RE-ENCRYPTION KEY GENERATOR, RE-ENCRYPTION APPARATUS, ENCRYPTION APPARATUS, DECRYPTION APPARATUS, AND STORAGE MEDIUM

US 20160380767A1
Filed: 09/09/2016
Published: 12/29/2016
Est. Priority Date: 10/03/2014
Status: Active Grant

First Claim

Patent Images

1. A re-encryption key generator which generates a re-encryption key needed to obtain re-encrypted text data which is configured to be decrypted by means of a second private key of a second user device, by re-encrypting, without decryption, ciphertext data obtained by encrypting plaintext data by means of a first public key of a first user device, the generator comprising:

a first storage circuit configured to store a first private key corresponding to the first public key;

a second storage circuit configured to store a second re-encryption key generation key of the second user device which is different from a second public key corresponding to the second private key; and

a re-encryption key generation device configured to generate the re-encryption key based on the first private key, the second re-encryption key generation key, and a plurality of random numbers,wherein the second re-encryption key generation key comprises a plurality of system-specific values and the second private key,the re-encryption key includes an exponent having a numerator portion and a denominator portion or a scalar having a numerator portion and a denominator portion,the numerator portion is in form of a linear coupling of the second private key on which at least one of a plurality of private values specifying a relation between the system-specific values and the random numbers is allowed to act, andthe denominator portion is the first private key.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

According to one embodiment, a re-encryption key generator which generates the re-encryption key based on the first private key, the second re-encryption key generation key, and a plurality of random numbers. The second re-encryption key generation key comprises a plurality of system-specific values and the second private key. The re-encryption key includes an exponent having a numerator portion and a denominator portion or a scalar having a numerator portion and a denominator portion. The numerator portion is in form of a linear coupling of the second private key on which at least one of a plurality of private values specifying relations between the system-specific values and the random numbers is allowed to act. The denominator portion is the first private key.

Citations

14 Claims

1. A re-encryption key generator which generates a re-encryption key needed to obtain re-encrypted text data which is configured to be decrypted by means of a second private key of a second user device, by re-encrypting, without decryption, ciphertext data obtained by encrypting plaintext data by means of a first public key of a first user device, the generator comprising:
- a first storage circuit configured to store a first private key corresponding to the first public key;
  
  a second storage circuit configured to store a second re-encryption key generation key of the second user device which is different from a second public key corresponding to the second private key; and
  
  a re-encryption key generation device configured to generate the re-encryption key based on the first private key, the second re-encryption key generation key, and a plurality of random numbers,wherein the second re-encryption key generation key comprises a plurality of system-specific values and the second private key,the re-encryption key includes an exponent having a numerator portion and a denominator portion or a scalar having a numerator portion and a denominator portion,the numerator portion is in form of a linear coupling of the second private key on which at least one of a plurality of private values specifying a relation between the system-specific values and the random numbers is allowed to act, andthe denominator portion is the first private key.
- View Dependent Claims (2, 3, 4)
- - 2. The re-encryption key generator according to claim 1, wherein the first public key is generated based on the first private key and a plurality of system fixed values, andthe second public key is generated based on the second private key and the plurality of system fixed values.
  - 3. The re-encryption key generator according to claim 2, wherein the first private key is represented by sk_i=(x_i, y_i, z_i), the second private key is represented by sk_j=(x_j, y_j, z_j), the plurality of system fixed values relating to the first public key and the second public key is represented by g and g₁(when a bilinear map image which is a group of prime orders p with a bilinear map e:
    - G₁×
      
      G₂→
      
      G_Tpresent therein is represented using G₁, G₂, and G_T, g, g₁ε
      
      G₁), and when the first public key is represented by pk_ithe first public key pk_iincludes data X_i, Y_1i, Z_i, and Z_1i
      (X_i=g^xⁱ,Y_1i=g₁^yⁱ,Z_i=g^zⁱ,Z_1i=g₁^zⁱ),when the second pubic key is represented by pk_j, the second public key pk_jincludes data X_i, Y_1i, Z_i, and Z_1i
      (X_j=g^x^j,Y_1j=g₁^y^j,Z_j=g^z^j,Z_1j=g₁^z^j),the plurality of system fixed values relating to the re-encryption key generation key is represented by h, h₁, h₂(h, h₁, h₂ε
      
