Secret calculation device, secret calculation method, program, and recording medium
阅读说明:本技术 秘密计算装置、秘密计算方法、程序、以及记录介质 (Secret calculation device, secret calculation method, program, and recording medium ) 是由 五十岚大 于 2019-02-26 设计创作,主要内容包括:秘密计算装置利用x<Sub>i</Sub>(这里i=0,1,2)的秘密分散值{x<Sub>i</Sub>}来计算秘密分散值{s<Sub>i</Sub>}={x<Sub>i</Sub>}-1/2,通过利用了秘密分散值{s<Sub>i</Sub>}的秘密计算来计算秘密分散值{y}={4s<Sub>0</Sub>s<Sub>1</Sub>s<Sub>2</Sub>}+1/2并进行输出,并通过利用了随机数r的秘密分散值{r}以及秘密分散值{s<Sub>i</Sub>}的秘密计算来计算秘密分散值{y<Sub>r</Sub>}={4rs<Sub>0</Sub>s<Sub>1</Sub>s<Sub>2</Sub>}+{r}/2并进行输出。(Secret computing device using x i Secret variance value { x of (where i is 0,1,2) } i Calculating a secret variance value s i }={x i -1/2, by using secret scatter values s i Calculating a secret variance value y 4s by secret calculation 0 s 1 s 2 +1/2, and outputs the result by using a secret variance value { r } and a secret variance value { s } of a random number r i Calculating a secret variance value y by secret calculation r }={4rs 0 s 1 s 2 And { r }/2 and output.)
1. A secret computing apparatus having:
a subtraction part using xiSecret scatter value x for e 0,1iCalculating a secret variance value si}={xi}-1/2;
A first exclusive OR operation unit using the secret variance value siSecret of }Secret variance value { y } - {4s } is calculated by secret calculation0s1s2} +1/2 and output; and
a second exclusive OR operation unit for calculating a secret variance value { r } and a secret variance value { s } using a random number riCalculating a secret variance value y by secret calculationr}={4rs0s1s2} + { r }/2 and output,
wherein i is 0,1, 2.
2. The covert computing device of claim 1,
j is 0,1,2, the secret computing device is three secret computing devices P0、P1、P2The secret calculation device P of any one ofjFor said secret computing means PjOf { x } is a secret dispersion valueiIs { x }i}j,
The secret calculation device further includes a random number acquisition unit configured to acquire a random number w ∈ {0,1} satisfying w ═ w ∈ [, {0,1}, where0+w1+w2mod2 secret scatter value wB j=(wj,w(j+1)mod 3),
{xj}j=(wj,0),{x(j+1)mod 3}j=(0,w(j+1)mod 3),{x(j+2)mod 3}j=(0,0)。
3. The covert computing device of claim 2,
the subtraction part subtracts wjAnd w(j+1)mod 3Computing the secret dispersion value s as an element of a finite fieldi},
The secret variance value y is a secret variance value obtained in a case where the random number w is secret-spread over the finite field.
4. The secret computing device of any one of claim 1 to claim 3,
the first exclusive OR operation unit passesUsing secret scatter values 4s0And secret scatter value s1Secret calculation to obtain a secret variance value {4s }0s1And by using said secret variance value {4s }0s1And secret scatter value s2Secret calculation to obtain a secret variance value {4s }0s1s2},
The second exclusive-or operation unit uses a secret variance value {4r } and a secret variance value { s }0Secret calculation to obtain a secret variance value {4rs }0And by using the secret variance value {4rs }0And secret scatter value s1Secret calculation to obtain a secret variance value {4rs }0s1And by using the secret variance value {4rs }0s1And secret scatter value s2Secret calculation to obtain a secret variance value {4rs }0s1s2}。
5. A secret calculation method of a secret calculation apparatus includes,
a subtraction step in which the subtraction part uses xiSecret scatter value x for e 0,1iCalculating a secret variance value si}={xi}-1/2;
A first exclusive-or operation step in which the first exclusive-or operation unit uses the secret variance value { s }iCalculating a secret variance value y 4s by secret calculation0s1s2} +1/2 and output; and
a second exclusive-OR operation step in which the second exclusive-OR operation unit uses a secret variance value { r } using a random number r and the secret variance value { s }iCalculating a secret variance value y by secret calculationr}={4rs0s1s2} + { r }/2 and output,
wherein i is 0,1, 2.
