Mixnet system
First Claim
1. A participant apparatus characterized by comprising:
- key encryption means for encrypting one of a plurality of secret keys of secret key cryptography by one public key of a plurality of substitution/decryption apparatuses;
data encryption means for encrypting given data by one of the plurality of secret keys of the secret key cryptography;
hash value encryption means for calculating a hash value of the given data by using a cryptographic hash function and encrypting the hash value by one public key of the plurality of substitution/decryption apparatuses;
repeat means for repeating processing of inputting a plaintext as a first input to said data encryption means and inputting, as subsequent inputs to said data encryption means, preceding outputs from said data encryption means, said key encryption means, and said hash value encryption means a number of times equal to the number of substitution/decryption apparatuses; and
output means for outputting data obtained by processing of said repeat means.
1 Assignment
0 Petitions
Accused Products
Abstract
Each participant apparatus (103) encrypts a plaintext by using a secret key of secret key cryptography, encrypts the encryption key by a public key, and sends the plaintext and public key to a substitution/decryption apparatus (112). With this processing, the limitation on the length of a ciphertext to be processed can be eliminated. In this invention, a verifiable proof text using a public key by each substitution/decryption apparatus is verified by a verification apparatus (109) by using the public key. If one of a plurality of organizations to decrypt and shuffle ciphertexts has not correctly executed the operation, a third party can specify it and prove that the specified organization is unauthorized.
43 Citations
20 Claims
-
1. A participant apparatus characterized by comprising:
-
key encryption means for encrypting one of a plurality of secret keys of secret key cryptography by one public key of a plurality of substitution/decryption apparatuses;
data encryption means for encrypting given data by one of the plurality of secret keys of the secret key cryptography;
hash value encryption means for calculating a hash value of the given data by using a cryptographic hash function and encrypting the hash value by one public key of the plurality of substitution/decryption apparatuses;
repeat means for repeating processing of inputting a plaintext as a first input to said data encryption means and inputting, as subsequent inputs to said data encryption means, preceding outputs from said data encryption means, said key encryption means, and said hash value encryption means a number of times equal to the number of substitution/decryption apparatuses; and
output means for outputting data obtained by processing of said repeat means. - View Dependent Claims (2, 3, 4)
-
-
5-6. -6. (canceled)
-
7. A substitution/decryption apparatus characterized by comprising:
-
data division means for divding each element of an input data sequence into a secret key of secret key cryptography, which is encrypted by public key cryptography, data encrypted by secret key cryptography, and a hash value encrypted by public key cryptography;
secret key decryption means for decrypting the encrypted secret key of the secret key cryptography by a private key of the public key cryptography;
data decryption means for decrypting the encrypted data by using the decrypted secret key to generate output data;
hash value decryption means for outputting a value obtained by decrypting the encrypted hash value by the private key of the public key cryptography;
hash value verification means for comparing the decrypted hash value with a hash value of the generated output data, if the values coincide, outputting hash value acceptance, and if the values do not coincide, outputting hash value unacceptance;
output data sequence generation means for generating a data sequence which contains, as sequence elements, only the output data for which acceptance is output from said hash value verification means and which are corresponding in a sense of being generated from the same element data of the input data sequence, and uniformly shuffling the elements at random to form an output data sequence;
hash value decryption authenticity proof means for generating a hash value decryption authenticity proof text as a proof text which proves that the hash value of each element of the output data sequence is always a value obtained by decrypting the encrypted hash value contained in a certain element of the input data sequence, and the hash values are in a one-to-one correspondence;
hash value unacceptance authenticity proof means for generating a hash value unacceptance authenticity proof text as a proof text which proves, when said hash value verification means outputs unacceptance, that the output of unacceptance is authentic; and
output means for creating an authenticity proof text from the hash value decryption authenticity proof text and the hash value unacceptance authenticity proof text and outputting the authenticity proof text and the output data sequence output from said output data sequence generation means. - View Dependent Claims (8, 9, 10)
-
-
11. A verification apparatus characterized by comprising:
-
hash value decryption authenticity verification means for verifying that a decrypted hash value contained in a hash value decryption authenticity proof text coincides with a hash value obtained by decrypting an encrypted hash value of a certain element of an input data sequence, and the hash values are in a one-to-one correspondence, if the hash values coincide and are in the one-to-one correspondence, outputting acceptance, and if the hash values are not in the one-to-one correspondence, outputting unacceptance;
hash value coincidence verification means for, when the decrypted hash value coincides with a hash value of each element of an output data sequence, outputting acceptance, and if the hash values do not coincide, outputting unacceptance;
hash value unacceptance authenticity verification means for verifying a hash value unacceptance authenticity proof text as a proof text which proves that for an element of the elements of the input data sequence, which corresponds to a hash value for which said hash value coincidence verification means outputs unacceptance, the output of unacceptance is authentic, if the proof text is authentic, outputting acceptance, and if the proof text is unauthentic, outputting unacceptance; and
authenticity determination means for outputting acceptance, for the element of the input data sequence, if said hash value decryption authenticity verification means outputs acceptance while said hash value coincidence verification means outputs acceptance, or if said hash value coincidence verification means outputs unacceptance while said hash value unacceptance authenticity verification means outputs acceptance, and if the output data sequence contains only data corresponding to the elements accepted by said hash value coincidence verification means and all the data, and otherwise, outputting unacceptance. - View Dependent Claims (12, 13, 14)
-
-
15. A mix net system characterized by comprising a plurality of participant apparatuses, a consolidating apparatus, a plurality of substitution/decryption apparatuses, and a verification apparatus,
each of said participant apparatuses comprising: -
key encryption means for encrypting one of a plurality of secret keys of secret key cryptography by one public key of said plurality of substitution/decryption apparatuses;
data encryption means for encrypting given data by one of the plurality of secret keys of the secret key cryptography;
hash value encryption means for calculating a hash value of the given data by using a cryptographic hash function and encrypting the hash value by one public key of said plurality of substitution/decryption apparatuses;
repeat means for repeating processing of inputting a plaintext as a first input to said data encryption means and inputting, as subsequent inputs to said data encryption means, preceding outputs from said data encryption means, said key encryption means, and said hash value encryption means a number of times equal to the number of substitution/decryption apparatuses; and
output means for outputting data obtained by processing of said repeat means to said consolidating apparatus, said consolidating apparatus receiving a plurality of data from said plurality of participant apparatuses, verifying authenticity of each of the data, and outputting only data which is determined as authentic to one of said substitution/decryption apparatuses, each of said substitution/decryption apparatuses comprising;
data division means for diving each element of an input data sequence input for one of said consolidating apparatus and said substitution/decryption apparatuses into a secret key of secret key cryptography, which is encrypted by public key cryptography, data encrypted by secret key cryptography, and a hash value encrypted by public key cryptography;
secret key decryption means for decrypting the encrypted secret key of the secret key cryptography by a private key of the public key cryptography;
data decryption means for decrypting the encrypted data by using the decrypted secret key to generate output data;
hash value decryption means for outputting a value obtained by decrypting the encrypted hash value by the private key of the public key cryptography;
hash value verification means for comparing the decrypted hash value with a hash value of the generated output data, if the values coincide, outputting hash value acceptance, and if the values do not coincide, outputting hash value unacceptance;
output data sequence generation means for generating a data sequence which contains, as sequence elements, only the output data for which acceptance is output from said hash value verification means and which are corresponding in a sense of being generated from the same element data of the input data sequence, and uniformly shuffling the elements at random to form an output data sequence;
hash value decryption authenticity proof means for generating a hash value decryption authenticity proof text as a proof text which proves that the hash value of each element of the output data sequence is always a value obtained by decrypting the encrypted hash value contained in a certain element of the input data sequence, and the hash values are in a one-to-one correspondence;
hash value unacceptance authenticity proof means for generating a hash value unacceptance authenticity proof text as a proof text which proves, when said hash value verification means outputs unacceptance, that the output of unacceptance is authentic; and
output means for creating an authenticity proof text from the hash value decryption authenticity proof text and the hash value unacceptance authenticity proof text and outputting the authenticity proof text and the output data sequence output from said output data sequence generation means, and said verification apparatus comprising;
hash value decryption authenticity verification means for verifying that a decrypted hash value contained in the hash value decryption authenticity proof text coincides with a hash value obtained by decrypting an encrypted hash value of a certain element of the input data sequence of said substitution/decryption apparatus, and the hash values are in a one-to-one correspondence, if the hash values coincide and are in the one-to-one correspondence, outputting acceptance, and if the hash values are not in the one-to-one correspondence, outputting unacceptance;
hash value coincidence verification means for, when the decrypted hash value coincides with a hash value of each element of the output data sequence of said substitution/decryption apparatus, outputting acceptance, and if the hash values do not coincide, outputting unacceptance;
hash value unacceptance authenticity verification means for verifying a hash value unacceptance authenticity proof text as a proof text which proves that for an element of the elements of the input data sequence, which corresponds to a hash value for which said hash value coincidence verification means outputs unacceptance, the output of unacceptance is authentic, if the proof text is authentic, outputting acceptance, and if the proof text is unauthentic, outputting unacceptance; and
authenticity determination means for outputting acceptance, for the element of the input data sequence, if said hash value decryption authenticity verification means outputs acceptance while said hash value coincidence verification means outputs acceptance, or if said hash value coincidence verification means outputs unacceptance while said hash value unacceptance authenticity verification means outputs acceptance, and if the output data sequence contains only data corresponding to the elements accepted by said hash value coincidence verification means and all the data, and otherwise, outputting unacceptance, wherein the system executes initial setting processing of generating and publishing a safety variable, an area variable of the public key cryptography, the cryptographic hash function, and an encryption function of the secret key cryptography, initial setting processing of generating and publishing the public key of each of said plurality of substitution/decryption apparatuses, participation processing of inputting, to each of said participant apparatuses, the safety variable, the area variable of the public key cryptography, the cryptographic hash function, the encryption function of the secret key cryptography, the public key of each of said plurality of substitution/decryption apparatuses, a plurality of secret keys of the secret key cryptography, and a plaintext which is different for each participant, and causing each of said participant apparatuses to output data to be input to said substitution/decryption apparatuses, consolidation processing of inputting all the data to be input to said substitution/decryption apparatuses, which are obtained by the participation processing, to said consolidating apparatus and inputting an output from said consolidating apparatus as the input data sequence, substitution/decryption processing of inputting the input data sequence and the private key of the public key cryptography to one of said substitution/decryption apparatuses and causing said substitution/decryption apparatus to output the output data sequence and a sequence of an authenticity proof text, integrated substitution/decryption processing of repeatedly executing the substitution/decryption processing while exchanging the substitution/decryption apparatus to be used by inputting an input data sequence as an output of the consolidation processing as a first input data sequence, in which an input data sequence in first substitution/decryption processing is an input data sequence output from the consolidation processing, an input data sequence in subsequent substitution/decryption processing is an output data sequence of immediately preceding substitution/decryption processing, an output data sequence output from final substitution/decryption processing is a decryption result, an output data sequence output from each substitution/decryption processing except the final substitution/decryption processing is an in progress decryption result, the authenticity proof texts output from all the substitution/decryption processing operations are defined as a global authenticity proof text, and the decryption result, the in progress decryption results, and the global authenticity proof text are output, verification processing of separating an input and output of each substitution/decryption apparatus from the decryption result, the in progress decryption results, and the global authenticity proof text, inputting the input data sequence, the output data sequence, and the authenticity proof text of each substitution/decryption processing to said verification apparatus, and causing said verification apparatus to output one of acceptance and unacceptance, and mix net determination processing of collecting outputs of the verification processing for all substitution/decryption processing operations, if all results indicate acceptance, outputting acceptance, and otherwise, outputting unacceptance. - View Dependent Claims (16, 18, 19, 20)
-
-
17. The mix net system according to claim 17, characterized in that
said participant apparatus further comprises knowledge concatenation means for encrypting the given data by one public key of said plurality of substitution/decryption apparatuses and generating a proof text of knowledge of a secret random number used for the encryption, said repeat means comprises means for repeating processing of inputting the plaintext as the first input to said data encryption means and inputting, as the subsequent inputs to said data encryption means, preceding outputs from said data encryption means, said key encryption means, said hash value encryption means, and said knowledge concatenation means a number of times equal to the number of substitution/decryption apparatuses, and said participant apparatus further comprises total random number knowledge proof means for generating a proof text of knowledge of a sum of secret random numbers used in all the repeated processing operations for data finally obtained by repeating the processing by said knowledge concatenation means, in said substitution/decryption apparatus, said data division means further comprises means for further dividing each element of the input data sequence into concatenated data encrypted by public key cryptography and a proof text of knowledge of a secret random number used to encrypt the concatenated data, said substitution/decryption apparatus further comprises: -
secret random number knowledge verification means for verifying the secret random number knowledge proof text, if the proof text is authentic, outputting acceptance, and if the consolidating apparatus is unauthentic, outputting unacceptance; and
concatenated data decryption means for decrypting the encrypted concatenated data by the private key of the public key cryptography, said output data sequence generation means comprises means for generating a data sequence which contains, as the sequence elements, only the output data and the decrypted concatenated data for which acceptance is output from all of said hash value verification means, said secret key knowledge verification means, and said secret random number knowledge verification means and which are corresponding in the sense of being generated from the same element data of the input data sequence, and uniformly shuffling the elements at random to form the output data sequence, said substitution/decryption apparatus further comprises concatenated data decryption authenticity proof means for outputting a concatenated data decryption authenticity proof text as a proof text which proves that the decrypted concatenated data contained in each element of the output data sequence is always data obtained by decrypting the encrypted concatenated data contained in a certain element of the input data sequence, and the concatenated data are in a one-to-one correspondence, and said output means comprises means for creating the authenticity proof text from the hash value decryption authenticity proof text, the concatenated data decryption authenticity proof text, and the hash value unacceptance authenticity proof text and outputting the authenticity proof text and the output data sequence output from said output data sequence generation means, and said verification apparatus further comprises;
secret random number knowledge verification means for verifying authenticity of a secret random number knowledge proof text belonging to each element of the input data sequence, if the proof text is authentic, outputting acceptance, and if the proof text is unauthentic, outputting unacceptance; and
concatenated data decryption authenticity verification means for verifying that decrypted concatenated data contained in each element of the output data sequence coincides with data obtained by decrypting encrypted concatenated data contained in a certain element of the input data sequence, and the concatenated data are in a one-to-one correspondence, if the concatenated data coincide and are in the one-to-one correspondence, outputting acceptance, and if the concatenated data are not in the one-to-one correspondence, outputting unacceptance, and said authenticity determination means comprises means for outputting acceptance, for elements of the input data sequence which are accepted by both said secret key knowledge verification means and said secret random number knowledge verification means, if both said hash value decryption authenticity verification means and said concatenated data decryption authenticity verification means output acceptance while said hash value coincidence verification means outputs acceptance, or if said hash value coincidence verification means outputs unacceptance while said hash value unacceptance authenticity verification means outputs acceptance, and if the output data sequence contains only data corresponding to the elements accepted by said secret key knowledge verification means, said secret random number knowledge verification means, and said hash value coincidence verification means and all the data, and otherwise, outputting unacceptance.
-
Specification