      G₂), and when the second re-encryption key generation key is represented by rk_j, rk_j=(T_j, T_1j, T_2j),
      (T_j=h^x^j,T_1j=h₁^y^j,T_2j=h₂^y^j)the plaintext data is represented by m (mε
      
      G_T), the random number relating to the ciphertext data is represented by r, the system fixed value relating to the ciphertext data is represented by g₂(g₂ε
      
      G₁), and when the ciphertext data is represented by C_i(the bilinear map e;
      
      G₁×
      
      G₂→
      
      G_Tis represented by e(,)), the ciphertext data C_iincludes data C_2X, C_2Y, C_2Z, C_2Z1and C₃,
      (C_2X=X_i^r,C_2Y=Y_1i^r,C_2Z=Z_i^r,C_2Z1=Z_1i^r,C₃=e(g₁g₂,h)^r·
      
      m),the random numbers relating to the re-encryption key are represented by θ and
      
      n, and when the re-encryption key is represented by R_ij, R_ij=(R_ij1, R_ij2, R_ij3),
  - 4. The re-encryption key generator according to claim 2, wherein the first private key is represented by sk_i=(x_i, y_i, z_i, w_i) the second private key is represented by sk_j=(x_j, y_j, z_j, w_j), the plurality of system fixed values relating to the first public key and the second public key is represented by g and g₁(when a bilinear map image which is a group of prime orders p with a bilinear map e:
    - G₁×
      
      G₂→
      
      G_Tpresent therein is represented using G₁, G₂, and G_T, g, g₁ε
      
      G₁), and when the first public key is represented by pk_i, the first public key pk_iincludes data X_i, Y_1i, Z_i, Z_1iand W_i
      (X_i=g^xⁱ,Y_1i=g₁^yⁱ,Z_i=g^zⁱ,Z_1i=g₁^zⁱ,W_i=g^wⁱ),when the second public key represented by pk_j, the second public key includes data X_i, Y_1j, Z_j, Z_1j, and W_j
      (X_j=g^x^j,Y_1j=g₁^y^j,Z_j=g^z^j,Z_1j=g₁^z^j,W_j=g^w^j),the plurality of system fixed values relating to the re-encryption key generation key is represented by h, h₁, h₂(h, h₁, h₂ε
      
      G₂), and when the second re-encryption key generation key is represented by rk_j, rk_j=(T_j, T_1j, T_2j),
      (T_j=h^x^j,T_1j=h₁^y^j,T_2j=h₂^y^j)the plaintext data is represented by m (mε
      
      G_T), the random number relating to the ciphertext data is represented by r, the system fixed value relating to the ciphertext data is represented by g₂(g₂ε
      
      G₁), a multiplicative group for the order p is representative Z_p*, a time parameter indicative of a period with which the re-encryption key is updated is represented by L, and when the ciphertext data is represented by C_i(the bilinear map e;
      
      G₁×
      
      G₂→
      
      G_Tis represented by e(,)), the ciphertext data C_iincludes data C_2X, C_2Y, C_2Z, C_2Z1, C_2F, and C₃,
      (C_2X=X_i^r,C_2Y=Y_1i^r,C_2Z=Z_i^r,C_2Z1=Z_1i^r,C_2F=F_i(L)^r,C₃=e(g₁g₂,h)^r·
      
      m a function Fi(L) is defined as follows;
      
      F_i(L)=g^L·
      
      W_i=g^L+wⁱ(Lε
      
      )),the random numbers relating to the re-encryption key are represented by θ
      
      , n, δ
      
      _x, and δ
      
      _y, and when the re-encryption key is represented by R_ijL, R_ijL=(R_ijL1, R_ijL2, R_ijL3, R_ijL4, R_ijL5),

5. A re-encryption apparatus which obtains re-encrypted text data which is configured to be decrypted by means of a second private key of a second user device, by re-encrypting, without decryption, ciphertext data obtained by encrypting plaintext data by means of a first public key of a first user device, the apparatus comprising:
- a storage circuit configured to store the re-encryption key pre-generated by a re-encryption key generator; and
  
  a re-encryption circuit configured to obtain the re-encrypted text data by re-encrypting the ciphertext data without decryption using the re-encryption key stored in the storage circuit,wherein the re-encryption key is generated based on a first private key corresponding to the first public key, a second re-encryption key generation key of the second user device which is different from a second public key corresponding to the second private key, and a plurality of random numbers,the second re-encryption key generation key comprises a plurality of system-specific values and the second private key,the re-encryption key includes an exponent having a numerator portion and a denominator portion or a scalar having a numerator portion and a denominator portion,the numerator portion is in form of a linear coupling of the second private key on which at least one of a plurality of private values specifying a relation between the system-specific values and the random numbers is allowed to act, andthe denominator portion is the first private key.

