WO2023242955A1 - 秘匿情報処理システム、秘匿情報処理方法、及び秘匿情報処理プログラム - Google Patents

秘匿情報処理システム、秘匿情報処理方法、及び秘匿情報処理プログラム Download PDF

Info

Publication number
WO2023242955A1
WO2023242955A1 PCT/JP2022/023823 JP2022023823W WO2023242955A1 WO 2023242955 A1 WO2023242955 A1 WO 2023242955A1 JP 2022023823 W JP2022023823 W JP 2022023823W WO 2023242955 A1 WO2023242955 A1 WO 2023242955A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
homomorphic
ciphertext
encryption
public
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/JP2022/023823
Other languages
English (en)
French (fr)
Japanese (ja)
Inventor
良 廣政
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Mitsubishi Electric Corp
Original Assignee
Mitsubishi Electric Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Mitsubishi Electric Corp filed Critical Mitsubishi Electric Corp
Priority to JP2023571747A priority Critical patent/JP7520255B2/ja
Priority to DE112022007028.5T priority patent/DE112022007028B4/de
Priority to PCT/JP2022/023823 priority patent/WO2023242955A1/ja
Priority to CN202280096866.XA priority patent/CN119325696A/zh
Publication of WO2023242955A1 publication Critical patent/WO2023242955A1/ja
Priority to US18/929,750 priority patent/US20260121829A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/008Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0852Quantum cryptography

