阅读说明：本技术 登记装置、检索操作装置、数据管理装置、登记程序、检索操作程序和数据管理程序 (Registration device, search operation device, data management device, registration program, search operation program, and data management program ) 是由 平野贵人 川合丰 小关义博 于 2018-12-28 设计创作，主要内容包括：登记装置(500)生成数据随机数组R,该数据随机数组R是与利用者的属性所成的层级的层数L相同个数的随机数的组,并且是均匀随机的随机数的组。此外,登记装置受理明文M和属性信息B。登记装置将所述属性信息B的各层j的属性值与各层j的编号的连结值作为输入来执行函数F_2,将所述函数F_2的函数值作为输入来执行函数F_3,计算所述函数F_3的函数值与所述数据随机数组R的第j个随机数的异或即属性元素C_{j,0,0},将所述明文M和所述数据随机数组R的异或作为输入来执行函数F_4,生成包含所述属性元素C_{j,0,0}和所述函数F_4的函数值即密文C_{L+1}在内的加密数据C。然后,登记装置将所述加密数据C登记到数据管理装置(700)。(A registration device (500) generates a random number group R of data which is a group of random numbers of the same number as the number L of layers of a hierarchy formed by attributes of users and which is a uniformly random number group. The registration device receives the plaintext M and the attribute information B. The registration device executes a function F _2 by using as input a linked value of an attribute value of each layer j of the attribute information B and a number of each layer j, executes a function F _3 by using as input a function value of the function F _2, calculates an attribute element C { j, 0, 0} which is an exclusive or of the function value of the function F _3 and a jth random number of the data random array R, executes a function F _4 by using as input an exclusive or of the plaintext M and the data random array R, and generates encrypted data C including the attribute element C _ { j, 0, 0} and a ciphertext C _ { L +1} which is a function value of the function F _ 4. Then, the registration means registers the encrypted data C to the data management means (700).)

1. A registration apparatus, comprising:

a random number generation unit that generates a random number group R of random numbers of the same number as the number L of layers of the hierarchy formed by the attributes of the user, the random number group R being a uniform random number group;

a reception unit that receives a plaintext M and attribute information B indicating an attribute value of each layer of a user permitted to refer to the plaintext M;

an encrypted data generation unit that receives as input a function F _2 that is a function of a value of the attribute information B that is a value obtained by connecting an attribute value of each layer j and a number of each layer j, receives as input a function F _3 that is a function of the function F _2, calculates an attribute element C _ { j, 0, 0} that is an exclusive or of the function F _3 and a jth random number of the data random array R, receives as input an exclusive or of the plaintext M and the data random array R, and generates encrypted data C that includes the attribute element C _ { j, 0, 0} and a ciphertext C _ { L +1} that is a function of the function F _ 4; and

a registration unit that registers the encrypted data C to a data management apparatus.

2. The registration apparatus according to claim 1,

the function F _2 and the function F _3 are functions of a pseudo-random function, a hash function, or a public key encryption scheme, respectively, and the function F _4 is a function of a public key encryption scheme.

3. The registration apparatus according to claim 1 or 2, wherein,

the registration apparatus further has an encryption tag generation section,

the random number generation unit generates a tag random number group R' which is a group of random numbers of the same number as the number of layers L and is a group of uniformly random numbers,

the encryption tag generation unit receives as input the attribute value of each layer j of the attribute information B and the value of the connection between the serial numbers of each layer j, executes the function F _2, receives as input the function F _5 and the registration key, receives as input the function F _5 and the function F _6, calculates an attribute element CT _ { j, 0, 0} which is an exclusive or of the function F _6 and the jth random number of the tag random array R ', receives as input the exclusive or of the tag random array R' and executes the function F _7, thereby generating the encryption tag CT including the attribute element CT _ { j, 0, 0} and a decision element CT _ { L +1} which is a function value of the function F _7,

the registration unit registers the set of the encrypted data C and the encrypted tag CT to the data management apparatus.

4. The registration apparatus according to claim 3,

the function F _5 and the function F _6 are a pseudo-random function, a hash function, or a function of a public key encryption scheme, respectively, and the function F _7 is a hash function.

5. A search operation device includes:

a search query generation unit that calculates an attribute key element Q _ j that is a value obtained by executing a function F _5 with a search key w as an input, and generates a search query Q including the attribute key element Q _ j;

a requesting unit that transmits the search query Q to a data management apparatus and receives encrypted data C from the data management apparatus; and

a decryption unit that decrypts the plaintext M by executing the decryption function of the function F _4 with the ciphertext C _ { L +1} included in the encrypted data C as input,

it is characterized in that the preparation method is characterized in that,

the data management device includes:

a storage unit that registers the set of encrypted data C and encrypted tag CT by a registration device;

a reception unit that receives the search query Q from the search operation device;

a check unit that executes a function F _6 with the attribute key element Q _ j included in the search query Q as an input, executes a function F _7 with an operation value V _1 based on a function value of the function F _6 as an input, and compares a check value V _2 that is an obtained value with a determination element CT _ { L +1} included in the encrypted tag CT; and

an output unit that transmits the encrypted data C to the search operation device when the verification value V _2 matches the determination element CT _ { L +1},

the registration device has:

a random number generation unit that generates a data random number group R and a tag random number group R', which are groups of random numbers of the same number as the number L of layers of the hierarchy formed by the attributes of the user and are uniformly random numbers;

a reception unit that receives the plaintext M and attribute information B indicating an attribute value of each layer of a user permitted to refer to the plaintext M;

an encrypted data generation unit that receives as input a function F _2 that is a function of a value of the attribute information B that is a value obtained by connecting an attribute value of each layer j and a number of each layer j, receives as input a function F _3 that is a function of the function F _2, calculates an attribute element C _ { j, 0, 0} that is an exclusive or of the function F _3 and a jth random number of the data random array R, receives as input an exclusive or of the plaintext M and the data random array R, and generates the encrypted data C that includes the attribute element C _ { j, 0, 0} and the ciphertext C _ { L +1} that is a function of the function F _ 4;

an encrypted tag generation unit that executes the function F _2 with a value obtained by connecting an attribute value of each layer j of the attribute information B and a number of each layer j as input, executes the function F _5 with a function value of the function F _2 and a registration key as input, executes the function F _6 with a function value of the function F _5 as input, calculates an attribute element CT _ { j, 0, 0} which is an exclusive or of the function value of the function F _6 and a jth random number of the tag random array R ', executes the function F _7 with an exclusive or of the tag random array R' as input, and generates the encrypted tag CT including the attribute element CT _ { j, 0, 0} and the determination element CT _ { L +1} which is a function value of the function F _ 7; and

a registration unit that registers the set of the encrypted data C and the encrypted tag CT to the data management apparatus.

