Abstract: A key exchange system according to an embodiment includes: a plurality of terminals that perform key exchange; and a server that performs authentication of each of the terminals and mediation of the key exchange, in which the server includes a nonce generation unit that generates a nonce used when the authentication is performed between the server and the terminal by federation using OpenID Connect, a key generation unit that generates a public key and a secret key of token control encryption, a first transmission unit that transmits the nonce and the public key to the terminal, and a decryption unit that decrypts a ciphertext received from the terminal by using the secret key and a token received from the terminal, and the terminal includes an encryption unit that generates a ciphertext obtained by encrypting predetermined data by using the public key and a token generated from the nonce, a second transmission unit that transmits the ciphertext to the server, and a long-term secret string generation unit tha

Abstract: A scalar multiplication system computes a scalar multiplication for a point on an elliptic curve. The scalar multiplication system includes a computer including a memory and a processor configured to execute computing a pre-computation table T including d points eiP having the same Z coordinate in Jacobian coordinates using elliptic curve point addition or elliptic curve point doubling according to a Co—Z method for a point P on the elliptic curve and d integers ei(i?[1, d]); converting a scalar value k into a scalar value k? expressed as k?=k0?20+k1?21+ . . . +kn?1?2n?1 (ki??{0, e1, . . . , ±ed}); and using the pre-computation table T and the scalar value k? to compute a scalar multiplication k?P using the elliptic curve point addition according to the Co—Z method.

Abstract: A communication system includes an information processing device that provides a video conference service; and communication terminals using the service. The information processing device records communication data related to a video conference encrypted and transmitted from each communication terminal in a first storage for the communication terminal; transmits, to the communication terminals, a ciphertext obtained by encrypting an encryption key capable of decoding each item of the communication data recorded in the first storage such that the encryption key can be decoded by the communication terminals; and transmits the communication data recorded in the first storage to the communication terminals.

Abstract: A server device includes a memory and a processor to execute saving an encrypted text of a message generated by encrypting the message with a message key generated from a shared key and a group identifier, by using a message key identifier as an identifier of the message key as a key; saving an encrypted text of the message key generated by encrypting the message key to be re-encryptable by using the shared key, by using the message key identifier as a key; and receiving, after update of the shared key, a re-encryption key from a communication terminal that has generated the re-encryption key by using the shared key and the updated shared key, using the re-encryption key to generate a re-encrypted encrypted text of the message key, and overwriting the encrypted text of the message key before re-encryption with the re-encrypted encrypted text of the message key.

Abstract: An encryption apparatus including a key storage unit that stores a secret key and a public key of public key encryption, and an encryption unit that encrypts communication data using the secret key and the public key.

Abstract: There is provided a chatbot system including a plurality of user terminals, a chatbot, and a chat server. The chatbot includes a memory and a processor configured to create a message from data which is acquired from an external service, receive, as an input, a list including a user ID of a user terminal which has utilization authority for the data, generate a policy-equipped ciphertext by an encryption algorithm of ciphertext policy attribute-based encryption, and transmit the policy-equipped ciphertext to the chat server, and each of the user terminals includes a memory and a processor configured to receive a policy-equipped ciphertext from the chat server and decrypt the policy-equipped ciphertext using an attribute-equipped secret key which is generated on the basis of a user ID of the user terminal.

Abstract: The present invention makes it possible to improve confidentiality. A communication terminal stores a session key shared with other communication terminals (S3). The communication terminal makes a pair of an index generated by using the session key for a character string relating to a message and a message identifier, and transmits it to a server apparatus (S4). The server apparatus stores the pair of the index and the message identifier (S5). The communication terminal generates, when the session key is updated, a re-encryption key with a session key before update and a session key after update (S8). The server apparatus updates, by using the re-encryption key, the stored index to an index generated by using the session key after update (S9). The communication terminal encrypts a search keyword with the session key to generate a search query (S10). The server apparatus extracts a message identifier of which the index matches the search query (S11).

Abstract: Plurality of users share a common key while permitting change of members sharing the common key and computational complexity required for key exchange is reduced. Ri and ci are computed based on a twisted pseudo-random function in a first key generation step. sid is generated based on a target-collision resistant hash function and (sid, R?, R?) is transmitted to communication devices Ui in a session ID generation step. T1 and T? are computed based on a pseudo-random function in a representative second key generation step. Tj is computed based on the pseudo-random function in a general second key generation step. k? is computed based on the twisted pseudo-random function and T?j is computed with respect to each j in a third key generation step. K1l and k1 are computed in a first session key generation step. A common key K2 is generated based on the pseudo-random function in a second session key generation step.

Abstract: To provide a terminal device that can share a session key for use in encryption communication with multiple terminal devices at a certain timing without relying on an existing server device.

Abstract: There is provided a chatbot system including a plurality of user terminals, a chatbot, and a chat server. The chatbot includes a memory and a processor configured to create a message from data which is acquired from an external service, receive, as an input, a list including a user ID of a user terminal which has utilization authority for the data, generate a policy-equipped ciphertext by an encryption algorithm of ciphertext policy attribute-based encryption, and transmit the policy-equipped ciphertext to the chat server, and each of the user terminals includes a memory and a processor configured to receive a policy-equipped ciphertext from the chat server and decrypt the policy-equipped ciphertext using an attribute-equipped secret key which is generated on the basis of a user ID of the user terminal.