6. An encryption apparatus which generates ciphertext data obtained by encrypting plaintext data by means of a first public key of a first user device, for a re-encryption apparatus configured to obtain re-encrypted text data which is configured to be decrypted by means of a second private key of a second user device, by re-encrypting, without decryption, the ciphertext data, the apparatus comprising:
- a storage circuit configured to store the first public key; and
  
  an encryption circuit configured to obtain the ciphertext data by encrypting the plaintext data using the first public key stored in the storage circuit,wherein the re-encryption key is generated based on a first private key corresponding to the first public key, a second re-encryption key generation key of the second user device which is different from a second public key corresponding to the second private key, and a plurality of random numbers,the second re-encryption key generation key comprises a plurality of system-specific values and the second private key,the re-encryption key includes an exponent or a scalar having a numerator portion and a denominator portion,the numerator portion is in form of a linear coupling of the second private key on which at least one of a plurality of private values specifying a relation between the system-specific values and the random numbers is allowed to act, andthe denominator portion is the first private key.

7. A decryption apparatus which decrypts re-encrypted text data which is configured to be decrypted by means of a second private key of a second user device after a re-encryption apparatus obtains the re-encrypted text data based on a re-encryption key by re-encrypting, without decryption, ciphertext data obtained by encrypting plaintext data by means of a first public key of a first user device, the apparatus comprising:
- a storage circuit configured to store the second private key; and
  
  a decryption circuit configured to obtain the plaintext data by decrypting the re-encrypted text data based on the second private key stored in the storage circuit,wherein the re-encryption key is generated based on a first private key corresponding to the first public key, a second re-encryption key generation key of the second user device which is different from a second public key corresponding to the second private key, and a plurality of random numbers,the second re-encryption key generation key comprises a plurality of system-specific values and the second private key,the re-encryption key includes an exponent or a scalar having a numerator portion and a denominator portion,the numerator portion is in form of a linear coupling of the second private key on which at least one of a plurality of private values specifying a relation between the system-specific values and the random numbers is allowed to act, andthe denominator portion is the first private key.

8. A non-transitory computer-readable storage medium having a program stored therein, the program being used by a re-encryption key generator which generates a re-encryption key needed to obtain re-encrypted text data which is configured to be decrypted by means of a second private key of a second user device, by re-encrypting, without decryption, ciphertext data obtained by encrypting plaintext data by means of a first public key of a first user device, the program allowing a processor in the re-encryption key generator to execute:
- a process of writing a first private key corresponding to the first public key to a first storage circuit in the re-encryption key generator;
  
  a process of writing a second re-encryption key generation key of the second user device which is different from a second public key corresponding to the second private key, to a second storage circuit; and
  
  a process of generating the re-encryption key based on the first private key, the second re-encryption key generation key, and a plurality of random numbers,wherein the second re-encryption key generation key comprises a plurality of system-specific values and the second private key,the re-encryption key includes an exponent having a numerator portion and a denominator portion or a scalar having a numerator portion and a denominator portion,the numerator portion is in form of a linear coupling of the second private key on which at least one of a plurality of private values specifying a relation between the system-specific values and the random numbers is allowed to act, andthe denominator portion is the first private key.
- View Dependent Claims (9, 10, 11)
- - 9. The storage medium according to claim 8, wherein the first public key is generated based on the first private key and a plurality of system fixed values, andthe second public key is generated based on the second private key and the plurality of system fixed values.
  - 10. The storage medium according to claim 9, wherein the first private key is represented by sk_i=(x_i, y_i, z_i), the second private key is represented by sk_j=(x_j, y_j, z_j), the plurality of system fixed values relating to the first public key and the second public key is represented by g and g₁(when a bilinear map image which is a group of prime orders p with a bilinear map e:
    - G₁×
      
