Encryption system, encryption processing method of encryption system, encryption device, decryption device, setup device, key generation device, and key delegation device using a user identifier for a user who belongs to a k-th hierarchy in an organization

摘要

In a wildcard-applicable anonymous hierarchical identity-based encryption system, it is aimed to make the number of pairing operations a fixed number. A user identifier ID and a pattern P are used. The user identifier ID includes k number of hierarchy identifiers. The pattern P includes either of a hierarchy identifier, a wildcard value and a blank value for each hierarchy. An encryption device 400 extracts a key value H corresponding to a hierarchy of the wildcard value and a key value H corresponding to a hierarchy of a pattern value from a public key PK, calculates a cipher value C1 and a cipher value C3, and outputs ciphertext data CT including plaintext cipher value C0, the cipher value C1, and the cipher value C3. A decryption device 300 extracts the hierarchy identifier of the hierarchy corresponding to the wildcard value from the user identifier ID, decrypts the plaintext cipher value C0 included in the ciphertext data CT using the extracted hierarchy identifier, the cipher value C1 and the cipher value C3 which are included in the ciphertext data CT, and outputs plaintext data M.

主权项

1. An encryption system using a user identifier ID including a hierarchy identifier of a user who belongs to a k-th hierarchy in an organization having a hierarchical structure with k hierarchies, the user identifier ID including (k−1) number of hierarchy identifiers identifying the user's membership in hierarchies from a first hierarchy to a (k−1)-th hierarchy, where k is a specific integer equal to or greater than 2, the encryption system comprising:
an encryption device
inputting plaintext data M to be encrypted,encrypting the inputted plaintext data M to calculate a plaintext cipher value C0,inputting a pattern P including a value for each of the k hierarchies, the value for each of the k hierarchies indicating one of
the hierarchy identifier identifying the user's membership in the respective hierarchy,a wildcard value which indicates the user is an arbitrary user, anda blank value which indicates the respective hierarchy is an unnecessary hierarchy for the user,discriminating a hierarchy as a wildcard hierarchy in a case where the inputted value is the wildcard value,inputting a public key PK including a first key value group including k number of key values which relates to k number of hierarchies,extracting a first key value which relates to the wildcard hierarchy from the first key value group included in the inputted public key PK as a wildcard key value,calculating a wildcard cipher value C1 used for decrypting the plaintext cipher value C0 using the extracted wildcard key value,discriminating a hierarchy as an identifying hierarchy in a case where the inputted value is the hierarchy identifier,extracting a second key value which relates to the identifying hierarchy from the first key value group included in the inputted public key PK as an identifying key value,calculating an identifying cipher value C3 used for decrypting the plaintext cipher value C0 using the extracted identifying key value,generating ciphertext data CT including the plaintext cipher value C0, the wildcard cipher value C1, and the identifying cipher value C3 and including a wildcard hierarchical value W which indicates the wildcard hierarchy, andoutputting the generated ciphertext data CT; and a decryption device
inputting the ciphertext data CT and the user identifier ID,extracting the hierarchy identifier of the wildcard hierarchy from the inputted user identifier ID as a wildcard identifier based on the wildcard hierarchical value W included in the inputted ciphertext data CT,decrypting the plaintext cipher value C0 included in the inputted ciphertext data CT using the extracted wildcard identifier, the wildcard cipher value C1 and the identifying cipher value C3 which are included in the inputted ciphertext data CT, andoutputting the plaintext data M obtained by decrypting the plaintext cipher value C0.