Functional encryption applied system, information output apparatus, information processing apparatus, encryption protocol execution method, information output method, information processing method, program and recording medium
First Claim
1. A functional encryption applied system comprising an information output apparatus and an information processing apparatus, whereinthe information output apparatus includes:
- a determiner that identifies a first identifier or a plurality of first identifiers according to a rule for a combination of protocols or each of the protocols that are in accordance with a functional encryption scheme, the first identifier or the plurality of the first identifiers corresponding to the protocols or each of the protocols;
a setter that sets a particular piece of first correspondence information corresponding to the first identifier or a combination of the plurality of the first identifiers; and
a transmitter that outputs first information, the first information being a first ciphertext or first key information of the functional encryption scheme, and the first information corresponding to the particular piece of first correspondence information,the information processing apparatus includes;
a decryptor that inputs the first information and second information corresponding to a particular piece of second correspondence information into a decryption function of the functional encryption scheme and, generating a decryption result when a truth value of a logical formula corresponding to a combination of the particular piece of first correspondence information and the particular piece of second correspondence information is true, the second information being second key information of the functional encryption scheme when the first information is the first ciphertext, and the second information being a second ciphertext of the functional encryption scheme when the first information is the first key information, the particular piece of second correspondence information corresponding to a second identifier or a combination of a plurality of second identifiers, the second identifier or the second identifiers being identified in according to the rule,the information output apparatus further comprises a first selector that selects whether the first information is to be the first ciphertext or the first key information, depending on the protocol or each of the protocols, the first key information being used for decryption of the second ciphertext, the second ciphertext being generated without the first key information;
the information processing apparatus further comprising a second selector that selects whether the second information is to be the second ciphertext or the second key information, depending on the protocol or each of the particular protocols, the second key information being used for decryption of the first ciphertext, the first ciphertext being generated without the second key information; and
the first correspondence information is a first vector or first vectors, and the second correspondence information is a second vector or second vectors.
1 Assignment
0 Petitions
Accused Products
Abstract
An information output apparatus identifies, according to a rule established for each of functional encryption protocols or a rule established for each combination of the protocols, one or more identifiers corresponding to a particular functional encryption protocol or a combination of the particular protocols, sets a particular piece of first correspondence information corresponding to the identifier or identifiers, and outputs first information which is a ciphertext or key information of the functional encryption scheme that corresponds to the particular piece of first correspondence information. An information processing apparatus inputs the first information and second information which is key information or a ciphertext of the functional encryption scheme that corresponds to a particular piece of second correspondence information into a decryption function of the functional encryption scheme and, when the truth value of a logical formula corresponding to the combination of the particular piece of first correspondence information corresponding to the first information and the particular piece of second correspondence information corresponding to the second information is true, generates a decryption result.
43 Citations
34 Claims
-
1. A functional encryption applied system comprising an information output apparatus and an information processing apparatus, wherein
the information output apparatus includes: -
a determiner that identifies a first identifier or a plurality of first identifiers according to a rule for a combination of protocols or each of the protocols that are in accordance with a functional encryption scheme, the first identifier or the plurality of the first identifiers corresponding to the protocols or each of the protocols; a setter that sets a particular piece of first correspondence information corresponding to the first identifier or a combination of the plurality of the first identifiers; and a transmitter that outputs first information, the first information being a first ciphertext or first key information of the functional encryption scheme, and the first information corresponding to the particular piece of first correspondence information, the information processing apparatus includes; a decryptor that inputs the first information and second information corresponding to a particular piece of second correspondence information into a decryption function of the functional encryption scheme and, generating a decryption result when a truth value of a logical formula corresponding to a combination of the particular piece of first correspondence information and the particular piece of second correspondence information is true, the second information being second key information of the functional encryption scheme when the first information is the first ciphertext, and the second information being a second ciphertext of the functional encryption scheme when the first information is the first key information, the particular piece of second correspondence information corresponding to a second identifier or a combination of a plurality of second identifiers, the second identifier or the second identifiers being identified in according to the rule, the information output apparatus further comprises a first selector that selects whether the first information is to be the first ciphertext or the first key information, depending on the protocol or each of the protocols, the first key information being used for decryption of the second ciphertext, the second ciphertext being generated without the first key information; the information processing apparatus further comprising a second selector that selects whether the second information is to be the second ciphertext or the second key information, depending on the protocol or each of the particular protocols, the second key information being used for decryption of the first ciphertext, the first ciphertext being generated without the second key information; and the first correspondence information is a first vector or first vectors, and the second correspondence information is a second vector or second vectors.
