Patent Application
20240322997
The present disclosure relates to a registration request device, a search request device, a data management device, a searchable encryption system, a searchable encryption method, and a searchable encryption program.
Searchable encryption is a technology to search for encrypted data while the encrypted data remains encrypted. That is, searchable encryption is a technology to search for encrypted data without decrypting the encrypted data.
In recent years, searchable encryption is attracting attention as a security technology for protecting confidential information from eavesdropping by server administrators and eavesdropping by malicious software in cloud services. That is, searchable encryption is attracting attention as a security technology for managing data on the Internet.
As to operation of a searchable encryption scheme, a registrant encrypts data and then stores it on a server in a registration process. In a search process, a searcher encrypts a search keyword and transmits it to the server. Then, the server checks the search keyword against data that has been encrypted and stored without decrypting the encrypted search keyword and the data so as to determine whether the search keyword matches the data.
In a cryptographic technology, keys may be periodically updated and keys that have been used may be revoked in consideration of a risk of key leakage. Therefore, it is conceivable that keys are updated and revoked also in searchable encryption.
In searchable encryption, if a key is simply replaced with a new key, data encrypted with the old key cannot be retrieved using the new key. Therefore, the old key cannot be discarded and needs to be kept after all. In addition, search keywords need to be encrypted using all the keys that are kept. Alternatively, pieces of data encrypted with the old key need to be re-encrypted with the new key so that the new key can cover all of them.
Patent Literature 1 discloses a method for controlling searchable-encryption searches performed by each user by dividing a key to be used for searchable-encryption searches into several keys and distributing them.
Patent Literature 1: WO 2020/003821 A1
In Patent Literature 1, if one of the distributed keys is disabled for a specific searcher, the searcher cannot perform searchable-encryption searches even though the searcher has the key.
In Patent Literature 1, a searcher can perform searchable-encryption searches using a divided distributed key, but a registrant does not use a divided distributed key and encrypts and registers data using a key before being divided. Therefore, a problem is that searchable-encryption searches by the searcher can be controlled, but encryption and registration of data by the registrant cannot be controlled.
Patent Literature 1 also discloses a transformation method in which encrypted data generated with an old key is re-encrypted using a proxy re-encryption technology. The proxy re-encryption technology is a technology to re-encrypt encrypted data generated with an old key so as to obtain encrypted data generated with a new key without involving decryption. It is difficult to perform searchable-encryption searches for this encrypted data, and this encrypted data is generated using well-known cryptography in order to restore original data. That is, the above re-encryption process is the re-encryption process on this encrypted data that can be decrypted. Therefore, in Patent Literature 1, a problem is that encrypted data for which searchable-encryption searches are to be performed, that is, encrypted tags and encrypted indexes cannot be re-encrypted with a new key.
Furthermore, Patent Literature 1 discloses a specific method for generating encrypted data for which searchable-encryption searches are to be performed. However, this method always generates encrypted data with the same value for the same data. Therefore, in Patent Literature 1, a problem is that it is not possible to probabilistically generate encrypted data, which is important for cryptographic security, that is, it is not possible to generate encrypted data with always different values even for the same data.
The present disclosure is primarily aimed at controlling generation of encrypted data and registration of encrypted data, using divided keys, for encrypted data for which searchable-encryption searches can be performed.
A registration request device according to the present disclosure includes
The present disclosure provides effects such that generation of encrypted data and registration of encrypted data can be controlled, using divided keys, for encrypted data for which searchable-encryption searches can be performed.
The embodiments will be described hereinafter with reference to the drawings. In the drawings, the same elements or corresponding elements are denoted by the same reference sign. In the description of the embodiments, description will be suitably omitted or simplified for the same or corresponding portions. Arrows in the drawings mainly indicate flows of data or flows of processing.
A searchable encryption system 100 according to this embodiment will be described based on
The searchable encryption system 100 includes a master key generation device 200, a divided key generation device 300, a registration request device 400, a search request device 500, a data management device 600, a transformation key generation device 700, a key transformation device 800, and a re-encryption device 900.
The devices in the searchable encryption system 100 communicate with one another through a network 101.
generation device 200 according to this embodiment.
The master key generation device 200 is a computer that includes hardware such as a processor 201, a memory 202, an auxiliary storage device 203, and an input/output interface 204. These hardware components are connected with one another through signal lines.
The processor 201 is an IC that performs operational processing and controls other hardware components. For example, the processor 201 is a CPU, a DSP, or a GPU.
IC is an abbreviation for integrated circuit.
CPU is an abbreviation for central processing unit.
DSP is an abbreviation for digital signal processor.
GPU is an abbreviation for graphics processing unit.
The memory 202 is a volatile or non-volatile storage device. The memory 202 is also called a main storage device or a main memory. For example, the memory 202 is a RAM. Data stored in the memory 202 is saved in the auxiliary storage device 203 as necessary.
RAM is an abbreviation for random access memory. The auxiliary storage device 203 is a non-volatile storage device. For example, the auxiliary storage device 203 is a ROM, an HDD, or a flash memory. Data stored in the auxiliary storage device 203 is loaded into the memory 202 as necessary.
ROM is an abbreviation for read only memory.
HDD is an abbreviation for hard disk drive.
The input/output interface 204 is a port to which an input device and an output device are connected. For example, the input/output interface 204 is a USB terminal, the input device is a keyboard and a mouse, and the output device is a display. Input to and output from the master key generation device 200 are performed using the input/output interface 204.
USB is an abbreviation for Universal Serial Bus.
A communication device 205 is a receiver and a transmitter. For example, the communication device 205 is a communication chip or a NIC. Communication of the master key generation device 200 is performed using the communication device 205.
NIC is an abbreviation for network interface card.
The master key generation device 200 includes elements such as an acceptance unit 210, a generation unit 220, and an output unit 230. These elements are realized by software.
The auxiliary storage device 203 stores a master key generation program to cause a computer to function as the acceptance unit 210, the generation unit 220 (master key generation unit), and the output unit 230 (master key output unit). The master key generation program is loaded into the memory 202 and executed by the processor 201.
The auxiliary storage device 203 further stores an OS. At least part of the OS is loaded into the memory 202 and executed by the processor 201.
The processor 201 executes the master key generation program while executing the OS.
OS is an abbreviation for operating system.
Input data and output data of the master key generation program are stored in a storage unit 290.
The auxiliary storage device 203 functions as the storage unit 290. However, a storage device such as the memory 202, a register in the processor 201, and a cache memory in the processor 201 may function as the storage unit 290 in place of the auxiliary storage device 203 or together with the auxiliary storage device 203.
The master key generation device 200 may include a plurality of processors as an alternative to the processor 201. The plurality of processors share the functions of the processor 201.
The master key generation program can be recorded (stored) in a computer readable format in a non-volatile recording medium such as an optical disc or a flash memory.
The divided key generation device 300 is a computer that includes hardware such as a processor 301, a memory 302, an auxiliary storage device 303, an input/output interface 304, and a communication device 305. These hardware components are connected with one another through signal lines.
The processor 301 is an IC that performs operational processing and controls other hardware components. For example, the processor 301 is a CPU, a DSP, or a GPU.
The memory 302 is a volatile or non-volatile storage device. The memory 302 is also called a main storage device or a main memory. For example, the memory 302 is a RAM. Data stored in the memory 302 is saved in the auxiliary storage device 303 as necessary.
The auxiliary storage device 303 is a non-volatile storage device. For example, the auxiliary storage device 303 is a ROM, an HDD, or a flash memory. Data stored in the auxiliary storage device 303 is loaded into the memory 302 as necessary.
The input/output interface 304 is a port to which an input device and an output device are connected. For example, the input/output interface 304 is a USB terminal, the input device is a keyboard and a mouse, and the output device is a display. Input to and output from the divided key generation device 300 are performed using the input/output interface 304.
The communication device 305 is a receiver and a transmitter. For example, the communication device 305 is a communication chip or a NIC. Communication of the divided key generation device 300 is performed using the communication device 305.
The divided key generation device 300 includes elements such as an acceptance unit 310, a divided key generation unit 320, and an output unit 330. These elements are realized by software.
The auxiliary storage device 303 stores a divided key generation program to cause a computer to function as the acceptance unit 310, the divided key generation unit 320, and the output unit 330. The divided key generation program is loaded into the memory 302 and executed by the processor 301.
The auxiliary storage device 303 further stores an OS. At least part of the OS is loaded into the memory 302 and executed by the processor 301.
The processor 301 executes the divided key generation program while executing the OS.
Input data and output data of the divided key generation program are stored in a storage unit 390.
The auxiliary storage device 303 functions as the storage unit 390. However, a storage device such as the memory 302, a register in the processor 301, and a cache memory in the processor 301 may function as the storage unit 390 in place of the auxiliary storage device 303 or together with the auxiliary storage device 303.
The divided key generation device 300 may include a plurality of processors as an alternative to the processor 301. The plurality of processors share the functions of the processor 301.
The divided key generation program can be recorded (stored) in a computer readable format in a non-volatile recording medium such as an optical disc or a flash memory.
The registration request device 400 is a computer that includes hardware such as a processor 401, a memory 402, an auxiliary storage device 403, an input/output interface 404, and a communication device 405. These hardware components are connected with one another through signal lines.
The processor 401 is an IC that performs operational processing and controls other hardware components. For example, the processor 401 is a CPU, a DSP, or a GPU.
The memory 402 is a volatile or non-volatile storage device. The memory 402 is also called a main storage device or a main memory. For example, the memory 402 is a RAM. Data stored in the memory 402 is saved in the auxiliary storage device 403 as necessary.
