Abstract: An encryption method is provided. According to the encryption method, a scaling factor may be reflected in a message and then, a homomorphic ciphertext may be generated using a public key. The generated ciphertext is, when decryption is performed, generated in a form that a result value obtained by adding an error value to a value obtained by reflecting the scaling factor in the message is restored. Accordingly, a homomorphic ciphertext capable of being computed in a ciphertext state can be effectively generated.

Abstract: A data sharing method of a user device is provided. The data sharing method includes receiving, from a server device storing information, a private key corresponding to the information, performing a homomorphic encryption of the private key by a homomorphic encryption key provided from the server device, and generating a switch key, and uploading the switch key to a blockchain system. Accordingly, a more effective and clear data sharing is provided.

Abstract: An encryption apparatus includes a setting generator configured to generate a public key and a secret key necessary for encryption; and an encryptor configured to generate a homomorphic ciphertext which allows multiplication operation by using the generated public key and a plaintext.

Abstract: A method for managing data by an electronic device is provided. The method includes receiving first data inputted from a user, generating second data by encrypting the first data using a public key, generating a query comprising the second data, transmitting the query to a server, receiving third data corresponding to the query from the server, generating fourth data by decrypting the third data using a secret key corresponding to the public key, and outputting the fourth data.

Abstract: A method for managing data by an electronic device is provided. The method includes receiving first data inputted from a user, generating second data by encrypting the first data using a public key, generating a query comprising the second data, transmitting the query to a server, receiving third data corresponding to the query from the server, generating fourth data by decrypting the third data using a secret key corresponding to the public key, and outputting the fourth data.

Abstract: Provided are identifier (ID)-based encryption and decryption methods and apparatuses for the methods. The ID-based encryption method includes having, at a transmitting terminal, a transmitting-side private key corresponding to a transmitting-side ID issued by a key issuing server, generating, at the transmitting terminal, a session key using the transmitting-side ID, a receiving-side ID, and the transmitting-side private key, extracting, at the transmitting terminal, a secret key from at least a part of the session key, and encrypting, at the transmitting terminal, a message using a previously set encryption algorithm and the secret key.

Abstract: Provided are an identity (ID)-based encryption and signature method and a terminal that use an ID of a transmitter or a receiver as a part of the filename or the extension of a file transmitted to the receiver by the transmitter. Accordingly, it is possible to enable a user to visually recognize that the file has been provided with security. Also, it is possible to designate an associated program for the extension, and the user can easily decrypt or verify the file through the designated associated program.

Abstract: A homomorphic encryption method using ring isomorphism is provided. The homomorphic encryption method includes: randomizing a plaintext (m) by adding an error (e) to the plaintext (m); and converting randomized data (r) to r? using the following equation: ?:R?R?, where r?R, r??R?, and the function (?) is ring isomorphism.

Abstract: A method and apparatus for computing a discrete logarithm using a pre-computation table are provided. The method includes previously generating the pre-computation table consisting of chains of function values obtained by applying an iterating function to a predetermined number of initial values having a generator of the cyclic group as a base and having different exponents; and if a function value obtained by applying the iterating function to a value having a target element as a base and having an exponent is identical to a function value stored in the pre-computation table, computing the discrete logarithm of the target element by using exponent information of the two function values.

Abstract: Disclosed herein are a private key generation apparatus and method, and storage media storing programs for executing the methods on a computer. The private key generation apparatus includes a root private key generation unit and a sub-private key generation unit. The root private key generation unit sets a root master key and predetermined parameters capable of generating private keys, and generates a first sub-master key set capable of generating a number of private keys equal to or smaller than a preset limited number. The sub-private key generation unit generates private keys with the root private key generation unit by receiving the first sub-master key set from the root private key generation unit, to generate a private key corresponding to a user ID using the first sub-master key set, and issues the private key to a user.

Abstract: Provided are an identity (ID)-based encryption and signature method and a terminal that use an ID of a transmitter or a receiver as a part of the filename or the extension of a file transmitted to the receiver by the transmitter. Accordingly, it is possible to enable a user to visually recognize that the file has been provided with security. Also, it is possible to designate an associated program for the extension, and the user can easily decrypt or verify the file through the designated associated program.

Abstract: Provided are identifier (ID)-based encryption and decryption methods and apparatuses for the methods. The ID-based encryption method includes having, at a transmitting terminal, a transmitting-side private key corresponding to a transmitting-side ID issued by a key issuing server, generating, at the transmitting terminal, a session key using the transmitting-side ID, a receiving-side ID, and the transmitting-side private key, extracting, at the transmitting terminal, a secret key from at least a part of the session key, and encrypting, at the transmitting terminal, a message using a previously set encryption algorithm and the secret key.

