Matrix and key generation device, matrix and key generation system, matrix coupling device, matrix and key generation method, and program

Abstract

A vector generation unit generates a vector x.sub.n so that x.sub.n[i]x.sub.n[j] if k.sub.n[i]=k.sub.n[j] at ij. A set generation unit generates a set B.sub.n,j so that individual elements correspond to combinations of the N1 pieces of elements, which are individually selected from sets M.sub.0, . . . , M.sub.N1 other than a set M.sub.n, and x.sub.n[j] and the elements for all of the combinations are included. A matrix generation unit generates a matrix T.sub.n so that the matrix T.sub.n includes rows identical to T.sub.n[j] in the number equal to the number of elements of the set B.sub.n,j. A key generation unit generates a vector k.sub.n so that elements of the matrix T.sub.n which correspond to a row identical to T.sub.n[j] correspond to combinations of k.sub.n[j] and elements of the set B.sub.n,j and further, the elements of the set B.sub.n,j are different from each other when there are a plurality of rows identical to T.sub.n[j].

Claims

1. A matrix coupling device which constitutes a matrix coupling system in which secure computation is performed among three or more matrix coupling devices which are mutually connected via a network and which each include a matrix and key generation device respectively, the matrix coupling device comprising: the respective matrix and key generation device; and processing circuitry, wherein in a case where there are elements common to all of vectors k.sub.0, . . . , k.sub.N1, the processing circuitry couples corresponding rows of matrices T.sub.0, . . . , T.sub.N1 for each of the common elements to generate one row through secure computation with processing circuitry of other matrix coupling devices so as to generate a matrix of which each element is concealed, wherein N is an integer which is 1 or larger, n is an integer which is between 0 and N1 inclusive, K.sub.n is an integer which is 1 or larger, i and j are integers, T.sub.n is a matrix having K.sub.n rows, k.sub.n is a vector which includes K.sub.n pieces of elements, T.sub.n[j] is a row on a j-th order of the matrix T.sub.n, k.sub.n[j] is an element on a j-th order of the vector k.sub.n, m.sub.n is an upper limit number in which the elements of the vector k.sub.n are duplicated, M.sub.n is a set whose elements are 1, . . . , m.sub.n, and is a sign representing concealed data, the element on the j-th order of the vector k.sub.n is an element corresponding to a row on the j-th order of the matrix T.sub.n, numbers of rows and columns of the matrix T.sub.n, a number of the elements of the vector k.sub.n, and a value m.sub.n are unconcealed information, and each element of the matrix T.sub.n and each of the elements of the vector k.sub.n are concealed among the matrix and key generation devices, the respective matrix and key generation device comprising processing circuitry configured to perform sorting of orders of rows of the matrix T.sub.n and sorting of orders of elements of the vector k.sub.n with respect to each of n=0, . . . , N1 through secure computation with processing circuitry of the other matrix and key generation devices in accordance with the elements of the vector k.sub.n while maintaining correspondence, so as to update matrices T.sub.0, . . . , T.sub.N1 and vectors k.sub.0, k.sub.N1 with the matrices and the vectors after the sorting, perform processing with respect to the matrices T.sub.0, . . . , T.sub.N1 and the updated vectors k.sub.0, . . . , k.sub.N1, generate a vector x.sub.n, of which a number of pieces of elements is K.sub.n and each of the elements is concealed, with respect to each of n=0, . . . , N1 through secure computation with the processing circuitry of other matrix and key generation devices so that x.sub.n[1]=1 and x.sub.n[i]=x.sub.n[i1]+1 if k.sub.n[i1]=k.sub.n[i] and x.sub.n[i]=1 if k.sub.n[i1]k.sub.n[i] with respect to 2iK.sub.n, generate a set B.sub.n,j, of which each element is concealed, with respect to each of n=0, . . . , N1 and each of j=1, . . . , K.sub.n through secure computation with the processing circuitry of the other matrix and key generation devices so that individual elements correspond to combinations of N1 pieces of elements, the N1 pieces of elements being individually selected from sets M.sub.0, . . . , M.sub.N1 other than the set M.sub.n, and x.sub.n[j], and the elements for all of the combinations are included, generate a matrix T.sub.n, of which each element is concealed, with respect to each of n=0, . . . , N1 through secure computation with the processing circuitry of the other matrix and key generation devices, so that rows identical to T.sub.n[j] are included in a number equal to a number of elements of the set B.sub.n,j for all of j=1, . . . , K.sub.n, and generate a vector k.sub.n, of which each element is concealed, with respect to each of n=0, . . . , N1 through secure computation with the processing circuitry of the other matrix and key generation devices, so that an element of the matrix T.sub.n, the element corresponding to a row identical to T.sub.n[j], corresponds to a combination of k.sub.n[j] and an element of the set B.sub.n,j and further, the elements of the set B.sub.n,j are different from each other when there are a plurality of rows identical to T.sub.n[j].