6. The secret calculation method of claim 5,
j is 0,1,2, the secret computing device is three secret computing devices P0、P1、P2The secret calculation device P of any one ofjFor said secret computing means PjOf { x } is a secret dispersion valueiIs { x }i}j,
The secret calculation method further has: a random number acquisition step in which a random number acquisition unit acquires a random number w ∈ {0,1} satisfying w ═ w ∈0+w1+w2Secret scatter value of mod2 wB j=(wj,w(j+1)mod 3),
{xj}j=(wj,0),{x(j+1)mod 3}j=(0,w(j+1)mod 3),{x(j+2)mod 3}j=(0,0)。
7. A program for causing a computer to function as the secret calculation apparatus according to any one of claim 1 to claim 4.
8. A computer-readable recording medium storing a program for causing a computer to function as the secret calculation apparatus according to any one of claims 1 to 4.
Technical Field
The present invention relates to a secret computing technique, and more particularly to a secret computing technique capable of detecting erroneous computation.
Background
α0E {0,1} and α1An exclusive or α ∈ {0,1} of ∈ {0,1} may be obtained by α ═ α0+α1-2α0α1And (4) calculating.By using this, α0And alpha1And alpha2E {0,1}, exclusive or β ═ α0(XOR)α1(XOR)α2E {0,1} can be calculated by the following equation.
α=α0+α1-2α0α1(1)
β=α+α2-2αα2(2)
There is known a secret calculation technique for performing addition, subtraction, and multiplication while concealing a value (see, for example, non-patent document 1). For example, if the respective uses are concealed by0、α1、α2Secret variance value of [ alpha ]0}、{α1}、{α2Where the expressions (1) and (2) are calculated by secret calculation, α can be obtained0、α1、α2Is equal to the secret dispersion value { beta } of xor beta. By performing such secret calculation with a plurality of secret calculation apparatuses and collecting a predetermined number of results obtained with the respective secret calculation apparatuses, it is possible to recover the exclusive or β.
Disclosure of Invention
Problems to be solved by the invention
Since the secret calculation is performed using the secret variance value, it is difficult to detect that an erroneous calculation has been performed. In particular, it is difficult to detect that multiplication by secret calculation is performed erroneously. Therefore, the following method is considered: in addition to secret calculation of an original calculation formula, secret calculation is performed by multiplying the calculation formula by a random number, and an erroneous calculation is detected using the results.
However, except for the case of multiplying by a certain multiple, when multiplication is performed in secret calculation, communication between secret calculation devices is necessary. Thus, it is possible to provideThe smaller the number of multiplications other than the multiplication by a predetermined factor, the smaller the traffic volume. When secret calculation is performed on the values obtained by multiplying each of equations (1) and (2) by a random number r, multiplication other than multiplication by a constant multiple needs to be performed three times (r α) for calculation of equation (1)0,rα1,2rα0α1) For the calculation of expression (2), multiplication by a constant multiple is required to be performed once (r α)2). Therefore, communication for four multiplications is required in the secret calculation.
In the present invention, the amount of communication in the case of performing a secret calculation of exclusive-OR of three values is reduced to enable detection of erroneous calculation.
Means for solving the problems
In the present invention, i is 0,1,2, and x is usediSecret variance value of { x }iCalculating a secret variance value si}={xi-1/2, and by using a secret scatter value siCalculating a secret variance value y 4s by secret calculation0s1s2+1/2, and outputs the result by using a secret variance value { r } and a secret variance value { s } of a random number riCalculating a secret variance value y by secret calculationr}={4rs0s1s2And { r }/2 and output.
Effects of the invention
This reduces the amount of communication in the case of performing exclusive-or secret calculation of three values, thereby enabling erroneous calculation to be detected.