6. A data management apparatus includes:

a storage unit for registering a set of encrypted data C and an encrypted tag CT by a registration device;

a reception unit that receives a search query Q from a search operation device;

a check unit that executes a function F _6 with the attribute key element Q _ j included in the search query Q as an input, executes a function F _7 with an operation value V _1 based on a function value of the function F _6 as an input, and compares a check value V _2 that is an obtained value with the determination element CT _ { L +1} included in the encrypted tag CT; and

an output unit that transmits the encrypted data C to the search operation device when the verification value V _2 matches the determination element CT _ { L +1},

the search operation device is characterized by comprising:

a search query generation unit that calculates the attribute key element Q _ j, which is a value obtained by executing a function F _5 with a search key w as an input, and generates the search query Q including the attribute key element Q _ j;

a requesting unit that transmits the search query Q to the data management apparatus and receives the encrypted data C from the data management apparatus; and

a decryption unit that decrypts the plaintext M by executing the decryption function of the function F _4 with the ciphertext C _ { L +1} included in the encrypted data C as input,

the registration device has:

a random number generation unit that generates a data random number group R and a tag random number group R', which are groups of random numbers of the same number as the number L of layers of the hierarchy formed by the attributes of the user and are uniformly random numbers;

a reception unit that receives the plaintext M and attribute information B indicating an attribute value of each layer of a user permitted to refer to the plaintext M;

an encrypted data generation unit that receives as input a function F _2 that is a function of a value of the attribute information B that is a value obtained by connecting an attribute value of each layer j and a number of each layer j, receives as input a function F _3 that is a function of the function F _2, calculates an attribute element C _ { j, 0, 0} that is an exclusive or of the function F _3 and a jth random number of the data random array R, receives as input an exclusive or of the plaintext M and the data random array R, and generates the encrypted data C that includes the attribute element C _ { j, 0, 0} and the ciphertext C _ { L +1} that is a function of the function F _ 4;

an encrypted tag generation unit that executes the function F _2 with a value obtained by connecting an attribute value of each layer j of the attribute information B and a number of each layer j as input, executes the function F _5 with a function value of the function F _2 and a registration key as input, executes the function F _6 with a function value of the function F _5 as input, calculates an attribute element CT _ { j, 0, 0} which is an exclusive or of the function value of the function F _6 and a jth random number of the tag random array R ', executes the function F _7 with an exclusive or of the tag random array R' as input, and generates the encrypted tag CT including the attribute element CT _ { j, 0, 0} and the determination element CT _ { L +1} which is a function value of the function F _ 7; and

a registration unit that registers the set of the encrypted data C and the encrypted tag CT to the data management apparatus.

7. A registration program for causing a computer to execute:

a random number generation process of generating a data random number group R which is a group of random numbers of the same number as the number L of layers of the hierarchy formed by the attributes of the user and which is a group of uniform random numbers;

a reception process of receiving a plaintext M and attribute information B indicating an attribute value of each layer of a user permitted to refer to the plaintext M;

an encrypted data generation process of executing a function F _2 by using as input a linked value of an attribute value of each layer j of the attribute information B and a number of each layer j, executing a function F _3 by using as input a function value of the function F _2, calculating an attribute element C _ { j, 0, 0} which is an exclusive or of the function value of the function F _3 and a jth random number of the data random array R, executing a function F _4 by using as input an exclusive or of the plaintext M and the data random array R, and generating encrypted data C including the attribute element C _ { j, 0, 0} and a ciphertext C _ { L +1} which is a function value of the function F _ 4; and

and a registration process of registering the encrypted data C to a data management apparatus.

8. A retrieval operation program for causing a computer to execute:

a search query generation process of calculating an attribute key element Q _ j which is a value obtained by executing a function F _5 with a search key w as an input, and generating a search query Q including the attribute key element Q _ j;

request processing of transmitting the search query Q to a data management apparatus and receiving encrypted data C from the data management apparatus; and

a decryption process of executing a decryption function of the function F _4 with the ciphertext C _ { L +1} contained in the encrypted data C as an input, thereby decrypting the plaintext M,

the data management device is characterized by comprising:

a storage unit for registering the set of the encrypted data C and the encrypted tag CT by a registration device;

a receiving unit that receives the search query Q;

a check unit that executes a function F _6 with the attribute key element Q _ j included in the search query Q as an input, executes a function F _7 with an operation value V _1 based on a function value of the function F _6 as an input, and compares a check value V _2 that is an obtained value with a determination element CT _ { L +1} included in the encrypted tag CT; and

an output unit that transmits the encrypted data C when the verification value V _2 matches the determination element CT _ { L +1},

the registration device has:

a random number generation unit that generates a data random number group R and a tag random number group R', which are groups of random numbers of the same number as the number L of layers of the hierarchy formed by the attributes of the user and are uniformly random numbers;

a reception unit that receives the plaintext M and attribute information B indicating an attribute value of each layer of a user permitted to refer to the plaintext M;

an encrypted data generation unit that receives as input a function F _2 that is a function of a value of the attribute information B that is a value obtained by connecting an attribute value of each layer j and a number of each layer j, receives as input a function F _3 that is a function of the function F _2, calculates an attribute element C _ { j, 0, 0} that is an exclusive or of the function F _3 and a jth random number of the data random array R, receives as input an exclusive or of the plaintext M and the data random array R, and generates the encrypted data C that includes the attribute element C _ { j, 0, 0} and the ciphertext C _ { L +1} that is a function of the function F _ 4;

an encrypted tag generation unit that executes the function F _2 with a value obtained by connecting an attribute value of each layer j of the attribute information B and a number of each layer j as input, executes the function F _5 with a function value of the function F _2 and a registration key as input, executes the function F _6 with a function value of the function F _5 as input, calculates an attribute element CT _ { j, 0, 0} which is an exclusive or of the function value of the function F _6 and a jth random number of the tag random array R ', executes the function F _7 with an exclusive or of the tag random array R' as input, and generates the encrypted tag CT including the attribute element CT _ { j, 0, 0} and the determination element CT _ { L +1} which is a function value of the function F _ 7; and

a registration unit that registers the set of the encrypted data C and the encrypted tag CT to the data management apparatus.