-
-
2. A functional encryption applied system comprising an information output apparatus and an information processing apparatus, wherein
the information output apparatus includes: -
a determiner that identifies a first identifier or a plurality of first identifiers according to a rule for a combination of protocols or each of the protocols that are in accordance with a functional encryption scheme, the first identifier or the plurality of the first identifiers corresponding to the protocols or each of the protocols; a setter that sets a first vector corresponding to the first identifier or a combination of the plurality of the first identifiers; and a transmitter that outputs first information, the first information being a first ciphertext or first key information of the functional encryption scheme, and the first information corresponding to the first vector, the information processing apparatus includes; a decryptor that inputs the first information and second information corresponding to a second vector into a decryption function of the functional encryption scheme and, generating a decryption result when an inner product of the first vector and the second vector is 0, the second information being second key information of the functional encryption scheme when the first information is the first ciphertext, and the second information being a second ciphertext of the functional encryption scheme when the first information is the first key information, the second vector corresponding to a second identifier or a combination of a plurality of second identifiers, the second identifier or the second identifiers being identified in according to the rule, the first vector is v43 =(v1, . . . ,vn) and the second vector is w43 =(w1, . . . ,wn), the first ciphertext includes υ
1·
(Σ
μ
=1n vμ
·
bμ
)+υ
2·
bn+1+. . . +υ
ξ
+1·
bn+ξ
and the second key information is α
·
(Σ
μ
=1−
wμ
·
bμ
*)+Σ
ι
=n+1n+ξ
−
υ
ι
′
·
bι
* or;the second ciphertext includes υ
1·
(Σ
μ
=1n wμ
·
bμ
)+υ
2·
bn+1+. . . +υ
ξ
+1·
bn+ξ
and the first key information is α
·
(Σ
μ
=1n−
vμ
·
bμ
*)+Σ
ι
=n+1n+ξ
−
υ
ι
′
·
bι
*, whereμ
=1, . . . ,n,n represents an integer greater than or equal to 1, ξ
is an integer greater than or equal to 1,i=1, . . . , n+ξ
,bi represent an n+ξ
-dimensional basis vector,bi* represent an n+ξ
-dimensional basis vector,Σ
represents summation,vμ
represents the μ
-th element of v→
=(v1, . . . , vn),wμ
, represents a element of w→
=(w1, . . . ,wn), andα
, υ
1, . . . , υ
ξ
+1, υ
ι
′
are elements of a finite field or a finite ring. - View Dependent Claims (3, 4, 5, 6, 7)
-
-
8. A functional encryption applied system comprising an information output apparatus and an information processing apparatus, wherein
the information output apparatus includes: -
a determiner that identifies a first identifier or a plurality of first identifiers according to a rule for a combination of protocols or each of the protocols that are in accordance with a functional encryption scheme, the first identifier or the plurality of first identifiers corresponding to the protocols or each of the protocols; a setter that sets a particular piece of first correspondence information corresponding to the first identifier or the combination of the plurality of the first identifiers; and a transmitter that outputs first information, the first information being a first ciphertext or first key information of the functional encryption scheme, and the first information corresponding to the particular piece of first correspondence information, the information processing apparatus includes; a decryptor that inputs the first information and second information corresponding to a particular piece of second correspondence information into a decryption function of the functional encryption scheme, and generating a decryption result, the second information being second key information of the functional encryption scheme when the first information is the first ciphertext, and the second information being second ciphertext of the functional encryption scheme when the first information is the first key information, the particular piece of second correspondence information corresponding to a second identifier or a combination of a plurality of second identifiers, the second identifier or the second identifiers being identified in according to the rule, the first correspondence information includes a plurality of pieces of first partial correspondence information and the second correspondence information includes a plurality of pieces of second partial correspondence information, partial combinations each consisting of each of the pieces of the first partial correspondence information and each of the pieces of the second partial correspondence information, each of the partial combinations is true or false, a first partial combination of the partial combinations is true when a predetermined function returns a particular value for the first partial combination, a second partial combination of the partial combinations is true when the predetermined function does not return the particular value for the second partial combination, and the decryption function returns the decryption result when a fifth vector exists in a vector space formed by particular vectors, each of the particular vectors being associated with each of the pieces of the first partial correspondence information or the second partial correspondence information of the partial combinations being true, the pieces of the first partial correspondence information are first vectors and the pieces of the second partial correspondence information are second vectors, and the predetermined function calculates an inner product of each vector of the first vectors and each vector of the second vectors, and the particular value is 0. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A functional encryption applied system comprising an information output apparatus and an information processing apparatus, wherein
the information output apparatus includes: -