2. A method implemented by a matrix coupling device which constitutes a matrix coupling system in which secure computation is performed among three or more matrix coupling devices which are mutually connected via a network and which each include a matrix and key generation device respectively, the method comprising: in a case where there are elements common to all of vectors k.sub.0, k.sub.N1, coupling corresponding rows of matrices T.sub.0, . . . , T.sub.N1 for each of the common elements to generate one row through secure computation of other matrix coupling devices so as to generate a matrix of which each element is concealed, wherein N is an integer which is 1 or larger, n is an integer which is between 0 and N1 inclusive, K.sub.n is an integer which is 1 or larger, i and j are integers, T.sub.n is a matrix having K.sub.n rows, k.sub.n is a vector which includes K.sub.n pieces of elements, T.sub.n[j] is a row on a j-th order of the matrix T.sub.n, k.sub.n[j] is an element on a j-th order of the vector k.sub.n, m.sub.n is an upper limit number in which the elements of the vector k.sub.n are duplicated, M.sub.n is a set whose elements are 1, . . . , m.sub.n, and is a sign representing concealed data, the element on the j-th order of the vector k.sub.n is an element corresponding to a row on the j-th order of the matrix T.sub.n, numbers of rows and columns of the matrix T.sub.n, a number of the elements of the vector k.sub.n, and a value m.sub.n are unconcealed information, and each element of the matrix T.sub.n and each of the elements of the vector k.sub.n are concealed among the matrix and key generation devices, the method further including, at the respective matrix and key generation device, performing sorting of orders of rows of the matrix T.sub.n and sorting of orders of elements of the vector k.sub.n with respect to each of n=0, . . . , N1 through secure computation with the other matrix and key generation devices in accordance with the elements of the vector k.sub.n while maintaining correspondence, so as to update matrices T.sub.0, . . . , T.sub.N1 and vectors k.sub.0, . . . , k.sub.N1 with the matrices and the vectors after the sorting, performing processing with respect to the matrices T.sub.0, . . . , T.sub.N1 and the updated vectors k.sub.0, . . . , k.sub.N1, generating a vector x.sub.n, of which a number of pieces of elements is K.sub.n and each of the elements is concealed, with respect to each of n=0, . . . , N1 through secure computation with the other matrix and key generation devices so that x.sub.n[1]=1 and x.sub.n[i]=x.sub.n[i1]+1 if k.sub.n[i1]=k.sub.n[i] and x.sub.n[i]=1 if k.sub.n[i1]k.sub.n[i] with respect to 2iK.sub.n, generating a set B.sub.n,j, of which each element is concealed, with respect to each of n=0, . . . , N1 and each of j=1, . . . , K.sub.n through secure computation with the other matrix and key generation devices so that individual elements correspond to combinations of N1 pieces of elements, the N1 pieces of elements being individually selected from sets M.sub.0, . . . , M.sub.N1 other than the set M.sub.n, and x.sub.n[j], and the elements for all of the combinations are included, generating a matrix T.sub.n, of which each element is concealed, with respect to each of n=0, . . . , N1 through secure computation with the other matrix and key generation devices, so that rows identical to T.sub.n[j] are included in a number equal to a number of elements of the set B.sub.n,j for all of j=1, . . . , K.sub.n, and generating a vector k.sub.n, of which each element is concealed, with respect to each of n=0, . . . , N1 through secure computation with the other matrix and key generation devices, so that an element of the matrix T.sub.n, the element corresponding to a row identical to T.sub.n[j], corresponds to a combination of k.sub.n[j] and an element of the set B.sub.n,j and further, the elements of the set B.sub.n,j are different from each other when there are a plurality of rows identical to T.sub.n[j].

Description

BRIEF DESCRIPTION OF THE DRAWINGS

(1) FIG. 1 illustrates a general outline of step computation.

(2) FIG. 2 illustrates a specific example of coupling of matrices.

(3) FIG. 3 illustrates a configuration example of a matrix and key generation system according to the first embodiment.

(4) FIG. 4 illustrates a processing flow of the matrix and key generation system according to the first embodiment and a processing flow of a matrix and key generation device according to the second embodiment.