Drawings
Fig. 1 is a block diagram illustrating the structure of a crypto-computing system of an embodiment.
Fig. 2 is a block diagram illustrating a configuration of a secret calculation apparatus of the embodiment.
Fig. 3 is a flowchart for explaining a secret calculation method according to the embodiment.
Detailed Description
Hereinafter, embodiments of the present invention will be described.
[ summary ]
First, an outline of the embodiment will be describedA preparation method comprises the following steps. In the secret calculation device according to the embodiment, first, the subtraction unit uses xiSecret scatter value x for
{y}={4s0s1s2}+1/2 (3)
For example, the first exclusive-OR operation unit uses the secret variance value {4s }0And secret scatter value s1Secret calculation to obtain a secret variance value {4s }0s1And by using a secret scatter value {4s }0s1And secret scatter value s2Secret calculation to obtain a secret variance value {4s }0s1s2}. Then, the second exclusive OR unit passes the secret variance { r } and the secret variance { s } using the random number riCalculating a secret variance value y by secret calculationrAnd output is performed.
{yr}={4rs0s1s2}+{r}/2 (4)
For example, the second exclusive-OR operation unit uses the secret variance {4r } and the secret variance { s }0Secret calculation to obtain a secret variance value {4rs }0And by using the secret scatter value {4rs }0And secret scatter value s1Secret calculation to obtain a secret variance value {4rs }0s1And by using the secret scatter value {4rs }0s1And secret scatter value s2Secret calculation to obtain a secret variance value {4rs }0s1s2}. The secret calculation method is not limited, and can be, for example, the method described in
Here, y is 4s0s1s2+1/2 and si=xi1/2, this y becomes x0、x1And x2X is exclusive or0(XOR)x1(XOR)x2. The truth table is shown below.
[ TABLE 1 ]
x0
x1
x2
y
0
0
0
0
0
1
0
1
0
0
1
1
0
1
1
0
1
0
0
1
1
1
0
0
1
0
1
0
1
1
1
1
I.e. by y-4 s0s1s2+1/2, in the above formula (1) or (2), can be obtained by adding α ═ x0+x1-2x0x1、β=y、α0=x0、α1=x1、α2=x2The same result. Here, the number of multiplications, other than multiplying by a certain multiple, required to calculate the secret variance value { y } according to equations (1) and (2) is two ({2 ×)0x1},{2xx2} for calculating { y) according to the equations (1) (2)rMultiplication by a factor other than that required forThe number of multiplications is five ({ rx)0},{rx1},{2rx0x1},{rx2},{2rxx2}). In contrast, the number of multiplications other than the constant factor required for calculating the secret variance value { y } using equation (3) is twice ({4 s)0s1},{4s0s1s2}) using equation (4) to calculate { yrThe number of multiplications required for this time, other than a certain multiple, is three ({4 rs)0},{4rs0s1},{4rs0s1s2}). Therefore, by performing the secret calculation using equations (3) and (4), the number of multiplications other than the multiplication by a certain multiple can be reduced twice as compared with the case of performing the secret calculation using equations (1) and (2). When multiplication by a factor other than a certain number is performed by secret calculation, communication between secret calculation devices is necessary. Therefore, the present embodiment, which reduces the number of multiplications other than the multiplication by a fixed number, can reduce the amount of communication compared to the case of performing secret calculation according to equations (1) and (2).
x0,x1,x2It is unimportant what
For example, j may be 0,1,2, and the secret calculation device may be three secret calculation devices P described above0、P1、P2Any one of the secret calculation devices PjFor secret computing means PjSecret variance value of { x }iIs { x }i}jSecret computing device PjThe random number obtaining unit generates a random number w ═ w for a random number w ∈ {0,1}, where w ═ w is satisfied0+w1+w2Secret scatter value of mod2 wB j=(wj,w(j+1)mod 3) The subtraction part is used as { xi{ x } of (here, i ═ 0,1,2)j}j=(wj,0),{x(j+1)mod 3}j=(0,w(j+1)mod 3),{x(j+2)mod 3}jWhen the secret variance value is equal to (0,0), a secret variance value s is calculatedi}={xi-1/2, the first exclusive-or operation unit uses the secret variance value siCalculating a secret variance value (y) of 4s0s1s2+1/2, the second XOR operation unit uses the secret variance value { r } and the secret variance value { s }iCalculating secret variance value yr}={4rs0s1s2} + { r }/2. In addition, if j is 0,1,2, { x is listedj}j,{x(j+1)mod 3}j,{x(j+2)mod 3}jThen, the following is shown.
