certificate generation device 500.
  • the certificate generation device 500 includes a decomposition section 510, a first certificate generation section 520, a second certificate generation section 530, a transmission/reception section 580, and a recording section 590.
  • the transmitting/receiving unit 580 is a component for appropriately transmitting/receiving information that the certificate generation device 500 needs to exchange with other devices.
  • the recording unit 590 is a component that appropriately records information necessary for processing by the certificate generation device 500.
  • the operation of the certificate generation device 500 will be explained with reference to FIG.
  • the certificate generation device 500 generates a certificate i.cert that certifies that the function key i.fsk ⁇ has been deleted from the function key i.fsk ⁇ using the private key encryption CDSKE whose ciphertext can be deleted. . This will be explained in detail below.
  • the certificate generation device 500 records the certificate i.cert in the recording unit 590. Further, the certificate generation device 500 uses the transmission/reception unit 580 to transmit the certificate i.cert to the certificate verification device 600. The certificate verification device 600 records the received certificate i.cert in the recording unit 690.
  • FIG. 12 is a block diagram showing an example of the configuration of the certificate verification device 600.
  • Certificate verification device 600 includes a decomposition section 610, a certificate verification section 620, a transmitting/receiving section 680, and a recording section 690.
  • the transmitter/receiver 680 is a component for the certificate verification device 600 to appropriately transmit and receive information that needs to be exchanged with other devices.
  • the recording unit 690 is a component that appropriately records information necessary for processing by the certificate verification device 600.
  • the operation of the certificate verification device 600 will be explained according to FIG. 13.
  • the certificate verification device 600 generates the verification result rslt of the certificate i.cert using the verification key i.vk from the verification key i.vk and the certificate i.cert using the private key encryption CDSKE that can delete the ciphertext. do. This will be explained in detail below.
  • the certificate verification unit 620 sets T as the verification result if CDSKE.Vrfy(vk j , cert j ) is T for all j ⁇ [n], and otherwise sets ⁇ as the verification result. Generate verification result rslt.
  • certificate verification device 600 records the verification result rslt in the recording unit 690.
  • FIG. 14 is a block diagram showing an example of the configuration of the cryptographic system 11.
  • the cryptographic system 11 includes a master private key generation device 101, a key generation device 201, an encryption device 301, a decryption device 401, a certificate generation device 501, and a certificate verification device 601.
  • the master private key generation device 101, the key generation device 201, the encryption device 301, the decryption device 401, the certificate generation device 501, and the certificate verification device 601 are connected to a network 800 such as the Internet and can communicate with each other.
  • FIG. 15 is a block diagram showing an example of the configuration of the master private key generation device 101.
  • the master private key generation device 101 includes a parameter generation section 111 , a first key generation section 121 , a second key generation section 131 , a third key generation section 141 , a transmission/reception section 180 , and a recording section 190 .
  • the transmitter/receiver 180 is a component for the master private key generation device 101 to appropriately transmit and receive information that needs to be exchanged with other devices.
  • the recording unit 190 is a component that appropriately records information necessary for processing by the master private key generation device 101.
  • the recording unit 190 records, for example, the security parameter ⁇ and the parameters q, n (q, n are integers of 1 or more). Note that the parameter q represents the number of function keys that can be issued.
  • the master private key generation device 101 uses the secret key functional encryption iSKFE-sbSKL, set homomorphic secret sharing SetHSS, and private key encryption SKE, which requires an index for ciphertext generation and can prove function key deletion, to generate security parameters. Generate master secret key sbSKL.msk from ⁇ and parameters q, n. This will be explained in detail below.
  • the parameter generation unit 111 calculates , generate params.
  • the second key generation unit 131 generates the secret key K of the secret key encryption SKE by K ⁇ SKE.KeyGen(1 ⁇ ).
  • the master private key generation device 101 records the master private key sbSKL.msk in the recording unit 190. Further, the master private key generation device 101 uses the transmission/reception unit 180 to transmit the master private key sbSKL.msk to the key generation device 201 and the encryption device 301. The key generation device 201 and the encryption device 301 record the received master secret key sbSKL.msk in the recording unit 290 and the recording unit 390, respectively.
  • FIG. 17 is a block diagram showing an example of the configuration of the key generation device 201.
  • the key generation device 201 includes a decomposition section 211, an encryption section 221, a share generation section 231, a first key generation section 241, a second key generation section 251, a transmission/reception section 280, and a recording section 290.
  • the transmitting/receiving unit 280 is a component for appropriately transmitting/receiving information that the key generation device 201 needs to exchange with other devices.
  • the recording unit 290 is a component that records information necessary for processing by the key generation device 201 as appropriate.
  • the key generation device 201 generates a master secret key sbSKL using a private key functional encryption iSKFE-sbSKL, set homomorphic secret sharing SetHSS, and secret key encryption SKE, which requires an index for ciphertext generation and can prove function key deletion.
  • the decomposition unit 211 obtains params, N, (msk i ) i ⁇ [m] , K from the master secret key sbSKL.msk.
