WO2023281693A1 - 秘密計算システム、装置、方法及びプログラム - Google Patents
秘密計算システム、装置、方法及びプログラム Download PDFInfo
- Publication number
- WO2023281693A1 WO2023281693A1 PCT/JP2021/025769 JP2021025769W WO2023281693A1 WO 2023281693 A1 WO2023281693 A1 WO 2023281693A1 JP 2021025769 W JP2021025769 W JP 2021025769W WO 2023281693 A1 WO2023281693 A1 WO 2023281693A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- ciphertext
- vector
- secure computing
- calculation units
- generate
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims description 29
- 238000004364 calculation method Methods 0.000 claims abstract description 65
- 239000013598 vector Substances 0.000 claims description 95
- 238000012545 processing Methods 0.000 description 32
- 238000010586 diagram Methods 0.000 description 8
- 238000004891 communication Methods 0.000 description 4
- 238000000354 decomposition reaction Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 239000000470 constituent Substances 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/72—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G09—EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
- G09C—CIPHERING OR DECIPHERING APPARATUS FOR CRYPTOGRAPHIC OR OTHER PURPOSES INVOLVING THE NEED FOR SECRECY
- G09C1/00—Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
Definitions
- the present invention relates to technology for performing database operations while keeping data confidential.
- the group by operation which is a type of DB processing, is a grouping process that takes a table as input, groups it by the value of the specified column, and in some cases calculates statistical values for each group and outputs them in table format. is.
- Non-Patent Document 1 proposes a method of performing group by operations while they are encrypted.
- the input/output considered here was a table obtained by encrypting each element of a normal table.
- the input/output may be given a flag indicating whether or not a certain record is the original output.
- FIG. 7(b) shows an example of an encrypted table in Non-Patent Document 1
- FIG. 7(c) shows an example of a table with added flags.
- Non-Patent Document 1 does not work when a table to which the flags illustrated in FIG. 7(c) are added is input. This is because, in addition to the fact that the input format is different, until now all records were assumed to have meaningful values, so for example, it was not possible to skip unused records and perform processing. , the value of "?” which should be ignored affects the final result, and the original result cannot be obtained.
- An object of the present invention is to provide a secure computing system, device, method, and program for performing group by count calculations on tables to which flags have been added.
- ciphertext [f ⁇ ] of the vector f ⁇ and the ciphertext [k ⁇ ] of the vector k ⁇ to convert the vector f
- FIG. 1 is a diagram showing an example of the functional configuration of a secure computing system.
- FIG. 2 is a diagram illustrating an example of a functional configuration of a secure computing device;
- FIG. 3 is a diagram showing an example of an algorithm.
- FIG. 4 is a diagram showing an example of an algorithm.
- FIG. 5 is a diagram for explaining an example of input and an example of output.
- FIG. 6 is a diagram showing an example of a processing procedure of a secure calculation method.
- FIG. 7 is a diagram for explaining the background art.
- FIG. 8 is a diagram showing a functional configuration example of a computer.
- encryption is performed by a method such as secret sharing (for example, Reference 1) or homomorphic encryption (for example, Reference 2), which allows the following calculations to be performed while encrypted.
- a method such as secret sharing (for example, Reference 1) or homomorphic encryption (for example, Reference 2), which allows the following calculations to be performed while encrypted.
- the - in the ciphertext [•] is a bit value
- the ciphertext [•] may be written as the ciphertext [[•]].
- the notation ⁇ > is sometimes used for substitution.
- • is any value, vector.
- Different encryption may be used for stored values. That is, these encryptions may or may not all be the same.
- [x' ⁇ ] ([x 1 '],...,[x n ']).
- priority is given to the original order of x ⁇ .
- stable sort consists of two algorithms (GENPERM, SORT).
- GENPERM is a function that outputs an encrypted version of the permutation ⁇ that permutes x ⁇ .
- GENPERM is written as ⁇ > ⁇ GENPERM([x ⁇ ]).