9. A data management program for causing a computer to execute:

a reception process of receiving a search query Q from the search operation device after the set of the encrypted data C and the encrypted tag CT is registered by the registration device;

a collation process of executing a function F _6 with the attribute keyword element Q _ j included in the search query Q as an input, executing a function F _7 with an operation value V _1 based on a function value of the function F _6 as an input, and comparing a collation value V _2, which is an obtained value, with the determination element CT _ { L +1} included in the encrypted tag CT; and

an output process of transmitting the encrypted data C to the search operation device when the verification value V _2 matches the determination element CT _ { L +1},

the search operation device is characterized by comprising:

a search query generation unit that calculates the attribute key element Q _ j, which is a value obtained by executing a function F _5 with a search key w as an input, and generates the search query Q including the attribute key element Q _ j;

a requesting unit that transmits the search query Q and receives the encrypted data C; and

a decryption unit that decrypts the plaintext M by executing the decryption function of the function F _4 with the ciphertext C _ { L +1} included in the encrypted data C as input,

the registration device has:

a random number generation unit that generates a data random number group R and a tag random number group R', which are groups of random numbers of the same number as the number L of layers of the hierarchy formed by the attributes of the user and are uniformly random numbers;

a reception unit that receives the plaintext M and attribute information B indicating an attribute value of each layer of a user permitted to refer to the plaintext M;

an encrypted data generation unit that receives as input a function F _2 that is a function of a value of the attribute information B that is a value obtained by connecting an attribute value of each layer j and a number of each layer j, receives as input a function F _3 that is a function of the function F _2, calculates an attribute element C _ { j, 0, 0} that is an exclusive or of the function F _3 and a jth random number of the data random array R, receives as input an exclusive or of the plaintext M and the data random array R, and generates the encrypted data C that includes the attribute element C _ { j, 0, 0} and the ciphertext C _ { L +1} that is a function of the function F _ 4;

an encrypted tag generation unit that executes the function F _2 with a value obtained by connecting an attribute value of each layer j of the attribute information B and a number of each layer j as input, executes the function F _5 with a function value of the function F _2 and a registration key as input, executes the function F _6 with a function value of the function F _5 as input, calculates an attribute element CT _ { j, 0, 0} which is an exclusive or of the function value of the function F _6 and a jth random number of the tag random array R ', executes the function F _7 with an exclusive or of the tag random array R' as input, and generates the encrypted tag CT including the attribute element CT _ { j, 0, 0} and the determination element CT _ { L +1} which is a function value of the function F _ 7; and

a registration unit that registers a set of the encrypted data C and the encrypted tag CT.

10. The registration apparatus according to claim 1 or 2, wherein,

the registration apparatus further has a partial agreement key generation section and an encryption tag generation section,

the random number generation unit generates a tag random number group R' which is a group of random numbers of the same number as the number of layers L and is a group of uniformly random numbers,

the partial matching key generation unit generates a partial matching key that is a part of the registration key,

the encryption tag generation unit receives as input the attribute value of each layer j of the attribute information B and the value of the connection between the number of each layer j, executes the function F _2, receives as input the function F _2 and the partial matching key, executes the function F _5, receives as input the function F _6, receives as input the function F _5 and the start position number indicating the start position of the partial matching key in the registration key, calculates an attribute element CT _ { j, 0, PM } which is an exclusive or of the function F _6 and the jth random number of the tag random array R ', receives as input the exclusive or of the tag random array R', executes the function F _7, generates a decision element CT _ { L +1 which is a function F including the attribute element CT _ { j, 0, PM } and the function F _7, PM) and the encryption tag CT within,

the registration unit registers the set of the encrypted data C and the encrypted tag CT to the data management apparatus.

11. A search operation device includes:

a search query generation unit that calculates an attribute key element Q _ j that is a value obtained by executing a function F _5 with a search key w as an input, and generates a search query Q including the attribute key element Q _ j;

a requesting unit that transmits the search query Q to a data management apparatus and receives encrypted data C from the data management apparatus; and

a decryption unit that decrypts the plaintext M by executing the decryption function of the function F _4 with the ciphertext C _ { L +1} included in the encrypted data C as input,

it is characterized in that the preparation method is characterized in that,

the data management device includes:

a storage unit that registers the set of encrypted data C and encrypted tag CT by a registration device;

a reception unit that receives the search query Q from the search operation device;

a check unit that executes a function F _6 with the attribute key element Q _ j included in the search query Q as an input, executes a function F _7 with an operation value V _1 based on a function value of the function F _6 as an input, and compares a check value V _2 that is an obtained value with a determination element CT _ { L +1, PM } included in the encrypted tag CT; and

an output unit that transmits the encrypted data C to the search operation device when the verification value V _2 matches the determination element CT _ { L +1, PM },

the registration device has:

a random number generation unit that generates a data random number group R and a tag random number group R', which are groups of random numbers of the same number as the number L of layers of the hierarchy formed by the attributes of the user and are uniformly random numbers;

a reception unit that receives the plaintext M and attribute information B indicating an attribute value of each layer of a user permitted to refer to the plaintext M;

an encrypted data generation unit that receives as input a function F _2 that is a function of a value of the attribute information B that is a value obtained by connecting an attribute value of each layer j and a number of each layer j, receives as input a function F _3 that is a function of the function F _2, calculates an attribute element C _ { j, 0, 0} that is an exclusive or of the function F _3 and a jth random number of the data random array R, receives as input an exclusive or of the plaintext M and the data random array R, and generates the encrypted data C that includes the attribute element C _ { j, 0, 0} and the ciphertext C _ { L +1} that is a function of the function F _ 4;

a partial matching keyword generation unit that generates a partial matching keyword that is a part of the registration keyword;

an encrypted tag generation unit that executes the function F _2 by using as input a value obtained by concatenating an attribute value of each layer j of the attribute information B and a number of each layer j, executes the function F _5 by using as input a function value of the function F _2 and the partial matching key, executes the function F _6 by using as input a function value of the function F _5 and a start position number indicating a start position of the partial matching key in the registered key, calculates an attribute element CT _ { j, 0, PM } which is an exclusive or of the function value of the function F _6 and a jth random number of the tag random array R ', executes the function F _7 by using as input an exclusive or of the tag random array R', and generates the determination element CT _ { L +1 which is a function value including the attribute element CT _ { j, 0, PM } and the function F _7, PM said encrypted ticket CT; and

a registration unit that registers the set of the encrypted data C and the encrypted tag CT to the data management apparatus.