Definitions

  • the present disclosure relates to a confidential information processing system, a confidential information processing method, and a confidential information processing program.
  • Quantum homomorphic encryption is a cryptographic technology that allows quantum operations to be performed on data while it is encrypted. Recently, the use of cloud services has become widespread, but due to concerns about cracking or the reliability of the cloud, data may be encrypted and stored in the cloud. Quantum homomorphic encryption allows operations to be performed on encrypted data without decrypting the encrypted data. Therefore, quantum homomorphic cryptography is a technology that enables the use of cloud services using quantum computing without compromising security. It is a cryptographic technology to improve the security of quantum homomorphic cryptography, and it is a cryptographic technology that achieves security that does not leak information about arithmetic processing from the results of quantum computation while encrypting data, and has improved circuit secrecy. It is a quantum homomorphic encryption that satisfies.
  • quantum homomorphic cryptography that satisfies circuit secrecy
  • quantum homomorphic cryptography that achieves security that information about quantum operations is not leaked from the results of quantum homomorphic operations on ciphertext that has not been generated by the encryption algorithm is It is a quantum homomorphic encryption that satisfies strong circuit secrecy.
  • Quantum homomorphic encryption that satisfies strong circuit secrecy checks the validity of the input when performing operations on encrypted data, and then encrypts the data using quantum homomorphic encryption that satisfies normal circuit secrecy.
  • Quantum homomorphic encryption that satisfies normal circuit secrecy is quantum homomorphic encryption that provides circuit secrecy only for ciphertext generated by an encryption algorithm.
  • Non-Patent Document 1 discloses a configuration example of quantum homomorphic encryption that satisfies strong circuit secrecy, and also performs homomorphic operations on ciphertexts encrypted using mutually different encryption keys.
  • a configuration example of quantum homomorphic cryptography that satisfies strong circuit secrecy is also disclosed.
  • the conventional quantum homomorphic encryption that satisfies circuit secrecy disclosed in Non-Patent Document 1 uses a special calculation problem called the decisional small polynomial ratio (DSPR) problem as the basis for its security.
  • DSPR decisional small polynomial ratio
  • the security of the homomorphic encryption used as a component that satisfies circuit secrecy depends on the difficulty of the DSPR problem. Therefore, the quantum homomorphic encryption that satisfies strong circuit secrecy disclosed in Non-Patent Document 1 is also not safe for quantum computers.
  • the confidential information processing system related to this disclosure is A secret information processing system compatible with quantum homomorphic cryptography that satisfies strong circuit secrecy, Generating a first ciphertext by encrypting a first plaintext using a first public parameter and a first encryption key, and encrypting a second plaintext using a second public parameter and a second encryption key.
  • an encryption device including an encryption unit that generates a second ciphertext by Each of the first public parameter and the second public parameter is a parameter generated using a security parameter,
  • the first encryption key is an encryption key generated using the first public parameter and a first decryption key that is a decryption key generated using the security parameter,
  • the second encryption key is an encryption key generated using the second public parameter and a second decryption key that is a decryption key generated using the security parameter.
  • a quantum computer that satisfies strong circuit secrecy that is safe for quantum computers and that enables homomorphic operations using quantum computation on ciphertexts encrypted with mutually different encryption keys. Homomorphic encryption technology can be realized.
  • FIG. 1 is a diagram showing a configuration example of a confidential information processing system 100 according to Embodiment 1.
  • FIG. 1 is a diagram illustrating a configuration example of a public parameter generation device 200 according to Embodiment 1.
  • FIG. 1 is a diagram illustrating an example configuration of a key generation device 300 according to Embodiment 1.
  • FIG. 1 is a diagram illustrating a configuration example of an encryption device 400 according to Embodiment 1.
  • FIG. 1 is a diagram illustrating a configuration example of a homomorphic arithmetic device 500 according to Embodiment 1.
  • FIG. FIG. 6 is a diagram illustrating a configuration example of a decoding device 600 according to Embodiment 1.
  • 1 is a diagram illustrating an example of the hardware configuration of each device according to Embodiment 1.
  • FIG. 1 is a diagram illustrating a configuration example of a confidential information processing system 100 according to Embodiment 1.
  • FIG. 1 is a diagram illustrating a configuration example of a public parameter generation
  • FIG. 1 is a flowchart showing the operation of the confidential information processing system 100 according to the first embodiment.
  • 1 is a flowchart showing the operation of the confidential information processing system 100 according to the first embodiment.
  • 1 is a flowchart showing the operation of the confidential information processing system 100 according to the first embodiment.
  • 6 is a diagram illustrating an example of the hardware configuration of each device according to a modification of the first embodiment.
  • FIG. 1 shows an example of a system configuration of a confidential information processing system 100 according to the present embodiment.
  • the confidential information processing system 100 includes a public parameter generation device 200, a key generation device 300, an encryption device 400, a homomorphic arithmetic device 500, and a decryption device 600.
  • the Internet 101 is a communication path that connects the public parameter generation device 200, the key generation device 300, the plurality of encryption devices 400, the homomorphic arithmetic device 500, and the decryption device 600.
  • the Internet 101 is a specific example of a network. Instead of the Internet 101, other types of networks may be used.
  • the public parameter generation device 200 is a PC (Personal Computer) as a specific example.
  • the public parameter generation device 200 creates public parameters used to generate each of an encryption key, a decryption key, and a ciphertext, and transmits them to the key generation device 300, the encryption device 400, and the like via the Internet 101.
  • Data indicating the created public parameters is transmitted to each of the homomorphic computing devices 500. Note that the data indicating the created public parameters may be directly transmitted by mail or the like.
  • the key generation device 300 is a PC as a specific example.
  • the key generation device 300 creates an encryption key and a decryption key used for encryption, and sends the created encryption key to each of the encryption device 400 and the homomorphic arithmetic device 500 via the Internet 101.
  • data indicating the created decryption key is transmitted to the decryption device 600. Note that the data indicating each created key may be directly transmitted by mail or the like. Since the decryption key is secret information, the decryption key is stored inside each of the key generation device 300 and the decryption device 600 to prevent leakage.