- SORT is a function that applies ⁇ to x ⁇ and calculates the rearranged result x′ ⁇ while keeping it encrypted.
- SORT is described, for example, as [x ⁇ '] ⁇ SORT( ⁇ >,[x ⁇ ]).
- SORT is e.g. ([x' ⁇ ],[y' ⁇ ]) ⁇ SORT( ⁇ >,([x ⁇ ],[y ⁇ ])).
- a self-explanatory way to configure SORT is to use a sorting network. Also, if secret sharing is used, SORT can be efficiently performed by the method described in reference 3.
- IFTHEN can be realized, for example, by Mult([f],[x])+Mult([1-f],[y]).
- MODCONV is a function that takes an encrypted bit value [[a]] as an input and generates [a] with the same encrypted value but a different ciphertext form.
- MODCONV is a function that takes a bit-value ciphertext [[a]] as input and generates ciphertext [a], a value representing a as an integer.
- MODCONV is described, for example, as [a] ⁇ MODCONV([[a]]).
- BITDECOMP is a function that takes an encrypted integer value [a] as an input and generates [[a]], which is the encrypted value of the same bit representation of a, but with a different ciphertext format.
- BITDECOMP is a function that takes an integer-valued ciphertext [a] as input and generates a ciphertext [[a]] whose value is the bit representation of a.
- the number of records in the table to be processed by the secure computing system, device, method and program is m. It is assumed that this table comprises at least a ciphertext [k ⁇ ] of a key vector k ⁇ and a ciphertext [f ⁇ ] of a flag vector f ⁇ . Let the elements of the ciphertext [f ⁇ ] be the bit ciphertext. If no bits are found, convert them to bits using the bit decomposition protocol.
- FIG. 5(a) exemplifies a table to be processed by the secure computing system, device, method, and program. Since the group by count operation does not use values, only the ciphertext [k ⁇ ] of the key k ⁇ and the ciphertext [f ⁇ ] of the flag f ⁇ are listed in the table illustrated in FIG. 5(a). .
- a table shown in FIG. 5B is obtained from the table shown in FIG. [k'' ⁇ ] is the ciphertext of the vector k'' ⁇ which rearranges the elements of the key vector k ⁇ .
- [c ⁇ ] is the ciphertext of the vector c ⁇ consisting of counts.
- [[e'' ⁇ ]] is the ciphertext of vector e'' ⁇ of flags corresponding to vector k'' ⁇ .
- the number of keys for [1] in the ciphertext [k'' ⁇ ] is two, and the number of keys for [2] in the ciphertext [k'' ⁇ ] is one.
- the number of keys in [3] of the ciphertext [k'' ⁇ ] is four.
- This secure computation system and method perform a so-called group by count operation by secure computation.
- the secure computing system includes N ( ⁇ 2) secure computing devices 1 1 , . . . , 1 N .
- each of the secure computing devices 1 1 , . . . , 1 N is connected to the communication network 2 .
- the communication network 2 is a circuit-switched or packet-switched communication network configured so that connected devices can communicate with each other. and so on. Note that each device does not necessarily need to be able to communicate online via the communication network 2 .
- the secure computing device 1 n of the secure computing system includes a first computing unit 11 n , a second computing unit 12 n , a third computing unit 13 n , a fourth computing unit 14 n , and a fifth computing unit 14 n . It has a calculation unit 15 n , a sixth calculation unit 16 n , a seventh calculation unit 17 n and an output unit 18 nn .
- each step is performed by secure calculation. That is, the secure computing device 1 n performs each step without restoring the ciphertext, in other words, without knowing the contents of the ciphertext.
- the secure computing device 1n is configured by reading a special program into a publicly known or dedicated computer having, for example, a central processing unit (CPU) and a main memory (RAM: Random Access Memory). It is a special device.
- the secure computing device 1 n executes each process under the control of, for example, a central processing unit. Data input to the secure computing device 1n and data obtained in each process are stored in, for example, a main memory device, and the data stored in the main memory device are read out to the central processing unit as needed. used for other processing.