(5) FIG. 5 illustrates a state that sorting of orders of rows of the matrix T.sub.0 and sorting of orders of elements of the vector k.sub.0 illustrated in FIG. 2 are performed in accordance with the elements of the vector k.sub.0 through secure computation while maintaining correspondence.

(6) FIG. 6 illustrates vectors x.sub.0, x.sub.1, and x.sub.2 which are results of step computation performed with respect to vectors k.sub.0, k.sub.1, and k.sub.2 which are illustrated in FIG. 2 and are in the state that elements are concealed.

(7) FIG. 7 illustrates examples of the matrix T.sub.0, the vector k.sub.0, the matrix T.sub.1, and the vector k.sub.1 in the state that elements are concealed in the case of coupling the matrix T.sub.0 and the matrix T.sub.1 illustrated in FIG. 2.

(8) FIG. 8 illustrates a configuration example of a matrix coupling system according to a modification of the first embodiment.

(9) FIG. 9 illustrates a processing flow of the matrix coupling system according to the modification of the first embodiment.

(10) FIG. 10 illustrates a matrix obtained by coupling the matrix T.sub.0 and the matrix T.sub.1 which are illustrated in FIG. 7.

(11) FIG. 11 illustrates a configuration example of a matrix and key generation device according to the second embodiment and a modification of the second embodiment.

DETAILED DESCRIPTION OF THE EMBODIMENTS

(12) Embodiments according to the present invention will be detailed below. Components having identical functions will be denoted by identical reference numerals and duplicate description will be omitted.

First Embodiment

(13) In the description of the first embodiment, it is assumed that N is an integer and 1N, n is an integer and 0nN1, K.sub.n is an integer and 1K.sub.n, i and j are integers, T.sub.n is a matrix having K.sub.n rows, k.sub.n is a vector which includes K.sub.n pieces of elements, T.sub.n[j] is a row on the j-th order of the matrix T.sub.n, k.sub.n[j] is an element on the j-th order of the vector k.sub.n, m.sub.n is an upper limit number in which the elements of the vector k.sub.n are duplicated, M.sub.n is a set whose elements are 1, . . . , m.sub.n, and is a sign representing concealed data. The j-th element of the vector k is an element corresponding to the j-th row of the matrix T.sub.n. Here, the upper limit number m.sub.n does not have to be a number in which elements of the vector k.sub.n are actually duplicated but may be set to the maximum value in which elements are potentially duplicated.

(14) <Coupling of Matrices>

(15) A matrix expressing a table, a column vector expressing a key of each row of the matrix, and coupling of matrices will be first described. In the coupling of matrices, in the case where there is an element common to all of vectors k.sub.0, . . . , k.sub.N1, rows, which correspond to the common element, of matrices T.sub.0, . . . , T.sub.N1 are coupled to obtain one row. FIG. 2 illustrates a specific example of coupling of matrices. The matrices T.sub.0, T.sub.1, and T.sub.2 are coupling objects. The vectors k.sub.0, k.sub.1, and k.sub.2 are column vectors representing keys. Here, in this application, matrix represents a form for expressing a table and vector represents a form for expressing a key, so that each element of the matrix T.sub.n and the vector k.sub.n does not have to be limited to one numerical value but may be a combination of numerical values, a character string, or the like.

(16) Here, coupling between the matrix T.sub.0 and the matrix T.sub.1 will be considered. The first and fourth elements of the vector k.sub.0 representing keys of the matrix T.sub.0 and the first and second elements of the vector k.sub.1 representing keys of the matrix T.sub.1 are 1, being mutually common. That is, the keys on the first and fourth rows of the matrix T.sub.0 and the keys of the first and second rows of the matrix T.sub.1 are 1, being mutually common. Further, the key on the third row of the matrix T.sub.0 (the third element of the vector k.sub.0) and the keys on the third and fourth rows of the matrix T.sub.1 (the third and fourth elements of the vector k.sub.1) are 3, being mutually common. Accordingly, in a matrix obtained by coupling the matrix T.sub.0 and the matrix T.sub.1, a result obtained by coupling the first row of the matrix T.sub.0 and the first row of the matrix T.sub.1 is on the first row, a result obtained by coupling the first row of the matrix T.sub.0 and the second row of the matrix T.sub.1 is on the second row, a result obtained by coupling the fourth row of the matrix T.sub.0 and the first row of the matrix T.sub.1 is on the third row, a result obtained by coupling the fourth row of the matrix T.sub.0 and the second row of the matrix T.sub.1 is on the fourth row, a result obtained by coupling the third row of the matrix T.sub.0 and the third row of the matrix T.sub.1 is on the fifth row, and a result obtained by coupling the third row of the matrix T.sub.0 and the fourth row of the matrix T.sub.1 is on the sixth row.