  • the encryption device 400 is a PC as a specific example.
  • the encryption device 400 generates ciphertext data by encrypting plaintext data obtained from a factory sensor or the like using stored public parameters and an encryption key, and then encrypts the generated ciphertext data. , is transmitted to the homomorphic arithmetic unit 500 via the Internet 101.
  • the homomorphic arithmetic device 500 is, for example, a computer having a large capacity storage medium. Note that the homomorphic arithmetic device 500 is also called a circuit-secure quantum homomorphic arithmetic device. Homomorphic arithmetic device 500 also functions as a data storage device. That is, when the homomorphic processing device 500 receives a storage request for ciphertext data from the encryption device 400, it stores the ciphertext data corresponding to the storage request. The homomorphic calculation device 500 also functions as a device that performs homomorphic calculations on stored ciphertext data that is stored ciphertext data.
  • FIG. 2 is a block diagram showing a configuration example of the public parameter generation device 200.
  • the public parameter generation device 200 includes an input section 201, a public parameter generation section 202, and a transmission section 203.
  • the public parameter generation device 200 includes a storage medium that stores data used in each part of the public parameter generation device 200.
  • the public parameter generation unit 202 receives the security parameter ⁇ indicated by the data received from the input unit 201 as an input, and generates a public parameter PP, which is a parameter for generating each of an encryption key and a decryption key. Thereafter, the public parameter generation unit 202 sends data indicating the generated public parameter PP to the transmission unit 203.
  • the transmitting unit 203 transmits data indicating the public parameter PP generated by the public parameter generating unit 202 to each of the key generating device 300, the encryption device 400, and the homomorphic arithmetic device 500.
  • FIG. 3 is a block diagram showing a configuration example of the key generation device 300.
  • the key generation device 300 includes an input section 301, a public parameter storage section 302, a decryption key generation section 303, an encryption key generation section 304, and a transmission section 305.
  • the key generation device 300 includes a storage medium that stores data used in each part of the key generation device 300.
  • the input unit 301 receives data indicating the public parameters PP transmitted by the public parameter generation device 200, and sends the public parameters PP indicated by the received data to the public parameter storage unit 302. Further, the input unit 301 receives data indicating the security parameter ⁇ , and sends the data indicating the received security parameter ⁇ to the decryption key generation unit 303.
  • the public parameter storage unit 302 stores the public parameters PP indicated by the data received from the input unit 301.
  • the decryption key generation section 303 generates a decryption key SK using the security parameter ⁇ indicated by the data received from the input section 301, and transmits the data indicating the generated decryption key SK between the encryption key generation section 304 and the transmission section 305. Send to each.
  • the encryption key generation unit 304 receives as input the public parameter PP indicated by the data received from the public parameter storage unit 302 and the decryption key SK indicated by the data received from the decryption key generation unit 303, and generates an encryption key PK. Data indicating the generated encryption key PK is sent to the transmitter 305.
  • the encryption key generation unit 304 generates a first encryption key using a first public parameter and a first decryption key, and generates a second encryption key using a second public parameter and a second decryption key. Generate a security key.
  • each of the first public parameter and the second public parameter is a parameter generated using the security parameter ⁇ .
  • Each of the first decryption key and the second decryption key is a decryption key generated using the security parameter ⁇ .
  • the transmitter 305 transmits data indicating the decryption key SK generated by the decryption key generator 303 to the decryption device 600. Further, the transmitter 305 transmits data indicating the encryption key PK generated by the encryption key generator 304 to each of the encryption device 400 and the homomorphic arithmetic device 500.
  • FIG. 4 is a block diagram showing a configuration example of the encryption device 400.
  • the encryption device 400 includes an input section 401, a public parameter storage section 402, an encryption key storage section 403, an encryption section 404, and a transmission section 405.
  • the encryption device 400 includes a recording medium that stores data used in each part of the encryption device 400.
  • the input unit 401 receives data indicating the public parameters PP transmitted by the public parameter generation device 200, and sends the data indicating the received public parameters PP to the public parameter storage unit 402. Furthermore, the input unit 401 receives data indicating the encryption key PK transmitted by the key generation device 300, and sends the data indicating the received encryption key PK to the encryption key storage unit 403. The input unit 401 also receives plaintext data m, and sends the received plaintext data m to the encryption unit 404.
  • the public parameter storage unit 402 stores the public parameters PP indicated by the data received from the input unit 401.
  • the encryption key storage unit 403 stores the encryption key PK indicated by the data received from the input unit 401.
  • the transmitter 405 receives the ciphertext data C_PK(m) from the encryption unit 404 and transmits the received ciphertext data C_PK(m) to the homomorphic arithmetic device 500.
  • the input unit 501 receives the data indicating the public parameter PP1 and the data indicating the public parameter PP2 transmitted by the public parameter generation device 200, and stores the received data indicating the public parameter PP1 and data indicating the public parameter PP2 in the public parameter storage unit.
  • the number given at the end of the symbol indicating each element is a notation for distinguishing a plurality of elements of the same type from each other.
  • 1 or 2 is added to the end to distinguish between the two public parameters PP generated by the public parameter generation device 200.
  • the public parameter PP1 corresponds to the first public parameter.
  • the public parameter PP2 corresponds to the second public parameter.
  • the input unit 501 also receives data indicating the encryption key PK1 and data indicating the encryption key PK2 transmitted by the key generation device 300, and receives data indicating the received encryption key PK1 and data indicating the encryption key PK2. is sent to the encryption key storage unit 503.
  • the encryption key PK1 corresponds to the first encryption key.
  • the encryption key PK2 corresponds to the second encryption key.
  • the first encryption key includes a first homomorphic public key generated based on the first homomorphic decryption key and a first quantum homomorphic public key generated based on the first quantum homomorphic decryption key. .
