Abstract: The present invention makes it possible, in encrypted data verification, to avoid the leaking of information related to the original plaintext, thereby ensuring safety. The system of the present invention is provided with: means (103 in FIG. 1) for generating first and second auxiliary data for verifying whether or not the Hamming distance of a plaintext between a first encrypted data in which input data is encrypted and is recorded in a storage device, and a second encrypted data obtained by encrypting input data of a target to be checked is equal to or less than a predetermined value; and means (402 and 403 in FIG. 1) for taking the difference between the first encrypted data recorded in the storage device, and the second encrypted data, and determining, using the first and second auxiliary data, whether or not the Hamming distance of the plaintext corresponding to the difference between the first encrypted data and the second encrypted data is equal to or less than the predetermined value.

Abstract: An encrypted text matching system includes: an auxiliary data generating unit that generates first and second auxiliary data, which are for verification of matching between a first encrypted text that is obtained by encrypting input data and is registered with a storage device and a second encrypted text that is obtained by encrypting input data to be matched, the verification being performed by using a Hamming distance between plaintexts; and a matching determining unit that performs one-way conversion on at least part of the second auxiliary data, performs one-way conversion on intermediate data that is generated based on a difference between the first encrypted text and the second encrypted text and on the first auxiliary data, and determines whether a Hamming distance between plaintexts is equal to or less than a predetermined value, the Hamming distance corresponding to the difference between the first and second encrypted text.

Abstract: In order to provide a server device and the like that are capable of quickly extracting data without need for a client that performs a query of search processing to have a secret key. A server device includes: data storage unit that stores concealed registration data including distribution information of registration data distributed by secret sharing scheme and a ciphertext of the registration data encrypted by searchable encryption; token calculation unit that generates a token for data search of the searchable encryption by communicating with an external server device and performs secret computation by using a search query and the distribution information; and data search unit that performs data search from the token for data search received from the token calculation unit and the concealed registration data acquired from the data storage unit, and outputs a search result.

Abstract: An encrypted text matching system includes: an auxiliary data generating unit that generates first and second auxiliary data, which are for verification of matching between a first encrypted text that is obtained by encrypting at least one of a plurality of data segments into which input data is divided by segmenting unit and that is registered with a storage device and a second encrypted text that is obtained by encrypting at least one of a plurality of data segments into which input data to be matched is divided by segmenting unit, the verification being performed by using a Hamming distance between plaintexts; and a matching determining unit that takes a difference between the first and second encrypted text, and determines whether a Hamming distance between plaintexts that corresponds to the difference between the first and second encrypted text is equal to or less than a predetermined certain value.

Abstract: In a data registration phase, encrypted data is calculated by encrypting input data to be concealed by using a secret key, registration data is generated based on the encrypted data and a verification key, and the registration data is stored as a registration template in a storage unit together with an identifier for uniquely identifying the registration data. In an encrypted text verification phase, a data verifying request is generated in which input data to be verified has been encrypted by using a random number, the registration template stored in the storage unit and the data verifying request are verified to produce a determined result, a verified result including a part or all of the registration template corresponding to the determined result is produced, and data is restored based on the verified result to produce a restored result.

Abstract: An acquisition unit (2020) acquires a plaintext block sequence and a first cryptographic key. The plaintext block sequence is constituted by a plurality of plaintext blocks. A second-cryptographic-key generation unit (2040) generates a second cryptographic key. A third-cryptographic-key generation unit (2060) generates a third cryptographic key. The third cryptographic key is calculated as exclusive OR between the first cryptographic key and a portion or the entirety of the second cryptographic key. A counter mode encryption unit (2080) encrypts the plaintext block sequence using the third cryptographic key as a cryptographic key, and generates a cryptographic block sequence. A block cryptography using a counter mode as block cipher mode of operation is used in encryption. A key block generation unit (2100) generates a key block. The key block is calculated as exclusive OR between the second cryptographic key and respective blocks of the cryptographic block sequence.