- At least a part of each component of the secure computing device 1 n may be configured by hardware such as an integrated circuit.
- the plurality of first calculation units 11 1 Using the combined vector as a key, generate ciphertext [f' ⁇ ] and ciphertext [k' ⁇ ] of vector f' ⁇ and vector k' ⁇ by sorting vector f ⁇ and vector k ⁇ , respectively (step S1) .
- the ciphertext [[f' ⁇ ]] is generated as the ciphertext [f' ⁇ ].
- ciphertext [[k' ⁇ ]] and ciphertext [k' ⁇ ] are generated as ciphertext [k' ⁇ ].
- GENPERM ([[f * ⁇ ]],[[k ⁇ ]]) uses ciphertext [[f * ⁇ ]] and ciphertext [[k ⁇ ]] to generate vectors f * ⁇ and It means the process of generating ciphertext ⁇ > of permutation ⁇ that stably sorts a vector obtained by connecting vectors k ⁇ element by element.
- ⁇ Second calculator 12 1 ,..., 12 N > A ciphertext [f' ⁇ ] and a ciphertext [k' ⁇ ] are input to the plurality of second calculation units 12 1 , . . . , 12 N .
- the plurality of second calculation units 12 1 , . . . , 12 N 5: each 1 ⁇ i ⁇ m-1 do 6: [[e i ]] ⁇ IFTHEN([[f' i ]]:EQ([[k' i ]],[[k' i+1 ]]),[[1]]) 7: [[e' i ]] ⁇ IFTHEN([[f' i ]]XOR[[f' i+1 ]]:[[0]],[[e i ]]) 8: [e' i ] ⁇ MODCONV([[e' i ]]) 9:[[e' m ]] 1-[[f m ]] 10:[e' m ] ⁇ MODCONV([[e' m ]])
- Step S3 The plurality of third calculation units 13 1 , .
- a ciphertext [[f' ⁇ ]] is further input to the plurality of third calculation units 13 1 , . . . , 13 N , and the plurality of third calculation units 13 1 , . [[f' ⁇ ]] is further used to generate the ciphertext [m'].
- the plurality of third calculation units 13 1 , . '] may be generated.
- the plurality of fourth calculation units 14 1 , . . . , 14 N 13 each 1 ⁇ i ⁇ m do 14: [x i ] ⁇ IFTHEN([e' i ]:[m'],[i])
- the plurality of fifth calculation units 15 1 , . ciphertext [x' ⁇ ] , ciphertext [ k ' ' ⁇ ] and A ciphertext [e'' ⁇ ] is generated (step S5).
- the ciphertext [[e' ⁇ ]] is used as the ciphertext [e' ⁇ ].
- the ciphertext [[e'' ⁇ ]] is generated as the ciphertext [e'' ⁇ ].
- the plurality of seventh calculation units 17 1 , . ciphertext [e''' ⁇ ] of ⁇ is calculated (step S2).
- the plurality of seventh calculation units 17 1 , . . . , 17 N 20:[[e''' ⁇ ]] 1-[[e'' ⁇ ]]
- the ciphertext [[e'' ⁇ ]] is used as the ciphertext [e'' ⁇ ]. Also, in the example of FIG. 3, the ciphertext [[e''' ⁇ ]] is generated as the ciphertext [e''' ⁇ ].
- the output may be obtained by deleting the element corresponding to the element indicating the dummy record among the elements e i ′′ of the vector e′′ ⁇ .
- the ciphertext [ k '' ⁇ ], the ciphertext [c ⁇ ], and the ciphertext [e''' ⁇ ] are, for example, those shown in FIG. , 18 N may output only the elements of ciphertext [k'' ⁇ ] and ciphertext [c ⁇ ] corresponding to element [1] of ciphertext [e′′′ ⁇ ].
- the ciphertext [[e''' ⁇ ]] in FIG. 5(b) corresponds to the ciphertext [e''' ⁇ ]. That is, in this case, the plurality of output units 18 1 , .
- the secure computing devices 1 1 , . . . , 1 N may perform so-called null processing.