a determiner that identifies first identifier or a plurality of first identifiers according to a rule for a combination of protocols or each of the protocols that are in accordance with a functional encryption scheme, the first identifier or the plurality of the first identifiers corresponding to the protocols or each of the protocols; a setter that sets a particular piece of first correspondence information corresponding to the first identifier or a combination of the plurality of the first identifiers; and a transmitter that outputs first information, the first information being a first ciphertext or first key information of the functional encryption scheme, and the first information corresponding to the particular piece of first correspondence information, the information processing apparatus includes a decryptor that inputs the first information and second information corresponding to a particular piece of second correspondence information into a decryption function of the functional encryption scheme and, generating a decryption result when a truth value of a logical formula corresponding to a combination of the particular piece of first correspondence information and the particular piece of second correspondence information is true, the second information being second key information of the functional encryption scheme when the first information is the first ciphertext, and the second information being a second ciphertext of the functional encryption scheme when the first information is the first key information, the particular piece of second correspondence information corresponding to a second identifier or a combination of a plurality of second identifiers, the second identifier or the second identifiers being identified in according to the rule, the protocols are selected from a set including at least one of a Timed-Release encryption protocol, a Forward Secure encryption protocol, a Key Insulated encryption protocol, a CCA2 secure encryption protocol, and a Keyword search encryption protocol; when the protocols include the Timed-Release encryption protocol, the first identifier or any of the plurality of the first identifiers represents information identifying a time point after the time of generation of the first information; when the protocols include the Forward Secure encryption protocol or the Key Insulated encryption protocol, the first identifier or any of the plurality of the first identifiers represents information identifying a time period including a time of generation of the first information or a time period after a time of generation of the first information; when the protocols include the CCA2 secure encryption protocol, the first identifier or any of the plurality of the first identifiers represents one-time information which is newly set each time the first information is generated; when the protocols include the Keyword search encryption protocol, the first identifier or any of the plurality of the first identifiers represents information identifying a keyword corresponding to the first key information for searching a database in which a third ciphertext of information to be searched is associated with the second ciphertext, the keyword corresponding to the information to be searched; and the first correspondence information is a first vector, and the second correspondence information is a second vector. - View Dependent Claims (16)
-
-
17. An information output apparatus comprising:
-
a determiner that identifies a first identifier or a plurality of first identifiers according to a rule for a combination of protocols or each of the protocols that are in accordance with a functional encryption scheme, the one identifier or the plurality of the first identifiers corresponding to the protocols or each of the protocols; a setter that sets a particular piece of first correspondence information corresponding to the first identifier or a combination of the plurality of the first identifiers; a transmitter that outputs first information, the first information being a first ciphertext or first key information of the functional encryption scheme, and the first information corresponding to the particular piece of first correspondence information; and a first selector that selects whether the first information is to be the first ciphertext or the first key information, using identification information PI for identifying the protocols or each of the protocols to be executed, the first key information being used for decryption of a second ciphertext, the second ciphertext being generated without the first key information, wherein the first correspondence information is a first vector. - View Dependent Claims (33)
-
-
18. An information output apparatus comprising:
-
a determiner that identifies a first identifier or a plurality of the first identifiers according to a rule for a combination of protocols or each of the protocols that are in accordance with a functional encryption scheme, the first identifier or the plurality of the first identifiers corresponding to the protocols or each of the protocols; a setter that sets a first vector corresponding to the first identifier or a combination of the plurality of the first identifiers; and a transmitter that outputs first information, the first information being a first ciphertext or first key information of the functional encryption scheme, and the first information corresponding to the first vector, wherein the first vector is v→
=(v1, . . . ,vn),the first ciphertext includes υ
1·
(Σ
μ
=1n vμ
·
bμ
)+υ
2·
bn+1+. . . +υ
ξ
+1·
b n+ξ
or;
the first key information is α
·
(Σ
μ
=1nvμ
·
bμ
*)+Σ
ι
=n+1n+ξ
υ
ι
′
·
bι
*, whereμ
=1, . . . ,n,n represents an integer greater than or equal to 1, ξ
is an integer greater than or equal to 1,i=1, . . . ,n+ξ
,bi represent an n+ξ
-dimensional basis vector,bi* represent an n+ξ
-dimensional basis vector,Σ
represents summation,vμ
represents the μ
-th element of v→
=(v1, . . . ,vn),wμ
represents a μ
-th element of w→
=(w1, . . . ,wn), andα
, υ
1, . . . ,υ
ξ
+1, υ
ι
′
are elements of a finite field or a finite ring.