The auxiliary storage device 403 is a non-volatile storage device. For example, the auxiliary storage device 403 is a ROM, an HDD, or a flash memory. Data stored in the auxiliary storage device 403 is loaded into the memory 402 as necessary.
The input/output interface 404 is a port to which an input device and an output device are connected. For example, the input/output interface 404 is a USB terminal, the input device is a keyboard and a mouse, and the output device is a display. Input to and output from the registration request device 400 are performed using the input/output interface 404.
The communication device 405 is a receiver and a transmitter. For example, the communication device 405 is a communication chip or a NIC. Communication of the registration request device 400 is performed using the communication device 405.
The registration request device 400 includes elements such as an acceptance unit 410, a generation unit 420, and a request unit 430. These elements are realized by software.
The generation unit 420 includes elements such as a keyword generation unit 421, a random number generation unit 422, and an encrypted tag generation unit 423.
The auxiliary storage device 403 stores a registration request program to cause a computer to function as the acceptance unit 410, the generation unit 420, and the request unit 430. The registration request program is loaded into the memory 402 and executed by the processor 401.
The auxiliary storage device 403 further stores an OS. At least part of the OS is loaded into the memory 402 and executed by the processor 401.
The processor 401 executes the registration request program while executing the OS.
Input data and output data of the registration request program are stored in a storage unit 490.
The auxiliary storage device 403 functions as the storage unit 490. However, a storage device such as the memory 402, a register in the processor 401, and a cache memory in the processor 401 may function as the storage unit 490 in place of the auxiliary storage device 403 or together with the auxiliary storage device 403.
The registration request device 400 may include a plurality of processors as an alternative to the processor 401. The plurality of processors share the functions of the processor 401.
The registration request program can be recorded (stored) in a computer readable format in a non-volatile recording medium such as an optical disc or a flash memory.
The search request device 500 is a computer that includes hardware such as a processor 501, a memory 502, an auxiliary storage device 503, an input/output interface 504, and a communication device 505. These hardware components are connected with one another through signal lines.
The processor 501 is an IC that performs operational processing and controls other hardware components. For example, the processor 501 is a CPU, a DSP, or a GPU.
The memory 502 is a volatile or non-volatile storage device. The memory 502 is also called a main storage device or a main memory. For example, the memory 502 is a RAM. Data stored in the memory 502 is saved in the auxiliary storage device 503 as necessary.
The auxiliary storage device 503 is a non-volatile storage device. For example, the auxiliary storage device 503 is a ROM, an HDD, or a flash memory. Data stored in the auxiliary storage device 503 is loaded into the memory 502 as necessary.
The input/output interface 504 is a port to which an input device and an output device are connected. For example, the input/output interface 504 is a USB terminal, the input device is a keyboard and a mouse, and the output device is a display. Input to and output from the search request device 500 are performed using the input/output interface 504.
The communication device 505 is a receiver and a transmitter. For example, the communication device 505 is a communication chip or a NIC. Communication of the search request device 500 is performed using the communication device 505.
The search request device 500 includes elements such as an acceptance unit 510, a generation unit 520, a request unit 530, and an output unit 540. These elements are realized by software.
The auxiliary storage device 503 stores a search request program to cause a computer to function as the acceptance unit 510, the generation unit 520, the request unit 530, and the output unit 540. The search request program is loaded into the memory 502 and executed by the processor 501.
The auxiliary storage device 503 further stores an OS. At least part of the OS is loaded into the memory 502 and executed by the processor 501.
The processor 501 executes the search request program while executing the OS.
Input data and output data of the search request program are stored in a storage unit 590.
The auxiliary storage device 503 functions as the storage unit 590. However, a storage device such as the memory 502, a register in the processor 501, and a cache memory in the processor 501 may function as the storage unit 590 in place of the auxiliary storage device 503 or together with the auxiliary storage device 503.
The search request device 500 may include a plurality of processors as an alternative to the processor 501. The plurality of processors share the functions of the processor 501.
The search request program can be recorded (stored) in a computer readable format in a non-volatile recording medium such as an optical disc or a flash memory.
The data management device 600 is a computer that includes hardware such as a processor 601, a memory 602, an auxiliary storage device 603, an input/output interface 604, and a communication device 605. These hardware components are connected with one another through signal lines.
The processor 601 is an IC that performs operational processing and controls other hardware components. For example, the processor 601 is a CPU, a DSP, or a GPU.
The memory 602 is a volatile or non-volatile storage device. The memory 602 is also called a main storage device or a main memory. For example, the memory 602 is a RAM. Data stored in the memory 602 is saved in the auxiliary storage device 603 as necessary.
The auxiliary storage device 603 is a non-volatile storage device. For example, the auxiliary storage device 603 is a ROM, an HDD, or a flash memory. Data stored in the auxiliary storage device 603 is loaded into the memory 602 as necessary.
The input/output interface 604 is a port to which an input device and an output device are connected. For example, the input/output interface 604 is a USB terminal, the input device is a keyboard and a mouse, and the output device is a display. Input to and output from the data management device 600 are performed using the input/output interface 604.
The communication device 605 is a receiver and a transmitter. For example, the communication device 605 is a communication chip or a NIC. Communication of the data management device 600 is performed using the communication device 605.
The data management device 600 includes elements such as an acceptance unit 610, a key management unit 620, a registration unit 630, a search unit 640, and an output unit 650. These elements are realized by software.
The registration unit 630 includes elements such as a transformation unit 631 and a storing unit 632.
The search unit 640 includes elements such as a transformation unit 641, a checking unit 642, and an extraction unit 643.
The auxiliary storage device 603 stores a data management program to cause a computer to function as the acceptance unit 610, the key management unit 620, the registration unit 630, the search unit 640, and the output unit 650. The data management program is loaded into the memory 602 and executed by the processor 601.
The auxiliary storage device 603 further stores an OS. At least part of the OS is loaded into the memory 602 and executed by the processor 601.
The processor 601 executes the data management program while executing the OS.
Input data and output data of the data management program are stored in a storage unit 690.
The auxiliary storage device 603 functions as the storage unit 690. However, a storage device such as the memory 602, a register in the processor 601, and a cache memory in the processor 601 may function as the storage unit 690 in place of the auxiliary storage device 603 or together with the auxiliary storage device 603.
The storage unit 690 stores a registration database 691.
The data management device 600 may include a plurality of processors as an alternative to the processor 601. The plurality of processors share the functions of the processor 601.
The data management program can be recorded (stored) in a computer readable format in a non-volatile recording medium such as an optical disc or a flash memory.
The transformation key generation device 700 is a computer that includes hardware such as a processor 701, a memory 702, an auxiliary storage device 703, an input/output interface 704, and a communication device 705. These hardware components are connected with one another through signal lines.
The processor 701 is an IC that performs operational processing and controls other hardware components. For example, the processor 701 is a CPU, a DSP, or a GPU.
The memory 702 is a volatile or non-volatile storage device. The memory 702 is also called a main storage device or a main memory. For example, the memory 702 is a RAM. Data stored in the memory 702 is saved in the auxiliary storage device 703 as necessary.
The auxiliary storage device 703 is a non-volatile storage device. For example, the auxiliary storage device 703 is a ROM, an HDD, or a flash memory. Data stored in the auxiliary storage device 703 is loaded into the memory 702 as necessary.
The input/output interface 704 is a port to which an input device and an output device are connected. For example, the input/output interface 704 is a USB terminal, the input device is a keyboard and a mouse, and the output device is a display. Input to and output from the transformation key generation device 700 are performed using the input/output interface 704.
The communication device 705 is a receiver and a transmitter. For example, the communication device 705 is a communication chip or a NIC. Communication of the transformation key generation device 700 is performed using the communication device 705.
The transformation key generation device 700 includes elements such as an acceptance unit 710, a generation unit 720, and an output unit 730. These elements are realized by software.
The auxiliary storage device 703 stores a transformation key generation program to cause a computer to function as the acceptance unit 710, the generation unit 720, and the output unit 730. The transformation key generation program is loaded into the memory 702 and executed by the processor 701.
The auxiliary storage device 703 further stores an OS. At least part of the OS is loaded into the memory 702 and executed by the processor 701.
The processor 701 executes the transformation key generation program while executing the OS.
Input data and output data of the transformation key generation program are stored in a storage unit 790.
The auxiliary storage device 703 functions as the storage unit 790. However, a storage device such as the memory 702, a register in the processor 701, and a cache memory in the processor 701 may function as the storage unit 790 in place of the auxiliary storage device 703 or together with the auxiliary storage device 703.
The transformation key generation device 700 may include a plurality of processors as an alternative to the processor 701. The plurality of processors share the functions of the processor 701.
The transformation key generation program can be recorded (stored) in a computer readable format in a non-volatile recording medium such as an optical disc or a flash memory.
The key transformation device 800 is a computer that includes hardware such as a processor 801, a memory 802, an auxiliary storage device 803, an input/output interface 804, and a communication device 805. These hardware components are connected with one another through signal lines.
The processor 801 is an IC that performs operational processing and controls other hardware components. For example, the processor 801 is a CPU, a DSP, or a GPU.
The memory 802 is a volatile or non-volatile storage device. The memory 802 is also called a main storage device or a main memory. For example, the memory 802 is a RAM. Data stored in the memory 802 is saved in the auxiliary storage device 803 as necessary.
The auxiliary storage device 803 is a non-volatile storage device. For example, the auxiliary storage device 803 is a ROM, an HDD, or a flash memory. Data stored in the auxiliary storage device 803 is loaded into the memory 802 as necessary.