  • the second encryption key includes a second homomorphic public key generated based on the second homomorphic decryption key and a second quantum homomorphic public key generated based on the second quantum homomorphic decryption key.
  • the input unit 501 also receives the ciphertext data C_PK(m1) and ciphertext data C_PK(m2) transmitted by the encryption device 400, and the received ciphertext data C_PK(m1) and ciphertext data C_PK(m2). is sent to the ciphertext storage unit 504.
  • the plaintext data m1 corresponds to the first plaintext.
  • Plaintext data m2 corresponds to second plaintext.
  • the ciphertext data C_PK(m1) corresponds to the first ciphertext.
  • the ciphertext data C_PK(m2) corresponds to the second ciphertext.
  • the first ciphertext is a ciphertext generated based on a first public parameter, a first one-time pad key, a first homomorphic public key, a first quantum homomorphic public key, and a first random number.
  • the second ciphertext is a ciphertext generated based on a second public parameter, a second one-time pad key, a second homomorphic public key, a second quantum homomorphic public key, and a second random number. be.
  • the input unit 501 receives data indicating the arithmetic circuit f, and sends the received data indicating the arithmetic circuit f to the homomorphic arithmetic unit 505.
  • the arithmetic circuit f may consist of a plurality of arithmetic circuits.
  • the public parameter storage unit 502 stores the public parameters PP1 and PP2 indicated by the data received from the input unit 501.
  • the encryption key storage unit 503 stores the encryption key PK1 and the encryption key PK2 indicated by the data received from the input unit 501.
  • the ciphertext storage unit 504 stores the ciphertext data C_PK(m1) and the ciphertext data C_PK(m2) received from the input unit 501.
  • the homomorphic calculation unit 505 calculates the calculation circuit f indicated by the data received from the input unit 501, the public parameters PP1 and PP2 received from the public parameter storage unit 502, and the encryption key received from the encryption key storage unit 503.
  • Ciphertext data C_PK(M) is calculated using PK1 and encryption key PK2, and ciphertext data C_PK(m1) and C_PK(m2) received from the ciphertext storage unit 504, and the calculated ciphertext data C_PK( M) is sent to the transmitter 506.
  • f(m1, m2) represents the result of executing the calculation indicated by the calculation circuit f using two plaintext data, plaintext data m1 and plaintext data m2, as input.
  • the ciphertext data after the homomorphic operation of the operation result data M regarding the set ⁇ PK1, PK2 ⁇ consisting of the encryption key PK1 and the encryption key PK2 will be expressed as C_PK(M).
  • C_PK(M) is also called ciphertext data after homomorphic operation.
  • the plaintext data m1 corresponds to the first plaintext.
  • Plaintext data m2 corresponds to second plaintext.
  • C_PK(M) corresponds to the third ciphertext.
  • the calculation result data M can be decrypted by using the decryption key SK1 and the decryption key SK2 for the ciphertext data C_PK(M).
  • the decryption key SK1 corresponds to the first decryption key.
  • the decryption key SK2 corresponds to the second decryption key.
  • the first decryption key includes a first homomorphic decryption key and a first quantum homomorphic decryption key.
  • the second decryption key includes a second homomorphic decryption key and a second quantum homomorphic decryption key.
  • the first decryption random number is a random number calculated based on the security parameter, the first one-time pad key, the first one-time pad key ciphertext data, the first quantum homomorphism public key, and the first random number. This is a random number for decoding the third ciphertext.
  • the second decryption random number is a random number calculated based on the security parameter, the second one-time pad key, the second one-time pad key ciphertext data, the second quantum homomorphism public key, and the second random number. This is a random number for decoding the third ciphertext.
  • the homomorphic calculation unit 505 generates a third ciphertext when at least one of the first encryption key, the second encryption key, the first ciphertext, and the second ciphertext is not generated. , generate random quantum data.
  • the homomorphic calculation unit 505 determines whether the first encryption key is generated by the encryption device based on whether the first decryption random number is generated, and determines whether the first encryption key is generated by the encryption device depending on whether the second decryption random number is generated. Determine whether the encryption key has been generated by the encryption device.
  • the homomorphic calculation unit 505 determines whether the first ciphertext is generated by the encryption device based on whether the first decryption random number is generated, and determines whether the first ciphertext is generated by the encryption device depending on whether the second decryption random number is generated. Determine whether the sentence was generated by the encryption device.
  • the transmitting unit 506 transmits the computed ciphertext data C_PK(M) received from the homomorphic computing unit 505 to the decryption device 600.
  • FIG. 6 is a block diagram showing a configuration example of the decoding device 600.
  • the decryption device 600 includes an input section 601, a decryption key storage section 602, a decryption processing section 603, and a decryption result storage section 604.
  • the decoding device 600 includes a recording medium that stores data used in each part of the decoding device 600.
  • the decryption key storage unit 602 stores the decryption key SK1 and the decryption key SK2 indicated by the data received from the input unit 601.
  • the decryption processing unit 603 receives the post-operation ciphertext data C_PK(M) from the input unit 601, receives the decryption key SK1 and the decryption key SK2 from the decryption key storage unit 602, and decodes the received post-operation ciphertext data C_PK(M).
  • the encrypted calculation result data M is decrypted by using the decryption key SK1 and the decryption key SK2 received from the decryption key SK1 and the decryption key SK2, and the decrypted calculation result data M is sent to the decryption result storage unit 604.
  • the decryption result storage unit 604 receives the calculation result data M from the decryption processing unit 603 and stores the received calculation result data M.
  • FIG. 7 is a diagram showing an example of hardware resources of each device according to the present embodiment. As shown in FIG. 7, each device is a general computer including a processor 11 (Central Processing Unit).
  • processor 11 Central Processing Unit
  • the processor 11 is, for example, a CPU (Central Processing Unit), a DSP (Digital Signal Processor), or a GPU (Graphics Processing Unit).
  • the processor 11 connects to a ROM (Read Only Memory) 13, a RAM (Random Access Memory) 14, a communication board 15, a display 31 (display device), a keyboard 32, a mouse 33, and a drive 34 via a bus 12. It is connected to hardware devices such as the magnetic disk drive 20 and controls these hardware devices.
  • the drive 34 is a device that reads and writes storage media such as an FD (Flexible Disk Drive), a CD (Compact Disc), and a DVD (Digital Versatile Disc).
  • the ROM 13, RAM 14, magnetic disk device 20, and drive 34 are examples of storage devices.
  • the keyboard 32, mouse 33, and communication board 15 are examples of input devices.
  • the display 31 and the communication board 15 are examples of output devices.