12. A data management apparatus includes:

a storage unit that registers a set of encrypted data C and an encrypted tag CT by a registration device;

a reception unit that receives a search query Q from a search operation device;

a check unit that executes a function F _6 with the attribute keyword element Q _ j included in the search query Q as an input, executes a function F _7 with an operation value V _1 based on a function value of the function F _6 as an input, and compares a check value V _2 that is an obtained value with the determination element CT _ { L +1, PM } included in the encrypted tag CT; and

an output unit that transmits the encrypted data C to the search operation device when the verification value V _2 matches the determination element CT _ { L +1, PM },

it is characterized in that the preparation method is characterized in that,

the search operation device includes:

a search query generation unit that calculates the attribute key element Q _ j, which is a value obtained by executing a function F _5 with a search key w as an input, and generates the search query Q including the attribute key element Q _ j;

a requesting unit that transmits the search query Q to the data management apparatus and receives the encrypted data C from the data management apparatus; and

a decryption unit that decrypts the plaintext M by executing the decryption function of the function F _4 with the ciphertext C _ { L +1} included in the encrypted data C as input,

the registration device has:

a random number generation unit that generates a data random number group R and a tag random number group R', which are groups of random numbers of the same number as the number L of layers of the hierarchy formed by the attributes of the user and are uniformly random numbers;

a reception unit that receives the plaintext M and attribute information B indicating an attribute value of each layer of a user permitted to refer to the plaintext M;

an encrypted data generation unit that receives as input a function F _2 that is a function of a value of the attribute information B that is a value obtained by connecting an attribute value of each layer j and a number of each layer j, receives as input a function F _3 that is a function of the function F _2, calculates an attribute element C _ { j, 0, 0} that is an exclusive or of the function F _3 and a jth random number of the data random array R, receives as input an exclusive or of the plaintext M and the data random array R, and generates the encrypted data C that includes the attribute element C _ { j, 0, 0} and the ciphertext C _ { L +1} that is a function of the function F _ 4;

a partial matching keyword generation unit that generates a partial matching keyword that is a part of the registration keyword;

an encrypted tag generation unit that executes the function F _2 by using as input a value obtained by concatenating an attribute value of each layer j of the attribute information B and a number of each layer j, executes the function F _5 by using as input a function value of the function F _2 and the partial matching key, executes the function F _6 by using as input a function value of the function F _5 and a start position number indicating a start position of the partial matching key in the registered key, calculates an attribute element CT _ { j, 0, PM } which is an exclusive or of the function value of the function F _6 and a jth random number of the tag random array R ', executes the function F _7 by using as input an exclusive or of the tag random array R', and generates the determination element CT _ { L +1 which is a function value including the attribute element CT _ { j, 0, PM } and the function F _7, PM said encrypted ticket CT; and

a registration unit that registers the set of the encrypted data C and the encrypted tag CT to the data management apparatus.

13. A registration program for causing a computer to execute:

a random number generation process of generating a data random number group R and a tag random number group R', which are groups of random numbers of the same number as the number L of layers of the hierarchy formed by the attributes of the user and are groups of uniform random numbers;

a reception process of receiving a plaintext M and attribute information B indicating an attribute value of each layer of a user permitted to refer to the plaintext M;

an encrypted data generation process of executing a function F _2 by using as input a linked value of an attribute value of each layer j of the attribute information B and a number of each layer j, executing a function F _3 by using as input a function value of the function F _2, calculating an attribute element C _ { j, 0, 0} which is an exclusive or of the function value of the function F _3 and a jth random number of the data random array R, executing a function F _4 by using as input an exclusive or of the plaintext M and the data random array R, and generating encrypted data C including the attribute element C _ { j, 0, 0} and a ciphertext C _ { L +1} which is a function value of the function F _ 4;

partial consistent keywords are generated, and a part of the registered keywords, namely the partial consistent keywords, are generated;

an encryption tag generation process of executing the function F _2 by using as input a linked value of an attribute value of each layer j of the attribute information B and a number of each layer j, executing the function F _5 by using as input a function value of the function F _2 and the partial matching key, executing the function F _6 by using as input a function value of the function F _5 and a start position number indicating a start position of the partial matching key in the registration key, calculating an attribute element CT _ { j, 0, PM } which is an exclusive or of the function value of the function F _6 and a jth random number of the tag random array R ', executing the function F _7 by using as input an exclusive or of the tag random array R', and generating a function element CT _ { L +1 which is a function value including the attribute element CT _ { j, 0, PM } and the function F _7, PM, CT; and

and a registration process of registering the set of the encrypted data C and the encrypted tag CT in a data management apparatus.

14. A retrieval operation program for causing a computer to execute:

a search query generation process of calculating an attribute key element Q _ j which is a value obtained by executing a function F _5 with a search key w as an input, and generating a search query Q including the attribute key element Q _ j;

request processing of transmitting the search query Q to a data management apparatus and receiving encrypted data C from the data management apparatus; and

a decryption process of executing a decryption function of the function F _4 with the ciphertext C _ { L +1} contained in the encrypted data C as an input, thereby decrypting the plaintext M,

it is characterized in that the preparation method is characterized in that,

the data management device includes:

a storage unit that registers the set of encrypted data C and encrypted tag CT by a registration device;

a receiving unit that receives the search query Q;

a check unit that executes a function F _6 with the attribute key element Q _ j included in the search query Q as an input, executes a function F _7 with an operation value V _1 based on a function value of the function F _6 as an input, and compares a check value V _2 that is an obtained value with a determination element CT _ { L +1, PM } included in the encrypted tag CT; and

an output unit that transmits the encrypted data C when the verification value V _2 matches the determination element CT _ { L +1, PM },

the registration device has:

a random number generation unit that generates a data random number group R and a tag random number group R', which are groups of random numbers of the same number as the number L of layers of the hierarchy formed by the attributes of the user and are uniformly random numbers;

a reception unit that receives the plaintext M and attribute information B indicating an attribute value of each layer of a user permitted to refer to the plaintext M;

an encrypted data generation unit that receives as input a function F _2 that is a function of a value of the attribute information B that is a value obtained by connecting an attribute value of each layer j and a number of each layer j, receives as input a function F _3 that is a function of the function F _2, calculates an attribute element C _ { j, 0, 0} that is an exclusive or of the function F _3 and a jth random number of the data random array R, receives as input an exclusive or of the plaintext M and the data random array R, and generates the encrypted data C that includes the attribute element C _ { j, 0, 0} and the ciphertext C _ { L +1} that is a function of the function F _ 4;

a partial matching keyword generation unit that generates a partial matching keyword that is a part of the registration keyword;

an encrypted tag generation unit that executes the function F _2 by using as input a value obtained by concatenating an attribute value of each layer j of the attribute information B and a number of each layer j, executes the function F _5 by using as input a function value of the function F _2 and the partial matching key, executes the function F _6 by using as input a function value of the function F _5 and a start position number indicating a start position of the partial matching key in the registered key, calculates an attribute element CT _ { j, 0, PM } which is an exclusive or of the function value of the function F _6 and a jth random number of the tag random array R ', executes the function F _7 by using as input an exclusive or of the tag random array R', and generates the determination element CT _ { L +1 which is a function value including the attribute element CT _ { j, 0, PM } and the function F _7, PM said encrypted ticket CT; and

a registration unit that registers the set of the encrypted data C and the encrypted tag CT to the data management apparatus.