{x0}0=(w0,0),{x0}1=(0,0),{x0}2=(0,w0)
{x1}0=(0,w1),{x1}1=(w1,0),{x1}2=(0,0)
{x2}0=(0,0),{x2}1=(0,w2),{x2}2=(w2,0)
w0,w1,w2E {0,1} is a secret sharing value sub-share (subshare) obtained by secret sharing a random number w at mod (2) according to a secret sharing scheme (for example, see non-patent document 1) which is an addition of a (2,3) threshold secret sharing scheme. The (k, n) threshold secret sharing scheme (also referred to as "k-of-n threshold secret sharing scheme") is a secret sharing scheme in which plaintext can be recovered by using k secret sharing values different from each other among n secret sharing values, but plaintext information cannot be obtained at all from less than k secret sharing values different from each other. Here, k is not more than n, and k and n are integers of 2 or more. RandomNumber w for each secret calculation device Pj(where j is 0,1,2) is concealed, but passed through each secret computing device PjSelf-generated random number wjE.g. 0,1, and sent to each secret computing device P(j-1)mod 3Each secret computing device PjCan obtain the sub-share wjAnd w(j+1) mod 3. Calculating the devices P from the secretsjGenerated random number w0、w1、w2Determining a random number w ═ w0+w1+w2mod 2。
At { xj}j=(wj,0),{x(j+1)mod 3}j=(0,w(j+1)mod 3),{x(j+2)mod 3}j=(0,0),si∈Fp,y∈Fp,yr∈FpIn the case of (1), the subtracting section subtracts wjE {0,1} and w(j+1)mod 3E {0,1} is regarded as a finite field FpTo calculate a secret scatter value si}. For example, in the finite field FpIs that of
By combining { r }, { y }, and { y } as described aboverThe checksum is used to verify that y is calculated correctly. For example, the use of r, y, and y is also possiblerSecret calculation of y, generating a secret indicating whether y is satisfiedrSecret variance value of ry information (e.g., { y }rRy } (see, for example, international publication No. WO2014/112548 (reference 1)), and the verification device may be selected from r, y, and yrR, y recoveryrAnd then verifies whether y is satisfiedrRy. In the latter case, the authentication device receives the secret variance value { y } ═ 4s0s1s2} +1/2 and a secret scatter value yr}={4rs0s1s2The input of { r }/2 and the secret scatter value { r }, the recovery of the secret scatter value { y } and the secret scatter value { y }rAnd a secret variance value r, thereby obtaining y-4 s0s1s2+1/2 and yr=4rs0s1s2+ r/2 and r, using r and y to obtain yr' ry at yr’=yrIn the case of (2), the subject matter of successful verification is output, and at yr’≠yrIn the case of (2), the content of the verification failure is output.
In general, the secret variance values { y }, and { y }rAre mutually based on the same secret dispersion (e.g., additive secret dispersion). However, since the secret variance value can be converted by a known method (see
Reference 4 Japanese patent laid-open publication No. 2016-173532
Reference 5 Japanese patent laid-open publication No. 2016-
Reference 6 Japanese laid-open patent publication No. 2016-156853
[ first embodiment ]
The first embodiment is explained in detail with reference to the drawings.
