Re-encrypted data verification program, re-encryption apparatus and re-encryption system

US 9,698,984 B2
Filed: 09/08/2014
Issued: 07/04/2017
Est. Priority Date: 03/28/2012
Status: Active Grant

First Claim

Patent Images

1. An at least one non-transitory computer readable medium including a re-encrypted data verification program used in a re-encryption system comprising an encryption apparatus executing an encryption process on plain data using a public key corresponding to a private key of a re-encryption key generation apparatus and transmitting resultant encrypted data to a re-encryption apparatus, the re-encryption apparatus then executing a re-encryption process on the encrypted data using a re-encryption key without decrypting the encrypted data and transmitting resultant re-encrypted data to a decryption apparatus, the decryption apparatus executing a verification process on the re-encrypted data using a public key of the re-encryption apparatus, and executing a decryption process on the re-encrypted data using a private key corresponding to a public key of the decryption apparatus to obtain the plain data, the re-encrypted data verification program being executed by a processor in the decryption apparatus comprising a storage device storing the public key of the re-encryption key generation apparatus and the private key of the decryption apparatus, the re-encrypted data verification program being stored in a non-transitory computer-readable storage medium, the re-encrypted data verification program, when executed by the re-encryption system, causes the re-encryption system to perform the steps of:

a first program code of the re-encrypted data verification program allowing the processor to execute a process of holding at least one program instruction including a verification formula, the verification formula holding true when being calculated by substituting into the verification formula, a part of the re-encrypted data used for the re-encryption system and the public key used for the encryption process executed on the encrypted data before the re-encryption process is executed on the re-encrypted data;

a second program code of the re-encrypted data verification program allowing the processor to execute a process of performing a calculation based on the verification formula by substituting into the verification formula, the part of the re-encrypted data received from the re-encryption apparatus and the public key of the re-encryption key generation apparatus read from the storage device, to determine whether or not the verification formula holds true; and

a third program code of the re-encrypted data verification program allowing the processor to execute a process of outputting detection success indicating that the public key used for the encryption process executed on the plain data is the public key of the re-encryption key generation apparatus when a result of the determination indicates that the verification formula holds true.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a decryption apparatus according to an embodiment, a holding device pre-holds a verification formula. A determination device performs a calculation based on the verification formula read from the holding device by substituting, into the verification formula, the part of the re-encrypted data received from a re-encryption apparatus and the public key of a re-encryption key generation apparatus and the private key of the decryption apparatus, to determine whether or not the verification formula holds true. An output device outputs verification success when a result of the determination indicates that the verification formula holds true.

Citations

6 Claims

1. An at least one non-transitory computer readable medium including a re-encrypted data verification program used in a re-encryption system comprising an encryption apparatus executing an encryption process on plain data using a public key corresponding to a private key of a re-encryption key generation apparatus and transmitting resultant encrypted data to a re-encryption apparatus, the re-encryption apparatus then executing a re-encryption process on the encrypted data using a re-encryption key without decrypting the encrypted data and transmitting resultant re-encrypted data to a decryption apparatus, the decryption apparatus executing a verification process on the re-encrypted data using a public key of the re-encryption apparatus, and executing a decryption process on the re-encrypted data using a private key corresponding to a public key of the decryption apparatus to obtain the plain data, the re-encrypted data verification program being executed by a processor in the decryption apparatus comprising a storage device storing the public key of the re-encryption key generation apparatus and the private key of the decryption apparatus, the re-encrypted data verification program being stored in a non-transitory computer-readable storage medium, the re-encrypted data verification program, when executed by the re-encryption system, causes the re-encryption system to perform the steps of:
- a first program code of the re-encrypted data verification program allowing the processor to execute a process of holding at least one program instruction including a verification formula, the verification formula holding true when being calculated by substituting into the verification formula, a part of the re-encrypted data used for the re-encryption system and the public key used for the encryption process executed on the encrypted data before the re-encryption process is executed on the re-encrypted data;
  
  a second program code of the re-encrypted data verification program allowing the processor to execute a process of performing a calculation based on the verification formula by substituting into the verification formula, the part of the re-encrypted data received from the re-encryption apparatus and the public key of the re-encryption key generation apparatus read from the storage device, to determine whether or not the verification formula holds true; and
  
  a third program code of the re-encrypted data verification program allowing the processor to execute a process of outputting detection success indicating that the public key used for the encryption process executed on the plain data is the public key of the re-encryption key generation apparatus when a result of the determination indicates that the verification formula holds true.
- View Dependent Claims (2)
- - 2. The at least one non-transitory computer readable medium including the re-encrypted data verification program according to claim 1, wherein, when the private key and public key of the re-encryption key generation apparatus are represented by x_iand X_i(where, when bilinear map groups satisfying a prime order p>
    - 2^λare represented by G and G_Tand a first generator is represented by gε
      
