Abstract: A scalar multiplication system computes a scalar multiplication for a point on an elliptic curve. The scalar multiplication system includes a computer including a memory and a processor configured to execute computing a pre-computation table T including d points eiP having the same Z coordinate in Jacobian coordinates using elliptic curve point addition or elliptic curve point doubling according to a Co—Z method for a point P on the elliptic curve and d integers ei(i?[1, d]); converting a scalar value k into a scalar value k? expressed as k?=k0?20+k1?21+ . . . +kn?1?2n?1 (ki??{0, e1, . . . , ±ed}); and using the pre-computation table T and the scalar value k? to compute a scalar multiplication k?P using the elliptic curve point addition according to the Co—Z method.

Abstract: There is provided a chatbot system including a plurality of user terminals, a chatbot, and a chat server. The chatbot includes a memory and a processor configured to create a message from data which is acquired from an external service, receive, as an input, a list including a user ID of a user terminal which has utilization authority for the data, generate a policy-equipped ciphertext by an encryption algorithm of ciphertext policy attribute-based encryption, and transmit the policy-equipped ciphertext to the chat server, and each of the user terminals includes a memory and a processor configured to receive a policy-equipped ciphertext from the chat server and decrypt the policy-equipped ciphertext using an attribute-equipped secret key which is generated on the basis of a user ID of the user terminal.

Abstract: Plurality of users share a common key while permitting change of members sharing the common key and computational complexity required for key exchange is reduced. Ri and ci are computed based on a twisted pseudo-random function in a first key generation step. sid is generated based on a target-collision resistant hash function and (sid, R?, R?) is transmitted to communication devices Ui in a session ID generation step. T1 and T? are computed based on a pseudo-random function in a representative second key generation step. Tj is computed based on the pseudo-random function in a general second key generation step. k? is computed based on the twisted pseudo-random function and T?j is computed with respect to each j in a third key generation step. K1l and k1 are computed in a first session key generation step. A common key K2 is generated based on the pseudo-random function in a second session key generation step.

Abstract: To provide a terminal device that can share a session key for use in encryption communication with multiple terminal devices at a certain timing without relying on an existing server device.

Abstract: There is provided a chatbot system including a plurality of user terminals, a chatbot, and a chat server. The chatbot includes a memory and a processor configured to create a message from data which is acquired from an external service, receive, as an input, a list including a user ID of a user terminal which has utilization authority for the data, generate a policy-equipped ciphertext by an encryption algorithm of ciphertext policy attribute-based encryption, and transmit the policy-equipped ciphertext to the chat server, and each of the user terminals includes a memory and a processor configured to receive a policy-equipped ciphertext from the chat server and decrypt the policy-equipped ciphertext using an attribute-equipped secret key which is generated on the basis of a user ID of the user terminal.

Abstract: A key exchange technique of performing a key exchange among N (?2) parties, which can conceal metadata on communication, is provided. A key exchange method includes: a first key generation step in which a communication device Ui generates a first key; a first anonymous broadcast step in which the communication device U; anonymously broadcasts the first key with a set R-{Ui} being designated for i?{1, . . . , n} and the communication device Ui anonymously broadcasts the first key with ? being designated for i?{n+1, . . . , N}; a second key generation step in which the communication device Ui generates a second key; a second anonymous broadcast step in which the communication device Ui anonymously broadcasts the second key with the set R-{Ui} being designated for i?{1, . . . , n} and the communication device Ui anonymously broadcasts the second key with ? being designated for i?{n+1, . . . , N}; and a session key generation step in which the communication device Ui generates a session key SK for i?{1, . . .

Abstract: A communication device includes a signature encryption unit that encrypts input information with a secret key and transmits the information to a server device if the communication device belongs to a group, and a signature decryption unit that downloads, from the server device, encrypted n?1 pieces of the input information transmitted from other communication devices and decrypts the encrypted n?1 pieces of input information with the secret key if the communication device belongs to a group. The communication device transmits session key generation information to the server device via the signature encryption unit, generates a session key using n?1 pieces of session key generation information acquired via the signature decryption unit and session key generation information of the communication device, transmits a cipher text encrypted with the session key via the signature encryption unit to the server device, and decrypts n?1 cipher texts acquired via the signature decryption unit with the session key.

Abstract: An encrypted communication is correctly decrypted even when key exchange completion notification is delayed. A key storage (10) stores at least one common key which is shared with another encrypted communication device. A key selecting unit (11) selects an encryption key from the at least one common key stored in the key storage (10). An encrypting unit (12) generates encrypted data by encrypting, by using the encryption key, data to be transmitted to the other encrypted communication device. A transmitting unit (13) transmits, to the other encrypted communication device, the encrypted data with a key index, by which the encryption key is uniquely identified, added thereto. A receiving unit (14) receives the encrypted data with the key index added thereto from the other encrypted communication device. A key obtaining unit (15) obtains, from the at least one common key stored in the key storage (10), a decryption key corresponding to the key index added to the encrypted data.

Abstract: A key distribution system includes a representative user terminal 2p, a server apparatus 3, and an (n+1)-th user terminal 2n+1. The representative user terminal 2p uses a public key for the (n+1)-th user terminal 2n+1 and information for identifying the (n+1)-th user terminal 2n+1 to encrypt key information with a predetermined encryption function in Certificate-less Encryption to obtain ciphertext. The server apparatus 3 sends the ciphertext to the (n+1)-th user terminal 2n+1 when the (n+1)-th user terminal 2n+1 is added. The (n+1)-th user terminal 2n+1 uses a complete secret key for the (n+1)-th user terminal 2n+1 and the information for identifying the (n+1)-th user terminal 2n+1 to decrypt the ciphertext with a predetermined decryption function to obtain the key information.

Abstract: Plurality of users share a common key while permitting change of members sharing the common key and computational complexity required for key exchange is reduced. Ri and ci are computed based on a twisted pseudo-random function in a first key generation step. sid is generated based on a target-collision resistant hash function and (sid, R?, R?) is transmitted to communication devices Ui in a session ID generation step. T1 and T? are computed based on a pseudo-random function in a representative second key generation step. Tj is computed based on the pseudo-random function in a general second key generation step. k? is computed based on the twisted pseudo-random function and T?j is computed with respect to each j in a third key generation step. K11 and k1 are computed in a first session key generation step. A common key K2 is generated based on the pseudo-random function in a second session key generation step.

Abstract: There is provided a data sharing technique in which it is possible to update data stored in a server before to such data that is decryptable on the communication terminal side using an updated session key without the data being decrypted on the server side, and a deleted user cannot decrypt the decryptable data. There are included: a generation identifier generation step of a data sharing server generating a generation identifier showing a generation of a group; a session key encryption step of a communication terminal to perform encrypted session key update using the generation identifier received from the data sharing server and a public parameter and a session key recorded in a recording part to generate an encrypted session key, which is a session key encrypted; and an encrypted session key management step of the data sharing server recording the encrypted session key received from the communication terminal to perform encrypted session key update as a currently valid encrypted session key.

Abstract: Plurality of users share a common key while permitting change of members sharing the common key and computational complexity required for key exchange is reduced. Ri and ci are computed based on a twisted pseudo-random function in a first key generation step. sid is generated based on a target-collision resistant hash function and (sid, R?, R?) is transmitted to communication devices Ui in a session ID generation step. T1 and T? are computed based on a pseudo-random function in a representative second key generation step. Tj is computed based on the pseudo-random function in a general second key generation step. k? is computed based on the twisted pseudo-random function and T?j is computed with respect to each j in a third key generation step. K11 and k1 are computed in a first session key generation step. A common key K2 is generated based on the pseudo-random function in a second session key generation step.

Abstract: A communication device includes a signature encryption unit that encrypts input information with a secret key and transmits the information to a server device if the communication device belongs to a group, and a signature decryption unit that downloads, from the server device, encrypted n?1 pieces of the input information transmitted from other communication devices and decrypts the encrypted n?1 pieces of input information with the secret key if the communication device belongs to a group. The communication device transmits session key generation information to the server device via the signature encryption unit, generates a session key using n?1 pieces of session key generation information acquired via the signature decryption unit and session key generation information of the communication device, transmits a cipher text encrypted with the session key via the signature encryption unit to the server device, and decrypts n?1 cipher texts acquired via the signature decryption unit with the session key.

Abstract: An encrypted communication is correctly decrypted even when key exchange completion notification is delayed. A key storage (10) stores at least one common key which is shared with another encrypted communication device. A key selecting unit (11) selects an encryption key from the at least one common key stored in the key storage (10). An encrypting unit (12) generates encrypted data by encrypting, by using the encryption key, data to be transmitted to the other encrypted communication device. A transmitting unit (13) transmits, to the other encrypted communication device, the encrypted data with a key index, by which the encryption key is uniquely identified, added thereto. A receiving unit (14) receives the encrypted data with the key index added thereto from the other encrypted communication device. A key obtaining unit (15) obtains, from the at least one common key stored in the key storage (10), a decryption key corresponding to the key index added to the encrypted data.