15. A data management program for causing a computer to execute:

a reception process of receiving a search query Q from the search operation device after the set of the encrypted data C and the encrypted tag CT is registered by the registration device;

a collation process of executing a function F _6 with the attribute keyword element Q _ j included in the search query Q as an input, executing a function F _7 with an operation value V _1 based on a function value of the function F _6 as an input, and comparing a collation value V _2 which is an obtained value with the determination element CT _ { L +1, PM } included in the encrypted tag CT; and

an output process of transmitting the encrypted data C to the search operation device when the verification value V _2 matches the determination element CT _ { L +1, PM },

it is characterized in that the preparation method is characterized in that,

the search operation device includes:

a search query generation unit that calculates the attribute key element Q _ j, which is a value obtained by executing a function F _5 with a search key w as an input, and generates the search query Q including the attribute key element Q _ j;

a requesting unit that transmits the search query Q and receives the encrypted data C; and

a decryption unit that decrypts the plaintext M by executing the decryption function of the function F _4 with the ciphertext C _ { L +1} included in the encrypted data C as input,

the registration device has:

a random number generation unit that generates a data random number group R and a tag random number group R', which are groups of random numbers of the same number as the number L of layers of the hierarchy formed by the attributes of the user and are uniformly random numbers;

a reception unit that receives the plaintext M and attribute information B indicating an attribute value of each layer of a user permitted to refer to the plaintext M;

an encrypted data generation unit that receives as input a function F _2 that is a function of a value of the attribute information B that is a value obtained by connecting an attribute value of each layer j and a number of each layer j, receives as input a function F _3 that is a function of the function F _2, calculates an attribute element C _ { j, 0, 0} that is an exclusive or of the function F _3 and a jth random number of the data random array R, receives as input an exclusive or of the plaintext M and the data random array R, and generates the encrypted data C that includes the attribute element C _ { j, 0, 0} and the ciphertext C _ { L +1} that is a function of the function F _ 4;

a partial matching keyword generation unit that generates a partial matching keyword that is a part of the registration keyword;

an encrypted tag generation unit that executes the function F _2 by using as input a value obtained by concatenating an attribute value of each layer j of the attribute information B and a number of each layer j, executes the function F _5 by using as input a function value of the function F _2 and the partial matching key, executes the function F _6 by using as input a function value of the function F _5 and a start position number indicating a start position of the partial matching key in the registered key, calculates an attribute element CT _ { j, 0, PM } which is an exclusive or of the function value of the function F _6 and a jth random number of the tag random array R ', executes the function F _7 by using as input an exclusive or of the tag random array R', and generates the determination element CT _ { L +1 which is a function value including the attribute element CT _ { j, 0, PM } and the function F _7, PM said encrypted ticket CT; and

a registration unit that registers a set of the encrypted data C and the encrypted tag CT.

16. The registration apparatus according to claim 1 or 2, wherein,

the registration apparatus further has a generalization value generation section and an encryption label generation section,

the random number generation unit generates a tag random number group R' which is a group of random numbers of the same number as the number of layers L and is a group of uniformly random numbers,

the generalization value generation unit generalizes the registered value to generate a generalization value,

the encryption tag generation unit executes the function F _2 by using as input a connection value between an attribute value of each layer j of the attribute information B and a number of each layer j, executes the function F _5 by using as input a function value of the function F _2 and the generalization numerical value, executes the function F _6 by using as input a function value of the function F _5, calculates an attribute element CT _ { j, 0, GNUM } which is an exclusive or of the function value of the function F _6 and a jth random number of the tag random array R ', executes the function F _7 by using as input an exclusive or of the tag random array R', and generates an encryption tag CT including the attribute element CT _ { j, 0, GNUM } and a determination element CT _ { L +1, GNUM } which is a function value of the function F _7,

the registration unit registers the set of the encrypted data C and the encrypted tag CT to the data management apparatus.

17. A search operation device includes:

a numerical value listing unit for generalizing the numerical value of the search range to generate a generalized numerical value;

a search query generation unit that calculates an attribute key element Q _ j that is a value obtained by executing a function F _5 with the generalized numerical value as an input, and generates a search query Q including the attribute key element Q _ j;

a requesting unit that transmits the search query Q to a data management apparatus and receives encrypted data C from the data management apparatus; and

a decryption unit that decrypts the plaintext M by executing the decryption function of the function F _4 with the ciphertext C _ { L +1} included in the encrypted data C as input,

it is characterized in that the preparation method is characterized in that,

the data management device includes:

a storage unit that registers the set of encrypted data C and encrypted tag CT by a registration device;

a reception unit that receives the search query Q from the search operation device;

a check unit that executes a function F _6 with the attribute key element Q _ j included in the search query Q as an input, executes a function F _7 with an operation value V _1 based on a function value of the function F _6 as an input, and compares a check value V _2 that is an obtained value with a determination element CT _ { L +1, GNUM } included in the encrypted tag CT; and

an output unit that transmits the encrypted data C to the search operation device when the verification value V _2 matches the determination element CT _ { L +1, GNUM },

the registration device has:

a random number generation unit that generates a data random number group R and a tag random number group R', which are groups of random numbers of the same number as the number L of layers of the hierarchy formed by the attributes of the user and are uniformly random numbers;

a reception unit that receives the plaintext M and attribute information B indicating an attribute value of each layer of a user permitted to refer to the plaintext M;

an encrypted data generation unit that receives as input a function F _2 that is a function of a value of the attribute information B that is a value obtained by connecting an attribute value of each layer j and a number of each layer j, receives as input a function F _3 that is a function of the function F _2, calculates an attribute element C _ { j, 0, 0} that is an exclusive or of the function F _3 and a jth random number of the data random array R, receives as input an exclusive or of the plaintext M and the data random array R, and generates the encrypted data C that includes the attribute element C _ { j, 0, 0} and the ciphertext C _ { L +1} that is a function of the function F _ 4;

a generalization value generation unit which generalizes the registered value to generate a generalization value;

an encrypted tag generation unit that executes the function F _2 by using as input a value obtained by connecting an attribute value of each layer j of the attribute information B and a number of each layer j, executes the function F _5 by using as input a function value of the function F _2 and the generalization numerical value, executes the function F _6 by using as input a function value of the function F _5, calculates an attribute element CT _ { j, 0, GNUM } which is an exclusive or of the function value of the function F _6 and a jth random number of the tag random array R ', executes the function F _7 by using as input an exclusive or of the tag random array R', and generates the encrypted tag CT including the attribute element CT _ { j, 0, GNUM } and the determination element CT _ { L +1, GNUM } which is a function value of the function F _ 7; and

a registration unit that registers the set of the encrypted data C and the encrypted tag CT to the data management apparatus.