< Structure >
As shown in fig. 1, the cryptographic
< secret calculation processing >
The secret calculation process performed by the secret calculation device 11-j will be described with reference to fig. 3. For details of the secret sharing method and the secret calculation method, for example, refer to
Finite field FpIs equal to FpIs given by the secret scatter value r e FpIs input to the input section 111-j of each secret calculation device 11-j (here, j is 0, …, N-1). In addition, the secret variance values of the respective values γ corresponding to the respective secret calculation devices 11-j are different from each other, but for the sake of simplicity of description, the secret variance value of the value γ is singly labeled as { γ } unless otherwise specified. However, when the secret variance values corresponding to the secret computing devices 11-j are designated, the secret variance values will correspond to the secret computing devicesThe secret scatter value corresponding to the secret computing device 11-j is marked with { gamma }j. In this embodiment, the secret distribution method based on addition is applied to the finite field FpThe value of secret distribution of the random number r above is set to { r }, but this is not an important issue in the present invention. The secret variance value { r } in the present embodiment is a value generated outside each secret calculation device 11-j. The value of the random number r is concealed in each secret computing means 11-j. For example, the
xiSecret scatter value x for
XOR operation section 117-j (first XOR operation section) uses secret variance value { s ] output from subtraction section 116-jiCalculating a secret variance value { y } - {4s } by secret calculation0s1s2And +1/2 and output. For example, the exclusive OR operation unit 117-j uses the secret variance value {4s }0And secret scatter value s1Secret calculation to obtain a secret variance value {4s }0s1By using secret variance value {4s }0s1And secret scatter value s2Secret calculation to obtain a secret variance value {4s }0s1s2}, utilizingSecret scatter value {4s0s1s2And 1/2 to obtain and output the secret variance value y. In these secret calculations, the secret calculation devices 11-0 to 11- (N-1) need to communicate with each other. On the other hand, at secret variance value {4s }0No communication is required in the calculation of. That is, the exclusive OR operation unit 117-j of the exclusive OR operation unit 117-j can use the secret variance value { s } without performing communicationiTo calculate a secret variance value 4s0And (step S117-j).
XOR operation unit 118-j (second XOR operation unit) uses secret variance value s output from subtraction unit 116-jiThe secret variance value y is calculated by secret calculation using the secret variance value r read from the storage unit 113-j and the secret variance value yr}={4rs0s1s2And { r }/2 and output. For example, the XOR operation unit 118-j uses the secret variance {4r } and the secret variance { s }0Secret calculation to obtain a secret variance value {4rs }0By using secret variance value {4rs }0And secret scatter value s1Secret calculation to obtain a secret variance value {4rs }0s1By using secret variance value {4rs }0s1And secret scatter value s2Secret calculation to obtain a secret variance value {4rs }0s1s2Using secret scatter value {4rs }0s1s2And 1/2 to obtain a secret variance value yrAnd output is performed. In these secret calculations, the secret calculation devices 11-0 to 11- (N-1) need to communicate with each other. On the other hand, no communication is required in the calculation of the secret variance value {4r }. That is, the exclusive-or operation unit 117-j of each exclusive-or operation unit 117-j can calculate the secret variance value {4r } using the secret variance value { r } without performing communication (step S118-j).
Secret variance values y and yrThe symbols are stored in the storage unit 113-j in association with each other (step S113-j). The output unit 112-j outputs the secret variance value y. The secret variance value y is used for any other secret calculation.
When the secret variance { y } is correctly calculated and verified, the slave storage unit 113-j reads the secret scatter values y, yrAnd { r }, and verifying the consistency of the images. For example, the secret computing apparatus 11-j uses the secret variance values y and yrCalculating secret variance value (ry-y) by secret calculation of (r)rAnd output (refer to reference 1). The secret calculation means 11-j sends the secret variance value ry-y to the verification means 12r}. The
[ second embodiment ]
The second embodiment will be explained. In this embodiment, the following processing is explained: secret distribution method by adding (2,3) threshold secret distribution method, secret distribution is performed at mod2 on random number w, and secret distribution value { w }is obtainedB jA finite field F converted to the random number wpThe secret dispersion value y e FpAnd secret scatter value yr}∈{FpPair of (secret random number pair).
< Structure >
As shown in fig. 1, the
< secret calculation processing >
The secret calculation process performed by the secret calculation device 21-j (here, j is 0,1,2) will be described with reference to fig. 3. The following description focuses on differences from the first embodiment, and simplifies the description of common matters.