  • the key generation device 201 records the function key sbSKL.fsk ⁇ and the verification key sbSKL.vk in the recording unit 290. Further, the key generation device 201 uses the transmission/reception unit 280 to transmit the function key sbSKL.fsk ⁇ to the decryption device 401 and the certificate generation device 501. The decryption device 401 and the certificate generation device 501 record the received function key sbSKL.fsk ⁇ in the recording unit 490 and the recording unit 590, respectively. The key generation device 201 uses the transmission/reception unit 280 to transmit the verification key sbSKL.vk to the certificate verification device 601. The certificate verification device 601 records the received verification key sbSKL.vk in the recording unit 690.
  • FIG. 19 is a block diagram showing an example of the configuration of the encryption device 301.
  • the encryption device 301 includes a decomposition section 311, a share generation section 321, an index generation section 331, a first ciphertext generation section 341, a second ciphertext generation section 351, a transmission/reception section 380, and a recording section 390.
  • the transmitting/receiving unit 380 is a component for appropriately transmitting/receiving information that the encryption device 301 needs to exchange with other devices.
  • the recording unit 390 is a component that appropriately records information necessary for processing by the encryption device 301.
  • the operation of the encryption device 301 will be explained with reference to FIG.
  • the encryption device 301 uses the private key functional encryption iSKFE-sbSKL, which requires an index to generate a ciphertext and can prove function key deletion, and the set homomorphic secret sharing SetHSS to generate the master private key sbSKL.msk and the plaintext x. From this, generate the ciphertext sbSKL.ct. This will be explained in detail below.
  • the decomposition unit 311 obtains params, N, (msk i ) i ⁇ [m] , K from the master secret key sbSKL.msk.
  • the encryption device 301 records the ciphertext sbSKL.ct in the recording unit 390. Furthermore, the encryption device 301 uses the transmission/reception unit 380 to transmit the ciphertext sbSKL.ct to the decryption device 401. The decryption device 401 records the received ciphertext sbSKL.ct in the recording unit 490.
  • FIG. 21 is a block diagram showing an example of the configuration of the decoding device 401.
  • the decryption device 401 includes a decomposition section 411, a decryption section 421, a plaintext generation section 431, a transmission/reception section 480, and a recording section 490.
  • the transmitting/receiving unit 480 is a component for appropriately transmitting/receiving information that the decoding device 401 needs to exchange with other devices.
  • the recording unit 490 is a component that records information necessary for processing by the decoding device 401 as appropriate.
  • the decoding device 401 uses the function key deletion provable private key functional encryption iSKFE-sbSKL and set homomorphic secret sharing SetHSS, which requires an index for ciphertext generation, to generate the function key sbSKL.fsk ⁇ and the ciphertext sbSKL. Generate plaintext y from .ct. This will be explained in detail below.
  • the plaintext generation unit 431 generates plaintext y by y ⁇ Decode((y i ) i ⁇ [m] ).
  • the decryption device 401 records the plaintext y in the recording unit 490.
  • FIG. 23 is a block diagram showing an example of the configuration of the certificate generation device 501.
  • the certificate generation device 501 includes a decomposition section 511, a first certificate generation section 521, a second certificate generation section 531, a transmission/reception section 580, and a recording section 590.
  • the transmitting/receiving unit 580 is a component for the certificate generating device 501 to appropriately transmit and receive information that needs to be exchanged with other devices.
  • the recording unit 590 is a component that records information necessary for processing by the certificate generation device 501 as appropriate.
  • the operation of the certificate generation device 501 will be explained according to FIG. 24.
  • the certificate generation device 501 generates the function key sbSKL.fsk ⁇ from the function key sbSKL.fsk ⁇ using the private key functional encryption iSKFE-sbSKL, which requires an index for ciphertext generation and can prove function key deletion. Generate a certificate sbSKL.cert that proves deletion. This will be explained in detail below.
  • the certificate generation device 501 records the certificate sbSKL.cert in the recording unit 590. Further, the certificate generation device 501 uses the transmission/reception unit 580 to transmit the certificate sbSKL.cert to the certificate verification device 601. The certificate verification device 601 records the received certificate sbSKL.cert in the recording unit 690.
  • FIG. 25 is a block diagram showing an example of the configuration of the certificate verification device 601.
  • the certificate verification device 601 includes a decomposition section 611, a certificate verification section 621, a transmitting/receiving section 680, and a recording section 690.
  • the transmitter/receiver 680 is a component for the certificate verification device 601 to appropriately transmit and receive information that needs to be exchanged with other devices.
  • the recording unit 690 is a component that records information necessary for processing by the certificate verification device 601 as appropriate.
  • the operation of the certificate verification device 601 will be explained according to FIG. 26.
  • the certificate verification device 601 uses the private key functional encryption iSKFE-sbSKL, which requires an index to generate a ciphertext and can prove function key deletion, to generate a verification key from the verification key sbSKL.vk and the certificate sbSKL.cert. Generate the verification result rslt of the certificate sbSKL.cert using sbSKL.vk. This will be explained in detail below.
  • the certificate verification unit 621 sets T as the verification result if i.Vrfy(vk i , cert i ) is T for all i ⁇ [m], and otherwise sets ⁇ as the verification result. Generate verification result rslt.
  • FIG. 27 is a block diagram showing an example of the configuration of the cryptographic system 12.