18. A data management apparatus includes:

a storage unit that registers a set of encrypted data C and an encrypted tag CT by a registration device;

a reception unit that receives a search query Q from a search operation device;

a check unit that executes a function F _6 with the attribute key element Q _ j included in the search query Q as an input, executes a function F _7 with an operation value V _1 based on a function value of the function F _6 as an input, and compares a check value V _2 that is an obtained value with the determination element CT _ { L +1, GNUM } included in the encrypted tag CT; and

an output unit that transmits the encrypted data C to the search operation device when the verification value V _2 matches the determination element CT _ { L +1, GNUM },

it is characterized in that the preparation method is characterized in that,

the search operation device includes:

a numerical value listing unit for generalizing the numerical value of the search range to generate a generalized numerical value;

a search query generation unit that calculates the attribute key element Q _ j, which is a value obtained by executing a function F _5 with the generalized numerical value as an input, and generates the search query Q including the attribute key element Q _ j;

a requesting unit that transmits the search query Q to the data management apparatus and receives the encrypted data C from the data management apparatus; and

a decryption unit that decrypts the plaintext M by executing the decryption function of the function F _4 with the ciphertext C _ { L +1} included in the encrypted data C as input,

the registration device has:

a random number generation unit that generates a data random number group R and a tag random number group R', which are groups of random numbers of the same number as the number L of layers of the hierarchy formed by the attributes of the user and are uniformly random numbers;

a reception unit that receives the plaintext M and attribute information B indicating an attribute value of each layer of a user permitted to refer to the plaintext M;

an encrypted data generation unit that receives as input a function F _2 that is a function of a value of the attribute information B that is a value obtained by connecting an attribute value of each layer j and a number of each layer j, receives as input a function F _3 that is a function of the function F _2, calculates an attribute element C _ { j, 0, 0} that is an exclusive or of the function F _3 and a jth random number of the data random array R, receives as input an exclusive or of the plaintext M and the data random array R, and generates the encrypted data C that includes the attribute element C _ { j, 0, 0} and the ciphertext C _ { L +1} that is a function of the function F _ 4;

a generalization value generation unit which generalizes the registered value to generate a generalization value;

an encrypted tag generation unit that executes the function F _2 by using as input a value obtained by connecting an attribute value of each layer j of the attribute information B and a number of each layer j, executes the function F _5 by using as input a function value of the function F _2 and the generalization numerical value, executes the function F _6 by using as input a function value of the function F _5, calculates an attribute element CT _ { j, 0, GNUM } which is an exclusive or of the function value of the function F _6 and a jth random number of the tag random array R ', executes the function F _7 by using as input an exclusive or of the tag random array R', and generates the encrypted tag CT including the attribute element CT _ { j, 0, GNUM } and the determination element CT _ { L +1, GNUM } which is a function value of the function F _ 7; and

a registration unit that registers the set of the encrypted data C and the encrypted tag CT to the data management apparatus.

19. A registration program for causing a computer to execute:

a random number generation process of generating a data random number group R and a tag random number group R', which are groups of random numbers of the same number as the number L of layers of the hierarchy formed by the attributes of the user and are groups of uniform random numbers;

a reception process of receiving a plaintext M and attribute information B indicating an attribute value of each layer of a user permitted to refer to the plaintext M;

an encrypted data generation process of executing a function F _2 by using as input a linked value of an attribute value of each layer j of the attribute information B and a number of each layer j, executing a function F _3 by using as input a function value of the function F _2, calculating an attribute element C _ { j, 0, 0} which is an exclusive or of the function value of the function F _3 and a jth random number of the data random array R, executing a function F _4 by using as input an exclusive or of the plaintext M and the data random array R, and generating encrypted data C including the attribute element C _ { j, 0, 0} and a ciphertext C _ { L +1} which is a function value of the function F _ 4;

generalization numerical value generation processing, namely generalizing the registered numerical value to generate a generalization numerical value;

an encrypted tag generation process of executing the function F _2 with a value obtained by connecting an attribute value of each layer j of the attribute information B and a number of each layer j as input, executing the function F _5 with a function value of the function F _2 and the generalization numerical value as input, executing the function F _6 with a function value of the function F _5 as input, calculating an attribute element CT _ { j, 0, GNUM } which is an exclusive or of the function value of the function F _6 and a jth random number of the tag random array R ', and executing the function F _7 with an exclusive or of the tag random array R' as input, thereby generating an encrypted tag CT including the attribute element CT _ { j, 0, GNUM } and a determination element CT _ { L +1, GNUM } which is a function value of the function F _ 7; and

and a registration process of registering the set of the encrypted data C and the encrypted tag CT in a data management apparatus.

20. A retrieval operation program for causing a computer to execute:

a numerical value enumeration process for generalizing the numerical value of the search range to generate a generalized numerical value;

a search query generation process of calculating an attribute key element Q _ j which is a value obtained by executing a function F _5 with the generalized numerical value as an input, and generating a search query Q including the attribute key element Q _ j;

request processing of transmitting the search query Q to a data management apparatus and receiving encrypted data C from the data management apparatus; and

a decryption process of executing a decryption function of the function F _4 with the ciphertext C _ { L +1} contained in the encrypted data C as an input, thereby decrypting the plaintext M,

it is characterized in that the preparation method is characterized in that,

the data management device includes:

a storage unit that registers the set of encrypted data C and encrypted tag CT by a registration device;

a receiving unit that receives the search query Q;

a check unit that executes a function F _6 with the attribute key element Q _ j included in the search query Q as an input, executes a function F _7 with an operation value V _1 based on a function value of the function F _6 as an input, and compares a check value V _2 that is an obtained value with a determination element CT _ { L +1, GNUM } included in the encrypted tag CT; and

an output unit that transmits the encrypted data C when the verification value V _2 matches the determination element CT _ { L +1, GNUM },

the registration device has:

a random number generation unit that generates a data random number group R and a tag random number group R', which are groups of random numbers of the same number as the number L of layers of the hierarchy formed by the attributes of the user and are uniformly random numbers;