(17) Subsequently, coupling of the matrix T.sub.0, the matrix T.sub.1, and the matrix T.sub.2 will be considered. Among elements of the vector k.sub.0 representing keys, elements of the vector k.sub.1 representing keys, and elements of the vector k.sub.2 representing keys, the first and fourth elements of the vector k.sub.0, the first and second elements of the vector k.sub.1, and the first element of the vector k.sub.2 are 1, being mutually common. That is, the keys on the first and fourth rows of the matrix T.sub.0, the keys on the first and second rows of the matrix T.sub.1, and the keys on the first row of the matrix T.sub.2 are 1, being mutually common. Accordingly, in a matrix obtained by coupling the matrix T.sub.0, the matrix T.sub.1, and the matrix T.sub.2, a result obtained by coupling the first row of the matrix T.sub.0, the first row of the matrix T.sub.1, and the first row of the matrix T.sub.2 is on the first row, a result obtained by coupling the first row of the matrix T.sub.0, the second row of the matrix T.sub.1, and the first row of the matrix T.sub.2 is on the second row, a result obtained by coupling the fourth row of the matrix T.sub.0, the first row of the matrix T.sub.1, and the first row of the matrix T.sub.2 is on the third row, and a result obtained by coupling the fourth row of the matrix T.sub.0, the second row of the matrix T.sub.1, and the first row of the matrix T.sub.2 is on the fourth row.

(18) <Configuration and Algorithm>

(19) FIG. 3 illustrates a configuration example of a matrix and key generation system and FIG. 4 illustrates a processing flow of the matrix and key generation system. The matrix and key generation system includes three or more matrix and key generation devices 160 which are mutually connected via a network 800 and secure computation can be performed among these matrix and key generation devices 160. Each of the matrix and key generation devices 160 includes a sort unit 110, a vector generation unit 120, a set generation unit 130, a matrix generation unit 140, a key generation unit 150, and a recording unit 190. In the present embodiment, the numbers of rows and columns of the matrix T.sub.n, the number of elements of the vector k.sub.n, and the value m.sub.n are unconcealed information and each of the elements of the matrix T.sub.n, and each of the elements of the vector k.sub.n are concealed information among the matrix and key generation devices 160. That is, shares of respective elements of the matrix T.sub.n and shares of respective elements of the vector k.sub.n are distributed and recorded in the recording units 190 of a plurality of matrix and key generation devices. Here, a share is data with which an original value can be reconstructed when a predetermined number of shares are known and is called distributed data in Non-patent Literature 4.

(20) The sort unit 110 performs sorting of orders of rows of the matrix T.sub.n and sorting of orders of elements of the vector k.sub.n with respect to each of n=0, . . . , N1 through secure computation with the sort units 110 of other matrix and key generation devices 160 in accordance with the elements of the vector k.sub.n while maintaining correspondence, so as to update the matrices T.sub.0, . . . , T.sub.N1 and the vectors k.sub.0, . . . , k.sub.N1 with the matrices and the vectors after the sorting (S110). A method for performing the sort processing through the secure computation is specifically described in Non-patent Literature 1. Further, sorting may be performed in an ascending order or a descending order. FIG. 5 illustrates a state that sorting is performed with respect to orders of rows of the matrix T.sub.0 and orders of elements of the vector k.sub.0 illustrated in FIG. 2 through secure computation in accordance with the elements of the vector k.sub.0 while maintaining correspondence. In this example, keys (elements of the vector k.sub.0) having smaller values are on younger orders (upper). The vector generation unit 120, the set generation unit 130, the matrix generation unit 140, and the key generation unit 150 perform processing with respect to the matrices T.sub.0, . . . , T.sub.N1 and the vectors k.sub.0, . . . , k.sub.N1 which are updated by the sort unit 110.

(21) The vector generation unit 120 generates a vector x.sub.n, of which the number of pieces of elements is K.sub.n and each of the elements is concealed, with respect to each of n=0, . . . , N1 through secure computation with the vector generation units 120 of other matrix and key generation devices 160 so that x.sub.n[1]=1 and x.sub.n[i]=x.sub.n[i1]+1 if k.sub.n[i1]=k.sub.n[i] and x.sub.n[i]=1 if k.sub.n[i1]k.sub.n[i] with respect to 2iK.sub.n (S120). This processing is same as the step computation illustrated in Non-patent Literature 2. Further, the technique for concealing values is described in Non-patent Literature 4 and the like. FIG. 6 illustrates vectors k.sub.0, k.sub.1, and k.sub.2 of which elements are concealed and which are obtained by performing sorting by the sort unit 110 with respect to the vectors k.sub.0, k.sub.1, and k.sub.2 illustrated in FIG. 2, and vectors x.sub.0, x.sub.1, and x.sub.2 which are results of the step computation performed, by the vector generation unit 120, with respect to the vectors k.sub.0, k.sub.1, and k.sub.2 after the sorting.