Abstract: Disclosed herein are a private key generation apparatus and method, and storage media storing programs for executing the methods on a computer. The private key generation apparatus includes a root private key generation unit and a sub-private key generation unit. The root private key generation unit sets a root master key and predetermined parameters capable of generating private keys, and generates a first sub-master key set capable of generating a number of private keys equal to or smaller than a preset limited number. The sub-private key generation unit generates private keys with the root private key generation unit by receiving the first sub-master key set from the root private key generation unit, to generate a private key corresponding to a user ID using the first sub-master key set, and issues the private key to a user.

Abstract: A method and apparatus for computing a discrete logarithm using a pre-computation table are provided. The method includes previously generating the pre-computation table consisting of chains of function values obtained by applying an iterating function to a predetermined number of initial values having a generator of the cyclic group as a base and having different exponents; and if a function value obtained by applying the iterating function to a value having a target element as a base and having an exponent is identical to a function value stored in the pre-computation table, computing the discrete logarithm of the target element by using exponent information of the two function values.

Abstract: A batch verification apparatus and method wherein, the method includes: generating a plurality of secret keys, a plurality of public keys corresponding to the plurality of secret keys, and a plurality of verification values corresponding to the plurality of public keys; calculating a first batch verification value based on the plurality of verification values; calculating a second batch verification value based on the plurality of secret keys and the plurality of verification values; comparing the first batch verification value and the second batch verification value; and determining that a batch of the received plurality of verification values is verified when the first batch verification value is equal to the second batch verification value.

Abstract: A key calculation method and a shared key generation method, the key calculation method including: generating two keys to perform a key calculation; calculating a first value based on coefficients having an identical coefficient value among coefficients included in each of the two keys; and performing a coordinates operation or an exponentiation operation based on the first value, wherein the calculating of the first value is performed with respect to each of coefficient values included in the two keys, excluding 0.

Abstract: A fast batch verification method and apparatus are provided. In the method of batch-verifying a plurality of exponentiations, (a) a predetermined bit value t is set to an integer equal to or greater than 1; (b) a maximum Hamming weight k is set to an integer equal to or greater than 0 and less than or equal than the predetermined bit value t; (c) n verification exponents si are randomly selected from a set of verification exponents S (n is an integer greater than 1, i is an integer such that 1?i?n), where the set of verification exponents S include elements whose bit values are less than or equal to the predetermined bit value t and to which a Hamming weight less than or equal to the maximum Hamming weight k is allocated; (d) a value of verification result is computed by a predetermined verification formula; and (e) the verification of the signatures is determined to be passed when the value of verification result satisfies a pre-determined pass condition.

Abstract: A method for generating, operating, and using a sparse w-NAF key for encryption is disclosed. The method for generating a key comprises generating a string of a number of coefficients, in which at most one coefficient, excluding 0, among a consecutive w number of coefficients, corresponds to a positive odd integer equal to or less than 2w (w being a natural number equal to or more than 2); and outputting the generated string as a key. Accordingly, an encryption is executed through an exponential operation or scalar multiplication using a sparse w-NAF key having the scarce coefficients, excluding 0, such that an encryption pace is improved.

Abstract: A user key management method for a broadcast encryption includes assigning node path identifiers (IDs) to nodes arranged in sequence; assigning random seed value keys to the nodes according to the node path IDs; generating key values by repeatedly applying a hash function to the assigned random seed value keys; and assigning the generated key values to the nodes in sequence. Accordingly, it is possible to reduce the transmission overhead that is most important matter in the broadcast encryption to less than the number of the revoked users. Further, there is an advantage that the transmission overhead of the exemplary embodiments of the present invention is remarkably reduced compared with the Subset Difference method.

Abstract: A user key management method for a broadcast encryption includes assigning node path identifiers (IDs) to nodes arranged in sequence; assigning random seed value keys to the nodes according to the node path IDs; generating key values by repeatedly applying a hash function to the assigned random seed value keys; and assigning the generated key values to the nodes in sequence. Accordingly, it is possible to reduce the transmission overhead that is most important matter in the broadcast encryption to less than the number of the revoked users. Further, there is an advantage that the transmission overhead of the exemplary embodiments of the present invention is remarkably reduced compared with the Subset Difference method.