  • the cryptographic system 12 includes a master private key generation device 102, a key generation device 202, an encryption device 302, a decryption device 402, a certificate generation device 502, and a certificate verification device 602.
  • the master private key generation device 102, the key generation device 202, the encryption device 302, the decryption device 402, the certificate generation device 502, and the certificate verification device 602 are connected to a network 800 such as the Internet and can communicate with each other.
  • the master private key generation device 102 key generation device 202, encryption device 302, decryption device 402, certificate generation device 502, and certificate verification device 602 will be explained. do.
  • the master private key generation device 102 records the master private key SKL.msk in the recording unit 190. Further, the master private key generation device 102 uses the transmission/reception unit 180 to transmit the master private key SKL.msk to the key generation device 202 and the encryption device 302. The key generation device 202 and the encryption device 302 record the received master secret key SKL.msk in the recording unit 290 and the recording unit 390, respectively.
  • FIG. 30 is a block diagram showing an example of the configuration of the key generation device 202.
  • the key generation device 202 includes a decomposition section 212, a first key generation section 222, a second key generation section 232, a transmission/reception section 280, and a recording section 290.
  • the transmitting/receiving unit 280 is a component for appropriately transmitting/receiving information that the key generation device 202 needs to exchange with other devices.
  • the recording unit 290 is a component that appropriately records information necessary for processing by the key generation device 202.
  • the recording unit 290 records, for example, the number n of ciphertexts that can be used until the function key is deleted (n is an integer of 1 or more).
  • the operation of the key generation device 202 will be explained according to FIG. 31.
  • the key generation device 202 generates a master private key SKL.msk and a function f using private key functional encryption SKFE-sbSKL, in which the number of ciphertexts that can be used until function key deletion is fixed, and which can prove function key deletion.
  • the function key SKL.fsk ⁇ and the verification key SKL.vk are generated from the number n of ciphertexts that can be used until the function key is deleted. This will be explained in detail below.
  • the first key generation unit 222 calculates t' such that 2 t'-1 ⁇ n ⁇ 2 t'-1 , and (fsk ⁇ t' , vk t' ) ⁇ sbSKL.KeyGen ⁇ (msk t ' , f) generates (fsk ⁇ t' , vk t' ).
  • the key generation device 202 records the function key SKL.fsk ⁇ and the verification key SKL.vk in the recording unit 290. Further, the key generation device 202 uses the transmission/reception unit 280 to transmit the function key SKL.fsk ⁇ to the decryption device 402 and the certificate generation device 502. The decryption device 402 and the certificate generation device 502 record the received function key SKL.fsk ⁇ in the recording unit 490 and the recording unit 590, respectively. The key generation device 202 uses the transmission/reception unit 280 to transmit the verification key SKL.vk to the certificate verification device 602. The certificate verification device 602 records the received verification key SKL.vk in the recording unit 690.
  • the operation of the encryption device 302 will be explained according to FIG. 33.
  • the encryption device 302 uses a private key functional encryption SKFE-sbSKL that can prove function key deletion, in which the number of ciphertexts that can be used until function key deletion is fixed, and uses master private key SKL.msk and plaintext x From this, generate the ciphertext SKL.ct. This will be explained in detail below.
  • the encryption device 302 records the ciphertext SKL.ct in the recording unit 390. Furthermore, the encryption device 302 uses the transmission/reception unit 380 to transmit the ciphertext SKL.ct to the decryption device 402. The decryption device 402 records the received ciphertext SKL.ct in the recording unit 490.
  • FIG. 34 is a block diagram showing an example of the configuration of the decoding device 402.
  • the decryption device 402 includes a decomposition section 412, a plaintext generation section 422, a transmission/reception section 480, and a recording section 490.
  • the transmitting/receiving unit 480 is a component for appropriately transmitting/receiving information that the decoding device 402 needs to exchange with other devices.
  • the recording unit 490 is a component that appropriately records information necessary for processing by the decoding device 402.
  • the decryption device 402 uses the function key SKL.fsk ⁇ and the ciphertext SKL using a private key functional encryption SKFE-sbSKL that can prove function key deletion, in which the number of ciphertexts that can be used until function key deletion is fixed. Generate plaintext y from .ct. This will be explained in detail below.
  • the plaintext generation unit 422 generates plaintext y by y ⁇ sbSKL.Dec ⁇ (fsk ⁇ t' , ct t' ).
  • the decryption device 402 records the plaintext y in the recording unit 490.
  • FIG. 36 is a block diagram showing an example of the configuration of the certificate generation device 502.
  • the certificate generation device 502 includes a decomposition section 512, a certificate generation section 522, a transmission/reception section 580, and a recording section 590.
  • the transmitting/receiving unit 580 is a component for appropriately transmitting and receiving information that the certificate generation device 502 needs to exchange with other devices.
  • the recording unit 590 is a component that appropriately records information necessary for processing by the certificate generation device 502.
  • the operation of the certificate generation device 502 will be explained according to FIG. 37.
  • the certificate generation device 502 uses private key functional encryption SKFE-sbSKL, in which the number of ciphertexts that can be used until function key deletion is fixed, and which can prove function key deletion, from the function key SKL.fsk ⁇ . Generate a certificate SKL.cert that proves that the function key SKL.fsk ⁇ has been deleted. This will be explained in detail below.
