Encryption parameter setting apparatus, key generation apparatus, cryptographic system, program, encryption parameter setting method, and key generation method
First Claim
Patent Images
1. An encryption parameter setting apparatus comprising:
- a processing device for processing data;
a random divisor selection unit;
a base divisor generation unit;
a pairing log calculation unit; and
a parameter setting unit,wherein the random divisor selection unit selects an element from a plurality of elements of a cyclic group G′
, as a random divisor D*, by using the processing device;
the base divisor generation unit calculates a plurality of base divisors D˜
j by mapping the random divisor D* by using a plurality of maps Gj, where the plurality of maps Gj are homomorphism from the cyclic group G′
to each of a plurality of cyclic groups G′
j, based on the random divisor D* selected by the random divisor selection unit, by using the processing device;
the pairing log calculation unit calculates logarithms of pairing values of the plurality of base divisors D˜
j in a group G, where the group G is a direct product of the plurality of cyclic groups G′
j, and a pairing value by a bilinear pairing operation of two elements included in the group G is computable, and treats the logarithms as a plurality of pairing log coefficients η
i, by using the processing device; and
the parameter setting unit treats the plurality of base divisors D˜
j calculated by the base divisor generation unit and the plurality of pairing log coefficients η
i calculated by the pairing log calculation unit, as encryption parameters used in a cryptographic operation, by using the processing device.
1 Assignment
0 Petitions
Accused Products
Abstract
A sophisticated cryptographic system is realized without using a pairing operation on a composite order. A random matrix selection unit 142 randomly selects a random matrix V* from a plurality of matrices satisfying a predetermined condition, based on a plurality of pairing log coefficients ηi calculated by an encryption parameter setting apparatus 100. An output base calculation unit 143 calculates a plurality of output bases gk, based on a plurality of base divisors D˜j calculated by the encryption parameter setting apparatus 100 and the random matrix V* selected by the random matrix selection unit 142.
-
Citations
23 Claims
-
1. An encryption parameter setting apparatus comprising:
-
a processing device for processing data;
a random divisor selection unit;
a base divisor generation unit;
a pairing log calculation unit; and
a parameter setting unit,wherein the random divisor selection unit selects an element from a plurality of elements of a cyclic group G′
, as a random divisor D*, by using the processing device;the base divisor generation unit calculates a plurality of base divisors D˜
j by mapping the random divisor D* by using a plurality of maps Gj, where the plurality of maps Gj are homomorphism from the cyclic group G′
to each of a plurality of cyclic groups G′
j, based on the random divisor D* selected by the random divisor selection unit, by using the processing device;the pairing log calculation unit calculates logarithms of pairing values of the plurality of base divisors D˜
j in a group G, where the group G is a direct product of the plurality of cyclic groups G′
j, and a pairing value by a bilinear pairing operation of two elements included in the group G is computable, and treats the logarithms as a plurality of pairing log coefficients η
i, by using the processing device; andthe parameter setting unit treats the plurality of base divisors D˜
j calculated by the base divisor generation unit and the plurality of pairing log coefficients η
i calculated by the pairing log calculation unit, as encryption parameters used in a cryptographic operation, by using the processing device. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An encryption parameter setting apparatus comprising:
-
a processing device for processing data;
a random divisor selection unit;
a base divisor generation unit;
a discrete log calculation unit;
a pairing log calculation unit; and
a parameter setting unit,wherein the random divisor selection unit selects a random divisor D* from a plurality of divisors of a Jacobian variety JacC of an algebraic curve C of genus d in a finite field Fp, where an order p of the finite field Fp is a prime number, and the genus d is an integer greater than or equal to 2, by using the processing device; the base divisor generation unit calculates a plurality of base divisors D˜
j, based on the random divisor D* selected by the random divisor selection unit, by using the processing device;the discrete log calculation unit calculates a plurality of discrete logs lK, by using the processing device; the pairing log calculation unit calculates a plurality of pairing log coefficients η
i, based on the plurality of discrete logs lk calculated by the discrete log calculation unit, by using the processing device; andthe parameter setting unit sets an encryption parameter to be used in a cryptographic operation, based on the plurality of base divisors D˜
j calculated by the base divisor generation unit and the plurality of pairing log coefficients η
i calculated by the pairing log calculation unit, by using the processing device. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
-
-
16. A key generation apparatus comprising:
-
a processing device for processing data;
a storage device for storing data;
a base divisor storage unit;
a pairing log storage unit;
an output base calculation unit; and
a key calculation unit,wherein the base divisor storage unit stores, as a plurality of base divisors D˜
j, a plurality of elements of a group G, where the group G is a direct product of a plurality of cyclic groups of a same order, a pairing value by a bilinear pairing operation of two elements included in the group G is computable, and the plurality of base divisors D˜
