WO2014185450A1 - Verification system, node, verification method, and program - Google Patents
Verification system, node, verification method, and program Download PDFInfo
- Publication number
- WO2014185450A1 WO2014185450A1 PCT/JP2014/062820 JP2014062820W WO2014185450A1 WO 2014185450 A1 WO2014185450 A1 WO 2014185450A1 JP 2014062820 W JP2014062820 W JP 2014062820W WO 2014185450 A1 WO2014185450 A1 WO 2014185450A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- data
- node
- verification
- authentication data
- encrypted
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3006—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
- H04L9/3026—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters details relating to polynomials generation, e.g. generation of irreducible polynomials
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
Definitions
- the present invention is based on a Japanese patent application: Japanese Patent Application No. 2013-102955 (filed on May 15, 2013), and the entire contents of this application are incorporated in the present specification by reference.
- the present invention relates to a collation system, a node, a collation method, and a program, and more particularly, to a collation system, a node, a collation method, and a program that allow ambiguity of data to be collated.
- Biometric authentication it is necessary to store a template related to biometric information in a database in order to verify authentication information.
- Biometric information such as fingerprints and veins is basically data that does not change throughout the lifetime, and if information is leaked, it causes enormous damage, so high confidentiality is required.
- template protection type biometric authentication technology that performs authentication while keeping template information secret is becoming important so that “spoofing” cannot be performed even if a template leaks.
- Patent Document 1 describes a method in which fingerprint data is expressed as a point on a polynomial, and a biometric authentication is performed using data in which fingerprint data is concealed by adding a random point to the point as a template.
- Non-Patent Document 1 describes a method for protecting the biometric information of a client seeking authentication by using public key cryptography having homogeneity.
- a certification device encrypts a feature vector for registration using a public key and a random number, registers the encrypted feature vector for registration in an authentication device, and at the time of authentication, the certification device authenticates for authentication.
- the feature vector is encrypted using a public key and a random number, and the authentication device derives the similarity between the two feature vectors by decryption processing using the secret key while the two encrypted feature vectors remain encrypted.
- a system is described in which possible encryption similarity information is generated, a decryption device decrypts the encryption similarity information to derive plain text similarity, and if the similarity is greater than or equal to a threshold value, the system determines that the person is the person Yes.
- Patent Document 1 It is known that the method of Patent Document 1 may not protect biometric information with sufficient strength when biometric authentication is repeated many times.
- Non-Patent Document 1 proposes a method for protecting biometric information of a client seeking authentication by using public key cryptography having homogeneity.
- a minutiae is composed of three components: type, coordinates (x, y), and angle.
- type represents the type of feature point, for example, an end point or a branch point.
- the coordinate represents the coordinate of the feature point, and the angle represents the slope of the tangent line at the feature point.
- the server confirms that the minutia extracted from the biometric information of the client matches the minutia registered as the authentication template.
- the minutia extracted from the biometric information of the client matches the minutia registered as the authentication template.
- ⁇ d and ⁇ t are parameters determined by the system.
- the distance evaluated in (2) is called a two-dimensional Euclidean distance or L2 norm.
- the distance evaluated in (3) is called a one-dimensional Euclidean distance.
- these are collectively called the Euclidean distance, and the Euclidean distance between D and D ′ is represented as d (D, D ′).
- Non-Patent Document 1 describes a biometric authentication method capable of concealing biometric information of a client who has requested authentication. Specifically, by using an encryption protocol called Aided Computation and Set Intersection, the minutiae (type1, (x1, y1), ⁇ 1) extracted at the time of authentication is not disclosed to the server, and the minutiae registered on the server It can be confirmed whether (type2, (x2, y2), ⁇ 2) and minutiae (type1, (x1, y1), ⁇ 1) match.
- Aided Computation and Set Intersection the minutiae (type1, (x1, y1), ⁇ 1) extracted at the time of authentication is not disclosed to the server, and the minutiae registered on the server It can be confirmed whether (type2, (x2, y2), ⁇ 2) and minutiae (type1, (x1, y1), ⁇ 1) match.
- authentication data data registered in advance from the client to the server.
- data extracted at the time of authentication and verified with authentication data is referred to as “authenticated data”.
- minutiae type2, (x2, y2), ⁇ 2) corresponds to authentication data
- minutiae type1, (x1, y1), ⁇ 1 corresponds to data to be authenticated.
- Public key cryptography consists of three algorithms: key generation, encryption, and decryption.
- Key generation is a probabilistic algorithm that receives a security parameter as input and outputs a public key pk and a secret key sk.
- Encryption is a probabilistic algorithm that receives a public key pk and a message M as input and outputs ciphertext C.
- Decryption is a definitive algorithm that receives a secret key sk and ciphertext C as input and outputs a decryption result M.
- Key generation KeyGen (1 ⁇ k) ⁇ (pk, sk) Encryption: Enc (pk, M) ⁇ C
- Encryption Dec (sk, C) ⁇ M
- the Paillier cipher is a public key cipher having homomorphism in which (*) is multiplied and (+) is added.
- the Paillier encryption will be described.
- Set Intersection is a cryptographic protocol performed between two entities, Alice and Bob. Assume that Alice has some data a and Bob has a set B of data. At this time, Set Intersection is a protocol for confirming whether data a is included in set B while keeping data A held by Alice confidential to Bob.
- Bob releases the public key pk of the additive homomorphic public key encryption and holds the corresponding secret key sk.
- Such a polynomial can be easily generated using Lagrange interpolation.
- Bob encrypts ⁇ [0], ⁇ [1],..., ⁇ [n] using the public key pk.
- Bob also sends ciphertexts C [0], C [1],..., C [n] to Alice.
- Alice calculates a ⁇ ⁇ n ⁇ , a ⁇ ⁇ n-1 ⁇ , ..., a ⁇ ⁇ 0 ⁇ .
- Alice replaces C [n] ⁇ ⁇ a ⁇ ⁇ n ⁇ , C [n-1] ⁇ ⁇ a ⁇ ⁇ n-1 ⁇ , ..., C [0] ⁇ ⁇ a ⁇ ⁇ 0 ⁇ calculate. 4).
- Set IntersectionIntersection For simplicity, the protocol of SetsectionIntersection by Alice with input a and Bob with set B and secret key sk is denoted as Set Intersection [Alice (a), Bob (B, sk)] (pk).
- pk represents a public key pk that is a common input to Alice and Bob.
- Aided Computation is also a cryptographic protocol performed between two entities, Alice and Bob. Assume that Alice has a ciphertext Enc (pk, a) of some data a, and Bob has a secret key sk corresponding to the data set B and the public key pk. Bob's cipher is an additive homomorphic public key cipher. At this time, Aided Computation is a protocol for checking whether data a is included in the set B while keeping Alice's data a confidential to Bob. In Aided Computation, unlike Set Intersection, Alice does not know the plaintext of data a.
- Bob decrypts C.
- Bob determines that Alice has the ciphertext of the data included in set B if the decryption result is 0, and if Alice has no ciphertext of the data included in set B if the decryption result is other than 0 to decide.
- AidedutComputation for Alice with input Enc (pk, a) and the function F (x) by Bob with set B and secret key sk is Aided Computation [Alice (Enc (pk, a)), Bob (B, sk)] (pk, F (x)).
- pk represents a public key pk that is a common input to Alice and Bob.
- Non-Patent Document 1 client minutiae (type1, (x1, y1), ⁇ 1) (authenticated data) and authentication template (type2, (x2, y2), ⁇ 2) (authentication data) stored in the server ) Use Set ⁇ Intersection and Aided Computation to confirm that they match. Specifically, the following processing is performed.
- Type match Set Intersection [client (type 1), server (type 2, sk)] (pk) is performed.
- (2) Distance match First, the Euclidean distance between (x1, y1) and (x2, y2) is calculated with encryption.
- the server calculates Enc (pk, x2 ⁇ 2), Enc (pk, x2), Enc (pk, y2 ⁇ 2), and Enc (pk, y2), and sends them to the client.
- the client calculates Enc (pk, x1 ⁇ 2), Enc (pk, y1 ⁇ 2).
- Non-Patent Document 1 data to be authenticated that is authenticated based on authentication data registered in the server from the client can be kept secret from the server.
- authentication data registered on the server is plain text, there is a risk that authentication data, which is client sensitive data, may be leaked from the server.
- Another problem is that the authentication data is not concealed.
- An object of the present invention is to provide a collation system, a collation method, and a program that contribute to such a demand.
- the collation system is: Comprising a first node, a second node and a third node;
- the first node encrypts authentication data with a public key and transmits the encrypted data to the third node;
- the encrypted authentication data is obtained from the third node, and the distance between the data to be authenticated and the authentication data is encrypted with the public key
- a verification data generation unit that generates a value encrypted by the public key by substituting the distance into the polynomial acquired from the third node as verification data and transmits the verification data to the second node.
- the second node generates a pair of the public key and the secret key, and transmits the public key to the first node;
- a collation unit that collates the data to be authenticated with the authentication data based on the secret key and the collation data;
- the third node includes a storage unit that stores the encrypted authentication data;
- a collation information generating unit that generates a polynomial that includes a threshold value of a distance between the authentication data and the data to be authenticated as a parameter.
- the collation method is: A first node encrypting authentication data with the public key received from the second node that generates a public key and private key pair and transmitting the encrypted data to the third node;
- the encrypted authentication data is obtained from the third node, and the distance between the data to be authenticated and the authentication data is encrypted with the public key
- the process of calculating as it is, Including substituting the distance into the polynomial obtained from the third node and encrypting the encrypted value using the public key as verification data and transmitting the verification data to the second node.
- the polynomial includes a threshold value of a distance between the authentication data and the data to be authenticated as a parameter.
- the program according to the fourth aspect of the present invention is: A process of encrypting authentication data with the public key received from the second node that generates a public key and private key pair and transmitting the encrypted authentication data to the third node; When the data to be authenticated that is collated with the authentication data is received, the encrypted authentication data is obtained from the third node, and the distance between the data to be authenticated and the authentication data is encrypted with the public key Processing while calculating A process of substituting the distance into the polynomial obtained from the third node and generating a value encrypted with the public key as verification data and transmitting it to the second node. Run it on the computer provided, The polynomial includes a threshold value of a distance between the authentication data and the data to be authenticated as a parameter.
- the program can be provided as a program product recorded on a non-transitory computer-readable storage medium.
- collation system node, collation method, and program according to the present invention, it becomes possible to conceal the data to be authenticated and the authentication data from the server based on simple processing.
- FIG. 1 is a block diagram illustrating an example of a configuration of a verification system according to an embodiment.
- the verification system includes a first node 100 corresponding to a client, a second node 200 corresponding to an authentication node, and a third node 300 corresponding to a server.
- the first node 100 includes an encryption unit 11, a distance calculation unit 22, and a collation data generation unit 23.
- the second node includes a key generation unit 51 and a verification unit 54.
- the third node 300 includes a storage unit 31 and a collation information generation unit 41.
- the key generation unit 51 of the second node 200 generates a public key / private key pair and transmits the public key to the first node 100.
- the encryption unit 11 of the first node 100 encrypts the authentication data with the public key and transmits it to the third node 300.
- the storage unit 31 of the third node 300 holds encrypted authentication data.
- the distance calculation unit 22 of the first node When the distance calculation unit 22 of the first node receives the authentication target data to be verified with the authentication data, the distance calculation unit 22 acquires the encrypted authentication data from the third node 300, and the distance between the authentication target data and the authentication data. Is calculated with the public key encrypted.
- the verification information generation unit 41 of the third node 300 generates a polynomial including a threshold value of the distance between the authentication data and the data to be authenticated as a parameter.
- the verification data generation unit 23 of the first node 100 generates a value obtained by substituting the calculated distance into the polynomial acquired from the third node 300 and encrypted with the public key as verification data. Transmit to node 200.
- the collation unit 54 of the second node 200 collates the data to be authenticated with the authentication data based on the secret key and the collation data.
- the encryption unit 11 preferably performs encryption based on an encryption method having additive homomorphism.
- the encryption unit 11 may perform encryption based on Paillier encryption.
- the collation information generating unit 41 may generate a polynomial that becomes zero when the distance between the independent variable and the authentication data is within the above threshold as the above polynomial.
- the encryption unit 11 further encrypts the square of the authentication data with the public key and transmits it to the third node 300, and the storage unit 31 further holds the square of the encrypted authentication data. You may do it.
- the distance calculation unit 22 obtains the encrypted authentication data and the square of the encrypted authentication data from the third node 300, and encrypts the distance between the data to be authenticated and the authentication data using the public key. It is preferable that the calculation is carried out with the change.