The input/output interface 804 is a port to which an input device and an output device are connected. For example, the input/output interface 804 is a USB terminal, the input device is a keyboard and a mouse, and the output device is a display. Input to and output from the key transformation device 800 are performed using the input/output interface 804.
The communication device 805 is a receiver and a transmitter. For example, the communication device 805 is a communication chip or a NIC. Communication of the key transformation device 800 is performed using the communication device 805.
The key transformation device 800 includes elements such as an acceptance unit 810, a transformation unit 820, and an output unit 830. These elements are realized by software.
The auxiliary storage device 803 stores a key transformation program to cause a computer to function as the acceptance unit 810, the transformation unit 820, and the output unit 830. The key transformation program is loaded into the memory 802 and executed by the processor 801.
The auxiliary storage device 803 further stores an OS. At least part of the OS is loaded into the memory 802 and executed by the processor 801.
The processor 801 executes the key transformation program while executing the OS.
Input data and output data of the key transformation program are stored in a storage unit 890.
The auxiliary storage device 803 functions as the storage unit 890. However, a storage device such as the memory 802, a register in the processor 801, and a cache memory in the processor 801 may function as the storage unit 890 in place of the auxiliary storage device 803 or together with the auxiliary storage device 803.
The key transformation device 800 may include a plurality of processors as an alternative to the processor 801. The plurality of processors share the functions of the processor 801.
The key transformation program can be recorded (stored) in a computer readable format in a non-volatile recording medium such as an optical disc or a flash memory.
The re-encryption device 900 is a computer that includes hardware such as a processor 901, a memory 902, an auxiliary storage device 903, an input/output interface 904, and a communication device 905. These hardware components are connected with one another through signal lines. The processor 901 is an IC that performs operational processing and controls
other hardware components. For example, the processor 901 is a CPU, a DSP, or a GPU.
The memory 902 is a volatile or non-volatile storage device. The memory 902 is also called a main storage device or a main memory. For example, the memory 902 is a RAM. Data stored in the memory 902 is saved in the auxiliary storage device 903 as necessary.
The auxiliary storage device 903 is a non-volatile storage device. For example, the auxiliary storage device 903 is a ROM, an HDD, or a flash memory. Data stored in the auxiliary storage device 903 is loaded into the memory 902 as necessary.
The input/output interface 904 is a port to which an input device and an output device are connected. For example, the input/output interface 904 is a USB terminal, the input device is a keyboard and a mouse, and the output device is a display. Input to and output from the re-encryption device 900 are performed using the input/output interface 904.
The communication device 905 is a receiver and a transmitter. For example, the communication device 905 is a communication chip or a NIC. Communication of the re-encryption device 900 is performed using the communication device 905.
The re-encryption device 900 includes elements such as an acceptance unit 910, a re-encryption unit 920, and an output unit 930. These elements are realized by software.
The auxiliary storage device 903 stores a re-encryption program to cause a computer to function as the acceptance unit 910, the re-encryption unit 920, and the output unit 930. The re-encryption program is loaded into the memory 902 and executed by the processor 901.
The auxiliary storage device 903 further stores an OS. At least part of the OS is loaded into the memory 902 and executed by the processor 901.
The processor 901 executes the re-encryption program while executing the OS.
Input data and output data of the re-encryption program are stored in a storage unit 990.
The auxiliary storage device 903 functions as the storage unit 990. However, a storage device such as the memory 902, a register in the processor 901, and a cache memory in the processor 901 may function as the storage unit 990 in place of the auxiliary storage device 903 or together with the auxiliary storage device 903. The re-encryption device 900 may include a plurality of processors as an
alternative to the processor 901. The plurality of processors share the functions of the processor 901.
The re-encryption program can be recorded (stored) in a computer readable format in a non-volatile recording medium such as an optical disc or a flash memory.
The operation of the searchable encryption system 100 according to this embodiment will now be described. A procedure for the operation of the searchable encryption system 100 is equivalent to a searchable encryption method. A program that realizes the operation of the searchable encryption system 100 is equivalent to a searchable encryption program.
<Master Key Generation: S110>In step S110, the master key generation device 200 generates a master key MK and a public parameter PP.
The master key generation (S110) is a process executed by the master key generation device 200.
In step S111, the acceptance unit 210 accepts a key length BIT.
The key length BIT is the length of the master key MK and is represented by a positive integer (natural number).
In step S112, the generation unit 220 generates the master key MK and the public parameter PP based on the key length BIT.
Specifically, this is as described below.
First, the generation unit 220 randomly selects two prime numbers (P, Q) with the same bit length as BIT/2.
Next, the generation unit 220 calculates a product N (=P*Q) of the prime number P and the prime number Q.
Next, the generation unit 220 randomly selects an integer g from a set of integers of 1 to (N−1) {1, 2, . . . , N−1}.
Next, the generation unit 220 divides the square of the integer g by the product N to calculate a remainder G (=g*g mod N). “x mod y” denotes a remainder when an integer x is divided by an integer y.
A product obtained by calculating (P−1)*(Q−1) will be denoted as “Z”.
Next, the generation unit 220 randomly selects an integer X from a set of integers of 1 to (Z−1) {1, 2, . . . , Z−1}.
The generation unit 220 also selects a cryptographic function F. The cryptographic function F is a cryptographic hash function. Specific examples of the cryptographic function F are SHA-256 and SHA-512.
Then, the generation unit 220 generates the master key MK and the public parameter PP.
The master key MK includes the prime number P, the prime number Q, the remainder G, the integer Z, and the integer X.
The public parameter PP includes the product N and an identifier of the cryptographic function F.
The master key MK is expressed as indicated below.
The public parameter PP is expressed as indicated below.
In step S113, the generation unit 220 saves and stores the master key MK and the public parameter PP in the storage unit 290.
In step S114, the output unit 230 outputs the master key MK and the public parameter PP.
For example, the output unit 230 uses the communication device 205 to transmit the master key MK to the divided key generation device 300 and the key transformation device 800.
The master key MK is used for generating a registration secret key EK or a search secret key SK. Alternatively, the master key MK is used when the master key MK is transformed.
Furthermore, the output unit 230 outputs the public parameter PP.
For example, the output unit 230 uses the communication device 205 to transmit the public parameter PP to each of the divided key generation device 300, the registration request device 400, the search request device 500, the data management device 600, the transformation key generation device 700, the key transformation device 800, and the re-encryption device 900.
The public parameter PP is used for generating the registration secret key EK, generating the search secret key SK, registering encrypted data C, searching for the encrypted data C, generating a search query SQ, re-generating the registration secret key EK, re-generating the search secret key SK, generating a transformation key TK, performing key transformation of the master key MK, performing key transformation of the registration secret key EK, performing key transformation of the search secret key SK, and re-encrypting the encrypted data C.
Referring back to
In step S120, the divided key generation device 300 generates the registration secret key EK and the search secret key SK using the master key MK and the public parameter PP.
The registration secret key EK is used for encrypting data and transforming encrypted data when it is registered.
The registration secret key EK is composed of a registration key EK1 and a registration auxiliary key EK2.
The registration key EK1 is used for encrypting data.
The registration auxiliary key EK2 is used for transforming encrypted data.
The search secret key SK is used for generating a query to be used for a search based on a keyword to be used for the search and transforming the generated query. The search secret key SK is composed of a search key SK1 and a search auxiliary key SK2.
The search key SK1 is used for generating a query to be used for a search based on a keyword to be used for the search.
The search auxiliary key SK2 is used for transforming the generated query.
The divided key generation (S120) is a process executed by the divided key generation device 300.
In step S121, the acceptance unit 310 accepts the master key MK and the public parameter PP, and saves and stores the master key MK and the public parameter PP in the storage unit 390.
However, if the master key MK and the public parameter PP have already been stored, step S121 is not necessary.
In step S122, the divided key generation unit 320 generates the registration secret key EK=(EK1, EK2) using the master key MK and the public parameter PP. First, the divided key generation unit 320 randomly selects an integer ek1 from a set of integers of 1 to (Z−1) {1, 2, . . . , Z−1}.
Next, the divided key generation unit 320 calculates EK1=G^ek1 mod N. Next, the divided key generation unit 320 finds an integer EK2 from 1 to (Z−1) such that “X=ek1*EK2 mod Z”. This can be calculated efficiently using the extended Euclidean algorithm.
In step S123, the divided key generation unit 320 generates the search secret key SK=(SK1, SK2) using the master key MK and the public parameter PP.
First, the divided key generation unit 320 randomly selects an integer sk1 from a set of integers of 1 to (Z−1) { 1, 2, . . . , Z−1}.
Next, the divided key generation unit 320 calculates SK1=G^sk1 mod N. Next, the divided key generation unit 320 finds an integer SK2 from 1 to (Z−1) such that “X=sk1*SK2 mod Z”. This can be calculated efficiently using the extended Euclidean algorithm.
In step S124, the divided key generation unit 320 saves and stores the registration secret key EK and the search secret key SK in the storage unit 390.
In step S125, the output unit 330 outputs the registration secret key EK and the search secret key SK.
For example, the output unit 330 uses the communication device 305 to transmit the registration key EK1 to the registration request device 400.
For example, the output unit 330 uses the communication device 305 to transmit the search key SK1 to the search request device 500.
For example, the output unit 330 uses the communication device 305 to transmit the registration auxiliary key EK2 and the search auxiliary key SK2 to the data management device 600.
For example, the output unit 330 uses the communication device 305 to transmit the registration secret key EK and the search secret key SK to the key transformation device 800.
The registration key EK1 is used for generating the encrypted data C. The registration auxiliary key EK2 is used for transforming the encrypted data C.
