WO2024013924A1 - Encryption system, key issuing device, key issuing method, and key issuing program - Google Patents

Encryption system, key issuing device, key issuing method, and key issuing program Download PDF

Info

Publication number
WO2024013924A1
WO2024013924A1 PCT/JP2022/027681 JP2022027681W WO2024013924A1 WO 2024013924 A1 WO2024013924 A1 WO 2024013924A1 JP 2022027681 W JP2022027681 W JP 2022027681W WO 2024013924 A1 WO2024013924 A1 WO 2024013924A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
user
decryption
storage unit
ciphertext
Prior art date
Application number
PCT/JP2022/027681
Other languages
French (fr)
Japanese (ja)
Inventor
光 土田
Original Assignee
日本電気株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 日本電気株式会社 filed Critical 日本電気株式会社
Priority to PCT/JP2022/027681 priority Critical patent/WO2024013924A1/en
Publication of WO2024013924A1 publication Critical patent/WO2024013924A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords

Definitions

  • the present invention relates to a cryptographic system, a key issuing device, a key issuing method, and a key issuing program.
  • Role-based access control is one of the access control technologies in computer security. Role-based access control grants privileges to users by their assigned roles, rather than by individual users.
  • a role represents, for example, a user's role, attribute, or affiliation in a system or organization, and the administrator assigns a role to each user based on the attribute within the organization and permissions are also granted to the role.
  • Attribute-based encryption is a cryptographic method that achieves this role-based access control.
  • attribute-based encryption rather than directly specifying the decryptor, the authority to decrypt is specified using attributes.
  • attribute-based encryption encryption is performed by incorporating not only a decryption key for decrypting ciphertext, but also an attribute of the authority that can decrypt it.
  • decryption of attribute-based encryption authentication is performed using a conditional expression that determines the attribute of the authority that can decrypt, which is incorporated into the ciphertext, and only the decryptor with the attribute of authority that can decrypt can succeed in decryption.
  • the encryption technique described in Patent Document 1 uses a process of determining the attributes of a decryption-permitted user who is permitted to decrypt encrypted data.
  • a decryptor using attribute-based encryption may have multiple attributes, and these multiple attributes may be managed independently by multiple entities.
  • the problem with the parameter size published by the key issuing authority is that as the number of attributes managed by the key issuing authority increases, the parameter size published by the key issuing authority also increases accordingly.
  • the parameters published by the key issuing authority are also used when creating the ciphertext and influence the size of the encrypted ciphertext. Therefore, a method that does not depend on the number of attributes managed by the issuing organization is preferable.
  • decryption key revocation stems from the fact that decryption keys are not necessarily reliable. If the attribute incorporated in the decryption key satisfies the conditional expression set in the ciphertext, decryption will be successful, but the decryption key may have been leaked or may have expired. For such cases, a function to revoke the decryption key is also required.
  • the above three problems are independent problems, so it is also possible to solve only some of the problems, such as one or two of the three. In fact, in the prior art, only one or two of the above three problems were often solved. However, when considering the purpose of implementing and operating an actual system, a method that solves all of the above three problems is preferable.
  • an object of the present invention is to provide a cryptographic system, a key issuing device, a key issuing method, and a key issuing program that contribute to appropriately and efficiently handling attribute-based cryptography.
  • a first aspect of the present invention includes a key issuing device, a decrypting device, and an encrypting device that are connected via a network, and each of the key issuing devices generates a public parameter that defines an index related to an attribute and a master private key.
  • a user decryption key generation unit that generates a user decryption key using the master private key, attributes related to the user to be issued, a user ID used throughout the system, and an ID related to the decryption key;
  • a master private key storage unit that stores the master private key, a public parameter storage unit that stores the public parameters, and a decryption key that indicates which user decryption key is valid among the issued user decryption keys.
  • the decryption device includes a valid key list storage unit that stores IDs as a valid key list, and a management attribute storage unit that stores managed attributes, and the decryption device stores an access condition expression defined in a ciphertext to be decrypted and the valid key.
  • a ciphertext decryption unit that decrypts a ciphertext using the user decryption key in which an attribute that satisfies the list, the user ID, and an ID related to the decryption key are defined; and a user decryption key storage unit that stores the user decryption key.
  • the encryption device includes: a ciphertext creation unit that creates a ciphertext using the public parameters, the valid key list, and the access condition expression; a public parameter storage unit that stores the public parameters; A cryptographic system is provided, comprising: a valid key list storage unit that stores the valid key list.
  • a setup unit that generates public parameters that define indexes related to attributes and a master private key
  • a setup unit that generates public parameters that define indexes related to attributes and a master private key
  • a set-up unit that generates public parameters that define indexes related to attributes, and attributes that are related to the master private key, a user to whom the key is issued, and a user that is used in the entire system.
  • a user decryption key generation unit that generates a user decryption key using an ID and an ID related to the decryption key; a master private key storage unit that stores the master private key; a public parameter storage unit that stores parameters; and a list of valid keys that the encryption device uses to create a ciphertext, including IDs related to decryption keys that indicate which user decryption keys are valid among the user decryption keys that have already been issued; It is equipped with a valid key list storage unit that stores the valid key list as A key issuing device is provided.
  • a public parameter that defines an index related to attributes and a master private key are generated, and the master private key, attributes related to the user to be issued, and a user ID used in the entire system are decrypted.
  • a key issuing method is provided in which a user decryption key is generated using an ID related to a key, and the user decryption key is issued to a decryption device that decrypts a ciphertext created by an encryption device connected via a network.
  • a public parameter that defines an index related to an attribute and a master private key are generated, and the master private key, an attribute related to the user to be issued, and a user ID used in the entire system are decrypted.
  • a key issuing program is provided that generates a user decryption key using an ID related to the key, and issues the user decryption key to a decryption device that decrypts a ciphertext created by an encryption device connected via a network.
  • this program can be recorded on a computer-readable storage medium.
  • the storage medium can be non-transient, such as a semiconductor memory, a hard disk, a magnetic recording medium, an optical recording medium, etc.
  • the invention can also be implemented as a computer program product.
  • each aspect of the present invention it is possible to provide a cryptographic system, a key issuing device, a key issuing method, and a key issuing program that contribute to appropriately and efficiently handling attribute-based cryptography.
  • FIG. 1 is a diagram showing an overview of role-based access control using attribute-based cryptography.
  • FIG. 2 is a configuration diagram showing an overview of a cryptographic system according to an embodiment of the present invention.
  • FIG. 3 is a diagram showing an example of a binary tree used to determine the validity of a decryption key.
  • FIG. 4 is a diagram showing an example of a hardware configuration of a key issuing device, a decrypting device, and an encrypting device.
  • FIG. 1 is a diagram showing an overview of role-based access control using attribute-based cryptography.
  • a key issuing authority issues a decryption key, and a decryptor, who is a user, decrypts a ciphertext using this decryption key.
  • the ciphertext is created by a ciphertext creator and stored in, for example, cloud storage.
  • the decryption key issued by the key issuing authority incorporates an attribute set that includes the user's attribute information, and when the decryptor (user) decrypts the ciphertext, it is used to determine the authority to decrypt. .
  • the ciphertext created by the ciphertext creator has embedded a conditional expression used to determine the authority to decrypt it, and when decrypting the ciphertext, the attributes included in the decryption key are The authority for decryption is determined by applying the attribute information to a conditional expression.
  • conditional expression used to determine the authority to decrypt is created from public parameters related to the list of valid keys (attributes) managed by the key issuing authority and embedded in the ciphertext. Therefore, a malicious administrator cannot change this conditional expression, which is highly secure.
  • FIG. 2 is a configuration diagram showing an overview of a cryptographic system according to an embodiment of the present invention.
  • the cryptographic system 10 according to the embodiment of the present invention includes a plurality of key issuing devices 100 1 to 100 n , a decrypting device 110, and an encrypting device 120.
  • Each of the plurality of key issuing apparatuses 100 1 to 100 n is operated by a different key issuing entity. That is, each of the plurality of key issuing devices 100 1 to 100 n manages different attribute information, and generates a user decryption key using the attribute information managed by each one. Further, the plurality of key issuing devices 100 1 to 100 n generate and manage a valid key list indicating which user decryption keys are valid among the generated user decryption keys. Note that the plurality of key issuing apparatuses 100 1 to 100 n can each be operated by a different key issuing entity and manage different attributes, but they can also have the same apparatus configuration, so the following will be explained below. Now, the configuration of the key issuing device 1001 will be explained as a representative.
  • the decryption device 110 decrypts the ciphertext generated by the encryption device 120 using the user decryption keys issued by the key issuing devices 100 1 to 100 n . Attribute information is embedded in the user decryption keys issued by the key issuing devices 100 1 to 100 n .
  • the ciphertext generated by the encryption device 120 has a conditional expression used to determine the authority to decrypt it, and if the attribute information incorporated in the user decryption key clears this conditional expression, , the ciphertext is successfully decrypted.
  • the encryption device 120 uses the valid key list generated by the key issuing devices 100 1 to 100 n to create a conditional expression for determining permission to decrypt a ciphertext, and creates a ciphertext incorporating this conditional expression.
  • the ciphertext created by the encryption device 120 may be held as is by the encryption device 120, and the decryption device 110 may access the ciphertext held in the encryption device 120 and decrypt the ciphertext.
  • Each key issuing device 100 1 to 100 n has a setup section 101 1 , a user decryption key generation section 102 1 , a master private key storage section 103 1 , a public parameter storage section 104 1 , a valid key list storage section 105 1 , and a management attribute storage section. 1061 .
  • the setup unit 1011 generates a public parameter and a master private key with the parameter size as a constant by defining an index related to the attribute.
  • the user decryption key generation unit 1021 generates a user decryption key using a master private key, attributes related to the user to be issued, a user ID used throughout the system, and an ID related to the decryption key.
  • the master private key storage unit 1031 is a storage device for storing a master private key.
  • the public parameter storage unit 1041 is a storage device for storing public parameters in which the parameter size is a constant by defining an index related to an attribute.
  • the valid key list storage unit 1051 is a storage device for storing IDs related to decryption keys as a list indicating which user decryption keys are valid among issued user decryption keys.
  • the managed attribute storage unit 1061 is a storage device for storing managed attributes.
  • the setup unit 101 1 and the user decryption key generation unit 102 1 store information stored in the master private key storage unit 103 1 , the public parameter storage unit 104 1 , the valid key list storage unit 105 1 and the management attribute storage unit 106 1 . 1, generates a user decryption key, etc., and stores these in the master private key storage section 103 1 , public parameter storage section 104 1 , valid key list storage section 105 1 , and management attribute storage section 106 1
  • the decryption device 110 includes a ciphertext decryption section 111 and a user decryption key storage section 112.
  • the ciphertext decryption unit 111 decrypts the ciphertext using a decryption key in which an attribute, a user ID, and an ID related to the decryption key are defined that satisfy a conditional expression and a valid key list defined for the ciphertext to be decrypted.
  • the user decryption key storage unit 112 is a storage device for storing user decryption keys issued by the key issuing devices 100 1 to 100 n .
  • the encryption device 120 includes a ciphertext creation section 121, a public parameter storage section 122, and a valid key list storage section 123.
  • the ciphertext creation unit 121 creates a ciphertext using a public parameter with the parameter size as a constant, a valid key list, and an access condition expression by defining an index related to an attribute.
  • the public parameter storage unit 122 is a storage device for storing public parameters with the parameter size as a constant by defining an index related to an attribute.
  • the valid key list storage unit 123 is a storage device for storing a list of IDs related to decryption keys indicating which user decryption keys are valid among issued user decryption keys.
  • the configuration of the user decryption key and the authority to decrypt it are determined, for example, as follows.
  • Each key issuing device 100 1 to 100 n embeds managed attribute information in the user decryption key as an attribute vector x.
  • the encryption device 120 embeds in the ciphertext a condition vector v whose inner product is calculated to be zero with an attribute vector x that permits decryption.
  • An example of a conditional expression is, for example, whether the value of the inner product of the attribute vector x and the condition vector v is zero.
  • the decryption device 110 inputs the attribute vector x embedded in the issued user decryption key into the conditional expression embedded in the ciphertext, and succeeds in decryption when the value of the output inner product is zero.
  • conditional expression is not necessarily limited to whether or not the value of the inner product is zero; for example, the value of the inner product with the condition vector and It is also possible to use a conditional expression that allows decoding when the condition regarding the value of the inner product and the logical expression are satisfied.
  • access control is performed using the inner product value and logical formula
  • multifaceted authentication is performed, such as determining the validity of the decryption key using only the inner product value, and using a combination of the inner product value and logical formula for access control. It will also be possible to do so.
  • FIG. 3 is a diagram showing an example of a binary tree used to determine the validity of a decryption key.
  • the encryption device 120 generates a condition vector from the public parameters and valid key list received from each key issuing device 100 1 to 100 n . is created and embedded in the ciphertext as a conditional expression used to determine a valid key.
  • each key issuing device 100 1 to 100 n includes a validity vector in the user decryption key of user ID 1 as a value input to a conditional expression used to determine a valid key. Incorporate. Then, when the decryption device 110 decrypts the ciphertext, the validity vector and condition vector Since the inner product of is zero, the valid key determination is cleared and user ID1 successfully decrypts the ciphertext.
  • the parameters v 0 to v 6 assigned to each node of the binary tree shown in FIG. 3 can be configured from public parameters generated by each of the key issuing devices 100 1 to 100 n . Furthermore, it is possible to know the correspondence between valid user decryption keys and parameters v 0 to v 6 from the valid key list generated by each key issuing device 100 1 to 100 n . Therefore, the encryption device 120 can configure a conditional expression such that the inner product becomes zero when a validity vector incorporated in a valid user decryption key is input.
  • each of the plurality of key issuing authorities operates the key issuing devices 100 1 to 100 n , so that each of the plurality of key issuing authorities can issue a user decryption key for attribute-based encryption.
  • FIG. 4 is a diagram showing an example of a hardware configuration of a key issuing device, a decrypting device, and an encrypting device.
  • the information processing device (computer) employing the hardware configuration shown in FIG. 4 makes it possible to realize the functions of the key issuing devices 100 1 to 100 n , the decrypting device 110, and the encrypting device 120 described above.
  • the hardware configuration example shown in FIG . This is not intended to limit the hardware configurations of n , decryption device 110, and encryption device 120.
  • the key issuing devices 100 1 to 100 n , the decrypting device 110, and the encrypting device 120 may include hardware not shown in FIG. 4.
  • a hardware configuration 40 that can be adopted by the key issuing devices 100 1 to 100 n , the decrypting device 110, and the encrypting device 120 includes, for example, a CPU (Central Processing Unit) connected to each other by an internal bus. 41, a main storage device 42, an auxiliary storage device 43, and an IF (Interface) section 44.
  • a CPU Central Processing Unit
  • the CPU 41 executes each command included in the program executed by the key issuing devices 100 1 to 100 n , the decrypting device 110, and the encrypting device 120.
  • the main storage device 42 is, for example, a RAM (Random Access Memory), and temporarily stores various programs executed by the key issuing devices 100 1 to 100 n , the decrypting device 110, and the encrypting device 120 for processing by the CPU 41.
  • the auxiliary storage device 43 is, for example, an HDD (Hard Disk Drive), and stores various programs executed by the key issuing devices 100 1 to 100 n , the decrypting device 110, and the encrypting device 120 on a medium- to long-term basis. is possible. Various programs can be provided as program products recorded on non-transitory computer-readable storage media. The auxiliary storage device 43 can be used for medium- to long-term storage of various programs recorded on non-temporary computer-readable recording media.
  • the IF unit 44 provides an interface for communication between the key issuing devices 100 1 to 100 n , the decrypting device 110, and the encrypting device 120.
  • An information processing device employing the above-described hardware configuration 40 can realize the functions of the key issuing devices 100 1 to 100 n , the decrypting device 110, and the encrypting device 120.
  • the key issuing device includes a setup unit that generates public parameters that define indexes related to attributes and a master private key; a user decryption key generation unit that generates a user decryption key using the master private key, attributes related to the user to be issued, a user ID used throughout the system, and an ID related to the decryption key; a master private key storage unit that stores the master private key; a public parameter storage unit that stores the public parameters; a valid key list storage unit that stores IDs related to decryption keys indicating which user decryption keys are valid among the issued user decryption keys as a valid key list; and a management attribute storage unit for storing attributes to be managed; The decryption device decrypts the ciphertext using the user decryption key in which
  • the encryption device includes a ciphertext creation unit that creates a ciphertext using the public parameter, the valid key list, and the access condition expression; a public parameter storage unit that stores the public parameters; A cryptographic system, comprising: a valid key list storage unit that stores the valid key list.
  • the access conditional expression takes as input the attribute vector incorporated in the user decryption key, calculates the inner product with the condition vector incorporated in the access conditional expression, and satisfies the condition and logical expression regarding the value of the inner product.
  • the cryptographic system described in Appendix 1 which permits decryption in cases where: [Additional note 3] The cryptographic system according to appendix 2, wherein the value of the inner product is a criterion for determining validity of a user decryption key, and the logical expression is a criterion for access control. [Additional note 4] The cryptographic system according to appendix 1, wherein the valid key list allocates parameters of attribute information to each node representing attributes managed using a binary tree. [Additional note 5] The conditional expression for determining the validity of the user decryption key includes parameters assigned to each node of the binary tree, and the attribute vector incorporated in the user decryption key also includes a parameter assigned to each node of the binary tree.
  • the cryptographic system comprising parameters assigned to each node.
  • a setup unit that generates public parameters that define indexes related to attributes and a master private key
  • a user decryption key generation unit that generates a user decryption key using the master private key, attributes related to the user to be issued, a user ID used in the entire system, and an ID related to the decryption key
  • a master private key storage unit that stores the master private key
  • a public parameter storage unit that stores the public parameters used to create the ciphertext
  • a valid key list storage unit that stores IDs related to decryption keys indicating which user decryption keys are valid among the issued user decryption keys as a valid key list
  • a key issuing device that issues a user decryption key for a decryption device to decrypt a ciphertext created by an encryption device connected via a network, and a management attribute storage unit that stores managed attributes.
  • the key issuing device allocates parameters of attribute information to each node representing attributes managed using a binary tree.
  • the conditional expression for determining the validity of the user decryption key includes parameters assigned to each node of the binary tree, and the attribute vector incorporated in the user decryption key also includes a parameter assigned to each node of the binary tree.
  • the key issuing device according to appendix 7, which includes parameters assigned to each node.
  • [Additional note 10] Generate public parameters and master private keys that define indexes for attributes, Generating a user decryption key using the master private key, attributes related to the user to be issued, a user ID used throughout the system, and an ID related to the decryption key; A key issuing program that issues the user decryption key to a decryption device that decrypts a ciphertext created by an encryption device connected through a network.
  • a valid key list indicating which user decryption keys are valid among the user decryption keys that have been issued is provided in Appendix 10, which assigns attribute information parameters to each node of the attribute representation managed using a binary tree. The key issuing program described.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