- This null processing is realized, for example, by the processing on the second line of "14:" in FIG.
- the plurality of fourth calculation units 14 1 , . . . , 14 N 13 each 1 ⁇ i ⁇ m do 14: [x i ] ⁇ IFTHEN([e' i ]:[m'],[i]) [k'' i ] ⁇ IFTHEN([e' i ]:[null],[k'' i ])
- the process of As a result for example, a ciphertext [k'' ⁇ ] as shown in FIG. 5(b) is generated.
- data exchange between components of the secure computing device may be performed directly or may be performed via a storage unit (not shown).
- a program that describes this process can be recorded on a computer-readable recording medium.
- a computer-readable recording medium is, for example, a non-temporary recording medium, specifically a magnetic recording device, an optical disc, or the like.
- this program will be carried out, for example, by selling, transferring, lending, etc. portable recording media such as DVDs and CD-ROMs on which the program is recorded.
- the program may be distributed by storing the program in the storage device of the server computer and transferring the program from the server computer to other computers via the network.
- a computer that executes such a program for example, first stores a program recorded on a portable recording medium or a program transferred from a server computer once in the auxiliary recording unit 1050, which is its own non-temporary storage device. Store. When executing the process, this computer reads the program stored in the auxiliary recording section 1050, which is its own non-temporary storage device, into the storage section 1020, and executes the process according to the read program. As another execution form of this program, the computer may read the program directly from the portable recording medium into the storage unit 1020 and execute processing according to the program. It is also possible to execute processing in accordance with the received program each time the is transferred.
- ASP Application Service Provider
- the above-mentioned processing is executed by a so-called ASP (Application Service Provider) type service, which does not transfer the program from the server computer to this computer, and realizes the processing function only by its execution instruction and result acquisition.
- ASP Application Service Provider
- the program in this embodiment includes information that is used for processing by a computer and that conforms to the program (data that is not a direct instruction to the computer but has the property of prescribing the processing of the computer, etc.).