  • the decomposition unit 512 obtains t', fsk ⁇ t' from the function key SKL.fsk ⁇ .
  • the certificate generation unit 522 generates the certificate SKL.cert by SKL.cert ⁇ sbSKL.Cert ⁇ (fsk ⁇ t' ).
  • the certificate generation device 502 records the certificate SKL.cert in the recording unit 590. Further, the certificate generation device 502 uses the transmission/reception unit 580 to transmit the certificate SKL.cert to the certificate verification device 602. The certificate verification device 602 records the received certificate SKL.cert in the recording unit 690.
  • FIG. 38 is a block diagram showing an example of the configuration of the certificate verification device 602.
  • the certificate verification device 602 includes a certificate verification section 612, a transmitting/receiving section 680, and a recording section 690.
  • the transmitting/receiving unit 680 is a component for appropriately transmitting and receiving information that the certificate verification device 602 needs to exchange with other devices.
  • the recording unit 690 is a component that records information necessary for processing by the certificate verification device 602 as appropriate.
  • the operation of the certificate verification device 602 will be explained according to FIG. 39.
  • the certificate verification device 602 uses a private key functional encryption SKFE-sbSKL that can prove function key deletion, in which the number of ciphertexts that can be used until function key deletion is fixed, to verify verification key SKL.vk and certificate. From SKL.cert, generate the verification result rslt of certificate SKL.cert using verification key SKL.vk. This will be explained in detail below.
  • the certificate verification unit 612 generates a verification result rslt that uses T as the verification result when sbSKL.Vrfy(SKL.vk, SKL.cert) becomes T, and otherwise uses ⁇ as the verification result.
  • certificate verification device 602 records the verification result rslt in the recording unit 690.
  • each component of each device described above may be realized by a normal von Neumann type computer or a quantum computer.
  • each component of the embodiment of the present invention may be configured by a processing circuit.
  • Each of the above devices for example, as a single hardware entity, has an input section that can input signals from outside the hardware entity, an output section that can output signals outside the hardware entity, and can communicate with the outside of the hardware entity.
  • a communication unit that can be connected to a communication device (e.g. communication cable), a CPU (Central Processing Unit, which may be equipped with cache memory, registers, etc.) that is an arithmetic processing unit, RAM or ROM that is memory, and an external unit that is a hard disk. It has a bus that connects the storage device, its input section, output section, communication section, CPU, RAM, ROM, and external storage device so that data can be exchanged among them.
  • the hardware entity may be provided with a device (drive) that can read and write a recording medium such as a CD-ROM.
  • a physical entity with such hardware resources includes a general-purpose computer.
  • the external storage device of the hardware entity stores the program required to realize the above-mentioned functions and the data required for processing this program (not limited to the external storage device, for example, when reading the program (It may also be stored in a ROM, which is a dedicated storage device.) Further, data obtained through processing of these programs is appropriately stored in a RAM, an external storage device, or the like.
  • each program stored in an external storage device or ROM, etc.
  • the data required to process each program are read into memory as necessary, and interpreted and executed and processed by the CPU as appropriate.
  • the CPU realizes a predetermined function (each of the components expressed as . . . section, . . . means, etc.).
  • the processing functions of the hardware entity (device of the present invention) described in the above embodiments are realized by a computer, the processing contents of the functions that the hardware entity should have are described by a program. By executing this program on a computer, the processing functions of the hardware entity are realized on the computer.
  • a program that describes this processing content can be recorded on a computer-readable recording medium.
  • the computer-readable recording medium is, for example, a non-temporary recording medium, specifically a magnetic recording device, an optical disk, or the like.
  • this program is performed, for example, by selling, transferring, lending, etc. portable recording media such as DVDs and CD-ROMs on which the program is recorded. Furthermore, this program may be distributed by storing the program in the storage device of the server computer and transferring the program from the server computer to another computer via a network.
  • a computer that executes such a program for example, first stores a program recorded on a portable recording medium or a program transferred from a server computer into the auxiliary storage unit 2025, which is its own non-temporary storage device. Store. When executing a process, this computer loads the program stored in the auxiliary storage unit 2025, which is its own non-temporary storage device, into the recording unit 2020, and executes the process according to the read program. Further, as another form of execution of this program, the computer may directly load the program from a portable recording medium into the recording unit 2020 and execute processing according to the program. Each time the received program is transferred, processing may be executed in accordance with the received program.
  • ASP Application Service Provider
  • the above-mentioned processing is executed by a so-called ASP (Application Service Provider) type service, which does not transfer programs from the server computer to this computer, but only realizes processing functions by issuing execution instructions and obtaining results.
  • ASP Application Service Provider
  • the present apparatus is configured by executing a predetermined program on a computer, but at least a part of these processing contents may be implemented in hardware.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