The search key SK1 is used for generating the search query SQ. The search auxiliary key SK2 is used for transforming the search query SQ.
Referring back to
If the encrypted data C is to be registered, the process proceeds to step S130. For example, if a user inputs a registration command for the encrypted data C into the registration request device 400, the process proceeds to step S130.
If the encrypted data C is to be searched for, the process proceeds to step S150.
For example, if the user inputs a search command for the encrypted data C into the search request device 500, the process proceeds to step S150.
If the encrypted data C is to be deleted based on a data name, the process proceeds to step S170.
For example, if the user inputs a deletion command for the encrypted data C into the registration request device 400, the process proceeds to step S170.
If the registration secret key EK and the search secret key SK are to be re-generated, the process proceeds to step S180.
For example, the divided key generation device 300 periodically compares a usage period of each of the registration secret key EK and the search secret key SK with a reference period. Then, if the usage period of the registration secret key EK or the search secret key SK has exceeded the reference period, the process proceeds to step S180.
For example, an administrator determines that one of the registration key EK1 and the registration auxiliary key EK2 or one of the search key SK1 and the search auxiliary key SK2 has leaked. Then, if the administrator inputs an update command for these secret keys into the divided key generation device 300, the process proceeds to step S180.
If the registration secret key EK and the search secret key SK are to be transformed and the encrypted data C is to be re-encrypted, the process proceeds to step S190.
For example, the administrator determines that the registration key EK1 and the registration auxiliary key EK2 have leaked, or the search key SK1 and the search auxiliary key SK2 have leaked. Then, if the administrator inputs commands for updating these secret keys and re-encrypting the encrypted data C into the transformation key generation device 700, the key transformation device 800, and the re-encryption device 900, the process proceeds to step S190.
In step S130, the registration request device 400 generates the encrypted data C, and transmits the encrypted data C to the data management device 600.
The generation unit 420 of the registration request device 400 acquires the registration key EK1, plaintext data D, and the public parameter PP. Then, the generation unit 420 generates the encrypted data C by encrypting the plaintext data D using the registration key EK1 and the public parameter PP. At this time, the generation unit 420 generates a random number used in generating the encrypted data C, using the public parameter PP. Then, the generation unit 420 generates the encrypted data using the registration key EK1, the public parameter PP, and the random number. The encrypted data can be randomized by this random number.
In this embodiment, the generation unit 420 encrypts a registration keyword contained in the plaintext data D using the registration key EK1, the public parameter PP, and the random number, and generates an encrypted tag ET obtained by encryption as the encrypted data C.
Specifically, this is as described below.
The registration request (S130) is a process executed by the registration request device 400.
In step S131, the acceptance unit 410 accepts the registration key EK1, the public parameter PP, and the plaintext data D, and saves and stores the registration key EK1 and the public parameter PP in the storage unit 490.
If the registration key EK1 and the public parameter PP have already been stored, only the registration key EK1 is replaced and stored.
The plaintext data D is data that has not been encrypted.
The plaintext data D includes a data name ID(D) as meta data. An identifier is unique data.
More than one piece of the plaintext data D may be accepted. In that case, step S132 to step S135 are executed for each piece of the plaintext data D.
In step S132, the keyword generation unit 421 generates a registration keyword set W.
The registration keyword set W is a set of keywords related to the plaintext data D.
Specifically, the keyword generation unit 421 extracts one or more keywords from the plaintext data D by performing processing such as morphological analysis or natural language processing on the plaintext data D. The extracted keywords constitute the registration keyword set W.
For example, it is assumed that the registration keyword set W is composed of n keywords. That is, it is assumed that the registration keyword set W is {w1, . . . , wn}. Note that n is an integer of 1 or greater.
Instead of arranging that the keyword generation unit 421 generates the registration keyword set W, the acceptance unit 410 may accept, via the input/output interface 404, the registration keyword set W to be input into the registration request device 400.
In step S133, the random number generation unit 422 generates an encrypted-tag random number KR using the public parameter PP.
The encrypted-tag random number KR is a random number for encrypting the registration keyword set W to be described later.
Specifically, the random number generation unit 422 randomly selects integers from a set of integers of 1 to (N−1) {1, 2, . . . , N−1}. The number of random integers selected here is the same number as the number of elements in the registration keyword set W. This set of random integers is the encrypted-tag random number KR. For example, when the registration keyword set W is {w1, . . . , wn}, the encrypted-tag random number KR is {kr1, . . . , krn}.
If randomization is not required in consideration of high-speed searchable encryption processing, the values of kr1 to krn may be set as kr1=. . . =krn=1.
In step S134, the encrypted tag generation unit 423 encrypts the registration keyword set W using the registration key EK1, the public parameter PP, and the encrypted-tag random number KR so as to generate the encrypted tag ET.
Specifically, for the registration keyword set W={w1, . . . , wn} and the encrypted-tag random number KR={kr1, . . . , krn}, the encrypted tag generation unit 423 calculates an encrypted tag element ETi for every i. Note that i is an integer from 1 to n.
Next, the encrypted tag generation unit 423 generates the encrypted tag ET, as indicated below.
This encrypted tag ET is the encrypted data C in this embodiment.
In step S135, the request unit 430 transmits the encrypted tag ET to the data management device 600.
Referring back to
In step S140, the data management device 600 receives the encrypted data C, and transforms the encrypted data C and registers it in the storage unit 690. In this embodiment, the encrypted data C is the encrypted tag ET.
The registration unit 630 of the data management device 600 transforms the encrypted data C using the registration auxiliary key EK2 and the public parameter PP. The registration unit 630 registers transformed encrypted data obtained by transformation in the registration database 691 in association with an identifier ID(D) that identifies the plaintext data D.
Specifically, this is as described below.
The registration operation (S140) is a process executed by the data management device 600.
In step S141, the acceptance unit 610 accepts the registration auxiliary key EK2, the public parameter PP, and the encrypted tag ET. Then, the key management unit 620 saves and stores the registration auxiliary key EK2 and the public parameter PP in the storage unit 690.
If the registration auxiliary key EK2 and the public parameter PP have already been stored, only the registration auxiliary key EK2 is replaced and stored.
More than one encrypted tag ET may be accepted. In that case, step S142 and step S143 are executed for each encrypted tag ET.
In step S142, the transformation unit 631 transforms the encrypted tag ET using the registration auxiliary key EK2 and the public parameter PP so as to generate a transformed encrypted tag TET.
Specifically, for the encrypted tag ET={ID(D), ET1, . . . , ETn}, the transformation unit 631 calculates a transformed encrypted tag element TETi for every i. Note that i is an integer from 1 to n and ETi=(ETi1, ETi2).
Next, the transformation unit 631 generates the transformed encrypted tag TET, as indicated below.
In step S143, the storing unit 632 registers the transformed encrypted tag TET in the registration database 691.
The registration database 691 is saved and stored in the storage unit 690 of the data management device 600.
In
In data of one row, a data name ID(D) and a transformed encrypted tag TET are associated with each other.
Referring back to
In step S150, the search request device 500 generates the search query SQ, and transmits the search query SQ to the data management device 600.
The generation unit 520 of the search request device 500 acquires the search key SK1, a search keyword sw, and the public parameter PP, and generates the search query SQ based on the search keyword sw, using the search key SK1 and the public parameter PP. The generation unit 520 generates a random number to be used in generating the search query SQ, using the public parameter PP, and generates the search query SQ using the search key SK1, the public parameter PP, and the random number. The request unit 530 of the search request device 500 transmits the search query SQ to the data management device. Then, the request unit 530 acquires, as search result DATA, the identifier ID(D) corresponding to the encrypted data C that matches the search query SQ from the data management device 600.
Specifically, this is as described below.
The search request (S150) is a process executed by the search request device 500.
In step S151, the acceptance unit 510 accepts the search key SK1, the public parameter PP, and the search keyword sw. Then, the acceptance unit 510 saves and stores the search key SK1 and the public parameter PP in the storage unit 590. If the search key SK1 and the public parameter PP have already been stored, only the search key SK1 is replaced and stored.
The search keyword sw is keyword data that has not been encrypted.
More than one search keyword sw may be accepted. In that case, step S152 and step S153 are executed for each search keyword sw.
In step S152, a random number generation unit 521 generates a search-query random number QR using the public parameter PP.
The search-query random number QR is a random number for encrypting the search query SQ.
Specifically, the random number generation unit 521 randomly selects an integer QR from a set of integers of 1 to (N−1) {1, 2, . . . , N-1}.
If randomization is not required in consideration of high-speed searchable encryption processing, the value of QR may be set as QR=1.
In step S153, a search query generation unit 522 encrypts the search keyword sw using the search key SK1, the public parameter PP, and the search-query random number QR so as to generate the search query SQ.
Specifically, the search query generation unit 522 calculates the following search query SQ for the search keyword sw and the search-query random number QR.
In step S154, the request unit 530 transmits the search query SQ to the data management device 600.
In step S155, the request unit 530 uses the communication device 505 to receive the search result DATA from the data management device 600.
The search result DATA is a set of data names ID(D) of encrypted tags that match the search query SQ. That is, it is a set of data names of data that match the search query SQ.
In step S156, the output unit 540 outputs the search result DATA. For example, the output unit 540 displays the search result DATA on the display via the input/output interface 504.
If the search result DATA is an empty set, the output unit 540 outputs a search error message.
The search error message indicates that there is no plaintext data D found as a match in a searchable-encryption search.
Referring back to
In step S160, the data management device 600 searches for transformed encrypted data that matches the search query SQ. In this embodiment, transformed encrypted data, which is the encrypted data C that has been transformed, is the transformed encrypted tag TET.