- the authentication data and the data to be authenticated may include an n-dimensional element.
- the distance calculation unit 22 calculates the n-dimensional Euclidean distance between the data to be authenticated and the authentication data while being encrypted with the public key.
- the authentication data and the data to be authenticated may include a plurality of elements.
- the distance calculation unit 22 calculates the above-mentioned distance encrypted for each element
- the collation information generation unit 41 generates a polynomial for each element
- the collation data generation unit 23 It is preferable that the verification data is generated, and the verification unit 54 uses the secret key and the verification data generated for a plurality of elements to verify the authentication data with the authentication data.
- Non-Patent Document 1 the data registered in the server remains in plain text, so there is a possibility of data leaking from the server. Another problem is that data cannot be kept confidential to the server administrator.
- the collation system not only the data to be authenticated sent from the client (first node) to the server (third node) at the time of authentication but also the database of the server (third node), etc.
- the stored authentication data is also encrypted using an encryption method with high confidentiality. Therefore, according to such a collation system, the above-mentioned problem in the technique described in Non-Patent Document 1 is solved. Also, by giving the encryption method a special property of homomorphism, it is possible to calculate the Euclidean distance of the data while it is encrypted, and it is guaranteed that the encrypted data can be verified without being decrypted. The Furthermore, by adding a square ciphertext of authentication data as data generated at the time of registration, it becomes possible to calculate the distance between encrypted data, which was impossible in Non-Patent Document 1.
- the collation system it is possible to prevent leakage of authentication data stored in the third node (server), and even if the server administrator is malicious, Plain text leakage can be prevented.
- the reason is that at the time of data registration, the authentication data is encrypted by the first node (client) with an encryption key that is not decrypted by the server administrator.
- FIG. 2 is a block diagram showing an example of the configuration of the collation system according to this embodiment.
- the collation system includes a registered data generation device 10, a collation request device 20, a storage device 30, a data collation device 40, and a collation auxiliary device 50.
- FIG. 2 illustrates a case where the verification system is configured by five nodes, but the verification system of the present invention is not limited to the illustrated mode.
- the registered data generation device 10 and the verification requesting device 20 are collectively set as a first node (client)
- the verification auxiliary device 50 is set as a second node (authentication node)
- the storage device 30 and the data verification device 40 are combined.
- the third node (server) may be used.
- the registered data generation device 10 has an encryption unit 11.
- the encryption unit 11 receives the authentication data to be concealed and the encryption key disclosed by the verification assisting device 50, conceals the authentication data using the encryption key, and outputs the encrypted data.
- the encryption key disclosed by the verification assistant device 50 is a public key of additive homomorphic public key encryption.
- the storage device 30 includes a storage unit 31 and an identifier management unit 32.
- the storage unit 31 stores the unique identifier assigned by the identifier management unit 32 together with the encrypted data sent from the registered data generation device 10.
- the verification request device 20 includes a verification request unit 21, a distance calculation unit 22, and a verification data generation unit 23.
- the verification request unit 21 receives authentication target data to be verified as input, the verification request unit 21 sends a verification request to the data verification device 40.
- the distance calculation unit 22 receives the authentication target data to be verified and the verification information received from the data verification device 40, and generates encrypted distance data.
- the verification data generation unit 23 receives the encrypted distance data as input and generates verification data while interacting with the verification auxiliary device 50.
- the data collating device 40 includes a collation information generating unit 41, a collation information sending unit 42, a collation auxiliary request unit 43, and a determination unit 44.
- the verification information generation unit 41 receives the encrypted data stored in the storage device 30 and generates verification information.
- the collation information sending unit 42 receives the collation request sent from the collation requesting device 20 as an input, and sends the collation information.
- the verification auxiliary request unit 43 receives the verification data sent from the verification requesting device 20 as an input, generates a verification auxiliary request, and sends it to the verification auxiliary device 50.
- the determination unit 44 receives the overall result received from the verification assisting device 50 as an input, and generates and outputs the verification result.
- the collation assisting device 50 includes a key generation unit 51, a collation assisting unit 52, and an overall result assisting unit 53.
- the key generation unit 51 generates a public key and a secret key of additive homomorphic encryption, discloses the public key, and holds the secret key.
- the collation assisting unit 52 interacts with the collation data generating unit 23 of the collation requesting device 20 to assist the generation of collation data.
- the total result auxiliary unit 53 receives the verification auxiliary request sent from the data verification device 40 and the secret key of the additive homomorphic encryption as inputs, and generates a total result.
- the operation of the verification system is roughly divided into two phases: the data registration phase and the ciphertext verification phase.
- the data registration phase the authentication data is input to the registration data generation device 10, the authentication data is encrypted and registered in the storage device 30.
- the data to be authenticated is close to the plaintext of the encrypted data stored in the storage device 30 (the Euclidean distance is small) while concealing the data to be authenticated input to the verification requesting device 20 It is determined whether or not.
- the operation in each phase will be described in detail.
- FIG. 3 is a sequence diagram illustrating an operation in the data registration phase of the verification system as an example.
- the key generation unit 51 of the verification assisting device 50 generates a public key and a secret key of additive homomorphic encryption, and publishes the public key (step A1).
- the registration data generation device 10 receives authentication data to be concealed and a public key (step A2).
- the encryption unit 11 of the registration data generation device 10 generates encryption data from the input authentication data and the public key, and sends it to the storage device 30 (step A3).
- the identifier management unit 32 of the storage device 30 When the identifier management unit 32 of the storage device 30 receives the encrypted data, it assigns a unique identifier to the encrypted data (step A4). Further, the identifier management unit 32 stores the set of the encrypted data and the identifier in the storage unit 31 (Step A5).
- FIG. 4 is a sequence diagram illustrating an operation in the ciphertext verification phase of the verification system as an example.
- the verification information generation unit 41 of the data verification device 40 receives the encrypted data stored in the storage unit 31 and the identifier and parameter corresponding to the encrypted data (step B1), and generates verification information. (Step B2).
- the verification requesting unit 21 of the verification requesting device 20 receives the data to be authenticated and the public key (step B3).
- the verification request unit 21 of the verification requesting device 20 receives the data to be authenticated and the public key, it generates a verification request and outputs it to the data verification device 40 (step B4).
- the verification information sending unit 42 of the data verification device 40 When the verification information sending unit 42 of the data verification device 40 receives the verification request, it outputs the verification information to the verification request device 20 (step B5).
- the distance calculation unit 22 of the verification requesting device 20 calculates the plaintext Euclidean distance between the data to be authenticated and the encrypted data while encrypting it, and generates encrypted distance data (step B6).
- the verification data generation unit 23 receives the encrypted distance data and the verification information as input, generates verification data while interacting with the verification auxiliary unit 52 of the verification auxiliary device 50, and outputs the verification data to the data verification device 40 (step). B7).
- the collation assistance request unit 43 of the data collation device 40 receives the collation data, generates a collation assistance request, and outputs it to the collation assistance device 50 (step B8).
- the overall result auxiliary unit 53 of the verification auxiliary device 50 receives the secret key, generates an overall result, and outputs it to the data verification device 40 (step B9).
- the determination unit 44 of the data collating device 40 receives the comprehensive result, the determination unit 44 performs the determination and outputs the determination result (step B10).
- the collation system not only the data to be authenticated sent from the registered data generation device 10 to the storage device 30 during authentication but also the authentication data stored in the storage device 30 uses an encryption method with high confidentiality. Encrypted. Therefore, for example, when the server is configured by the storage device 30 and the data collation device 40, according to the collation system according to the present embodiment, it is possible to prevent leakage of authentication data from the server.
- additive homomorphic encryption for example, Paillier encryption
- the key generation unit 51 of the verification assisting device 50 generates the public key pk and the secret key sk of the additive homomorphic encryption, and publishes the public key pk (Step A1).
- the registration data generation device 10 receives the authentication data D to be concealed and the public key pk generated by the key generation unit 51 (step A2).
- the encryption unit 11 of the registration data generation device 10 generates encryption data (Enc (pk, D), Enc (pk, D ⁇ 2)) from the input authentication data D and public key pk,
- the data is sent to the storage device 30 (step A3).
- Enc (pk, D) represents the result of encrypting the authentication data D using the public key pk.
- Enc (pk, D ⁇ 2) represents the result of encrypting the square of the authentication data D using the public key pk.
- the identifier management unit 32 of the storage device 30 When the identifier management unit 32 of the storage device 30 receives the encrypted data, it assigns a unique identifier ID to the encrypted data (step A4). Further, the identifier management unit 32 records the set of encrypted data and the identifier ((Enc (pk, D), Enc (pk, D ⁇ 2)), ID) in the storage unit 31 (step A5).
- the collation information generating unit 41 of the data collating device 40 includes a set of encrypted data stored in the storage unit 31 and an identifier corresponding to the encrypted data ((Enc (pk, D), Enc (pk , D ⁇ 2)), ID) is received (step B1), and verification information is generated according to the following procedure (step B2).
- a polynomial of d + 1 order or higher satisfying such a condition can be easily constructed.
- N d.
- the collation request unit 21 of the collation requesting device 20 receives the authenticated data D 'and the public key pk (step B3).
- the verification request unit 21 of the verification requesting device 20 receives the authenticated data D 'and the public key pk, it generates a verification request req and outputs it to the data verification device 40 (step B4).
- the verification request req is a message for requesting verification.
- the verification information sending unit 42 of the data verification device 40 When the verification information sending unit 42 of the data verification device 40 receives the verification request, it outputs the verification information to the verification request device 20 (step B5).
- the distance calculation unit 22 of the verification requesting device 20 receives the verification information, it calculates the encrypted Euclidean distance between the authenticated data D ′ and the encrypted data as encrypted as follows, and generates encrypted distance data: (Step B6).
- Enc (pk, d (D, D ')) Enc (pk, D ⁇ 2) .
- Enc (pk, D ' ⁇ 2) is calculated.
- the collation data generation unit 23 receives the encrypted distance data and the collation information as input, and generates collation data while interacting with the collation auxiliary unit 52 of the collation auxiliary device 50 as follows. (Step B7).
- the verification assistant unit 52 of the verification assistant device 50 decrypts Enc (pk, r ⁇ d (D, D ′)) using the secret key sk and calculates r ⁇ d (D, D ′).
- the verification assistant 52 calculates (r ⁇ d (D, D ')) ⁇ ⁇ 2 ⁇ , ..., (r ⁇ d (D, D')) ⁇ ⁇ N ⁇ , and uses the public key pk, respectively.
- the matching data generation unit 23 uses the r selected in step 1 to enc (pk, ((r ⁇ d (D, D ')) ⁇ ⁇ 2 ⁇ )) ⁇ ⁇ 1 / r ⁇ 2 ⁇ ,.
- step 6 is performed in order to make the output random when d (D, D ′) ⁇ d. If the output need not be random, step 6 may be omitted.
- Step 1 is performed in order to keep the value of d (D, D ′) secret from the verification assisting device 50. If it is not necessary to keep secret, step 1 may be omitted.
- the collation assistance request unit 43 of the data collation apparatus 40 receives the collation data, generates a collation assistance request as follows, and outputs it to the collation assistance apparatus 50 (step B8).
- Step 1 is performed so as not to notify the verification result to the verification assistant device 50 by randomizing the plaintext of C.
- step 1 may be omitted.
- the overall result auxiliary unit 53 of the verification auxiliary device 50 receives the secret key sk, generates the overall result P as follows, and outputs it to the data verification device 40 (step B9). That is, the overall result auxiliary unit 53 decrypts the ciphertext C using the secret key sk, and outputs the decrypted result to the data verification device 40 as the overall result P.
- the data registered in the storage device 30 is encrypted data. All data sent from the verification requesting device 20 in the verification phase is a ciphertext. Therefore, the information regarding the registered authentication data D and the authenticated data D ′ is not leaked to the storage device 30 and the data verification device 40.
- the verification requesting device 20 and the data verification device 40 also use the random numbers for the verification assisting device 50 so that no information regarding the registered authentication data D and authenticated data D ′ is leaked.
- additive homomorphic encryption for example, Paillier encryption
- the operation in each phase will be described in detail.
- step A3 of the data registration phase of the collation system according to the second embodiment using the one-dimensional Euclidean distance as the distance the encrypted data (Enc (pk, D), Enc (pk, D ⁇ 2)) is converted into the encrypted data (Enc Replace with (pk, Dx), Enc (pk, Dx ⁇ 2), Enc (pk, Dy), Enc (pk, Dy ⁇ 2)).
- step B6 is changed as follows.
- the authentication data registered in the storage device 30 is encrypted data. All data sent from the verification requesting device 20 in the verification phase is a ciphertext. Therefore, the information regarding the registered authentication data D and the authenticated data D ′ is not leaked to the storage device 30 and the data verification device 40.
