(19)
(11)EP 2 940 921 B1

(12)EUROPEAN PATENT SPECIFICATION

(45)Mention of the grant of the patent:
18.03.2020 Bulletin 2020/12

(21)Application number: 15165670.9

(22)Date of filing:  29.04.2015
(51)Int. Cl.: 
H04L 9/00  (2006.01)

(54)

INFORMATION PROCESSING TECHNIQUE FOR WILDCARD PATTERN MATCHING

INFORMATIONSVERARBEITUNGSTECHNIK FÜR STRUKTURABGLEICH MIT STELLVERTRETERSYMBOL

TECHNIQUE DE TRAITEMENT D'INFORMATIONS PERMETTANT LA MISE EN CORRESPONDANCE DE MOTIFS AVEC DES JOKERS


(84)Designated Contracting States:
AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

(30)Priority: 02.05.2014 JP 2014095093

(43)Date of publication of application:
04.11.2015 Bulletin 2015/45

(73)Proprietor: FUJITSU LIMITED
Kawasaki-shi, Kanagawa 211-8588 (JP)

(72)Inventors:
  • Yasuda, Masaya
    Kanagawa, 211-8588 (JP)
  • Shimoyama, Takeshi
    Kanagawa, 211-8588 (JP)
  • Kogure, Jun
    Kanagawa, 211-8588 (JP)

(74)Representative: Hoffmann Eitle 
Patent- und Rechtsanwälte PartmbB Arabellastraße 30
81925 München
81925 München (DE)


(56)References cited: : 
  
  • Masaya Yasuda ET AL: "Privacy-Preserving Wildcards Pattern Matching Using Symmetric Somewhat Homomorphic Encryption" In: "LECTURE NOTES IN COMPUTER SCIENCE", 9 July 2014 (2014-07-09), Springer Berlin Heidelberg, Berlin, Heidelberg, XP055212058, ISSN: 0302-9743 ISBN: 978-3-54-045234-8 vol. 8544, pages 338-353, DOI: 10.1007/978-3-319-08344-5_22, * paragraph [0003] *
  • DAMIEN VERGNAUD ED - ABDERRAHMANE NITAJ ET AL: "Efficient and Secure Generalized Pattern Matching via Fast Fourier Transform", 5 July 2011 (2011-07-05), PROGRESS IN CRYPTOLOGY AFRICACRYPT 2011, SPRINGER BERLIN HEIDELBERG, BERLIN, HEIDELBERG, PAGE(S) 41 - 58, XP047025389, ISBN: 978-3-642-21968-9 * paragraph [0005] *
  • MASAYA YASUDA ET AL: "Secure pattern matching using somewhat homomorphic encryption", CLOUD COMPUTING SECURITY WORKSHOP, ACM, 2 PENN PLAZA, SUITE 701 NEW YORK NY 10121-0701 USA, 8 November 2013 (2013-11-08), pages 65-76, XP058034246, DOI: 10.1145/2517488.2517497 ISBN: 978-1-4503-2490-8
  • LAGENDIJK R L ET AL: "Encrypted signal processing for privacy protection: Conveying the utility of homomorphic encryption and multiparty computation", IEEE SIGNAL PROCESSING MAGAZINE, IEEE SERVICE CENTER, PISCATAWAY, NJ, US, vol. 30, no. 1, 1 January 2013 (2013-01-01), pages 82-105, XP011505535, ISSN: 1053-5888, DOI: 10.1109/MSP.2012.2219653
  • JOSHUA BARON ET AL: "5PM: Secure Pattern Matching", INTERNATIONAL ASSOCIATION FOR CRYPTOLOGIC RESEARCH,, vol. 20121219:161334, 12 December 2012 (2012-12-12), pages 1-77, XP061007031,
  • YASUDA MASAYA ET AL: "Analysis of Lattice Reduction Attack against the Somewhat Homomorphic Encryption Based on Ideal Lattices", 13 September 2012 (2012-09-13), ADVANCES IN COMMUNICATION NETWORKING : 20TH EUNICE/IFIP EG 6.2, 6.6 INTERNATIONAL WORKSHOP, RENNES, FRANCE, SEPTEMBER 1-5, 2014, REVISED SELECTED PAPERS; [LECTURE NOTES IN COMPUTER SCIENCE , ISSN 1611-3349], SPRINGER VERLAG, DE, PAGE(S) 1 - 16, XP047037754, ISSN: 0302-9743 ISBN: 978-3-540-89964-8 * paragraph [0002] *
  
Note: Within nine months from the publication of the mention of the grant of the European patent, any person may give notice to the European Patent Office of opposition to the European patent granted. Notice of opposition shall be filed in a written reasoned statement. It shall not be deemed to have been filed until the opposition fee has been paid. (Art. 99(1) European Patent Convention).


Description


[0001] This invention relates to a technique for performing pattern matching of data while keeping the data encrypted.

[0002] At present, while regulations on the protection of bothprivate information and confidential information have been strengthened, the market for services using such information is expanding. Encryption techniques capable of using data while keeping private information and confidential information protected have therefore attracted attention. Among encryption techniques, there are ones which use encryption techniques and statistical techniques in accordance with data classification and service requirements.