The search unit 640 of the data management device 600 acquires the search auxiliary key SK2 and the public parameter PP, and transforms the search query SQ using the search auxiliary key SK2 and the public parameter PP. The search unit 640 checks a transformed search query TSQ obtained by transformation against transformed encrypted data, and extracts the identifier ID(D) of transformed encrypted data that matches the transformed search query TSQ.
Specifically, this is as described below.
The search operation (S160) is a process executed by the data management device 600.
In step S161, the acceptance unit 610 accepts the search auxiliary key SK2, the public parameter PP, and the search query SQ. Then, the key management unit 620 saves and stores the search auxiliary key SK2 and the public parameter PP in the storage unit 690.
If the search auxiliary key SK2 and the public parameter PP have already been stored, only the search auxiliary key SK2 is replaced and stored.
More than one search query SQ may be accepted. In that case, step S162 to step S164 are executed for each search query SQ.
In step S162, the transformation unit 641 transforms the search query SQ using the search auxiliary key SK2 and the public parameter PP so as to generate the transformed search query TSQ.
Specifically, the transformation unit 641 calculates the transformed search query TSQ for the search query SQ={SQ1, SQ2}, as indicated below.
In step S163, the checking unit 642 checks the transformed search query TSQ against each transformed encrypted tag TET in the registration database 691 so as to find a transformed encrypted tag TET that matches the transformed search query TSQ. Specifically, the checking unit 642 checks the transformed search query against each transformed encrypted tag TET, as indicated below. Note that i is an integer from 1 to m, and k is an integer of 1 or greater.
That is, whether M1 and M2 are equal is calculated for each transformed encrypted tag TET. If they are equal, a match is determined.
For example, when i=k=1, the transformed encrypted tag TET=(ID(D), TET1) can be expressed as indicated below.
The transformed search query TSQ=(TSQ1, TSQ2) can be expressed as indicated below.
In this case, M1 and M2 can be expressed as indicated below.
Therefore, if w is equal to sw, M1 is equal to M2. If w is not equal to sw, M1
is not equal to M2.
In step S164, the extraction unit 643 extracts the ID(D) of every transformed encrypted tag TET that has matched the transformed search query TSQ in step S163 so as to generate the search result DATA.
Specifically, the extraction unit 643 extracts the ID(D) of every transformed encrypted tag TET=(ID(D), TET1, . . . , TETk) found as a match and includes it in the search result DATA. Note that k is an integer of 1 or greater.
In step S165, the output unit 650 uses the communication device 605 to transmit the search result DATA to the search request device 500.
Referring back to
In step S170, the data management device 600 deletes the encrypted data C corresponding to a deletion file name. In this embodiment, transformed encrypted data, which is the encrypted data C that has been transformed, is the transformed encrypted tag TET.
The registration unit 630 of the data management device 600 acquires the identifier ID(D) of the plaintext data D to be deleted from the registration database 691, and deletes the transformed encrypted data corresponding to the identifier ID(D) from the registration database 691.
Specifically, this is as described below.
The data deletion (S170) is a process executed by the registration request device 400 and the data management device 600. However, in place of the registration request device 400, the search request device 500 or another device may be used.
In step S171, the acceptance unit 410 of the registration request device 400 accepts the deletion file name.
For example, the acceptance unit 410 accepts, via the input/output interface 404, the deletion file name that is input into the registration request device 400. Alternatively, the acceptance unit 410 may accept the deletion file name from an application program executed in the registration request device 400.
In step S172, the request unit 430 of the registration request device 400 uses the communication device 405 to transmit the deletion file name to the data management device 600.
In step S173, the acceptance unit 610 of the data management device 600 uses the communication device 605 to receive the deletion file name.
In step S174, the registration unit 630 of the data management device 600 deletes the transformed encrypted tag TET corresponding to the deletion file name from the registration database 691.
Specifically, the registration unit 630 deletes the transformed encrypted tag TET that includes the same data name ID(D) as the deletion file name.
Referring back to
In step S180, the divided key generation device 300 re-generates a registration secret key EK' and a search secret key SK′. The divided key generation device 300 randomly re-generates the registration secret key EK′ and the search secret key SK′ using the master key MK and the public parameter PP. Then, the divided key generation device 300 replaces the registration secret key EK and the search secret key SK that have already been used with the registration secret key EK′ and the search secret key SK′.
The divided key re-generation (S180) is a process executed by the divided key generation device 300.
In step S181, the acceptance unit 310 accepts the master key MK and the public parameter PP, and saves and stores the master key MK and the public parameter PP in the storage unit 390.
However, if the master key MK and the public parameter PP have already been stored, step S121 is not necessary.
In step S182, the divided key generation unit 320 re-generates the registration secret key EK′=(EK1′, EK2′) using the master key MK and the public parameter PP.
How it is re-generated specifically is the same as how the registration secret key EK is generated in step S122, so that it is omitted here.
In step S183, the divided key generation unit 320 re-generates the search secret key SK′=(SK1′, SK2′) using the master key MK and the public parameter PP. How it is re-generated specifically is the same as how the search secret key SK is generated in step S123, so that it is omitted here.
In step S184, the divided key generation unit 320 saves and stores the registration secret key EK′ and the search secret key SK′ as the registration secret key EK and the search secret key SK in the storage unit 390.
If the registration secret key EK and the search secret key SK have already been stored in the storage unit 390, the stored registration secret key EK and search secret key SK are replaced with the registration secret key EK′ and the search secret key SK′ newly generated in step S182 and step S183, respectively.
In step S185, the output unit 330 outputs the registration secret key EK' and the search secret key SK′.
For example, the output unit 330 uses the communication device 305 to transmit a registration key EK1′ to the registration request device 400.
For example, the output unit 330 uses the communication device 305 to transmit a search key SK1′ to the search request device 500.
For example, the output unit 330 uses the communication device 305 to transmit a registration auxiliary key EK2′ and a search auxiliary key SK2′ to the data management device 600.
For example, the output unit 330 uses the communication device 305 to transmit the registration secret key EK′ and the search secret key SK′ to the key transformation device 800.
The registration key EK1′ is used for generating the encrypted data C.
The registration auxiliary key EK2′ is used for transforming the encrypted data C.
The search key SK1′ is used for generating the search query SQ.
The search auxiliary key SK2′ is used for transforming the search query SQ.
Referring back to
In step S190, the transformation key generation device 700 generates the transformation key TK for performing key transformation of the master key MK, the registration secret key EK, and the search secret key SK and for re-encrypting the transformed encrypted tag TET.
The transformation key generation (S190) is a process executed by the transformation key generation device 700.
In step S191, the acceptance unit 710 accepts the public parameter PP, and saves and stores the public parameter PP in the storage unit 790.
However, if the public parameter PP has already been stored, step S181 is not necessary.
In step S192, the generation unit 720 generates the transformation key TK using the public parameter PP.
Specifically, the divided key generation unit 320 randomly selects an integer TK from a set of integers of 1 to (N−1) {1, 2, . . . m, N−1}.
In step S193, the generation unit 720 saves and stores the transformation key TK in the storage unit 790.
In step S194, the output unit 730 outputs the transformation key TK.
For example, the output unit 730 uses the communication device 705 to transmit the transformation key TK to the key transformation device 800.
The transformation key TK is used for key transformation of the master key MK, the registration secret key EK, and the search secret key SK. It is also used for re-encrypting the transformed encrypted tag TET.
Referring back to
In step S200, the key transformation device 800 performs key transformation of the master key MK, the registration secret key EK, and the search secret key SK.
The key transformation device 800 performs key transformation of the master key MK, the registration secret key EK, and the search secret key SK using the transformation key TK. The key transformation device 800 outputs a key-transformed master key MK′, a key-transformed registration secret key EK′, and a key-transformed search secret key SK′ obtained by key transformation.
Specifically, this is as described below.
The key transformation (S200) is a process executed by the key transformation device 800.
In step S201, the acceptance unit 810 accepts the transformation key TK, the master key MK, the registration secret key EK, the search secret key SK, and the public parameter PP. Then, the acceptance unit 810 saves and stores the transformation key TK, the master key MK, the registration secret key EK, the search secret key SK, and the public parameter PP in the storage unit 690.
If the transformation key TK, the master key MK, the registration secret key EK, the search secret key SK, and the public parameter PP have already been stored, the transformation key TK, the master key MK, the registration secret key EK, and the search secret key SK are replaced and stored.
In step S202, the transformation unit 820 performs key transformation of the master key MK using the transformation key TK and the public parameter PP so as to generate the key-transformed master key MK′.
Specifically, the transformation unit 820 calculates the key-transformed master key MK′ for the master key MK=(P, Q, G, Z, X), as indicated below.
In step S203, the transformation unit 820 performs key transformation of the registration secret key EK using the transformation key TK and the public parameter PP so as to generate the key-transformed registration secret key EK′.
Specifically, the transformation unit 820 calculates the key-transformed registration secret key EK′ for the registration secret key EK=(EK1, EK2), as indicated below.
In the above, key transformation is performed on the registration key EK1 and the registration auxiliary key EK2 at the same time, but key transformation may be performed only on one of the registration key EK1 and the registration auxiliary key EK2. In particular, the size of the registration key EK1 does not increase even when it is updated, but the size of the registration auxiliary key EK2 increases when it is updated. Therefore, updating only EK1 can prevent an increase in size.
If key transformation is performed only on one of the registration key EK1 and the registration auxiliary key EK2, key transformation is performed only on one of the search key SK1 and the search auxiliary key SK2 also in step S204 later. Furthermore, key transformation of the master key MK in step S203 is changed as indicated below.