- the verification requesting device 20 and the data verification device 40 also use the random numbers for the verification assisting device 50 so that no information regarding the registered authentication data D and authenticated data D ′ is leaked.
- data having two or more elements is collated in the collation system according to the first embodiment.
- additive homomorphic encryption for example, Paillier encryption
- the key generation unit 51 of the verification assisting device 50 generates the public key pk and the secret key sk of the additive homomorphic encryption, and publishes the public key pk (Step A1).
- the registration data generation device 10 receives the authentication data D to be concealed and the public key pk generated by the key generation unit 51 (step A2).
- the encryption unit 11 of the registration data generation device 10 uses the input authentication data D and public key pk to generate encrypted data.
- Enc (pk, t), Enc (pk, t ⁇ 2)), (Enc (pk, x), Enc (pk, x ⁇ 2)), (Enc (pk, y), Enc (pk, y ⁇ 2)) Is sent to the storage device 30 (step A3).
- Enc (pk, a) represents the result of encrypting data a using the public key pk.
- Enc (pk, a ⁇ 2) represents the result of encrypting the square of data a using the public key pk.
- the identifier management unit 32 of the storage device 30 When receiving the encrypted data, the identifier management unit 32 of the storage device 30 gives a unique identifier ID to the encrypted data (step A4).
- the identifier management unit 32 is a combination of encrypted data and an identifier. ((Enc (pk, t), Enc (pk, t ⁇ 2)), (Enc (pk, x), Enc (pk, x ⁇ 2)), (Enc (pk, y), Enc (pk, y ⁇ 2)), ID) Is stored in the storage unit 31 (step A5).
- the verification information generation unit 41 of the data verification device 40 includes a set of encrypted data stored in the storage unit 31 and an identifier corresponding to the encrypted data. ((Enc (pk, t), Enc (pk, t ⁇ 2)), (Enc (pk, x), Enc (pk, x ⁇ 2)), (Enc (pk, y), Enc (pk, y ⁇ 2)), ID) Is input (step B1), and verification information is generated by the following procedure (step B2).
- F (x) x (x-1) (x-2)... (X-d_t) is a d_t + 1 order polynomial satisfying the above property.
- a polynomial of d_t + 1 order or higher that satisfies such a condition can be easily constructed.
- G (x) x (x-1) (x-2)... (X-d_t)
- N d_t. 2.1.
- G (x) x (x-1) (x-2)...
- the collation request unit 21 of the collation requesting device 20 receives the input data D 'and the public key pk (step B3).
- the verification request unit 21 of the verification requesting device 20 receives the authenticated data D 'and the public key pk, it generates a verification request req and outputs it to the data verification device 40 (step B4).
- the verification request req is a message for requesting verification.
- the verification information sending unit 42 of the data verification device 40 When the verification information sending unit 42 of the data verification device 40 receives the verification request, it outputs the verification information to the verification request device 20 (step B5).
- the distance calculation unit 22 of the verification requesting device 20 receives the verification information, it calculates the encrypted Euclidean distance between the data to be authenticated and the encrypted data while encrypting them, and generates encrypted distance data ( Step B6).
- Enc (pk, t ' ⁇ 2) Enc (pk, x' ⁇ 2), Enc (pk, y ' ⁇ 2).
- Enc (pk, d (t, t ′)) Enc (pk, t ⁇ 2) ⁇ Enc (pk, t) ⁇ ⁇ 2t ′ ⁇ ⁇ Enc (pk, t ′ ⁇ 2) is calculated. 3.
- Enc (pk, d ((x, y), (x ', y'))) Enc (pk, x ⁇ 2) ⁇ Enc (pk, x) ⁇ ⁇ -2x ' ⁇ ⁇ Enc (pk, x' ⁇ 2) ⁇ Enc (pk, y ⁇ 2) ⁇ Enc (pk, y) ⁇ ⁇ -2y ' ⁇ ⁇ Enc (pk, y' ⁇ 2) is calculated.
- the collation data generation unit 23 receives the encrypted distance data and the collation information as input, and generates collation data while interacting with the collation auxiliary unit 52 of the collation auxiliary device 50 as follows. (Step B7).
- Enc (pk, r_e ⁇ d ((x, y), (x ', y'))) Enc (pk, d ((x, y), (x ', y'))) ⁇ ⁇ r_e ⁇
- the verification assistant unit 52 of the verification assistant device 50 uses the secret key sk to specify Enc (pk, r_t ⁇ d (t, t ′)) and Enc (pk, r_e ⁇ d ((x, y), (x ′, y ′))) is decoded and r_t ⁇ d (t, t ′) and r_e ⁇ d ((x, y), (x ′, y ′)) are calculated. 4).
- the collation assisting unit 52 has (r_t ⁇ d (t, t ')) ⁇ ⁇ 2 ⁇ , ..., (r_t ⁇ d (t, t')) ⁇ ⁇ N ⁇ , (r_e ⁇ d ((x, y) , (x ', y'))) ⁇ ⁇ 2 ⁇ , ..., (r_e ⁇ d ((x, y), (x ', y'))) ⁇ ⁇ N ' ⁇ Enc (pk, (r_t ⁇ d (t, t ')) ⁇ ⁇ 2 ⁇ ), ..., Enc (pk, (r_t ⁇ d (t, t')) ⁇ ⁇ N ⁇ ), Enc (pk, (r_e ⁇ d ((x, y), (x ', y'))) ⁇ ⁇ 2 ⁇ ), ..., Enc (pk, (r_e ⁇ d ((x, y
- the verification data generation unit 23 uses En_ (pk, ((r ⁇ Enc (pk, (r_t ⁇ d (t, t ')) ⁇ ⁇ 2 ⁇ ) using r_t and r_e selected in steps 1 and 2.
- Enc (pk, G (d ((x, y), (x ', y'))))))) (Enc (pk, ((d ((x, y ), (x ', y'))) ⁇ ⁇ N ' ⁇ )) ⁇ ⁇
- Enc (pk, d (D, D ')) Enc (pk, F (d (t, t'))) ⁇ Enc (pk, G (d ((x, y), (x ', y')) ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))) Is calculated. 8). R is selected at random, and Enc (pk, F (d (D, D ′)))) ⁇ ⁇ R ⁇ is calculated and output to the data verification device 40.
- step 8 is performed in order to randomize the output when d (D, D ′) ⁇ d. If the output need not be random, step 8 may be omitted. Steps 1 and 2 are performed to conceal the value of d (D, D ′) from the verification assisting device 50. If it is not necessary to keep secret, steps 1 and 2 may be omitted.
- Step 1 is performed so as not to notify the verification result to the verification assistant device 50 by randomizing the plaintext of C.
- step 1 may be omitted.
- the overall result auxiliary unit 53 of the verification auxiliary device 50 receives the secret key sk, generates the overall result P as follows, and outputs it to the data verification device 40 (step B9). That is, the overall result auxiliary unit 53 decrypts the ciphertext C using the secret key sk, and outputs the decrypted result to the data collating device 40 as the overall result P.
- the data registered in the storage device 30 is encrypted data. All data sent from the verification requesting device 20 in the verification phase is a ciphertext. Therefore, the information regarding the registered authentication data D and the authenticated data D ′ is not leaked to the storage device 30 and the data verification device 40.
- the verification requesting device 20 and the data verification device 40 also use the random numbers for the verification assisting device 50 so that no information regarding the registered authentication data D and authenticated data D ′ is leaked.
- the present invention can be easily applied to a case where data is composed of three or more elements. Is possible. Further, the present invention can be easily applied when the Euclidean distance as an index is three-dimensional or more.
- the authentication system according to the above embodiment can be applied to biometric authentication using a minutiae whose elements are a type, a two-dimensional coordinate, and an angle.
- the input data in the data registration phase and the input data in the ciphertext collation phase are biometric information (maneuver) acquired from a fingerprint or a vein.
- biometric information manufactured in the storage device and the encrypted biometric data created from the verification requesting device are collected from the same person while keeping the biometric information secret
- biometric information cannot always stably acquire the same data.
- [Form 1] It is as the collation system which concerns on the said 1st viewpoint.
- [Form 2] The collation system according to aspect 1, wherein the encryption unit performs encryption based on an encryption method having additive homomorphism.
- [Form 3] The collation system according to mode 2, wherein the encryption unit performs encryption based on Paillier encryption.
- [Form 4] The collation system according to any one of aspects 1 to 3, wherein the collation information generation unit generates a polynomial that becomes zero when the distance between the independent variable and the authentication data is within the threshold as the polynomial.
- the encryption unit further encrypts the square of the authentication data with the public key and transmits it to the third node,
- the storage unit further holds the square of the encrypted authentication data,
- the distance calculation unit acquires the encrypted authentication data and the square of the encrypted authentication data from the third node, and calculates the distance between the authentication target data and the authentication data as the public key. 5.
- the collation system according to any one of forms 2 to 4, wherein calculation is performed with encryption performed by the method.
- the authentication data and the data to be authenticated include an n-dimensional element, The collation system according to mode 5, wherein the distance calculation unit calculates an n-dimensional Euclidean distance between the data to be authenticated and the authentication data while being encrypted with the public key.
- the authentication data and the data to be authenticated include a plurality of elements,
- the distance calculation unit calculates the distance while encrypting each element,
- the verification information generation unit generates the polynomial for each element,
- the verification data generation unit generates the verification data for each element,
- the verification system according to any one of modes 1 to 6, wherein the verification unit uses the secret key and verification data generated for the plurality of elements to verify the data to be authenticated with the authentication data. .
- [Form 8] As in the node according to the second viewpoint.
- [Form 9] The node according to mode 8, wherein the encryption unit performs encryption based on an encryption method having additive homomorphism.
- [Mode 10] The node according to mode 9, wherein the encryption unit performs encryption based on Paillier encryption.
- the encryption unit further encrypts the square of the authentication data with the public key and transmits it to the second node,
- the distance calculation unit acquires the encrypted authentication data and the square of the encrypted authentication data from the third node, and calculates the distance between the authentication target data and the authentication data as the public key.
- the authentication data and the data to be authenticated include an n-dimensional element, The node according to mode 12, wherein the distance calculation unit calculates an n-dimensional Euclidean distance between the data to be authenticated and the authentication data while being encrypted with the public key.
- the authentication data and the data to be authenticated include a plurality of elements, The distance calculation unit calculates the distance while encrypting each element, The collation data generation unit generates the collation data for each element using the polynomial generated for each element, and transmits the collation data to the second node. Nodes.
- a verification method in a verification system comprising a first node, a second node, and a third node, comprising: The second node generates a public / private key pair and transmits the public key to the first node; The first node encrypts authentication data with the public key and transmits it to the third node; The third node holding the encrypted authentication data; When the first node receives data to be authenticated that is collated with the authentication data, the encrypted authentication data is acquired from the third node, and the distance between the data to be authenticated and the authentication data Calculating with encryption using the public key; The third node generates a polynomial including a threshold value of a distance between the data to be authenticated and the authentication data as a parameter and transmits the generated polynomial to the first node; A step in which the first node substitutes the distance into the polynomial and encrypts a value encrypted with the public key as verification data and transmits the data to the second node; The second node includes
- [Form 16] It is as the collation method which concerns on the said 3rd viewpoint.
- [Form 17] The collation method according to mode 16, wherein the first node performs encryption based on an encryption method having additive homomorphism.
- [Form 18] The collation method according to mode 17, wherein the first node performs encryption based on Paillier encryption.
- [Form 19] The collation method according to any one of modes 16 to 18, wherein the polynomial is a polynomial that becomes zero when the distance between the independent variable and the authentication data is within the threshold.
- the first node further includes encrypting the square of the authentication data with the public key and transmitting to the third node; The first node acquires the encrypted authentication data and the square of the encrypted authentication data from the third node, and discloses the distance between the authentication target data and the authentication data. 20.
- the collation method according to any one of forms 17 to 19, wherein the calculation is performed while encrypted with a key.
- the authentication data and the data to be authenticated include an n-dimensional element, The collation method according to mode 20, wherein the first node calculates an n-dimensional Euclidean distance between the data to be authenticated and the authentication data while being encrypted with the public key.
- the authentication data and the data to be authenticated include a plurality of elements
- the first node calculates the distance while encrypting each element
- the collation data generation unit generates the collation data for each element using the polynomial generated for each element, and transmits the collation data to the second node. Collation method.
- the program is related to the fourth viewpoint.
- the program according to mode 23 which causes the computer to execute processing for encryption based on an encryption method having additive homomorphism.
- the program according to mode 24 which causes the computer to execute processing for encryption based on Paillier encryption.
