Nippon Telegraph and Telephone Corporation and Mitsubishi
Electric today announced that they have developed a new
advanced encryption (fine-grained encryption) scheme expected to become a potential solution to the security
risks in cloud computing.
The new encryption scheme achieves advanced logic in the encryption-decryption mechanism, which enables sophisticated and fine-grained data transmission/access
Cloud computing networks transmit private or confidential
information to the server to process, which demands higher security than current systems that use symmetric
and public key encryption to maintain network security.
NTT and Mitsubishi Electric have successfully developed a new fine-grained encryption scheme with the most
advanced logic as an encryption-decryption mechanism. This scheme, developed using a mathematical approach called the "dual pairing vector spaces," will allow network users to maintain highly confidential information encrypted even in cloud computing environments.
The field of cryptography has recently seen wide use of "bilinear groups" on an elliptic curve, in applications
such as ID based encryption, fine-grained encryption and others. By using a direct product of bilinear groups,
it is possible to construct "dual pairing vector spaces" with a richer algebraic structure than that of a bilinear
group itself. Because of this property, rich cryptographic "trapdoors" can now be realized. NTT and
Mitsubishi Electric introduced the concept of "Dual pairing vector spaces" in 2009, and today's new encryption scheme has been constructed by using the vector spaces.
The two companies now plan to study how to efficiently implement and utilize this scheme for various applications.
Main features of the new fine-grained encryption scheme
1. Achieving the most general logic
For the past few years, fine-grained encryption has attracted many researchers in the field of cryptography. The
new, fine-grained encryption scheme by the two companies achieves the most advanced logic that comprehends those of the existing fine-grained encryption schemes. This logic can be realized by comprising AND, OR, NOT and threshold gates.
One of the most significant achievements is that the NOT gate is now available, allowing cloud computing
systems to manage databases easily and flexibly in cases of change in user attributes and other information.
2. Available to a variety of applications
In fine-grained encryption, a variety of parameters are added to the ciphertext and decryption key in the
encryption-decryption logic. In this logic, attributes and predicates on them become the parameter of the
ciphertext or decryption key. The newly developed encryption scheme is available to a variety of applications
because it is capable of being used in either of the following forms: (1) attributes as the parameter of the
decryption key, predicates as that of the ciphertext, and (2) attributes as the parameter of the ciphertext,
predicates as that of the decryption key.
In case (1), various access conditions will be set in detail for each encrypted data in a cloud computing
database, and a user will be able to decrypt and access the data by using the decryption key when the attributes
of the decryption key satisfy the pre-set predicates in the ciphertext. Applications include confidential
document management systems in firms, as well as personal information database management by public
organizations. For confidential document management systems in firms, for example, each document will be
set by a predicate that describes the attributes of users allowed to decrypt the encrypted document. The
document and its predicate as a set will then be encrypted and placed in a cloud computing database. The
encrypted document will only be able to be decrypted and accessed by an employee who has a decryption key
associated with some attributes, when the decryption key?s attributes satisfy the predicate pre-set in the
Meanwhile, in case (2), data and attributes will be encrypted as a set when it is managed by the cloud
computing system, and each user can only decrypt and read the data if the attributes of the encrypted data
satisfy the predicate in the decryption key. Applications include content distribution as well as database
management in finance or medical fields. In the content distribution, for example, content providers will
encrypt contents like animation, films and others with its attributes and place the encrypted contents in a cloud
computing database. The audience will then view the contents by decrypting it using the decryption key when
the contents' attributes satisfy the decryption key?s predicates.