-
-
19. An information output apparatus comprising:
-
a determiner that identifies a first identifier or a plurality of first identifiers according to a rule for a combination of protocols or each of the protocols that are in accordance with a functional encryption scheme, the first identifier or the plurality of the first identifiers corresponding to the protocols or each of the protocols; a setter that sets a particular piece of first correspondence information corresponding to the first identifier or the combination of the plurality of the first identifiers; and a transmitter that outputs first information, the first information being a first ciphertext or first key information of the functional encryption scheme, and the first information corresponding to the particular piece of first correspondence information, wherein the first correspondence information includes first vectors, the first vectors are v(1)→
, . . . ,v(Ψ
)→
or, w(1)→
, . . . ,w(Ψ
)→
,the first key information includes D*(0), D*(1), . . . ,D(Ψ
) or, the first ciphertext includes C(0), C(1), . . . ,C(Ψ
),where
D*(0)=−
SE·
b1*(0)+Σ
ι
=2I−
coefι
(0)·
bι
*(0),
D*(λ
)=(share(λ
)+coef(λ
)·
v1(λ
))·
b1*(λ
)
+Σ
ι
=2n(λ
)−
coef(λ
)·
vι
(λ
)·
bι
*(λ
)
+Σ
ι
=n(λ
)+1n(λ
)+ζ
(λ
)−
coefι
(λ
)·
bι
*(λ
)for λ
that satisfies LAB(λ
)=v(λ
)→
,
D*(λ
)=share(λ
)·
Σ
ι
=1n(λ
)−
vι
(λ
)·
bι
*(λ
)
+Σ
ι
=n(λ
)+1n(λ
)+ζ
(λ
)−
coefι
(λ
)·
bι
*(λ
)for λ
that satisfies LAB(λ
)=v(λ
)→
,
C(0)=υ
·
b1(0)+Σ
ι
=2I−
υ
ι
(0)·
bι
(0),
C(λ
)=υ
·
Σ
ι
=1n(λ
)−
wι
(λ
)·
bι
(λ
)+Σ
ι
=n(λ
)+1n(λ
)+ζ
(λ
)−
υ
ι
(λ
)·
bι
(λ
),Ψ
represents an integer greater than or equal to 1,n(ψ
) represents an integer greater than or equal to 1,ζ
(ψ
) represents an integer greater than or equal to 0,ψ
=0, . . . ,Ψ
,λ
=1, . . . ,Ψ
,LAB(λ
) are labels associated with λ
=1, . . . ,Ψ
,LAB(λ
) represents v(λ
)→
or v(λ
)→
,represents logical negation, Σ
represents summation,SE is secret information, share(λ
) is share information of SE,bi(ψ
) represents an n(ψ
)+ζ
(ψ
)-dimensional basis vector,bi*(ψ
)represents an n(ψ
)+ζ
(ψ
)-dimensional basis vector,i=1, . . . ,n(ψ
)+ζ
(ψ
),vμ
(λ
) represents a μ
-th element of v(λ
)→
=(v1(λ
), . . . ,vn( λ
)(λ
)),wμ
(λ
) represents a μ
-th element of w(λ
)→
=(w1(λ
), . . . ,wn( λ
)(λ
)),μ
=1, . . . ,n(λ
),I is a constant greater than or equal 2 and less than or equal to n(0)+ζ
(0), andcoefι
(0), coef(λ
), coefι
(λ
), υ and
υ
ι
(ψ
) are elements of a finite field or a finite ring.