- the authentication data and the data to be authenticated include an n-dimensional element, The program according to aspect 27, causing the computer to execute a process of calculating an n-dimensional Euclidean distance between the authentication data and the authentication data while being encrypted with the public key.
- the authentication data and the data to be authenticated include a plurality of elements, A process of calculating the distance for each element with encryption;
- the collation data generation unit generates the collation data for each element using the polynomial generated for each element, and causes the second node to perform transmission processing on the computer. Thirty-eighth program.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- General Physics & Mathematics (AREA)
- Algebra (AREA)
- Mathematical Analysis (AREA)
- Mathematical Optimization (AREA)
- Pure & Applied Mathematics (AREA)
- Mathematical Physics (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
Description
本発明は、日本国特許出願:特願2013-102955号(2013年5月15日出願)に基づくものであり、同出願の全記載内容は引用をもって本書に組み込み記載されているものとする。
本発明は、照合システム、ノード、照合方法およびプログラムに関し、特に、照合されるデータの曖昧さを許容する照合システム、ノード、照合方法およびプログラムに関する。 [Description of related applications]
The present invention is based on a Japanese patent application: Japanese Patent Application No. 2013-102955 (filed on May 15, 2013), and the entire contents of this application are incorporated in the present specification by reference.
The present invention relates to a collation system, a node, a collation method, and a program, and more particularly, to a collation system, a node, a collation method, and a program that allow ambiguity of data to be collated.
(1)type1=type2
(2)0≦((x1-x2)^2+(y1-y2)^2)≦δd
(3)0≦(θ1-θ2)^2≦δt
の3条件が満たされたとき、2つのマニューシャが一致したとみなされる。 Specifically, when the minutiae extracted at the time of authentication is (type1, (x1, y1), θ1) and the registered minutiae is (type2, (x2, y2), θ2),
(1) type1 = type2
(2) 0 ≦ ((x1-x2) ^ 2 + (y1-y2) ^ 2) ≦ δd
(3) 0 ≦ (θ1-θ2) ^ 2 ≦ δt
When the three conditions are satisfied, it is considered that the two minutiae coincide.
鍵生成:KeyGen(1^k)→(pk,sk)
暗号化:Enc(pk,M)→C
復号:Dec(sk,C)→M Hereinafter, the key generation, encryption, and decryption algorithms are described as follows.
Key generation: KeyGen (1 ^ k) → (pk, sk)
Encryption: Enc (pk, M) → C
Decryption: Dec (sk, C) → M
Enc(pk,M1(+)M2)=Enc(pk,M1)(*)Enc(pk,M2) The public key cryptosystem has homomorphism means that the following expression holds for certain operations (*) and (+).
Enc (pk, M1 (+) M2) = Enc (pk, M1) (*) Enc (pk, M2)
kビットの素数p,qをランダムに選び、n=pqとする。
次に、g=1+n mod n^2とする。
公開鍵pk=(n,g)、秘密鍵sk=(p,q)を出力する。 Key generation: Receives security parameter 1 ^ k.
K-bit prime numbers p and q are selected at random, and n = pq.
Next, g = 1 + n mod n ^ 2.
The public key pk = (n, g) and the secret key sk = (p, q) are output.
Z*_{n^2}からランダムにrを選ぶ。
C=(1+mn)・r^n mod n^2を計算する。
暗号文Cを出力する。 Encryption: pk = (n, g), message m is received as input.
Choose r at random from Z * _ {n ^ 2}.
C = (1 + mn) · r ^ n mod n ^ 2 is calculated.
Output ciphertext C.
λ=(p-1)(q-1)を計算する。
m=(c^{λ} mod n^2 -1)/(g^{λ} mod n^2 -1) mod nを計算する。
平文mを出力する。 Decryption: sk = (p, q), ciphertext C is received as input.
Calculate λ = (p−1) (q−1).
m = (c ^ {λ} mod n ^ 2 −1) / (g ^ {λ} mod n ^ 2 −1) mod n is calculated.
Output plaintext m.
2.ボブは、公開鍵pkを使用してα[0]、α[1]、…、α[n]をそれぞれ暗号化する。また、ボブは、暗号文C[0]、C[1]、…、C[n]をアリスに送付する。
3.アリスは、a^{n}、a^{n-1}、…、a^{0}を計算する。さらに、アリスは、C[n]^{a^{n}}、C[n-1]^{a^{n-1}}、…、C[0]^{a^{0}}を計算する。
4.アリスは、C=C[n]^{a^{n}}・C[n-1]^{a^{n-1}}・…・C[0]^{a^{0}}を計算する。凖同型性により、C=Enc(pk、F(a))である。また、アリスは、ランダムにrを選択し、C’=C^{r}とする。さらに、アリスは、C’をボブに送付する。
5.ボブは、受け取ったC’を復号する。ボブは、復号結果が0の場合、アリスは集合Bに含まれるデータを有すると判断し、復号結果が0以外の場合、アリスは集合Bに含まれるデータを持たないと判断する。 1. Bob generates a polynomial F (x) having a value of 0 when x = b1, b2, b3, and a value other than 0 otherwise. For example, F (x) = (x−b1) (x−b2) (x−b3) may be set. Such a polynomial can be easily generated using Lagrange interpolation. Here, the coefficients of F (x) are α [0], α [1],..., Α [n]. That is, F (x) = α [n] x ^ n + α [n-1] x ^ {n-1} + ... + α [1] x + α [0].
2. Bob encrypts α [0], α [1],..., Α [n] using the public key pk. Bob also sends ciphertexts C [0], C [1],..., C [n] to Alice.
3. Alice calculates a ^ {n}, a ^ {n-1}, ..., a ^ {0}. In addition, Alice replaces C [n] ^ {a ^ {n}}, C [n-1] ^ {a ^ {n-1}}, ..., C [0] ^ {a ^ {0}} calculate.
4). Alice uses C = C [n] ^ {a ^ {n}} ・ C [n-1] ^ {a ^ {n-1}} ...… C [0] ^ {a ^ {0}} calculate. Due to the isomorphism, C = Enc (pk, F (a)). Alice selects r at random and sets C ′ = C ^ {r}. In addition, Alice sends C 'to Bob.
5. Bob decrypts the received C ′. Bob determines that Alice has data included in set B if the decoding result is 0, and determines that Alice does not have data included in set B if the decoding result is other than 0.
2.ボブはEnc(pk,ra)を復号し、raを得る。
3.ボブは(ra)^{α[1]}、(ra)^{α[2]}、…、(ra)^{α[n]}を計算し、それぞれ公開鍵pkを用いて暗号化する。すなわち、C[i]=Enc(pk,(ra)^{α[i]})をi=1~nに対して行い、C[1]~C[n]をアリスに送付する。
4.アリスは、i=1~nに対してC’[i]=(C[i])^{1/(r^{i})}を計算する。
5.アリスはC=C’[1]・C’[2]・…・C’[n]・Enc(pk,α[0])を計算し、ボブに送付する。凖同型性より、C=Enc(pk,F(a))である。
6.ボブは、Cを復号する。ボブは、復号結果が0の場合、アリスが集合Bに含まれるデータの暗号文を有すると判断し、復号結果が0以外の場合、アリスが集合Bに含まれるデータの暗号文を持たないと判断する。 1. Alice chooses r at random, calculates Enc (pk, ra) = {Enc (pk, a)} ^ {r} and sends it to Bob.
2. Bob decrypts Enc (pk, ra) and gets ra.
3. Bob computes (ra) ^ {α [1]}, (ra) ^ {α [2]}, ..., (ra) ^ {α [n]} and encrypts each using the public key pk. . That is, C [i] = Enc (pk, (ra) ^ {α [i]}) is performed for i = 1 to n, and C [1] to C [n] are sent to Alice.
4). Alice calculates C ′ [i] = (C [i]) ^ {1 / (r ^ {i})} for i = 1 to n.
5. Alice calculates C = C '[1], C' [2], ..., C '[n], Enc (pk, α [0]), and sends it to Bob. From the isomorphism, C = Enc (pk, F (a)).
6). Bob decrypts C. Bob determines that Alice has the ciphertext of the data included in set B if the decryption result is 0, and if Alice has no ciphertext of the data included in set B if the decryption result is other than 0 to decide.
(ア)サーバは、B={0,1,…,δd}として、F(x)を生成する。
(イ)サーバは、Enc(pk,x2^2),Enc(pk,x2),Enc(pk,y2^2),Enc(pk,y2)をそれぞれ計算し、クライアントに送付する。
(ウ)クライアントは、Enc(pk,x1^2),Enc(pk,y1^2)を計算する。
(エ)クライアントは、Enc(pk,x1^2)・{Enc(pk,x2)}^{-2x1}・Enc(pk,x2^2)・Enc(pk,y1^2)・{Enc(pk,y2)}^{-2y1}・Enc(pk,y2^2)=Enc(pk,(x1-x2)^2+(y1-y2)^2)を計算する。
(オ)Aided Computation[クライアント(Enc(pk,(x1-x2)^2+(y1-y2)^2)),サーバ({0,1,…,δd},sk)](pk,F(x))を実行する。 (2) Distance match: First, the Euclidean distance between (x1, y1) and (x2, y2) is calculated with encryption.
(A) The server generates F (x) as B = {0, 1,..., Δd}.
(A) The server calculates Enc (pk, x2 ^ 2), Enc (pk, x2), Enc (pk, y2 ^ 2), and Enc (pk, y2), and sends them to the client.
(C) The client calculates Enc (pk, x1 ^ 2), Enc (pk, y1 ^ 2).
(D) Clients are Enc (pk, x1 ^ 2), {Enc (pk, x2)} ^ {-2x1}, Enc (pk, x2 ^ 2), Enc (pk, y1 ^ 2), {Enc ( pk, y2)} ^ {-2y1} · Enc (pk, y2 ^ 2) = Enc (pk, (x1-x2) ^ 2 + (y1-y2) ^ 2) is calculated.
(E) Aided Computation [Client (Enc (pk, (x1-x2) ^ 2 + (y1-y2) ^ 2)), Server ({0,1,…, δd}, sk)] (pk, F ( x)) is executed.
第1のノード、第2のノードおよび第3のノードを備え、
前記第1のノードは、公開鍵により認証データを暗号化して前記第3のノードに送信する暗号化部と、
前記認証データと照合される被認証データを受信すると、暗号化された前記認証データを前記第3のノードから取得して、前記被認証データと前記認証データとの距離を前記公開鍵により暗号化したまま算出する距離計算部と、
前記第3のノードから取得した多項式に前記距離を代入して前記公開鍵により暗号化した値を、照合用データとして生成して前記第2のノードに送信する照合用データ生成部と、を有し、
前記第2のノードは、前記公開鍵と秘密鍵の対を生成し、前記公開鍵を第1のノードに送信する鍵生成部と、
前記秘密鍵と前記照合用データに基づいて、前記被認証データを前記認証データと照合する照合部と、を有し、
前記第3のノードは、暗号化された前記認証データを保持する記憶部と、
前記多項式として、前記認証データと前記被認証データの距離の閾値をパラメータとして含む多項式を生成する照合用情報生成部と、を有する。 The collation system according to the first aspect of the present invention is:
Comprising a first node, a second node and a third node;
The first node encrypts authentication data with a public key and transmits the encrypted data to the third node;
When the data to be authenticated that is collated with the authentication data is received, the encrypted authentication data is obtained from the third node, and the distance between the data to be authenticated and the authentication data is encrypted with the public key A distance calculation unit to calculate as is,
A verification data generation unit that generates a value encrypted by the public key by substituting the distance into the polynomial acquired from the third node as verification data and transmits the verification data to the second node. And
The second node generates a pair of the public key and the secret key, and transmits the public key to the first node;
A collation unit that collates the data to be authenticated with the authentication data based on the secret key and the collation data;
The third node includes a storage unit that stores the encrypted authentication data;
A collation information generating unit that generates a polynomial that includes a threshold value of a distance between the authentication data and the data to be authenticated as a parameter.
公開鍵と秘密鍵の対を生成する第2のノードから受信した前記公開鍵により、認証データを暗号化して第3のノードに送信する暗号化部と、
前記認証データと照合される被認証データを受信すると、暗号化された前記認証データを前記第3のノードから取得して、前記被認証データと前記認証データとの距離を前記公開鍵により暗号化したまま算出する距離計算部と、
前記第3のノードから取得した多項式に前記距離を代入して前記公開鍵により暗号化した値を、照合用データとして生成して前記第2のノードに送信する照合用データ生成部と、を備え、
前記多項式は、前記認証データと前記被認証データの距離の閾値をパラメータとして含む。 The node according to the second aspect of the present invention is:
An encryption unit that encrypts authentication data with the public key received from the second node that generates a public key and private key pair, and transmits the encrypted authentication data to the third node;
When the data to be authenticated that is collated with the authentication data is received, the encrypted authentication data is obtained from the third node, and the distance between the data to be authenticated and the authentication data is encrypted with the public key A distance calculation unit to calculate as is,
A verification data generation unit that generates a value encrypted with the public key by substituting the distance into the polynomial acquired from the third node, and generates the verification data and transmits the verification data to the second node; ,
The polynomial includes a threshold value of a distance between the authentication data and the data to be authenticated as a parameter.