a reception unit that receives the plaintext M and attribute information B indicating an attribute value of each layer of a user permitted to refer to the plaintext M;

an encrypted data generation unit that receives as input a function F _2 that is a function of a value of the attribute information B that is a value obtained by connecting an attribute value of each layer j and a number of each layer j, receives as input a function F _3 that is a function of the function F _2, calculates an attribute element C _ { j, 0, 0} that is an exclusive or of the function F _3 and a jth random number of the data random array R, receives as input an exclusive or of the plaintext M and the data random array R, and generates the encrypted data C that includes the attribute element C _ { j, 0, 0} and the ciphertext C _ { L +1} that is a function of the function F _ 4;

a generalization value generation unit which generalizes the registered value to generate a generalization value;

an encrypted tag generation unit that executes the function F _2 by using as input a value obtained by connecting an attribute value of each layer j of the attribute information B and a number of each layer j, executes the function F _5 by using as input a function value of the function F _2 and the generalization numerical value, executes the function F _6 by using as input a function value of the function F _5, calculates an attribute element CT _ { j, 0, GNUM } which is an exclusive or of the function value of the function F _6 and a jth random number of the tag random array R ', executes the function F _7 by using as input an exclusive or of the tag random array R', and generates the encrypted tag CT including the attribute element CT _ { j, 0, GNUM } and the determination element CT _ { L +1, GNUM } which is a function value of the function F _ 7; and

a registration unit that registers the set of the encrypted data C and the encrypted tag CT to the data management apparatus.

21. A data management program for causing a computer to execute:

a reception process of receiving a search query Q from the search operation device after the set of the encrypted data C and the encrypted tag CT is registered by the registration device;

a collation process of executing a function F _6 with the attribute keyword element Q _ j included in the search query Q as an input, executing a function F _7 with an operation value V _1 based on a function value of the function F _6 as an input, and comparing a collation value V _2, which is an obtained value, with the determination element CT _ { L +1, GNUM } included in the encrypted tag CT; and

an output process of transmitting the encrypted data C to the search operation device when the check value V _2 matches the determination element CT _ { L +1, GNUM },

it is characterized in that the preparation method is characterized in that,

the search operation device includes:

a numerical value listing unit that generalizes several numerical values in the search range to generate generalized numerical values;

a search query generation unit that calculates the attribute key element Q _ j, which is a value obtained by executing a function F _5 with the generalized numerical value as an input, and generates the search query Q including the attribute key element Q _ j;

a requesting unit that transmits the search query Q and receives the encrypted data C; and

a decryption unit that decrypts the plaintext M by executing the decryption function of the function F _4 with the ciphertext C _ { L +1} included in the encrypted data C as input,

the registration device has:

a random number generation unit that generates a data random number group R and a tag random number group R', which are groups of random numbers of the same number as the number L of layers of the hierarchy formed by the attributes of the user and are uniformly random numbers;

a reception unit that receives the plaintext M and attribute information B indicating an attribute value of each layer of a user permitted to refer to the plaintext M;

an encrypted data generation unit that receives as input a function F _2 that is a function of a value of the attribute information B that is a value obtained by connecting an attribute value of each layer j and a number of each layer j, receives as input a function F _3 that is a function of the function F _2, calculates an attribute element C _ { j, 0, 0} that is an exclusive or of the function F _3 and a jth random number of the data random array R, receives as input an exclusive or of the plaintext M and the data random array R, and generates the encrypted data C that includes the attribute element C _ { j, 0, 0} and the ciphertext C _ { L +1} that is a function of the function F _ 4;

a generalization value generation unit which generalizes the registered value to generate a generalization value;

an encrypted tag generation unit that executes the function F _2 by using as input a value obtained by connecting an attribute value of each layer j of the attribute information B and a number of each layer j, executes the function F _5 by using as input a function value of the function F _2 and the generalization numerical value, executes the function F _6 by using as input a function value of the function F _5, calculates an attribute element CT _ { j, 0, GNUM } which is an exclusive or of the function value of the function F _6 and a jth random number of the tag random array R ', executes the function F _7 by using as input an exclusive or of the tag random array R', and generates the encrypted tag CT including the attribute element CT _ { j, 0, GNUM } and the determination element CT _ { L +1, GNUM } which is a function value of the function F _ 7; and

a registration unit that registers a set of the encrypted data C and the encrypted tag CT.

Technical Field

The present invention relates to a hidden search technique.

Background

The confidential search is a technique for searching data in an encrypted state.

That is, the confidential search is a technique of searching encrypted data without decrypting the encrypted data.

In recent years, confidential search has received attention as a security technique for protecting confidential information in a cloud service to prevent eavesdropping by a server administrator. In other words, confidential search is attracting attention as a security technique for managing data in the internet.

As the processing in the confidential search, the processing of each of the registrant, the searcher, and the data center apparatus will be described.

The registrant is a user who registers encrypted data, and the searcher is a user who searches the encrypted data.

The basic flow of processing performed by the registrar is as follows.

First, the registrant encrypts data to generate encrypted data.

Next, the registrar encrypts a key for retrieving the encrypted data. The encrypted key is referred to as an encrypted tag. The keyword is not revealed from the encrypted tag.

The registrar then associates the encrypted label with the encrypted data. The number of encryption tags need not be one, and a plurality of encryption tags can be associated with the encrypted data.

Then, the registrant registers the encrypted data and the encrypted tag to the data center apparatus.

The basic flow of processing performed by the searcher is as follows.

First, the searcher selects a keyword to be searched.

Next, the searcher randomizes the key using its own secret key. The randomized key is referred to as a search query. It is difficult to analogize the secret key from the search query.

Next, the searcher sends a search query to the data center device, thereby requesting the data center device to perform a search.

The retriever then receives encrypted data corresponding to the retrieval query from the data center device.

The basic flow of processing performed by the data center apparatus is as follows.

A plurality of groups of encrypted data and encrypted tags are registered in a data center device.

First, a data center device receives a search query.

Next, the data center apparatus selects an encrypted tag corresponding to the search query by a special operation. In the special operation, the key of the search query can be compared with the key of each encrypted tag without decrypting the encrypted tag.

The data center device then transmits the encrypted data associated with the selected encrypted tag.

There are 2 types, namely, a public key type and a public key type, in the secret search.

In the public key scheme, a registrant and a searcher are limited by using a public encryption key technique.

In the public key system, although the searcher is limited by the public key encryption technology, the registrant is not limited.

In the public key system, a registrant and a searcher generally share the same secret information with each other.