Abstract: There is provided a data sharing technique in which it is possible to update data stored in a server before to such data that is decryptable on the communication terminal side using an updated session key without the data being decrypted on the server side, and a deleted user cannot decrypt the decryptable data. There are included: a generation identifier generation step of a data sharing server generating a generation identifier showing a generation of a group; a session key encryption step of a communication terminal to perform encrypted session key update using the generation identifier received from the data sharing server and a public parameter and a session key recorded in a recording part to generate an encrypted session key, which is a session key encrypted; and an encrypted session key management step of the data sharing server recording the encrypted session key received from the communication terminal to perform encrypted session key update as a currently valid encrypted session key.

Abstract: A key exchange technique of performing a key exchange among N (?2) parties, which can conceal metadata on communication, is provided. A key exchange method includes: a first key generation step in which a communication device Ui generates a first key; a first anonymous broadcast step in which the communication device Ui anonymously broadcasts the first key with a set R?{Ui} being designated for i?{1, . . . , n} and the communication device Ui anonymously broadcasts the first key with ? being designated for i?{n+1, . . . , N}; a second key generation step in which the communication device Ui generates a second key; a second anonymous broadcast step in which the communication device Ui anonymously broadcasts the second key with the set R?{Ui} being designated for i?{1, . . . , n} and the communication device Ui anonymously broadcasts the second key with ? being designated for i?{n+1, . . . , N}; and a session key generation step in which the communication device Ui generates a session key SK for i?{1, . . .

Abstract: Plurality of users share a common key while permitting change of members sharing the common key and computational complexity required for key exchange is reduced. Ri and ci are computed based on a twisted pseudo-random function in a first key generation step. sid is generated based on a target-collision resistant hash function and (sid, R?, R?) is transmitted to communication devices Ui in a session ID generation step. T1 and T? are computed based on a pseudo-random function in a representative second key generation step. Tj is computed based on the pseudo-random function in a general second key generation step. k? is computed based on the twisted pseudo-random function and T?j is computed with respect to each j in a third key generation step. K11 and k1 are computed in a first session key generation step. A common key K2 is generated based on the pseudo-random function in a second session key generation step.

Abstract: A server sends a key update request for requesting updating of the key, to a client terminal. The client terminal sends, to a key delivery server, a key delivery request for requesting the delivery of a key to the client terminal. The key delivery server delivers a key to the client terminal. The client terminal sends, to the server, a key reception notice indicating that the delivered key was received. The server sends, to the client terminal, a key-use start notice indicating that the client terminal starts data transmission and reception by using the delivered key with a different client terminal from the aforementioned client terminal. The client terminal performs data transmission and reception with the different client terminal by using the delivered key.

Abstract: A key distribution system includes a representative user terminal 2p, a server apparatus 3, and an (n+1)-th user terminal 2n+1. The representative user terminal 2p uses a public key for the (n+1)-th user terminal 2n+1 and information for identifying the (n+1)-th user terminal 2n+1 to encrypt key information with a predetermined encryption function in Certificate-less Encryption to obtain ciphertext. The server apparatus 3 sends the ciphertext to the (n+1)-th user terminal 2n+1 when the (n+1)-th user terminal 2n+1 is added. The (n+1)-th user terminal 2n+1 uses a complete secret key for the (n+1)-th user terminal 2n+1 and the information for identifying the (n+1)-th user terminal 2n+1 to decrypt the ciphertext with a predetermined decryption function to obtain the key information.

Abstract: Plurality of users share a common key while permitting dynamic member change and computational complexity required for key exchange is reduced. The first key generation unit 212 of the communication devices Ui computes Ri and ci, or ci based on a twisted pseudo-random function. A session ID generation unit 113 of a key distribution device S generates sid based on a target-collision resistant hash function and transmits sid to the communication devices Ui. A second key generation unit 214 of the communication devices Ui computes Ti based on a pseudo-random function. A third key generation unit 115 of the key distribution device S computes k? and T?i based on the twisted pseudo-random function. A session key generation unit 217 of the communication devices Ui generates the common key K2 based on a pseudo-random function.