第1のノードが、公開鍵と秘密鍵の対を生成する第2のノードから受信した前記公開鍵により、認証データを暗号化して第3のノードに送信する工程と、
前記認証データと照合される被認証データを受信すると、暗号化された前記認証データを前記第3のノードから取得して、前記被認証データと前記認証データとの距離を前記公開鍵により暗号化したまま算出する工程と、
前記第3のノードから取得した多項式に前記距離を代入して前記公開鍵により暗号化した値を、照合用データとして生成して前記第2のノードに送信する工程と、を含み、
前記多項式は、前記認証データと前記被認証データの距離の閾値をパラメータとして含む。 The collation method according to the third aspect of the present invention is:
A first node encrypting authentication data with the public key received from the second node that generates a public key and private key pair and transmitting the encrypted data to the third node;
When the data to be authenticated that is collated with the authentication data is received, the encrypted authentication data is obtained from the third node, and the distance between the data to be authenticated and the authentication data is encrypted with the public key The process of calculating as it is,
Including substituting the distance into the polynomial obtained from the third node and encrypting the encrypted value using the public key as verification data and transmitting the verification data to the second node.
The polynomial includes a threshold value of a distance between the authentication data and the data to be authenticated as a parameter.
公開鍵と秘密鍵の対を生成する第2のノードから受信した前記公開鍵により、認証データを暗号化して第3のノードに送信する処理と、
前記認証データと照合される被認証データを受信すると、暗号化された前記認証データを前記第3のノードから取得して、前記被認証データと前記認証データとの距離を前記公開鍵により暗号化したまま算出する処理と、
前記第3のノードから取得した多項式に前記距離を代入して前記公開鍵により暗号化した値を、照合用データとして生成して前記第2のノードに送信する処理と、を第1のノードに設けられたコンピュータに実行させ、
前記多項式は、前記認証データと前記被認証データの距離の閾値をパラメータとして含む。
なお、プログラムは、非一時的なコンピュータ可読記録媒体(non-transitory computer-readable storage medium)に記録されたプログラム製品として提供することができる。 The program according to the fourth aspect of the present invention is:
A process of encrypting authentication data with the public key received from the second node that generates a public key and private key pair and transmitting the encrypted authentication data to the third node;
When the data to be authenticated that is collated with the authentication data is received, the encrypted authentication data is obtained from the third node, and the distance between the data to be authenticated and the authentication data is encrypted with the public key Processing while calculating
A process of substituting the distance into the polynomial obtained from the third node and generating a value encrypted with the public key as verification data and transmitting it to the second node. Run it on the computer provided,
The polynomial includes a threshold value of a distance between the authentication data and the data to be authenticated as a parameter.
The program can be provided as a program product recorded on a non-transitory computer-readable storage medium.
次に、第1の実施形態に係る照合システムついて図面を参照して詳細に説明する。 <Embodiment 1>
Next, the collation system according to the first embodiment will be described in detail with reference to the drawings.
図3は、照合システムのデータ登録フェーズにおける動作を一例として示すシーケンス図である。 [Data registration phase]
FIG. 3 is a sequence diagram illustrating an operation in the data registration phase of the verification system as an example.
図4は、照合システムの暗号文照合フェーズにおける動作を一例として示すシーケンス図である。 [Ciphertext verification phase]
FIG. 4 is a sequence diagram illustrating an operation in the ciphertext verification phase of the verification system as an example.
次に、第2の実施形態に係る照合システムについて、図面を参照して説明する。 <Embodiment 2>
Next, a verification system according to the second embodiment will be described with reference to the drawings.
図3を参照すると、照合補助装置50の鍵生成部51は、加法凖同型暗号の公開鍵pkおよび秘密鍵skを生成し、公開鍵pkを公開する(ステップA1)。 [Data registration phase]
Referring to FIG. 3, the
図4を参照すると、データ照合装置40の照合用情報生成部41は、記憶部31に記憶された暗号データと、暗号データに対応する識別子の組((Enc(pk,D),Enc(pk,D^2)),ID)を受け付け(ステップB1)、照合用情報を以下の手順で生成する(ステップB2)。 [Ciphertext verification phase]
Referring to FIG. 4, the collation information generating unit 41 of the data collating device 40 includes a set of encrypted data stored in the
2.Enc(pk,d(D,D’))=Enc(pk,D^2)・Enc(pk,D)^{-2D’}・Enc(pk,D’^2)を計算する。 1. Calculate Enc (pk, D '^ 2).
2. Enc (pk, d (D, D ')) = Enc (pk, D ^ 2) .Enc (pk, D) ^ {-2D'}. Enc (pk, D '^ 2) is calculated.
2.照合補助装置50の照合補助部52は、秘密鍵skを用いてEnc(pk,r・d(D,D’))を復号し、r・d(D,D’)を計算する。
3.照合補助部52は、(r・d(D,D’))^{2}、…、(r・d(D,D’))^{N}を計算し、公開鍵pkを用いてそれぞれ暗号化し、Enc(pk,((r・d(D,D’))^{2}))、…、Enc(pk,((r・d(D,D’))^{N}))を計算し、照合要求装置20へ出力する。
4.照合用データ生成部23は、ステップ1で選んだrを用いて、Enc(pk,((r・d(D,D’))^{2}))^{1/r^2}、…、Enc(pk,((r・d(D,D’))^{N}))^{1/(r^{N})}を計算し、Enc(pk,((d(D,D’))^{2}))、…、Enc(pk,((d(D,D’))^{N}))を得る。
5.Enc(pk,F(d(D,D’)))=(Enc(pk,((d(D,D’))^{N}))^{α[N]}・(Enc(pk,((d(D,D’))^{N-1}))^{α[N-1]}・…・(Enc(pk,d(D,D’)))^{α[1]}・Enc(pk,α[0])を計算する。
6.ランダムにRを選び、Enc(pk,F(d(D,D’)))^{R}を計算し、データ照合装置40に出力する。 1. R is selected at random, and Enc (pk, r · d (D, D ′)) = Enc (pk, d (D, D ′)) ^ {r} is calculated and sent to the verification assisting device 50.
2. The verification assistant unit 52 of the verification assistant device 50 decrypts Enc (pk, r · d (D, D ′)) using the secret key sk and calculates r · d (D, D ′).
3. The verification assistant 52 calculates (r · d (D, D ')) ^ {2}, ..., (r · d (D, D')) ^ {N}, and uses the public key pk, respectively. Enc (pk, ((r ・ d (D, D ')) ^ {2})), ..., Enc (pk, ((r ・ d (D, D')) ^ {N})) Is output to the verification requesting device 20.
4). The matching
5. Enc (pk, F (d (D, D '))) = (Enc (pk, ((d (D, D')) ^ {N})) ^ {α [N]} ・ (Enc (pk, ((d (D, D ')) ^ {N-1})) ^ {α [N-1]} ...… (Enc (pk, d (D, D'))) ^ {α [1] } ・ Enc (pk, α [0]) is calculated.
6). R is selected at random, and Enc (pk, F (d (D, D ′))) ^ {R} is calculated and output to the data verification device 40.
次に、第3の実施形態に係る照合システムについて説明する。 <Embodiment 3>
Next, a verification system according to the third embodiment will be described.
距離として1次元ユークリッド距離を用いる第2の実施形態に係る照合システムのデータ登録フェーズのステップA3において、暗号データ(Enc(pk,D),Enc(pk,D^2))を暗号データ(Enc(pk,Dx),Enc(pk,Dx^2),Enc(pk,Dy),Enc(pk,Dy^2))に置き換える。 [Data registration phase]
In step A3 of the data registration phase of the collation system according to the second embodiment using the one-dimensional Euclidean distance as the distance, the encrypted data (Enc (pk, D), Enc (pk, D ^ 2)) is converted into the encrypted data (Enc Replace with (pk, Dx), Enc (pk, Dx ^ 2), Enc (pk, Dy), Enc (pk, Dy ^ 2)).
距離として1次元ユークリッド距離を用いる第2の実施形態に係る照合システムの暗号文照合フェーズにおいて、ステップB6を以下のように変更する。 [Ciphertext verification phase]
In the ciphertext verification phase of the verification system according to the second embodiment using the one-dimensional Euclidean distance as the distance, step B6 is changed as follows.
2.Enc(pk,d(D,D’))=Enc(pk,Dx^2)・Enc(pk,Dx)^{-2D’x}・Enc(pk,D’x^2)・Enc(pk,Dy^2)・Enc(pk,Dy)^{-2D’y}・Enc(pk,D’y^2)を計算する。 1. Calculate Enc (pk, D'x ^ 2), Enc (pk, D'y ^ 2).
2. Enc (pk, d (D, D ')) = Enc (pk, Dx ^ 2), Enc (pk, Dx) ^ {-2D'x}, Enc (pk, D'x ^ 2), Enc (pk , Dy ^ 2) · Enc (pk, Dy) ^ {-2D'y} · Enc (pk, D'y ^ 2).
次に、第4の実施形態に係る照合システムについて、図面を参照して説明する。 <Embodiment 4>
Next, a verification system according to a fourth embodiment will be described with reference to the drawings.
図3を参照すると、照合補助装置50の鍵生成部51は、加法凖同型暗号の公開鍵pkおよび秘密鍵skを生成し、公開鍵pkを公開する(ステップA1)。 [Data registration phase]
Referring to FIG. 3, the
(Enc(pk,t),Enc(pk,t^2)),(Enc(pk,x),Enc(pk,x^2)),(Enc(pk,y),Enc(pk,y^2))
を生成し、記憶装置30に送付する(ステップA3)。 Next, the
(Enc (pk, t), Enc (pk, t ^ 2)), (Enc (pk, x), Enc (pk, x ^ 2)), (Enc (pk, y), Enc (pk, y ^ 2))
Is sent to the storage device 30 (step A3).
((Enc(pk,t),Enc(pk,t^2)),(Enc(pk,x),Enc(pk,x^2)),(Enc(pk,y),Enc(pk,y^2)),ID)
を記憶部31に記録する(ステップA5)。 When receiving the encrypted data, the identifier management unit 32 of the storage device 30 gives a unique identifier ID to the encrypted data (step A4). In addition, the identifier management unit 32 is a combination of encrypted data and an identifier.
((Enc (pk, t), Enc (pk, t ^ 2)), (Enc (pk, x), Enc (pk, x ^ 2)), (Enc (pk, y), Enc (pk, y ^ 2)), ID)
Is stored in the storage unit 31 (step A5).
図4を参照すると、データ照合装置40の照合用情報生成部41は、記憶部31に記憶された暗号データと、暗号データに対応する識別子の組
((Enc(pk,t),Enc(pk,t^2)),(Enc(pk,x),Enc(pk,x^2)),(Enc(pk,y),Enc(pk,y^2)),ID)
を入力とし(ステップB1)、照合用情報を次の手順で生成する(ステップB2)。 [Ciphertext verification phase]
Referring to FIG. 4, the verification information generation unit 41 of the data verification device 40 includes a set of encrypted data stored in the
((Enc (pk, t), Enc (pk, t ^ 2)), (Enc (pk, x), Enc (pk, x ^ 2)), (Enc (pk, y), Enc (pk, y ^ 2)), ID)
Is input (step B1), and verification information is generated by the following procedure (step B2).
2.1.と同様にして、x=0,1,…,d_eの場合G(x)=0、それ以外の場合G(x)≠0となる多項式G(x)をランダムに生成する。簡単のため、G(x)の係数をβ[0]~β[N’]とする。すなわち、G(x)=β[N’]x^n+β[N’-1]x^{n-1}+…+β[0]である。例えば、G(x)=x(x-1)(x-2)…(x-d_e)の場合、N’=d_eとなる。
3.((Enc(pk,t),Enc(pk,t^2)),(Enc(pk,x),Enc(pk,x^2)),(Enc(pk,y),Enc(pk,y^2)),α[0]~α[N],β[0]~β[N’])を照合用情報とする。 1. When x = 0, 1,..., d_t, a polynomial F (x) is generated randomly such that F (x) = 0, otherwise F (x) ≠ 0. For example, F (x) = x (x-1) (x-2)... (X-d_t) is a d_t + 1 order polynomial satisfying the above property. In general, a polynomial of d_t + 1 order or higher that satisfies such a condition can be easily constructed. For simplicity, the coefficient of F (x) is α [0] to α [N]. That is, F (x) = α [N] x ^ N + α [N-1] x ^ {N-1} + ... + α [0]. For example, when F (x) = x (x-1) (x-2)... (X-d_t), N = d_t.