(22) The set generation unit 130 generates a set B.sub.n,j, of which each element is concealed, with respect to each of n=0, . . . , N1 and each of j=1, . . . , K.sub.n, through secure computation with the set generation units 130 of other matrix and key generation devices 160 so that individual elements correspond to combinations of N1 pieces of elements, which are individually selected from sets M.sub.0, . . . , M.sub.N1 other than the set M.sub.n, and x.sub.n[j], and the elements for all of the combinations are included (S130). For example, a combination is generated as (an element of M.sub.0, . . . , an element of M.sub.n1, x.sub.n[j], an element of M.sub.n+1, . . . , an element of M.sub.N1) so as to obtain one element. Further, a value decisively computed based on a combination (a value corresponding to a combination in a one-on-one state, in other words, a value obtained such that a different computation value is always obtained with respect to a different combination) may be set as an element. The above-mentioned corresponding to a combination represents inclusion of a value decisively computed from a combination other than the combination itself.

(23) Processing of the set generation unit 130 will be described while referring to the vector k.sub.0, the vector k.sub.1, and the vector k.sub.2 illustrated in FIG. 6, for example. The vector k.sub.0 has two pieces of 1 among elements thereof and the number of each of other elements is one, so that the upper limit number m.sub.0 in which elements are duplicated in the vector k.sub.0 is 2. When the upper limit number in which elements are duplicated is checked in a similar manner, the upper limit number m.sub.1 in which elements are duplicated in the vector k.sub.1 is 2 and the upper limit number m.sub.2 in which elements are duplicated in the vector k.sub.2 is 3. Accordingly, set M.sub.0={1,2}, set M.sub.1={1,2}, and set M.sub.2={1,2,3} are obtained. An example of processing for coupling the matrix T.sub.0 and the matrix T.sub.1 is first described. Since x.sub.0[1]=1 and set M.sub.1={1,2} hold, combinations between x.sub.0[1] and elements of the set M.sub.1 are (1,1) and (1,2). Accordingly, the set B.sub.0,1={(1,1), (1,2)} is obtained. Further, since x.sub.0[2]=2 and set M.sub.1={1,2} hold, for example, combinations between x.sub.0[2] and elements of the set M.sub.1 are (2,1) and (2,2) and combinations between elements of the set M.sub.0 and x.sub.1[4] are (1,2) and (2,2). The processing may be performed in a similar manner with respect to other combinations. The case of processing for coupling the matrix T.sub.0, the matrix T.sub.1, and the matrix T.sub.2 takes combinations of the three. Since x.sub.0[1]=1, set M.sub.1={1,2}, and set M.sub.2={1,2,3} hold, combinations among x.sub.0[1], elements of the set M.sub.1, and elements of the set M.sub.2 are (1,1,1), (1,1,2), (1,1,3), (1,2,1), (1,2,2), and (1,2,3). Accordingly, set B.sub.0,1={{(1,1,1), (1,1,2), (1,1,3), (1,2,1), (1,2,2), (1,2,3)}} is obtained.

(24) The matrix generation unit 140 generates a matrix T.sub.n, of which each element is concealed, with respect to each of n=0, . . . , N1 through secure computation with the matrix generation units 140 of other matrix and key generation devices 160, so that rows identical to T.sub.n[j] are included in the number equal to the number of elements of the set B.sub.n,j for all of j=1, . . . , K.sub.n (S140). FIG. 7 illustrates examples of the matrix T.sub.0, the vector k.sub.0, the matrix T.sub.1, and the vector k.sub.1, of which elements are concealed, in the case of coupling the matrix T.sub.0 and the matrix T.sub.1 illustrated in FIG. 2. In the case of processing for coupling the matrix T.sub.0 and the matrix T.sub.1, the number of elements of the set B.sub.0,1 is 2, so that two rows identical to T.sub.0[1] are generated. In a similar manner, since the number of elements of each of the set B.sub.0,2, B.sub.0,3, B.sub.0,4, and B.sub.0,5 is 2 as well, two identical rows are generated for each set. Accordingly, the matrix T.sub.0 includes 10 rows which include identical rows two by two. Further, the matrix T.sub.1 includes 8 rows which include identical rows two by two, as well.

(25) The key generation unit 150 generates a vector k.sub.n, of which each element is concealed, with respect to each of n=0, . . . , N1 through secure computation with the key generation units 150 of other matrix and key generation devices 160 so that an element of the matrix T.sub.n which corresponds to a row identical to T.sub.n[j] corresponds to a combination of k.sub.n[j] and an element of the set B.sub.n,j and further, the elements of the set B.sub.n,j are different from each other when there are a plurality of rows identical to T.sub.n[j] (S150). The matrix T.sub.0 has ten rows and the matrix T.sub.1 has eight rows, so that the number of elements of the vector k.sub.0 is ten and the number of elements of the vector k.sub.1 is eight. Since both of T.sub.0[1] and T.sub.0[2] are T.sub.0[1], k.sub.0[1] is (k.sub.0[1], one element of B.sub.0,1) and k.sub.0[2] is (k.sub.0[1], another element of B.sub.0,1). In FIG. 7, k.sub.0[1]=(1,(1,1)) and k.sub.0[2]=(1,(1,2)) hold. That is, elements of the matrix T.sub.0 which correspond to a row identical to T.sub.0[1] correspond to combinations (k.sub.0[1] and k.sub.0[2]) of the k.sub.0[1] and elements of the set B.sub.0,1. Further, there are a plurality of rows identical to T.sub.0[1], so that the elements of the set B.sub.0,1 are selected so that the selected elements are different from each other.

(26) To correspond to a combination in the description of the key generation unit 150 also represents inclusion of a value decisively computed from a combination (a value corresponding to the combination in a one-on-one state) other than the combination itself. For example, f may be set as a function for decisively computing a value based on a combination and k.sub.0[1]=f(1,(1,1)) may be set. Here, f denotes a function permitting secure computation.

(27) Apparent from FIG. 7, there is no duplication of elements in either the vector k.sub.0 or the vector k.sub.1. Thus, according to the matrix and key generation device of the first embodiment, a vector which includes duplicate elements and a matrix which is a coupling object can be respectively converted into a vector which includes no duplicate elements and a matrix corresponding to the vector.

(28) [Modification]

(29) FIG. 8 illustrates a configuration example of a matrix coupling system and FIG. 9 illustrates a processing flow of the matrix coupling system. The matrix coupling system includes three or more matrix coupling devices 100 which are mutually connected via the network 800 and secure computation can be performed among the matrix coupling devices 100. The matrix coupling device 100 includes the matrix and key generation device 160 and a coupling unit 170. The matrix and key generation device 160 and the matrix and key generation step S160 are same as those described in the first embodiment.

(30) In the case where there are elements common to all of the vectors k.sub.0, . . . , k.sub.N1, the coupling unit 170 couples corresponding rows of the matrices T.sub.0, . . . , T.sub.N1 for each of the common elements to generate one row through secure computation with the coupling units 170 of other matrix coupling devices 100 so as to generate a matrix of which each element is concealed (S170). As this processing, the technique of matrix coupling described in Non-patent Literature 3 may be employed. FIG. 10 illustrates a matrix obtained by coupling the matrix T.sub.0 and the matrix T.sub.1 which are illustrated in FIG. 7. It is understood that the matrix illustrated in FIG. 10 is a matrix obtained by concealing each element of a matrix obtained by coupling the matrix T.sub.0 and the matrix T.sub.1 illustrated in FIG. 2. Here, a corresponding relationship among rows may be recognized in the processing up to processing for obtaining the matrices T.sub.0, . . . , T.sub.N1 and the vectors k.sub.0, . . . , k.sub.N1. However, if rows are replaced at random in coupling of matrices through secure computation, recognition of the corresponding relationship among rows can be prevented.

(31) In the technique of matrix coupling of Non-patent Literature 3, when a sum of the number of records in a table of the input (a sum of the number of rows in the case of expression in a matrix form) is denoted by Q, the communication amount is O(Q.Math.log Q). In the case of the matrix coupling system according to the present invention, when a sum of the number of rows is denoted by Q and the upper limit of the number of duplication is denoted by P, the communication amount can be set as O(PQ.Math.log Q). In the case where there is duplication among keys, processing is increased in the order of the square of P in general. However, processing is increased in the order of the first power of P in the present invention, being able to take advantage of Non-patent Literature 3 in which the communication amount can be reduced.

Second Embodiment

(32) The case of the secure computation has been discussed in the first embodiment, but the idea of the present invention is applicable without limiting to the secure computation. When secure computation is not used, a plurality of matrix and key generation devices do not have to be used. One matrix and key generation device can convert a vector which represents keys and includes duplicate elements and a matrix which is a coupling object respectively into a vector which represents a key and includes no duplicate elements and a matrix corresponding to the vector. Accordingly, the case where concealment is not performed will be described in the second embodiment.