In step S204, the transformation unit 820 performs key transformation of the search secret key SK using the transformation key TK and the public parameter PP so as to generate the key-transformed search secret key SK′.
Specifically, the transformation unit 820 calculates the key-transformed search secret key SK′ for the search secret key SK=(SK1, SK2), as indicated below.
As described above, if key transformation is performed on only one of the registration key EK1 and the registration auxiliary key EK2 in step S203, key transformation is performed only on one of the search key SK1 and the search auxiliary key SK2 also in step S204. In this case, the key-transformed master key MK′ is calculated as G′=G^TK mod N and X′=X*TK mod Z.
In step S205, the output unit 830 outputs the key-transformed master key MK′, the key-transformed registration secret key EK′, and the key-transformed search secret key SK′.
In particular, the key-transformed master key MK′ is stored by being replaced with the master key MK stored in the storage unit 290 of the master key generation device 200 and the master key MK stored in the storage unit 390 of the divided key generation device 300.
The key-transformed registration secret key EK′ and the key-transformed search secret key SK′ are stored by being replaced with the registration secret key EK and the search secret key SK stored in the storage unit 390 of the divided key generation device 300, respectively.
The key-transformed registration key EK1′ is stored by being replaced with the registration key EK1 stored in the storage unit 490 of the registration request device 400.
The key-transformed search key SK1′ is stored by being replaced with the search key SK1 stored in the storage unit 590 of the search request device 500.
The key-transformed registration auxiliary key EK2′ and the key-transformed search auxiliary key SK2′ are stored by being replaced with the registration auxiliary key EK2 and the search auxiliary key SK2 stored in the storage unit 690 of the data management device 600, respectively.
Referring back to
In step S210, the re-encryption device 900 re-encrypts the transformed encrypted tag TET.
The re-encryption unit 920 of the re-encryption device 900 acquires the transformation key TK, the public parameter PP, and the transformed encrypted data, and re-encrypts the transformed encrypted data using the transformation key TK and the public parameter PP. The re-encryption unit 920 outputs re-encrypted transformed encrypted data obtained by re-encryption.
The registration unit 630 of the data management device 600 acquires the re-encrypted transformed encrypted data from the re-encryption device 900, and replaces the transformed encrypted data registered in the registration database 691 with the re-encrypted transformed encrypted data.
In the following, the re-encrypted transformed encrypted data is a re-encrypted transformed encrypted tag TET′.
Specifically, this is as described below.
The re-encryption (S210) is a process executed by the re-encryption device 900.
In step S211, the acceptance unit 910 accepts the transformation key TK, the public parameter PP, and the transformed encrypted tag TET, and saves and stores the transformation key TK and the public parameter PP in the storage unit 990.
More than one transformed encrypted tag TET may be accepted. In that case, step S212 and step S213 are executed for each transformed encrypted tag TET.
In step S212, the re-encryption unit 920 re-encrypts the transformed encrypted tag TET using the transformation key TK and the public parameter PP so as to generate the re-encrypted transformed encrypted tag TET′.
Specifically, the re-encryption unit 920 calculates the re-encrypted transformed encrypted tag TET′ for the transformed encrypted tag TET=(ID(D), TET1, . . . , TETk), as indicated below. Note that TETi=(TETi1, TETi2) and i is an integer from 1 to k.
If TETi′ also needs to be randomized to enhance security in re-encryption, it is calculated as indicated below.
First, an integer RR is randomly selected from a set of integers of 1 to (N−1) {1, 2, . . . , N−1 }.
Next, the following is calculated for each TETi′=(TETi1′, TETi2′).
In step S213, the output unit 930 outputs the re-encrypted transformed encrypted tag TET′.
In particular, the re-encrypted transformed encrypted tag TET′ is stored by being replaced with the transformed encrypted tag TET stored in the registration database 691 in the storage unit 690 of the data management device 600.
The searchable encryption system according to this embodiment provides effects such that by dividing and distributing keys, encryption and registration by registrants can be controlled and searchable-encryption searches by searchers can also be controlled.
The searchable encryption system according to this embodiment divides a secret key into two keys by divided key generation. If one of the keys is deleted, a search cannot be performed with only the other one of the keys. Therefore, key revocation can be performed.
Furthermore, the searchable encryption system according to this embodiment can generate new divided keys each time even if divided key generation is performed many times. Therefore, past divided keys will not appear, and key revocation can be achieved securely.
The searchable encryption system according to this embodiment can perform key transformation of divided keys using a transformation key so as to generate new keys, and can also re-encrypt encrypted data corresponding to the new keys in a searchable format without decrypting the encrypted data. Therefore, high security can be achieved, and re-encryption processing can be performed efficiently.
Furthermore, the searchable encryption system according to this embodiment can generate a new transformation key each time even if transformation keys are generated many times. Therefore, past transformation keys will not appear, and key transformation or re-encryption can be achieved securely.
The searchable encryption system according to this embodiment can randomize encrypted tags and search queries using random numbers. Therefore, encrypted tags and search queries can be probabilistically generated to be different values each time.
For this reason, it is difficult to infer plaintext data and search keywords contained in encrypted tags and search queries from the encrypted tags and the search queries. Therefore, high security can be achieved.
As described above, the searchable encryption system according to this embodiment makes it possible, by dividing and distributing keys, to achieve updating or revocation of keys and also to re-encrypt encrypted data for searchable-encryption searches with a new key without decrypting the encrypted data. Furthermore, encrypted data can be generated probabilistically.
In this embodiment, differences from Embodiment 1 and additions to Embodiment 1 will be mainly described.
In this embodiment, components with substantially the same functions as those in Embodiment 1 will be denoted by the same reference signs, and their description will be omitted.
In this embodiment, an embodiment in which an encrypted index EI is used in place of the encrypted tag ET described in Embodiment 1 will be described.
This embodiment will be described based on
The configuration of the searchable encryption system 100 is the same as the configuration of
However, the configuration of the registration request device 400 is partially different from the configuration in Embodiment 1.
The registration request device 400 includes elements such as an index search result generation unit 424 and an encrypted index generation unit 425 in place of the encrypted tag generation unit 423 of Embodiment 1.
The operation of the searchable encryption system 100 according to this embodiment will now be described. A procedure for the operation of the searchable encryption system 100 is equivalent to the searchable encryption method. A program that realizes the operation of the searchable encryption system 100 is equivalent to the searchable encryption program.
Step S110, step S120, step S170, step S180, step S190, and step S200 are as described in Embodiment 1.
Step S230, step S240, step S250, step S260, and step S310 will be described below.
In step S230, the registration request device 400 generates the encrypted data C and transmits the encrypted data C to the data management device 600.
The generation unit 420 of the registration request device 400 acquires the registration key EK1, plaintext data D, and the public parameter PP. Then, the generation unit 420 generates the encrypted data C by encrypting the plaintext data D using the registration key EK1 and the public parameter PP. At this time, the generation unit 420 generates a random number used for generating the encrypted data C, using the public parameter PP. Then, the generation unit 420 generates the encrypted data using the registration key EK1, the public parameter PP, and the random number. The encrypted data can be randomized by this random number.
In this embodiment, the generation unit 420 searches for a plurality of pieces of plaintext data using registration keywords contained in each piece of plaintext data of the plurality of pieces of plaintext data. The generation unit 420 encrypts an index search result RES, which indicates a search result in an index structure, using the registration key EK1, the public parameter PP, and a random number, and generates an encrypted index EI obtained by encryption as the encrypted data C.
Specifically, this is as described below.
The registration request (S230) corresponds to the registration request (S130) in Embodiment 1.
In step S231, the acceptance unit 410 accepts the registration key EK1, the public parameter PP, and plaintext data D.
Step S231 is the same as step S131 in Embodiment 1.
One piece or a plurality pieces of plaintext data D may be accepted. This embodiment will be described assuming that a plurality of pieces of plaintext data D are accepted. In this case, the plurality of pieces of plaintext data are expressed as {D} and it is assumed that n pieces of data are accepted. In this case, the plurality of pieces of plaintext data {D} are expressed as {D1, . . . , Dn}.
In step S232, the keyword generation unit 421 generates a registration keyword set W.
Step S232 is the same as step S132 in Embodiment 1. The registration keyword set W is generated for each piece of plaintext data of the plurality of pieces of plaintext data {D}. These plurality of registration keyword sets are expressed as {W}, and when the plurality of pieces of plaintext data {D} include m pieces of plaintext data, the plurality of registration keyword sets {W} can be expressed as {W1, . . . , Wm}. Note that m is an integer of 1 or greater. In this case, the registration keyword set corresponding to D1 is W1, and the registration keyword set corresponding to Dm is Wm.
In step S233, the index search result generation unit 424 generates an index search result RES based on the plurality of registration keyword sets {W}.
Specifically, for the plurality of registration keyword sets {W}, the index search result generation unit 424 generates data including one or more data names ID(D) corresponding to each registration keyword w included in each registration keyword set Wi. The generated data is the index search result RES. The index search result RES may also be referred to as a search result.
The index search result RES is expressed as indicated below.
“w” is a keyword and is included in one registration keyword set Wi of the plurality of registration keyword sets {W}.
“res” is a set of identifiers each of which is a data name ID(D), and res includes one or more identifiers.
As illustrated in
In
Referring back to
In step S234, the random number generation unit 422 generates an encrypted-index random number IR.
Specifically, the random number generation unit 422 randomly selects integers ir1 and ir2 from a set of integers of 1 to (N−1) {1, 2, . . . , N−1} and generates the encrypted-index random number IR=(ir1, ir2).