2.1. Similarly, a polynomial G (x) that satisfies G (x) = 0 in the case of x = 0, 1,..., D_e, and G (x) ≠ 0 in other cases is randomly generated. For simplicity, the coefficient of G (x) is β [0] to β [N ′]. That is, G (x) = β [N '] x ^ n + β [N'-1] x ^ {n-1} + ... + β [0]. For example, when G (x) = x (x-1) (x-2)... (X-d_e), N ′ = d_e.
3. ((Enc (pk, t), Enc (pk, t ^ 2)), (Enc (pk, x), Enc (pk, x ^ 2)), (Enc (pk, y), Enc (pk, y ^ 2)), α [0] to α [N], β [0] to β [N ']) are used as collation information.
2.Enc(pk,d(t,t’))=Enc(pk,t^2)・Enc(pk,t)^{-2t’}・Enc(pk,t’^2)を計算する。
3.Enc(pk,d((x,y),(x’,y’)))=Enc(pk,x^2)・Enc(pk,x)^{-2x’}・Enc(pk,x’^2)・Enc(pk,y^2)・Enc(pk,y)^{-2y’}・Enc(pk,y’^2)を計算する。 1. Calculate Enc (pk, t '^ 2), Enc (pk, x' ^ 2), Enc (pk, y '^ 2).
2. Enc (pk, d (t, t ′)) = Enc (pk, t ^ 2) · Enc (pk, t) ^ {− 2t ′} · Enc (pk, t ′ ^ 2) is calculated.
3. Enc (pk, d ((x, y), (x ', y'))) = Enc (pk, x ^ 2) ・ Enc (pk, x) ^ {-2x '} ・ Enc (pk, x' ^ 2) ・ Enc (pk, y ^ 2) ・ Enc (pk, y) ^ {-2y '} ・ Enc (pk, y' ^ 2) is calculated.
2.ランダムにr_eを選び、
Enc(pk,r_e・d((x,y),(x’,y’)))=Enc(pk,d((x,y),(x’,y’)))^{r_e}
を計算し、1.で計算したEnc(pk,r_t・d(t,t’))とともに照合補助装置50に送付する。
3.照合補助装置50の照合補助部52は、秘密鍵skを用いてEnc(pk,r_t・d(t,t’))およびEnc(pk,r_e・d((x,y),(x’,y’)))を復号し、r_t・d(t,t’),r_e・d((x,y),(x’,y’))を計算する。
4.照合補助部52は、(r_t・d(t,t’))^{2}、…、(r_t・d(t,t’))^{N}、(r_e・d((x,y),(x’,y’)))^{2}、…、(r_e・d((x,y),(x’,y’)))^{N’}を計算し、公開鍵pkを用いてそれぞれ暗号化し、Enc(pk,(r_t・d(t,t’))^{2})、…、Enc(pk,(r_t・d(t,t’))^{N})、Enc(pk,(r_e・d((x,y),(x’,y’)))^{2})、…、Enc(pk,(r_e・d((x,y),(x’,y’)))^{N’})を計算し、照合要求装置20へ出力する。
5.照合用データ生成部23は、ステップ1、2で選んだr_t,r_eを用いて、Enc(pk,((r・Enc(pk,(r_t・d(t,t’))^{2})^{1/r_t^2}、…、Enc(pk,(r_t・d(t,t’))^{N})^{1/(r_t)^N}、Enc(pk,(r_e・d((x,y),(x’,y’)))^{2})^{1/r_e^2}、…、Enc(pk,(r_e・d((x,y),(x’,y’)))^{N’})^{1/(r_e)^{N}}を計算し、Enc(pk,((r・Enc(pk,(r_t・d(t,t’))^{2})、…、Enc(pk,(r_t・d(t,t’))^{N})、Enc(pk,(r_e・d((x,y),(x’,y’)))^{2})、…、Enc(pk,(r_e・d((x,y),(x’,y’)))^{N’})を得る。
6.Enc(pk,F(d(t,t’)))=(Enc(pk,((d(t,t’))^{N}))^{α[N]}・(Enc(pk,((d(t,t’))^{N-1}))^{α[N-1]}・…・(Enc(pk,d(t,t’)))^{α[1]}・Enc(pk,α[0]),Enc(pk,G(d((x,y),(x’,y’))))=(Enc(pk,((d((x,y),(x’,y’)))^{N’}))^{β[N’]}・(Enc(pk,((d((x,y),(x’,y’)))^{N’-1}))^{β[N’-1]}・…・(Enc(pk,d((x,y),(x’,y’))))^{β[1]}・Enc(pk,β[0])を計算する。
7.Enc(pk,d(D,D’))=Enc(pk,F(d(t,t’)))・Enc(pk,G(d((x,y),(x’,y’))))を計算する。
8.ランダムにRを選び、Enc(pk,F(d(D,D’)))^{R}を計算し、データ照合装置40に出力する。 1. R_t is selected at random, and Enc (pk, r_t · d (t, t ′)) = Enc (pk, d (t, t ′)) ^ {r_t} is calculated.
2. Choose r_e at random,
Enc (pk, r_e ・ d ((x, y), (x ', y'))) = Enc (pk, d ((x, y), (x ', y'))) ^ {r_e}
And is sent to the verification assistant device 50 together with Enc (pk, r_t · d (t, t ′)) calculated in 1.
3. The verification assistant unit 52 of the verification assistant device 50 uses the secret key sk to specify Enc (pk, r_t · d (t, t ′)) and Enc (pk, r_e · d ((x, y), (x ′, y ′))) is decoded and r_t · d (t, t ′) and r_e · d ((x, y), (x ′, y ′)) are calculated.
4). The collation assisting unit 52 has (r_t · d (t, t ')) ^ {2}, ..., (r_t · d (t, t')) ^ {N}, (r_e · d ((x, y) , (x ', y'))) ^ {2}, ..., (r_e · d ((x, y), (x ', y'))) ^ {N '} Enc (pk, (r_t · d (t, t ')) ^ {2}), ..., Enc (pk, (r_t · d (t, t')) ^ {N}), Enc (pk, (r_e ・ d ((x, y), (x ', y'))) ^ {2}), ..., Enc (pk, (r_e ・ d ((x, y), (x ' , y ′))) ^ {N ′}) is calculated and output to the verification requesting device 20.
5. The verification
6). Enc (pk, F (d (t, t '))) = (Enc (pk, ((d (t, t')) ^ {N})) ^ {α [N]} ・ (Enc (pk, ((d (t, t ')) ^ {N-1})) ^ {α [N-1]} ...… (Enc (pk, d (t, t'))) ^ {α [1] } ・ Enc (pk, α [0]), Enc (pk, G (d ((x, y), (x ', y'))))) = (Enc (pk, ((d ((x, y ), (x ', y'))) ^ {N '})) ^ {β [N']} ・ (Enc (pk, ((d ((x, y), (x ', y'))) ) ^ {N'-1})) ^ {β [N'-1]} ...… (Enc (pk, d ((x, y), (x ', y')))) ^ {β [ 1]} ・ Enc (pk, β [0]) is calculated.
7). Enc (pk, d (D, D ')) = Enc (pk, F (d (t, t'))) ・ Enc (pk, G (d ((x, y), (x ', y')) ))) Is calculated.
8). R is selected at random, and Enc (pk, F (d (D, D ′))) ^ {R} is calculated and output to the data verification device 40.
1.ランダムにsを選び、C=Enc(pk,F(d(D,D’)))^{R}・Enc(pk,s)を計算し、照合補助装置50に出力する。 When receiving the verification data, the verification auxiliary request unit 43 of the data verification device 40 generates a verification auxiliary request as follows and outputs it to the verification auxiliary device 50 (step B8).
1. S is selected at random, C = Enc (pk, F (d (D, D ′))) ^ {R} · Enc (pk, s) is calculated and output to the verification assisting device 50.
[形態1]
上記第1の視点に係る照合システムのとおりである。
[形態2]
前記暗号化部は、加法準同型性を有する暗号化方式に基づいて暗号化を行う、形態1に記載の照合システム。
[形態3]
前記暗号化部は、Paillier暗号に基づいて暗号化を行う、形態2に記載の照合システム。
[形態4]
前記照合用情報生成部は、前記多項式として、独立変数と前記認証データの距離が前記閾値以内であるときにゼロとなる多項式を生成する、形態1ないし3のいずれか一に記載の照合システム。
[形態5]
前記暗号化部は、さらに、前記公開鍵により前記認証データの2乗を暗号化して前記第3のノードに送信し、
前記記憶部は、さらに、暗号化された前記認証データの2乗を保持し、
前記距離計算部は、暗号化された前記認証データおよび暗号化された前記認証データの2乗を前記第3のノードから取得して、前記被認証データと前記認証データとの距離を前記公開鍵により暗号化したまま算出する、形態2ないし4のいずれか一に記載の照合システム。
[形態6]
前記認証データおよび前記被認証データは、n次元の要素を含み、
前記距離計算部は、前記被認証データと前記認証データとのn次元ユークリッド距離を、前記公開鍵により暗号化したまま算出する、形態5に記載の照合システム。
[形態7]
前記認証データおよび前記被認証データは、複数の要素を含み、
前記距離計算部は、各要素について前記距離を暗号化したまま算出し、
前記照合用情報生成部は、各要素について前記多項式を生成し、
前記照合用データ生成部は、各要素について前記照合用データを生成し、
前記照合部は、前記秘密鍵と前記複数の要素について生成された照合用データとを用いて、前記被認証データを前記認証データと照合する、形態1ないし6のいずれか一に記載の照合システム。
[形態8]
上記第2の視点に係るノードのとおりである。
[形態9]
前記暗号化部は、加法準同型性を有する暗号化方式に基づいて暗号化を行う、形態8に記載のノード。
[形態10]
前記暗号化部は、Paillier暗号に基づいて暗号化を行う、形態9に記載のノード。
[形態11]
前記多項式は、独立変数と前記認証データの距離が前記閾値以内であるときにゼロとなる多項式である、形態8ないし10のいずれか一に記載のノード。
[形態12]
前記暗号化部は、さらに、前記公開鍵により前記認証データの2乗を暗号化して前記第2のノードに送信し、
前記距離計算部は、暗号化された前記認証データおよび暗号化された前記認証データの2乗を前記第3のノードから取得して、前記被認証データと前記認証データとの距離を前記公開鍵により暗号化したまま算出する、形態9ないし11のいずれか一に記載のノード。
[形態13]
前記認証データおよび前記被認証データは、n次元の要素を含み、
前記距離計算部は、前記被認証データと前記認証データとのn次元ユークリッド距離を、前記公開鍵により暗号化したまま算出する、形態12に記載のノード。
[形態14]
前記認証データおよび前記被認証データは、複数の要素を含み、
前記距離計算部は、各要素について前記距離を暗号化したまま算出し、
前記照合用データ生成部は、各要素について生成された前記多項式を用いて、各要素について前記照合用データを生成して前記第2のノードに送信する、形態8ないし13のいずれか一に記載のノード。
[形態15]
第1のノード、第2のノードおよび第3のノードを備えた照合システムにおける照合方法であって、
前記第2のノードが、公開鍵と秘密鍵の対を生成し、前記公開鍵を第1のノードに送信する工程と、
前記第1のノードが、前記公開鍵により認証データを暗号化して前記第3のノードに送信する工程と、
前記第3のノードが、暗号化された前記認証データを保持する工程と、
前記第1のノードが、前記認証データと照合される被認証データを受信すると、暗号化された前記認証データを前記第3のノードから取得して、前記被認証データと前記認証データとの距離を前記公開鍵により暗号化したまま算出する工程と、
前記第3のノードが、前記被認証データと前記認証データの距離の閾値をパラメータとして含む多項式を生成して前記第1のノードに送信する工程と、
前記第1のノードが、前記多項式に前記距離を代入して前記公開鍵により暗号化した値を、照合用データとして生成して前記第2のノードに送信する工程と、
前記第2のノードが、前記秘密鍵と前記照合用データに基づいて、前記被認証データを前記認証データと照合する工程と、を含む、照合方法。
[形態16]
上記第3の視点に係る照合方法のとおりである。
[形態17]
前記第1のノードは、加法準同型性を有する暗号化方式に基づいて暗号化を行う、形態16に記載の照合方法。
[形態18]
前記第1のノードは、Paillier暗号に基づいて暗号化を行う、形態17に記載の照合方法。
[形態19]
前記多項式は、独立変数と前記認証データの距離が前記閾値以内であるときにゼロとなる多項式である、形態16ないし18のいずれか一に記載の照合方法。
[形態20]
前記第1のノードが、さらに、前記公開鍵により前記認証データの2乗を暗号化して前記第3のノードに送信する工程を含み、
前記第1のノードは、暗号化された前記認証データおよび暗号化された前記認証データの2乗を前記第3のノードから取得して、前記被認証データと前記認証データとの距離を前記公開鍵により暗号化したまま算出する、形態17ないし19のいずれか一に記載の照合方法。
[形態21]
前記認証データおよび前記被認証データは、n次元の要素を含み、
前記第1のノードは、前記被認証データと前記認証データとのn次元ユークリッド距離を、前記公開鍵により暗号化したまま算出する、形態20に記載の照合方法。
[形態22]
前記認証データおよび前記被認証データは、複数の要素を含み、
前記第1のノードは、各要素について前記距離を暗号化したまま算出し、
前記照合用データ生成部は、各要素について生成された前記多項式を用いて、各要素について前記照合用データを生成して前記第2のノードに送信する、形態16ないし21のいずれか一に記載の照合方法。
[形態23]
上記第4の視点に係るプログラムのとおりである。
[形態24]
加法準同型性を有する暗号化方式に基づいて暗号化する処理を、前記コンピュータに実行させる、形態23に記載のプログラム。
[形態25]
Paillier暗号に基づいて暗号化する処理を、前記コンピュータに実行させる、形態24に記載のプログラム。
[形態26]
前記多項式は、独立変数と前記認証データの距離が前記閾値以内であるときにゼロとなる多項式である、形態23ないし25のいずれか一に記載のプログラム。
[形態27]
前記公開鍵により前記認証データの2乗を暗号化して前記第3のノードに送信する処理と、
暗号化された前記認証データおよび暗号化された前記認証データの2乗を前記第3のノードから取得して、前記被認証データと前記認証データとの距離を前記公開鍵により暗号化したまま算出する処理と、を前記コンピュータに実行させる、形態24ないし26のいずれか一に記載のプログラム。
[形態28]
前記認証データおよび前記被認証データは、n次元の要素を含み、
前記被認証データと前記認証データとのn次元ユークリッド距離を、前記公開鍵により暗号化したまま算出する処理を、前記コンピュータに実行させる、形態27に記載のプログラム。
[形態29]
前記認証データおよび前記被認証データは、複数の要素を含み、
各要素について前記距離を暗号化したまま算出する処理と、
前記照合用データ生成部は、各要素について生成された前記多項式を用いて、各要素について前記照合用データを生成して前記第2のノードに送信処理と、を前記コンピュータに実行させる、形態23ないし28のいずれか一に記載のプログラム。 In the present invention, the following modes are possible.
[Form 1]
It is as the collation system which concerns on the said 1st viewpoint.
[Form 2]
The collation system according to aspect 1, wherein the encryption unit performs encryption based on an encryption method having additive homomorphism.
[Form 3]
The collation system according to mode 2, wherein the encryption unit performs encryption based on Paillier encryption.
[Form 4]
The collation system according to any one of aspects 1 to 3, wherein the collation information generation unit generates a polynomial that becomes zero when the distance between the independent variable and the authentication data is within the threshold as the polynomial.
[Form 5]
The encryption unit further encrypts the square of the authentication data with the public key and transmits it to the third node,
The storage unit further holds the square of the encrypted authentication data,
The distance calculation unit acquires the encrypted authentication data and the square of the encrypted authentication data from the third node, and calculates the distance between the authentication target data and the authentication data as the public key. 5. The collation system according to any one of forms 2 to 4, wherein calculation is performed with encryption performed by the method.
[Form 6]
The authentication data and the data to be authenticated include an n-dimensional element,
The collation system according to
[Form 7]
The authentication data and the data to be authenticated include a plurality of elements,
The distance calculation unit calculates the distance while encrypting each element,
The verification information generation unit generates the polynomial for each element,
The verification data generation unit generates the verification data for each element,
The verification system according to any one of modes 1 to 6, wherein the verification unit uses the secret key and verification data generated for the plurality of elements to verify the data to be authenticated with the authentication data. .
[Form 8]
As in the node according to the second viewpoint.
[Form 9]
The node according to mode 8, wherein the encryption unit performs encryption based on an encryption method having additive homomorphism.
[Mode 10]
The node according to mode 9, wherein the encryption unit performs encryption based on Paillier encryption.
[Form 11]
The node according to any one of forms 8 to 10, wherein the polynomial is a polynomial that becomes zero when the distance between the independent variable and the authentication data is within the threshold.
[Form 12]
The encryption unit further encrypts the square of the authentication data with the public key and transmits it to the second node,
The distance calculation unit acquires the encrypted authentication data and the square of the encrypted authentication data from the third node, and calculates the distance between the authentication target data and the authentication data as the public key. The node according to any one of forms 9 to 11, wherein the node is calculated while encrypted according to the above.
[Form 13]
The authentication data and the data to be authenticated include an n-dimensional element,
The node according to mode 12, wherein the distance calculation unit calculates an n-dimensional Euclidean distance between the data to be authenticated and the authentication data while being encrypted with the public key.
[Form 14]
The authentication data and the data to be authenticated include a plurality of elements,
The distance calculation unit calculates the distance while encrypting each element,
The collation data generation unit generates the collation data for each element using the polynomial generated for each element, and transmits the collation data to the second node. Nodes.
[Form 15]
A verification method in a verification system comprising a first node, a second node, and a third node, comprising:
The second node generates a public / private key pair and transmits the public key to the first node;
The first node encrypts authentication data with the public key and transmits it to the third node;
The third node holding the encrypted authentication data;
When the first node receives data to be authenticated that is collated with the authentication data, the encrypted authentication data is acquired from the third node, and the distance between the data to be authenticated and the authentication data Calculating with encryption using the public key;
The third node generates a polynomial including a threshold value of a distance between the data to be authenticated and the authentication data as a parameter and transmits the generated polynomial to the first node;
A step in which the first node substitutes the distance into the polynomial and encrypts a value encrypted with the public key as verification data and transmits the data to the second node;
The second node includes a step of comparing the authentication target data with the authentication data based on the secret key and the verification data.
[Form 16]
It is as the collation method which concerns on the said 3rd viewpoint.
[Form 17]
The collation method according to mode 16, wherein the first node performs encryption based on an encryption method having additive homomorphism.
[Form 18]
The collation method according to mode 17, wherein the first node performs encryption based on Paillier encryption.
[Form 19]
The collation method according to any one of modes 16 to 18, wherein the polynomial is a polynomial that becomes zero when the distance between the independent variable and the authentication data is within the threshold.
[Form 20]
The first node further includes encrypting the square of the authentication data with the public key and transmitting to the third node;
The first node acquires the encrypted authentication data and the square of the encrypted authentication data from the third node, and discloses the distance between the authentication target data and the authentication data. 20. The collation method according to any one of forms 17 to 19, wherein the calculation is performed while encrypted with a key.
[Form 21]
The authentication data and the data to be authenticated include an n-dimensional element,
The collation method according to mode 20, wherein the first node calculates an n-dimensional Euclidean distance between the data to be authenticated and the authentication data while being encrypted with the public key.
[Form 22]
The authentication data and the data to be authenticated include a plurality of elements,
The first node calculates the distance while encrypting each element,
The collation data generation unit generates the collation data for each element using the polynomial generated for each element, and transmits the collation data to the second node. Collation method.
[Form 23]
The program is related to the fourth viewpoint.
[Form 24]
The program according to
[Form 25]
The program according to mode 24, which causes the computer to execute processing for encryption based on Paillier encryption.
[Form 26]
The program according to any one of
[Form 27]
A process of encrypting the square of the authentication data with the public key and transmitting it to the third node;
Obtaining the encrypted authentication data and the square of the encrypted authentication data from the third node, and calculating the distance between the data to be authenticated and the authentication data encrypted with the public key The program according to any one of forms 24 to 26, which causes the computer to execute a process to perform.
[Form 28]
The authentication data and the data to be authenticated include an n-dimensional element,
The program according to aspect 27, causing the computer to execute a process of calculating an n-dimensional Euclidean distance between the authentication data and the authentication data while being encrypted with the public key.
[Form 29]
The authentication data and the data to be authenticated include a plurality of elements,
A process of calculating the distance for each element with encryption;
The collation data generation unit generates the collation data for each element using the polynomial generated for each element, and causes the second node to perform transmission processing on the computer. Thirty-eighth program.
11 暗号化部
20 照合要求装置
21 照合要求部
22 距離計算部
23 照合用データ生成部
30 記憶装置
31 記憶部
32 識別子管理部
40 データ照合装置
41 照合用情報生成部
42 照合用情報送付部
43 照合補助要求部
44 判定部
50 照合補助装置
51 鍵生成部
52 照合補助部
53 総合結果補助部
54 照合部
100、200、300 ノード DESCRIPTION OF SYMBOLS 10 Registration
Claims (10)
- 第1のノード、第2のノードおよび第3のノードを備え、
前記第1のノードは、公開鍵により認証データを暗号化して前記第3のノードに送信する暗号化部と、
前記認証データと照合される被認証データを受信すると、暗号化された前記認証データを前記第3のノードから取得して、前記被認証データと前記認証データとの距離を前記公開鍵により暗号化したまま算出する距離計算部と、
前記第3のノードから取得した多項式に前記距離を代入して前記公開鍵により暗号化した値を、照合用データとして生成して前記第2のノードに送信する照合用データ生成部と、を有し、
前記第2のノードは、前記公開鍵と秘密鍵の対を生成し、前記公開鍵を第1のノードに送信する鍵生成部と、
前記秘密鍵と前記照合用データに基づいて、前記被認証データを前記認証データと照合する照合部と、を有し、
前記第3のノードは、暗号化された前記認証データを保持する記憶部と、
前記多項式として、前記認証データと前記被認証データの距離の閾値をパラメータとして含む多項式を生成する照合用情報生成部と、を有する、照合システム。 Comprising a first node, a second node and a third node;
The first node encrypts authentication data with a public key and transmits the encrypted data to the third node;
When the data to be authenticated that is collated with the authentication data is received, the encrypted authentication data is obtained from the third node, and the distance between the data to be authenticated and the authentication data is encrypted with the public key A distance calculation unit to calculate as is,
A verification data generation unit that generates a value encrypted by the public key by substituting the distance into the polynomial acquired from the third node as verification data and transmits the verification data to the second node. And
The second node generates a pair of the public key and the secret key, and transmits the public key to the first node;
A collation unit that collates the data to be authenticated with the authentication data based on the secret key and the collation data;
The third node includes a storage unit that stores the encrypted authentication data;
A collation system comprising: a collation information generating unit that generates a polynomial that includes a threshold value of a distance between the authentication data and the data to be authenticated as a parameter as the polynomial. - 前記暗号化部は、加法準同型性を有する暗号化方式に基づいて暗号化を行う、請求項1に記載の照合システム。 The verification system according to claim 1, wherein the encryption unit performs encryption based on an encryption method having additive homomorphism.
- 前記暗号化部は、Paillier暗号に基づいて暗号化を行う、請求項2に記載の照合システム。 The verification system according to claim 2, wherein the encryption unit performs encryption based on Paillier encryption.
- 前記照合用情報生成部は、前記多項式として、独立変数と前記認証データの距離が前記閾値以内であるときにゼロとなる多項式を生成する、請求項1ないし3のいずれか1項に記載の照合システム。 The collation according to any one of claims 1 to 3, wherein the collation information generation unit generates a polynomial that becomes zero when the distance between the independent variable and the authentication data is within the threshold as the polynomial. system.