  • the communication board 15 is connected by wire or wirelessly to a communication network such as a LAN (Local Area Network), the Internet, or a telephone line.
  • a communication network such as a LAN (Local Area Network), the Internet, or a telephone line.
  • the magnetic disk device 20 stores an OS (operating system) 21, a program group 22, and a file group 23.
  • OS operating system
  • the program group 22 includes programs that execute functions described as "units" in this embodiment.
  • the program is read and executed by the processor 11. That is, the program causes the computer to function as a "section” and causes the computer to execute the procedures and methods of the "section.”
  • the file group 23 includes various data (input, output, determination results, calculation results, processing results, etc.) used in the "section" described in this embodiment.
  • the operation procedure of the confidential information processing system 100 corresponds to a confidential information processing method.
  • the confidential information processing method is also a general term for methods corresponding to the operating procedures of each device configuring the confidential information processing system 100.
  • a program that realizes the operation of the confidential information processing system 100 corresponds to a confidential information processing program.
  • the confidential information processing program is also a general term for programs that realize the operations of each device that constitutes the confidential information processing system 100.
  • FIG. 8 is a flowchart illustrating an example of public parameter generation and storage processing in the confidential information processing system 100.
  • the generation and storage process of public parameters will be explained using FIG. Note that steps S701 to S703 are processes executed by the public parameter generation device 200, steps S704 to S705 are processes executed by the key generation device 300, and steps S706 to S707 are processes executed by the encryption device 400. This is a process to be executed, and steps S708 to S709 are processes executed by the homomorphic arithmetic device 500.
  • Step S701 Input unit 201 receives security parameter ⁇ .
  • Step S702 The public parameter generation unit 202 receives the security parameter ⁇ received by the input unit 201 in step S701 and generates a public parameter PP.
  • Step S703 The transmitter 203 receives the public parameter PP generated by the public parameter generator 202 in step S702, and transmits the data indicating the received public parameter PP to the key generation device 300, the encryption device 400, and the homomorphic arithmetic device 500. to each of them.
  • Step S704 The input unit 301 receives the data indicating the public parameter PP transmitted by the transmitting unit 203 in step S703.
  • Step S705 The public parameter storage unit 302 stores the public parameter PP indicated by the data received by the input unit 301 in step S704.
  • Step S706 The input unit 401 receives the data indicating the public parameter PP transmitted by the transmitting unit 203 in step S703.
  • Step S707 The public parameter storage unit 402 stores the public parameter PP indicated by the data received by the input unit 401 in step S706.
  • Step S708 The input unit 501 receives data indicating the public parameter PP transmitted by the transmitting unit 203 in step S703.
  • Step S709 The public parameter storage unit 502 stores the public parameter PP indicated by the data received by the input unit 501 in step S708.
  • FIG. 9 is a flowchart illustrating an example of encryption key and decryption key generation and storage processing in the confidential information processing system 100.
  • the generation and storage process of encryption keys and decryption keys will be explained using FIG. Note that steps S801 to S804 are processes executed by the key generation device 300, steps S805 to S806 are processes executed by the encryption device 400, and steps S807 to S808 are processes executed by the homomorphic arithmetic device 500. This is a process that is executed, and steps S809 to S810 are processes that are executed by the decoding device 600.
  • Step S801 The input unit 301 receives data indicating the security parameter ⁇ .
  • Step S802 The decryption key generation unit 303 receives the security parameter ⁇ indicated by the data received by the input unit 301 in step S801 as an input, and generates a decryption key SK expressed in a format such as [Equation 1].
  • the homomorphic decryption key sk is generated using the homomorphic key generation algorithm described in [Reference 1] with the security parameter ⁇ as input.
  • the quantum homomorphic decryption key qsk is generated using the quantum homomorphic key generation algorithm described in [Reference 2] with the security parameter ⁇ and the random number r as input.
  • Step S803 The encryption key generation unit 304 inputs the decryption key SK generated by the decryption key generation unit 303 in step S802 and the public parameter PP stored in the public parameter storage unit 302, and generates a format as shown in [Equation 2]. An encryption key PK represented by is generated.
  • the homomorphic public key pk is generated using the homomorphic key generation algorithm described in [Reference 1] using the homomorphic decryption key sk as input.
  • the quantum homomorphic public key qpk is generated using the quantum homomorphic key generation algorithm described in [Reference 2] using the public parameter PP, the quantum homomorphic decryption key qsk, and the random number r as input.
  • the random number ciphertext [r] is generated using the homomorphic encryption algorithm described in [Reference 1] using the random number r and the homomorphic public key pk as input.
  • Step S804 The transmitting unit 305 receives data indicating the decryption key SK generated by the decryption key generating unit 303 in step S802 and data indicating the encryption key PK generated by the encryption key generating unit 304 in step S803, and transmits the data to the encryption device.
  • Data indicating the received encryption key PK is transmitted to each of the homomorphic processing device 400 and the homomorphic processing device 500, and data indicating the received decryption key SK is transmitted to the decryption device 600.
  • Step S805 The input unit 401 receives data indicating the encryption key PK transmitted by the transmitting unit 305 in step S804.
  • Step S806 The encryption key storage unit 403 stores the encryption key PK indicated by the data received by the input unit 401 in step S805.
  • Step S807 The input unit 501 receives data indicating the encryption key PK transmitted by the transmitting unit 305 in step S804.
  • Step S808 The encryption key storage unit 503 stores the encryption key PK indicated by the data received by the input unit 501 in step S807.
  • Step S809 The input unit 601 receives the data indicating the decryption key SK transmitted by the transmitting unit 305 in step S804.
  • Step S810 The decryption key storage unit 602 stores the decryption key SK indicated by the data received by the input unit 601 in step S809. Note that since the decryption key SK is secret information, the decryption key storage unit 602 needs to strictly store the decryption key SK so that it does not leak to the outside.
  • FIG. 10 is a flowchart illustrating an example of a homomorphic operation in the confidential information processing system 100. Homomorphic operations will be explained using FIG. 10. Note that steps S901 to S903 are processes executed by the encryption device 400, steps S904 to S908 are processes executed by the homomorphic arithmetic device 500, and steps S909 to S911 are processes executed by the decryption device 600. This is the process to be performed.