j are mutually linearly independent, by using the storage device;the pairing log storage unit stores logarithms of pairing values of the plurality of base divisors D˜
j, as a plurality of pairing log coefficients η
i, by using the storage device;the output base calculation unit calculates a plurality of output bases gk being elements of the group G, where a pairing value of at least any two output bases gk in the plurality of output bases gk is 1, based on the plurality of base divisors D˜
j, stored by the base divisor storage unit and the plurality of pairing log coefficients η
i stored by the pairing log storage unit, by using the processing device; andthe key calculation unit calculates a key to be used in a cryptographic operation, based on the plurality of output bases gk calculated by the output base calculation unit, by using the processing device. - View Dependent Claims (17, 18, 19)
-
-
20. An encryption parameter setting method according to which an encryption parameter setting apparatus, having a processing device for processing data, sets encryption parameters used for a cryptographic operation, the encryption parameter setting method comprising:
-
selecting, by the processing device, an element from a plurality of elements of a cyclic group G′
, as a random divisor D* ;calculating, by the processing device, a plurality of base divisors D˜
j by mapping the random divisor D* by using a plurality of maps G j, where the plurality of maps Gj are homomorphism from the cyclic group G′
to each of a plurality of cyclic groups G′
j, based on the random divisor D* selected;calculating, by the processing device, logarithms of pairing values of the plurality of base divisors D˜
j in a group G, where the group G is a direct product of the plurality of cyclic groups G′
j, and a pairing value by a bilinear pairing operation of two elements included in the group G is computable, and treating the logarithms as a plurality of pairing log coefficients η
i; andtreating, by the processing device, the plurality of base divisors D˜
j calculated and the plurality of pairing log coefficients η
i;
calculated, as the encryption parameters.
-
-
21. An encryption parameter setting method according to which an encryption parameter setting apparatus, having a processing device for processing data, sets encryption parameters used for a cryptographic operation, the encryption parameter setting method comprising:
-
selecting, by the processing device, a random divisor D* randomly from a plurality of divisors of a Jacobian variety JacC of a hyperelliptic curve C of genus d in a finite field Fp (where an order p of the finite field Fp is a prime number, and the genus d is an integer greater than or equal to
2);calculating, by the processing device, a plurality of base divisors D˜
j, based on the random divisor D* selected;calculating, by the processing device, a plurality of discrete logs lK, where K is an integer greater than or equal to 1 and less than or equal to 2d-1, and the discrete log l K is an integer greater than or equal to 0 and less than or equal to 2d-1; calculating, by the processing device, a plurality of pairing log coefficients η
i, where i is an integer greater than or equal to 0 and less than or equal to 2d-1, the pairing log coefficient η
i is an integer greater than or equal to 0 and less than or equal to r−
1, and r is an order of the plurality of divisors of the Jacobian variety JacC, based on the plurality of discrete logs lK calculated; andsetting, by the processing device, the encryption parameters, based on the plurality of base divisors D˜
j calculated and the plurality of pairing log coefficients η
i calculated.
-
-
22. A key generation method according to which a key generation apparatus, having a processing device for processing data and a storage device for storing data, generates a key used for a cryptographic operation, the key generation method comprising:
-
storing, by the storage device, as a plurality of base divisors D˜
j, a plurality of elements of a group G, where the group G is a direct product of a plurality of cyclic groups of a same order, a pairing value by a bilinear pairing operation of two elements included in the group G is computable, and the plurality of base divisors D˜
j are mutually linearly independent;storing, by the storage device, logarithms of pairing values of the plurality of base divisors D˜
j, as a plurality of pairing log coefficients η
i;calculating, by the processing device, a plurality of output bases gk being elements of the group G, where a pairing value of at least any two output bases gk in the plurality of output bases gk is 1, based on the plurality of base divisors D˜
j stored by the storage device and the plurality of pairing log coefficients η
i stored by the storage device; andcalculating, by the processing device, the key, based on the plurality of output bases calculated.
-
-
23. A key generation method according to which a key generation apparatus, having a processing device for processing data and a storage device for storing data, generates a key used for a cryptographic operation, the key generation method comprising:
-
storing, by the storing device, a plurality of base divisors D˜
j of a Jacobian variety JacC of an algebraic curve C of genus d in an extension field K given by a finite algebraic extension of a finite field Fp, where an order p of the finite field Fp is a prime number, the genus d is an integer greater than or equal to 2, and w is a prime number of w=2d+1, and a plurality of pairing log coefficients η
i indicating a relation of a pairing value of the plurality of base divisors;randomly, by the processing device, selecting a random matrix V* satisfying a predetermined condition, based on the plurality of pairing log coefficients η
i stored by the storage device;calculating, by the processing device, a plurality of output bases gk, based on the plurality of base divisors D˜
j stored by the storage device and the random matrix V* selected; andcalculating, by the processing device, the key, based on the plurality of output bases gk calculated.
-
Specification