      G₂→
      
      G_Tpresent therein is represented using G₁, G₂, and G_T, g, g₁ε
      
      G₁), and when the first public key is represented by pk_i, the first public key pk_iincludes data X_i, Y_1i, Z_i, and Z_1i
      (X_i=g^xⁱ,Y_1i=g₁^yⁱ,Z_i=g^zⁱ,Z_1i=g₁^zⁱ),when the second public key is represented by pk_j, the second public key pk_jincludes data X_i, Y_1i, Z_i, and Z_1i
      (X_j=g^x^j,Y_1j=g₁^y^j,Z_j=g^z^j,Z_1j=g₁^z^j),the plurality of system fixed values relating to the re-encryption key generation key is represented by h, h₁, h₂(h, h₁, h₂ε
      
      G₂), and when the second re-encryption key generation key is represented by rk_j, rk_j=(T_j, T_1j, T_2j),
      (T_j=h^x^j,T_1j=h₁^y^j,T_2j=h₂^y^j)the plaintext data is represented by m (mε
      
      G_T), the random number relating the ciphertext data is represented by r, the system fixed value relating to the ciphertext data is represented by g₂(g₂ε
      
      G₁), and when the ciphertext data is represented by C_i(the bilinear map e;
      
      G₁×
      
      G₂→
      
      G_Tis represented by e(,)), the ciphertext data C_iincludes data C_2X, C_2Y, C_2Z, C_2Z1, and C₃,
      (C_2X=X_i^r,C_2Y=Y_1i^r,C_2Z=Z_i^r,C_2Z1=Z_1i^r,C₃=e(g₁g₂,h)^r·
      
      m),the random numbers relating to the re-encryption key are represented by θ and
      
      n, and when the re-encryption key is represented by R_ij, R_ij=(R_ij1, R_ij2, R_ij3),
  - 11. The storage medium according to claim 9, wherein the first private key is represented by sk_i=(x_i, y_i, z_i, w_i), the second private key is represented by sk_j=(x_j, y_j, z_j, w_j), the plurality of system fixed values relating to the first public key and the second public key is represented by g and g₁(when a bilinear map image which is a group of prime orders p with a bilinear map e:
    - G₁×
      
      G₂→
      
      G_Tpresent therein is represented using G₁, G₂, and G_T, g, g₁ε
      
      G₁), and when the first public key is represented by pk_i, the first public key pk_iincludes data X_i, Y_1i, Z_i, Z_1i, and W_i
      (X_i=g^xⁱ,Y_1i=g₁^yⁱ,Z_i=g^zⁱ,Z_1i=g₁^zⁱ,W_i=g^wⁱ),when the second public key represented by pk_j, the second public key pk_jincludes data X_i, Y_1j, Z_j, Z_1j, and W_j
      (X_j=g^x^j,Y_1j=g₁^y^j,Z_j=g^z^j,Z_1j=g₁^z^j,W_j=g^w^j),the plurality of system fixed values relating to the re-encryption key generation key is represented by h, h₁, h₂(h, h₁, h₂ε
      
      G₂), and when the second re-encryption key generation key is represented by rk_j, rk_j=(T_j, T_1j, T_2j),
      (T_j=h^x^j,T_1j=h₁^y^j,T_2j=h₂^y^j)the plaintext data is represented by m (mε
      
      G_T), the random number relating to the ciphertext data is represented by r, the system fixed value relating to the ciphertext data is represented by g₂(g₂ε
      
      G₁), a multiplicative group for the order p is representative Z_p*, a time parameter indicative of a period with which the re-encryption key is updated is represented by L, and when the ciphertext data is represented by C_i(the bilinear map e;
      
      G₁×
      
      G₂→
      
      G_Tis represented by e(,)), the ciphertext data C_iincludes data C_2X, C_2Y, C_2Z1, C_2F, and C₃,
      (C_2X=X_i^r,C_2Y=Y_1i^r,C_2Z=Z_i^r,C_2Z1=Z_1i^r,C_2F=F_i(L)^r,C₃=e(g₁g₂,h)^r·
      
      m a function φ
      
      (L) is defined as follows;
      
      F_i(L)=g^L·
      
      W_i=g^L+wⁱ(Lε
      
      )),the random numbers relating to the re-encryption key are represented by θ
      
      , n, θ
      
      _x, and δ
      
      _y, and when the re-encryption key is represented by R_ijL, R_ijL=(R_ijL1, R_ijL2, R_ijL3, R_ijL4, R_ijL5),