-
-
20. An information processing apparatus comprising:
-
a decryptor that inputs a first information corresponding to a particular piece of first correspondence information and second information corresponding to a particular piece of second correspondence information into a decryption function of a functional encryption scheme and, generating a decryption result when a truth value of a logical formula corresponding to a combination of the particular piece of first correspondence information and the particular piece of second correspondence information is true, the first information being a first ciphertext or first key information of the functional encryption scheme, the second information being second key information of the functional encryption scheme when the first information is the first ciphertext, and the second information being a second ciphertext of the functional encryption scheme when the first information is the first key information; and a second selector that selects whether the second information is to be the second ciphertext or the second key information, using identification information PI for identifying the protocols or each of the particular protocols to be executed, the second key information being used for decryption of the first ciphertext, the first ciphertext being generated without the second key information. - View Dependent Claims (34)
-
-
21. An information processing apparatus comprising:
-
a decryptor that inputs a first information corresponding to a first vector and second information corresponding to a second vector into a decryption function of a functional encryption scheme and, generating a decryption result, the first information being a first ciphertext or first key information of the functional encryption scheme, the second information being second key information of the functional encryption scheme when the first information is the first ciphertext, and the second information being a second ciphertext of the functional encryption scheme when the first information is the first key information, the first vector corresponding to a first identifier or a combination of a plurality of first identifiers, the second vector corresponding to a second identifier or a combination of a plurality of second identifiers, the first identifier or the first identifiers being identified in according to a rule for a combination of protocols or each of the protocols that are in accordance with the functional encryption scheme, and the second identifier or the second identifiers being identified in according to the rule, wherein the first vector is v→
=(v1, . . . ,vn) and the second vector is w→
=(w1, . . . ,wn),the first ciphertext includes υ
1·
(Σ
μ
=1nvμ
·
bμ
)+υ
2·
bn+1+. . . +υ
ξ
+1·
bn+ξ and
the second key information is α
·
(Σ
μ
=1n−
wμ
·
bμ
*)+Σ
ι
=n+1n+ξ
−
υ
ι
′
·
bι
* or;the second ciphertext includes υ
1·
(Σ
μ
=1nwμ
·
bμ
)+υ
2·
bn+1+. . . +υ
ξ
+1·
bn+ξ and
the first key information is α
·
(Σ
μ
=1n−
vμ
·
b μ
*)+Σ
ι
=n+1n+ξ
−
υ
ι
′
·
bι
*, whereμ
=1, . . . ,n,n represents an integer greater than or equal to 1, ξ
is an integer greater than or equal to 1,i=1, . . . ,n+ξ
,bi represent an n+ξ
-dimensional basis vector,bi * represent an n+ξ
-dimensional basis vector,Σ
represents summation,vμ
represents the μ
-th element of v→
=(v1, . . . ,vn),wμ
represents a μ
-th element of w→
=(w1, . . . ,wn),andα
,υ
1, . . . ,υ
ξ
+1,υ
ι
′
are elements of a finite field or a finite ring.
-
-
22. An information processing apparatus comprising:
-
a decryptor that inputs information corresponding to a particular piece of first correspondence information and second information corresponding to a particular piece of second correspondence information into a decryption function of a functional encryption scheme, and generating a decryption result, the first information being a first ciphertext or first key information of the functional encryption scheme, the second information being second key information of the functional encryption scheme when the first information is the first ciphertext, and the second information being second ciphertext of the functional encryption scheme when the first information is the first key information, the first correspondence information corresponding to a first identifier or a combination of a plurality of first identifiers, the second correspondence information corresponding to a second identifier or a combination of a plurality of second identifiers, the first identifier or the first identifiers being identified in according to a rule for a combination of protocols or each of the protocols that are in accordance with the functional encryption scheme, and the second identifier or the second identifiers being identified in according to the rule, wherein the first correspondence information includes a plurality of pieces of first partial correspondence information and the second correspondence information includes a plurality of pieces of second partial correspondence information, partial combinations each consisting of each of the pieces of the first partial correspondence information and each of the pieces of the second partial correspondence information, each of the partial combinations is true or false, a first partial combination of the partial combinations is true when the predetermined function returns a particular value for the first partial combination, a second partial combination of the partial combinations is true when the predetermined function does not return the particular value for the second partial combination, and the decryption function returns the decryption result when a fifth vector exists in a vector space formed by particular vectors, each of the particular vectors being associated with each of the pieces of the first partial correspondence information or the second partial correspondence information of the partial combinations being true, the pieces of the first partial correspondence information are first vectors and the pieces of the second partial correspondence information are second vectors, and the predetermined function calculates an inner product of each vector of the first vectors and each vector of the second vectors, and the particular value is 0. - View Dependent Claims (23)
-
-
24. An information processing apparatus comprising:
-
a decryptor that inputs a first information corresponding to a particular piece of first correspondence information and second information corresponding to a particular piece of second correspondence information into a decryption function of a functional encryption scheme and, generating a decryption result when a truth value of a logical formula corresponding to a combination of the particular piece of first correspondence information and the particular piece of second correspondence information is true, the first information being a first ciphertext or first key information of the functional encryption scheme, the second information being second key information of the functional encryption scheme when the first information is the first ciphertext, and the second information being a second ciphertext of the functional encryption scheme when the first information is the first key information, the first correspondence information corresponding to a first identifier or a combination of a plurality of first identifiers, the second correspondence information corresponding to a second identifier or a combination of a plurality of second identifiers, the first identifier or the first identifiers being identified in according to a rule for a combination of protocols or each of the protocols that are in accordance with the functional encryption scheme, and the second identifier or the second identifiers being identified in according to the rule, wherein the protocols are selected from a set including at least one of a Timed-Release encryption protocol, a Forward Secure encryption protocol, a Key Insulated encryption protocol, a CCA2 secure encryption protocol, and a Keyword search encryption protocol; when the protocols include the Timed-Release encryption protocol, the first identifier or any of the plurality of the first identifiers represents information identifying a time point after the time of generation of the first information; when the protocols include the Forward Secure encryption protocol or the Key Insulated encryption protocol, the first identifier or any of the plurality of the first identifiers represents information identifying a time period including a time of generation of the first information or a time period after a time of generation of the first information; when the protocols include the CCA2 secure encryption protocol, the first identifier or any of the plurality of the first identifiers represents one-time information which is newly set each time the first information is generated; and when the protocols include the Keyword search encryption protocol, the first identifier or any of the plurality of the first identifiers represents information identifying a keyword corresponding to the first key information for searching a database in which a third ciphertext of information to be searched is associated with the second ciphertext, the keyword corresponding to the information to be searched.