- 前記暗号化部は、さらに、前記公開鍵により前記認証データの2乗を暗号化して前記第3のノードに送信し、
前記記憶部は、さらに、暗号化された前記認証データの2乗を保持し、
前記距離計算部は、暗号化された前記認証データおよび暗号化された前記認証データの2乗を前記第3のノードから取得して、前記被認証データと前記認証データとの距離を前記公開鍵により暗号化したまま算出する、請求項2ないし4のいずれか1項に記載の照合システム。 The encryption unit further encrypts the square of the authentication data with the public key and transmits it to the third node,
The storage unit further holds the square of the encrypted authentication data,
The distance calculation unit acquires the encrypted authentication data and the square of the encrypted authentication data from the third node, and calculates the distance between the authentication target data and the authentication data as the public key. The collation system according to any one of claims 2 to 4, wherein the collation system calculates the data while encrypting it. - 前記認証データおよび前記被認証データは、n次元の要素を含み、
前記距離計算部は、前記被認証データと前記認証データとのn次元ユークリッド距離を、前記公開鍵により暗号化したまま算出する、請求項5に記載の照合システム。 The authentication data and the data to be authenticated include an n-dimensional element,
The collation system according to claim 5, wherein the distance calculation unit calculates an n-dimensional Euclidean distance between the data to be authenticated and the authentication data while being encrypted with the public key. - 前記認証データおよび前記被認証データは、複数の要素を含み、
前記距離計算部は、各要素について前記距離を暗号化したまま算出し、
前記照合用情報生成部は、各要素について前記多項式を生成し、
前記照合用データ生成部は、各要素について前記照合用データを生成し、
前記照合部は、前記秘密鍵と前記複数の要素について生成された照合用データとを用いて、前記被認証データを前記認証データと照合する、請求項1ないし6のいずれか1項に記載の照合システム。 The authentication data and the data to be authenticated include a plurality of elements,
The distance calculation unit calculates the distance while encrypting each element,
The verification information generation unit generates the polynomial for each element,
The verification data generation unit generates the verification data for each element,
The said collation part collates the said to-be-authenticated data with the said authentication data using the said secret key and the data for collation produced | generated about the said some element, The any one of Claim 1 thru | or 6 Matching system. - 公開鍵と秘密鍵の対を生成する第2のノードから受信した前記公開鍵により、認証データを暗号化して第3のノードに送信する暗号化部と、
前記認証データと照合される被認証データを受信すると、暗号化された前記認証データを前記第3のノードから取得して、前記被認証データと前記認証データとの距離を前記公開鍵により暗号化したまま算出する距離計算部と、
前記第3のノードから取得した多項式に前記距離を代入して前記公開鍵により暗号化した値を、照合用データとして生成して前記第2のノードに送信する照合用データ生成部と、を備え、
前記多項式は、前記認証データと前記被認証データの距離の閾値をパラメータとして含む、ノード。 An encryption unit that encrypts authentication data with the public key received from the second node that generates a public key and private key pair, and transmits the encrypted authentication data to the third node;
When the data to be authenticated that is collated with the authentication data is received, the encrypted authentication data is obtained from the third node, and the distance between the data to be authenticated and the authentication data is encrypted with the public key A distance calculation unit that calculates as is,
A verification data generation unit that generates a value encrypted with the public key by substituting the distance into the polynomial acquired from the third node, and generates the verification data and transmits the verification data to the second node; ,
The polynomial is a node including a threshold value of a distance between the authentication data and the authentication data as a parameter. - 第1のノードが、公開鍵と秘密鍵の対を生成する第2のノードから受信した前記公開鍵により、認証データを暗号化して第3のノードに送信する工程と、
前記認証データと照合される被認証データを受信すると、暗号化された前記認証データを前記第3のノードから取得して、前記被認証データと前記認証データとの距離を前記公開鍵により暗号化したまま算出する工程と、
前記第3のノードから取得した多項式に前記距離を代入して前記公開鍵により暗号化した値を、照合用データとして生成して前記第2のノードに送信する工程と、を含み、
前記多項式は、前記認証データと前記被認証データの距離の閾値をパラメータとして含む、照合方法。 A first node encrypting authentication data with the public key received from the second node that generates a public key and private key pair and transmitting the encrypted data to the third node;
When the data to be authenticated that is collated with the authentication data is received, the encrypted authentication data is obtained from the third node, and the distance between the data to be authenticated and the authentication data is encrypted with the public key The process of calculating as it is,
Including substituting the distance into the polynomial obtained from the third node and encrypting the encrypted value using the public key as verification data and transmitting the verification data to the second node.
The matching method, wherein the polynomial includes a threshold value of a distance between the authentication data and the data to be authenticated as a parameter. - 公開鍵と秘密鍵の対を生成する第2のノードから受信した前記公開鍵により、認証データを暗号化して第3のノードに送信する処理と、
前記認証データと照合される被認証データを受信すると、暗号化された前記認証データを前記第3のノードから取得して、前記被認証データと前記認証データとの距離を前記公開鍵により暗号化したまま算出する処理と、
前記第3のノードから取得した多項式に前記距離を代入して前記公開鍵により暗号化した値を、照合用データとして生成して前記第2のノードに送信する処理と、を第1のノードに設けられたコンピュータに実行させ、
前記多項式は、前記認証データと前記被認証データの距離の閾値をパラメータとして含む、プログラム。 A process of encrypting authentication data with the public key received from the second node that generates a public key and private key pair and transmitting the encrypted authentication data to the third node;
When the data to be authenticated that is collated with the authentication data is received, the encrypted authentication data is obtained from the third node, and the distance between the data to be authenticated and the authentication data is encrypted with the public key Processing while calculating
A process of substituting the distance into the polynomial obtained from the third node and generating a value encrypted with the public key as verification data and transmitting it to the second node. Run it on the computer provided,
The polynomial program includes a threshold value of a distance between the authentication data and the authentication target data as a parameter.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2015517108A JPWO2014185450A1 (en) | 2013-05-15 | 2014-05-14 | Verification system, node, verification method and program |
US14/787,848 US9910478B2 (en) | 2013-05-17 | 2014-05-14 | Collation system, node, collation method, and computer readable medium |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2013-102955 | 2013-05-15 | ||
JP2013102955 | 2013-05-15 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2014185450A1 true WO2014185450A1 (en) | 2014-11-20 |
Family
ID=51898426
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2014/062820 WO2014185450A1 (en) | 2013-05-15 | 2014-05-14 | Verification system, node, verification method, and program |
Country Status (2)
Country | Link |
---|---|
JP (1) | JPWO2014185450A1 (en) |
WO (1) | WO2014185450A1 (en) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2016152130A1 (en) * | 2015-03-23 | 2016-09-29 | 日本電気株式会社 | Information processing system, node, authentication method and storage medium |
JP2016224905A (en) * | 2015-05-29 | 2016-12-28 | パナソニック インテレクチュアル プロパティ コーポレーション オブ アメリカPanasonic Intellectual Property Corporation of America | Similar information search method, server device, and similar information search system |
EP3182640A1 (en) | 2015-12-14 | 2017-06-21 | Panasonic Intellectual Property Corporation of America | Search method, search device, search system, and program |
EP3349392A1 (en) | 2017-01-16 | 2018-07-18 | Panasonic Intellectual Property Corporation of America | Information processing method and information processing system |
US10778431B2 (en) | 2016-01-18 | 2020-09-15 | Mitsubishi Electric Corporation | Encrypted text conversion device, computer readable medium, and encryption text conversion method |
US10826680B2 (en) | 2015-06-18 | 2020-11-03 | Nec Corporation | Collation system, collation method, and non-transitory recording medium |
US11101975B2 (en) | 2016-12-02 | 2021-08-24 | Nec Corporation | Ciphertext matching system and ciphertext matching method |
US11451368B2 (en) | 2016-06-02 | 2022-09-20 | Nec Corporation | Encrypted information matching device, encrypted information matching method, and recording medium having encrypted information matching program stored thereon |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2008521025A (en) * | 2004-11-16 | 2008-06-19 | コーニンクレッカ フィリップス エレクトロニクス エヌ ヴィ | Secure calculation of similarity measures |
US20090310779A1 (en) * | 2006-07-20 | 2009-12-17 | Privylink Pte Ltd | Method for generating cryptographic key from biometric data |
WO2011052056A1 (en) * | 2009-10-29 | 2011-05-05 | 三菱電機株式会社 | Data processing device |
WO2012056582A1 (en) * | 2010-10-29 | 2012-05-03 | 株式会社日立製作所 | Information authentication method and information authentication system |
JP2012169908A (en) * | 2011-02-15 | 2012-09-06 | Kddi Corp | Authentication system, authentication method, and program |
-
2014
- 2014-05-14 WO PCT/JP2014/062820 patent/WO2014185450A1/en active Application Filing
- 2014-05-14 JP JP2015517108A patent/JPWO2014185450A1/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2008521025A (en) * | 2004-11-16 | 2008-06-19 | コーニンクレッカ フィリップス エレクトロニクス エヌ ヴィ | Secure calculation of similarity measures |
US20090310779A1 (en) * | 2006-07-20 | 2009-12-17 | Privylink Pte Ltd | Method for generating cryptographic key from biometric data |
WO2011052056A1 (en) * | 2009-10-29 | 2011-05-05 | 三菱電機株式会社 | Data processing device |
WO2012056582A1 (en) * | 2010-10-29 | 2012-05-03 | 株式会社日立製作所 | Information authentication method and information authentication system |
JP2012169908A (en) * | 2011-02-15 | 2012-09-06 | Kddi Corp | Authentication system, authentication method, and program |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2016152130A1 (en) * | 2015-03-23 | 2016-09-29 | 日本電気株式会社 | Information processing system, node, authentication method and storage medium |
JP2016224905A (en) * | 2015-05-29 | 2016-12-28 | パナソニック インテレクチュアル プロパティ コーポレーション オブ アメリカPanasonic Intellectual Property Corporation of America | Similar information search method, server device, and similar information search system |
US10826680B2 (en) | 2015-06-18 | 2020-11-03 | Nec Corporation | Collation system, collation method, and non-transitory recording medium |
EP3182640A1 (en) | 2015-12-14 | 2017-06-21 | Panasonic Intellectual Property Corporation of America | Search method, search device, search system, and program |
US10303893B2 (en) | 2015-12-14 | 2019-05-28 | Panasonic Intellectual Property Corporation Of America | Search method, search device, search system, and program |
US10778431B2 (en) | 2016-01-18 | 2020-09-15 | Mitsubishi Electric Corporation | Encrypted text conversion device, computer readable medium, and encryption text conversion method |
US11451368B2 (en) | 2016-06-02 | 2022-09-20 | Nec Corporation | Encrypted information matching device, encrypted information matching method, and recording medium having encrypted information matching program stored thereon |
US11101975B2 (en) | 2016-12-02 | 2021-08-24 | Nec Corporation | Ciphertext matching system and ciphertext matching method |
EP3349392A1 (en) | 2017-01-16 | 2018-07-18 | Panasonic Intellectual Property Corporation of America | Information processing method and information processing system |
US10649919B2 (en) | 2017-01-16 | 2020-05-12 | Panasonic Intellectual Property Corporation Of America | Information processing method and information processing system |
Also Published As
Publication number | Publication date |
---|---|
JPWO2014185450A1 (en) | 2017-02-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Tanveer et al. | RAMP-IoD: A robust authenticated key management protocol for the Internet of Drones | |
US11882218B2 (en) | Matching system, method, apparatus, and program | |
KR102717212B1 (en) | Secure, multi-agency, loss-proof storage and transfer of cryptographic keys for blockchain-based systems linked to wallet management systems | |
WO2014185450A1 (en) | Verification system, node, verification method, and program | |
WO2016203762A1 (en) | Crypto-information creation device, crypto-information creation method, recording medium, and collation system | |
JP6229716B2 (en) | Verification system, node, verification method and program | |
US9910478B2 (en) | Collation system, node, collation method, and computer readable medium | |
JP6931247B2 (en) | Ciphertext matching systems, methods, and programs | |
JP7259868B2 (en) | system and client | |
Maitra et al. | An enhanced multi‐server authentication protocol using password and smart‐card: cryptanalysis and design | |
JP6451938B2 (en) | Ciphertext verification system, method, and program | |
CN111786786A (en) | Agent re-encryption method and system supporting equation judgment in cloud computing environment | |
JP6738061B2 (en) | Ciphertext verification system, method, and recording medium | |
WO2018174063A1 (en) | Collating system, method, device, and program | |
JP6791263B2 (en) | Ciphertext collation system and ciphertext collation method | |
JP7276423B2 (en) | Cryptographic system, key generation device, key generation method, key generation program, and homomorphic arithmetic device | |
Buhari et al. | Web applications login authentication scheme using hybrid cryptography with user anonymity | |
Altarawneh | A strong combination of cryptographic techniques to secure cloud-hosted data | |
WO2017170780A1 (en) | Cryptogram collation system, node device, cryptogram collation method, and program | |
CN110572256B (en) | Anti-quantum computing asymmetric key management method and system based on asymmetric key pool and implicit certificate | |
Divya et al. | Security in data forwarding through elliptic curve cryptography in cloud | |
WO2016152130A1 (en) | Information processing system, node, authentication method and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 14798485 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2015517108 Country of ref document: JP Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 14787848 Country of ref document: US |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 14798485 Country of ref document: EP Kind code of ref document: A1 |