If randomization is not required in consideration of high-speed searchable encryption processing, ir1 and ir2 may be set as ir1=ir2=1.
In step S235, the encrypted index generation unit 425 encrypts the index search result RES using the registration key EK1, the public parameter PP, and the encrypted-index random number IR so as to generate an encrypted index EI.
This encrypted index EI is the encrypted data C in this embodiment.
The encrypted index EI is the index search result RES that has been encrypted, and includes encrypted keywords key and encrypted identifiers val.
The encrypted keywords key are the registration keywords w that have been encrypted.
The set of encrypted identifiers val is the set of identifiers res that has been encrypted.
For example, the encrypted index EI is expressed as indicated below.
“∥” denotes concatenation of character strings. The encrypted index EI has a unique identifier and its value is written as ID(EI).
In order to calculate val2, res may be treated as binary and may be converted into an integer from 1 to N−1 for calculation. Alternatively, the presence or absence of ID(D) included in res may be changed to a bit representation for calculation. For example, if ID(D1) and ID(Dn) correspond to the plurality of keyword sets {W1, . . . , Wn} and a certain registration keyword w, the above val2 can be calculated by handling the bit representation of “ID(D1)∥ID(Dn)” after converting it into an integer from 1 to N−1 in the former case. In the latter case, an n-bit representation such as “10 . . . 01” is possible, and the above val2 can be calculated by handling this n-bit value after converting it into an integer from 1 to N−1.
In step S236, the request unit 430 transmits the encrypted index EI to the data management device 600.
In step S240, the data management device 600 receives the encrypted data C, transforms the encrypted data C, and stores it in the storage unit 690. In this embodiment, the encrypted data C is the encrypted index EI.
The registration operation (S240) is a process executed by the data management device 600.
In step S241, the acceptance unit 610 accepts the registration auxiliary key EK2, the public parameter PP, and the encrypted index EI. Then, the key management unit 620 saves and stores the registration auxiliary key EK2 and the public parameter PP in the storage unit 690.
If the registration auxiliary key EK2 and the public parameter PP have already been stored, only the registration auxiliary key EK2 is replaced and stored.
More than one encrypted index EI may be accepted. In that case, step S242 and step S243 are executed for each encrypted index EI.
In step S242, the transformation unit 631 transforms the encrypted index EI
using the registration auxiliary key EK2 and the public parameter PP so as to generate a transformed encrypted index TEI.
Specifically, the transformation unit 631 calculates the transformed encrypted index TEI for the encrypted index EI={(key, val)}, as indicated below. Note that key=(key1, key2) and val=(val1, val2).
In step S243, the storing unit 632 registers the transformed encrypted index TEI in a registration database 691A.
The registration database 691A is saved and stored in the storage unit 690 of the data management device 600.
In
In data of one row, a data name ID(EI) and a transformed encrypted index TEI are associated with each other.
In step S250, the search request device 500 generates the search query SQ, and transmits the search query SQ to the data management device 600.
The search request (S250) is a process executed by the search request device 500.
In step S251, the acceptance unit 510 accepts the search key SK1, the public parameter PP, and the search keyword sw.
Step S251 is the same as step S151 in Embodiment 1.
In step S252, the random number generation unit 521 generates a search-query random number QR using the public parameter PP.
The search-query random number QR is a random number for encrypting the search query SQ.
Specifically, the random number generation unit 521 randomly selects integers QR1 and QR2 from a set of integers of 1 to (N−1) {1, 2, . . . , N−1} and generates the search-query random number QR=(qr1, qr2).
If randomization is not required in consideration of high-speed searchable encryption processing, the value of QR may be set as QR=1.
In step S253, the search query generation unit 522 encrypts the search keyword sw using the search key SK1, the public parameter PP, and the search-query random number QR so as to generate the search query SQ.
Specifically, the search query generation unit 522 calculates the following search query SQ for the search keyword sw and the search-query random number QR.
In step S254, the request unit 530 transmits the search query SQ to the data management device 600.
Step S254 is the same as step S154 in Embodiment 1.
In step S255, the request unit 530 uses the communication device 505 to receive the search result DATA from the data management device 600.
Step S255 is the same as step S155 in Embodiment 1.
In step S256, the output unit 540 outputs the search result DATA.
Step S256 is the same as step S156 in Embodiment 1.
In step S260, the data management device 600 searches for transformed encrypted data that matches the search query SQ. In this embodiment, transformed encrypted data, which is the encrypted data C that has been transformed, is the transformed encrypted index TEI.
The search operation (S260) is a process executed by the data management device 600.
In step S261, the acceptance unit 610 accepts the search auxiliary key SK2, the public parameter PP, and the search query SQ. Then, the key management unit 620 saves and stores the search auxiliary key SK2 and the public parameter PP in the storage unit 690.
If the search auxiliary key SK2 and the public parameter PP have already been stored, only the search auxiliary key SK2 is replaced and stored.
More than one search query SQ may be accepted. In that case, step S262 to step S264 are executed for each search query SQ.
In step S262, the transformation unit 641 transforms the search query SQ using the search auxiliary key SK2 and the public parameter PP so as to generate a transformed search query TSQ.
Specifically, the transformation unit 641 calculates the transformed search query TSQ for the search query SQ={SQ1, SQ2}={(SQ11, SQ12), (SQ21, SQ22)}, as indicated below.
In step S263, the checking unit 642 checks the transformed search query TSQ against each transformed encrypted index TEI in the registration database 691A so as to find encrypted data with a data name ID(D) that matches the transformed search query TSQ.
Specifically, the checking unit 642 checks the transformed search query TSQ=(TSQ1, TSQ2) against each Tkey of each transformed encrypted index TEI={(Tkey, Tval)}, as indicated below.
That is, whether M11 and M12 are equal is calculated for the transformed search query TSQ and each Tkey of each transformed encrypted index TEI. If they are equal, attention is focused on Tval corresponding to that Tkey and the process proceeds to the next step S264. If they are not equal, whether M11 and M12 match is determined for the next Tkey. If M11 and M12 do not match for all Tkey, DATA is treated as an empty set and step S264 is omitted.
M11 and M12 can be expressed as indicated below.
Therefore, if w is equal to sw, then M11 is equal to M12. If w is not equal to sw, then M11 is not equal to M12.
That is, if the search keyword sw matches any one of the pieces of plaintext data, M11 and M12 always match in one Tval, and the process proceeds to step S264.
In step S264, the extraction unit 643 finds a set of data names ID(D) that match the transformed search query TSQ from Tval associated with Tkey found as a match in step S263.
Specifically, using the transformed search query TSQ=(TSQ1, TSQ2), the extraction unit 643 calculates DATA for Tval associated with They found as a match in step S263, as indicated below.
Note that DLog_{M21 }(M22) represents the discrete logarithm of M22 with M21 as the base.
M2 and DATA can be expressed as indicated below. It is assumed here that the registration keyword w and the search keyword sw match, so that w=sw.
Therefore, M22 is equal to M21^res mod N. If the value of res is small, the discrete logarithm can be calculated efficiently. In this case, DATA is equal to res, and res is a set of identifiers of plaintext data. That is, DATA is the search result for the search keyword sw.
In step S265, the output unit 650 uses the communication device 605 to transmit the search result DATA to the search request device 500. <Re-encryption: S310>
In step S310, the re-encryption device 900 re-encrypts the transformed encrypted index TEI.
The re-encryption (S310) is a process executed by the re-encryption device 900.
In step S311, the acceptance unit 910 accepts the transformation key TK, the public parameter PP, and the transformed encrypted index TEI, and saves and stores the transformation key TK and the public parameter PP in the storage unit 990.
More than one transformed encrypted index TEI may be accepted. In that case, step S312 and step S313 are executed for each transformed encrypted index TEI.
In step S312, the re-encryption unit 920 re-encrypts the transformed encrypted index TEI using the transformation key TK and the public parameter PP so as to generate a re-encrypted transformed encrypted index TEI′.
Specifically, the re-encryption unit 920 calculates the re-encrypted transformed encrypted index TEI′ for the transformed encrypted index TEI={(Tkey, Tval)}, as indicated below.
The following is calculated for each (Tkey, Tval)=((Tkey1, Tkey2), (Tval1, Tval2)).
If Tkey and Tval also need to be randomized to enhance security in re-encryption, this is calculated as indicated below.
First, integers RR1 and RR2 are randomly selected from a set of integers of 1 to (N−1) {1, 2, . . . , N−1}.
Next, the following is calculated for each (Tkey′, Tval′).
In step S313, the output unit 930 outputs the re-encrypted transformed encrypted index TEI′.
In particular, the re-encrypted transformed encrypted index TEI' is stored by being replaced with the transformed encrypted index TEI registered in the registration database 691A in the storage unit 990 of the data management device 600.
The searchable encryption system according to this embodiment provides the following effect in addition to substantially the same effects as those of Embodiment 1. Identifiers that match search keywords can be collectively extracted without decrypting ciphertexts.
The processing circuit 209 may be dedicated hardware, or may be the processor 201 that executes programs stored in the memory 202.
When the processing circuit 209 is dedicated hardware, the processing circuit 209 is, for example, a single circuit, a composite circuit, a programmed processor, a parallel-programmed processor, an ASIC, an FPGA, or a combination of these.
ASIC is an abbreviation for application specific integrated circuit. FPGA is an abbreviation for field programmable gate array.
The master key generation device 200 may include a plurality of processing circuits as an alternative to the processing circuit 209.
In the processing circuit 209, some functions may be realized by dedicated hardware and the remaining functions may be realized by software or firmware.