[0003] There is a technique known as a homomorphic encryption scheme, which is a concealment technique using encryption. The homomorphic encryption scheme is a public key encryption scheme such that the encryption key and the decryption key are different, and it is a form of encryption which has a function capable of manipulating data while keeping the data encrypted. For example, assuming that for plain text m1 and m2, the encryption function of a homomorphic encryption scheme for addition or multiplication is given by E, the following expressions (1) or (2) hold.





[0004] A property such that expression (1) holds is called a homomorphism for addition, and a property such that expression (2) holds is called a homomorphism for multiplication.

[0005] Addition and multiplication of encrypted text (also referred to as "cipher text") by using a homomorphic encryption scheme makes it possible to obtain an encrypted operation result of addition and multiplication without decrypting the encrypted text. It is expected that the properties of homomorphic encryption will be used in the fields of electronic voting, electronic money, and similar, and furthermore in recent years it has been expected that they will be used in the cloud computing field.

[0006] An RSA (Rivest Shamir Adleman) encryption scheme (homomorphism only for multiplication) and an Additive ElGamal encryption scheme (homomorphism only for addition) are typical of such homomorphic encryption schemes. Moreover, a homomorphic encryption scheme which is capable of both addition and multiplication (an encryption scheme satisfying expressions (1) and (2)) was suggested (a technique suggested in Non-Patent Document 1) in 2009. However, it is known that such a homomorphic encryption scheme is not practical in terms of processing performance and the size of encrypted data. A homomorphic encryption scheme which is capable of both addition and multiplication and is practical in terms of both processing performance and the size of encrypted data was therefore suggested in 2011, and the examples of application was suggested (the technique suggested in Non-Patent Document 2).

[0007] Here, the homomorphic encryption scheme proposed in 2011 will be explained (for details, see Section 3.2 of Non-Patent Document 2). Firstly, mainly prepare three key generation parameters (n, q, and t) for encryption key generation. n is an integer, it is the power of 2, and it is referred to as a "lattice dimension"; q is a prime number, and t is an integer which is smaller than the prime number q. In the encryption key generationprocedure, firstly ann-dimensional polynomial sk such that each of its coefficients is extremely small is randomly generated as a secret key. The smallness of each coefficient is limited by a parameter σ. Next, an n-dimensional polynomial a1 such that each of its coefficients is smaller than q, and an n-dimensional polynomial e such that each of its coefficients is extremely small, are randomly generated.

[0008] a0 = -(a1 sk + t e) is calculated, and a pair (a0, a1) is defined as public key pk. However, when the polynomial a0 is calculated, a polynomial whose degree is always less than n is calculated as xn = -1, xn+1 = -x, ... for a polynomial whose degree is n or higher. Furthermore, output the remainder obtained by dividing by the prime number q for the coefficients of the polynomials. The space for performing such an operation is academically expressed as Rq: = Fq[x] / (xn + 1) .

[0009] Next, for public key pk = (a0, a1) and plain text data m which is represented by a polynomial of degree n such that each of its coefficients is smaller than t, three n-dimensional polynomials u, f, and g such that each of their coefficients is extremely small are randomly generated, and encryption data E(m, pk) = (c0, c1) for the plain text data m is defined as follows. For (c0, c1), c0 = a0 u + t g + m, c1 = a1 u + t f is calculated. Also, operation is performed on the space Rq in these calculations.

[0010] Thereafter, for the encrypted text E(m1, pk) = (c0, c1) and E(m2, pk) = (d0, d1), encryption addition E(m1, pk) + E(m2, pk) is calculated as (c0 + d0, c1 + d1), and encryption multiplication E (m1, pk) E(m2, pk) is calculated as (c0 d0, c0 d1 + c1 d0, c1 d1). Note that such encryption multiplication makes data size of the encrypted text change from a 2-component vector to a 3-component vector.

[0011] Lastly, in decryption processing, the secret key sk will be used in calculating D(c, sk) = [c0 + c1 sk + c2 sk2 + ...] q mod t for the encrypted text c = (c0, c1, c2, ...) (here, it is assumed that the number of data components of the encrypted text data has increased by encryption operations such as multiple encryption multiplication), to complete decryption. Here, w is calculated as the remainder obtained by dividing the integer z by q, and the value of [z]q is outputted as [z]q = w if w < q and the value of [z]q is outputted as [z]q = w - q if w ≥ q. Furthermore, "a mod t" means the remainder obtained by dividing the integer a by t.

[0012] Numerical examples are illustrated for simplicity's sake in the following.

















[0013] In the preceding expressions, (4, 1033, 20) are set to be the key generation parameters (n, q, t) . Furthermore, Mod(a, q) means the remainder obtained by dividing integer a by prime number q, and Mod(f(x), x4 + 1) means a polynomial of the remainder obtained by dividing polynomial f(x) by polynomial x4 + 1. However, x4 = -1, x5 = x, ... and similar hold.

[0014] Next, pattern matching will be briefly explained. Pattern matching is, for example, processing which determines whether a pattern string exists in a text string or not. For example, processing which determines whether pattern string P = "abbac" exists in text string T = "acbabbaccb" or not is considered. At this time, as illustrated in FIG. 1, the number of characters (also referred to as the distance) where the text and the pattern coincide is calculated for text string T, as pattern string P is displaced by one character. In FIG. 1, a list of numerical values representing the number of characters is referred to as a "score vector". In this example, text string T and pattern string P coincide in the component whose score vector value is 5, since the length of pattern string P is 5.