Provided is an encryption system comprising a key issuing device, a decryption device, and an encryption device, which are connected to one another via a network, wherein the key issuing device comprises: a setup unit that generates a master secret key and public parameters defining attribute indices; a user decryption key generation unit that generates a user decryption key by using the master secret key, an attribute related to a user who receives issuance of the user decryption key, a user ID used by the entire system, and a decryption key ID; a master secret key storage unit that stores the master secret key; a public parameter storage unit that stores the public parameters; an effective key list storage unit that stores, as an effective key list, decryption key IDs indicating effective user decryption keys among issued user decryption keys; and a managed attribute storage unit that stores managed attributes, wherein the decryption device comprises: a ciphertext decryption unit that decrypts ciphertext by using the user decryption key defining such an attribute, user ID, and decryption key ID as to satisfy the effective key list and an access condition expression defined in the ciphertext to be decrypted; and a user decryption key storage unit that stores the user decryption key, and wherein the encryption device comprises: a ciphertext generation unit that generates ciphertext by using the public parameters, the effective key list, and the access condition expression; a public parameter storage unit that stores the public parameters; and an effective key list storage unit that stores the effective key list.

Description

暗号システム、鍵発行装置、鍵発行方法及び鍵発行プログラムCryptographic system, key issuing device, key issuing method, and key issuing program
 本発明は、暗号システム、鍵発行装置、鍵発行方法及び鍵発行プログラムに関するものである。 The present invention relates to a cryptographic system, a key issuing device, a key issuing method, and a key issuing program.
 コンピュータセキュリティにおけるアクセス制御の技術の一つにロールベースのアクセス制御がある。ロールベースのアクセス制御では、個々の利用者ごとではなく、利用者に割り当てられたロール(役割)ごとに権限を付与する。ここでロール(役割)とは、例えば、システムや組織における利用者の役割や属性、所属などを表しており、管理者は各利用者に組織内での属性に基づいてロールを割り当て、資源へのアクセス許可もロールに対して行う。 Role-based access control is one of the access control technologies in computer security. Role-based access control grants privileges to users by their assigned roles, rather than by individual users. Here, a role represents, for example, a user's role, attribute, or affiliation in a system or organization, and the administrator assigns a role to each user based on the attribute within the organization and permissions are also granted to the role.
 このロールベースのアクセス制御を暗号方式で実現するものとして、属性ベース暗号がある。属性ベース暗号では、復号者を直接指定するのではなく、属性を用いて復号できる権限を指定する。属性ベース暗号では、暗号文を復号するための復号鍵だけではなく、復号し得る権限の属性を組み入れて暗号化を行う。属性ベース暗号の復号では、暗号文に組み入れられた復号し得る権限の属性を判断する条件式を用いて認証が行われ、復号し得る権限の属性の復号者のみが復号に成功する。例えば特許文献1に記載の暗号技術は、暗号化データの復号が許可されている復号許可ユーザの属性を判定する処理を利用している。 Attribute-based encryption is a cryptographic method that achieves this role-based access control. In attribute-based encryption, rather than directly specifying the decryptor, the authority to decrypt is specified using attributes. In attribute-based encryption, encryption is performed by incorporating not only a decryption key for decrypting ciphertext, but also an attribute of the authority that can decrypt it. In decryption of attribute-based encryption, authentication is performed using a conditional expression that determines the attribute of the authority that can decrypt, which is incorporated into the ciphertext, and only the decryptor with the attribute of authority that can decrypt can succeed in decryption. For example, the encryption technique described in Patent Document 1 uses a process of determining the attributes of a decryption-permitted user who is permitted to decrypt encrypted data.
国際公開公報2016/132546号International Publication No. 2016/132546
 なお、上記先行技術文献の各開示を、本書に引用をもって組み込むものとする。以下の分析は、本発明者らによってなされたものである。 Furthermore, each disclosure of the above-mentioned prior art documents is incorporated into this book by reference. The following analysis was performed by the inventors.
 ところで、既存の属性ベース暗号には様々な課題があり、代表的なものとして以下の3つの課題が挙げられる。
1.属性を管理する主体に関する課題
2.鍵発行機関が公開するパラメータサイズに関する課題
3.復号鍵の失効に関する課題 By the way, there are various problems with existing attribute-based cryptography, and the following three problems can be cited as typical ones.
1. Issues related to the entity that manages attributes 2. Issue 3 regarding the parameter size published by the key issuing authority. Issues with decryption key revocation
 属性を管理する主体に関する課題は、復号し得る権限の属性を一つの主体のみで管理できるとは限らないということに起因する。属性ベース暗号を利用する復号者の属性が複数となることも起こり得て、これら複数の属性が複数の主体によって独立に管理されていることも起こり得る。 The problem with the entity that manages attributes stems from the fact that it is not always possible for only one entity to manage the attributes of decryptable authority. A decryptor using attribute-based encryption may have multiple attributes, and these multiple attributes may be managed independently by multiple entities.
 鍵発行機関が公開するパラメータサイズに関する課題は、鍵発行機関が管理する属性の数が増えるとそれに従って鍵発行機関が公開するパラメータサイズも大きくなることに起因する。鍵発行機関が公開するパラメータは暗号文の作成時にも利用されて、暗号化される暗号文の大きさにも影響を与える。よって、発行機関が管理する属性の数に依存しない方法が好ましい。 The problem with the parameter size published by the key issuing authority is that as the number of attributes managed by the key issuing authority increases, the parameter size published by the key issuing authority also increases accordingly. The parameters published by the key issuing authority are also used when creating the ciphertext and influence the size of the encrypted ciphertext. Therefore, a method that does not depend on the number of attributes managed by the issuing organization is preferable.
 復号鍵の失効に関する課題は、復号鍵が必ずしも信頼できないことに起因する。復号鍵に組み入れられた属性は、暗号文に設定された条件式を満たすならば、復号が成功するが、復号鍵は漏洩したものであったり、期限切れであることも起こり得る。このような場合のために、復号鍵を失効させる機能も求められている。 The problem with decryption key revocation stems from the fact that decryption keys are not necessarily reliable. If the attribute incorporated in the decryption key satisfies the conditional expression set in the ciphertext, decryption will be successful, but the decryption key may have been leaked or may have expired. For such cases, a function to revoke the decryption key is also required.
 なお、上記3つの課題は、それぞれ独立した課題であるので、3つのうち1つないし2つなど一部の課題のみを解決することも可能である。実際、従来技術では、上記3つの課題のうち1つないし2つのみを解決することが多かった。しかしながら、実際のシステムに実装して運用することを目的に考えると、上記3つの課題をすべて解決している手法が好ましい。 Note that the above three problems are independent problems, so it is also possible to solve only some of the problems, such as one or two of the three. In fact, in the prior art, only one or two of the above three problems were often solved. However, when considering the purpose of implementing and operating an actual system, a method that solves all of the above three problems is preferable.
 本発明の目的は、上述した課題を鑑み、属性ベース暗号を適切かつ効率的に扱うことに寄与する暗号システム、鍵発行装置、鍵発行方法および鍵発行プログラムを提供することである。 In view of the above-mentioned problems, an object of the present invention is to provide a cryptographic system, a key issuing device, a key issuing method, and a key issuing program that contribute to appropriately and efficiently handling attribute-based cryptography.
 本発明の第1の視点では、ネットワークで接続されている鍵発行装置と復号装置と暗号化装置を備え、前記鍵発行装置の各々は、属性に関するインデックスを規定する公開パラメータとマスタ秘密鍵の生成を行うセットアップ部と、前記マスタ秘密鍵と発行対象であるユーザに関連する属性とシステム全体で用いられるユーザIDと復号鍵に関するIDとを用いてユーザ復号鍵を生成するユーザ復号鍵生成部と、前記マスタ秘密鍵を保存するマスタ秘密鍵保存部と、前記公開パラメータを保存する公開パラメータ保存部と、発行済みの前記ユーザ復号鍵の中でどのユーザ復号鍵が有効であるかを示す復号鍵に関するIDを有効鍵リストとして保存する有効鍵リスト保存部と、管理する属性を保存する管理属性保存部とを備え、前記復号装置は、復号対象の暗号文に規定されたアクセス条件式と前記有効鍵リストを満たすような属性と前記ユーザIDと復号鍵に関するIDとが規定された前記ユーザ復号鍵を用いて暗号文を復号する暗号文復号部と、前記ユーザ復号鍵を保存するユーザ復号鍵保存部とを備え、前記暗号化装置は、前記公開パラメータと前記有効鍵リストと前記アクセス条件式とを用いて暗号文を作成する暗号文作成部と、前記公開パラメータを保存する公開パラメータ保存部と、前記有効鍵リストを保存する有効鍵リスト保存部とを備える、暗号システムが提供される。 A first aspect of the present invention includes a key issuing device, a decrypting device, and an encrypting device that are connected via a network, and each of the key issuing devices generates a public parameter that defines an index related to an attribute and a master private key. a user decryption key generation unit that generates a user decryption key using the master private key, attributes related to the user to be issued, a user ID used throughout the system, and an ID related to the decryption key; A master private key storage unit that stores the master private key, a public parameter storage unit that stores the public parameters, and a decryption key that indicates which user decryption key is valid among the issued user decryption keys. The decryption device includes a valid key list storage unit that stores IDs as a valid key list, and a management attribute storage unit that stores managed attributes, and the decryption device stores an access condition expression defined in a ciphertext to be decrypted and the valid key. a ciphertext decryption unit that decrypts a ciphertext using the user decryption key in which an attribute that satisfies the list, the user ID, and an ID related to the decryption key are defined; and a user decryption key storage unit that stores the user decryption key. The encryption device includes: a ciphertext creation unit that creates a ciphertext using the public parameters, the valid key list, and the access condition expression; a public parameter storage unit that stores the public parameters; A cryptographic system is provided, comprising: a valid key list storage unit that stores the valid key list.