Finite field FpIs equal to FpIs given by the secret scatter value r e FpIs input to the input section 111-j of each secret calculation device 21-j. The secret variance value { r } in the present embodiment is a secret variance value of a secret variance method based on addition of, for example, (2,3) threshold secret variance methods. The secret variance value { r } is stored in the storage unit 113-j of each secret calculation device 21-j (step S111-j).
The random number acquisition unit 215-j of each secret calculation device 21-j acquires that w ═ w is satisfied for the random number w ∈ {0,1}0+w1+w2Secret scatter value of mod2 wB j=(wj,w(j+1)mod 3) And output is performed. That is, the random number acquisition unit 215-0 acquires { w }B 0=(w0,w1) The random number acquisition unit 215-1 acquires { w }B 1=(w1,w2) The random number acquisition unit 215-2 acquires { w }B 2=(w2,w0) And output is performed. Here, this processing is performed in a state where the random number w is concealed from each secret computing device 21-j. For example, each random number acquiring unit 215-j generates a random number wjE {0,1}, and transmits the random number w from the output section 112-j to the secret calculation means 21- ((j-1) mod 3)j. Random number w transmitted from secret calculation apparatus 21- ((j +1) mod 3)(j+1)mod 3Is inputted to the input section 111-j of the secret calculation apparatus 21-j and is sent to the random number acquisition section 215-j. Through the above processing, the random number acquisition unit 215-j acquires { w }B j=(wj,w(j+1)mod 3) (step S215-j).
The setting unit 219-j sets the secret variance value { w }B j=(wj,w(j+1)mod 3) Sub fraction w ofj,w(j+1)mod 3E {0,1} as input, obtaining { xj}j=(wj,0),{x(j+1)mod 3}j=(0,w(j+1)mod 3),{x(j+2)mod 3}jAnd outputs (0,0) (step S219-j).
{xj}j=(wj,0),{x(j+1)mod 3}j=(0,w(j+1)mod 3),{x(j+2)mod 3}j(0,0) as { xiThe symbol (i ═ 0,1,2) is input to the subtraction section 216-j. I.e., { x0}={x0}0=(w0,0),{x1}={x1}0=(0,w1),{x2}={x2}0The value (0,0) is input to the subtraction section 216-0. { x0}={x0}1=(0,0),{x1}={x1}1=(w1,0),{x2}={x2}1=(0,w2) Is input to the subtraction section 216-1. { x0}={x0}2=(0,w0),{x1}={x1}2=(0,0),{x2}={x2}2=(w20) is input to the subtracting section 216-2. The subtraction part 216-j uses the inputted { xiCalculating a secret variance value si}={xi}-1/2∈{FpAnd output is performed. For example, in { xiIs such that xiSecret is dispersed in satisfying xi=xi,0+xi,1+xi,2Three secret scatter values (x)i,0,xi,1),(xi,1,xi,2),(xi,2,xi,0) If the value is obtained, the value is related to the secret variance value (x)i,0,xi,1),(xi,1,xi,2),(xi,2,xi,0) Each corresponding secret variance value siE.g. to (x)i,0-1/2,xi,1),(xi,1,xi,2),(xi,2,xi,0-1/2). In addition, secret scatter values{siFor example, it may be (x)i,0-1/6,xi,1-1/6),(xi,1-1/6,xi,2-1/6),(xi,2-1/6,xi,0-1/6). The former enables high-speed processing. At this time, the subtracting section 216-j subtracts wjE {0,1} and w(j+1)mod 3E {0,1} is regarded as a finite field FpThereby computing a secret scatter value siAnd (step S219-j).
XOR operation section 117-j (first XOR operation section) uses secret variance value { s ] output from subtraction section 216-ji}∈{FpCalculating a secret variance value { y } - {4s } by secret calculation0s1s2}+1/2∈{FpAnd output (step S117-j).