- the device is configured by executing a predetermined program on a computer, but at least part of these processing contents may be implemented by hardware.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Mathematical Physics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
Description
<参考文献2>Zvika Brakerski, Craig Gentry, and Vinod Vaikuntanathan. Fully homomorphic encryption without bootstrapping. Electronic Colloquium on Computational Complexity (ECCC), Vol. 18, p. 111, 2011.
加減算、定数倍に関して、秘密分散と準同型暗号はサポートされているとする。すなわち、c[a]±[b] ±d=[ca±b±d]の関係が成立しているとする。
等号判定EQは、[x],[y]を入力として、x=yならば1、x≠yならば0となるようなeの暗号文[e]を出力する関数である。EQは、例えば[e]←EQ([x],[y])と記述される。ここで、eはx=yならば1、x≠yならば0である。
他にもmod p上で暗号化されているのであれば、[(x-y)p-1]を乗算を使って計算しても、等号判定を行うことができる。
複数の第一計算部111,…,11Nには、ベクトルf→の暗号文[f→]及びベクトルk→の暗号文[k→]が入力される。
1:[[k†→]]←BITDECOMP([k→])
2:[[f*→]]←1-[[f→]]
3:<π>←GENPERM([[f*→]],[[k†→]])
4:([[k’→]],[k’→],[[f’→]])←SORT(<π>,([[k†→]],[k→],[[f→]]))
という処理を例えば行う。
複数の第二計算部121,…,12Nには、暗号文[f’→]及び暗号文[k’→]が入力される。
5:each 1≦i≦m-1 do
6: [[ei]]←IFTHEN([[f’i]]:EQ([[k’i]],[[k’i+1]]),[[1]])
7: [[e’i]]←IFTHEN([[f’i]]XOR[[f’i+1]]:[[0]],[[ei]])
8: [e’i]←MODCONV([[e’i]])
9:[[e’m]]=1-[[fm]]
10:[e’m]←MODCONV([[e’m]])
という処理を例えば行う。
複数の第三計算部131,…,13Nには、mが少なくとも入力される。
11:[f*]←MODCONV(1-[[f’→]])
12:[m’]=m - Σi=1 m[f* i]
という処理を例えば行う。
複数の第四計算部141,…,14Nには、暗号文[e’→]が入力される。
13:each 1≦i≦m do
14: [xi]←IFTHEN([e’i]:[m’],[i])
という処理を例えば行う。
複数の第五計算部151,…,15Nには、暗号文[e’→]、暗号文[x→]及び暗号文[k’→]が入力される。
15:<π’>←GENPERM([[e’→]])
16:([x’→],[[e’’→]],[k’’→])←SORT(<π’>,([x→],[[e’→]],[k’→]))
という処理を例えば行う。
複数の第六計算部161,…,16Nには、暗号文[x’→]が入力される。
17:[c1]=[x’1]
18:each 2≦i≦m do
19: [ci]=[x’i]-[x’i-1]
という処理を例えば行う。
複数の第七計算部171,…,17Nには、暗号文[e’’→]が入力される。
20:[[e’’’→]] =1-[[e’’→]]
という処理を例えば行う。
複数の出力部181,…,18Nには、暗号文[k’’→]、暗号文[c→]及び暗号文[e’’’→]が入力される。
13:each 1≦i≦m do
14: [xi]←IFTHEN([e’i]:[m’],[i])
[k’’i]←IFTHEN([e’i]:[null],[k’’i])
という処理を例えば行ってもよい。これにより、例えば、図5(b)に示すような暗号文[k’’→]が生成される。
以上、本発明の実施の形態について説明したが、具体的な構成は、これらの実施の形態に限られるものではなく、本発明の趣旨を逸脱しない範囲で適宜設計の変更等があっても、本発明に含まれることはいうまでもない。
上述した各装置の各部の処理をコンピュータにより実現してもよく、この場合は各装置が有すべき機能の処理内容はプログラムによって記述される。そして、このプログラムを図8に示すコンピュータ1000の記憶部1020に読み込ませ、演算処理部1010、入力部1030、出力部1040などに動作させることにより、上記各装置における各種の処理機能がコンピュータ上で実現される。
Claims (6)
- 複数の秘密計算装置を含む秘密計算システムであって、
mはレコード数であり1以上の整数であり、k→はキーのベクトルk→=(k1,…,km)であり、f→はフラグのベクトルf→=(f1,…,fm)であり、αを任意の値又は任意ベクトルとして[α]はαの暗号文であり、暗号文のままαを用いた所定の演算が可能であり、
前記複数の秘密計算装置は、
前記ベクトルf→の暗号文[f→]及び前記ベクトルk→の暗号文[k→]を用いて、前記ベクトルf→の否定及び前記ベクトルk→を結合したベクトルをキーとして、前記ベクトルf→及び前記ベクトルk→をそれぞれソートしたベクトルf’→及びベクトルk’→の暗号文[f’→]及び暗号文[k’→]を生成する複数の第一計算部と、