 本発明の第2の視点では、属性に関するインデックスを規定する公開パラメータとマスタ秘密鍵の生成を行うセットアップ部と、前記マスタ秘密鍵と発行対象であるユーザに関連する属性とシステム全体で用いられるユーザIDと復号鍵に関するIDとを用いてユーザ復号鍵を生成するユーザ復号鍵生成部と、前記マスタ秘密鍵を保存するマスタ秘密鍵保存部と、前記暗号化装置が暗号文の作成に用いる前記公開パラメータを保存する公開パラメータ保存部と、発行済みの前記ユーザ復号鍵の中でどのユーザ復号鍵が有効であるかを示す復号鍵に関するIDを前記暗号化装置が暗号文の作成に用いる有効鍵リストとして保存する有効鍵リスト保存部と、管理する属性を保存する管理属性保存部とを備え、ネットワークで接続されている暗号化装置が作成した暗号文を復号装置が復号するためのユーザ復号鍵を発行する鍵発行装置が提供される。 In a second aspect of the present invention, there is provided a setup unit that generates public parameters that define indexes related to attributes and a master private key, and a setup unit that generates public parameters that define indexes related to attributes and a master private key, and a set-up unit that generates public parameters that define indexes related to attributes, and attributes that are related to the master private key, a user to whom the key is issued, and a user that is used in the entire system. a user decryption key generation unit that generates a user decryption key using an ID and an ID related to the decryption key; a master private key storage unit that stores the master private key; a public parameter storage unit that stores parameters; and a list of valid keys that the encryption device uses to create a ciphertext, including IDs related to decryption keys that indicate which user decryption keys are valid among the user decryption keys that have already been issued; It is equipped with a valid key list storage unit that stores the valid key list as A key issuing device is provided.
 本発明の第3の視点では、属性に関するインデックスを規定する公開パラメータとマスタ秘密鍵の生成を行い、前記マスタ秘密鍵と発行対象であるユーザに関連する属性とシステム全体で用いられるユーザIDと復号鍵に関するIDとを用いてユーザ復号鍵を生成し、ネットワークで接続されている暗号化装置が作成した暗号文を復号する復号装置に前記ユーザ復号鍵を発行する鍵発行方法が提供される。 In a third aspect of the present invention, a public parameter that defines an index related to attributes and a master private key are generated, and the master private key, attributes related to the user to be issued, and a user ID used in the entire system are decrypted. A key issuing method is provided in which a user decryption key is generated using an ID related to a key, and the user decryption key is issued to a decryption device that decrypts a ciphertext created by an encryption device connected via a network.
 本発明の第4の視点では、属性に関するインデックスを規定する公開パラメータとマスタ秘密鍵の生成を行い、前記マスタ秘密鍵と発行対象であるユーザに関連する属性とシステム全体で用いられるユーザIDと復号鍵に関するIDとを用いてユーザ復号鍵を生成し、ネットワークで接続されている暗号化装置が作成した暗号文を復号する復号装置に前記ユーザ復号鍵を発行する鍵発行プログラムが提供される。
 なお、このプログラムは、コンピュータが読み取り可能な記憶媒体に記録することができる。記憶媒体は、半導体メモリ、ハードディスク、磁気記録媒体、光記録媒体等の非トランジェント(non-transient)なものとすることができる。本発明は、コンピュータプログラム製品として具現することも可能である。 In a fourth aspect of the present invention, a public parameter that defines an index related to an attribute and a master private key are generated, and the master private key, an attribute related to the user to be issued, and a user ID used in the entire system are decrypted. A key issuing program is provided that generates a user decryption key using an ID related to the key, and issues the user decryption key to a decryption device that decrypts a ciphertext created by an encryption device connected via a network.
Note that this program can be recorded on a computer-readable storage medium. The storage medium can be non-transient, such as a semiconductor memory, a hard disk, a magnetic recording medium, an optical recording medium, etc. The invention can also be implemented as a computer program product.
 本発明の各視点によれば、属性ベース暗号を適切かつ効率的に扱うことに寄与する暗号システム、鍵発行装置、鍵発行方法および鍵発行プログラムを提供することができる。 According to each aspect of the present invention, it is possible to provide a cryptographic system, a key issuing device, a key issuing method, and a key issuing program that contribute to appropriately and efficiently handling attribute-based cryptography.
図1は、属性ベース暗号によるロールベースアクセス制御の概要を示す図である。FIG. 1 is a diagram showing an overview of role-based access control using attribute-based cryptography. 図2は、本発明の実施形態にかかる暗号システムの概要を示す構成図である。FIG. 2 is a configuration diagram showing an overview of a cryptographic system according to an embodiment of the present invention. 図3は、復号鍵の有効性の判定に用いられる二分木の例を示す図である。FIG. 3 is a diagram showing an example of a binary tree used to determine the validity of a decryption key. 図4は、鍵発行装置と復号装置と暗号化装置のハードウェア構成例を示す図である。FIG. 4 is a diagram showing an example of a hardware configuration of a key issuing device, a decrypting device, and an encrypting device.
 以下、図面を参照しながら、本発明の実施形態について説明する。ただし、以下に説明する実施形態により本発明が限定されるものではない。また、各図面において、同一または対応する要素には適宜同一の符号を付している。さらに、図面は模式的なものであり、各要素の寸法の関係、各要素の比率などは、現実のものとは異なる場合があることに留意する必要がある。図面の相互間においても、互いの寸法の関係や比率が異なる部分が含まれている場合がある。 Hereinafter, embodiments of the present invention will be described with reference to the drawings. However, the present invention is not limited to the embodiments described below. Further, in each drawing, the same or corresponding elements are designated by the same reference numerals as appropriate. Furthermore, it should be noted that the drawings are schematic and the dimensional relationship of each element, the ratio of each element, etc. may differ from the actual one. Drawings may also include portions that differ in dimensional relationships and ratios.
[属性ベース暗号によるロールベースアクセス制御]
 最初に、本発明の適用が想定される属性ベース暗号によるロールベースアクセス制御について説明する。図1は、属性ベース暗号によるロールベースアクセス制御の概要を示す図である。 [Role-based access control using attribute-based encryption]
First, role-based access control using attribute-based cryptography to which the present invention is expected to be applied will be explained. FIG. 1 is a diagram showing an overview of role-based access control using attribute-based cryptography.
 図1に示すように、属性ベース暗号によるロールベースアクセス制御では、鍵発行機関が復号鍵を発行し、ユーザである復号者はこの復号鍵を用いて暗号文を復号する。暗号文は、暗号文作成者によって作成され、例えばクラウドストレージなどに保存されている。鍵発行機関が発行する復号鍵には、ユーザの属性情報を含んだ属性集合が組み入れられており、ユーザである復号者が暗号文を復号する際には、復号し得る権限の判定に用いられる。暗号文作成者によって作成された暗号文には、復号し得る権限の判定に用いられる条件式が埋め込まれており、暗号文を復号する際には、復号鍵に組み入れられている属性集合に含まれる属性情報を条件式に当てはめて復号し得る権限の判定を行う。 As shown in FIG. 1, in role-based access control using attribute-based encryption, a key issuing authority issues a decryption key, and a decryptor, who is a user, decrypts a ciphertext using this decryption key. The ciphertext is created by a ciphertext creator and stored in, for example, cloud storage. The decryption key issued by the key issuing authority incorporates an attribute set that includes the user's attribute information, and when the decryptor (user) decrypts the ciphertext, it is used to determine the authority to decrypt. . The ciphertext created by the ciphertext creator has embedded a conditional expression used to determine the authority to decrypt it, and when decrypting the ciphertext, the attributes included in the decryption key are The authority for decryption is determined by applying the attribute information to a conditional expression.
 復号し得る権限の判定に用いられる条件式は、鍵発行機関が管理している有効な鍵(属性)のリストに関する公開パラメータから作成されて暗号文に埋め込まれている。したがって、悪意のある管理者がこの条件式を変更することはできず、その点で安全性が高い。 The conditional expression used to determine the authority to decrypt is created from public parameters related to the list of valid keys (attributes) managed by the key issuing authority and embedded in the ciphertext. Therefore, a malicious administrator cannot change this conditional expression, which is highly secure.
[実施形態にかかる暗号システム]
 図2は、本発明の実施形態にかかる暗号システムの概要を示す構成図である。図2に示すように、本発明の実施形態にかかる暗号システム10は、複数の鍵発行装置100~100と復号装置110と暗号化装置120とを備えている。 [Cryptographic system according to embodiment]
FIG. 2 is a configuration diagram showing an overview of a cryptographic system according to an embodiment of the present invention. As shown in FIG. 2, the cryptographic system 10 according to the embodiment of the present invention includes a plurality of key issuing devices 100 1 to 100 n , a decrypting device 110, and an encrypting device 120.
 複数の鍵発行装置100~100は、それぞれが異なる鍵発行主体によって運用されている。すなわち、複数の鍵発行装置100~100は、それぞれが異なる属性情報を管理し、それぞれが管理している属性情報を用いてユーザ復号鍵を生成する。また、複数の鍵発行装置100~100は、生成したユーザ復号鍵のうち、どのユーザ復号鍵が有効であるかを示す有効鍵リストを生成し、これを管理している。なお、複数の鍵発行装置100~100は、それぞれが異なる鍵発行主体によって運用され、異なる属性を管理することも可能であるが、装置構成は同一とすることも可能であるので、以下では代表して鍵発行装置100の構成を説明する。 Each of the plurality of key issuing apparatuses 100 1 to 100 n is operated by a different key issuing entity. That is, each of the plurality of key issuing devices 100 1 to 100 n manages different attribute information, and generates a user decryption key using the attribute information managed by each one. Further, the plurality of key issuing devices 100 1 to 100 n generate and manage a valid key list indicating which user decryption keys are valid among the generated user decryption keys. Note that the plurality of key issuing apparatuses 100 1 to 100 n can each be operated by a different key issuing entity and manage different attributes, but they can also have the same apparatus configuration, so the following will be explained below. Now, the configuration of the key issuing device 1001 will be explained as a representative.
