阅读说明：本技术 隐匿分析装置、隐匿分析系统、隐匿分析方法和隐匿分析程序 (Concealment analysis device, concealment analysis system, concealment analysis method, and concealment analysis program ) 是由 川合丰 平野贵人 小关义博 于 2018-01-17 设计创作，主要内容包括：加密装置(50)生成使用加密令牌(etk)对信息(x)进行加密而成的密文(ct)。解密密钥生成装置(60)使用与加密令牌(etk)对应的解密令牌(dtk),根据设定有向量(y)的用户秘密密钥(sk)生成解密密钥(dk)。隐匿分析装置(70)利用由解密密钥生成装置(60)生成的解密密钥(dk)对由加密装置(50)生成的密文(ct)进行解密,生成关于向量(x)和向量(y)的运算结果。(An encryption device (50) generates a ciphertext (ct) that is obtained by encrypting information (x) using an encryption token (etk). A decryption key generation device (60) generates a decryption key (dk) from a user secret key (sk) to which a vector (y) is set, using a decryption token (dtk) corresponding to the encryption token (etk). A secret analysis device (70) decrypts a ciphertext (ct) generated by an encryption device (50) by using a decryption key (dk) generated by a decryption key generation device (60), and generates an operation result about a vector (x) and a vector (y).)

1. A concealment analysis device includes:

a ciphertext acquisition unit that acquires a ciphertext ct obtained by encrypting the information x using the encryption token etk; and

and a decryption unit that decrypts the ciphertext ct acquired by the ciphertext acquisition unit using a decryption key dk generated from a user secret key sk in which information y is set using a decryption token dtk corresponding to the encryption token etk, and generates a calculation result regarding the information x and the information y.

2. The concealment analysis device according to claim 1, wherein,

the decryption unit decrypts the ciphertext ct with the decryption key using a decryption algorithm in a functional encryption that can calculate an inner product of information set in a ciphertext and information set in a user secret key.

3. The concealment analysis device according to claim 2, wherein,

the ciphertext ct is obtained by inputting the sum of the information x and the encrypted token etk and encrypting the sum by using an encryption algorithm in the functional encryption.

4. The concealment analysis device according to claim 2 or 3, wherein,

the user secret key sk is generated using a key generation algorithm of the functional encryption,

the decryption key dk is the set of the user secret key sk and the decryption token dtk.

5. The concealment analysis device according to any one of claims 1 to 4, wherein,

the ciphertext acquisition unit may acquire the use encrypted token etk for each integer i of 1, …, n_iFor information x_iEncrypted ciphertext ct_i，

The decryption part isUsing said encrypted token etk associated with said respective integer i_iThe corresponding decryption token dtk has information y according to the setting_iWith respect to each integer i_iThe generated decryption key dk is used for the ciphertext ct of each integer i_iDecrypting to generate the information x about each integer i_iAnd said information y_iThe result of the operation is.

6. The concealment analysis device according to claim 5, wherein,

said decryption token dtk being said encryption token etk for said integers i_iThe set of (a) and (b),

the decryption key dk is the user secret key sk for the respective integer i_iAnd the encrypted token etk for each integer i_iWith said information y_iOf the sum z of the inner products of (c),

the decryption unit uses a decryption algorithm in a functional encryption capable of calculating an inner product of information set in a ciphertext and information set in a user secret key, and uses the user secret key sk for each integer i_iFor ciphertext ct_iGenerates decrypted data D by decrypting_iFrom said decrypted data D for said respective integer i_iThe sum z is subtracted to generate the result of the operation.

7. A concealment analysis system, the concealment analysis system comprising:

an encryption device that generates a ciphertext ct obtained by encrypting the information x using the encryption token etk;

a decryption key generation device that generates a decryption key dk from the user secret key sk set with the information y, using a decryption token dtk corresponding to the encryption token etk; and

and a secret analysis device configured to decrypt the ciphertext ct generated by the encryption device with the decryption key dk generated by the decryption key generation device, and generate a calculation result regarding the information x and the information y.

8. A concealment analysis method, wherein,

the ciphertext acquisition unit acquires a ciphertext ct obtained by encrypting the information x using the encryption token etk,

the decryption unit decrypts the ciphertext ct using a decryption key dk generated from a user secret key sk in which information y is set, using a decryption token dtk corresponding to the encryption token etk, and generates a calculation result for the information x and the information y.

9. A concealment analysis program that causes a computer to execute:

a ciphertext acquisition process in which a ciphertext acquisition unit acquires a ciphertext ct obtained by encrypting information x using an encryption token etk; and

and a decryption process in which a decryption unit decrypts the ciphertext ct obtained by the ciphertext acquisition process using a decryption key dk generated from a user secret key sk in which information y is set using a decryption token dtk corresponding to the encryption token etk, and generates a calculation result for the information x and the information y.