前記暗号文[f’→]及び前記暗号文[k’→]を用いて、i=1,…,m-1として、f’i=1かつk’i≠k’i+1又はf’i=1かつf’i+1=0のときe’i=0、それ以外のときe’i=1となり、f’m=1のときe’m=0であり、それ以外のときe’m=1であるようなe’mの暗号文[e’m]を生成することで、ei(i=1,…,m)を要素とするベクトルe’→の暗号文[e’→]を生成する複数の第二計算部と、
前記mを少なくとも用いて、前記mからフラグが0のレコード数を減じたものをm’として、m’の暗号文[m’]を生成する複数の第三計算部と、
前記暗号文[e’→]を用いて、i=1,…,mとして、前記ベクトルe→の要素ei=0である場合には値がiであり、前記ベクトルe→の要素ei=1である場合には値がm’であるxiの暗号文[xi]を生成することで、xi(i=1,…,m)を要素とするベクトルx→の暗号文[x→]を生成する複数の第四計算部と、
前記暗号文[e’→]、前記暗号文[x→]及び前記暗号文[k’→]を用いて、前記ベクトルe’→をキーとして、前記ベクトルx→、前記ベクトルk’→及び前記ベクトルe’→をそれぞれソートしたベクトルx’→、前記ベクトルk’’→及び前記ベクトルe’’→の暗号文[x’→],暗号文[k’’→]及び暗号文[e’’→]を求める複数の第五計算部と、
前記暗号文[x’→]を用いて、前記ベクトルx’→の要素x’1の暗号文[x’1]を暗号文[c1]とし、i=2,…,mとして、前記ベクトルx’→の要素x’iから要素x’i-1を減算した値であるciの暗号文[ci]を生成することで、ci(i=1,…,m)を要素とするベクトルc→の暗号文[c→]を生成する複数の第六計算部と、
前記暗号文[e’’→]を用いて、前記ベクトルe’’→の各要素を1から減算した値により構成されるベクトルe’’’→の暗号文[e’’’→]を計算する複数の第七計算部と、
を含む秘密計算システム。 - 請求項1の秘密計算システムであって、
前記複数の秘密計算装置は、前記暗号文[k’’→]、前記暗号文[c→]及び前記暗号文[e’’’→]を出力する複数の出力部を更に含む、
秘密計算システム。 - 請求項1の秘密計算システムであって、
前記複数の秘密計算装置は、前記暗号文[k’’→]、前記暗号文[c→]及び前記暗号文[e’’’→]を用いて、前記暗号文[k’’→]及び前記暗号文[c→]から、ベクトルe’’’→の要素ei’’’のうちダミーレコードを示す要素に対応する要素を削除したものを出力する複数の出力部を更に含む、
秘密計算システム。 - 請求項1から3の何れかの秘密計算システムの秘密計算装置。
- mはレコード数であり1以上の整数であり、k→はキーのベクトルk→=(k1,…,km)であり、f→はフラグのベクトルf→=(f1,…,fm)であり、αを任意の値又は任意ベクトルとして[α]はαの暗号文であり、暗号文のままαを用いた所定の演算が可能であり、
複数の第一計算部が、前記ベクトルf→の暗号文[f→]及び前記ベクトルk→の暗号文[k→]を用いて、前記ベクトルf→の否定及び前記ベクトルk→を結合したベクトルをキーとして、前記ベクトルf→及び前記ベクトルk→をそれぞれソートしたベクトルf’→及びベクトルk’→の暗号文[f’→]及び暗号文[k’→]を生成する第一計算ステップと、
複数の第二計算部が、前記暗号文[f’→]及び前記暗号文[k’→]を用いて、i=1,…,m-1として、f’i=1かつk’i≠k’i+1又はf’i=1かつf’i+1=0のときe’i=0、それ以外のときe’i=1となり、f’m=1のときe’m=0であり、それ以外のときe’m=1であるようなe’mの暗号文[e’m]を生成することで、ei(i=1,…,m)を要素とするベクトルe’→の暗号文[e’→]を生成する第二計算ステップと、
複数の第三計算部が、前記mを少なくとも用いて、前記mからフラグが0のレコード数を減じたものをm’として、m’の暗号文[m’]を生成する第三計算ステップと、
複数の第四計算部が、前記暗号文[e’→]を用いて、i=1,…,mとして、前記ベクトルe→の要素ei=0である場合には値がiであり、前記ベクトルe→の要素ei=1である場合には値がm’であるxiの暗号文[xi]を生成することで、xi(i=1,…,m)を要素とするベクトルx→の暗号文[x→]を生成する第四計算ステップと、
複数の第五計算部が、前記暗号文[e’→]、前記暗号文[x→]及び前記暗号文[k’→]を用いて、前記ベクトルe’→をキーとして、前記ベクトルx→、前記ベクトルk’→及び前記ベクトルe’→をそれぞれソートしたベクトルx’→、前記ベクトルk’’→及び前記ベクトルe’’→の暗号文[x’→],暗号文[k’’→]及び暗号文[e’’→]を求める第五計算ステップと、
複数の第六計算部が、前記暗号文[x’→]を用いて、前記ベクトルx’→の要素x’1の暗号文[x’1]を暗号文[c1]とし、i=2,…,mとして、前記ベクトルx’→の要素x’iから要素x’i-1を減算した値であるciの暗号文[ci]を生成することで、ci(i=1,…,m)を要素とするベクトルc→の暗号文[c→]を生成する第六計算ステップと、
複数の第七計算部が、前記暗号文[e’’→]を用いて、前記ベクトルe’’→の各要素を1から減算した値により構成されるベクトルe’’’→の暗号文[e’’’→]を計算する第七計算ステップと、
を含む秘密計算方法。 - 請求項5の秘密計算方法の各ステップとしてコンピュータを機能させるためのプログラム。
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2023532977A JPWO2023281693A1 (ja) | 2021-07-08 | 2021-07-08 | |
