Fujitsu Laboratories announced development of the first encryption technology that can match IDs or attribute values in information sources, such as classified or private data from multiple organizations, that are encrypted with different keys, without decrypting the information. With previous encryption technologies that could search and compute data while still encrypted, encryption and decryption of search results used the same key, creating issues when used among organizations.
Several methods exist for matching IDs and attributes while maintaining confidentiality. One is the hash function, which is a data transformation method widely used for checking whether passwords match, and another is homomorphic encryption, which enables addition, multiplication, and searching of data while it is still encrypted.
With hash functions, it is difficult to restore original data, but the same data is always transformed into the same value, so, when dealing with only a few data types, there is a possibility that the original data can be analogically inferred. With homomorphic encryption, it is necessary for all organizations to use the same encryption key. While search results are encrypted, the key necessary to decrypt the search results can also decrypt all of the data, so it is necessary to strictly manage the key. Therefore, there has been a need for safer encryption technology for matching data shared among multiple organizations.
Fujitsu Laboratories and Fujitsu Laboratories of America have now developed the world's first encryption technology that enables the matching of data from different organizations while still encrypted.
Based on the theory of relational cryptography, a concept devised by Fujitsu Laboratories of America that calculates the degree to which encrypted information matches, Fujitsu Laboratories and Fujitsu Laboratories of America developed technology that can determine a match between text strings encrypted with different encryption keys. With this technology, registered strings and search strings are encrypted with the encryption key of each organization. A registered string can be compared with the search string to see if they correspond while still encrypted, on a cloud server used for matching. The strings are encrypted with a one-way function which has similar effects to a hash function, so they cannot be decrypted even with the keys used to encrypt them. The matching results are also encrypted, and can only be seen by a person holding a dedicated match key.
Fujitsu Laboratories and Fujitsu Laboratories of America have developed a technology that can flexibly control match permissions in the cloud, with which the match key for confirming match results is created from specific keys (pre-match keys) transmitted to the cloud for both data providers and the person performing the search. The data provider creates rules governing which people can conduct matching, and can create and manage match keys for pairings of providers and searchers in the cloud on the basis of these rules.
In internal tests conducted by Fujitsu Laboratories, it was confirmed that one pair of text strings could be matched in 0.02 of a second using a typical PC.
By applying this technology to genetic data or other medical data, for example, medical research institutes or pharmaceutical companies could see whether the information they need is included in a registered database while keeping patient data anonymized. Such applications are expected to support the diagnosis of rare diseases and create efficiencies in new drug discoveries.
This technology will be exhibited at Fujitsu North America Technology Forum 2016 (NATF 2016), which will be held in Santa Clara,
Fujitsu Laboratories will work on compressing the data size and accelerating the speed of this technology, with the aim of bringing it into practical implementation in fiscal 2016.