Technical Field

The present invention relates to a technique for executing an operation in an encrypted state.

Background

As a principle, when data is encrypted, the internal data cannot be browsed and edited without decryption. Therefore, when editing data of a plurality of ciphertexts, it is necessary to once decrypt the ciphertexts into the plain texts and then perform the encryption again by performing the aggregation.

There is a functional encryption (hereinafter, referred to as inner product encryption) capable of calculating an inner product (see patent document 1 and non-patent document 1). In the inner product encryption, a vector x is set when encryption is performed, a vector y is set in a user secret key, and an inner product < x, y > of the vector x and the vector y is output when a ciphertext is decrypted. That is, the inner product encryption is encryption capable of calculating an inner product in an encrypted state. In the following description, the inner product of the vector x and the vector y is written as < x, y >.

The inner product encryption is divided into inner product encryption that can be input singly and inner product encryption that can be input in a plurality of inputs. Regarding the inner product encryption that can be input singly, the number of inner products that can be calculated at the time of decryption is only 1. In contrast, in the inner product encryption capable of multiple inputs, N vectors y can be set in the secret key₁，…，y_NCan be calculated by using N ciphertexts as input in decryption<x₁，y₁>+<x₂，y₂>+…+<x_N，y_N>。

disclosure of Invention

Problems to be solved by the invention

The method described in non-patent document 1 can calculate the sum of N inner products. However, in the method described in non-patent document 1, a vector associated with a ciphertext can be analogized as long as the user can perform encryption while holding at least one user secret key.

With regard to inner product encryption that can be performed with a plurality of inputs, it is expected that analysis such as inner product is performed without decrypting a plurality of ciphertexts uploaded to the cloud. However, as in the method described in non-patent document 1, when information set in each ciphertext that should not be originally leaked, for example, an inner product, the value of the vector is leaked.

The purpose of the present invention is to prevent leakage of information set in a ciphertext by performing an inner product operation in an encrypted state.

Means for solving the problems

The concealment analysis device of the present invention includes:

a ciphertext acquisition unit that acquires a ciphertext ct obtained by encrypting the information x using the encryption token etk; and

and a decryption unit that decrypts the ciphertext ct acquired by the ciphertext acquisition unit using a decryption key dk generated from a user secret key sk in which information y is set using a decryption token dtk corresponding to the encryption token etk, and generates a calculation result regarding the information x and the information y.

Effects of the invention

In the present invention, the operation result on the information x and the information y is generated not by the user secret key sk but by the decryption key dk generated from the user secret key sk using the decryption token dtk. Since the calculation cannot be performed even with the user secret key sk, information can be prevented from being leaked to the user having the user secret key sk.

Drawings

Fig. 1 is a configuration diagram of a concealment analysis system 10 according to embodiment 1.

Fig. 2 is a configuration diagram of the master key generation apparatus 20 according to embodiment 1.

Fig. 3 is a configuration diagram of the user secret key generation device 30 according to embodiment 1.

Fig. 4 is a configuration diagram of the token generation apparatus 40 according to embodiment 1.

Fig. 5 is a configuration diagram of the encryption device 50 according to embodiment 1.

Fig. 6 is a configuration diagram of a decryption key generation apparatus 60 according to embodiment 1.

Fig. 7 is a configuration diagram of the concealment analyzer 70 according to embodiment 1.

Fig. 8 is a flowchart showing the operation of the master key generation device 20 according to embodiment 1.

Fig. 9 is a flowchart showing the operation of the user secret key generation device 30 according to embodiment 1.

Fig. 10 is a flowchart showing the operation of the token generation apparatus 40 according to embodiment 1.

Fig. 11 is a flowchart showing the operation of the encryption device 50 according to embodiment 1.

Fig. 12 is a flowchart showing the operation of the decryption key generation apparatus 60 according to embodiment 1.

Fig. 13 is a flowchart showing the operation of the concealment analyzer 70 according to embodiment 1.

Fig. 14 is a configuration diagram showing a master key generation apparatus 20 according to modification 2.

Fig. 15 is a configuration diagram of a user secret key generation apparatus 30 according to modification 2.

Fig. 16 is a configuration diagram of a token generation apparatus 40 according to modification 2.

Fig. 17 is a configuration diagram of an encryption device 50 according to modification 2.

Fig. 18 is a configuration diagram of a decryption key generation apparatus 60 according to modification 2.

Fig. 19 is a configuration diagram of the concealment analyzer 70 according to modification 2.

Detailed Description