CN202180100254.9A CN117581227A (zh) | 2021-07-08 | 2021-07-08 | 秘密计算系统、装置、方法以及程序 |
PCT/JP2021/025769 WO2023281693A1 (ja) | 2021-07-08 | 2021-07-08 | 秘密計算システム、装置、方法及びプログラム |
EP21949326.9A EP4350561A1 (en) | 2021-07-08 | 2021-07-08 | Secure computing system, device, method, and program |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/JP2021/025769 WO2023281693A1 (ja) | 2021-07-08 | 2021-07-08 | 秘密計算システム、装置、方法及びプログラム |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2023281693A1 true WO2023281693A1 (ja) | 2023-01-12 |
Family
ID=84801623
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2021/025769 WO2023281693A1 (ja) | 2021-07-08 | 2021-07-08 | 秘密計算システム、装置、方法及びプログラム |
Country Status (4)
Country | Link |
---|---|
EP (1) | EP4350561A1 (ja) |
JP (1) | JPWO2023281693A1 (ja) |
CN (1) | CN117581227A (ja) |
WO (1) | WO2023281693A1 (ja) |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2014164145A (ja) * | 2013-02-26 | 2014-09-08 | Nippon Telegr & Teleph Corp <Ntt> | 秘密集合演算装置及び方法 |
WO2016120975A1 (ja) * | 2015-01-26 | 2016-08-04 | 株式会社日立製作所 | データ集計分析システム及びその方法 |
-
2021
- 2021-07-08 EP EP21949326.9A patent/EP4350561A1/en active Pending
- 2021-07-08 CN CN202180100254.9A patent/CN117581227A/zh active Pending
- 2021-07-08 WO PCT/JP2021/025769 patent/WO2023281693A1/ja active Application Filing
- 2021-07-08 JP JP2023532977A patent/JPWO2023281693A1/ja active Pending
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2014164145A (ja) * | 2013-02-26 | 2014-09-08 | Nippon Telegr & Teleph Corp <Ntt> | 秘密集合演算装置及び方法 |
WO2016120975A1 (ja) * | 2015-01-26 | 2016-08-04 | 株式会社日立製作所 | データ集計分析システム及びその方法 |
Non-Patent Citations (5)
Title |
---|
DAI IKARASHIRYO KIKUCHIKOKI HAMADAKOJI CHIDA: "Actively private and correct MPC scheme in t < n/2 from passively secure schemes with small overhead", IACR CRYPTOLOGY EPRINT ARCHIVE, vol. 2014, 2014, pages 304 |
KIKUCHI, RYO ET AL.: "2020 Symposium on Cryptography and Information Security", LET'S DO A CROSS-SECTIONAL ANALYSIS OF FLOW LINE WITH SECRET CALCULATION, January 2020 (2020-01-01), pages 1 - 8 * |
KOJI CHIDAKOKI HAMADADAI IKARASHIRYO KIKUCHINAOTO KIRIBUCHIBENNY PINKAS: "An efficient secure three-party sorting protocol with an honest majority", IACR CRYPTOLOGY EPRINT ARCHIVE, vol. 2019, 2019, pages 695 |
RYO KIKUCHIDAI IKARASHITAKAHIRO MATSUDAKOKI HAMADAKOJI CHIDA: "Efficient bitdecomposition and modulus-conversion protocols with an honest majority", ACISP, 2018, pages 64 - 82 |
ZVIKA BRAKERSKICRAIG GENTRYVINOD VAIKUNTANATHAN: "Fully homomorphic encryption without bootstrapping", ELECTRONIC COLLOQUIUM ON COMPUTATIONAL COMPLEXITY (ECCC, vol. 18, 2011, pages 111 |