-
-
25. An information output method comprising:
-
identifying, by determiner, a first identifier or a plurality of first identifiers according to a rule for a combination of protocols or each of the protocols that are in accordance with a functional encryption scheme, the one identifier or the plurality of the first identifiers corresponding to the protocols or each of the protocols; setting, by a setter, a particular piece of first correspondence information corresponding to the first identifier or a combination of the plurality of the first identifiers; outputting first information from a transmitter, the first information being a first ciphertext or first key information of the functional encryption scheme, and the first information corresponding to the particular piece of first correspondence information; and selecting, by a first unitselector, whether the first information is to be the first ciphertext or the first key information, using identification information PI for identifying the protocols or each of the protocols to be executed, the first key information being used for decryption of a second ciphertext, wherein the first correspondence information is a first vector.
-
-
26. An information output method comprising:
-
identifying, by a determiner a first identifier or a plurality of the first identifiers according to a rule for a combination of protocols or each of the protocols that are in accordance with a functional encryption scheme, the first identifier or the plurality of the first identifiers corresponding to the protocols or each of the protocols; setting, by a setter, a first vector corresponding to the first identifier or a combination of the plurality of the first identifiers; and outputting first information from a transmitter, the first information being a first ciphertext or first key information of the functional encryption scheme, and the first information corresponding to the first vector, wherein the first vector is v→
=(v1, . . . ,vn),the first ciphertext includes υ
1·
(Σ
μ
=1nvμ
·
bμ
)+υ
2·
bn+1+. . . +υ
ξ
+1·
bn+ξ
or;
the first key information is α
·
(Σ
μ
=1n−
vμ
·
b μ
*)+Σ
ι
=n+1n+ξ
−
υ
ι
′
·
bι
*, whereμ
=1, . . . ,n,n represents an integer greater than or equal to 1, ξ
is an integer greater than or equal to 1,i=1, . . . , n+ξ
,bi represent an n+ξ
-dimensional basis vector,bi* represent an n+ξ
-dimensional basis vector,Σ
represents summation,vμ
represents the μ
-th element of v→
=(v1, . . . , vn),wμ
represents a μ
-th element of w→
=(w1, . . . ,wn),andα
,υ
1, . . . ,υ
ξ
+1, υ
ι
′
are elements of a finite field or a finite ring.