XOR operation unit 118-j (second XOR operation unit) uses secret variance value s output from subtraction unit 116-jiThe secret variance value y is calculated by secret calculation using the secret variance value r read from the storage unit 113-j and the secret variance value yr}={4rs0s1s2}+{r}/2∈{FpAnd output (step S118-j).
Secret variance values y and yrThe symbols are associated with each other and stored in the storage unit 113-j (step S113-j). The output unit 112-j outputs the secret variance value y. Secret scatter value y e FpIs a secret scatter value of the random number y over the finite field Fp. { y } may also be converted into a secret sharing value (for example, Shamir secret sharing scheme) according to another secret sharing scheme and output.
When the secret variance { y } is correctly calculated and verified, the secret variance { y } and { y } are read from the storage unit 113-jrAnd { r }, and verifying the consistency of the images.
[ modifications and the like ]
The present invention is not limited to the above-described embodiments. For example, in the above-described embodiment, the random number r ∈ FpIs input to each secret calculation apparatus 11-i. However, each secret calculation device 11-i may generate a secret variance value { r }, respectively. Here, the random number r must be concealed for each secret computing device 11-i. Such methods are well known and may be usedTo utilize any method. For example, the secret computing devices 11-0, …, 11- (N-1) can cooperate to generate the secret variance value { r }. As an example, each secret calculation device 11-i' calculates a random number ri’Secret variance value of { ri’}i∈[Fp]And transmitted to the secret calculation devices 11-i (here, i is 0, …, N-1, i 'is 0, …, N-1, and i' ≠ i), each secret calculation device 11-i using the secret variance value { r ≠ i0}i,…,{rN-1}iTo obtain { r } ═ r { r } by secret calculation of (c) }0+…+rN-1}i。
The various processes described above are not only performed chronologically according to the description, but also may be performed in parallel or individually according to the processing capability or need of the apparatus that performs the processes. In addition, appropriate modifications can be made without departing from the gist of the present invention.
Each of the above-described apparatus devices is configured by executing a prescribed program by, for example, a general-purpose or special-purpose computer including a processor (hardware processor) such as a CPU (central processing unit) and a memory such as a RAM (random-access memory)/ROM (read-only memory). The computer may have one processor and memory, or may have a plurality of processors and memories. The program may be installed in a computer or may be recorded in advance in a ROM or the like. Instead of an electronic circuit (circuit) that realizes a functional configuration by reading a program such as a CPU, a part or all of the processing unit may be configured by using an electronic circuit that realizes a processing function without using a program. The electronic circuit constituting one device may include a plurality of CPUs.
When the above-described configuration is implemented by a computer, the functional contents that each device should have are described by a program. The processing functions described above are realized on a computer by executing the program on the computer. The program describing the contents of the processing can be recorded in advance in a computer-readable recording medium. An example of the computer-readable recording medium is a non-transitory (non-transitory) recording medium. Examples of such recording media are magnetic recording devices, optical discs, magneto-optical recording media, semiconductor memories, and the like.
For example, the distribution of the program is performed by selling, transferring, or lending a portable recording medium such as a DVD or a CD-ROM on which the program is recorded. Further, the program may be stored in a storage device of the server computer in advance, and may be transferred from the server computer to another computer via a network to circulate the program.
The computer that executes such a program first temporarily stores the program recorded on the portable recording medium or the program transferred from the server computer in its own storage device, for example. When executing the processing, the computer reads the program stored in its own storage device and executes the processing according to the read program. As another execution mode of the program, the computer may read the program directly from the portable recording medium and execute the processing according to the program, and may sequentially execute the processing according to the received program each time the program is transferred from the server computer to the computer. The above-described processing may also be performed by a so-called ASP (Application Service Provider) type Service that does not forward a program from a server computer to the computer but implements a processing function only by executing an instruction and result acquisition.
The processing functions of the present apparatus may be realized not by executing a predetermined program on a computer, but at least a part of the processing functions may be realized by hardware.
Description of the symbols
1. 2 secret computing system
11-j, 21-j secret computing device
- 上一篇:一种医用注射器针头装配设备
- 下一篇:显示装置及其制备方法