      G, based on a security parameter λ
      
      , public parameters (p, λ
      
      , G, G_T, g, u, v, Sig)),the plain data is represented by m ε
      
      G_T,the encrypted data is represented by C_i=(C₁, C₂, C₃, C₄, σ
      
      ) (where, when a signature key and a verification key in a one-time signature are represented by ssk and svk, a multiplicative group for a prime number p is represented by Z_p*, a first random number is represented by rε
      
      Z_p*, a pairing function is represented by e(,), a second generator and a third generator are represented by u, vε
      
      G, respectively, and a signature generation function of the one-time signature is represented by Ŝ
      
      , for
      C₁=svk,
      C₂=X_i^r,
      C₃=e(g,g)^r·
      
      m,
      C₄=(u^svk·
      
      v)^r,
      σ
      
      =Ŝ
      
      (ssk, C₃, C₄)), andwhen the private key and public key of the decryption apparatus are represented by x_jand X_j(where;
      
      X_i=g^Xⁱ, X_j=g^X^j),the re-encryption key is represented by;
      
      R_ij=X_j1/x_i=g x_j/x_i, andthe re-encrypted data is represented by C_j=(C₁, C_2′, C_2″, C_2′
      
      ″, C_2V, C₃, C₄, σ
      
      ) (where a second random number is represented by tε
      
      Z_p*), for

3. A re-encryption apparatus using a re-encrypted data verification program, the re-encryption apparatus comprising:
- a verification program storage device which stores the re-encrypted data verification program; and
  
  a verification program distribution device which distributes the re-encrypted data verification program in the verification program storage device to a decryption apparatus upon receiving a distribution request for the re-encrypted data verification program from the decryption apparatus, whereinthe re-encrypted data verification program includesa first program code allowing a processor in a decryption apparatus to execute a process of holding a program code including a verification formula, the verification formula holding true when being calculated by substituting into the verification formula, a part of re-encrypted data used for the decryption apparatus and a public key used for an encryption process executed on encrypted data before an re-encryption process is executed on the re-encrypted data using a re-encryption key;
  
  a second program code allowing the processor to execute a process of performing a calculation based on the verification formula by substituting into the verification formula, the part of the re-encrypted data received from the re-encryption apparatus and a public key of an re-encryption key generation apparatus, to determine whether or not the verification formula holds true; and
  
  a third program code allowing the processor to execute a process of outputting detection success indicating that the public key used for the encryption process executed on plain data is the public key of the re-encryption key generation apparatus when a result of the determination indicates that the verification formula holds true.
- View Dependent Claims (4)
- - 4. The re-encryption apparatus according to claim 3,wherein, when a private key and the public key of the re-encryption key generation apparatus are represented by x_iand X_i(where, when bilinear map groups satisfying a prime order p>
    - 2^λ are represented by G and G_Tand a first generator is represented by gε
      
      G, based on a security parameter λ
      
      , public parameters (p, λ
      
      , G, G_T, g, u, v, Sig)),the plain data is represented by mε
      
      G_T,the encrypted data is represented by C_i=(C₁,C₂, C₃,C₄, σ
      
      ) (where, when a signature key and a verification key in a one-time signature are represented by ssk and svk, a multiplicative group for a prime number p is represented by Z_p*, a first random number is represented by rε
      
      Z_p*, a pairing function is represented by e(,), a second generator and a third generator are represented by u, vε
      
      G, respectively, and a signature generation function of the one-time signature is represented by Ŝ
      
      , for
      C₁=svk,
      C₂=X_i^r,
      C₃=e(g,g)^r·
      
      m,
      C₄=(u^svk·
      
      v)^r,
      σ
      
      =Ŝ
      
      (ssk, C₃, C₄)), andwhen a private key and public key of the decryption apparatus are represented by x_jand X_j(where;
      
      X_i=g^xⁱ, X_j=g^x^j),the re-encryption key is represented by;
      
      R_ij=X_j1/x_i=g x_j/x_i, andthe re-encrypted data is represented by C_j=(C₁, C_2′, C_2″, C_2′
      
      ″, C_2V, C₃, C₄, σ
      
      ) (where a second random number is represented by tε
      
      Z_p*), for

5. A re-encryption system comprising an encryption apparatus, a re-encryption key generation apparatus, a re-encryption apparatus, and a decryption apparatus, whereinthe encryption apparatus is comprised of:
- a first storage device which stores a public key of the re-encryption key generation apparatus;
  
  an encryption device which executes an encryption process on plain data using the public key of the re-encryption key generation apparatus read from the first storage device, to obtain encrypted data; and
  
  a first device which transmits the resultant encrypted data to the re-encryption apparatus,the re-encryption key generation apparatus comprising;
  
  a second storage device which stores a private key corresponding to the public key of the re-encryption key generation apparatus and a public key corresponding to a private key of the decryption apparatus;
  
  a second device which generates a re-encryption key using the private key of the re-encryption key generation apparatus and the public key of the decryption apparatus both read from the second storage device; and
  
  a third device which transmits the generated re-encryption key to the re-encryption apparatus,the re-encryption apparatus comprising;
  
  a third storage device which stores the re-encryption key received from the re-encryption key generation apparatus;
  
  a re-encryption device which, upon receiving the encrypted data from the encryption apparatus, executes a re-encryption process on the encrypted data using the re-encryption key read from the third storage device without decrypting the encrypted data, to obtain re-encrypted data; and
  
  a fourth device which transmits the resultant re-encrypted data to the decryption apparatus, andthe decryption apparatus comprising;
  
  a fourth storage device which stores the public key of the re-encryption key generation apparatus and the private key of the decryption apparatus;
  
  a decryption device which, upon receiving the re-encrypted data from the re-encryption apparatus, executes a decryption process on the re-encrypted data based on the private key of the decryption apparatus read from the fourth storage device, to obtain the plain data;
  
  a holding device which holds a verification formula that holds true when the verification formula is calculated by substituting, into the verification formula, a part of the re-encrypted data used for the re-encryption system and the public key used for the encryption process executed on the encrypted data before the re-encryption process is executed on the re-encrypted data;
  
  a determination device which performs a calculation based on the verification formula read from the holding device by substituting, into the verification formula, a part of the re-encrypted data received from the re-encryption apparatus and the public key of the re-encryption key generation apparatus read from the fourth storage device, to determine whether or not the verification formula holds true; and
  
  an output device which outputs verification success indicating that the public key used for the encryption process executed on the plain data is the public key of the re-encryption key generation apparatus when a result of the determination indicates that the verification formula holds true.
- View Dependent Claims (6)
- - 6. The re-encryption system according to claim 5, further comprising a key generation apparatus that generates a pair of a public key and a private key for each of the re-encryption and decryption apparatuses.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Toshiba Digital Solutions Corporation (Toshiba Corporation)
Original Assignee
Kabushiki Kaisha Toshiba (Toshiba Corporation), Toshiba Solutions Corporation (Toshiba Corporation)
Inventors
Okada, Koji, Fujii, Yoshihiro, Yoshida, Takuya
Primary Examiner(s)
LEWIS, LISA C

Application Number

US14/480,073
Publication Number

US 20150043735A1
Time in Patent Office

1,030 Days
Field of Search
US Class Current
CPC Class Codes

H04L 2209/24   Key scheduling, i.e. genera...

H04L 2209/76   Proxy, i.e. using intermedi...

H04L 9/0827   involving distinctive inter...

H04L 9/14   using a plurality of keys o...

H04L 9/30   Public key, i.e. encryption...

H04L 9/3073   involving pairings, e.g. id...

H04L 9/3247   involving digital signatures

Re-encrypted data verification program, re-encryption apparatus and re-encryption system

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

6 Claims

Specification

Solutions

Use Cases

Quick Links

Re-encrypted data verification program, re-encryption apparatus and re-encryption system

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

6 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links