La présente invention concerne une technologie de chiffrement fonctionnel à clé secrète en mesure de prouver le retrait d'une clé de fonction. La présente invention comprend : un dispositif de génération de clé secrète maîtresse qui génère une clé secrète maîtresse SKL.msk à partir d'un paramètre de sécurité λ et du nombre q de clés de fonction qui peuvent être émises ; un dispositif de génération de clé qui génère une clé de fonction SKL.fsk~ et une clé de vérification SKL.vk à partir de la clé secrète maîtresse SKL.msk, d'une fonction f et du nombre n de textes chiffrés disponibles jusqu'au retrait de la clé de fonction ; un dispositif de chiffrement qui génère un texte chiffré SKL.ct à partir de la clé secrète maîtresse SLK.msk et de texte en clair x ; un dispositif de déchiffrement qui génère du texte en clair y à partir de la clé de fonction SKL.fsk~ et du texte chiffré SKL.ct ; un dispositif de génération de certificat qui génère, à partir de la clé de fonction SKL.fsk~, un certificat SKL.cert pour prouver le retrait de la clé de fonction SKL.fsk~ ; et un dispositif de vérification de certificat qui génère, à partir de la clé de vérification SKL.vk et du certificat SKL.cert, un résultat rslt de vérification du certificat SKL.cert avec la clé de vérification SKL.vk.
PCT/JP2022/022942 2022-06-07 2022-06-07 Système de chiffrement WO2023238230A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/JP2022/022942 WO2023238230A1 (fr) 2022-06-07 2022-06-07 Système de chiffrement

