Abstract: Plurality of users share a common key while permitting change of members sharing the common key and computational complexity required for key exchange is reduced. Ri and ci are computed based on a twisted pseudo-random function in a first key generation step. sid is generated based on a target-collision resistant hash function and (sid, R?, R?) is transmitted to communication devices Ui in a session ID generation step. T1 and T? are computed based on a pseudo-random function in a representative second key generation step. Tj is computed based on the pseudo-random function in a general second key generation step. k? is computed based on the twisted pseudo-random function and T?j is computed with respect to each j in a third key generation step. K1l and k1 are computed in a first session key generation step. A common key K2 is generated based on the pseudo-random function in a second session key generation step.

Abstract: A key exchange technique of performing a key exchange among N (?2) parties, which can conceal metadata on communication, is provided. A key exchange method includes: a first key generation step in which a communication device Ui generates a first key; a first anonymous broadcast step in which the communication device U; anonymously broadcasts the first key with a set R-{Ui} being designated for i?{1, . . . , n} and the communication device Ui anonymously broadcasts the first key with ? being designated for i?{n+1, . . . , N}; a second key generation step in which the communication device Ui generates a second key; a second anonymous broadcast step in which the communication device Ui anonymously broadcasts the second key with the set R-{Ui} being designated for i?{1, . . . , n} and the communication device Ui anonymously broadcasts the second key with ? being designated for i?{n+1, . . . , N}; and a session key generation step in which the communication device Ui generates a session key SK for i?{1, . . .

Abstract: A communication device includes a signature encryption unit that encrypts input information with a secret key and transmits the information to a server device if the communication device belongs to a group, and a signature decryption unit that downloads, from the server device, encrypted n?1 pieces of the input information transmitted from other communication devices and decrypts the encrypted n?1 pieces of input information with the secret key if the communication device belongs to a group. The communication device transmits session key generation information to the server device via the signature encryption unit, generates a session key using n?1 pieces of session key generation information acquired via the signature decryption unit and session key generation information of the communication device, transmits a cipher text encrypted with the session key via the signature encryption unit to the server device, and decrypts n?1 cipher texts acquired via the signature decryption unit with the session key.

Abstract: A key distribution system includes a representative user terminal 2p, a server apparatus 3, and an (n+1)-th user terminal 2n+1. The representative user terminal 2p uses a public key for the (n+1)-th user terminal 2n+1 and information for identifying the (n+1)-th user terminal 2n+1 to encrypt key information with a predetermined encryption function in Certificate-less Encryption to obtain ciphertext. The server apparatus 3 sends the ciphertext to the (n+1)-th user terminal 2n+1 when the (n+1)-th user terminal 2n+1 is added. The (n+1)-th user terminal 2n+1 uses a complete secret key for the (n+1)-th user terminal 2n+1 and the information for identifying the (n+1)-th user terminal 2n+1 to decrypt the ciphertext with a predetermined decryption function to obtain the key information.

Abstract: Plurality of users share a common key while permitting change of members sharing the common key and computational complexity required for key exchange is reduced. Ri and ci are computed based on a twisted pseudo-random function in a first key generation step. sid is generated based on a target-collision resistant hash function and (sid, R?, R?) is transmitted to communication devices Ui in a session ID generation step. T1 and T? are computed based on a pseudo-random function in a representative second key generation step. Tj is computed based on the pseudo-random function in a general second key generation step. k? is computed based on the twisted pseudo-random function and T?j is computed with respect to each j in a third key generation step. K11 and k1 are computed in a first session key generation step. A common key K2 is generated based on the pseudo-random function in a second session key generation step.

Abstract: Plurality of users share a common key while permitting change of members sharing the common key and computational complexity required for key exchange is reduced. Ri and ci are computed based on a twisted pseudo-random function in a first key generation step. sid is generated based on a target-collision resistant hash function and (sid, R?, R?) is transmitted to communication devices Ui in a session ID generation step. T1 and T? are computed based on a pseudo-random function in a representative second key generation step. Tj is computed based on the pseudo-random function in a general second key generation step. k? is computed based on the twisted pseudo-random function and T?j is computed with respect to each j in a third key generation step. K11 and k1 are computed in a first session key generation step. A common key K2 is generated based on the pseudo-random function in a second session key generation step.

Abstract: A communication device includes a signature encryption unit that encrypts input information with a secret key and transmits the information to a server device if the communication device belongs to a group, and a signature decryption unit that downloads, from the server device, encrypted n?1 pieces of the input information transmitted from other communication devices and decrypts the encrypted n?1 pieces of input information with the secret key if the communication device belongs to a group. The communication device transmits session key generation information to the server device via the signature encryption unit, generates a session key using n?1 pieces of session key generation information acquired via the signature decryption unit and session key generation information of the communication device, transmits a cipher text encrypted with the session key via the signature encryption unit to the server device, and decrypts n?1 cipher texts acquired via the signature decryption unit with the session key.