12. A non-transitory computer-readable storage medium having a program stored therein, the program being used for a re-encryption apparatus which obtains re-encrypted text data which is configured to be decrypted by means of a second private key of a second user device, by re-encrypting, without decryption, ciphertext data obtained by encrypting plaintext data by means of a first public key of a first user device, the program allowing a processor in the re-encryption apparatus to execute:
- a process of writing the re-encryption key pre-generated by a re-encryption key generator to a storage circuit in the re-encryption apparatus; and
  
  a process of obtaining the re-encrypted text data by re-encrypting the ciphertext data without decryption using the re-encryption key stored in the storage circuit,wherein the re-encryption key is generated based on a first private key corresponding to the first public key, a second re-encryption key generation key of the second user device which is different from a second public key corresponding to the second private key, and a plurality of random numbers,the second re-encryption key generation key comprises a plurality of system-specific values and the second private key,the re-encryption key includes an exponent having a numerator portion and a denominator portion or a scalar having a numerator portion and a denominator portion,the numerator portion is in form of a linear coupling of the second private key on which at least one of a plurality of private values specifying a relation between the system-specific values and the random numbers is allowed to act, andthe denominator portion is the first private key.

13. A non-transitory computer-readable storage medium having a program stored therein, the program being used for an encryption apparatus which generates ciphertext data obtained by encrypting plaintext data by means of a first public key of a first user device, for a re-encryption apparatus configured to obtain re-encrypted text data which is configured to be decrypted by means of a second private key of a second user device, by re-encrypting, without decryption, the ciphertext data, the program allowing a processor in the encryption apparatus to execute:
- a process of writing the first public key to a storage circuit in the encryption apparatus; and
  
  a process of obtaining the ciphertext data by encrypting the plaintext data using the first public key stored in the storage circuit,wherein the re-encryption key is generated based on a first private key corresponding to the first public key, and a second re-encryption key generation key of the second user device which is different from a second public key corresponding to the second private key,the second re-encryption key generation key comprises a plurality of system-specific values and the second private key,the re-encryption key includes an exponent having a numerator portion and a denominator portion or a scalar having a numerator portion and a denominator portion,the numerator portion is in form of a linear coupling of the second private key on which at least one of a plurality of private values specifying a relation between the system-specific values and the random numbers is allowed to act, andthe denominator portion is the first private key.

14. A non-transitory computer-readable storage medium having a program stored therein, the program being used for a decryption apparatus which decrypts re-encrypted text data which is configured to be decrypted by means of a second private key of a second user device after a re-encryption apparatus obtains the re-encrypted text data based on a re-encryption key by re-encrypting, without decryption, ciphertext data obtained by encrypting plaintext data by means of a first public key of a first user device, the program allowing a processor in the decryption apparatus to execute:
- a process of writing the second private key to a storage circuit in the decryption apparatus; and
  
  a process of obtaining the plaintext data by decrypting the re-encrypted text data based on the second private key stored in the storage circuit,wherein the re-encryption key is generated based on a first private key corresponding to the first public key, a second re-encryption key generation key of the second user device which is different from a second public key corresponding to the second private key, and a plurality of random numbers,the second re-encryption key generation key comprises a plurality of system-specific values and the second private key,the re-encryption key includes an exponent having a numerator portion and a denominator portion or a scalar having a numerator portion and a denominator portion,the numerator portion is in form of a linear coupling of the second private key on which at least one of a plurality of private values specifying a relation between the system-specific values and the random numbers is allowed to act, andthe denominator portion is the first private key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Toshiba Digital Solutions Corporation (Toshiba Corporation)
Original Assignee
Kabushiki Kaisha Toshiba (Toshiba Corporation), Toshiba Solutions Corporation (Toshiba Corporation)
Inventors
HAYASHI, Ryotaro, MATSUSHITA, Tatsuyuki

Granted Patent

US 10,187,207 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 2209/76   Proxy, i.e. using intermedi...

H04L 9/0847   involving identity based en...

H04L 9/0869   involving random numbers or...

H04L 9/0897   involving additional device...

H04L 9/14   using a plurality of keys o...

H04L 9/30   Public key, i.e. encryption...

H04L 9/3073   involving pairings, e.g. id...

RE-ENCRYPTION KEY GENERATOR, RE-ENCRYPTION APPARATUS, ENCRYPTION APPARATUS, DECRYPTION APPARATUS, AND STORAGE MEDIUM

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

RE-ENCRYPTION KEY GENERATOR, RE-ENCRYPTION APPARATUS, ENCRYPTION APPARATUS, DECRYPTION APPARATUS, AND STORAGE MEDIUM

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links