Non-patent document 1 discloses the following public key system: in order to reduce the cost of sharing secret information and the influence of leakage of secret information, a registrant and a searcher do not share the same secret information.

Further, non-patent document 1 discloses a multi-user shared key system.

In the multi-user shared key system, a user who is permitted to be retrieved and a user who is not permitted to be retrieved can be set. That is, in the multi-user shared key system, when a plurality of users having different secret information search using the same keyword, it is possible to generate encrypted data that hits in the search by a certain user but misses in the search by another user.

Disclosure of Invention

Problems to be solved by the invention

Non-patent document 1 focuses on the increase in size of a search query when multi-user processing is widely known, and discloses a method of suppressing the size of a search query using a human agent re-encryption technique.

The proxy re-encryption technology is as follows: the encrypted data of a certain user is converted into encrypted data that can be decrypted by other users without decrypting the encrypted data of the certain user.

However, since the proxy re-encryption technique uses a public key encryption technique, the method of non-patent document 1 has a problem of a search speed.

In the system of non-patent document 1, a complete matching search can be performed, but a partial matching search cannot be performed. That is, it is possible to determine whether or not the keyword at the time of search completely matches the keyword at the time of registration, but it is impossible to determine whether or not the keyword at the time of search is included in the keyword at the time of registration as a partial character string.

Further, in the system of non-patent document 1, a range search cannot be performed. That is, when the keyword at the time of registration is a numeric value and the keyword at the time of search is a section of numeric values, it is not possible to determine whether or not the numeric value at the time of registration has entered the section of numeric values at the time of search.

Patent document 1 discloses a hidden search method corresponding to partial matching. In this aspect, it is possible to determine whether or not the keyword at the time of search is included as a partial character string in the keyword at the time of registration in an encrypted state.

However, this scheme does not correspond to multiple users, and therefore, it is difficult to extend the scheme to a multiple user type public key scheme.

Non-patent document 2 discloses an encryption system with an access control function, not a confidential search technique.

With this method, encrypted data that can be decrypted by a certain user but cannot be decrypted by other users can be generated based on the attribute information of each user.

In this embodiment, a public key encryption technique is used. Therefore, although the registrants and the searcher are limited, the efficiency of the present embodiment is good.

However, it is difficult to extend this scheme to the multiuser-type public key scheme.

The invention aims to perform secret search by using a multi-user type public key encryption mode.

Means for solving the problems

The registration device of the present invention includes: a random number generation unit that generates a random number group R of random numbers of the same number as the number L of layers of the hierarchy formed by the attributes of the user, the random number group R being a uniform random number group; a reception unit that receives a plaintext M and attribute information B indicating an attribute value of each layer of a user permitted to refer to the plaintext M; an encrypted data generation unit that receives as input a function F _2 that is a function of a value of the attribute information B that is a value obtained by connecting an attribute value of each layer j and a number of each layer j, receives as input a function F _3 that is a function of the function F _2, calculates an attribute element C _ { j, 0, 0} that is an exclusive or of the function F _3 and a jth random number of the data random array R, receives as input an exclusive or of the plaintext M and the data random array R, and generates encrypted data C that includes the attribute element C _ { j, 0, 0} and a ciphertext C _ { L +1} that is a function of the function F _ 4; and a registration unit that registers the encrypted data C to a data management apparatus.

Effects of the invention

According to the present invention, encrypted data C generated using a function in a multiplexed manner is registered. This enables secure search using a multi-user public key encryption scheme.

Drawings

Fig. 1 is a configuration diagram of a hidden search system 100 according to embodiment 1.

Fig. 2 is a configuration diagram of master key device 200 according to embodiment 1.

Fig. 3 is a configuration diagram of a registration key device 300 according to embodiment 1.

Fig. 4 is a configuration diagram of a user key device 400 in embodiment 1.

Fig. 5 is a configuration diagram of the generation unit 420 in embodiment 1.

Fig. 6 is a configuration diagram of registration apparatus 500 in embodiment 1.

Fig. 7 is a configuration diagram of the generation unit 520 in embodiment 1.

Fig. 8 is a configuration diagram of search operation device 600 according to embodiment 1.

Fig. 9 is a configuration diagram of the generation unit 620 in embodiment 1.

Fig. 10 is a block diagram of a data management device 700 according to embodiment 1.

Fig. 11 is a configuration diagram of the search unit 720 in embodiment 1.

Fig. 12 is a flowchart of master key generation (S110) in embodiment 1.

Fig. 13 is a flowchart of the registration key generation (S120) in embodiment 1.

Fig. 14 is a flowchart of the user key generation (S130) in embodiment 1.

Fig. 15 is a diagram showing an example of attribute information in embodiment 1.

Fig. 16 is a flowchart of data registration (S140) in embodiment 1.

Fig. 17 is a diagram showing the registration database 792 in embodiment 1.

Fig. 18 is a flowchart of the search operation (S150) in embodiment 1.

Fig. 19 is a flowchart of data search (S160) in embodiment 1.

Fig. 20 is a flowchart of data deletion (S170) in embodiment 1.

Fig. 21 is a configuration diagram of the generation unit 520 in embodiment 2.

Fig. 22 is a configuration diagram of the search unit 720 in embodiment 2.

Fig. 23 is a flowchart of data registration (S240) in embodiment 2.

Fig. 24 is a flowchart of data retrieval (S260) in embodiment 2.

Fig. 25 is a configuration diagram of the generation unit 520 in embodiment 3.

Fig. 26 is a configuration diagram of the generation unit 620 according to embodiment 3.

Fig. 27 is a configuration diagram of the search unit 720 in embodiment 3.

Fig. 28 is a flowchart of data registration (S340) in embodiment 3.

Fig. 29 is a flowchart of the search operation (S350) in embodiment 3.

Fig. 30 is a flowchart of data retrieval (S360) in embodiment 3.

Fig. 31 is a hardware configuration diagram of master key device 200 according to the embodiment.

Fig. 32 is a hardware configuration diagram of the registration key device 300 according to the embodiment.

Fig. 33 is a hardware configuration diagram of the user key device 400 according to the embodiment.

Fig. 34 is a hardware configuration diagram of the registration apparatus 500 in the embodiment.

Fig. 35 is a hardware configuration diagram of the search operation device 600 according to the embodiment.

Fig. 36 is a hardware configuration diagram of the data management device 700 according to the embodiment.

Detailed Description

In the embodiments and the drawings, the same elements and corresponding elements are denoted by the same reference numerals. The description of elements labeled with the same reference numerals is omitted or simplified as appropriate. The arrows in the figure primarily represent data flow or processing flow.