[0015] Thus, in pattern matching without encryption, for text string T and pattern string P, the distance between the text string and the pattern string is calculated as pattern string P is displaced by one character at a time.

[0016] On the other hand, in secure pattern matching using homomorphic encryption (for example, as in Non-Patent Document 3), a polynomial expressed by using each bit of a binarized text for its coefficients in ascending order of degree is calculated to reduce the data size and distance calculation cost. And the binarized text is encrypted by a homomorphic encryption scheme which is capable of calculating polynomials (for example, homomorphic encryption based on Ring-LWE: see Non-Patent Document 2) . On the other hand, a polynomial expressed by using each bit of a binarized pattern for its coefficients in descending order of degree is calculated, and the binarized pattern is encrypted using the same homomorphic encryption scheme.

[0017] Thereafter, for the text polynomial and the pattern polynomial which are encrypted by homomorphic encryption, perform encryption operations by using a homomorphism on the polynomials such that each of their coefficients represents a hamming distance between the text and the pattern. Then, identify the hamming distance from each coefficient of polynomials obtained by decrypting the encryption operation result, and determine whether the hamming distance is 0 or not. Secure pattern matching is performed by doing this.

[0018] More specifically, from binarized text T = (t0, t1, ..., tk-1) whose length is k (also called a binary vector), generate polynomial mt(T) = ∑itixi using each bit as its coefficients in ascending order, and for this, generate encrypted text Enc(mt(T), pk) by the aforementioned homomorphic encryption scheme. Text T is encrypted by doing so.

[0019] On the other hand, from binarized pattern P = (p0, p1, ..., pl-1) whose length is 1, generate polynomial mp(P) = -∑jpjxn-j using each bit as its coefficients in descending order, and generate encrypted pattern Enc(mp(P), pk) by using the aforementioned homomorphic encryption scheme. Pattern P is encrypted by doing so.

[0020] Next, for the encrypted text Enc (mt(T), pk) and the encrypted pattern Enc (mp(P), pk), calculate the encryption distance as follows . Enc(mt(T), pk) Cl + Enc(mp(P), pk) Ck - 2Enc(mt(T), pk) Enc (mp(P), pk) (3)

[0021] Here, Cl is a member which includes a polynomial whose length is 1 in descending order of degree, and Ck is a member which includes a polynomial whose length is k in ascending order of degree. These are represented as follows.





[0022] When a result obtained by decrypting an encryption distance calculation result obtained by expression (3) is r0 + r1x + r2x2 + ... + rn-1xn-1 (a polynomial of degree n, whose coefficients are equal to or less than parameter t), the coefficient ri of degree i for 0 ≤ i ≤ k - 1 coincides with hamming distance d(T(i), P) between partial text T(i) whose first part is the i-th bit and pattern P. Therefore, the degree whose coefficient is 0 may be identified to determine which part of text T includes pattern P from the decryption result r0 + r1x+ r2x2 + ... + rn-1xn-1. In other words, it becomes possible to calculate text T and pattern P while keeping them encrypted by homomorphic encryption.

[0023] Here, an approach to such secure pattern matching is explained by using FIG. 2. The following operation is performed so that each coefficient of a polynomial will correspond to hamming distance d (T(i), P) in the plain text space.



[0024] HW(A) represents the hamming weight of A, and <A, B> represents the inner product between A and B.

[0025] ∑iHW(T(i))xi in expression (6) is mt(T) (-∑jxn-j), as illustrated in FIG. 2(A). Moreover, ∑iHW(P)xi in expression (6) is mp(P) (∑ixi), as illustrated in FIG. 2(B). Furthermore, ∑i<T(i), P>xi in expression (6) is mt(T) mp(P), as illustrated in FIG. 2(C).

[0026] By doing so, as illustrated in FIGs. 2(A) to 2(C), for each plain text operation, an encryption operation corresponding to the plain text operation is obtained in the encrypted text space. Therefore, as a result, as illustrated in FIG. 2(D), an operation such that the coefficients represent the hamming distance if the polynomials are decrypted is performed by executing the encryption operation as illustrated in expression (3).

[0027] However, in performing plain text polynomial operations, output the remainder of division by parameter t, for the coefficients of each polynomial which should be of degree n or less, by calculating a polynomial whose degree is always n or less by calculating xn = -1, xn+1 = -x, ... for polynomials whose degree is n or more. Space for performing such an operation is often represented as Rt = Fq[x] / (xn + 1).

[0028] However, since it is not considered to treat a special character (called a wild card) corresponding to any character, it is not possible to efficiently perform secure pattern matching using general patterns such as those including wild cards.

[0029] In other words, there is no technique to increase the general applicability of secure pattern matching.

[0030] Non-Patent Document 1: C. Gentry, "Fully Homomorphic encryption using ideal lattices", STOC 2009, ACM, pp. 169-178, 2009.

[0031] Non-Patent Document 2: K. Lauter, M. Naehrig and V. Vaikuntanathan, "Can Homomorphic Encryption be Practical?", In ACM workshop on Cloud Computing Security Workshop-CCSW 2011, ACM, pp. 113-124, 2011.