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2022/022942 WO2023238230A1 (fr) 2022-06-07 2022-06-07 Système de chiffrement

Publications (1)

Publication Number Publication Date
WO2023238230A1 true WO2023238230A1 (fr) 2023-12-14

Family

ID=89118061

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2022/022942 WO2023238230A1 (fr) 2022-06-07 2022-06-07 Système de chiffrement

Country Status (1)

Country Link
WO (1) WO2023238230A1 (fr)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2018112612A (ja) * 2017-01-10 2018-07-19 日本電信電話株式会社 暗号システム、セットアップ装置、鍵生成装置、暗号化装置、復号装置、難読化装置、実行装置、およびプログラム

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2018112612A (ja) * 2017-01-10 2018-07-19 日本電信電話株式会社 暗号システム、セットアップ装置、鍵生成装置、暗号化装置、復号装置、難読化装置、実行装置、およびプログラム

Non-Patent Citations (5)

* Cited by examiner, † Cited by third party
Title
ALEXANDER POREMBA: "Quantum Proofs of Deletion for Learning with Errors", ARXIV.ORG, 3 March 2022 (2022-03-03), XP091176411 *
BROADBENT ANNE, ISLAM RABIB: "Quantum encryption with certified deletion", CRYPTOLOGY EPRINT ARCHIVE, PAPER 2020/1423, 15 November 2020 (2020-11-15), pages 1 - 28, XP093114663, Retrieved from the Internet <URL:https://eprint.iacr.org/2020/1423>> *
FUYUKI KITAGAWA, RYO NISHIMAKI, KEISUKE TANAKA: "2F1-3 On Succinctness and Collusion-Resistance of Secret Key Functional Encryption", PREPRINTS OF THE 2017 SYMPOSIUM ON CRYPTOGRAPHY AND INFORMATION SECURITY (SCIS2017); JANUARY 24TH - 27TH, 2017, 1 January 2017 (2017-01-01), JP, pages 1 - 8, XP009551244 *
HIROKA TAIGA, MORIMAE TOMOYUKI, NISHIMAKI RYO, YAMAKAWA TAKASHI: "Quantum Encryption with Certified Deletion, Revisited: Public Key, Attribute-Based, and Classical Communication ", CRYPTOLOGY EPRINT ARCHIVE, PAPER 2021/617, 17 May 2021 (2021-05-17), pages 1 - 51, XP093114670, Retrieved from the Internet <URL:https://eprint.iacr.org/2021/617> DOI: 10.1007/978-3-030-92062-3_21 *
SRIJITA KUNDU; ERNEST Y.-Z. TAN: "Composably secure device-independent encryption with certified deletion", ARXIV.ORG, 10 March 2022 (2022-03-10), XP091168016 *