(33) In the second embodiment, it is assumed that N is an integer and 1N, n is an integer and 0nN1, K.sub.n is an integer and 1K.sub.n, i and j are integers, T.sub.n is a matrix having K.sub.n rows, k.sub.n is a vector which includes K.sub.n pieces of elements, T.sub.n[j] is a row on the j-th order of the matrix T.sub.n, k.sub.n[j] is an element on the j-th order of the vector k.sub.n, m.sub.n is the upper limit number in which the elements of the vector k.sub.n are duplicated, and matrices T.sub.0, . . . , T.sub.N1 and vectors k.sub.0, . . . , k.sub.N1 are inputs. Further, it is assumed that M.sub.n is a set which is composed of m.sub.n pieces of elements and of which M.sub.n[i]=i is satisfied.

(34) FIG. 11 illustrates a configuration example of a matrix and key generation device according to the second embodiment, and FIG. 4 illustrates an example of a processing flow of the matrix and key generation device according to the second embodiment. A matrix and key generation device 260 includes a sort unit 210, a vector generation unit 220, a set generation unit 230, a matrix generation unit 240, and a key generation unit 250. The sort unit 210 performs sorting of orders of rows of the matrix T.sub.n and sorting of orders of elements of the vector k.sub.n with respect to each of n=0, . . . , N1 in accordance with the elements of the vector k.sub.n while maintaining correspondence so as to update the matrices T.sub.0, . . . , T.sub.N1 and the vectors k.sub.0, . . . , k.sub.N1 with the matrices and the vectors after the sorting (S210). The vector generation unit 220, the set generation unit 230, the matrix generation unit 240, and the key generation unit 250 perform processing with respect to the matrices T.sub.0, . . . , T.sub.N1 and the vectors k.sub.0, . . . , k.sub.N1 which are updated by the sort unit 210.

(35) The vector generation unit 220 generates a vector x.sub.n with respect to each of n=0, . . . , N1 so that x.sub.n[1]=1 and x.sub.n[i]=x.sub.n[i1]+1 if k.sub.n[i1]=k.sub.n[i] and x.sub.n[i]=1 if k.sub.n[i1]k.sub.n[i] with respect to 2iK.sub.n (S220). The set generation unit 230 generates a set B.sub.n,j with respect to each of n=0, . . . , N1 and each of j=1, . . . , K.sub.n so that individual elements correspond to combinations of N1 pieces of elements, which are individually selected from sets M.sub.0, . . . , M.sub.N1 other than the set M.sub.n, and x.sub.n[j], and the elements for all of the combinations are included (S230). The matrix generation unit 240 generates a matrix T.sub.n with respect to each of n=0, . . . , N1 so that rows identical to T.sub.n[j] are included in the number equal to the number of elements of the set B.sub.n,j for all of j=1, . . . , K.sub.n (S240). The key generation unit 250 generates a vector k.sub.n with respect to each of n=0, . . . , N1 so that an element of the matrix T.sub.n which corresponds to a row identical to T.sub.n[j] corresponds to a combination of k.sub.n[j] and an element of the set B.sub.n,j and further, the elements of the set B.sub.n,j are different from each other when there are a plurality of rows identical to T.sub.n[j] (S250).

(36) Each processing is different from the processing of the first embodiment only in that secure computation is not performed. Therefore, in the case where the matrices T.sub.0 and T.sub.1 and the vectors k.sub.0 and k.sub.1 illustrated in FIG. 2 are inputted, the matrices T.sub.0 and T.sub.1 and the vectors k.sub.0 and k.sub.1 to be outputted are matrices and vectors in which each element illustrated in FIG. 7 is not concealed. Thus, according to the matrix and key generation device of the second embodiment, a vector which includes duplicate elements and a matrix which is a coupling object can be respectively converted into a vector which includes no duplicate elements and a matrix corresponding to the vector.

(37) [Modification]

(38) A generic concept of the second embodiment will be derived in this modification. In the present modification, the sort unit 210 is omitted and the vector generation unit 220 is replaced with a vector generation unit 220. Further, in the present modification, M.sub.n is not limited to a set of M.sub.n[i]=i but M.sub.n is a set composed of m.sub.n pieces of elements which are different from each other and M.sub.n[i] is an element on the i-th order of the set M.sub.n. The functional configuration of a matrix and key generation device according to the present modification is illustrated in FIG. 11 and a processing flow is illustrated in FIG. 4. In the present modification, the vector generation unit 220, the set generation unit 230, the matrix generation unit 240, and the key generation unit 250 perform processing with respect to the matrices T.sub.0, . . . , T.sub.N1 and the vectors k.sub.0, . . . , k.sub.N1 which are inputted (the sort step S210 is not performed).

(39) The vector generation unit 220 generates a vector x.sub.n, of which the number of pieces of elements is K.sub.n and each of the elements is an element of the set M.sub.n, with respect to each of n=0, . . . , N1 so that x.sub.n[i]x.sub.n[j] if k.sub.n[i]=k.sub.n[j] at ij. The processing of the vector generation unit 220 in the present modification is one processing which satisfies a condition of processing of the vector generation unit 220 which is applicable when the vector k.sub.n is preliminarily subjected to sorting. Accordingly, the invention of the present modification is the general concept of the invention of the second embodiment.

(40) Since whether or not sorting is performed does not exert any influence on processing of the set generation unit 230, the matrix generation unit 240, and the key generation unit 250 when the vector x.sub.n is generated as described above, the matrix and key generation device of the present modification is also capable of converting a vector which includes duplicate elements and a matrix which is a coupling object respectively into a vector which includes no duplicate elements and a matrix corresponding to the vector.

(41) [Program, Recording Medium]

(42) The above-described various types of processing may be executed not only in a time-series manner in accordance with the description but also in a parallel manner or an independent manner, depending on processing capability of the device which executes the processing or as necessary. Further, it is indisputable that alterations can be arbitrarily made without departing from the intent of the present invention.

(43) In a case where the above-described configuration is implemented by a computer, processing contents of functions which should be obtained by respective devices are described by a program. By executing this program by a computer, the above-described processing functions are implemented on the computer.

(44) The program in which the processing contents are described can be recorded in a computer-readable recording medium. Any recording medium such as a magnetic recording device, an optical disk, a magneto-optical recording medium, and a semiconductor memory may be employed as the computer-readable recording medium.

(45) Moreover, this program is distributed by selling, transferring, or lending a portable recording medium such as a DVD and a CD-ROM in which the program is recorded, for example. Further, this program may be distributed such that this program is preliminarily stored in a storage device of a server computer and is transferred from the server computer to other computers through the network.

(46) A computer which executes such program once stores the program which is recorded in a portable recording medium or the program transferred from the server computer in a storage device thereof, for example. Then, at the time of execution of processing, this computer reads the program which is stored in a recording medium thereof and executes processing in accordance with the program which is read. Moreover, as another executing configuration of this program, a computer may directly read the program from a portable recording medium so as to execute processing in accordance with the program. Furthermore, every time the program is transferred to the computer from the server computer, the computer may sequentially execute the processing in accordance with the received program. Alternatively, the above-described processing may be executed by so-called application service provider (ASP) type service by which a processing function is implemented only by an executing instruction of processing and result acquisition, without transferring the program to the computer from the server computer. Here, it should be noted that the program according to this executing configuration includes information which is provided for processing performed by an electronic calculator and is equivalent to the program (such as data which is not a direct instruction to the computer but has a property specifying the processing of the computer).

(47) In this configuration, the devices are assumed to be configured as a result of a predetermined program executed on a computer. However, at least part of these processing contents may be implemented on the hardware.

INDUSTRIAL APPLICABILITY

(48) The present invention is applicable to statistical processing and analysis of data using a computer.

DESCRIPTION OF REFERENCE NUMERALS

(49) 100 matrix coupling device 110, 210 sort unit 120, 220 vector generation unit 130, 230 set generation unit 140, 240 matrix generation unit 150, 250 key generation unit 160, 260 matrix and key generation device 170 coupling unit 190 recording unit 800 network

Matrix and key generation device, matrix and key generation system, matrix coupling device, matrix and key generation method, and program

Assignee

Inventors

Cpc classification

Classification Explorer

G09C1/00

PHYSICS

Classification Explorer

H04L9/0861

ELECTRICITY

Classification Explorer

H04L9/085

ELECTRICITY

Classification Explorer

H04L2209/46

ELECTRICITY

International classification

Classification Explorer

G06F16/20

PHYSICS

Classification Explorer

G06F21/62

PHYSICS

Classification Explorer

H04L29/06

ELECTRICITY

Classification Explorer

G09C1/00

PHYSICS

Classification Explorer

G06F16/28

PHYSICS

Classification Explorer

G06F21/60

PHYSICS

Classification Explorer

H04L9/08

ELECTRICITY

Abstract

Claims

Description