[0032] Non-Patent Document 3: M. Yasuda, T, Shimoyama, J. Kogure, K. Yokoyama and T. Koshiba, "Secure Pattern Matching using Somewhat Homomorphic Encryption", CCSW'13, November 8, 2013, pp. 65-76

[0033] The article titled "Efficient and Secure Generalized Pattern Matching via Fast Fourier Transform" by D. Vergnaud, Progress in Cryptology Africacrypt 2011 (5 July 2011), pages 41-58 (ISBN: 978-3-642-21968-9), discloses simple protocols for secure two-party computation of generalized pattern matching in the presence of malicious parties. The problem is to determine all positions in a text T where a pattern P occurs (or matches with few mismatches) allowing possibly both T and P to contain single character wildcards. Constant-round protocols are described that exhibit linear communication and quasilinear computational costs with simulation-based security. The described constructions rely on a well-known technique for pattern matching proposed by Fischer and Paterson in 1974 and based on the Fast Fourier Transform. The security of the new schemes is reduced to the semantic security of the EIGamal encryption scheme. Particular reference is made to section 5.2, titled "Pattern Matching with Wildcards". Reference is also made to the following documents.

[0034] "Encrypted Signal Processing for Privacy Protection: Conveying the Utility of Homomorphic Encryption and Multiparty Computation" by R.L. Lagendijk et al., IEEE Signal Processing Magazine, Vol. 30, No. 1, 1 January 2013, pages 82-105.

[0035] "5PM: Secure Pattern Matching" by J. Baron et al., International Association for Cryptologic Research, Vol. 20121219: 161334, 12 December 2012, pages 1-77.

[0036] The present invention provides a matching method as set out in each of Claims 1, 3 and 4, an information processing system as set out in Claim 2, and a computer program as set out in Claim 5.

[0037] A matching method according to an embodiment includes: (A) first generating a first numerical vector by numerically vectorizing first text stored in a first data storage unit; (B) second generating a second numerical vector by squaring each component of the first numerical vector and a third numerical vector by cubing each component of the first numerical vector; (C) third generating a first polynomial by executing a polynomial transformation of the first numerical vector, a second polynomial by executing the polynomial transformation of the second numerical vector, and a third polynomial by executing the polynomial transformation of the third numerical vector; (D) encrypting the first polynomial, the second polynomial and the third polynomial by a homomorphic encryption scheme capable of operating polynomials; (E) executing a predetermined operation while keeping data used in the predetermined operation encrypted, by using a fourth polynomial obtained by the polynomial transformation and the homomorphic encryption of a fourth numerical vector, a fifth polynomial obtained by the polynomial transformation and the homomorphic encryption of a fifth numerical vector, and a sixth polynomial obtained by the polynomial transformation and the homomorphic encryption of a sixth numerical vector, wherein the fourth numerical vector is generated by numerically vectorizing second text, the fifth numerical vector is generated by squaring each component of the fourth numerical vector, the sixth numerical vector is generated by cubing each component of the fourth numerical vector, and the fourth polynomial, the fifth polynomial and the sixth polynomial are stored in a second data storage unit; and (F) decrypting a result of the predetermined operation.

[0038] An encryption method according to an embodiment includes: (G) first generating a first numerical vector by numerically vectorizing first text stored in a first data storage unit; (H) second generating a second numerical vector by squaring each component of the first numerical vector and a third numerical vector by cubing each component of the first numerical vector; (I) third generating a first polynomial by executing a polynomial transformation of the first numerical vector, a second polynomial by executing the polynomial transformation of the second numerical vector, and a third polynomial by executing the polynomial transformation of the third numerical vector; and (J) encrypting the first polynomial, the second polynomial and the third polynomial by a homomorphic encryption scheme capable of operating polynomials.

[0039] An encryption method according to an embodiment includes: (K) receiving a first polynomial obtained by a polynomial transformation and homomorphic encryption of a first numerical vector, a second polynomial obtained by the polynomial transformation and the homomorphic encryption of a second numerical vector, and a third polynomial obtained by the polynomial transformation and the homomorphic encryption of a third numerical vector, wherein the first numerical vector is generated by numerically vectorizing first text, the second numerical vector is generated by squaring each component of the first numerical vector, the third numerical vector is generated by cubing each component of the first numerical vector; (L) executing a predetermined operation while keeping data used in the predetermined operation encrypted, by using a fourth polynomial obtained by the polynomial transformation and the homomorphic encryption of a fourth numerical vector, a fifth polynomial obtained by the polynomial transformation and the homomorphic encryption of a fifth numerical vector, and a sixth polynomial obtained by the polynomial transformation and the homomorphic encryption of a sixth numerical vector, wherein the fourth numerical vector is generated by numerically vectorizing second text, the fifth numerical vector is generated by squaring each component of the fourth numerical vector, the sixth numerical vector is generated by cubing each component of the fourth numerical vector, and the fourth polynomial, the fifth polynomial and the sixth polynomial are stored in a data storage unit; and (M) sending back a result of the predetermined operation.

[0040] Reference will now be made, by way of example, to the accompanying Drawings, in which:

FIG. 1 is a diagram explaining pattern matching;

FIG. 2 is a diagram explaining encryption distance calculation;

FIG. 3 is a diagram depicting a view relating to this embodiment;

FIG. 4 is a diagram depicting a system outline of this embodiment;

FIG. 5 is a functional block diagram of a provider apparatus;

FIG. 6 is a functional block diagram of a collator apparatus;

FIG. 7 is a functional block diagram of an information processing apparatus;

FIG. 8 is a diagram depicting a processing flow of a registration processing;

FIG. 9 is a diagram depicting a processing flow of a collation processing; and

FIG. 10 is a functional block diagram of a computer.