  • Step S901 the input unit 401 receives plaintext data m1 and plaintext data m2 collected from a sensor or the like, and sends the received plaintext data m1 and plaintext data m2 to the encryption unit 404.
  • Step S902 The encryption unit 404 stores the plaintext data m1 and plaintext data m2 received by the input unit 401 in step S901, the public parameters PP1 and PP2 stored in the public parameter storage unit 402, and the encryption key storage unit 403. From the stored encryption key PK1 and encryption key PK2, ciphertext data C_PK(m1) and ciphertext data C_PK(m2) expressed in a format such as [Equation 3] are generated. Note that, depending on the character format that can be expressed, the notation in the mathematical formula may differ from the notation in the main text.
  • quantum ciphertext data c1 and quantum ciphertext data c2 are generated using the quantum one-time pad encryption algorithm described in [Reference 2] with one-time pad key otk1 and one-time pad key otk2 as input, respectively. is generated.
  • the one-time pad key otk1 corresponds to the first one-time pad key.
  • One-time pad key otk2 corresponds to a second one-time pad key.
  • One-time pad key ciphertext data [[otk1]]_1 and [[otk2]]_2 are one-time pad key otk1 or one-time pad key otk2, and quantum homomorphism public key qpk1 or quantum homomorphism public key, respectively.
  • the quantum homomorphic public key qpk1 corresponds to the first quantum homomorphic public key.
  • the quantum homomorphic public key qpk2 corresponds to a second quantum homomorphic public key. Note that each of the public parameter PP1 and the public parameter PP2 is used as an input to the multi-key quantum homomorphic encryption algorithm.
  • the one-time pad key and random number ciphertext data [otk1, s1]_1 and [otk2, s2]_2 are the one-time pad key otk1 or the one-time pad key otk2, and the homomorphic public key pk1 or quasi It is generated using the homomorphic encryption algorithm described in [Reference 1] using the homomorphic public key pk2 and the random number s1 or random number s2 as input.
  • the homomorphic public key pk1 corresponds to the first homomorphic public key.
  • Homomorphic public key pk2 corresponds to a second homomorphic public key.
  • the random number s1 corresponds to the first random number.
  • Random number s2 corresponds to a second random number.
  • the encryption unit 404 sends each of the ciphertext data C_PK(m1) and the ciphertext data C_PK(m2) to the transmission unit 405 of the encryption device 400.
  • Step S903 The transmitting unit 405 receives the ciphertext data C_PK(m1) and ciphertext data C_PK(m2) sent by the encryption unit 404 in step S902, and transmits the received ciphertext data C_PK(m1) and ciphertext data C_PK(m2). is transmitted to the homomorphic arithmetic unit 500.
  • the input unit 501 receives an arithmetic circuit f input from a keyboard, a mouse, a storage device, or the like, and sends the received arithmetic circuit f to a homomorphic arithmetic unit 505 .
  • the homomorphic calculation unit 505 calculates the calculation circuit f received from the input unit 501, the public parameters PP1 and PP2 stored in the public parameter storage unit 502, and the encrypted data stored in the encryption key storage unit 503. Using the key PK1, the encryption key PK2, and the ciphertext data C_PK(m1) and ciphertext data C_PK(m2) stored in the ciphertext storage unit 504 as input, the cipher expressed in the format of [Equation 4] is generated.
  • the quantum homomorphic operation post-ciphertext data c' is generated by the method described in [Equation 5].
  • c1' and c2' which are the partial ciphertext data after the quantum homomorphic operation, are obtained by using the arithmetic circuit described in [Math. 7] or [Math. 8], the homomorphic public key pk1 or the homomorphic public key pk2, and a random number, respectively.
  • [References It is generated using the homomorphic operation algorithm described in [1].
  • the algorithm QOTP. Enc is a quantum one-time pad encryption algorithm described in [Reference 2], and one-time pad key otk' is a randomly selected bit string. Further, c'' is a quantum circuit G expressed by [Equation 6], a quantum homomorphic public key qpk1, a quantum homomorphic public key qpk2, and one-time pad key ciphertext data [[otk1]]_1 and [[otk2]]_2 is input, and is generated using the quantum homomorphism operation algorithm described in [Reference Document 2]. Note that each of the public parameter PP1 and the public parameter PP2 is used as an input to the quantum homomorphism operation algorithm.
  • Dec is a quantum one-time pad decoding algorithm described in [Reference 2].
  • the homomorphic operation unit 505 executes the operation indicated by the operation circuit f described in each of [Equation 7] and [Equation 8] while encrypting the data, thereby decoding each encryption key PK and each ciphertext. Check whether data C_PK(m) is correctly generated.
  • the homomorphic operation unit 505 executes the operation indicated by the operation circuit f described in each of [Equation 7] and [Equation 8] while encrypting the data, thereby decoding each encryption key PK and each ciphertext. Check whether data C_PK(m) is correctly generated.
  • the arithmetic circuit f described in each of [Equation 7] and [Equation 8] when an encryption key that has not been generated by the key generation device 300 is used in the homomorphic operation unit 505, the random number ⁇ 1 and the random number ⁇ 2 cannot be obtained within the decoding device 600. Furthermore, even when ciphertext data not generated by the encryption device 400 is used in the homomorphic calculation unit 505, the random
  • Step S909 The input unit 601 receives the post-computation ciphertext data C_PK(M) sent from the transmitting unit 506 in step S908, and sends the received post-computation ciphertext data C_PK(M) to the decryption processing unit 603.
  • FIG. 11 shows an example of the hardware configuration of each device according to this modification.
  • Each device includes a processing circuit 18 in place of the processor 11, the processor 11 and ROM 13, the processor 11 and RAM 14, or the processor 11, ROM 13, and RAM 14.
  • the processing circuit 18 is hardware that realizes at least a part of each unit included in each device.
  • the processing circuit 18 may be dedicated hardware or may be a processor that executes a program stored in the RAM 14.
  • the processing circuit 18 may be, for example, a single circuit, a composite circuit, a programmed processor, a parallel programmed processor, an ASIC (Application Specific Integrated Circuit), or an FPGA (Field Programmable Gate Array) or a combination thereof.
  • Each device may include multiple processing circuits to replace processing circuit 18. The plurality of processing circuits share the role of the processing circuit 18.
  • the processing circuit 18 is implemented, for example, by hardware, software, firmware, or a combination thereof.
  • the processor 11, ROM 13, RAM 14, and processing circuit 18 are collectively referred to as a "processing circuitry.” That is, the functions of each functional component of each device are realized by processing circuitry.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Electromagnetism (AREA)
  • Storage Device Security (AREA)
  • Computing Systems (AREA)
PCT/JP2022/023823 2022-06-14 2022-06-14 秘匿情報処理システム、秘匿情報処理方法、及び秘匿情報処理プログラム Ceased WO2023242955A1 (ja)