Abstract: In the present invention, scope search can be effectively performed in a database having encrypted registration information. A plurality of values, first identification information to identify the plurality of values, and a key are accepted as input. A value group is generated from the plurality of values. The value group is treated as a word group, and a secure index is generated from the word group, the first identification information, and the key. On the basis of a value to be retrieved and a key, trapdoor information for the value to be retrieved is generated. With respect to the generated secure index, a secure index assessment process is performed using the trapdoor information. When the value to be retrieved is assessed to be contained in the secure index as a result of the assessment process, second identification information to identify the secure index is output.

Abstract: A system includes a first bit string position permutation unit to perform position permutation of an input first bit string; a template generation unit to perform an exclusive OR operation of a bit string resulting from the position permutation of the first bit string and a code word of a binary linear code and generate auxiliary data; a second bit string position permutation unit to perform same position permutation of an input second bit string; and a bit string collation unit to verify that a hamming distance between position permutation result of the second and second bit strings is not more than a predetermined value.

Abstract: Provided a database apparatus comprising a control means to execute data access control on a database, wherein the control means, receiving a database operation command from a user apparatus, comprises, regarding data and/or metadata to be handled associated with the database operation command, means for executing database operation or computation on encrypted data and/or encrypted metadata as is in ciphertext and means for executing database operation or computation on plaintext data and/or plaintext metadata, and the control means sends a processing result to the user apparatus.

Abstract: A user apparatus connected to database apparatus via network comprises: unit that manages key information in order to encrypt and decrypt; storage unit that stores security configuration information of data and/or metadata; application response unit that determines whether or not encryption is necessary for database operation command, and if encryption is necessary, selects encryption algorithm corresponding to data and/or metadata, performs encryption, and transmits result to database control unit to cause database control unit to execute database operation, if encryption is not necessary, transmits database operation command to database control unit to cause database control unit to execute database operation, and receives processing result transmitted by database control unit, and if decryption or conversion of data and/or metadata of processing result is necessary, performs necessary decryption or conversion, and returns response to database operation command; and security configuration unit that configur

Abstract: An encrypted text matching system includes: an auxiliary data generating unit that generates first and second auxiliary data, which are for verification of matching between a first encrypted text that is obtained by encrypting at least one of a plurality of data segments into which input data is divided by segmenting unit and that is registered with a storage device and a second encrypted text that is obtained by encrypting at least one of a plurality of data segments into which input data to be matched is divided by segmenting unit, the verification being performed by using a Hamming distance between plaintexts; and a matching determining unit that takes a difference between the first and second encrypted text, and determines whether a Hamming distance between plaintexts that corresponds to the difference between the first and second encrypted text is equal to or less than a predetermined certain value.

Abstract: An information processing apparatus includes: a storage unit that stores a tree structure formed by nodes, each of which is stores identification information identifying a document; and a registration unit that registers documents in the storage unit. The registration unit receives a document including identification information identifying the document and a word set and a key, registers the identification information in a leaf node in the tree structure, and calculates a secure index corresponding to identification information registered in each node from a root node to the leaf node in the tree structure based on the word set and the key. In addition, the registration unit generates a value calculated by adding the calculated secure index as a search index for the document and stores a value calculated by adding a search index generated for each of a plurality of received documents as a search index for the plurality of documents in the storage unit.

Abstract: An encrypted text matching system includes: an auxiliary data generating unit that generates first and second auxiliary data, which are for verification of matching between a first encrypted text that is obtained by encrypting input data and is registered with a storage device and a second encrypted text that is obtained by encrypting input data to be matched, the verification being performed by using a Hamming distance between plaintexts; and a matching determining unit that performs one-way conversion on at least part of the second auxiliary data, performs one-way conversion on intermediate data that is generated based on a difference between the first encrypted text and the second encrypted text and on the first auxiliary data, and determines whether a Hamming distance between plaintexts is equal to or less than a predetermined value, the Hamming distance corresponding to the difference between the first and second encrypted text.