-
-
27. An information output method comprising:
-
identifying, by a determiner, a first identifier or a plurality of first identifiers according to a rule for a combination of protocols or each of the protocols that are in accordance with a functional encryption scheme, the first identifier or the plurality of the first identifiers corresponding to the protocols or each of the protocols; setting, by a setter, a particular piece of first correspondence information corresponding to the first identifier or the combination of the plurality of the first identifiers; and outputting first information from a transmitter, the first information being a first ciphertext or first key information of the functional encryption scheme, and the first information corresponding to the particular piece of first correspondence information, wherein the first correspondence information includes first vectors, the first vectors are v(1)→
, . . . ,v(Ψ
)→
or, w(1)→
, . . . ,w(Ψ
)→
,the first key information includes D*(0), D*(1), . . . ,D(Ψ
) or, the first ciphertext includes C(0), C(1), . . . ,C(Ψ
), where
D*(0)=−
SE·
b1 *(0)+Σ
ι
=2I−
coefι
(0)·
bι
*(0),
D*(λ
)=(share(λ
)+coef(λ
)·
v1(λ
))·
b1*(λ
)
+Σ
ι
=2n(λ
)−
coef(λ
)·
vι
(λ
)·
bι
*(λ
)
+Σ
ι
=n(λ
)+1n(λ
)+ζ
(λ
)−
coefι
(λ
)·
bι
*(λ
)for λ
that satisfies LAB(λ
)=v(λ
)→
,
D*(λ
)=share(λ
)·
Σ
ι
=1n(λ
)−
vι
(λ
)·
bι
*(λ
)
+Σ
ι
=n(λ
)+1n(λ
)+ζ
(λ
)−
coefι
(λ
)·
bι
*(λ
)for λ
that satisfies LAB(λ
)=v(λ
)→
,
C(0)=υ
·
b1l (0)+Σ
ι
=2I−
υ
ι
(0)·
bι
(0),
C(λ
)=υ
·
Σ
ι
=1n(λ
)−
wι
(λ
)·
bι
(λ
)+Σ
ι
=n(λ
)+1n(λ
)+ζ
(λ
)−
υ
ι
(λ
)·
bι
(λ
),Ψ
represents an integer greater than or equal to 1,n(ψ
) represents an integer greater than or equal to 1,ζ
(ψ
) represents an integer greater than or equal to 0,ψ
=0, . . . ,Ψ
,λ
=1, . . . ,Ψ
,LAB(λ
) are labels associated with λ
=1, . . . ,Ψ
,LAB(λ
) represents v(λ
)→
or v(λ
)→
,represents logical negation, Σ
represents summation,SE is secret information, share(λ
) is share information of SE,bi(ψ
) represents an n(ψ
)+ζ
(ψ
)-dimensional basis vector,bi*(ψ
)represents an n(ψ
)+ζ
(ψ
)-dimensional basis vector,i=1, . . . ,n(ψ
)+ζ
(ψ
),vλ
μ
(λ
) represents a μ
-th element of v(λ
)→
=(v1(λ
), . . . ,vn( λ
)(λ
)),wλ
μ
(λ
) represents a μ
-th element of w(λ
)→
=(w1(λ
), . . . ,wn( λ
)(λ
)),μ
=1, . . . ,n(λ
),I is a constant greater than or equal 2 and less than or equal to n(0)+ζ
(0), andcoefι
(0), coef(λ
), coefι
(λ
), υ and
υ
ι
(ψ
) are elements of a finite field or a finite ring.
-
-
28. An information processing method comprising:
-
inputting, by a decryptor, a first information corresponding to a particular piece of first correspondence information and second information corresponding to a particular piece of second correspondence information into a decryption function of a functional encryption scheme and, generating a decryption result by the decryptor, when a truth value of a logical formula corresponding to a combination of the particular piece of first correspondence information and the particular piece of second correspondence information is true, the first information being a first ciphertext or first key information of the functional encryption scheme, the second information being second key information of the functional encryption scheme when the first information is the first ciphertext, and the second information being a second ciphertext of the functional encryption scheme when the first information is the first key information; and selecting, by a second selector, whether the second information is to be the second ciphertext or the second key information, using identification information PI for identifying the protocols or each of the particular protocols to be executed, the second key information being used for decryption of the first ciphertext.
-
-
29. An information processing method comprising:
-
inputting, by a decryptor, a first information corresponding to a first vector and second information corresponding to a second vector into a decryption function of a functional encryption scheme and, generating a decryption result by the decryptor, the first information being a first ciphertext or first key information of the functional encryption scheme, the second information being second key information of the functional encryption scheme when the first information is the first ciphertext, and the second information being a second ciphertext of the functional encryption scheme when the first information is the first key information, the first vector corresponding to a first identifier or a combination of a plurality of first identifiers, the second vector corresponding to a second identifier or a combination of a plurality of second identifiers, the first identifier or the first identifiers being identified in according to a rule for a combination of protocols or each of the protocols that are in accordance with the functional encryption scheme, and the second identifier or the second identifiers being identified in according to the rule, wherein the first vector is v→
=(v1, . . . ,vn) and the second vector is w43 =(w1, . . . ,wn),the first ciphertext includes υ
1·
(Σ
μ
=1nvμ
·
bμ
)+υ
2·
bn+1+. . . +υ
ξ
+1·
bn+ξ and
the second key information is α
·
(Σ
μ
=1n−
wμ
·
b μ
*)+Σ
ι
=n+1n+ξ
−
υ
ι
′
·
bι
*, or;the second ciphertext includes υ
1·
(Σ
μ
=1nwμ
·
bμ
)+υ
2·
bn+1+. . . +υ
ξ
+1·
bn+ξ and
the first key information is α
·
(Σ
μ
=1nvμ
·
b μ
*)+Σ
ι
=n+1n+ξ
−
υ
ι
′
·
bι
*, whereμ
=1, . . . ,n,n represents an integer greater than or equal to 1, ξ
is an integer greater than or equal to 1,i=1, . . . , n+ξ
,bi represent an n+ξ
-dimensional basis vector,bi* represent an n+ξ
-dimensional basis vector,Σ
represents summation,vμ
represents the μ
-th element of v→
=(v1, . . . ,vn),wμ
represents a μ
-th element of w→
=(w1, . . . ,wn), andα
,υ
1, . . . ,υ
ξ
+1,υ
ι
′
are elements of a finite field or a finite ring.