Similar Documents

Publication Publication Date Title
Abd El-Latif et al. Secure data encryption based on quantum walks for 5G Internet of Things scenario
JP4575283B2 (ja) 暗号装置、復号装置、プログラム及び方法
JP2019531673A (ja) データ処理方法および装置
JP6363032B2 (ja) 鍵付替え方向制御システムおよび鍵付替え方向制御方法
WO2014007347A1 (fr) Dispositif de génération de clé secrète partagée, dispositif de chiffrement, dispositif de déchiffrement, procédé de génération de clé secrète partagée, procédé de chiffrement, procédé de déchiffrement, et programme
CN105339995A (zh) 解密装置、解密能力提供装置、其方法、以及程序
JP2013156675A (ja) 暗号文検索システム、検索情報生成装置、検索実行装置、検索要求装置、暗号文検索方法、検索情報生成方法、検索実行方法、検索要求方法、およびプログラム
Holz et al. Linear-complexity private function evaluation is practical
Jana et al. A novel time-stamp-based audio encryption scheme using sudoku puzzle
US20080181397A1 (en) Secure data transmission and storage using limited-domain functions
WO2019235102A1 (fr) Dispositif de génération de clé de conversion, dispositif de conversion de cryptogramme&amp;lt;b&amp;gt; &amp;lt;/b&amp;gt;, dispositif de déchiffrement, système de conversion de cryptogramme&amp;lt;b&amp;gt; &amp;lt;/b&amp;gt;, procédé de génération de clé de conversion, procédé de conversion de cryptogramme &amp;lt;b&amp;gt; &amp;lt;/b&amp;gt;, procédé de déchiffrement et programme
WO2023238230A1 (fr) Système de chiffrement
KR100951034B1 (ko) 암호문 크기를 줄이기 위한 공개키 기반의 검색가능암호문생성 방법과, 그에 따른 공개키 기반의 데이터 검색 방법
JP5489115B2 (ja) 原本性保証装置、原本性保証プログラム、及びこのプログラムを記録する記録媒体
Shen et al. Compressible Multikey and Multi‐Identity Fully Homomorphic Encryption
JP2012029271A (ja) 暗号化装置、復号装置、暗号化システム、暗号化方法、プログラム
JP7325689B2 (ja) 暗号文変換システム、変換鍵生成方法、及び、変換鍵生成プログラム
Yang et al. Identity‐Based Unidirectional Collusion‐Resistant Proxy Re‐Encryption from U‐LWE
Taka Secure Communication by combined Diffe-Hellman key exchange Based AES Encryption and Arabic Text Steganography.
JP6885325B2 (ja) 暗号化装置、復号装置、暗号化方法、復号方法、プログラム
JP6759168B2 (ja) 難読化回路生成装置、難読化回路計算装置、難読化回路生成方法、難読化回路計算方法、プログラム
Wang et al. All-or-nothing oblivious transfer based on the quantum one-way function
WO2022254578A1 (fr) Système cryptographique, dispositif de mise à jour de cryptogramme et programme
WO2023242892A1 (fr) Système et procédé de chiffrement fonctionnel, dispositif de chiffrement, dispositif de déchiffrement, dispositif de configuration, dispositif de génération de clé et programme
JP2018112612A (ja) 暗号システム、セットアップ装置、鍵生成装置、暗号化装置、復号装置、難読化装置、実行装置、およびプログラム

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22945738

Country of ref document: EP

Kind code of ref document: A1