 復号装置110は、鍵発行装置100~100が発行したユーザ復号鍵を用いて、暗号化装置120が生成した暗号文の復号を行う。鍵発行装置100~100が発行したユーザ復号鍵には、属性情報が組み込まれている。一方、暗号化装置120が生成した暗号文は、復号し得る権限の判定に用いられる条件式が埋め込まれており、ユーザ復号鍵に組み込まれている属性情報が、この条件式をクリアした場合に、暗号文の復号に成功する。 The decryption device 110 decrypts the ciphertext generated by the encryption device 120 using the user decryption keys issued by the key issuing devices 100 1 to 100 n . Attribute information is embedded in the user decryption keys issued by the key issuing devices 100 1 to 100 n . On the other hand, the ciphertext generated by the encryption device 120 has a conditional expression used to determine the authority to decrypt it, and if the attribute information incorporated in the user decryption key clears this conditional expression, , the ciphertext is successfully decrypted.
 暗号化装置120は、鍵発行装置100~100が生成した有効鍵リストを用いて暗号文の復号の許可判定の条件式を作成し、この条件式を組み入れた暗号文を作成する。なお、暗号化装置120が作成した暗号文は、そのまま暗号化装置120が保持し、復号装置110が暗号化装置120に保持されている暗号文にアクセスして当該暗号文を復号する方式としても良いが、別途のストレージサーバに暗号文を保存し、ストレージサーバに保管されている暗号文に復号装置110がアクセスする方式とすることも可能である。 The encryption device 120 uses the valid key list generated by the key issuing devices 100 1 to 100 n to create a conditional expression for determining permission to decrypt a ciphertext, and creates a ciphertext incorporating this conditional expression. Note that the ciphertext created by the encryption device 120 may be held as is by the encryption device 120, and the decryption device 110 may access the ciphertext held in the encryption device 120 and decrypt the ciphertext. However, it is also possible to store the ciphertext in a separate storage server and have the decryption device 110 access the ciphertext stored in the storage server.
 ここで鍵発行装置100~100、復号装置110および暗号化装置120の機能および構成についてさらに詳しく説明する。 Here, the functions and configurations of the key issuing devices 100 1 to 100 n , the decrypting device 110, and the encrypting device 120 will be explained in more detail.
 各鍵発行装置100~100は、セットアップ部101とユーザ復号鍵生成部102とマスタ秘密鍵保存部103と公開パラメータ保存部104と有効鍵リスト保存部105と管理属性保存部106とを備えている。 Each key issuing device 100 1 to 100 n has a setup section 101 1 , a user decryption key generation section 102 1 , a master private key storage section 103 1 , a public parameter storage section 104 1 , a valid key list storage section 105 1 , and a management attribute storage section. 1061 .
 セットアップ部1011は、属性に関するインデックスを規定することでパラメータサイズを定数とした公開パラメータとマスタ秘密鍵の生成を行う。ユーザ復号鍵生成部1021は、マスタ秘密鍵と発行対象であるユーザに関連する属性とシステム全体で用いられるユーザIDと復号鍵に関するIDとを用いてユーザ復号鍵を生成する。 The setup unit 1011 generates a public parameter and a master private key with the parameter size as a constant by defining an index related to the attribute. The user decryption key generation unit 1021 generates a user decryption key using a master private key, attributes related to the user to be issued, a user ID used throughout the system, and an ID related to the decryption key.
 マスタ秘密鍵保存部103は、マスタ秘密鍵を保存するための記憶装置である。公開パラメータ保存部104は、属性に関するインデックスを規定することでパラメータサイズを定数とした公開パラメータを保存するための記憶装置である。有効鍵リスト保存部105は、発行済みのユーザ復号鍵の内どのユーザ復号鍵が有効であるか復号鍵に関するIDをリストとして保存するための記憶装置である。管理属性保存部1061は、管理する属性を保存するための記憶装置である。セットアップ部101とユーザ復号鍵生成部102は、マスタ秘密鍵保存部103と公開パラメータ保存部104と有効鍵リスト保存部105と管理属性保存部106に保存されている情報を参照し、ユーザ復号鍵などを生成し、これらをマスタ秘密鍵保存部103と公開パラメータ保存部104と有効鍵リスト保存部105と管理属性保存部106に保存する。 The master private key storage unit 1031 is a storage device for storing a master private key. The public parameter storage unit 1041 is a storage device for storing public parameters in which the parameter size is a constant by defining an index related to an attribute. The valid key list storage unit 1051 is a storage device for storing IDs related to decryption keys as a list indicating which user decryption keys are valid among issued user decryption keys. The managed attribute storage unit 1061 is a storage device for storing managed attributes. The setup unit 101 1 and the user decryption key generation unit 102 1 store information stored in the master private key storage unit 103 1 , the public parameter storage unit 104 1 , the valid key list storage unit 105 1 and the management attribute storage unit 106 1 . 1, generates a user decryption key, etc., and stores these in the master private key storage section 103 1 , public parameter storage section 104 1 , valid key list storage section 105 1 , and management attribute storage section 106 1 .
 復号装置110は、暗号文復号部111とユーザ復号鍵保存部112とを備えている。暗号文復号部111は、復号対象の暗号文に規定された条件式と有効鍵リストを満たすような属性とユーザIDと復号鍵に関するIDとが規定された復号鍵を用いて暗号文を復号する。ユーザ復号鍵保存部112は、鍵発行装置100~100が発行したユーザ復号鍵を保存するための記憶装置である。 The decryption device 110 includes a ciphertext decryption section 111 and a user decryption key storage section 112. The ciphertext decryption unit 111 decrypts the ciphertext using a decryption key in which an attribute, a user ID, and an ID related to the decryption key are defined that satisfy a conditional expression and a valid key list defined for the ciphertext to be decrypted. . The user decryption key storage unit 112 is a storage device for storing user decryption keys issued by the key issuing devices 100 1 to 100 n .
 暗号化装置120は、暗号文作成部121と公開パラメータ保存部122と有効鍵リスト保存部123とを備えている。暗号文作成部121は、属性に関するインデックスを規定することでパラメータサイズを定数とした公開パラメータと有効鍵リストとアクセス条件式とを用いて暗号文を作成する。公開パラメータ保存部122は、属性に関するインデックスを規定することでパラメータサイズを定数とした公開パラメータを保存するための記憶装置である。有効鍵リスト保存部123は、発行済みのユーザ復号鍵の内どのユーザ復号鍵が有効であるか復号鍵に関するIDをリストとして保存するための記憶装置である。 The encryption device 120 includes a ciphertext creation section 121, a public parameter storage section 122, and a valid key list storage section 123. The ciphertext creation unit 121 creates a ciphertext using a public parameter with the parameter size as a constant, a valid key list, and an access condition expression by defining an index related to an attribute. The public parameter storage unit 122 is a storage device for storing public parameters with the parameter size as a constant by defining an index related to an attribute. The valid key list storage unit 123 is a storage device for storing a list of IDs related to decryption keys indicating which user decryption keys are valid among issued user decryption keys.
 ユーザ復号鍵の構成および復号し得る権限の判定は、例えば以下のように行う。 The configuration of the user decryption key and the authority to decrypt it are determined, for example, as follows.
 各鍵発行装置100~100は、管理している属性の情報を属性ベクトルxとしてユーザ復号鍵に埋め込む。一方、暗号化装置120は、復号を許可する属性ベクトルxと内積を計算するとゼロが得られる条件ベクトルvを暗号文に埋め込む。条件式の例として、たとえば、属性ベクトルxと条件ベクトルvの内積の値がゼロか否かというものが挙げられる。復号装置110は、発行されたユーザ復号鍵に埋め込まれた属性ベクトルxを暗号文に埋め込まれた条件式に入力し、出力された内積の値がゼロである場合に復号に成功する。なお、内積の値がゼロになるか否かというのは条件式の一例で,必ずしも条件式が内積の値がゼロになるか否かだけに限定されない、例えば、条件ベクトルとの内積の値と論理式とを計算し、内積の値に関する条件と論理式とを満たす場合に復号を許可する条件式を採用することも可能である。内積の値と論理式からアクセス制御を行うと、復号鍵の有効性判断は内積の値のみで制御し、アクセス制御には内積の値と論理式の組み合わせを用いるというように多面的な認証を行うことも可能になる。 Each key issuing device 100 1 to 100 n embeds managed attribute information in the user decryption key as an attribute vector x. On the other hand, the encryption device 120 embeds in the ciphertext a condition vector v whose inner product is calculated to be zero with an attribute vector x that permits decryption. An example of a conditional expression is, for example, whether the value of the inner product of the attribute vector x and the condition vector v is zero. The decryption device 110 inputs the attribute vector x embedded in the issued user decryption key into the conditional expression embedded in the ciphertext, and succeeds in decryption when the value of the output inner product is zero. Note that whether or not the value of the inner product is zero is an example of a conditional expression, and the conditional expression is not necessarily limited to whether or not the value of the inner product is zero; for example, the value of the inner product with the condition vector and It is also possible to use a conditional expression that allows decoding when the condition regarding the value of the inner product and the logical expression are satisfied. When access control is performed using the inner product value and logical formula, multifaceted authentication is performed, such as determining the validity of the decryption key using only the inner product value, and using a combination of the inner product value and logical formula for access control. It will also be possible to do so.
 図3は、復号鍵の有効性の判定に用いられる二分木の例を示す図である。ここでは、ID0~ID3までの復号鍵が発行済であり、この中でID0~ID2までの復号鍵が有効である例を考える。このとき、暗号化装置120は、各鍵発行装置100~100から受信した公開パラメータと有効鍵リストから条件ベクトル
Figure JPOXMLDOC01-appb-I000001
を作成し、有効鍵の判定に用いられる条件式として暗号文に埋め込む。一方、各鍵発行装置100~100は、有効鍵の判定に用いられる条件式に入力する値としてユーザID1のユーザ復号鍵の中に有効性ベクトル
Figure JPOXMLDOC01-appb-I000002

を組み入れておく。すると、復号装置110が暗号文を復号する際に、有効性ベクトル
Figure JPOXMLDOC01-appb-I000003
と条件ベクトル
Figure JPOXMLDOC01-appb-I000004
の内積がゼロになるので、有効鍵の判定をクリアし、ユーザID1は暗号文の復号に成功する。 FIG. 3 is a diagram showing an example of a binary tree used to determine the validity of a decryption key. Here, consider an example in which decryption keys ID0 to ID3 have been issued, and among these decryption keys ID0 to ID2 are valid. At this time, the encryption device 120 generates a condition vector from the public parameters and valid key list received from each key issuing device 100 1 to 100 n .
Figure JPOXMLDOC01-appb-I000001
is created and embedded in the ciphertext as a conditional expression used to determine a valid key. On the other hand, each key issuing device 100 1 to 100 n includes a validity vector in the user decryption key of user ID 1 as a value input to a conditional expression used to determine a valid key.
Figure JPOXMLDOC01-appb-I000002

Incorporate. Then, when the decryption device 110 decrypts the ciphertext, the validity vector
Figure JPOXMLDOC01-appb-I000003
and condition vector
Figure JPOXMLDOC01-appb-I000004
Since the inner product of is zero, the valid key determination is cleared and user ID1 successfully decrypts the ciphertext.
 なお、図3に示されている二分木の各ノードに割り当てられたパラメータv~vは、各鍵発行装置100~100が生成した公開パラメータから構成することができる。また、各鍵発行装置100~100が生成した有効鍵リストから有効なユーザ復号鍵とパラメータv~vの対応関係を知ることができる。よって、暗号化装置120は、有効なユーザ復号鍵に組み込まれる有効性ベクトルが入力された場合に内積がゼロになる条件式を構成することが可能である。 Note that the parameters v 0 to v 6 assigned to each node of the binary tree shown in FIG. 3 can be configured from public parameters generated by each of the key issuing devices 100 1 to 100 n . Furthermore, it is possible to know the correspondence between valid user decryption keys and parameters v 0 to v 6 from the valid key list generated by each key issuing device 100 1 to 100 n . Therefore, the encryption device 120 can configure a conditional expression such that the inner product becomes zero when a validity vector incorporated in a valid user decryption key is input.
 以上説明した暗号システムでは、複数の鍵発行機関がそれぞれ鍵発行装置100~100を運用することで、複数の鍵発行機関のそれぞれが属性ベース暗号のユーザ復号鍵を発行することができ、かつ、公開するパラメータサイズの長大化を防ぎながらユーザ復号鍵の失効判定を行うことができる。すなわち、上記説明した暗号システム、鍵発行装置100~100、鍵発行方法および鍵発行プログラムは、属性ベース暗号を適切かつ効率的に扱うことに寄与することができる。 In the cryptographic system described above, each of the plurality of key issuing authorities operates the key issuing devices 100 1 to 100 n , so that each of the plurality of key issuing authorities can issue a user decryption key for attribute-based encryption. In addition, it is possible to determine whether the user decryption key has expired while preventing the size of the parameters to be made public from increasing. That is, the cryptographic system, key issuing devices 100 1 to 100 n , key issuing method, and key issuing program described above can contribute to appropriately and efficiently handling attribute-based cryptography.
[ハードウェア構成例]
 図4は、鍵発行装置と復号装置と暗号化装置のハードウェア構成例を示す図である。図4に示すハードウェア構成を採用した情報処理装置(コンピュータ)は、上記説明した鍵発行装置100~100と復号装置110と暗号化装置120の各機能を実現することを可能にする。ただし、図4に示すハードウェア構成例は、鍵発行装置100~100と復号装置110と暗号化装置120の各機能を実現するハードウェア構成の一例であり、鍵発行装置100~100と復号装置110と暗号化装置120のハードウェア構成を限定する趣旨ではない。鍵発行装置100~100と復号装置110と暗号化装置120は、図4に示さないハードウェアを含むことができる。 [Hardware configuration example]
FIG. 4 is a diagram showing an example of a hardware configuration of a key issuing device, a decrypting device, and an encrypting device. The information processing device (computer) employing the hardware configuration shown in FIG. 4 makes it possible to realize the functions of the key issuing devices 100 1 to 100 n , the decrypting device 110, and the encrypting device 120 described above. However, the hardware configuration example shown in FIG . This is not intended to limit the hardware configurations of n , decryption device 110, and encryption device 120. The key issuing devices 100 1 to 100 n , the decrypting device 110, and the encrypting device 120 may include hardware not shown in FIG. 4.
 図4に示すように、鍵発行装置100~100と復号装置110と暗号化装置120が採用し得るハードウェア構成40は、例えば内部バスにより相互に接続される、CPU(Central Processing Unit)41、主記憶装置42、補助記憶装置43、およびIF(Interface)部44を備える。 As shown in FIG. 4, a hardware configuration 40 that can be adopted by the key issuing devices 100 1 to 100 n , the decrypting device 110, and the encrypting device 120 includes, for example, a CPU (Central Processing Unit) connected to each other by an internal bus. 41, a main storage device 42, an auxiliary storage device 43, and an IF (Interface) section 44.
 CPU41は、鍵発行装置100~100と復号装置110と暗号化装置120が実行するプログラムに含まれる各指令を実行する。主記憶装置42は、例えばRAM(Random Access Memory)であり、鍵発行装置100~100と復号装置110と暗号化装置120が実行する各種プログラムなどをCPU41が処理するために一時記憶する。 The CPU 41 executes each command included in the program executed by the key issuing devices 100 1 to 100 n , the decrypting device 110, and the encrypting device 120. The main storage device 42 is, for example, a RAM (Random Access Memory), and temporarily stores various programs executed by the key issuing devices 100 1 to 100 n , the decrypting device 110, and the encrypting device 120 for processing by the CPU 41.
 補助記憶装置43は、例えば、HDD(Hard Disk Drive)であり、鍵発行装置100~100と復号装置110と暗号化装置120が実行する各種プログラムなどを中長期的に記憶しておくことが可能である。各種プログラムは、非一時的なコンピュータ可読記録媒体(non-transitory computer-readable storage medium)に記録されたプログラム製品として提供することができる。補助記憶装置43は、非一時的なコンピュータ可読記録媒体に記録された各種プログラムを中長期的に記憶することに利用することが可能である。IF部44は、鍵発行装置100~100と復号装置110と暗号化装置120との間の通信に関するインターフェイスを提供する。 The auxiliary storage device 43 is, for example, an HDD (Hard Disk Drive), and stores various programs executed by the key issuing devices 100 1 to 100 n , the decrypting device 110, and the encrypting device 120 on a medium- to long-term basis. is possible. Various programs can be provided as program products recorded on non-transitory computer-readable storage media. The auxiliary storage device 43 can be used for medium- to long-term storage of various programs recorded on non-temporary computer-readable recording media. The IF unit 44 provides an interface for communication between the key issuing devices 100 1 to 100 n , the decrypting device 110, and the encrypting device 120.
 上記のようなハードウェア構成40を採用した情報処理装置は、鍵発行装置100~100と復号装置110と暗号化装置120の各機能を実現することができる。 An information processing device employing the above-described hardware configuration 40 can realize the functions of the key issuing devices 100 1 to 100 n , the decrypting device 110, and the encrypting device 120.
 上記の実施形態の一部又は全部は、以下の付記のようにも記載され得るが、以下には限られない。
[付記1]
 ネットワークで接続されている鍵発行装置と復号装置と暗号化装置を備え、
 前記鍵発行装置は、属性に関するインデックスを規定する公開パラメータとマスタ秘密鍵の生成を行うセットアップ部と、
 前記マスタ秘密鍵と発行対象であるユーザに関連する属性とシステム全体で用いられるユーザIDと復号鍵に関するIDとを用いてユーザ復号鍵を生成するユーザ復号鍵生成部と、
 前記マスタ秘密鍵を保存するマスタ秘密鍵保存部と、
 前記公開パラメータを保存する公開パラメータ保存部と、
 発行済みの前記ユーザ復号鍵の中でどのユーザ復号鍵が有効であるかを示す復号鍵に関するIDを有効鍵リストとして保存する有効鍵リスト保存部と、
 管理する属性を保存する管理属性保存部とを備え、
 前記復号装置は、復号対象の暗号文に規定されたアクセス条件式と前記有効鍵リストを満たすような属性と前記ユーザIDと復号鍵に関するIDとが規定された前記ユーザ復号鍵を用いて暗号文を復号する暗号文復号部と、
 前記ユーザ復号鍵を保存するユーザ復号鍵保存部とを備え、
 前記暗号化装置は、前記公開パラメータと前記有効鍵リストと前記アクセス条件式とを用いて暗号文を作成する暗号文作成部と、
 前記公開パラメータを保存する公開パラメータ保存部と、
 前記有効鍵リストを保存する有効鍵リスト保存部とを備える、暗号システム。
[付記2]
 前記アクセス条件式は、ユーザ復号鍵に組み込まれている属性ベクトルを入力とし、前記アクセス条件式に組み込まれている条件ベクトルとの内積を計算し、前記内積の値に関する条件と論理式とを満たす場合に復号を許可する、付記1に記載の暗号システム。
[付記3]
 前記内積の値は、ユーザ復号鍵の有効性の判定条件であり、前記論理式は、アクセス制御の判定条件である、付記2に記載の暗号システム。
[付記4]
 前記有効鍵リストは、二分木を用いて管理する属性を表現の各ノードに属性情報のパラメータを割り当てる、付記1に記載の暗号システム。
[付記5]
 前記ユーザ復号鍵の有効性を判定するため条件式には、前記二分木の各ノードに割り当てられたパラメータが含まれており、前記ユーザ復号鍵に組み込まれている属性ベクトルにも前記二分木の各ノードに割り当てられたパラメータが含まれている、付記4に記載の暗号システム。
[付記6]
 属性に関するインデックスを規定する公開パラメータとマスタ秘密鍵の生成を行うセットアップ部と、
 前記マスタ秘密鍵と発行対象であるユーザに関連する属性とシステム全体で用いられるユーザIDと復号鍵に関するIDとを用いてユーザ復号鍵を生成するユーザ復号鍵生成部と、
 前記マスタ秘密鍵を保存するマスタ秘密鍵保存部と、
 暗号文の作成に用いる前記公開パラメータを保存する公開パラメータ保存部と、
 発行済みの前記ユーザ復号鍵の中でどのユーザ復号鍵が有効であるかを示す復号鍵に関するIDを有効鍵リストとして保存する有効鍵リスト保存部と、
 管理する属性を保存する管理属性保存部とを備え、ネットワークで接続されている暗号化装置が作成した暗号文を復号装置が復号するためのユーザ復号鍵を発行する鍵発行装置。
[付記7]
 前記有効鍵リストは、二分木を用いて管理する属性を表現の各ノードに属性情報のパラメータを割り当てる、付記6に記載の鍵発行装置。
[付記8]
 前記ユーザ復号鍵の有効性を判定するため条件式には、前記二分木の各ノードに割り当てられたパラメータが含まれており、前記ユーザ復号鍵に組み込まれている属性ベクトルにも前記二分木の各ノードに割り当てられたパラメータが含まれている、付記7に記載の鍵発行装置。
[付記9]
  属性に関するインデックスを規定する公開パラメータとマスタ秘密鍵の生成を行い、
 前記マスタ秘密鍵と発行対象であるユーザに関連する属性とシステム全体で用いられるユーザIDと復号鍵に関するIDとを用いてユーザ復号鍵を生成し、
 ネットワークで接続されている暗号化装置が作成した暗号文を復号する復号装置に前記ユーザ復号鍵を発行する鍵発行方法。
[付記10]
  属性に関するインデックスを規定する公開パラメータとマスタ秘密鍵の生成を行い、
 前記マスタ秘密鍵と発行対象であるユーザに関連する属性とシステム全体で用いられるユーザIDと復号鍵に関するIDとを用いてユーザ復号鍵を生成し、
 ネットワークで接続されている暗号化装置が作成した暗号文を復号する復号装置に前記ユーザ復号鍵を発行する鍵発行プログラム。
[付記11]
 発行済みの前記ユーザ復号鍵の中でどのユーザ復号鍵が有効であるかを示す有効鍵リストは、二分木を用いて管理する属性を表現の各ノードに属性情報のパラメータを割り当てる、付記10に記載の鍵発行プログラム。 Part or all of the above embodiments may be described as in the following additional notes, but are not limited to the following.
[Additional note 1]
Equipped with a key issuing device, decryption device, and encryption device connected via a network,
The key issuing device includes a setup unit that generates public parameters that define indexes related to attributes and a master private key;
a user decryption key generation unit that generates a user decryption key using the master private key, attributes related to the user to be issued, a user ID used throughout the system, and an ID related to the decryption key;
a master private key storage unit that stores the master private key;
a public parameter storage unit that stores the public parameters;
a valid key list storage unit that stores IDs related to decryption keys indicating which user decryption keys are valid among the issued user decryption keys as a valid key list;
and a management attribute storage unit for storing attributes to be managed;
The decryption device decrypts the ciphertext using the user decryption key in which the access condition expression specified for the ciphertext to be decrypted, the attribute that satisfies the valid key list, the user ID, and the ID related to the decryption key are specified. a ciphertext decryption unit that decrypts the
a user decryption key storage unit that stores the user decryption key;
The encryption device includes a ciphertext creation unit that creates a ciphertext using the public parameter, the valid key list, and the access condition expression;
a public parameter storage unit that stores the public parameters;
A cryptographic system, comprising: a valid key list storage unit that stores the valid key list.
[Additional note 2]
The access conditional expression takes as input the attribute vector incorporated in the user decryption key, calculates the inner product with the condition vector incorporated in the access conditional expression, and satisfies the condition and logical expression regarding the value of the inner product. The cryptographic system described in Appendix 1, which permits decryption in cases where:
[Additional note 3]
The cryptographic system according to appendix 2, wherein the value of the inner product is a criterion for determining validity of a user decryption key, and the logical expression is a criterion for access control.
[Additional note 4]
The cryptographic system according to appendix 1, wherein the valid key list allocates parameters of attribute information to each node representing attributes managed using a binary tree.
[Additional note 5]
The conditional expression for determining the validity of the user decryption key includes parameters assigned to each node of the binary tree, and the attribute vector incorporated in the user decryption key also includes a parameter assigned to each node of the binary tree. The cryptographic system according to appendix 4, comprising parameters assigned to each node.
[Additional note 6]
a setup unit that generates public parameters that define indexes related to attributes and a master private key;
a user decryption key generation unit that generates a user decryption key using the master private key, attributes related to the user to be issued, a user ID used in the entire system, and an ID related to the decryption key;
a master private key storage unit that stores the master private key;
a public parameter storage unit that stores the public parameters used to create the ciphertext;
a valid key list storage unit that stores IDs related to decryption keys indicating which user decryption keys are valid among the issued user decryption keys as a valid key list;
A key issuing device that issues a user decryption key for a decryption device to decrypt a ciphertext created by an encryption device connected via a network, and a management attribute storage unit that stores managed attributes.
[Additional note 7]
The key issuing device according to appendix 6, wherein the valid key list allocates parameters of attribute information to each node representing attributes managed using a binary tree.
[Additional note 8]
The conditional expression for determining the validity of the user decryption key includes parameters assigned to each node of the binary tree, and the attribute vector incorporated in the user decryption key also includes a parameter assigned to each node of the binary tree. The key issuing device according to appendix 7, which includes parameters assigned to each node.
[Additional note 9]
Generate public parameters and master private keys that define indexes for attributes,
Generating a user decryption key using the master private key, attributes related to the user to be issued, a user ID used throughout the system, and an ID related to the decryption key;
A key issuing method for issuing the user decryption key to a decryption device that decrypts a ciphertext created by an encryption device connected through a network.
[Additional note 10]
Generate public parameters and master private keys that define indexes for attributes,
Generating a user decryption key using the master private key, attributes related to the user to be issued, a user ID used throughout the system, and an ID related to the decryption key;
A key issuing program that issues the user decryption key to a decryption device that decrypts a ciphertext created by an encryption device connected through a network.
[Additional note 11]
A valid key list indicating which user decryption keys are valid among the user decryption keys that have been issued is provided in Appendix 10, which assigns attribute information parameters to each node of the attribute representation managed using a binary tree. The key issuing program described.
 本発明で、アルゴリズム、ソフトウエア、ないしフローチャート或いは自動化されたプロセスステップが示された場合、コンピュータが用いられることは自明であり、またコンピュータにはプロセッサ及びメモリないし記憶装置が付設されることも自明である。よってその明示を欠く場合にも、本願には、これらの要素が当然記載されているものと解される。 In the present invention, it is obvious that a computer is used when an algorithm, software or flowchart or automated process step is shown, and it is also obvious that the computer is equipped with a processor and a memory or storage device. It is. Therefore, even if these elements are not explicitly stated, it is understood that these elements are naturally described in the present application.
 なお、引用した上記の特許文献等の各開示は、本書に引用をもって繰り込むものとする。本発明の全開示(請求の範囲を含む)の枠内において、さらにその基本的技術思想に基づいて、実施形態ないし実施例の変更・調整が可能である。また、本発明の全開示の枠内において種々の開示要素(各請求項の各要素、各実施形態ないし実施例の各要素、各図面の各要素等を含む)の多様な組み合わせ、ないし、選択(部分的削除を含む)が可能である。すなわち、本発明は、請求の範囲を含む全開示、技術的思想にしたがって当業者であればなし得るであろう各種変形、修正を含むことは勿論である。特に、本書に記載した数値範囲については、当該範囲内に含まれる任意の数値ないし小範囲が、別段の記載のない場合でも具体的に記載されているものと解釈されるべきである。さらに、上記引用した文献の各開示事項は、必要に応じ、本発明の趣旨に則り、本発明の開示の一部として、その一部又は全部を、本書の記載事項と組み合わせて用いることも、本願の開示事項に含まれるものと、みなされる。 Furthermore, the disclosures of the above cited patent documents, etc. are incorporated into this book by reference. Within the scope of the entire disclosure of the present invention (including the claims), changes and adjustments to the embodiments and examples are possible based on the basic technical idea thereof. In addition, various combinations or selections of various disclosed elements (including each element of each claim, each element of each embodiment or example, each element of each drawing, etc.) are possible within the framework of the entire disclosure of the present invention. (including partial deletion) is possible. That is, it goes without saying that the present invention includes the entire disclosure including the claims and various modifications and modifications that a person skilled in the art would be able to make in accordance with the technical idea. In particular, numerical ranges stated herein should be construed as specifically stating any numerical value or subrange within the range, even if not otherwise stated. Furthermore, each of the disclosures in the documents cited above may be used, in part or in whole, in combination with the statements in this book as part of the disclosure of the present invention, if necessary, in accordance with the spirit of the present invention. It is deemed to be included in the disclosure of this application.
 100~100 鍵発行装置
 101 セットアップ部
 102 ユーザ復号鍵生成部
 103 マスタ秘密鍵保存部
 104 公開パラメータ保存部
 105 有効鍵リスト保存部
 106 管理属性保存部
 110 復号装置
 111 暗号文復号部
 112 ユーザ復号鍵保存部
 120 暗号化装置
 121 暗号文作成部
 122 公開パラメータ保存部
 123 有効鍵リスト保存部 100 1 to 100 n Key issuing device 101 1 Setup section 102 1 User decryption key generation section 103 1 Master private key storage section 104 1 Public parameter storage section 105 1 Valid key list storage section 106 1 Management attribute storage section 110 Decryption device 111 Encryption device Text decryption unit 112 User decryption key storage unit 120 Encryption device 121 Ciphertext creation unit 122 Public parameter storage unit 123 Valid key list storage unit

Claims (11)

  1.  ネットワークで接続されている鍵発行装置と復号装置と暗号化装置を備え、
     前記鍵発行装置は、属性に関するインデックスを規定する公開パラメータとマスタ秘密鍵の生成を行うセットアップ部と、
     前記マスタ秘密鍵と発行対象であるユーザに関連する属性とシステム全体で用いられるユーザIDと復号鍵に関するIDとを用いてユーザ復号鍵を生成するユーザ復号鍵生成部と、
     前記マスタ秘密鍵を保存するマスタ秘密鍵保存部と、
     前記公開パラメータを保存する公開パラメータ保存部と、
     発行済みの前記ユーザ復号鍵の中でどのユーザ復号鍵が有効であるかを示す復号鍵に関するIDを有効鍵リストとして保存する有効鍵リスト保存部と、
     管理する属性を保存する管理属性保存部とを備え、
     前記復号装置は、復号対象の暗号文に規定されたアクセス条件式と前記有効鍵リストを満たすような属性と前記ユーザIDと復号鍵に関するIDとが規定された前記ユーザ復号鍵を用いて暗号文を復号する暗号文復号部と、
     前記ユーザ復号鍵を保存するユーザ復号鍵保存部とを備え、
     前記暗号化装置は、前記公開パラメータと前記有効鍵リストと前記アクセス条件式とを用いて暗号文を作成する暗号文作成部と、
     前記公開パラメータを保存する公開パラメータ保存部と、
     前記有効鍵リストを保存する有効鍵リスト保存部とを備える、暗号システム。     Equipped with a key issuing device, decryption device, and encryption device connected via a network,
    The key issuing device includes a setup unit that generates public parameters that define indexes related to attributes and a master private key;
    a user decryption key generation unit that generates a user decryption key using the master private key, attributes related to the user to be issued, a user ID used throughout the system, and an ID related to the decryption key;
    a master private key storage unit that stores the master private key;
    a public parameter storage unit that stores the public parameters;
    a valid key list storage unit that stores IDs related to decryption keys indicating which user decryption keys are valid among the issued user decryption keys as a valid key list;
    and a management attribute storage unit for storing attributes to be managed;
    The decryption device decrypts the ciphertext using the user decryption key in which the access condition expression specified for the ciphertext to be decrypted, the attribute that satisfies the valid key list, the user ID, and the ID related to the decryption key are specified. a ciphertext decryption unit that decrypts the
    a user decryption key storage unit that stores the user decryption key;
    The encryption device includes a ciphertext creation unit that creates a ciphertext using the public parameter, the valid key list, and the access condition expression;
    a public parameter storage unit that stores the public parameters;
    A cryptographic system, comprising: a valid key list storage unit that stores the valid key list.
  2.  前記アクセス条件式は、ユーザ復号鍵に組み込まれている属性ベクトルを入力とし、前記アクセス条件式に組み込まれている条件ベクトルとの内積を計算し、前記内積の値に関する条件と論理式とを満たす場合に復号を許可する、請求項1に記載の暗号システム。 The access conditional expression takes as input the attribute vector incorporated in the user decryption key, calculates an inner product with the conditional vector incorporated in the access conditional expression, and satisfies the condition regarding the value of the inner product and the logical expression. 2. The cryptographic system of claim 1, wherein the cryptographic system allows decryption if
  3.  前記内積の値は、ユーザ復号鍵の有効性の判定条件であり、前記論理式は、アクセス制御の判定条件である、請求項2に記載の暗号システム。 The cryptographic system according to claim 2, wherein the value of the inner product is a criterion for determining the validity of a user decryption key, and the logical formula is a criterion for access control.
  4.  前記有効鍵リストは、二分木を用いて管理する属性を表現の各ノードに属性情報のパラメータを割り当てる、請求項1に記載の暗号システム。 The cryptographic system according to claim 1, wherein the valid key list assigns parameters of attribute information to each node representing attributes managed using a binary tree.
  5.  前記ユーザ復号鍵の有効性を判定するため条件式には、前記二分木の各ノードに割り当てられたパラメータが含まれており、前記ユーザ復号鍵に組み込まれている属性ベクトルにも前記二分木の各ノードに割り当てられたパラメータが含まれている、請求項4に記載の暗号システム。 The conditional expression for determining the validity of the user decryption key includes parameters assigned to each node of the binary tree, and the attribute vector incorporated in the user decryption key also includes a parameter assigned to each node of the binary tree. 5. The cryptographic system of claim 4, comprising parameters assigned to each node.

  6.  属性に関するインデックスを規定する公開パラメータとマスタ秘密鍵の生成を行うセットアップ部と、
     前記マスタ秘密鍵と発行対象であるユーザに関連する属性とシステム全体で用いられるユーザIDと復号鍵に関するIDとを用いてユーザ復号鍵を生成するユーザ復号鍵生成部と、
     前記マスタ秘密鍵を保存するマスタ秘密鍵保存部と、
     暗号文の作成に用いる前記公開パラメータを保存する公開パラメータ保存部と、
     発行済みの前記ユーザ復号鍵の中でどのユーザ復号鍵が有効であるかを示す復号鍵に関するIDを有効鍵リストとして保存する有効鍵リスト保存部と、
     管理する属性を保存する管理属性保存部とを備え、
     ネットワークで接続されている暗号化装置が作成した暗号文を復号装置が復号するためのユーザ復号鍵を発行する鍵発行装置。
    a setup unit that generates public parameters that define indexes related to attributes and a master private key;
    a user decryption key generation unit that generates a user decryption key using the master private key, attributes related to the user to be issued, a user ID used throughout the system, and an ID related to the decryption key;
    a master private key storage unit that stores the master private key;
    a public parameter storage unit that stores the public parameters used to create the ciphertext;
    a valid key list storage unit that stores IDs related to decryption keys indicating which user decryption keys are valid among the issued user decryption keys as a valid key list;
    and a management attribute storage unit for storing attributes to be managed;
    A key issuing device that issues a user decryption key for a decryption device to decrypt a ciphertext created by an encryption device connected via a network.
  7.  前記有効鍵リストは、二分木を用いて管理する属性を表現の各ノードに属性情報のパラメータを割り当てる、請求項6に記載の鍵発行装置。 7. The key issuing device according to claim 6, wherein the valid key list assigns parameters of attribute information to each node representing attributes managed using a binary tree.
  8.  前記ユーザ復号鍵の有効性を判定するため条件式には、前記二分木の各ノードに割り当てられたパラメータが含まれており、前記ユーザ復号鍵に組み込まれている属性ベクトルにも前記二分木の各ノードに割り当てられたパラメータが含まれている、請求項7に記載の鍵発行装置。 The conditional expression for determining the validity of the user decryption key includes parameters assigned to each node of the binary tree, and the attribute vector incorporated in the user decryption key also includes a parameter assigned to each node of the binary tree. The key issuing device according to claim 7, further comprising parameters assigned to each node.
  9.  属性に関するインデックスを規定する公開パラメータとマスタ秘密鍵の生成を行い、
     前記マスタ秘密鍵と発行対象であるユーザに関連する属性とシステム全体で用いられるユーザIDと復号鍵に関するIDとを用いてユーザ復号鍵を生成し、
     ネットワークで接続されている暗号化装置が作成した暗号文を復号する復号装置に前記ユーザ復号鍵を発行する鍵発行方法。     Generate public parameters and master private key that define indexes for attributes,
    Generating a user decryption key using the master private key, attributes related to the user to be issued, a user ID used throughout the system, and an ID related to the decryption key;
    A key issuing method for issuing the user decryption key to a decryption device that decrypts a ciphertext created by an encryption device connected through a network.
  10.  属性に関するインデックスを規定する公開パラメータとマスタ秘密鍵の生成を行い、
     前記マスタ秘密鍵と発行対象であるユーザに関連する属性とシステム全体で用いられるユーザIDと復号鍵に関するIDとを用いてユーザ復号鍵を生成し、
     ネットワークで接続されている暗号化装置が作成した暗号文を復号する復号装置に前記ユーザ復号鍵を発行する鍵発行プログラム。     Generate public parameters and master private key that define indexes for attributes,
    Generating a user decryption key using the master private key, attributes related to the user to be issued, a user ID used throughout the system, and an ID related to the decryption key;
    A key issuing program that issues the user decryption key to a decryption device that decrypts a ciphertext created by an encryption device connected via a network.
  11.  発行済みの前記ユーザ復号鍵の中でどのユーザ復号鍵が有効であるかを示す有効鍵リストは、二分木を用いて管理する属性を表現の各ノードに属性情報のパラメータを割り当てる、請求項10に記載の鍵発行プログラム。 10. The valid key list indicating which user decryption keys are valid among the issued user decryption keys, assigns parameters of attribute information to each node of an attribute representation managed using a binary tree. The key issuing program described in .
PCT/JP2022/027681 2022-07-14 2022-07-14 Encryption system, key issuing device, key issuing method, and key issuing program WO2024013924A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/JP2022/027681 WO2024013924A1 (en) 2022-07-14 2022-07-14 Encryption system, key issuing device, key issuing method, and key issuing program

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2022/027681 WO2024013924A1 (en) 2022-07-14 2022-07-14 Encryption system, key issuing device, key issuing method, and key issuing program

Publications (1)

Publication Number Publication Date
WO2024013924A1 true WO2024013924A1 (en) 2024-01-18

Family

ID=89536239

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2022/027681 WO2024013924A1 (en) 2022-07-14 2022-07-14 Encryption system, key issuing device, key issuing method, and key issuing program

Country Status (1)

Country Link
WO (1) WO2024013924A1 (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2012203182A (en) * 2011-03-25 2012-10-22 Mitsubishi Electric Corp Encryption processing system, key generation device, encryption device, decoding device, encryption processing method, and encryption processing program
CN112671535A (en) * 2020-12-28 2021-04-16 华南农业大学 Multi-center revocable key strategy attribute-based encryption method, device and storage medium

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2012203182A (en) * 2011-03-25 2012-10-22 Mitsubishi Electric Corp Encryption processing system, key generation device, encryption device, decoding device, encryption processing method, and encryption processing program
CN112671535A (en) * 2020-12-28 2021-04-16 华南农业大学 Multi-center revocable key strategy attribute-based encryption method, device and storage medium

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
WU YI; ZHANG WEI; XIONG HU; QIN ZHIGUANG; YEH KUO-HUI: "Efficient access control with traceability and user revocation in IoT", MULTIMEDIA TOOLS AND APPLICATIONS., KLUWER ACADEMIC PUBLISHERS, BOSTON., US, vol. 80, no. 20, 1 August 2021 (2021-08-01), US , pages 31487 - 31508, XP037564810, ISSN: 1380-7501, DOI: 10.1007/s11042-021-11286-0 *

Similar Documents

Publication Publication Date Title
US11664984B2 (en) Method and system for secure distribution of selected content to be protected on an appliance-specific basis with definable permitted associated usage rights for the selected content
US11461434B2 (en) Method and system for secure distribution of selected content to be protected
US8423764B2 (en) Method and apparatus for key revocation in an attribute-based encryption scheme
US8464354B2 (en) Content cryptographic firewall system
US8064604B2 (en) Method and apparatus for facilitating role-based cryptographic key management for a database
US8619982B2 (en) Method and system for secure distribution of selected content to be protected on an appliance specific basis
CA2623137C (en) Cryptographic control for mobile storage means
JP5639660B2 (en) Confirmable trust for data through the wrapper complex
Sumathi et al. A group-key-based sensitive attribute protection in cloud storage using modified random Fibonacci cryptography
US8732481B2 (en) Object with identity based encryption
WO2024013924A1 (en) Encryption system, key issuing device, key issuing method, and key issuing program
US10257176B2 (en) Replacing keys in a computer system
JP4192738B2 (en) Electronic document editing device, electronic document editing program
JP7350220B2 (en) Search execution device, search execution method, search execution program, and secret search system
EP2293211A1 (en) Digital rights management system with diversified content protection process
WO2021172050A1 (en) Secondary use management device, secondary use management method, and computer-readable recording medium
Vijayan et al. Review on Fuzzy Authorization for Cloud Storage
Shull Techniques and Challenges for Cryptographic Implementation of Access Control in the Cloud
Kadam SECURE DATA FORWARDING APPROACH USING MUTUAL TRUST IN CLOUD COMPUTING
Ghiță et al. IMPLEMENTATION OF CRYPTOGRAPHICALLY ENFORCED RBAC
KR20060023086A (en) Method for broadcast encryption

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22951138

Country of ref document: EP

Kind code of ref document: A1