Abstract: An encrypted text matching system includes: an auxiliary data generating unit configured to generate first auxiliary data and second auxiliary data, respectively, which are for verification of matching between a first encrypted text that is obtained by encrypting input data and is registered with a storage device and a second encrypted text that is obtained by encrypting input data to be matched, the verification being performed by using a Hamming distance between plaintexts; and matching determining unit configured to perform one-way conversion on at least part of the first auxiliary data, perform one-way conversion on intermediate data that is generated based on a difference between the first encrypted text and the second encrypted text and on the second auxiliary data, and determine, by using a result of the one-way conversion performed on the intermediate data as well as using the first auxiliary data that underwent the one-way conversion, whether a Hamming distance between plaintexts is equal to or less

Abstract: A system includes a first bit string position permutation unit to perform position permutation of an input first bit string; a template generation unit to perform an exclusive OR operation of a bit string resulting from the position permutation of the first bit string and a code word of a binary linear code and generate auxiliary data; a second bit string position permutation unit to perform same position permutation of an input second bit string; and a bit string collation unit to verify that a hamming distance between position permutation result of the second and second bit strings is not more than a predetermined value.

Abstract: The present invention makes it possible, in encrypted data verification, to avoid the leaking of information related to the original plaintext, thereby ensuring safety. The system of the present invention is provided with: means (103 in FIG. 1) for generating first and second auxiliary data for verifying whether or not the Hamming distance of a plaintext between a first encrypted data in which input data is encrypted and is recorded in a storage device, and a second encrypted data obtained by encrypting input data of a target to be checked is equal to or less than a predetermined value; and means (402 and 403 in FIG. 1) for taking the difference between the first encrypted data recorded in the storage device, and the second encrypted data, and determining, using the first and second auxiliary data, whether or not the Hamming distance of the plaintext corresponding to the difference between the first encrypted data and the second encrypted data is equal to or less than the predetermined value.

Abstract: A user apparatus connected to database apparatus via network comprises: unit that manages key information in order to encrypt and decrypt; storage unit that stores security configuration information of data and/or metadata; application response unit that determines whether or not encryption is necessary for database operation command, and if encryption is necessary, selects encryption algorithm corresponding to data and/or metadata, performs encryption, and transmits result to database control unit to cause database control unit to execute database operation, if encryption is not necessary, transmits database operation command to database control unit to cause database control unit to execute database operation, and receives processing result transmitted by database control unit, and if decryption or conversion of data and/or metadata of processing result is necessary, performs necessary decryption or conversion, and returns response to database operation command; and security configuration unit that configur

Abstract: A secret reconstruction method comprises: receiving (k+?) pairs out of n pairs (ri, fi) each composed of a random number ri and a share fi where ? is a natural number (steps B1-B5); determining if a (k?1) degree polynomial g(x) is reconstructed that satisfies fi=g(ri) for all received pairs (steps B5 and B6); and outputting g(0) as the secret if the polynomial is reconstructed and otherwise outputting a signal indicating that at least one of the received pairs is forged (steps B7 and B8).

Abstract: A user apparatus connected to database apparatus via network comprises: unit that manages key information in order to encrypt and decrypt; storage unit that stores security configuration information of data and/or metadata; application response unit that determines whether or not encryption is necessary for database operation command, and if encryption is necessary, selects encryption algorithm corresponding to data and/or metadata, performs encryption, and transmits result to database control unit to cause database control unit to execute database operation, if encryption is not necessary, transmits database operation command to database control unit to cause database control unit to execute database operation, and receives processing result transmitted by database control unit, and if decryption or conversion of data and/or metadata of processing result is necessary, performs necessary decryption or conversion, and returns response to database operation command; and security configuration unit that configur

Abstract: The encrypted search result adding module of the encrypted search database device includes: a search result generating unit which generates a linear list as a list of search results for newly registered document data; an initial point information generating unit which generates initial point information as address of first data corresponding to a keyword; an initial point information encrypting unit which encrypts and adds/stores generated initial point information with an encryption key; and an encrypted linear list adding unit which generates and adds/stores an encrypted linear list by encrypting the linear list with the encryption key, and stores each keyword and final point information as the address of last data in the encrypted linear list for the keyword as adding information.