[0041] Firstly, a processing outline relating to this embodiment will be explained. In this embodiment, as explained by using FIGs. 2(A) to 2(D), operations in the encryption space are stipulated, by defining a distance in the plain text space so that the decryption result will match the distance defined in the relevant plain text space.

[0042] Execute numerical vectorization in a way such that text will be T = (t0, t1, t2, ...), and similarly execute numerical vectorization for patterns in a way such that P = (p0, p1, p2, ..., pl-1). Allocate 0 to a wild card, and execute numerical vectorization for other characters according to a predetermined rule (for example, 1 for A, 2 for B, 3 for C, and so on).

[0043] At this time, as illustrated schematically on the left side of FIG. 3, consider making a decision on whether or not patterns match the text, by displacing them along by one component. For example, the distance between the part of the text in which ti is the first character and the pattern is defined by an expression as illustrated on the right side of FIG. 3.

[0044] In this expression, the value of an arbitrary j in the range between j = 0 and j = 1 - 1, will be 0 when pj = ti+j; in other words, when a character of the pattern matches with a character of the text. Similarly, the value will also be 0 when pj = 0, in other words, when pj is a wild card. Furthermore, the value will also be 0 when ti+j = 0, in other words, when ti+j is a wild card.

[0045] Finding i with which the distance is 0 by defining such a distance tells us that numerical vector P for the pattern matches with numerical vector T for the text from component ti.

[0046] Here, generate a polynomial mt(T) = ∑itixi using each component as a coefficient in ascending order from numerical vector T = (t0, t1, ..., tk-1), whose length is k for the text.

[0047] Similarly, generate the polynomial mp(P) = -∑jpjxn-j using each component as a coefficient in descending order from numerical vector P = (p0, p1, ..., pl-1), whose length is 1 for the pattern.

[0048] Additionally, a polynomial is illustrated below, in which the value of the expression illustrated on the right side of FIG. 3 will be the coefficient of xi, in relation to an arbitrary i which is within the range between i = 0 and i = k - 1.



[0049] Expression (7) is expressed as follows by using a homomorphic encryption scheme which is capable of calculating polynomials as illustrated in Non-Patent Document 2.



[0050] Therefore, with E(mt(T)), E(mp(P3)), E(mt(T3)), E(mp(P)), E(mt(T2)), and E(mp(P2)), it is possible to perform distance operations while keeping the text and pattern encrypted. In this case, the distance is 0 when there is matching in the plain text space.

[0051] Next, a system outline of this embodiment is explained by using FIGs. 4 to 9.

[0052] As illustrated in FIG. 4, one or more provider apparatuses 5 which register a matching target text and similar, one or more collator apparatuses 7 which request pattern collation processing for the matching target text and similar, and an information processing apparatus 3 included in, for example, a cloud, are connected to a network 1 such as the Internet.

[0053] Next, FIG. 5 illustrates a functional block diagram of the provider apparatus 5. The provider apparatus 5 includes an input unit 50, a first data storage unit 51, a first convertor 52, a second data storage unit 53, a multiplication unit 54, a third data storage unit 55, a second convertor 56, a fourth data storage unit 57, an encryption unit 58, a public key storage unit 59, a fifth data storage unit 60, and a transmitter 61.

[0054] The input unit 50 obtains data such as a matching target text to be registered on the information processing apparatus 3 from a user, other computers connected to the network 1, or similar, and stores the data in the first data storage unit 51. Moreover, the first convertor 52 executes numerical vectorization processing for data stored in the first data storage unit 51, and stores the data in the second data storage unit 53.

[0055] The multiplication unit 54 generates a numerical vector T2 obtained by squaring each component of a numerical vector T stored in the second data storage unit 53 and a numerical vector T3 obtained by cubing each component of the numerical vector T, and stores them in the third data storage unit 55.

[0056] The second convertor 56 converts the numerical vector T stored in the second data storage unit 53 into a polynomial, converts the numerical vectors T2 and T3 stored in the third data storage unit 55 into polynomials, and stores the data of the polynomials in the fourth data storage unit 57.

[0057] The encryption unit 58 uses a public key of a collator stored in the public key storage unit 59 according to a homomorphic encryption scheme which is capable of calculating polynomials to encrypt each polynomial stored in the fourth data storage unit 57, and stores the encrypted data in the fifth data storage unit 60. The transmitter 61 transmits data and the length k of the text stored in the fifth data storage unit 60 to the information processing apparatus 3.

[0058] Next, FIG. 6 illustrates a functional block diagram of the collator apparatus 7. The collator apparatus 7 includes an input unit 70, a first data storage unit 71, a first convertor 72, a second data storage unit 73, a multiplication unit 74, a third data storage unit 75, a second convertor 76, a fourth data storage unit 77, an encryption unit 78, a public key storage unit 79, a fifth data storage unit 80, a transmitter 81, a receiver 82, a sixth data storage unit 83, a decryption unit 84, a secret key storage unit 85, a seventh data storage unit 86, a determination unit 87, an eighth data storage unit 88, and an output unit 89.