Also Published As
Publication number | Publication date |
---|---|
CN117581227A (zh) | 2024-02-20 |
EP4350561A1 (en) | 2024-04-10 |
JPWO2023281693A1 (ja) | 2023-01-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Wang et al. | MILP-aided method of searching division property using three subsets and applications | |
JP6973632B2 (ja) | 秘密集約総和システム、秘密計算装置、秘密集約総和方法、およびプログラム | |
JP6989006B2 (ja) | 秘密集約関数計算システム、秘密計算装置、秘密集約関数計算方法、およびプログラム | |
JP7031682B2 (ja) | 秘密計算装置、システム、方法、プログラム | |
JP6605746B2 (ja) | 秘密等結合システム、秘密等結合装置、秘密等結合方法、プログラム | |
EP4016506B1 (en) | Softmax function secret calculation system, softmax function secret calculation device, softmax function secret calculation method, neural network secret calculation system, neural network secret learning system, and program | |
JP6844897B2 (ja) | ビット分解秘密計算装置、ビット結合秘密計算装置、方法およびプログラム | |
JP6973634B2 (ja) | 秘密集約中央値システム、秘密計算装置、秘密集約中央値方法、およびプログラム | |
Xu et al. | Toward practical privacy-preserving linear regression | |
JP6973633B2 (ja) | 秘密集約最大値システム、秘密集約最小値システム、秘密計算装置、秘密集約最大値方法、秘密集約最小値方法、およびプログラム | |
JP2013156720A (ja) | 匿名データ提供システム、匿名データ装置、及びそれらが実行する方法 | |
JPWO2019203262A1 (ja) | 秘密集約順位システム、秘密計算装置、秘密集約順位方法、およびプログラム | |
JP7315032B2 (ja) | 暗号化データ分析装置、暗号化データ分析方法、プログラム | |
US20190163933A1 (en) | Secure computation system, secure computation device, secure computation method, and program | |
JP7248120B2 (ja) | 暗号システム、鍵生成装置、暗号化装置、復号装置、及びプログラム | |
JP5670366B2 (ja) | 匿名データ提供システム、匿名データ装置、それらが実行する方法、およびプログラム | |
JP7017178B2 (ja) | 秘密クロス集計システム、秘密計算装置、秘密クロス集計方法、およびプログラム | |
WO2023281693A1 (ja) | 秘密計算システム、装置、方法及びプログラム | |
WO2023281694A1 (ja) | 秘密計算システム、装置、方法及びプログラム | |
JP5689845B2 (ja) | 秘密計算装置、秘密計算方法、およびプログラム | |
WO2023157118A1 (ja) | 秘密計算装置、秘密計算方法、プログラム | |
WO2023228273A1 (ja) | 秘密属性選択システム、秘密属性選択装置、秘密属性選択方法、プログラム | |
WO2023233516A1 (ja) | 秘密計算装置、秘密計算方法、プログラム | |
JP7359225B2 (ja) | 秘密最大値計算装置、方法及びプログラム | |
WO2024018504A1 (ja) | クライアント装置、秘密テーブル管理システム、レコード登録要求生成方法、レコード登録方法、処理要求実行方法、プログラム |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 21949326 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2023532977 Country of ref document: JP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2021949326 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 202180100254.9 Country of ref document: CN |
|
ENP | Entry into the national phase |
Ref document number: 2021949326 Country of ref document: EP Effective date: 20240103 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |