WO2024028961A1 - 暗号システム、方法及びプログラム - Google Patents

暗号システム、方法及びプログラム Download PDF

Info

Publication number
WO2024028961A1
WO2024028961A1 PCT/JP2022/029558 JP2022029558W WO2024028961A1 WO 2024028961 A1 WO2024028961 A1 WO 2024028961A1 JP 2022029558 W JP2022029558 W JP 2022029558W WO 2024028961 A1 WO2024028961 A1 WO 2024028961A1
Authority
WO
WIPO (PCT)
Prior art keywords
encryption
ciphertext
function
decryption
key generation
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/JP2022/029558
Other languages
English (en)
French (fr)
Japanese (ja)
Inventor
潤一 富田
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
NTT Inc
Original Assignee
Nippon Telegraph and Telephone Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nippon Telegraph and Telephone Corp filed Critical Nippon Telegraph and Telephone Corp
Priority to JP2024538555A priority Critical patent/JP7786593B2/ja
Priority to PCT/JP2022/029558 priority patent/WO2024028961A1/ja
Publication of WO2024028961A1 publication Critical patent/WO2024028961A1/ja
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G09EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
    • G09CCIPHERING OR DECIPHERING APPARATUS FOR CRYPTOGRAPHIC OR OTHER PURPOSES INVOLVING THE NEED FOR SECRECY
    • G09C1/00Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords

Definitions

  • the present disclosure relates to a cryptographic system, method, and program.
  • Functional encryption is a technology that can decrypt only the function value related to the original data from the ciphertext. More specifically, when there is a ciphertext CT of data x and a secret key SK corresponding to a function f, when the ciphertext CT is decrypted with the secret key SK, only the function value f(x) is decrypted, and the original No other information regarding data x will be leaked.
  • a method is known that utilizes an efficient operation called pairing to construct a functional encryption in which the function f is a quadratic function and the ciphertext length is linear with respect to the data x (for example, Patent Document 1).
  • the present disclosure has been made in view of the above points, and aims to realize quadratic function cryptography that can encrypt data of arbitrary length and in which the ciphertext length is linear with respect to the length of the original data. With the goal.
  • a cryptographic system includes an encryption device that generates a ciphertext using quadratic function cryptography, and a decryption device that decrypts the ciphertext using the quadratic function cryptography.
  • an encryption unit configured to generate a ciphertext CT of the data ⁇ x i ⁇ i ⁇ S_c using H(i) as an encryption parameter;
  • the decryption device includes a ciphertext CT;
  • a secret key SK corresponding to the second attribute set S_k is input, and if S_k ⁇ S_c, a quadratic function value of the data ⁇ x i ⁇ i ⁇ S_c is generated as a decrypted value of the ciphertext CT. It has a decoding unit configured as follows.
  • FIG. 1 is a diagram illustrating an example of the overall configuration of a cryptographic system according to an embodiment.
  • FIG. 1 is a diagram illustrating an example of a functional configuration of a key generation device according to an embodiment.
  • 1 is a diagram illustrating an example of a functional configuration of an encryption device according to an embodiment.
  • 1 is a diagram illustrating an example of a functional configuration of a decoding device according to an embodiment.
  • FIG. 2 is a sequence diagram showing an example of the overall processing of the cryptographic system according to the present embodiment.
  • 1 is a diagram showing an example of a hardware configuration of a computer.
  • quadratic function encryption hereinafter referred to as "unlimited quadratic A cryptographic system 1 that implements various cryptographic processes using quadratic function cryptography will be described.
  • a hash function whose end domain is G2 a function-secure inner product function type encryption, and an unrestricted inner product function type encryption are used as constituent elements. All of these components are existing technologies.
  • the function-secure inner product functional encryption is composed of four algorithms (iSetup, iEnc, iKeyGen, and iDec).
  • the unrestricted inner product function encryption is composed of four algorithms (uSetup, uEnc, uKeyGen, uDec).
  • Reference 2 for example.
  • the unrestricted inner product function cryptography the so-called ct-dom type described in Reference 2 is used.
  • each algorithm needs to take group elements as input, but it is obvious that the above components can take group elements as input. .
  • the encryption algorithm of the unrestricted quadratic function cryptography proposed in this embodiment takes data as a vector, and each element of the vector is associated with an ID (attribute).
  • ID set be S c and the data vector can be expressed as ⁇ x i ⁇ i ⁇ S_c .
  • S_c represents "S c ".
  • the quadratic function corresponding to the secret key is expressed as a sequence of coefficients, and each coefficient also has information indicating which ID and which ID the coefficient corresponds to for the quadratic term. That is, it is assumed that the coefficient sequence is given in the form ⁇ c i, j ⁇ i, j ⁇ S_k for the ID set S k . However, "S_k” represents "S k ".
  • Decoding is possible only when S k ⁇ S c , in which case the value to be decoded is ⁇ i,j ⁇ S_k c i,j x i x j . However, it is assumed that the above x i and c i,j are all elements of Z p .
  • the unlimited quadratic function encryption proposed in this embodiment is composed of four algorithms (Setup, Enc, KeyGen, Dec).
  • the ID space may be any character string.
  • This algorithm is called a setup algorithm.
  • a ciphertext CT is calculated according to steps 1 to 7 below.
  • Step 2 Next, each ⁇ s i ⁇ i ⁇ S_c is randomly selected from Z p .
  • Step 3 the ciphertext of the function-secure inner product function type cipher is calculated by iCT i ⁇ iEnc(iMSK, (x i , s i )).
  • Step 5 the secret key of the functional secret inner product functional encryption is calculated by iSK i ⁇ iKeyGen (iMSK, (g 2 x_i , w i )). However, “x_i” represents “x i ".
  • Step 6 the ciphertext of the unrestricted inner product function type cipher is calculated by uCT ⁇ uEnc(uPK, ⁇ s i ⁇ i ⁇ S_c ).
  • w j is a value calculated using a hash function H, similar to the encryption algorithm.
  • Dec (CT, SK) This algorithm is called a decoding algorithm.
  • the decoding algorithm when S k ⁇ S c , the decoding result d is calculated as follows.
  • a security parameter 1 ⁇ is input to the setup algorithm Setup, but its description is omitted above.
  • Public parameters are also input to the encryption algorithm Enc, key generation algorithm KeyGen, and decryption algorithm Dec, but their description is omitted above.
  • FIG. 1 shows an example of the overall configuration of a cryptographic system 1 according to this embodiment.
  • the cryptographic system 1 according to this embodiment includes a key generation device 10, an encryption device 20, and a decryption device 30. These are communicably connected via a communication network 40 including, for example, the Internet.
  • the key generation device 10 is a variety of information processing devices (eg, a PC (personal computer), a general-purpose server, etc.) that executes the setup algorithm Setup and the key generation algorithm KeyGen.
  • a PC personal computer
  • a general-purpose server etc.
  • the encryption device 20 is a variety of information processing devices (for example, various devices such as a PC, a general-purpose server, an IoT (Internet of Things) device, etc.) that executes the encryption algorithm Enc.
  • various devices such as a PC, a general-purpose server, an IoT (Internet of Things) device, etc.
  • IoT Internet of Things
  • the decryption device 30 is a variety of information processing devices (for example, various devices such as a PC, a general-purpose server, an IoT device, etc.) that executes the decryption algorithm Dec.
  • the overall configuration of the cryptographic system 1 shown in FIG. 1 is an example, and is not limited to this.
  • one encryption device 20 and one decryption device 30 are illustrated, but a plurality of each of the encryption device 20 and the decryption device 30 may exist. .
  • FIG. 2 shows an example of the functional configuration of the key generation device 10 according to this embodiment.
  • the key generation device 10 includes a setup processing section 101, a key generation processing section 102, and a communication section 103. Each of these units is realized, for example, by one or more programs installed in the key generation device 10 causing a calculation device such as a CPU (Central Processing Unit) to execute the process.
  • the key generation device 10 includes a storage unit 104.
  • the storage unit 104 is realized by, for example, an auxiliary storage device such as an HDD (Hard Disk Drive), an SSD (Solid State Drive), or a flash memory.
  • the setup processing unit 101 executes the setup algorithm Setup and generates a public key PK and a master private key MSK.
  • the key generation processing unit 102 executes a key generation algorithm KeyGen to generate a secret key SK.
  • the communication unit 103 sends and receives various data to and from the encryption device 20 and the decryption device 30.
  • the storage unit 104 stores, for example, a public key PK and a master private key MSK.
  • FIG. 3 shows an example of the functional configuration of the encryption device 20 according to this embodiment.
  • the encryption device 20 according to this embodiment includes an encryption processing section 201 and a communication section 202. Each of these units is realized, for example, by one or more programs installed in the encryption device 20 causing an arithmetic device such as a CPU to execute the process.
  • the encryption device 20 according to this embodiment includes a storage unit 203.
  • the storage unit 203 is realized by, for example, an auxiliary storage device such as an HDD, SSD, or flash memory.
  • the encryption processing unit 201 executes the encryption algorithm Enc and generates a ciphertext CT.
  • the communication unit 202 sends and receives various data to and from the key generation device 10 and the decryption device 30.
  • the storage unit 203 stores, for example, a public key PK.
  • FIG. 4 shows an example of the functional configuration of the decoding device 30 according to this embodiment.
  • the decoding device 30 according to this embodiment includes a communication section 301 and a decoding processing section 302. Each of these units is realized, for example, by one or more programs installed in the decoding device 30 causing an arithmetic device such as a CPU to execute the process.
  • the decoding device 30 according to this embodiment includes a storage unit 303.
  • the storage unit 303 is realized by, for example, an auxiliary storage device such as an HDD, SSD, or flash memory.
  • the communication unit 301 sends and receives various data to and from the key generation device 10 and the encryption device 20.
  • the decoding processing unit 302 executes a decoding algorithm Dec to generate a decoded value d.
  • the storage unit 303 stores, for example, a secret key SK.
  • steps S101 to S104 are setup processing
  • steps S201 to S203 are private key generation processing
  • steps S301 to S302 are encryption and decryption processing.
  • the setup process only needs to be executed once, for example, when setting up the cryptographic system 1.
  • the secret key generation process is executed when the secret key SK is first generated or when the secret key SK is changed.
  • the encryption and decryption processing is executed when it becomes necessary to encrypt data and decrypt its function value.
  • the setup processing unit 101 of the key generation device 10 stores the public key PK and master private key MSK generated in step S101 above in the storage unit 104 (step S102).
  • the communication unit 103 of the key generation device 10 transmits the public key PK generated in step S101 above to the encryption device 20 (step S103).
  • the communication unit 202 of the encryption device 20 stores this public key PK in the storage unit 203 (step S104).
  • the key generation processing unit 102 of the key generation device 10 executes the key generation algorithm KeyGen (MSK, ⁇ c i, j ⁇ i, j ⁇ S_k ) and generates a coefficient sequence ⁇ c i, j ⁇ A secret key SK corresponding to i,j ⁇ S_k is generated (step S201).
  • the coefficient sequence ⁇ c i, j ⁇ i, j ⁇ S_k expressing the quadratic function may be given by the user of the key generation device 10, or may be given by the user of the encryption device 20. , a system administrator, etc.
  • the communication unit 103 of the key generation device 10 transmits the private key SK generated in step S202 above to the decryption device 30 (step S202). Note that at this time, the communication unit 103 transmits the secret key SK to the decryption device 30 via any secure communication path.
  • the communication unit 301 of the decryption device 30 stores this secret key SK in the storage unit 303 (step S203).
  • the private key generation process does not necessarily need to be executed before the encryption and decryption processes, and it is sufficient if it is executed at least before step S303, which will be described later.
  • the encryption processing unit 201 of the encryption device 20 executes the encryption algorithm Enc(PK, S c , ⁇ x i ⁇ i ⁇ S_c ) to generate a ciphertext CT (step S301).
  • the communication unit 202 of the encryption device 20 transmits the ciphertext CT generated in step S301 above to the decryption device 30 (step S302).
  • the decryption processing unit 302 of the decryption device 30 executes the decryption algorithm Dec(CT, SK) to generate a decrypted value d (step S303).
  • the key generation device 10, encryption device 20, and decryption device 30 included in the cryptographic system 1 are realized by, for example, the hardware configuration of the computer 500 shown in FIG.
  • the computer 500 shown in FIG. 6 includes an input device 501, a display device 502, an external I/F 503, a communication I/F 504, a RAM (Random Access Memory) 505, a ROM (Read Only Memory) 506, and an auxiliary memory. It has a device 507 and a processor 508. Each of these pieces of hardware is communicably connected via a bus 509.
  • the input device 501 is, for example, a keyboard, mouse, touch panel, physical button, or the like.
  • the display device 502 is, for example, a display, a display panel, or the like. Note that the computer 500 does not need to include at least one of the input device 501 and the display device 502, for example.
  • the external I/F 503 is an interface with an external device such as a recording medium 503a.
  • Examples of the recording medium 503a include a flexible disk, a CD (Compact Disc), a DVD (Digital Versatile Disk), an SD memory card (Secure Digital memory card), and a USB (Universal Serial Bus) memory card.
  • the communication I/F 504 is an interface for connecting the computer 500 to a communication network.
  • the RAM 505 is a volatile semiconductor memory (storage device) that temporarily holds programs and data.
  • the ROM 506 is a nonvolatile semiconductor memory (storage device) that can retain programs and data even when the power is turned off.
  • the auxiliary storage device 507 is, for example, a storage device such as an HDD, SSD, or flash memory.
  • the processor 508 is an arithmetic device such as a CPU.
  • the key generation device 10, the encryption device 20, and the decryption device 30 included in the cryptographic system 1 realize the various processes described above by having the hardware configuration of the computer 500 shown in FIG. 6, for example. be able to.
  • the hardware configuration shown in FIG. 6 is an example, and the hardware configuration of the computer 500 is not limited to this.
  • the computer 500 may include multiple auxiliary storage devices 507 and multiple processors 508, may not include some of the illustrated hardware, or may include various hardware other than the illustrated hardware. It may also have additional hardware.
  • the cryptographic system 1 can implement various processes (setup process, key generation process, encryption and decryption process) using unlimited quadratic function cryptography based on pairing.
  • the unrestricted quadratic function encryption configured in this embodiment uses a hash function instead of creating the parameters necessary for encryption in advance and making them public parameters in the system as in the conventional technology. Generate parameters required for encryption in an ad hoc manner. In other words, parameters necessary for encryption (encryption parameters) are generated at any time during encryption. This makes it possible to encrypt data of any size according to its length.
  • the cryptographic system 1 it is possible to encrypt data of any size, and the size of the ciphertext can be made linear with the size of the original data. Therefore, by applying the cryptographic system 1 according to the present embodiment to a system that encrypts data of various sizes, data can be encrypted very efficiently compared to the conventional technology. Become.
  • Reference 1 H. Lin. Indistinguishability obfuscation from SXDH on 5-linear maps and locality-5 PRGs.
  • Reference 2 J. Tomida and K. Takashima. Unbounded inner product functional encryption from bilinear maps.
  • T. Peyrin and S. Galbraith editors, ASIACRYPT 2018, Part II, volume 11273 of LNCS, pages 609-639. Springer, Heidelberg, Dec. 2018.
  • Cryptographic system 10 Key generation device 20 Encryption device 30 Decryption device 40 Communication network 101 Setup processing unit 102 Key generation processing unit 103 Communication unit 104 Storage unit 201 Encryption processing unit 202 Communication unit 203 Storage unit 301 Communication unit 302 Decryption processing unit 303 Storage unit 500 Computer 501 Input device 502 Display device 503 External I/F 503a Recording medium 504 Communication I/F 505 RAM 506 ROM 507 Auxiliary storage device 508 Processor 509 Bus

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Storage Device Security (AREA)
PCT/JP2022/029558 2022-08-01 2022-08-01 暗号システム、方法及びプログラム Ceased WO2024028961A1 (ja)

Priority Applications (2)

Application Number Priority Date Filing Date Title
JP2024538555A JP7786593B2 (ja) 2022-08-01 2022-08-01 暗号システム、方法及びプログラム
PCT/JP2022/029558 WO2024028961A1 (ja) 2022-08-01 2022-08-01 暗号システム、方法及びプログラム

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2022/029558 WO2024028961A1 (ja) 2022-08-01 2022-08-01 暗号システム、方法及びプログラム

Publications (1)

Publication Number Publication Date
WO2024028961A1 true WO2024028961A1 (ja) 2024-02-08

Family

ID=89848637

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2022/029558 Ceased WO2024028961A1 (ja) 2022-08-01 2022-08-01 暗号システム、方法及びプログラム

Country Status (2)

Country Link
JP (1) JP7786593B2 (https=)
WO (1) WO2024028961A1 (https=)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2019215391A (ja) * 2018-06-11 2019-12-19 三菱電機株式会社 復号装置、暗号化装置及び暗号システム
WO2022054130A1 (ja) * 2020-09-08 2022-03-17 日本電信電話株式会社 暗号システム、方法及びプログラム

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2019215391A (ja) * 2018-06-11 2019-12-19 三菱電機株式会社 復号装置、暗号化装置及び暗号システム
WO2022054130A1 (ja) * 2020-09-08 2022-03-17 日本電信電話株式会社 暗号システム、方法及びプログラム

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"Topics in cryptology - CT-RSA 2020 : the Cryptographers' Track at the RSA Conference 2020, San Francisco, CA, USA, February 24-28, 2020", vol. 8, 11 August 2021, SPRINGER, 201 Olin Library Cornell University Ithaca, NY 14853, article AGRAWAL SHWETA; GOYAL RISHAB; TOMIDA JUNICHI: "Multi-input Quadratic Functional Encryption from Pairings", pages: 208 - 238, XP047604895, DOI: 10.1007/978-3-030-84259-8_8 *

Also Published As

Publication number Publication date
JP7786593B2 (ja) 2025-12-16
JPWO2024028961A1 (https=) 2024-02-08

Similar Documents

Publication Publication Date Title
JP6964688B2 (ja) 暗号文に対する近似演算を行う装置及び方法
US11323255B2 (en) Methods and systems for encryption and homomorphic encryption systems using Geometric Algebra and Hensel codes
JP6273951B2 (ja) 暗号化装置、暗号化方法、情報処理装置および暗号化システム
JP6083234B2 (ja) 暗号処理装置
US10361841B2 (en) Proxy computing system, computing apparatus, capability providing apparatus, proxy computing method, capability providing method, program, and recording medium
JP6763378B2 (ja) 暗号情報作成装置、暗号情報作成方法、暗号情報作成プログラム、及び、照合システム
JP7087965B2 (ja) 暗号システム、暗号化装置、復号装置、暗号化方法、復号方法及びプログラム
CN102396012A (zh) 秘密分散系统、分散装置、分散管理装置、取得装置、其处理方法、秘密分散方法、程序以及记录介质
WO2014007296A1 (ja) 順序保存暗号化システム、暗号化装置、復号化装置、暗号化方法、復号化方法およびこれらのプログラム
JP6556955B2 (ja) 通信端末、サーバ装置、プログラム
JP7024666B2 (ja) Idベースハッシュ証明系構成装置、idベース暗号装置及びプログラム
JP5852518B2 (ja) 認証暗号化装置、認証復号装置、およびプログラム
JPWO2015008607A1 (ja) 復号装置、復号能力提供装置、それらの方法、およびプログラム
KR20230087983A (ko) Dghv 기반 완전 동형암호 시스템 및 이를 이용한 연산 방법
KR102945948B1 (ko) 비밀키 생성 장치 및 방법, 연산키 생성 장치 및 방법
JP7125857B2 (ja) 暗号化システム、暗号化装置、復号装置、暗号化方法、復号方法、及びプログラム
JP2026012260A (ja) 鍵生成装置、鍵生成方法及び鍵生成プログラム
WO2022006483A1 (en) Methods and systems for homomorphic data representation and concealment powered by clifford geometric algebra
JP7786593B2 (ja) 暗号システム、方法及びプログラム
KR20220079522A (ko) 기하 대수 및 헨젤 코드들을 이용한 암호화를 위한 방법들 및 시스템들과 동형 암호화 시스템들
JP6885325B2 (ja) 暗号化装置、復号装置、暗号化方法、復号方法、プログラム
JP7452676B2 (ja) 暗号システム、方法及びプログラム
CN118264388A (zh) 数据处理方法、非易失性存储介质及计算机程序产品
JP6890589B2 (ja) 計算デバイス及び方法
JP6949276B2 (ja) 再暗号化装置、再暗号化方法、再暗号化プログラム及び暗号システム

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22953950

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 2024538555

Country of ref document: JP

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 22953950

Country of ref document: EP

Kind code of ref document: A1