[0059] The input unit 70 obtains pattern data to be collated with matching target data such as a text from a user or other computers connected to the network 1, and stores the data in the first data storage unit 71. Moreover, the first convertor 72 executes numerical vectorization on data stored in the first data storage unit 71, and stores the vectorized data in the second data storage unit 73.

[0060] The multiplication unit 74 generates a numerical vector P2 obtained by squaring each component of a numerical vector P stored in the second data storage unit 73 and a numerical vector P3 obtained by cubing each component of the numerical vector P, and stores them in the third data storage unit 75.

[0061] The second convertor 76 converts the numerical vector P stored in the second data storage unit 73 into a polynomial, converts the numerical vectors P2 and P3 stored in the third data storage unit 75 into polynomials, and stores the data of the polynomials in the fourth data storage unit 77.

[0062] The encryption unit 78 uses a public key of a collator stored in the public key storage unit 79 according to a homomorphic encryption scheme which is capable of calculating polynomials to encrypt each polynomial stored in the fourth data storage unit 77, and stores the encrypted data in the fifth data storage unit 80. The transmitter 81 transmits data stored in the fifth data storage unit 80 to the information processing apparatus 3.

[0063] Moreover, the receiver 82 receives an encryption operation result from the information processing apparatus 3, and stores it in the sixth data storage unit 83. The decryption unit 84 uses a secret key of a collator stored in the secret key storage unit 85 to perform decryption, and stores the processing result in the seventh data storage unit 86. The determination unit 87 determines whether or not there is a part where text coincides with a pattern (the length of the pattern is 1) from data stored in the second data storage unit 73 and data stored in the seventh data storage unit 86, and stores the determination result in the eighth data storage unit 88. The output unit 89 outputs the determination result stored in the eighth data storage unit 88 to an output device (for example, another computer, a printing device, or a display device).

[0064] Next, FIG. 7 illustrates a functional block diagram of the information processing apparatus 3. The information processing apparatus 3 includes a registration unit 31, a database 32, a receiver 33, an encryption operation processing unit 35, an operation result storage unit 36, and a transmitter 37.

[0065] The registration unit 31 receives encrypted data such as a matching target text and the length k of the encrypted data from the provider apparatus 5, and stores them in the database 32. The receiver 33 receives encrypted pattern data to be collated from the collator apparatus 7, and outputs it to the encryption operation processing unit 35.

[0066] The encryption operation processing unit 35 uses encrypted pattern data to be collated and encrypted data such as a matching target text stored in the database 32 to execute an encryption operation expressed in the aforementioned expression (8), and stores the operation result in the operation result storage unit 36. Then, the transmitter 37 transmits the operation result and the length k of the text, which is stored in the operation result storage unit 36, to a collation request source obtained from the receiver 33.

[0067] Next, processing details of the system illustrated in FIG. 4 will be explained by using FIGs. 8 and 9.

[0068] First, FIG. 8 explains processing when the provider apparatus 5 registers encrypted data of the matching target text in the information processing apparatus 3.

[0069] The input unit 50 in the provider apparatus 5 obtains a text to be registered on the information processing apparatus 3 (the text is a mere example, and image data, audio data, and a gene symbol sequence can be considered) from, for example, an information provider or other computers, and stores the text in the first data storage unit 51 (FIG. 8: step S1). Then, the first convertor 52 stores a numerical vector T = (t0, t1, ..., tk-1) in the second data storage unit 53 (step S3), by executing numerical vectorization of the text stored in the first data storage unit 51. A text may include a wild card. In principle, 0 is allocated to a wild card, and a predetermined numerical value is allocated to other characters. For example, a specific numerical value is initially allocated to each kind of gene, followed by numerical vectorization performed by selecting a numerical value in response to a gene included in a gene sequence to be encrypted.

[0070] Moreover, the multiplication unit 54 calculates T2 by squaring each component of a numerical vector T stored in the second data storage unit 53, calculates T3 by cubing the numerical vector T, and stores them in the third data storage unit 55 (step S5).

[0071] Furthermore, the second convertor 56 executes polynomial conversion for the numerical vector T stored in the second data storage unit 53 and the numerical vectors T2 and T3 stored in the third data storage unit 55, and stores polynomials mt(T), mt(T2), and mt(T3) generated by the polynomial conversion in the fourth data storage unit 57 (step S7).

[0072] Specifically, generate the polynomial mt(T) = ∑itixi by using each component ti of the numerical vector T as a coefficient of each dimension in ascending order.

[0073] Similarly, generate the polynomial mt(T2) = ∑it2ixi by using each component t2i of the numerical vector T2 as a coefficient of each dimension in ascending order.

[0074] Furthermore, generate a polynomial mt(T3) = ∑it3ix1 by using each component t3i of the numerical vector T3 as a coefficient of each dimension in ascending order.

[0075] In addition, the second convertor 56 stores the bit length k of the numerical vector T in the fourth data storage unit 57.

[0076] Then, the encryption unit 58 generates encrypted text E (mt(T)), E(mt(T2)), and E(mt(T3)) and stores them in the fifth data storage unit 60, by encrypting the polynomials mt(T), mt(T2), and mt(T3) stored in the fourth data storage unit 57 by using a public key pk of a collator stored in the public key storage unit 59 according to a homomorphic encryption scheme which is capable of calculating polynomials (step S9). In addition, the encryption unit 58 stores the bit length k of the numerical vector T in the fifth data storage unit 60. E (Z) represents the processing of encrypting Z according to a homomorphic encryption scheme which is capable of calculating polynomials.

[0077] Thereafter, the transmitter 61 transmits the encrypted text E(mt(T)), E(mt(T2)), and E(mt(T3)) stored in the fifth data storage unit 60 and the length k to the information processing apparatus 3 (step S11).

[0078] The registration unit 31 in the information processing apparatus 3 receives the encrypted text E(mt(T)), E(mt(T2)), and E(mt(T3)) and the length k, and registers them on the database 32 (step S13).

[0079] Executing the aforementioned processing makes it possible to register data such as text in the information processing apparatus 3, established on a cloud or similar, while such data is encrypted.

[0080] Next, processing details when a collator causes to perform collation processing in relation to specific patterns is explained by using FIG. 9.

[0081] The input unit 70 in the collator apparatus 7 obtains pattern data to be collated with data such as the matching target text from, for example, an information provider, other computers, or similar, and stores the pattern data in the first data storage unit 71 (FIG. 9: step S21).

[0082] Then, the first convertor 72 executes numerical vectorization of pattern data stored in the first data storage unit 71, and stores a numerical vector P = (p0, p1, ..., pl-1) in the second data storage unit 73 (step S23).

[0083] Moreover, the multiplication unit 74 calculates numerical vector P2 by squaring each component of the numerical vector P stored in the second data storage unit 73, calculates numerical vector P3 by cubing each component of the numerical vector P, and stores them in the third data storage unit 75 (step S25).

[0084] Furthermore, the second convertor 76 executes polynomial conversion for the numerical vector P stored in the second data storage unit 73 and the numerical vectors P2 and P3 stored in the third data storage unit 75, and stores polynomials mp(P), mp(P2), and mp(P3) generated by the polynomial conversion in the fourth data storage unit 77 (step S27).

[0085] Specifically, generate a polynomial mp(P) = -∑jpjxn-j by using each component pi of the numerical vector P as a coefficient of each dimension in descending order.

[0086] Moreover, generate a polynomial mp(P2) = -∑jp2jxn-j by using each component p2i of the numerical vector P2 as a coefficient of each dimension in descending order.

[0087] Furthermore, generate a polynomial mp(P3) = -∑jp3jxn-j by using each component p3i of the numerical vector P3 as a coefficient of each dimension in descending order.

[0088] Then, the encryption unit 78 generates the encryption patterns E(mp(P)), E(mp(P2)), and E(mp(P3)) and stores them in the fifth data storage unit 80, by encrypting polynomials mp(P), mp(P2), and mp(P3) stored in the fourth data storage unit 77 by using public key pk of a collator stored in the public key storage unit 79 according to a homomorphic encryption scheme which is capable of calculating polynomials (step S29).

[0089] Thereafter, the transmitter 81 transmits the encrypted patterns E(mp(P)), E(mp(P2)), and E(mp(P3)) stored in the fifth data storage unit 80 to the information processing apparatus 3 (step S31) .

[0090] The receiver 33 in the information processing apparatus 3 receives the encrypted patterns E(mp(P)), E(mp(P2)), and E(mp(P3)) (step S33), and outputs them to the encryption operation processing unit 35.

[0091] Then, the encryption operation processing unit 35 executes an operation of encryption pattern matching using the encrypted text E(mt(T)), E(mt(T2)), and E(mt(T3)), stored in the database 32, as well as the encrypted patterns E(mp(P)), E(mp(P2)), and E(mp(P3)), and stores the operation result d = (d0, d1, ...) in the operation result storage unit 36 (step S35) according to the expression (8) . In addition, the length k of the text is stored in the operation result storage unit 36.

[0092] Then, the transmitter 37 transmits the operation result d and the length k of the text stored in the operation result storage unit 36 to the collator apparatus 7, which has transmitted the encrypted patterns or similar to the receiver 33 (step S37).

[0093] The receiver 82 in the collator apparatus 7 receives, from the information processing apparatus 3, the operation result d of the encryption pattern matching and the length k of the text, and stores them in the sixth data storage unit 83 (step S39). Then, the decryption unit 84 generates the decryption result vector m = [m0, m1, ..., mn-1], and stores it in the seventh data storage unit 86, by decrypting the operation result d by using secret key sk stored in the secret key storage unit 85 according to a homomorphic encryption scheme which is capable of calculating polynomials (step S41). The length k of the text is also stored in the seventh data storage unit 86.

[0094] The determination unit 87 identifies a position in which a component value is 0 in the range between 0 and k - 1 (the length 1 is obtained from the second data storage unit 73) for the decryption result vector stored in the seventh data storage unit 86 to determine whether a part corresponding to the pattern exists or not in the matching target text (step S43).

[0095] When a vector m = [2, 0, 2, 2, 2, 0, 2, 7] and k - 1 = 8 - 3 = 5 hold, it is determined that a part corresponding to the pattern exist in the matching target text since positions "1" and "5" in which a component value is 0 in the range of [2, 0, 2, 2, 2, 0] exist. The determination unit 87 stores the determination result in the eighth data storage unit 88. The output unit 89 outputs the determination result to an output device (a display device, a printing device, or other computers) in response to a request from a collator.

[0096] By doing the aforementioned processing, it is possible to obtain an operation result of encryption pattern matching to determine whether a pattern coincides with the matching target text or not while keeping the pattern encrypted. Then, in the collator apparatus 7, when a secret key which only the collator has is used in decryption, it is possible to identify the position in which the pattern appears in the matching target text by simple processing.

[0097] Furthermore, it is now possible to deal with the case that a wild card is included in a text and a pattern by the same processing. In other words, this increases the general applicability of secure pattern matching.

[0098] The aforementioned embodiment merely illustrates a basic arithmetic operation, and operations can be variously transformed.

[0099] Although, within the polynomial in the aforementioned example, a component is used as a coefficient of each degree in ascending order for the text and in descending order for the pattern, and conversely, it is acceptable to adopt a rule in which components are used as coefficients of each degree in descending order for the text and in ascending order for the pattern. Furthermore, although the rule is that a positive coefficient is used for the text, and a negative coefficient is used for the pattern, a negative coefficient may be used for the text, and a positive coefficient may be used for pattern.

[0100] Furthermore, although numerical vectorization is performed so that 0 is allocated to a wild card in the aforementioned example, any number may be allocated to a wild card as long as a numerical value allocated to the wild card does not overlap numerical values that correspond to other characters.

[0101] In other words, for example, when z is allocated to a wild card, the expression illustrated in the right side of FIG. 3 is modified as follows.



[0102] An operation of encryption pattern matching is stipulated if a corresponding polynomial operation is stipulated by developing such an expression. The operation is still performed based on T, T2, T3, P, P2, and P3 even in this case.

[0103] Although the embodiment of this invention was explained above, this invention is not limited to this embodiment. For example, the functional block diagram of each apparatus may not correspond to program module configurations. Moreover, as for the processing flows, as long as the processing results do not change, the turns of the steps may be exchanged or plural steps may be executed in parallel.

[0104] Moreover, each apparatus may be implemented by one computer or multiple computers. Furthermore, the collator apparatus 7 and the provider apparatus 5 may be integrated.

[0105] In addition, the aforementioned information processing apparatus 3, provider apparatus 5 and collator apparatus 7 are computer devices as illustrated in FIG. 10. That is, a memory 2501 (storage device), a CPU 2503 (processor), a hard disk drive (HDD) 2505, a display controller 2507 connected to a display device 2509, a drive device 2513 for a removable disk 2511, an input unit 2515, and a communication controller 2517 for connection with a network are connected through a bus 2519 as illustrated in FIG. 10. An operating system (OS) and an application program for carrying out the foregoing processing in the embodiment, are stored in the HDD 2505, and when executed by the CPU 2503, they are read out from the HDD 2505 to the memory 2501. As the need arises, the CPU 2503 controls the display controller 2507, the communication controller 2517, and the drive device 2513, and causes them to perform predetermined operations. Moreover, intermediate processing data is stored in the memory 2501, and if necessary, it is stored in the HDD 2505. In this embodiment of this technique, the application program to realize the aforementioned functions is stored in the computer-readable, non-transitory removable disk 2511 and distributed, and then it is installed into the HDD 2505 from the drive device 2513. It may be installed into the HDD 2505 via the network such as the Internet and the communication controller 2517. In the computer as stated above, the hardware such as the CPU 2503 and the memory 2501, the OS and the application programs systematically cooperate with each other, so that various functions as described above in details are realized.

[0106] The aforementioned embodiment is summarized as follows:
A matching method relating to a first aspect of this embodiment includes: (A) first generating a first numerical vector by numerically vectorizing first text stored in a first data storage unit; (B) second generating a second numerical vector by squaring each component of the first numerical vector and a third numerical vector by cubing each component of the first numerical vector; (C) third generating a first polynomial by executing a polynomial transformation of the first numerical vector, a second polynomial by executing the polynomial transformation of the second numerical vector, and a third polynomial by executing the polynomial transformation of the third numerical vector; (D) encrypting the first polynomial, the second polynomial and the third polynomial by a homomorphic encryption scheme capable of operating polynomials; (E) executing a predetermined operation while keeping data used in the predetermined operation encrypted, by using a fourth polynomial obtained by the polynomial transformation and the homomorphic encryption of a fourth numerical vector, a fifth polynomial obtained by the polynomial transformation and the homomorphic encryption of a fifth numerical vector, and a sixth polynomial obtained by the polynomial transformation and the homomorphic encryption of a sixth numerical vector, wherein the fourth numerical vector is generated by numerically vectorizing second text, the fifth numerical vector is generated by squaring each component of the fourth numerical vector, the sixth numerical vector is generated by cubing each component of the fourth numerical vector, and the fourth polynomial, the fifth polynomial and the sixth polynomial are stored in a second data storage unit; and (F) decrypting a result of the predetermined operation.

[0107] By doing such processing, it is possible to determine whether the first text coincides with a part of the second text while keeping them encrypted. The reason why a square of the numerical vector and a cube of the numerical vector are prepared at this time is because of dealing with the case that a wild card is included, and this increases the general applicability of secure pattern matching.

[0108] Namely, the predetermined operation may include an operation in which a distance becomes 0 on (e1) a condition that the first text coincides with a part of the second text, (e2) a condition that the first text that includes a special character representing any character coincides with the part of the second text, and (e3) a condition that the first text coincides with the part of the second text that includes the special character on the plain text.

[0109] