[go: up one dir, main page]

WO2013072947A1 - Secret character string search system - Google Patents

Secret character string search system Download PDF

Info

Publication number
WO2013072947A1
WO2013072947A1 PCT/JP2011/006329 JP2011006329W WO2013072947A1 WO 2013072947 A1 WO2013072947 A1 WO 2013072947A1 JP 2011006329 W JP2011006329 W JP 2011006329W WO 2013072947 A1 WO2013072947 A1 WO 2013072947A1
Authority
WO
WIPO (PCT)
Prior art keywords
character
search
result
server
user terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/JP2011/006329
Other languages
French (fr)
Japanese (ja)
Inventor
健 長沼
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hitachi Ltd
Original Assignee
Hitachi Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hitachi Ltd filed Critical Hitachi Ltd
Priority to PCT/JP2011/006329 priority Critical patent/WO2013072947A1/en
Publication of WO2013072947A1 publication Critical patent/WO2013072947A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/008Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/36Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols with means for detecting characters not meant for transmission

Definitions

  • the present invention relates to a character string search system in which a user who performs a character string search on a plurality of documents held by a server executes a search process while concealing the character string to be searched from the server.
  • the function values f (W) and g (W) are calculated from the function values f (W (0)) and w (1) to the function value f (w (1) w (0). )) Is calculated, and the function value f (w (2) w (1) w (0)) is calculated from the function values f (w (1) w (0)) and w (2), and so on.
  • Function value f (W) f (w (l) w (l ⁇ 1)... W (0)) is recursively calculated from f (w (l ⁇ 1)... W (0)) and w (l).
  • g (w) g ((w (l) w (l-1)...
  • Non-Patent Document 2 describes an additive homomorphic encryption method (an encryption method in which an encryption function from a plaintext space to a ciphertext space has additive homomorphism).
  • Non-Patent Document 1 cannot be applied to simply encrypted documents. (I-1) This is because the calculation result of the character i is output in an encrypted form, so that the function value cannot be calculated and the i-th character cannot be calculated.
  • a user terminal that generates an encrypted query of (0) and transmits the encrypted query to the server, and an arithmetic process having homomorphism with respect to the encrypted query received from the user terminal and the document to be searched.
  • a computer system including a server that executes and returns a search processing result, which is a calculation result, to the user terminal.
  • the first character search process is executed for the first character query, the first character search process result as the search result is generated, and the first character search process result is transmitted to the user terminal.
  • the first character decryption process is performed on the first character search processing result received from the public key cryptosystem private key having the additive homomorphism, and the 1st to 0th characters w (1)
  • the search result for w (0) is obtained, and the user terminal recursively with respect to an integer m less than or equal to l in the same procedure below.
  • public key having the additive homomorphism for the m-1 character search processing result and the m character w (m) the m character query that is an encryption query is
  • the m-th character query is generated and transmitted to the server.
  • the server executes the m-th character search process for the m-th character query received from the user terminal, and the m-th character search process result as a search result is obtained.
  • the m-th character search processing result is generated and transmitted to the user terminal, and the user terminal transmits the private key of the public key cryptosystem having the additive homomorphism to the m-th character search processing result received from the server.
  • a process for determining whether the search result is compatible or non-conforming is executed for the search result for w (0).
  • the user can search while keeping the contents of the search query secret from the server, and can solve the privacy problem caused by providing the search keyword.
  • the user searches for a document including a specific character string W as a partial character string with respect to a plurality of documents X (1), X (2),. Configure the download method.
  • the user may search for the method of the bellows wheeler described in Non-Patent Document 1 using homomorphic encryption while communicating with the server.
  • the system configuration of this embodiment will be described with reference to FIGS. 1 to 3.
  • FIG. 1 is a schematic diagram of a secret character string search system according to an embodiment of the present invention.
  • the secret string search system includes a user terminal 100 and a server 200, and the user terminal 100 and the server 200 are designed to be able to transmit and receive information to and from each other via a network 300. .
  • FIG. 2 is a functional schematic diagram of the user terminal 100.
  • the user terminal 100 includes a CPU 101, an auxiliary storage device 102, a memory 103, a tamper resistant storage device 105, a display device 106, an input / output interface 107, and a communication device 108. Connected and configured at 104.
  • the auxiliary storage device 102 stores program codes. The program code is loaded into the memory 103 and executed by the CPU 101.
  • FIG. 3 is a functional schematic diagram of the server 200.
  • the server 200 includes a CPU 201, an auxiliary storage device 202, a memory 203, a display device 206, an input / output interface 207, and a communication device 208 connected by an internal signal line 204.
  • the auxiliary storage device 202 stores program codes and documents X (1), X (2),..., X (m) to be searched.
  • the program code is loaded into the memory 203 and executed by the CPU 201.
  • a procedure for determining whether or not (0) is included or W is concealed will be described. By performing this procedure for all the documents held by the server 200, the user 100 can know which document contains W among the documents held by the server. Terms used in this embodiment are defined.
  • the public key cryptosystem used in this embodiment is a scheme having additivity between ciphertexts in addition to asymmetry with respect to normal encryption and decryption as described in Non-Patent Document 2, for example. Have In other words, a ciphertext that is the sum of two ciphertexts can be calculated with public information only. Also, a secret key / public key generation processing program that is predetermined by this encryption method is used.
  • BW (BW) Conversion Function the Burrow Wheeler (BW) conversion function described in Non-Patent Document 1 is used.
  • the character string after BW conversion of document X [n] is represented by BW (X) [n].
  • W (1) w (0) is an array having alphabet as elements, and n and l are the lengths of each.
  • each alphabet a (i) is called a lexicographic order of a (i).
  • a normal alphabet set ⁇ a, b, c,..., Z ⁇ may be used as ⁇ .
  • f (W), g (W) Function (f (W), g (W))
  • g (W) pointer to the end point of the line where the character string starts from W when the substrings of X are arranged in lexicographic order.
  • FIGS. 4 and 5 are data transmission / reception and program processing flows between the user terminal 100 and the server 200 at the time of service.
  • the user terminal 100 executes private key / public key generation processing (S100), An encryption public key and a decryption secret key are generated, the generated secret key is stored in the tamper resistant area 105, and the generated public key is transmitted to the server 200 (D100).
  • S100 private key / public key generation processing
  • D100 public key generation processing
  • the server 200 executes search parameter generation processing (S200) for the document X that is held, and generates parameters to be used during the search.
  • S200 search parameter generation processing
  • the server 200 that has received the 0th character query (D200) executes the 0th character search process (S400), generates the 0th character search result, and transmits the 0th character search result to the user 100 ( D300).
  • the user 100 that has received the 0th character search result (D300) executes the 0th character decoding process (S500), and obtains the search results up to the 0th character.
  • the process (S600) is executed, and the first character query is transmitted to the server 200 (D400).
  • the server 200 that has received the first character query (D200) executes the first character search process (S700), generates the first character search result, and transmits the first character search result to the user 100 ( D500).
  • the user 100 that has received the first character search result (D500) executes the first character decoding process (S800) and obtains the search results up to the first character.
  • the process (S900) is executed, and the second character query is transmitted to the server 200 (D600).
  • the server 200 that has received the second character query (D600) executes the second character search process (S1100), generates a second character search result, and transmits the second character search result to the user 100 ( D700).
  • the user 100 that has received the first character search result (D500) executes the first character decoding process (S800) and obtains the search result up to the second character.
  • search processing is performed up to the (l-1) th character, and the search results up to the (l-1) th character are obtained.
  • the generation process (S1300) is executed, and the l-th character query is transmitted to the server 200 (D800).
  • the server 200 that has received the l-th character query (D900) executes an l-th character search process (S1400), generates an l-th character search result, and transmits the l-th character search result to the user 100 ( D1500).
  • the user 100 that has received the first character search result (D1500) executes the first character decoding process (S800), and obtains the search result up to the first character.
  • the user 100 performs search result determination processing (S1600) for the first character search result (D1500), and determines whether or not the character string W exists in the document X. Then, the determination result (success or failure) is output to the display device 106.
  • FIG. 6 is a processing flow of private key / public key generation processing (S100) executed by the user terminal 100 in the data transmission / reception at the service of FIG. 4 and the processing flow of the program.
  • the user terminal 100 sets the security parameter ⁇ and generates a secret key sk and a public key pk using a key generation algorithm with the security parameter ⁇ as an argument (S201).
  • FIG. 7 is a processing flow of search parameter generation processing (S200) executed by the server 200 in the data transmission / reception at the service of FIG. 4 and the processing flow of the program.
  • S200 search parameter generation processing
  • the server 200 uses the BW conversion function with the document X [n ⁇ n] of length n ⁇ n as an argument to convert the character array BW (X) [n ⁇ n] of X [n ⁇ n] into BW. Calculate (S201). Next, for each alphabet a, the server 200 Value C (a): ⁇ number of characters in the character string X [n] whose dictionary order is truly smaller than a ⁇ is calculated (S202).
  • the number of a existing up to the line is calculated (S204).
  • the server 200 calculates a search result (f (a), g (a)) when a is searched at the 0th character for each alphabet a (S205).
  • the server 200 outputs the calculated C (a), B (X), ⁇ (a, i), (f (a), g (a)) and ends the process.
  • FIG. 8 is a processing flow of the data transmission / reception at the time of the service of FIG. 4 and the 0th character query generation processing (S300) executed by the user terminal 100 in the processing flow of the program.
  • E ( ⁇ (w (0))) (E (0), E (0), ... E (0), E (1), E (0), ..., E (0)) (S302)
  • the generated encrypted character vector is output with E ( ⁇ (w (0))) and the process ends.
  • FIG. 9 is a processing flow of data transmission / reception at the time of service of FIG. 4 and a 0th character search process (S400) executed by the server 200 in the processing flow of the program.
  • E ( ⁇ (w (0))) i is calculated using the additivity of encryption method E, and the additivity of encryption method E is further calculated.
  • the server 200 outputs the calculated (E (f (w (0))), E (g (w (0)))) and ends the process.
  • FIG. 10 is a processing flow of data transmission / reception at the time of service in FIG. 4 and a 0th character decoding process (S500) executed by the user terminal 100 in the processing flow of the program.
  • the user terminal 100 obtains the secret key sk generated in (S100) from the 0th character search processing result (D300) E (f (w (0))), E (g (w (0))) received from the server. To obtain f (w (0)) and g (w (0)). Next, f (w (0)) and g (w (0)) are output and the process is terminated.
  • FIG. 11 is executed by the user terminal 100 in the data transmission / reception and program processing flow in FIG. It is a processing flow of m-th character query generation processing (S600, 900, 1300).
  • a vector ⁇ (w (m)) (0, 0,..., 0, 1, 0,.
  • the dictionary order of w (m) is k (S601).
  • E ( ⁇ (w (m))) be an encrypted character vector obtained by encrypting each component of.
  • E ( ⁇ (w (m))) (E (0), E (0),... E (0), E (1), E (0),..., E (0)) (S602) .
  • E (Xi) is an encrypted vector obtained by encrypting each component of a vector of length n in which the (i-1) component is 1 and the others are 0, and E (Yj) is the 1st component to the jth component Is an encrypted vector obtained by encrypting each component of a vector of length n with 1 as the other component and 0, and E (0) is an encrypted vector obtained by encrypting each component of the 0 vector of length n. (S604).
  • FIG. 12 is a processing flow of data transmission / reception at the time of service in FIGS. 4 and 5 and m-th character search processing (S700, 1100, 1400) executed by the server 200 in the processing flow of the program.
  • E ( ⁇ (w (m))) i is calculated using the additivity of the encryption method E, and further, the additivity of the encryption method E is used. Add all the calculated values for i. That is, ⁇ f (a) i ⁇ E ( ⁇ (w (m))) i is calculated. This ciphertext is E (f (w (m))) (S701).
  • a ciphertext obtained by adding E (f (w (m))) calculated in (S1101) to E (z (i)) and E ( ⁇ (a (k), i-1)) is E ( ⁇ (I)) (S702).
  • the server 200 outputs the calculated E ( ⁇ (1))... E ( ⁇ (n)), E ( ⁇ ′ (1))... E ( ⁇ ′ (n)) and ends the processing. .
  • FIG. 13 is a processing flow of the m-th character decoding process (S800, 1200, 1500) executed by the user terminal 100 in the data transmission / reception and program processing flow of FIGS.
  • the user terminal 100 outputs f (w (m) ... w (0)), g (w (m) ... w (0)) and ends the process.
  • FIG. 14 is a processing flow of the secret calculation argument generation processing (S1600) of FIG.
  • the user can determine whether or not the character string W is included in the document X [n ⁇ n].
  • the packet length of data (D100, D200, D300, D400, D500, D600, D700, D800, D900) communicated between the user terminal and the server in FIGS. 4 and 5 is a constant multiple of n
  • l is the length of the character string W. Therefore, by making the magnitude of l a constant, the total communication amount can be made a constant multiple of n at most. Since the communication amount when downloading all the documents X [n ⁇ n] is n ⁇ n, when n is sufficiently large, this method becomes a realistic method.
  • the user performs the same processing for all the documents X (1), X (2),..., X (m) held by the server, so that the user can perform the documents X (1), X (2),. , X (m) can find all documents that contain the character string W as a substring. At this time, the contents of the character string W are concealed from the server.
  • the user obtains a document including the character string W as a partial character string by a method in a non-patent document (C. Gentry and Z. Ramzan, Single-Database Private Information Retrieval with Costentant Communication Rate.). To do.
  • Non-Patent Document 3 is used as the PIR and PBR method, other PIR and PBR methods may be used.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

When a user uses a web search engine to execute a search, there is a privacy problem wherein the user's interest, preference or other information becomes known to the search engine from a keyword provided thereto as a search query. In response to such a privacy problem, an approach using encryption technology has been proposed in non-patent document 1, but a user-specifiable keyword is specified as a search string. Moreover, the expansion of a group of said specifiable keywords will be accompanied by the problem of an increase in communication volume between the user and the web search engine. To solve said problems, the present invention uses additively homomorphic encryption and a Burrows-Wheeler transform to secretly calculate whether or not there is a hit for a search. A character string using a Burrows-Wheeler transform enables the use of any character string as a keyword, and when the length of the search character string is fixed, the communication volume is fixed, enabling the problems to be solved.

Description

秘匿文字列検索システムSecret string search system

 本発明は、サーバが保持する複数のドキュメントに対して文字列検索を行うユーザが、検索する文字列をサーバに対して秘匿しながら、検索処理を実行する、文字列検索システムに関する。 The present invention relates to a character string search system in which a user who performs a character string search on a plurality of documents held by a server executes a search process while concealing the character string to be searched from the server.

 近年、インターネット上では、多くの人が検索エンジンを用いて、自身が興味をもつ情報などを取得している。 In recent years, on the Internet, many people use search engines to acquire information that they are interested in.

 検索方法として、例えば非特許文献1のような技術がある。具体的には、長さn×nのドキュメントXに対して、文字列を値域とする関数(f、g)を利用し、ただし、(f、g)は、任意の文字列Wに対して、WがXの部分文字列である時に限り、g(W)-f(W)≧0となる性質も持っている、文字列W=w(l)w(l-1)…w(0)が部分文字列として存在するか判定する。また、非特許文献1にあるように、関数値f(W)、g(W)は、関数値f(W(0))とw(1)から関数値f(w(1)w(0))が算出され、関数値f(w(1)w(0))とw(2)から関数値f(w(2)w(1)w(0))が算出され、以下同様に、関数値f(W)=f(w(l)w(l-1)…w(0))をf(w(l-1)…w(0))とw(l)から再帰的に計算する事が可能である、g(w)=g((w(l)w(l-1)…w(0))についても同様に(i-1)文字目の関数値とw(i)を関数引数として、再帰的に計算する事が可能であり、文字列の長さlに対して、それぞれl回の再帰計算で関数値f(W)、g(W)は求める事が出来る。 As a search method, for example, there is a technique as described in Non-Patent Document 1. Specifically, for a document X of length n × n, a function (f, g) having a character string as a range is used, where (f, g) is applied to an arbitrary character string W. , W has the property that g (W) −f (W) ≧ 0 only when W is a partial character string of X. Character string W = w (l) w (l−1)... W (0 ) Exists as a partial character string. As described in Non-Patent Document 1, the function values f (W) and g (W) are calculated from the function values f (W (0)) and w (1) to the function value f (w (1) w (0). )) Is calculated, and the function value f (w (2) w (1) w (0)) is calculated from the function values f (w (1) w (0)) and w (2), and so on. Function value f (W) = f (w (l) w (l−1)... W (0)) is recursively calculated from f (w (l−1)... W (0)) and w (l). Similarly, for g (w) = g ((w (l) w (l-1)... W (0)), the function value of the (i-1) th character and w (i) Can be recursively calculated as function arguments, and the function values f (W) and g (W) can be obtained by l recursive calculations each for the length l of the character string.

 しかしながら、検索サービスは便利ではあるものの、検索クエリとしてユーザが提供したキーワードから、ユーザの趣味、趣向その他の情報が検索エンジンに知られてしまう問題がある。そのため、暗号技術を用いた対策案が必要である。たとえば非特許文献2には、加法的準同型暗号方式(平文空間から暗号文空間への暗号化関数が加法的な準同型性を有する暗号方式)が記載されている。 However, although the search service is convenient, there is a problem that the search engine knows the user's hobbies, preferences and other information from the keywords provided by the user as a search query. For this reason, a countermeasure plan using cryptographic technology is necessary. For example, Non-Patent Document 2 describes an additive homomorphic encryption method (an encryption method in which an encryption function from a plaintext space to a ciphertext space has additive homomorphism).

P. Ferragina and G. Manzini, Opportunistice Data Structures with Applications.P. Ferragina and G. Manzini, Opportunistic Data Structures with Applications. P.Paillier, Public-Key Cryptosystems Based on Composite Degree Residuosity Classes.P. Paillier, Public-Key Cryptossystems Based on Composite Degree Residuity Classes.

 非特許文献1に記載された技術は、単に暗号化されたドキュメントに適用できない。(i-1)文字目の計算結果が暗号化されたもので出力されてしまうため、関数値が算出できず、i文字目の計算ができないという課題が生じるためである。 The technology described in Non-Patent Document 1 cannot be applied to simply encrypted documents. (I-1) This is because the calculation result of the character i is output in an encrypted form, so that the function value cannot be calculated and the i-th character cannot be calculated.

 本発明は、上記課題を解決するためのものであり、加法的準同型性を持つ公開鍵暗号方式において、公開鍵を用いて検索文字列W=w(l)w(l-1)…w(0)の暗号化クエリを生成し、該暗号化クエリをサーバに送信するユーザ端末と、ユーザ端末から受信した暗号化クエリと検索対象となるドキュメントに対して、準同型性を有する演算処理を実行し、該演算結果である検索処理結果をユーザ端末に返信するサーバとを含むコンピュータシステムであって、ユーザ端末は、検索文字列W=w(l)w(l-1)…w(0)の0文字目w(0)に対して、該加法的準同型性を持つ公開鍵暗号方式の公開鍵を用いて、暗号化クエリである0文字目クエリを生成し、該0文字目クエリを前記サーバに送信し、サーバはユーザ端末から受信した0文字目クエリに対して、0文字目検索処理を実行し、検索結果である0文字目検索処理結果を生成し、該0文字目検索処理結果を前記ユーザ端末に送信し、ユーザ端末は、サーバから受信した0文字目検索処理結果に対して、該加法的準同型性を持つ公開鍵暗号方式の秘密鍵を用いて、0文字目復号処理を実行し、0文字目w(0)に対する検索結果を取得し、該0文字目検索処理結果と、1文字目w(1)に対して、該加法的準同型性を持つ公開鍵暗号方式の公開鍵を用いて、暗号化クエリである1文字目クエリを生成し、該1文字目クエリをサーバに送信し、サーバはユーザ端末から受信した1文字目クエリに対して、1文字目検索処理を実行し、検索結果である1文字目検索処理結果を生成し、該1文字目検索処理結果をユーザ端末に送信し、サーバはユーザ端末から受信した1文字目クエリに対して、1文字目検索処理を実行し、検索結果である1文字目検索処理結果を生成し、該1文字目検索処理結果をユーザ端末に送信し、ユーザ端末は、サーバから受信した1文字目検索処理結果に対して、該加法的準同型性を持つ公開鍵暗号方式の秘密鍵を用いて、1文字目復号処理を実行し、1から0文字目w(1)w(0)に対する検索結果を取得し、以下同様の手順で、l以下の整数mに対して帰納的に、ユーザ端末は、
m-1文字目検索処理結果と、m文字目w(m)に対して、該加法的準同型性を持つ公開鍵暗号方式の公開鍵を用いて、暗号化クエリであるm文字目クエリを生成し、該m文字目クエリを前記サーバに送信し、サーバはユーザ端末から受信したm文字目クエリに対して、m文字目検索処理を実行し、検索結果であるm文字目検索処理結果を生成し、該m文字目検索処理結果をユーザ端末に送信し、ユーザ端末は、サーバから受信したm文字目検索処理結果に対して、該加法的準同型性を持つ公開鍵暗号方式の秘密鍵を用いて、m文字目復号処理を実行し、mから0文字目w(m)…w(1)w(0)に対する検索結果を取得し、ユーザ端末は、この手順をlから0文字目w(l)…w(1)w(0)に対する検索結果を取得するまで実行し、lから0文字目w(l)…w(1)w(0)に対する検索結果に対して、検索結果の適合、もしくは不適合の判定処理を実行する。 The present invention is for solving the above-mentioned problem, and in a public key cryptosystem having additive homomorphism, a search character string W = w (l) w (l−1). A user terminal that generates an encrypted query of (0) and transmits the encrypted query to the server, and an arithmetic process having homomorphism with respect to the encrypted query received from the user terminal and the document to be searched. A computer system including a server that executes and returns a search processing result, which is a calculation result, to the user terminal. The user terminal searches for a search character string W = w (l) w (l−1)... W (0 ) Using the public key of the public key cryptosystem having the additive homomorphism for the 0th character w (0) of Is sent to the server, and the server receives the 0th character received from the user terminal. The 0th character search process is executed for Eri, the 0th character search process result as a search result is generated, the 0th character search process result is transmitted to the user terminal, and the user terminal receives from the server The 0th character search process result is subjected to the 0th character decryption process using the public key cryptosystem private key having the additive homomorphism, and the search result for the 0th character w (0) is obtained. Obtain the first character search process result and the first character w (1) using the public key of the public key cryptosystem having the additive homomorphism, Generate a query, send the first character query to the server, the server executes the first character search process for the first character query received from the user terminal, the first character search processing result that is the search result The first character search processing result is transmitted to the user terminal, and the server receives from the user terminal. The first character search process is executed for the first character query, the first character search process result as the search result is generated, and the first character search process result is transmitted to the user terminal. The first character decryption process is performed on the first character search processing result received from the public key cryptosystem private key having the additive homomorphism, and the 1st to 0th characters w (1) The search result for w (0) is obtained, and the user terminal recursively with respect to an integer m less than or equal to l in the same procedure below.
Using the public key encryption method public key having the additive homomorphism for the m-1 character search processing result and the m character w (m), the m character query that is an encryption query is The m-th character query is generated and transmitted to the server. The server executes the m-th character search process for the m-th character query received from the user terminal, and the m-th character search process result as a search result is obtained. The m-th character search processing result is generated and transmitted to the user terminal, and the user terminal transmits the private key of the public key cryptosystem having the additive homomorphism to the m-th character search processing result received from the server. Is used to execute the m-th character decoding process to obtain the search result for the 0th character w (m) ... w (1) w (0) from m, and the user terminal performs this procedure from the lth character to the 0th character. Execute until the search result for w (l) ... w (1) w (0) is obtained, and the 0th character w (l) ... w (1 ) A process for determining whether the search result is compatible or non-conforming is executed for the search result for w (0).

 本発明を実施したユーザ/サーバ秘匿文字列検索システムにおいては、ユーザは検索クエリの内容をサーバに秘匿したまま、検索が可能になり、検索キーワード提供によるプライバシー問題を解決する事が可能となる。 In the user / server secret character string search system embodying the present invention, the user can search while keeping the contents of the search query secret from the server, and can solve the privacy problem caused by providing the search keyword.

本実施形態における秘匿検索システムの構成例を示す図である。It is a figure which shows the structural example of the confidential search system in this embodiment. 本実施形態におけるクライアント端末の構成例を示す図である。It is a figure which shows the structural example of the client terminal in this embodiment. 本実施形態における秘匿計算サーバの構成例を示す図である。It is a figure which shows the structural example of the secret calculation server in this embodiment. ユーザ端末とサーバとの間の、サービス時のデータ送受信および、プログラムの処理フローである。It is the data transmission / reception at the time of service between a user terminal and a server, and the processing flow of a program. 図4の続きである。It is a continuation of FIG. 秘密鍵/公開鍵生成(S100)の処理フローである。It is a processing flow of secret key / public key generation (S100). 検索用パラメータ生成(S200)の処理フローである。It is a processing flow of search parameter generation (S200). 0文字目クエリ生成(S300)の処理フローである。It is a processing flow of 0th character query generation (S300). 0文字目検索(S400)の処理フローである。It is a processing flow of the 0th character search (S400). 0文字目復号(S500)の処理フローである。It is a processing flow of 0th character decoding (S500). m文字目クエリ生成(S600,900,1300)の処理フローである。It is a processing flow of m-th character query generation (S600,900,1300). m文字目検索(S700,1100,1400)の処理フローである。It is a processing flow of m-th character search (S700, 1100, 1400). m文字目復号(S800,1200,1500)の処理フローである。It is a processing flow of m-th character decoding (S800, 1200, 1500). 検索結果判定(S1600)の処理フローである。It is a processing flow of search result judgment (S1600).

 以下、本発明の実施形態を図面に基づいて詳細に説明する。
  本実施例では、サーバが保持する複数のドキュメントX(1)、X(2)、…、X(m)に対して、ユーザが特定の文字列Wを部分文字列として含むドキュメントを検索し、ダウンロードする方式を構成する。この時、ユーザはサーバと相互に通信を行いながら、非特許文献1にあるバローズホイラーの方法を、準同型暗号を用いて、検索を行っても良い。
  以下、図1から図3を用いて、本実施例のシステム構成を示す。 Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.
In the present embodiment, the user searches for a document including a specific character string W as a partial character string with respect to a plurality of documents X (1), X (2),. Configure the download method. At this time, the user may search for the method of the bellows wheeler described in Non-Patent Document 1 using homomorphic encryption while communicating with the server.
Hereinafter, the system configuration of this embodiment will be described with reference to FIGS. 1 to 3.

 図1は、本発明の実施の形態である秘匿文字列検索システムの概略図である。図示するように、秘匿文字列検索システムは、ユーザ端末100と、サーバ200と、を備え、ユーザ端末100とサーバ200、は、ネットワーク300を介して相互に情報を送受信できるように設計されている。 FIG. 1 is a schematic diagram of a secret character string search system according to an embodiment of the present invention. As shown in the figure, the secret string search system includes a user terminal 100 and a server 200, and the user terminal 100 and the server 200 are designed to be able to transmit and receive information to and from each other via a network 300. .

 図2は、ユーザ端末100の機能概略図である。図示するように、ユーザ端末100は、CPU101と、補助記憶装置102と、メモリ103と、耐タンパ記憶装置105と、表示装置106と、入出力インターフェース107と、通信装置108と、が内部信号線104で連結し、構成される。また、補助記憶装置102には、プログラムコードが格納されている。プログラムコードは、メモリ103にロードされCPU101によって実行される。 FIG. 2 is a functional schematic diagram of the user terminal 100. As shown in the figure, the user terminal 100 includes a CPU 101, an auxiliary storage device 102, a memory 103, a tamper resistant storage device 105, a display device 106, an input / output interface 107, and a communication device 108. Connected and configured at 104. The auxiliary storage device 102 stores program codes. The program code is loaded into the memory 103 and executed by the CPU 101.

 図3は、サーバ200の機能概略図である。図示するように、サーバ200は、CPU201と、補助記憶装置202と、メモリ203と、表示装置206と、入出力インターフェース207と、通信装置208と、が内部信号線204で連結し、構成される。また、補助記憶装置202には、プログラムコードおよび、検索対象となるドキュメントX(1)、X(2)、…、X(m)が格納されている。プログラムコードは、メモリ203にロードされCPU201によって実行される。
  以下、図4から図13を用いてサーバ200が保持する長さn×nのドキュメントXに対して、ユーザ100が文字列W=w(l)w(l-1)…w(1)w(0)を含むか、Wを秘匿したまま、判定する手順を示す。この手順をサーバ200が持つ全てのドキュメントに行うことで、サーバが保持するドキュメントの中で、どのドキュメントがWを含むかユーザ100は知る事が出来る。
  本実施例で使用する用語を定義する。
(1) 公開鍵暗号方式
  本実施例で用いる公開鍵暗号方式は、例えば非特許文献2にあるような、通常の暗号化、復号化に対する非対称性に加え、暗号文同士の加法性を有する方式を持ちいる。つまり、2つの暗号文に対して、その和となる暗号文を公開情報のみを持ちいて計算する事が可能な方式とする。また、秘密鍵/公開鍵生成処理プログラムもこの暗号方式によって既定されているものを用いる。
(2) セキュリティパラメータλ
  セキュリティパラメータとは、暗号方式の秘密鍵/公開鍵を生成する際に入力されるパラメータであり、攻撃者が暗号方式を破る際に、2のλ乗回以上の計算を必要とする。例えばλ=80とするならば、2の80乗回以下の計算能力をもつ攻撃者に対して、該暗号方式は安全である。 FIG. 3 is a functional schematic diagram of the server 200. As shown in the figure, the server 200 includes a CPU 201, an auxiliary storage device 202, a memory 203, a display device 206, an input / output interface 207, and a communication device 208 connected by an internal signal line 204. . The auxiliary storage device 202 stores program codes and documents X (1), X (2),..., X (m) to be searched. The program code is loaded into the memory 203 and executed by the CPU 201.
Hereinafter, for the document X having a length of n × n held by the server 200 using FIGS. 4 to 13, the user 100 sets the character string W = w (l) w (l−1). A procedure for determining whether or not (0) is included or W is concealed will be described. By performing this procedure for all the documents held by the server 200, the user 100 can know which document contains W among the documents held by the server.
Terms used in this embodiment are defined.
(1) Public Key Cryptography The public key cryptosystem used in this embodiment is a scheme having additivity between ciphertexts in addition to asymmetry with respect to normal encryption and decryption as described in Non-Patent Document 2, for example. Have In other words, a ciphertext that is the sum of two ciphertexts can be calculated with public information only. Also, a secret key / public key generation processing program that is predetermined by this encryption method is used.
(2) Security parameter λ
The security parameter is a parameter input when generating a secret key / public key of an encryption method, and an attacker needs to calculate 2 times or more times when the encryption method is broken. For example, if λ = 80, the encryption scheme is secure against an attacker having a computing power of 2 to the 80th power.

 (3)バローズホイラー(BW)変換関数
  本実施例では、非特許文献1にあるバローズホイラー(BW)変換関数を利用する。ドキュメントX[n]のBW変換後の文字列をBW(X)[n]で表す。
(4)アルファベット
  本実施例では、文字全体の集合をΣ={a(1)、a(2)、 …、a(s)}であらわしその要素a(i)をアルファベットと呼ぶ、全てのドキュメントX[n]、文字列W=w(l)w(l-1)…w(1)w(0)はアルファベットを要素とする配列とし、n、lをそれぞれの長さとする。
また、各アルファベットa(i)の添え字iをa(i)の辞書式順序と呼ぶ。例えば、Σとして、通常のアルファベット集合{a,b,c,…,z}を用いてもよい。
(5)関数(f(W),g(W))
  本実施例では、ドキュメントXと文字列Wに対して、非特許文献1にあるように関数f(W)をXの部分文字列を辞書式順序で並べた際に、Wから文字列が始まる行の開始地点のポインタとし、g(W))をXの部分文字列を辞書式順序で並べた際に、Wから文字列が始まる行の終了地点のポインタとする。非特許文献1では、f(W)=sp、g(W)=epと表記されている。また、非特許文献1より、アルファベットaと文字列Wに対して、f(aW)、g(aW)はf(aW)=C(a)+O(a, f(W)-1)、g(aW)=C(a)+O(a, g(W))-1と1文字少ないf(W)、g(W)を用いて再帰的に計算できる。この時、WがXの部分文字列であるための必要十分条件は、g(W)-f(W)≧0となる。
  ただし、C(a): 文字列X[n]の中でaより辞書順序が真に小さい文字の数、
O(a,i): BW(X)[0]からBW(X)[i]に存在するaの数とする。 (3) Burrow Wheeler (BW) Conversion Function In this embodiment, the Burrow Wheeler (BW) conversion function described in Non-Patent Document 1 is used. The character string after BW conversion of document X [n] is represented by BW (X) [n].
(4) Alphabet In this embodiment, all documents in which the set of all characters is represented by Σ = {a (1), a (2),..., A (s)} and the element a (i) is called an alphabet. X [n], character string W = w (l) w (l-1)... W (1) w (0) is an array having alphabet as elements, and n and l are the lengths of each.
Also, the subscript i of each alphabet a (i) is called a lexicographic order of a (i). For example, a normal alphabet set {a, b, c,..., Z} may be used as Σ.
(5) Function (f (W), g (W))
In the present embodiment, when a partial character string of X is arranged in a lexicographic order with respect to a document X and a character string W as shown in Non-Patent Document 1, the character string starts from W. A pointer to the start point of the line, and g (W)) is a pointer to the end point of the line where the character string starts from W when the substrings of X are arranged in lexicographic order. Non-Patent Document 1 describes f (W) = sp and g (W) = ep. Further, from Non-Patent Document 1, f (aW) and g (aW) are f (aW) = C (a) + O (a, f (W) -1) for alphabet a and character string W, It can be calculated recursively using g (aW) = C (a) + O (a, g (W))-1 and f (W), g (W), which is one character less. At this time, a necessary and sufficient condition for W to be a partial character string of X is g (W) −f (W) ≧ 0.
Where C (a): the number of characters in the string X [n] whose dictionary order is truly smaller than a,
O (a, i): The number of a existing from BW (X) [0] to BW (X) [i].

 (6)PIR、PBRプロトコル
 本実施例では、ユーザは、ドキュメントX(1)、X(2)、…、X(m)に対して、検索にヒットしたドキュメントをサーバからダウンロードする際に、非特許文献(C.Gentry and Z.Ramzan, Single-Database Private Information Retrieval with Cosdtant Communication Rate.)にあるような、PIR、PBRプロトコルを用いる。この時、どのドキュメントをユーザがダウンロードしたかをサーバに秘匿する事が可能となる。 (6) PIR, PBR protocol In this embodiment, when a user downloads a document that hits a search from a server to a document X (1), X (2),. PIR and PBR protocols as described in the patent literature (C. Gentry and Z. Ramzan, Single-Database Private Information Retrieval with Cosdant Communication Rate.) Are used. At this time, it is possible to keep secret to the server which document has been downloaded by the user.

 図4、5は、ユーザ端末100とサーバ200との間の、サービス時のデータ送受信および、プログラムの処理フローである。
ユーザ端末100は、秘密鍵/公開鍵生成処理(S100)を実行し、
暗号化用公開鍵と復号用秘密鍵を生成し、生成した秘密鍵を耐タンパ領域105に保存し、生成した公開鍵をサーバ200に送信する(D100)。 FIGS. 4 and 5 are data transmission / reception and program processing flows between the user terminal 100 and the server 200 at the time of service.
The user terminal 100 executes private key / public key generation processing (S100),
An encryption public key and a decryption secret key are generated, the generated secret key is stored in the tamper resistant area 105, and the generated public key is transmitted to the server 200 (D100).

 サーバ200は、保持するドキュメントXに対して、検索用パラメータ生成処理(S200)を実行し、検索時に利用するパラメータを生成する。 The server 200 executes search parameter generation processing (S200) for the document X that is held, and generates parameters to be used during the search.

 次に、ユーザ100は文字列W=w(l)w(l-1)…w(1)w(0)に対して、0文字目クエリ生成処理(S300)を実行し、0文字目クエリをサーバ200に送信する(D200)。 Next, the user 100 executes the 0th character query generation process (S300) for the character string W = w (l) w (l-1)... W (1) w (0) to obtain the 0th character query. Is transmitted to the server 200 (D200).

 次に、0文字目クエリ(D200)を受信したサーバ200は、0文字目検索処理(S400)を実行し、0文字目検索結果を生成し、0文字目検索結果をユーザ100に送信する(D300)。 Next, the server 200 that has received the 0th character query (D200) executes the 0th character search process (S400), generates the 0th character search result, and transmits the 0th character search result to the user 100 ( D300).

 次に、0文字目検索結果(D300)を受信したユーザ100は、0文字目復号処理(S500)を実行し、0文字目までの検索結果を得る。 Next, the user 100 that has received the 0th character search result (D300) executes the 0th character decoding process (S500), and obtains the search results up to the 0th character.

 次に、ユーザ100は文字列W=w(l)w(l-1)…w(1)w(0)と、0文字目復号処理(S500)の結果に対して、1文字目クエリ生成処理(S600)を実行し、1文字目クエリをサーバ200に送信する(D400)。 Next, the user 100 generates a first character query for the character string W = w (l) w (l-1)... W (1) w (0) and the result of the 0th character decoding process (S500). The process (S600) is executed, and the first character query is transmitted to the server 200 (D400).

 次に、1文字目クエリ(D200)を受信したサーバ200は、1文字目検索処理(S700)を実行し、1文字目検索結果を生成し、1文字目検索結果をユーザ100に送信する(D500)。 Next, the server 200 that has received the first character query (D200) executes the first character search process (S700), generates the first character search result, and transmits the first character search result to the user 100 ( D500).

 次に、1文字目検索結果(D500)を受信したユーザ100は、1文字目復号処理(S800)を実行し、1文字目までの検索結果を得る。 Next, the user 100 that has received the first character search result (D500) executes the first character decoding process (S800) and obtains the search results up to the first character.

 次に、ユーザ100は文字列W=w(l)w(l-1)…w(1)w(0)と、1文字目復号処理(S800)の結果に対して、2文字目クエリ生成処理(S900)を実行し、2文字目クエリをサーバ200に送信する(D600)。 Next, the user 100 generates a second character query for the character string W = w (l) w (l-1)... W (1) w (0) and the result of the first character decoding process (S800). The process (S900) is executed, and the second character query is transmitted to the server 200 (D600).

 次に、2文字目クエリ(D600)を受信したサーバ200は、2文字目検索処理(S1100)を実行し、2文字目検索結果を生成し、2文字目検索結果をユーザ100に送信する(D700)。 Next, the server 200 that has received the second character query (D600) executes the second character search process (S1100), generates a second character search result, and transmits the second character search result to the user 100 ( D700).

 次に、1文字目検索結果(D500)を受信したユーザ100は、1文字目復号処理(S800)を実行し、2文字目までの検索結果を得る。 Next, the user 100 that has received the first character search result (D500) executes the first character decoding process (S800) and obtains the search result up to the second character.

 以下同様に、(l-1)文字目まで検索処理を行い、(l-1)文字目までの検索結果を得る。 In the same manner, search processing is performed up to the (l-1) th character, and the search results up to the (l-1) th character are obtained.

 次に、ユーザ100は文字列W=w(l)w(l-1)…w(1)w(0)と、(l-1)文字目復号処理の結果に対して、l文字目クエリ生成処理(S1300)を実行し、l文字目クエリをサーバ200に送信する(D800)。 Next, the user 100 performs the l-th character query on the character string W = w (l) w (l−1)... W (1) w (0) and the result of the (l−1) -th character decoding process. The generation process (S1300) is executed, and the l-th character query is transmitted to the server 200 (D800).

 次に、l文字目クエリ(D900)を受信したサーバ200は、l文字目検索処理(S1400)を実行し、l文字目検索結果を生成し、l文字目検索結果をユーザ100に送信する(D1500)。 Next, the server 200 that has received the l-th character query (D900) executes an l-th character search process (S1400), generates an l-th character search result, and transmits the l-th character search result to the user 100 ( D1500).

 次に、1文字目検索結果(D1500)を受信したユーザ100は、1文字目復号処理(S800)を実行し、l文字目までの検索結果を得る。 Next, the user 100 that has received the first character search result (D1500) executes the first character decoding process (S800), and obtains the search result up to the first character.

 次に、ユーザ100は、1文字目検索結果(D1500)に対して、検索結果判定処理(S1600)を行い、ドキュメントX内に文字列Wが存在するかを判定する。そして、判定の結果(成功または失敗)を表示装置106に出力する。 Next, the user 100 performs search result determination processing (S1600) for the first character search result (D1500), and determines whether or not the character string W exists in the document X. Then, the determination result (success or failure) is output to the display device 106.

 図6は、図4のサービス時のデータ送受信および、プログラムの処理フローにおけるユーザ端末100が実行する秘密鍵/公開鍵生成処理(S100)の処理フローである。
ユーザ端末100は、セキュリティパラメータλをセッティングし、セキュリティパラメータλを引数とする鍵生成アルゴリズムを用いて秘密鍵sk,公開鍵pkを生成する(S201)。 FIG. 6 is a processing flow of private key / public key generation processing (S100) executed by the user terminal 100 in the data transmission / reception at the service of FIG. 4 and the processing flow of the program.
The user terminal 100 sets the security parameter λ and generates a secret key sk and a public key pk using a key generation algorithm with the security parameter λ as an argument (S201).

 図7は、図4のサービス時のデータ送受信および、プログラムの処理フローにおけるサーバ200が実行する検索用パラメータ生成処理(S200)の処理フローである。 FIG. 7 is a processing flow of search parameter generation processing (S200) executed by the server 200 in the data transmission / reception at the service of FIG. 4 and the processing flow of the program.

 サーバ200は、長さn×nのドキュメントX[n×n]を引数とするBW変換関数を用いて、X[n×n]のBW変換した文字配列BW(X)[n×n]を計算する(S201)。 
 次に、サーバ200は、各アルファベットaに対して、
値C(a):{文字列X[n]の中でaより辞書順序が真に小さい文字の数}を算出する(S202)。 
 次に、サーバ200は、n次正方行列B(X)の(i,j)成分B(X)(i,j)をB(X)(i,j)= BW(X)[n(i-1)+(j-1)]と定め検索用行列B(X)を算出する(S203)。 
 次に、サーバ200は、各アルファベットaと整数i=1,2,..,nに対して値σ(a,i): n次正方行列B(X)の1行目から(i-1)行目までに存在するaの数を算出する(S204)。 
  次に、サーバ200は、各アルファベットaに対して、0文字目でaが検索された際の検索結果(f(a),g(a))を算出する(S205)。
  次に、サーバ200は、算出したC(a),B(X),σ(a,i)、(f(a),g(a))を出力して処理を終了する。 The server 200 uses the BW conversion function with the document X [n × n] of length n × n as an argument to convert the character array BW (X) [n × n] of X [n × n] into BW. Calculate (S201).
Next, for each alphabet a, the server 200
Value C (a): {number of characters in the character string X [n] whose dictionary order is truly smaller than a} is calculated (S202).
Next, the server 200 converts the (i, j) component B (X) (i, j) of the n-order square matrix B (X) to B (X) (i, j) = BW (X) [n (i -1) + (j-1)], and a search matrix B (X) is calculated (S203).
Next, the server 200 sets the value σ (a, i): from the first row of the n-order square matrix B (X) to (i−1) for each alphabet a and integers i = 1, 2,. ) The number of a existing up to the line is calculated (S204).
Next, the server 200 calculates a search result (f (a), g (a)) when a is searched at the 0th character for each alphabet a (S205).
Next, the server 200 outputs the calculated C (a), B (X), σ (a, i), (f (a), g (a)) and ends the process.

 図8は、図4のサービス時のデータ送受信および、プログラムの処理フローにおけるユーザ端末100が実行する0文字目クエリ生成処理(S300)の処理フローである。
  ユーザ端末100は、検索文字列W=w(l)w(l-1)…w(1)w(0)の、0文字目w(0)に対して、長さsで第k成分が1、その他0であるベクトルτ(w(0))=(0,0,…0,1,0,…,0)を生成する。ただし、w(0)の辞書順序はkとする(S301)。
  次に、秘密鍵/公開鍵生成処理(S100)で生成した公開鍵pkを用いてベクトルτ(w(0))=(0,0,…0,1,0,…0)の各成分を暗号化した暗号化文字ベクトルをE(τ(w(0)))とする。E(τ(w(0)))=(E(0),E(0),…E(0),E(1),E(0),…,E(0))(S302)となり、生成した暗号化文字ベクトルをE(τ(w(0)))を出力して終了する。 FIG. 8 is a processing flow of the data transmission / reception at the time of the service of FIG. 4 and the 0th character query generation processing (S300) executed by the user terminal 100 in the processing flow of the program.
The user terminal 100 determines that the search character string W = w (l) w (l−1)... W (1) w (0) has the length s and the kth component for the 0th character w (0). 1 and other vectors 0 (w (0)) = (0, 0,... 0, 1, 0,..., 0) are generated. However, the dictionary order of w (0) is k (S301).
Next, each component of the vector τ (w (0)) = (0, 0,..., 0, 1, 0,... 0) is obtained using the public key pk generated in the secret key / public key generation process (S100). Let E (τ (w (0))) be the encrypted encrypted character vector. E (τ (w (0))) = (E (0), E (0), ... E (0), E (1), E (0), ..., E (0)) (S302) The generated encrypted character vector is output with E (τ (w (0))) and the process ends.

 図9は、図4のサービス時のデータ送受信および、プログラムの処理フローにおけるサーバ200が実行する0文字目検索処理(S400)の処理フローである。
  サーバ200は、受信したE(τ(w(0)))=(E(0),E(0),…E(0),E(1),E(0),…,E(0))に対して、暗号方式Eの加法性を用いて、各i成分E(τ(w(0)))iのf(a(i))倍を計算し、さらに暗号方式Eの加法性を用いて、すべてiに対して計算した値を加える。つまり、Σf(a)i・ E(τ(w(0)))iを算出するが、構成の仕方より、この暗号文はE(f(w(0)))となる(S401)。
  次にサーバ200は、(S401)と同様の方法で、受信したE(τ(w(0)))=(E(0),E(0),…E(0),E(1),E(0),…,E(0))に対して、暗号方式Eの加法性を用いて、各i成分E(τ(w(0)))iのg(a(i))倍を計算し、さらに暗号方式Eの加法性を用いて、すべてiに対して計算した値を加える。つまり、Σg(a)i・ E(τ(w(0)))iを算出する。構成の仕方より、この暗号文はE(g(w(0)))となる(S402)。
  次にサーバ200は、算出した(E(f(w(0))), E(g(w(0))))を出力して処理を終了する。 FIG. 9 is a processing flow of data transmission / reception at the time of service of FIG. 4 and a 0th character search process (S400) executed by the server 200 in the processing flow of the program.
The server 200 receives E (τ (w (0))) = (E (0), E (0),... E (0), E (1), E (0),. ) For each i component E (τ (w (0))) i is calculated using the additivity of encryption method E, and the additivity of encryption method E is further calculated. Use to add the values calculated for all i. That is, Σf (a) i · E (τ (w (0))) i is calculated, but this ciphertext is E (f (w (0))) due to the configuration (S401).
Next, the server 200 receives the received E (τ (w (0))) = (E (0), E (0),... E (0), E (1), E (0), ..., E (0)), using the additivity of encryption method E, g (a (i)) times each i component E (τ (w (0))) i Calculate and add all the calculated values for i using the additivity of encryption method E. That is, Σg (a) i · E (τ (w (0))) i is calculated. This ciphertext is E (g (w (0))) according to the construction method (S402).
Next, the server 200 outputs the calculated (E (f (w (0))), E (g (w (0)))) and ends the process.

 図10は、図4のサービス時のデータ送受信および、プログラムの処理フローにおけるユーザ端末100が実行する0文字目復号処理(S500)の処理フローである。
  ユーザ端末100は、サーバから受信した0文字目検索処理結果(D300)E(f(w(0))),E(g(w(0)))を(S100)で生成した秘密鍵skを用いて復号し、f(w(0)), g(w(0))を得る。
  次に、f(w(0)), g(w(0))を出力して処理を終了する。 FIG. 10 is a processing flow of data transmission / reception at the time of service in FIG. 4 and a 0th character decoding process (S500) executed by the user terminal 100 in the processing flow of the program.
The user terminal 100 obtains the secret key sk generated in (S100) from the 0th character search processing result (D300) E (f (w (0))), E (g (w (0))) received from the server. To obtain f (w (0)) and g (w (0)).
Next, f (w (0)) and g (w (0)) are output and the process is terminated.

 図11は、図4、5のサービス時のデータ送受信および、プログラムの処理フローにおけるユーザ端末100が実行する
m文字目クエリ生成処理(S600,900,1300)の処理フローである。 FIG. 11 is executed by the user terminal 100 in the data transmission / reception and program processing flow in FIG.
It is a processing flow of m-th character query generation processing (S600, 900, 1300).

 ユーザ端末100は、検索文字列W=w(l)w(l-1)…w(1)w(0)の、m文字目w(m)に対して、ただし,m≠0とする、長さsで第k成分が1、その他0であるベクトルτ(w(m))=(0,0,…0,1,0,…,0)を生成する。ただし、w(m)の辞書順序はkとする(S601)。 The user terminal 100 sets m ≠ 0 for the m-th character w (m) of the search character string W = w (l) w (l−1)... W (1) w (0). A vector τ (w (m)) = (0, 0,..., 0, 1, 0,. However, the dictionary order of w (m) is k (S601).

 次にユーザ端末100は、秘密鍵/公開鍵生成処理(S100)で生成した公開鍵pkを用いてベクトルτ(w(m))=(0,0,…0,1,0,…0)の各成分を暗号化した暗号化文字ベクトルをE(τ(w(m)))とする。E(τ(w(m)))=(E(0),E(0),…E(0),E(1),E(0),…,E(0))となる(S602)。 Next, the user terminal 100 uses the public key pk generated in the secret key / public key generation process (S100) to generate a vector τ (w (m)) = (0, 0,... 0, 1, 0,... 0). Let E (τ (w (m))) be an encrypted character vector obtained by encrypting each component of. E (τ (w (m))) = (E (0), E (0),... E (0), E (1), E (0),..., E (0)) (S602) .

 次に、m-1文字目復号処理結果f(w(m-1)…w(0))に対して、f(w(m-1)…w(0))-1=n(i-1)+(j-1)となるi,jを求める(S603)。 Next, for the m-1st character decoding processing result f (w (m-1) ... w (0)), f (w (m-1) ... w (0))-1 = n (i- 1) Find i, j to be + (j-1) (S603).

 次にユーザ端末100は、暗号化ベクトルペアV(k)=(u(k),v(k))をk=ord(w(m))の時に限り(u(k),v(k))=(E(Xi),E(Yj))k≠ord(w(m))の時、(u(k),v(k))=(E(0),E(0))とする。 
ただし、E(Xi)は(i-1)成分が1でその他が0となる長さnのベクトルの各成分を暗号化した暗号化ベクトルとし、E(Yj)は第1成分から第j成分を1、その他成分を0とする長さnのベクトルの各成分を暗号化した暗号化ベクトルとし、E(0)は、長さnの0ベクトルの各成分を暗号化した暗号化ベクトルとする(S604)。 Next, the user terminal 100 sets the encrypted vector pair V (k) = (u (k), v (k)) only when k = ord (w (m)) (u (k), v (k)). ) = (E (Xi), E (Yj)) k ≠ ord (w (m)), (u (k), v (k)) = (E (0), E (0)) .
However, E (Xi) is an encrypted vector obtained by encrypting each component of a vector of length n in which the (i-1) component is 1 and the others are 0, and E (Yj) is the 1st component to the jth component Is an encrypted vector obtained by encrypting each component of a vector of length n with 1 as the other component and 0, and E (0) is an encrypted vector obtained by encrypting each component of the 0 vector of length n. (S604).

 次にユーザ端末100は、(S603)と同様に、m-1文字目復号処理結果g(w(m-1)…w(0))に対して、g(w(m-1)…w(0))=n(i’-1)+(j’-1)となるi’,j’を求める。 Next, as in (S603), the user terminal 100 performs g (w (m-1) ... w on the m-1st character decoding process result g (w (m-1) ... w (0)). (0)) = n (i′−1) + (j′−1) i ′ and j ′ are obtained.

 次にユーザ端末100は、(S604)と同様に、 i’,j’,w(m)に対して暗号化ベクトルペアV’(k)=(u’(k),v’(k))を生成する。 Next, as in (S604), the user terminal 100 uses the encrypted vector pair V ′ (k) = (u ′ (k), v ′ (k)) for i ′, j ′, w (m). Is generated.

 次にユーザ端末100は、生成した暗号化文字ベクトルをE(τ(w(m)))と暗号化ベクトルペアV(k)=(u(k),v(k))、V’(k)=(u’(k),v’(k))、(k=1…s)(i,i’)を出力して処理を終了する。 Next, the user terminal 100 uses the generated encrypted character vector as E (τ (w (m))) and the encrypted vector pair V (k) = (u (k), v (k)), V ′ (k ) = (U ′ (k), v ′ (k)), (k = 1... S) (i, i ′) is output and the process is terminated.

 図12は、図4、5のサービス時のデータ送受信および、プログラムの処理フローにおけるサーバ200が実行するm文字目検索処理(S700,1100,1400)の処理フローである。 FIG. 12 is a processing flow of data transmission / reception at the time of service in FIGS. 4 and 5 and m-th character search processing (S700, 1100, 1400) executed by the server 200 in the processing flow of the program.

 サーバ200は、受信したE(τ(w(m)))=(E(0),E(0),…E(0),E(1),E(0),…,E(0))に対して、暗号方式Eの加法性を用いて、各i成分E(τ(w(m)))iのf(ai)倍を計算し、さらに暗号方式Eの加法性を用いて、すべてiに対して計算した値を加える。つまり、Σf(a)i・ E(τ(w(m)))iを算出する。この暗号文はE(f(w(m)))となる(S701)。 The server 200 receives E (τ (w (m))) = (E (0), E (0),... E (0), E (1), E (0),. ) For each i component E (τ (w (m))) i is calculated using the additivity of the encryption method E, and further, the additivity of the encryption method E is used. Add all the calculated values for i. That is, Σf (a) i · E (τ (w (m))) i is calculated. This ciphertext is E (f (w (m))) (S701).

 次に、サーバ200は、受信した各暗号化ベクトルペアV(k)=(u(k),v(k))、(k=1…s)に対して、E(σ(a(k),i-1))=Σσ(a(k),t)・ u(k)t 、(tで和をとる)を算出し、i=1…nを一つ固定し、Σv(k)j 、(B(X)(i,j)=a(k)となるjで和をとる)を算出し、さらに、算出した値をk=1…sで和をとったものを
E(z(1))…E(z(n))とする。このE(z(i))に(S1101)で算出したE(f(w(m)))と、 E(σ(a(k),i-1))を加えた暗号文をE(Φ(i))とする(S702)。 Next, the server 200 performs E (σ (a (k)) for each received encrypted vector pair V (k) = (u (k), v (k)), (k = 1... S). , I−1)) = Σσ (a (k), t) · u (k) t (summing at t), i = 1... N is fixed, and Σv (k) j , (B (X) (i, j) = a (k) is summed with j), and the calculated value is summed with k = 1 ... s.
Let E (z (1)) ... E (z (n)). A ciphertext obtained by adding E (f (w (m))) calculated in (S1101) to E (z (i)) and E (σ (a (k), i-1)) is E (Φ (I)) (S702).

 次に、サーバ200は、受信した各暗号化ベクトルペアV’(k)=(u’(k),v’(k))、(k=1…s)に対して、E(σ(a(k),i’-1))=Σσ(a(k),t)・ u’(k)t 、(tで和をとる)を算出し、i=1…nを一つ固定し、Σv’(k)j 、(B(X)(i,j)=a(k)となるjで和をとる)を算出し、さらに、算出した値をk=1…sで和をとったものを
E(z’(1))…E(z’(n))とする。このE(z’(i))に(S1101)で算出したE(f(w(m)))と、 E(σ(a(k),i’-1))-1を加えた暗号文をE(Φ’(i))とする(S703)。 Next, the server 200 applies E (σ (a (a)) for each received encrypted vector pair V ′ (k) = (u ′ (k), v ′ (k)), (k = 1... S). (K), i′−1)) = Σσ (a (k), t) · u ′ (k) t, (summing at t), i = 1... N fixed, Σv ′ (k) j, (B (X) (i, j) = a (k) is summed with j) is calculated, and the calculated value is summed with k = 1. Let E (z ′ (1))... E (z ′ (n)). A ciphertext obtained by adding E (f (w (m))) calculated in (S1101) to E (z ′ (i)) and E (σ (a (k), i′−1)) − 1 Is set to E (Φ ′ (i)) (S703).

 次に、サーバ200は、算出したE(Φ(1))…E(Φ(n))、E(Φ’(1))…E(Φ’(n))を出力して処理を終了する。 Next, the server 200 outputs the calculated E (Φ (1))... E (Φ (n)), E (Φ ′ (1))... E (Φ ′ (n)) and ends the processing. .

 図13は、図4、5のサービス時のデータ送受信および、プログラムの処理フローにおけるユーザ端末100が実行するm文字目復号処理(S800,1200,1500)の処理フローである。 FIG. 13 is a processing flow of the m-th character decoding process (S800, 1200, 1500) executed by the user terminal 100 in the data transmission / reception and program processing flow of FIGS.

 ユーザ端末100は、受信したE(Φ(1))…E(Φ(n))、E(Φ’(1))…E(Φ’(n))から、E(Φ(i)) E(Φ’(i’))をとり、(S100)で生成した秘密鍵skを用いて復号し、Φ(i)= f(w(m)…w(0)),Φ’(i’)= g(w(m)…w(0))を得る(S801)。 From the received E (Φ (1))... E (Φ (n)), E (Φ ′ (1))... E (Φ ′ (n)), the user terminal 100 receives E (Φ (i)) E (Φ ′ (i ′)) is taken and decrypted using the secret key sk generated in (S100), and Φ (i) = f (w (m)... W (0)), Φ ′ (i ′) = Obtain g (w (m) ... w (0)) (S801).

 次にユーザ端末100は、f(w(m)…w(0)), g(w(m)…w(0))を出力して処理を終了する。 Next, the user terminal 100 outputs f (w (m) ... w (0)), g (w (m) ... w (0)) and ends the process.

 図14は、図5の秘匿計算用引数生成処理(S1600)の処理フローである。
  ユーザ端末100は、l文字目復号処理(S1500)の出力であるf(w(l)…w(0)), g(w(l)…w(0))に対して、H= g(w(l)…w(0))- f(w(l)…w(0))+1とする(S1601)。 
 次に、(S1601)で算出した値Hと0との大小比較を行い、H≧1の場合、検索にヒットしたとし、検索結果=1を出力し、
H≦0の場合、検索にヒットなしとし、検索結果=0を出力して処理を終了する(S1602)。 FIG. 14 is a processing flow of the secret calculation argument generation processing (S1600) of FIG.
The user terminal 100 outputs H = g () for f (w (l) ... w (0)), g (w (l) ... w (0)), which is the output of the l-th character decoding process (S1500). w (l) ... w (0))-f (w (l) ... w (0)) + 1 (S1601).
Next, the value H calculated in (S1601) is compared with 0, and if H ≧ 1, it is assumed that the search is hit, and the search result = 1 is output,
If H ≦ 0, it is determined that there is no hit in the search, the search result = 0 is output, and the process ends (S1602).

 以上で、ユーザは、ドキュメントX[n×n]内に文字列Wが含まれているかを判定する事が出来る。この時、図4,5でユーザ端末とサーバが通信するデータ(D100,D200,D300,D400,D500,D600,D700,D800,D900)のパケット長はnの定数倍であるため、全通信量の合計は、n×lの定数倍となる。ただし、lは文字列Wの長さとする。よって、lの大きさを定数とする事で、全通信量を高々nの定数倍とする事が出来る。ドキュメントX[n×n]を全てダウンロードする際の通信量はn×nなので、nが十分大きい時、この方式は、現実的方式となる。 Thus, the user can determine whether or not the character string W is included in the document X [n × n]. At this time, since the packet length of data (D100, D200, D300, D400, D500, D600, D700, D800, D900) communicated between the user terminal and the server in FIGS. 4 and 5 is a constant multiple of n, Is a constant multiple of n × l. Here, l is the length of the character string W. Therefore, by making the magnitude of l a constant, the total communication amount can be made a constant multiple of n at most. Since the communication amount when downloading all the documents X [n × n] is n × n, when n is sufficiently large, this method becomes a realistic method.

 ユーザは同様の処理をサーバが保持する全てのドキュメントX(1)、X(2)、…、X(m)に対して行う事で、ユーザはドキュメントX(1)、X(2)、…、X(m)の中で、文字列Wを部分文字列として含む全てのドキュメントを知ることができる。この時、文字列Wの内容はサーバに対して秘匿される。 The user performs the same processing for all the documents X (1), X (2),..., X (m) held by the server, so that the user can perform the documents X (1), X (2),. , X (m) can find all documents that contain the character string W as a substring. At this time, the contents of the character string W are concealed from the server.

 次に、ユーザは、非特許文献(C.Gentry and Z.Ramzan, Single-Database Private Information Retrieval with Cosdtant Communication Rate.)にある方法で、文字列Wを部分文字列として含むドキュメントをそれぞれサーバから取得する。 Next, the user obtains a document including the character string W as a partial character string by a method in a non-patent document (C. Gentry and Z. Ramzan, Single-Database Private Information Retrieval with Costentant Communication Rate.). To do.

 以上で、文字列Wの内容はサーバに対して秘匿したまま、Wを部分文字列として含む全てのドキュメントをそれぞれサーバから取得する事が可能となる。
なお,本発明は,上述の実施形態に限定されるものではなく、その要旨の範囲内で様々な変形が可能である。例えば、本実施例では、公開鍵暗号方式として、非特許文献(C.Gentry and Z.Ramzan, Single-Database Private Information Retrieval with Cosdtant Communication Rate.
)にある準同型暗号を用いているが、暗号文に対する加法性を有する他の公開鍵暗号方式を用いてもよい。 As described above, it is possible to acquire all documents including W as a partial character string from the server while keeping the contents of the character string W secret from the server.
In addition, this invention is not limited to the above-mentioned embodiment, A various deformation | transformation is possible within the range of the summary. For example, in this embodiment, as a public key cryptosystem, a non-patent document (C. Gentry and Z. Ramzan, Single-Database Private Information Retrieval with Cost Communication Rate.
), But other public key cryptosystems having additivity to the ciphertext may be used.

 また、PIR、PBR方式として、非特許文献3にあるPIR方式を用いているが、その他のPIR、PBR方式を用いてもよい。 In addition, although the PIR method described in Non-Patent Document 3 is used as the PIR and PBR method, other PIR and PBR methods may be used.

 10 秘匿文字列検索システム
 100 ユーザ端末(ユーザ)
 101 CPU
 102 補助記憶装置(記憶装置)
 103 メモリ
 104 内部信号線
 105 耐タンパ記憶装置
 106 表示装置
 107 入出力インターフェース
 108 通信装置
 200 サーバ(サーバ)
 201 CPU
 202 補助記憶装置(記憶装置)
 203 メモリ
 204 内部信号線
 206 表示装置
 207 入出力インターフェース
 208 通信装置
 300 ネットワーク 10 Secret String Search System 100 User Terminal (User)
101 CPU
102 Auxiliary storage device (storage device)
DESCRIPTION OF SYMBOLS 103 Memory 104 Internal signal line 105 Tamper-resistant memory | storage device 106 Display apparatus 107 I / O interface 108 Communication apparatus 200 Server (server)
201 CPU
202 Auxiliary storage device (storage device)
203 Memory 204 Internal Signal Line 206 Display Device 207 Input / Output Interface 208 Communication Device 300 Network

Claims (5)

 加法的準同型性を持つ公開鍵暗号方式において、公開鍵を用いて検索文字列W=w(l)w(l-1)…w(0)の暗号化クエリを生成し、該暗号化クエリをサーバに送信するユーザ端末と、ユーザ端末から受信した暗号化クエリと検索対象となるドキュメントに対して、準同型性を有する演算処理を実行し、該演算結果である検索処理結果をユーザ端末に返信するサーバとを含むコンピュータシステムであって、
 前記ユーザ端末は、
検索文字列W=w(l)w(l-1)…w(0)の0文字目w(0)に対して、該加法的準同型性を持つ公開鍵暗号方式の公開鍵を用いて、暗号化クエリである0文字目クエリを生成し、該0文字目クエリを前記サーバに送信し、
前記サーバは
前記ユーザ端末から受信した0文字目クエリに対して、0文字目検索処理を実行し、検索結果である0文字目検索処理結果を生成し、該0文字目検索処理結果を前記ユーザ端末に送信し、
前記ユーザ端末は、前記サーバから受信した0文字目検索処理結果に対して、該加法的準同型性を持つ公開鍵暗号方式の秘密鍵を用いて、0文字目復号処理を実行し、0文字目w(0)に対する検索結果を取得し、該0文字目検索処理結果と、1文字目w(1)に対して、該加法的準同型性を持つ公開鍵暗号方式の公開鍵を用いて、暗号化クエリである1文字目クエリを生成し、該1文字目クエリを前記サーバに送信し、
前記サーバは
前記ユーザ端末から受信した1文字目クエリに対して、1文字目検索処理を実行し、検索結果である1文字目検索処理結果を生成し、該1文字目検索処理結果を前記ユーザ端末に送信し、
前記サーバは
前記ユーザ端末から受信した1文字目クエリに対して、1文字目検索処理を実行し、検索結果である1文字目検索処理結果を生成し、該1文字目検索処理結果を前記ユーザ端末に送信し、
前記ユーザ端末は、
前記サーバから受信した1文字目検索処理結果に対して、該加法的準同型性を持つ公開鍵暗号方式の秘密鍵を用いて、1文字目復号処理を実行し、1から0文字目w(1)w(0)に対する検索結果を取得し、
以下同様の手順で、
l以下の整数mに対して帰納的に、
前記ユーザ端末は、
m-1文字目検索処理結果と、m文字目w(m)に対して、該加法的準同型性を持つ公開鍵暗号方式の公開鍵を用いて、暗号化クエリであるm文字目クエリを生成し、該m文字目クエリを前記サーバに送信し、
前記サーバは
前記ユーザ端末から受信したm文字目クエリに対して、m文字目検索処理を実行し、検索結果であるm文字目検索処理結果を生成し、該m文字目検索処理結果を前記ユーザ端末に送信し、
前記ユーザ端末は、
前記サーバから受信したm文字目検索処理結果に対して、該加法的準同型性を持つ公開鍵暗号方式の秘密鍵を用いて、m文字目復号処理を実行し、mから0文字目w(m)…w(1)w(0)に対する検索結果を取得し、
前記ユーザ端末は、
この手順をlから0文字目w(l)…w(1)w(0)に対する検索結果を取得するまで実行し、lから0文字目w(l)…w(1)w(0)に対する検索結果に対して、検索結果の適合、もしくは不適合の判定処理を実行する
ことを特徴とする秘匿文字列検索システム。 In a public key cryptosystem having additive homomorphism, an encrypted query of a search character string W = w (l) w (l-1)... W (0) is generated using a public key, and the encrypted query A user terminal that transmits a search result to the server, and a calculation process having homomorphism is performed on the encrypted query received from the user terminal and the document to be searched, and the search processing result as the calculation result is transmitted to the user terminal. A computer system including a server for replying,
The user terminal is
Using the public key of the public key cryptosystem having the additive homomorphism for the 0th character w (0) of the search character string W = w (l) w (l-1)... W (0) , Generate a zero-character query that is an encrypted query, send the zero-character query to the server,
The server executes a 0th character search process for the 0th character query received from the user terminal, generates a 0th character search process result as a search result, and the 0th character search process result is stored in the user. Send it to your device,
The user terminal performs a 0th character decryption process on the 0th character search processing result received from the server, using a public key cryptosystem private key having the additive homomorphism, The search result for the eye w (0) is acquired, and the 0th character search processing result and the public key cryptosystem public key having the additive homomorphism are used for the first character w (1). , Generating a first character query that is an encrypted query, sending the first character query to the server,
The server executes a first character search process for the first character query received from the user terminal, generates a first character search process result as a search result, and uses the first character search process result as the user Send it to your device,
The server executes a first character search process for the first character query received from the user terminal, generates a first character search process result as a search result, and uses the first character search process result as the user Send it to your device,
The user terminal is
For the first character search processing result received from the server, the first character decryption process is executed using the public key cryptosystem private key having the additive homomorphism, and the first to zeroth characters w ( 1) Get search results for w (0)
Follow the same procedure below.
Inductively for an integer m less than or equal to l
The user terminal is
For the m-1st character search processing result and the mth character w (m), using the public key cryptography public key having the additive homomorphism, the mth character query that is an encryption query is executed. Generating, sending the m-th character query to the server,
The server executes an m-th character search process for the m-th character query received from the user terminal, generates an m-th character search process result as a search result, and the m-th character search process result is the user Send it to your device,
The user terminal is
The m-th character search processing result received from the server is subjected to the m-th character decryption process using the public key cryptography secret key having the additive homomorphism, and the m-th character w ( m) ... Retrieve search results for w (1) w (0)
The user terminal is
This procedure is executed until the search results for the 0th character w (l)... W (1) w (0) are obtained from l, and for the 0th character w (l)... W (1) w (0) from l. A secret character string search system, wherein a search result matching or non-matching determination process is executed for a search result.  請求項1に記載の秘匿検索システムにおいて、
前記ユーザ端末は、m文字目検索クエリとして、m-1文字目検索処理結果と、m文字目w(m)から一意的に定まる0もしくは1を成分とするベクトルの各成分を、前記加法的準同型性を有する公開鍵暗号方式の暗号化鍵で暗号化した、複数の暗号文とする
ことを特徴とする秘匿文字列検索システム The secret search system according to claim 1,
The user terminal, as an m-th character search query, adds each component of a vector whose component is 0 or 1 uniquely determined from the m-1 character search processing result and the m-th character w (m). A secret string search system characterized by a plurality of ciphertexts encrypted with an encryption key of public key cryptosystem having homomorphism  請求項1に記載の秘匿検索システムにおいて、
前記サーバはm文字目検索処理を実行し、m文字目検索処理結果として、整数pを平文とする暗号文E(p)を出力し、該m文字目検索処理結果は、m文字目までの検索文字列w(m)…w(1)w(0)が前記検索対象ドキュメントの部分文字列として存在する場合に限り、平文pの値が0以上の整数値となる
ことを特徴とする秘匿検索システム。 In the secret search system according to claim 1,
The server executes the m-th character search process, and outputs, as the m-th character search process result, ciphertext E (p) with the integer p as plaintext, and the m-th character search process result is obtained up to the m-th character. Only when the search character string w (m)... W (1) w (0) exists as a partial character string of the search target document, the value of the plaintext p is an integer value of 0 or more. Search system.  請求項1に記載の秘匿検索システムにおいて、
前記サーバはm文字目検索処理を実行し、m文字目検索処理結果として、整数pを平文とする暗号文E(p)と整数p’を平文とする暗号文E(p’)の対、(E(p),E(p’))を出力し、該m文字目検索処理結果は、m文字目までの検索文字列w(m)…w(1)w(0)が前記検索対象ドキュメントの部分文字列として存在する場合に限り、平文p’-pの値が0以上の整数値となる
ことを特徴とする秘匿検索システム。 In the secret search system according to claim 1,
The server executes the m-th character search process, and as a result of the m-th character search process, a pair of ciphertext E (p) having the integer p as plaintext and ciphertext E (p ′) having the integer p ′ as plaintext, (E (p), E (p ′)) is output, and the m-th character search processing result is that the search character string w (m)... W (1) w (0) up to the m-th character is the search target. A secret search system in which the value of plaintext p′-p becomes an integer value of 0 or more only when it exists as a partial character string of a document.  請求項3に記載の秘匿検索システムにおいて、
前記ユーザ端末は、前記サーバから受信したl文字目検索処理結果E(p)に対して、前記加法的準同型性を有する公開鍵暗号方式の秘密鍵で復号化した、平文pが0以上の整数値の場合に、検索結果を適合、0未満の場合に不適合とする判定処理を実行する
ことを特徴とする秘匿文字列検索システム。 The secret search system according to claim 3,
The user terminal decrypts the l-th character search processing result E (p) received from the server with the private key of the public key cryptosystem having the additive homomorphism, and the plaintext p is 0 or more. A secret character string search system characterized by executing a determination process that makes a search result suitable for an integer value and non-conforming for a result less than 0.
PCT/JP2011/006329 2011-11-14 2011-11-14 Secret character string search system Ceased WO2013072947A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/JP2011/006329 WO2013072947A1 (en) 2011-11-14 2011-11-14 Secret character string search system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2011/006329 WO2013072947A1 (en) 2011-11-14 2011-11-14 Secret character string search system

Publications (1)

Publication Number Publication Date
WO2013072947A1 true WO2013072947A1 (en) 2013-05-23

Family

ID=48429070

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2011/006329 Ceased WO2013072947A1 (en) 2011-11-14 2011-11-14 Secret character string search system

Country Status (1)

Country Link
WO (1) WO2013072947A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017149595A1 (en) * 2016-02-29 2017-09-08 株式会社日立製作所 Data processing method and data processing system
CN109643322A (en) * 2016-09-02 2019-04-16 株式会社日立高新技术 Construction method of character string dictionary, retrieval method of character string dictionary, and processing system of character string dictionary
CN113127536A (en) * 2021-04-14 2021-07-16 上海同态信息科技有限责任公司 Offline fuzzy matching framework based on homomorphic configuration encryption

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003289300A (en) * 2002-03-28 2003-10-10 Foundation For Nara Institute Of Science & Technology Answer collection system, answer collection method, server device, program for causing computer to function as server device, and computer-readable recording medium for recording the program

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2003289300A (en) * 2002-03-28 2003-10-10 Foundation For Nara Institute Of Science & Technology Answer collection system, answer collection method, server device, program for causing computer to function as server device, and computer-readable recording medium for recording the program

Non-Patent Citations (6)

* Cited by examiner, † Cited by third party
Title
ATSUSHI OI ET AL.: "Privacy Hogo o Koryo shita Koritsuteki na Kensaku no Tameno Anzen na Sakuin Kozo", COMPUTER SECURITY SYMPOSIUM 2011 RONBUNSHU, 12 October 2011 (2011-10-12), pages 480 - 485 *
BENDLIN, R. ET AL.: "Semi-Homomorphic Encryption and Multiparty Computation", CRYPTOLOGY EPRINT ARCHIVE, vol. 514, 2010, pages 1 - 24 *
FERRAGINA, P. ET AL.: "Opportunistic Data Structures with Applications", PROCEEDINGS OF 41ST ANNUAL SYMPOSIUM ON FOUNDATIONS OF COMPUTER SCIENCE, 12 November 2000 (2000-11-12), pages 390 - 398, XP001104523 *
KULEKCI, M.O.: "A Method to Ensure the Confidentiality of the Compressed Data", PROCEEDINGS OF 2011 FIRST INTERNATIONAL CONFERENCE ON DATA COMPRESSION, COMMUNICATIONS AND PROCESSING (CCP), 21 June 2011 (2011-06-21), pages 203 - 209, XP032066410, DOI: doi:10.1109/CCP.2011.28 *
REO YOSHIDA ET AL.: "Bubun Icchi Kensaku Kano Ango", NEN SYMPOSIUM ON CRYPTOGRAPHY AND INFORMATION SECURITY RONBUNSHU, 19 January 2010 (2010-01-19), pages 2B4 - 6 *
YOSHINO, M. ET AL.: "Symmetric Searchable Encryption for Database Applications", PROCEEDINGS OF 2011 14TH INTERNATIONAL CONFERENCE ON NETWORK-BASED INFORMATION SYSTEMS (NBIS), 7 September 2011 (2011-09-07), pages 657 - 662, XP031977267, DOI: doi:10.1109/NBiS.2011.110 *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017149595A1 (en) * 2016-02-29 2017-09-08 株式会社日立製作所 Data processing method and data processing system
JPWO2017149595A1 (en) * 2016-02-29 2018-06-14 株式会社日立製作所 Data processing method and data processing system
CN109643322A (en) * 2016-09-02 2019-04-16 株式会社日立高新技术 Construction method of character string dictionary, retrieval method of character string dictionary, and processing system of character string dictionary
CN109643322B (en) * 2016-09-02 2022-11-29 株式会社日立高新技术 Method for constructing character string dictionary, method for searching character string dictionary, and system for processing character string dictionary
CN113127536A (en) * 2021-04-14 2021-07-16 上海同态信息科技有限责任公司 Offline fuzzy matching framework based on homomorphic configuration encryption
CN113127536B (en) * 2021-04-14 2023-07-28 上海同态信息科技有限责任公司 An Offline Fuzzy Matching System Based on Homomorphic Configuration Encryption

Similar Documents

Publication Publication Date Title
Mishra et al. Delphi: A cryptographic inference system for neural networks
CN111083631B (en) Efficient query processing method for protecting location privacy and query privacy
Paulet et al. Privacy-preserving and content-protecting location based queries
CN112861153B (en) Keyword searchable delayed encryption method and system
JP6180177B2 (en) Encrypted data inquiry method and system capable of protecting privacy
US9137250B2 (en) Method and system for electronic content storage and retrieval using galois fields and information entropy on cloud computing networks
Esgin et al. Practical post-quantum few-time verifiable random function with applications to algorand
Baldimtsi et al. Sorting and searching behind the curtain
JP6260442B2 (en) Information processing method and program
US11093635B2 (en) Apparatus and method for private information retrieval
Xi et al. Privacy preserving shortest path routing with an application to navigation
CN112163854B (en) Hierarchical public key searchable encryption method and system based on block chain
Frimpong et al. Guardml: Efficient privacy-preserving machine learning services through hybrid homomorphic encryption
Wang et al. PeGraph: A system for privacy-preserving and efficient search over encrypted social graphs
Miao et al. VKSE-MO: Verifiable keyword search over encrypted data in multi-owner settings
EP4185978B1 (en) Encrypted information retrieval
Noel et al. Review and analysis of classical algorithms and hash-based post-quantum algorithm
van Baarsen et al. Fuzzy private set intersection with large hyperballs
Zhang et al. Fully Constant‐Size CP‐ABE with Privacy‐Preserving Outsourced Decryption for Lightweight Devices in Cloud‐Assisted IoT
Armour et al. Algorithm substitution attacks against receivers
CN113407966B (en) Searchable public key encryption method and system with key update and ciphertext sharing functions
Zhang et al. Secure and efficient searchable public key encryption for resource constrained environment based on pairings under prime order group
Wang et al. DPP: Data privacy-preserving for cloud computing based on homomorphic encryption
JP6732887B2 (en) Method and system for database queries
WO2013072947A1 (en) Secret character string search system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11875637

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11875637

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: JP