As described above, the functions of the master key generation device 200 can be realized by hardware, software, firmware, or a combination of these.
The divided key generation device 300 includes a processing circuit 309.
The processing circuit 309 is hardware that realizes the acceptance unit 310, the divided key generation unit 320, and the output unit 330.
The processing circuit 309 may be dedicated hardware, or may be the processor 301 that executes programs stored in the memory 302.
When the processing circuit 309 is dedicated hardware, the processing circuit 309 is, for example, a single circuit, a composite circuit, a programmed processor, a parallel-programmed processor, an ASIC, an FPGA, or a combination of these.
The divided key generation device 300 may include a plurality of processing circuits as an alternative to the processing circuit 309.
In the processing circuit 309, some functions may be realized by dedicated hardware and the remaining functions may be realized by software or firmware.
As described above, the functions of the divided key generation device 300 can be realized by hardware, software, firmware, or a combination of these.
The registration request device 400 includes a processing circuit 409.
The processing circuit 409 is hardware that realizes the acceptance unit 410, the generation unit 420, and the request unit 430.
The processing circuit 409 may be dedicated hardware, or may be the processor 401 that executes programs stored in the memory 402.
When the processing circuit 409 is dedicated hardware, the processing circuit 409 is, for example, a single circuit, a composite circuit, a programmed processor, a parallel-programmed processor, an ASIC, an FPGA, or a combination of these.
The registration request device 400 may include a plurality of processing circuits as an alternative to the processing circuit 409.
In the processing circuit 409, some functions may be realized by dedicated hardware and the remaining functions may be realized by software or firmware.
As described above, the functions of the registration request device 400 can be realized by hardware, software, firmware, or a combination of these.
The search request device 500 includes a processing circuit 509.
The processing circuit 509 is hardware that realizes the acceptance unit 510, the generation unit 520, the request unit 530, and the output unit 540.
The processing circuit 509 may be dedicated hardware, or may be the processor 501 that executes programs stored in the memory 502.
When the processing circuit 509 is dedicated hardware, the processing circuit 509 is, for example, a single circuit, a composite circuit, a programmed processor, a parallel-programmed processor, an ASIC, an FPGA, or a combination of these.
The search request device 500 may include a plurality of processing circuits as an alternative to the processing circuit 509.
In the processing circuit 509, some functions may be realized by dedicated hardware and the remaining functions may be realized by software or firmware.
As described above, the functions of the search request device 500 may be realize by hardware, software, firmware, or a combination of these.
The data management device 600 includes a processing circuit 609.
The processing circuit 609 is hardware that realizes the acceptance unit 610, the key management unit 620, the registration unit 630, the search unit 640, and the output unit 650.
The processing circuit 609 may be dedicated hardware, or may be the processor 601 that executes programs stored in the memory 602.
When the processing circuit 609 is dedicated hardware, the processing circuit
609 is, for example, a single circuit, a composite circuit, a programmed processor, a parallel-programmed processor, an ASIC, an FPGA, or a combination of these.
The data management device 600 may include a plurality of processing circuits as an alternative to the processing circuit 609.
In the processing circuit 609, some functions may be realized by dedicated hardware and the remaining functions may be realized by software or firmware.
As described above, the functions of the data management device 600 can be realized by hardware, software, firmware, or a combination of these.
The transformation key generation device 700 includes a processing circuit 709.
The processing circuit 709 is hardware that realizes the acceptance unit 710, the generation unit 720, and the output unit 730.
The processing circuit 709 may be dedicated hardware, or may be the processor 701 that executes programs stored in the memory 702.
When the processing circuit 709 is dedicated hardware, the processing circuit 709 is, for example, a single circuit, a composite circuit, a programmed processor, a parallel-programmed processor, an ASIC, an FPGA, or a combination of these.
The transformation key generation device 700 may include a plurality of processing circuits as an alternative to the processing circuit 709.
In the processing circuit 709, some functions may be realized by dedicated hardware and the remaining functions may be realized by software or firmware.
As described above, the functions of the transformation key generation device 700 can be realized by hardware, software, firmware, or a combination of these.
The key transformation device 800 includes a processing circuit 809. The processing circuit 809 is hardware that realizes the acceptance unit 810, the transformation unit 820, and the output unit 830.
The processing circuit 809 may be dedicated hardware, or may be the processor 801 that executes programs stored in the memory 802.
When the processing circuit 809 is dedicated hardware, the processing circuit 809 is, for example, a single circuit, a composite circuit, a programmed processor, a parallel-programmed processor, an ASIC, an FPGA, or a combination of these.
The key transformation device 800 may include a plurality of processing circuits as an alternative to the processing circuit 809.
In the processing circuit 809, some functions may be realized by dedicated hardware and the remaining functions may be realized by software or firmware.
As described above, the functions of the key transformation device 800 can be realized by hardware, software, firmware, or a combination of these.
The re-encryption device 900 includes a processing circuit 909.
The processing circuit 909 is dedicated hardware that realizes the acceptance unit 910, the re-encryption unit 920, and the output unit 930.
The processing circuit 909 may be dedicated hardware, or may be the processor 901 that executes programs stored in the memory 902.
When the processing circuit 909 is dedicated hardware, the processing circuit 909 is, for example, a single circuit, a composite circuit, a programmed processor, a parallel-programmed processor, an ASIC, an FPGA, or a combination of these.
The re-encryption device 900 may include a plurality of processing circuits as an alternative to the processing circuit 909.
In the processing circuit 909, some functions may be realized by dedicated hardware and the remaining functions may be realized by software or firmware.
As described above, the functions of the re-encryption device 900 can be realized by hardware, software, firmware, or a combination of these.
Each of the devices described in the embodiments may be realized with a plurality of devices. Two or more of the devices described in the embodiments may be realized with one device.
Each “unit” that is an element of each of the devices described in the embodiments may be interpreted as “process”, “step”, “circuit”, or “circuitry”.
In Embodiments 1 and 2 above, each unit of each device of the searchable encryption system has been described as an independent functional block. However, the configuration of each device of the searchable encryption system may be different from the configuration described in the above embodiments. The functional blocks of each device of the searchable encryption system may be arranged in any configuration, provided that the functions described in the above embodiments can be realized. Each device of the searchable encryption system may be a system composed of a plurality of devices, instead of one device.
Portions of Embodiments 1 and 2 may be implemented in combination. Alternatively, one portion of these embodiments may be implemented. These embodiments may be implemented as a whole or partially in any combination.
That is, in Embodiments 1 and 2, each embodiment can be freely combined, or any constituent element in each embodiment can be modified. Alternatively, in each embodiment, any constituent element can be omitted.
The embodiments described above are essentially preferable examples, and are not intended to limit the scope of the present disclosure, the scope of applications of the present disclosure, and the scope of uses of the present disclosure. The embodiments described above can be modified in various ways as necessary. For example, the procedures described using flowcharts or sequence diagrams may be modified as appropriate.
100: searchable encryption system, 101: network, 200: master key generation device, 201: processor, 202: memory, 203: auxiliary storage device, 204: input/output interface, 205: communication device, 209: processing circuit, 210: acceptance unit, 220: generation unit, 230: output unit, 290: storage unit, 300: divided key generation device, 301: processor, 302: memory, 303: auxiliary storage device, 304: input/output interface, 305: communication device, 309: processing circuit, 310: acceptance unit, 320: divided key generation unit, 321: registration key generation unit, 322: registration auxiliary key generation unit, 323: search key generation unit, 324: search auxiliary key generation unit, 330: output unit, 390: storage unit, 400: registration request device, 401: processor, 402: memory, 403: auxiliary storage device, 404: input/output interface, 405: communication device, 409: processing circuit, 410: acceptance unit, 420: generation unit, 421: keyword generation unit, 422: random number generation unit, 423: encrypted tag generation unit, 424: index search result generation unit, 425: encrypted index generation unit, 430: request unit, 490: storage unit, 500: search request device, 501: processor, 502: memory, 503: auxiliary storage device, 504: input/output interface, 505: communication device, 509: processing circuit, 510: acceptance unit, 520: generation unit, 521: random number generation unit, 522: search query generation unit, 530: request unit, 540: output unit, 590: storage unit, 600: data management device, 601: processor, 602: memory, 603: auxiliary storage device, 604: input/output interface, 605: communication device, 609: processing circuit, 610: acceptance unit, 620: key management unit, 630: registration unit, 631: transformation unit, 632: storing unit, 640: search unit, 641: transformation unit, 642: checking unit, 643: extraction unit, 650: output unit, 690: storage unit, 691: registration database, 691A: registration database, 700: transformation key generation device, 701: processor, 702: memory, 703: auxiliary storage device, 704: input/output interface, 705: communication device, 709: processing circuit, 710: acceptance unit, 720: generation unit, 730: output unit, 790: storage unit, 800: key transformation device, 801: processor, 802: memory, 803: auxiliary storage device, 804: input/output interface, 805: communication device, 809: processing circuit, 810: acceptance unit, 820: transformation unit, 830: output unit, 890: storage unit, 900: re-encryption device, 901: processor, 902: memory, 903: auxiliary storage device, 904: input/output interface, 905: communication device, 909: processing circuit, 910: acceptance unit, 920: re-encryption unit, 930: output unit, 990: storage unit.
This application is a Continuation of PCT International Application No. PCT/JP2021/048616, filed on Dec. 27, 2021, all of which is hereby expressly incorporated by reference into the present application.
| Number | Date | Country | |
|---|---|---|---|
| Parent | PCT/JP2021/048616 | Dec 2021 | WO |
| Child | 18734629 | US |