Priority Applications (5)

Application Number Priority Date Filing Date Title
JP2023571747A JP7520255B2 (ja) 2022-06-14 2022-06-14 秘匿情報処理システム、秘匿情報処理方法、及び秘匿情報処理プログラム
DE112022007028.5T DE112022007028B4 (de) 2022-06-14 2022-06-14 Vertrauliche-informationen-verarbeitungssystem, vertrauliche-informationen-verarbeitungsverfahren und vertrauliche-informationen-verarbeitungsprogramm
PCT/JP2022/023823 WO2023242955A1 (ja) 2022-06-14 2022-06-14 秘匿情報処理システム、秘匿情報処理方法、及び秘匿情報処理プログラム
CN202280096866.XA CN119325696A (zh) 2022-06-14 2022-06-14 隐匿信息处理系统、隐匿信息处理方法和隐匿信息处理程序
US18/929,750 US20260121829A1 (en) 2022-06-14 2024-10-29 Confidential information processing system, confidential information processing method, and non-transitory computer-readable medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2022/023823 WO2023242955A1 (ja) 2022-06-14 2022-06-14 秘匿情報処理システム、秘匿情報処理方法、及び秘匿情報処理プログラム

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US18/929,750 Continuation US20260121829A1 (en) 2022-06-14 2024-10-29 Confidential information processing system, confidential information processing method, and non-transitory computer-readable medium

Publications (1)

Publication Number Publication Date
WO2023242955A1 true WO2023242955A1 (ja) 2023-12-21

Family

ID=89192683

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2022/023823 Ceased WO2023242955A1 (ja) 2022-06-14 2022-06-14 秘匿情報処理システム、秘匿情報処理方法、及び秘匿情報処理プログラム

Country Status (5)

Country Link
US (1) US20260121829A1 (https=)
JP (1) JP7520255B2 (https=)
CN (1) CN119325696A (https=)
DE (1) DE112022007028B4 (https=)
WO (1) WO2023242955A1 (https=)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20240031145A1 (en) * 2022-07-25 2024-01-25 Alipay (Hangzhou) Information Technology Co., Ltd. Data preprocessing methods, data encryption methods, apparatuses, and devices

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108847934A (zh) * 2018-06-27 2018-11-20 重庆邮电大学 一种多维量子同态加密方法
WO2021245931A1 (ja) * 2020-06-05 2021-12-09 三菱電機株式会社 秘匿情報処理システム、暗号化装置、暗号化方法及び暗号化プログラム

