Cloud computing networks transmit private or confidential information to the server to process, which demands higher security than current systems that use symmetric and public key encryption to maintain network security.
NTT and Mitsubishi Electric have successfully developed a new fine-grained encryption scheme with the most advanced logic as an encryption-decryption mechanism. This scheme, developed using a mathematical approach called the "dual pairing vector spaces," will allow network users to maintain highly confidential information encrypted even in cloud computing environments.
The field of cryptography has recently seen wide use of "bilinear groups" on an elliptic curve, in applications such as ID based encryption, fine-grained encryption and others. By using a direct product of bilinear groups, it is possible to construct "dual pairing vector spaces" with a richer algebraic structure than that of a bilinear group itself. Because of this property, rich cryptographic "trapdoors" can now be realized. NTT and Mitsubishi Electric introduced the concept of "Dual pairing vector spaces" in 2009, and today's new encryption scheme has been constructed by using the vector spaces.
The two companies now plan to study how to efficiently implement and utilize this scheme for various applications.
Main features of the new fine-grained encryption scheme
1. Achieving the most general logic
For the past few years, fine-grained encryption has attracted many researchers in the field of cryptography. The new, fine-grained encryption scheme by the two companies achieves the most advanced logic that comprehends those of the existing fine-grained encryption schemes. This logic can be realized by comprising AND, OR, NOT and threshold gates.
One of the most significant achievements is that the NOT gate is now available, allowing cloud computing systems to manage databases easily and flexibly in cases of change in user attributes and other information.
2. Available to a variety of applications
In fine-grained encryption, a variety of parameters are added to the ciphertext and decryption key in the encryption-decryption logic. In this logic, attributes and predicates on them become the parameter of the ciphertext or decryption key. The newly developed encryption scheme is available to a variety of applications because it is capable of being used in either of the following forms: (1) attributes as the parameter of the decryption key, predicates as that of the ciphertext, and (2) attributes as the parameter of the ciphertext, predicates as that of the decryption key.
In case (1), various access conditions will be set in detail for each encrypted data in a cloud computing database, and a user will be able to decrypt and access the data by using the decryption key when the attributes of the decryption key satisfy the pre-set predicates in the ciphertext. Applications include confidential document management systems in firms, as well as personal information database management by public organizations. For confidential document management systems in firms, for example, each document will be set by a predicate that describes the attributes of users allowed to decrypt the encrypted document. The document and its predicate as a set will then be encrypted and placed in a cloud computing database. The encrypted document will only be able to be decrypted and accessed by an employee who has a decryption key associated with some attributes, when the decryption keys attributes satisfy the predicate pre-set in the encrypted document.
Meanwhile, in case (2), data and attributes will be encrypted as a set when it is managed by the cloud computing system, and each user can only decrypt and read the data if the attributes of the encrypted data satisfy the predicate in the decryption key. Applications include content distribution as well as database management in finance or medical fields. In the content distribution, for example, content providers will encrypt contents like animation, films and others with its attributes and place the encrypted contents in a cloud computing database. The audience will then view the contents by decrypting it using the decryption key when the contents' attributes satisfy the decryption keys predicates.