-
-
30. An information processing method comprising:
-
inputting, by a decryptor, information corresponding to a particular piece of first correspondence information and second information corresponding to a particular piece of second correspondence information into a decryption function of a functional encryption scheme, and generating a decryption result by the decryptor, the first information being a first ciphertext or first key information of the functional encryption scheme, the second information being second key information of the functional encryption scheme when the first information is the first ciphertext, and the second information being second ciphertext of the functional encryption scheme when the first information is the first key information, the first correspondence information corresponding to a first identifier or a combination of a plurality of first identifiers, the second correspondence information corresponding to a second identifier or a combination of a plurality of second identifiers, the first identifier or the first identifiers being identified in according to a rule for a combination of protocols or each of the protocols that are in accordance with the functional encryption scheme, and the second identifier or the second identifiers being identified in according to the rule, wherein the first correspondence information includes a plurality of pieces of first partial correspondence information and the second correspondence information includes a plurality of pieces of second partial correspondence information, partial combinations each consisting of each of the pieces of the first partial correspondence information and each of the pieces of the second partial correspondence information, when each of the partial combinations is input into a predetermined function, each of the partial combinations is true or false, a first partial combination of the partial combinations is true when the predetermined function returns the particular value for the first partial combination, a second partial combination of the partial combinations is true when the predetermined function does not return the particular value for the second partial combination, the decryption function returns the decryption result when a fifth vector exists in a vector space formed by particular vectors, each of the particular vectors being associated with each of the pieces of the first partial correspondence information or the second partial correspondence information of the partial combinations being true, the pieces of the first partial correspondence information are first vectors and the pieces of the second partial correspondence information are second vectors, and the predetermined function calculates an inner product of each vector of the first vectors and each vector of the second vectors, and the particular value is 0. - View Dependent Claims (31)
-
-
32. An information processing method comprising:
-
inputting, by a decryptor, a first information corresponding to a particular piece of first correspondence information and second information corresponding to a particular piece of second correspondence information into a decryption function of a functional encryption scheme and, generating a decryption result by the decryptor, when a truth value of a logical formula corresponding to a combination of the particular piece of first correspondence information and the particular piece of second correspondence information is true, the first information being a first ciphertext or first key information of the functional encryption scheme, the second information being second key information of the functional encryption scheme when the first information is the first ciphertext, and the second information being a second ciphertext of the functional encryption scheme when the first information is the first key information, the first correspondence information corresponding to a first identifier or a combination of a plurality of first identifiers, the second correspondence information corresponding to a second identifier or a combination of a plurality of second identifiers, the first identifier or the first identifiers being identified in according to a rule for a combination of protocols or each of the protocols that are in accordance with the functional encryption scheme, and the second identifier or the second identifiers being identified in according to the rule, wherein the protocols are selected from a set including at least one of a Timed-Release encryption protocol, a Forward Secure encryption protocol, a Key Insulated encryption protocol, a CCA2 secure encryption protocol, and a Keyword search encryption protocol; when the protocols include the Timed-Release encryption protocol, the first identifier or any of the plurality of the first identifiers represents information identifying a time point after the time of generation of the first information; when the protocols include the Forward Secure encryption protocol or the Key Insulated encryption protocol, the first identifier or any of the plurality of the first identifiers represents information identifying a time period including a time of generation of the first information or a time period after a time of generation of the first information; when the protocols include the CCA2 secure encryption protocol, the first identifier or any of the plurality of the first identifiers represents one-time information which is newly set each time the first information is generated; and when the protocols include the Keyword search encryption protocol, the first identifier or any of the plurality of the first identifiers represents information identifying a keyword corresponding to the first key information for searching a database in which a third ciphertext of information to be searched is associated with the second ciphertext, the keyword corresponding to the information to be searched.
-
Specification