Abstract: A key exchange device is provided that includes: a shared secret key storage in which shared secret information mkik which is information different from a secret key of the key exchange device is stored; an authentication information addition unit that generates authentication information ?i, by which authentication is performed and falsification is detected, for key exchange information ei, which is output to the outside, by using the shared secret information mkik; and an authentication information verification unit that receives key exchange information es and authentication information ?s corresponding to the key exchange information es from the outside, verifies the authentication information ?s using the shared secret information mkik, and, if the authentication information ?s is not successfully verified, stops a key exchange, and the shared secret information mkik is a value that is used in a generation process in a key exchange.

Abstract: A key exchange technique of performing a key exchange among N (?2) parties, which can conceal metadata on communication, is provided. A key exchange method includes: a first key generation step in which a communication device Ui generates a first key; a first anonymous broadcast step in which the communication device U; anonymously broadcasts the first key with a set R-{Ui} being designated for i?{1, . . . , n} and the communication device Ui anonymously broadcasts the first key with ? being designated for i?{n+1, . . . , N}; a second key generation step in which the communication device Ui generates a second key; a second anonymous broadcast step in which the communication device Ui anonymously broadcasts the second key with the set R-{Ui} being designated for i?{1, . . . , n} and the communication device Ui anonymously broadcasts the second key with ? being designated for i?{n+1, . . . , N}; and a session key generation step in which the communication device Ui generates a session key SK for i?{1, . . .

Abstract: A communication device includes a signature encryption unit that encrypts input information with a secret key and transmits the information to a server device if the communication device belongs to a group, and a signature decryption unit that downloads, from the server device, encrypted n?1 pieces of the input information transmitted from other communication devices and decrypts the encrypted n?1 pieces of input information with the secret key if the communication device belongs to a group. The communication device transmits session key generation information to the server device via the signature encryption unit, generates a session key using n?1 pieces of session key generation information acquired via the signature decryption unit and session key generation information of the communication device, transmits a cipher text encrypted with the session key via the signature encryption unit to the server device, and decrypts n?1 cipher texts acquired via the signature decryption unit with the session key.

Abstract: With respect to a key distribution system including N terminal devices Ui and a key distribution server used for exchanging a session key, the key distribution system includes an isogeny calculating unit configured to calculate a first public value using a basis of a first torsion subgroup of a predetermined elliptic curve at an odd-numbered terminal device Ui and calculate a second public value using a basis of a second torsion subgroup of the predetermined elliptic curve at an even-numbered terminal device Ui, when N is an even number, a distributing unit configured to distribute the first public value calculated at the odd-numbered terminal device Ui to a terminal device Ui?1 and a terminal device Ui+1, and distribute the second public value calculated at the even-numbered terminal device Ui to a terminal device Ui?1 and a terminal device Ui+1, from the key distribution server, a key generating unit configured to use second public values distributed by the distributing unit to generate the session key at t

Abstract: An encrypted communication is correctly decrypted even when key exchange completion notification is delayed. A key storage (10) stores at least one common key which is shared with another encrypted communication device. A key selecting unit (11) selects an encryption key from the at least one common key stored in the key storage (10). An encrypting unit (12) generates encrypted data by encrypting, by using the encryption key, data to be transmitted to the other encrypted communication device. A transmitting unit (13) transmits, to the other encrypted communication device, the encrypted data with a key index, by which the encryption key is uniquely identified, added thereto. A receiving unit (14) receives the encrypted data with the key index added thereto from the other encrypted communication device. A key obtaining unit (15) obtains, from the at least one common key stored in the key storage (10), a decryption key corresponding to the key index added to the encrypted data.

Abstract: A communication terminal which is capable of reducing load of a server apparatus by reutilizing a message key to be used for encrypting a message is provided.

Abstract: A key distribution system includes a representative user terminal 2p, a server apparatus 3, and an (n+1)-th user terminal 2n+1. The representative user terminal 2p uses a public key for the (n+1)-th user terminal 2n+1 and information for identifying the (n+1)-th user terminal 2n+1 to encrypt key information with a predetermined encryption function in Certificate-less Encryption to obtain ciphertext. The server apparatus 3 sends the ciphertext to the (n+1)-th user terminal 2n+1 when the (n+1)-th user terminal 2n+1 is added. The (n+1)-th user terminal 2n+1 uses a complete secret key for the (n+1)-th user terminal 2n+1 and the information for identifying the (n+1)-th user terminal 2n+1 to decrypt the ciphertext with a predetermined decryption function to obtain the key information.

Abstract: Plurality of users share a common key while permitting change of members sharing the common key and computational complexity required for key exchange is reduced. Ri and ci are computed based on a twisted pseudo-random function in a first key generation step. sid is generated based on a target-collision resistant hash function and (sid, R?, R?) is transmitted to communication devices Ui in a session ID generation step. T1 and T? are computed based on a pseudo-random function in a representative second key generation step. Tj is computed based on the pseudo-random function in a general second key generation step. k? is computed based on the twisted pseudo-random function and T?j is computed with respect to each j in a third key generation step. K11 and k1 are computed in a first session key generation step. A common key K2 is generated based on the pseudo-random function in a second session key generation step.

Abstract: There is provided an encrypted message search technique making it difficult to, at the time of searching for a message in a state of being encrypted, guess content of the search and a result of the search.

Abstract: A server device includes a memory and a processor to execute saving an encrypted text of a message generated by encrypting the message with a message key generated from a shared key and a group identifier, by using a message key identifier as an identifier of the message key as a key; saving an encrypted text of the message key generated by encrypting the message key to be re-encryptable by using the shared key, by using the message key identifier as a key; and receiving, after update of the shared key, a re-encryption key from a communication terminal that has generated the re-encryption key by using the shared key and the updated shared key, using the re-encryption key to generate a re-encrypted encrypted text of the message key, and overwriting the encrypted text of the message key before re-encryption with the re-encrypted encrypted text of the message key.