Cryptographic system, cryptographic communication method, encryption apparatus, key generation apparatus, decryption apparatus, content server, program, and storage medium

摘要

A cryptographic communication technology that is based on predicate encryption and that can operate flexibly is provided. A conversion rule information pair is determined in advance, which has attribute conversion rule information prescribing a conversion rule for converting attribute designation information to attribute information used in a predicate encryption algorithm and predicate conversion rule information prescribing a conversion rule for converting predicate designation information to predicate information used in the predicate encryption algorithm. One kind of conversion rule information included in the conversion rule information pair is used to obtain first attribute information or first predicate information from input information. The first attribute information or the first predicate information is used for encryption. Encryption information is decrypted with a decryption key generated by using second attribute information or second predicate information obtained from user information by using the other kind of conversion rule information.

主权项

1. A cryptographic system that uses predicate encryption, comprising at least:
one or a plurality of encryption apparatuses; one or a plurality of key generation apparatuses; and one or a plurality of decryption apparatuses; wherein a private key and a public key corresponding to the private key are determined in advance for each of the one or the plurality of key generation apparatuses; one or a plurality of conversion rule information pairs are determined in advance, each pair of which has attribute conversion rule information prescribing a conversion rule for converting attribute designation information that designates an attribute to attribute information used in a predicate encryption algorithm and predicate conversion rule information prescribing a conversion rule for converting predicate designation information that designates a predicate to predicate information used in the predicate encryption algorithm; policy information that identifies one of the attribute conversion rule information and the predicate conversion rule information is determined in advance; each of the one or the plurality of encryption apparatuses comprises circuitry configured to:
use one kind of conversion rule information of the attribute conversion rule information and the predicate conversion rule information included in one conversion rule information pair selected from the one or the plurality of conversion rule information pairs, the one kind of conversion rule information being selected together with the policy information according to whether input information input to the encryption apparatus is either the attribute designation information or the predicate designation information, to obtain first attribute information or first predicate information from the input information; anduse the first attribute information or the first predicate information, together with the public key of the key generation apparatus, to obtain a common key, and encryption information corresponding to the common key or corresponding to information used to generate the common key, according to the predicate encryption algorithm; each of the one or the plurality of key generation apparatuses comprises circuitry configured to:
use the conversion rule information paired with the conversion rule information identified by the policy information to obtain second attribute information or second predicate information from the attribute designation information or the predicate designation information corresponding to a user of the decryption apparatus; anduse the second attribute information or the second predicate information together with the private key of the key generation apparatus, to generate a decryption key used to decrypt the encryption information; and each of the one or the plurality of decryption apparatuses comprises circuitry configured to use the decryption key to apply a decryption process to the encryption information according to the predicate encryption algorithm.