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108847934A (zh) * 2018-06-27 2018-11-20 重庆邮电大学 一种多维量子同态加密方法
WO2021245931A1 (ja) * 2020-06-05 2021-12-09 三菱電機株式会社 秘匿情報処理システム、暗号化装置、暗号化方法及び暗号化プログラム

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
HIROMASA, RYO: "(Quantum) Fully homomorphic encryption and circuit secrecy", WORKSHOP ON KYOTO QUANTUM CRYPTOGRAPHY. KYOTO UNIVERSITY INTERNATIONAL RESEARCH UNIT OF QUANTUM INFORMATION [ONLINE], 16 March 2021 (2021-03-16), pages 15 - 18, Retrieved from the Internet <URL:https://www2.yukawa.kyoto-u.ac.jp/~tomoyuki.morimae/kyotoqcrypt_afternoon.mp4> *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20240031145A1 (en) * 2022-07-25 2024-01-25 Alipay (Hangzhou) Information Technology Co., Ltd. Data preprocessing methods, data encryption methods, apparatuses, and devices

Also Published As

Publication number Publication date
JP7520255B2 (ja) 2024-07-22
DE112022007028T5 (de) 2025-02-20
DE112022007028B4 (de) 2026-04-02
US20260121829A1 (en) 2026-04-30
CN119325696A (zh) 2025-01-17
JPWO2023242955A1 (https=) 2023-12-21

Similar Documents

Publication Publication Date Title
KR20050087815A (ko) 키공유 시스템, 공유키 생성장치 및 공유키 복원장치
Sarkar et al. Role of cryptography in network security
JP7325689B2 (ja) 暗号文変換システム、変換鍵生成方法、及び、変換鍵生成プログラム
WO2014007347A1 (ja) 共有秘密鍵生成装置、暗号化装置、復号化装置、共有秘密鍵生成方法、暗号化方法、復号化方法、及びプログラム
JP6719339B2 (ja) 暗号システム、暗号方法及び暗号プログラム
US12107948B2 (en) Authentication encryption device, authentication decryption device, authentication encryption method, authentication decryption method, and storage medium
WO2015008607A1 (ja) 復号装置、復号能力提供装置、それらの方法、およびプログラム
JP7098091B2 (ja) 秘匿情報処理システム、暗号化装置、暗号化方法及び暗号化プログラム
Hazzazi et al. Asymmetric Key Cryptosystem for Image Encryption by Elliptic Curve over Galois Field GF (2 n).
US20260121829A1 (en) Confidential information processing system, confidential information processing method, and non-transitory computer-readable medium
WO2023199435A1 (ja) 暗号文変換システム、暗号文変換方法、及び暗号文変換プログラム
WO2019220900A1 (ja) 暗号化システム、暗号化装置、復号装置、暗号化方法、復号方法、及びプログラム
JP7486693B2 (ja) 暗号文変換システム、暗号文変換方法、及び暗号文変換プログラム
JP6949276B2 (ja) 再暗号化装置、再暗号化方法、再暗号化プログラム及び暗号システム
JP7310938B2 (ja) 暗号システム、暗号化方法、復号方法及びプログラム
JP4685621B2 (ja) 鍵生成装置、暗号化装置、復号化装置、乗法型ナップザック暗号システム、乗法型ナップザック暗号復号方法およびプログラム
WO2019142260A1 (ja) 秘匿分析装置、秘匿分析システム、秘匿分析方法及び秘匿分析プログラム
JP7614469B1 (ja) 秘匿情報処理システム、秘匿情報処理方法、および秘匿情報処理プログラム
JP7734886B2 (ja) 暗号システム、暗号方法および暗号プログラム
JP4618684B2 (ja) 透かし埋め込み処理方法、透かし埋め込み処理システム、サービス提供者装置および顧客装置、並びにプログラム
Sujatha et al. Renowned information security algorithms: a comparative study
WO2025262960A1 (ja) 暗号文変換システム、再暗号化検証方法、及び再暗号化検証プログラム
WO2025262959A1 (ja) 再暗号化鍵生成装置、再暗号化装置、暗号文変換システム、再暗号化方法、及び再暗号化プログラム
JP2025184230A (ja) クライアント装置、サーバ装置、パラメータ秘匿化システム、パラメータ秘匿化方法、及びパラメータ秘匿化プログラム
Singh et al. Security of Data with 3DES & Watermarking Algorithm

Legal Events

Date Code Title Description
ENP Entry into the national phase

Ref document number: 2023571747

Country of ref document: JP

Kind code of ref document: A

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22946775

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 202280096866.X

Country of ref document: CN

WWE Wipo information: entry into national phase

Ref document number: 112022007028

Country of ref document: DE

WWP Wipo information: published in national office

Ref document number: 202280096866.X

Country of ref document: CN

WWP Wipo information: published in national office

Ref document number: 112022007028

Country of ref document: DE

122 Ep: pct application non-entry in european phase

Ref document number: 22946775

Country of ref document: EP

Kind code of ref document: A1