Abstract: A key exchange technique of performing a key exchange among N (?2) parties, which can conceal metadata on communication, is provided. A key exchange method includes: a first key generation step in which a communication device Ui generates a first key; a first anonymous broadcast step in which the communication device Ui anonymously broadcasts the first key with a set R?{Ui} being designated for i?{1, . . . , n} and the communication device Ui anonymously broadcasts the first key with ? being designated for i?{n+1, . . . , N}; a second key generation step in which the communication device Ui generates a second key; a second anonymous broadcast step in which the communication device Ui anonymously broadcasts the second key with the set R?{Ui} being designated for i?{1, . . . , n} and the communication device Ui anonymously broadcasts the second key with ? being designated for i?{n+1, . . . , N}; and a session key generation step in which the communication device Ui generates a session key SK for i?{1, . . .

Abstract: Plurality of users share a common key while permitting change of members sharing the common key and computational complexity required for key exchange is reduced. Ri and ci are computed based on a twisted pseudo-random function in a first key generation step. sid is generated based on a target-collision resistant hash function and (sid, R?, R?) is transmitted to communication devices Ui in a session ID generation step. T1 and T? are computed based on a pseudo-random function in a representative second key generation step. Tj is computed based on the pseudo-random function in a general second key generation step. k? is computed based on the twisted pseudo-random function and T?j is computed with respect to each j in a third key generation step. K11 and k1 are computed in a first session key generation step. A common key K2 is generated based on the pseudo-random function in a second session key generation step.

Abstract: A key distribution system includes a representative user terminal 2p, a server apparatus 3, and an (n+1)-th user terminal 2n+1. The representative user terminal 2p uses a public key for the (n+1)-th user terminal 2n+1 and information for identifying the (n+1)-th user terminal 2n+1 to encrypt key information with a predetermined encryption function in Certificate-less Encryption to obtain ciphertext. The server apparatus 3 sends the ciphertext to the (n+1)-th user terminal 2n+1 when the (n+1)-th user terminal 2n+1 is added. The (n+1)-th user terminal 2n+1 uses a complete secret key for the (n+1)-th user terminal 2n+1 and the information for identifying the (n+1)-th user terminal 2n+1 to decrypt the ciphertext with a predetermined decryption function to obtain the key information.

Abstract: Plurality of users share a common key while permitting dynamic member change and computational complexity required for key exchange is reduced. The first key generation unit 212 of the communication devices Ui computes Ri and ci, or ci based on a twisted pseudo-random function. A session ID generation unit 113 of a key distribution device S generates sid based on a target-collision resistant hash function and transmits sid to the communication devices Ui. A second key generation unit 214 of the communication devices Ui computes Ti based on a pseudo-random function. A third key generation unit 115 of the key distribution device S computes k? and T?i based on the twisted pseudo-random function. A session key generation unit 217 of the communication devices Ui generates the common key K2 based on a pseudo-random function.

Abstract: Plurality of users share a common key while permitting dynamic member change and computational complexity required for key exchange is reduced. The first key generation unit computes Ri and ci based on a twisted pseudo-random function. A session ID generation unit generates sid based on a target-collision resistant hash function and transmits (sid, R?, R?) to communication devices Ui. A second key generation unit of a representative communication device U1 computes T1 based on a pseudo-random function. A second key generation unit of general communication devices Uj computes Tj based on the pseudo-random function. A third key generation unit computes k? based on the twisted pseudo-random function and computes T?j with respect to each j. A session key generation unit of the general communication devices Uj computes Kjl and k1. The session key generation unit generates a common key K2 based on the pseudo-random function.

Abstract: Plurality of users share a common key while permitting dynamic member change and computational complexity required for key exchange is reduced. The first key generation unit computes Ri and ci based on a twisted pseudo-random function. A session ID generation unit generates sid based on a target-collision resistant hash function and transmits (sid, R?, R?) to communication devices Ui. A second key generation unit of a representative communication device U1 computes T1 based on a pseudo-random function. A second key generation unit of general communication devices Uj computes Tj based on the pseudo-random function. A third key generation unit computes k? based on the twisted pseudo-random function and computes T?j with respect to each j. A session key generation unit of the general communication devices Uj computes Kjl and k1. The session key generation unit generates a common key K2 based on the pseudo-random function.

Abstract: Plurality of users share a common key while permitting dynamic member change and computational complexity required for key exchange is reduced. The first key generation unit 212 of the communication devices Ui computes Ri and ci, or ci based on a twisted pseudo-random function. A session ID generation unit 113 of a key distribution device S generates sid based on a target-collision resistant hash function and transmits sid to the communication devices Ui. A second key generation unit 214 of the communication devices Ui computes Ti based on a pseudo-random function. A third key generation unit 115 of the key distribution device S computes k? and T?i based on the twisted pseudo-random function. A session key generation unit 217 of the communication devices Ui generates the common key K2 based on a pseudo-random function.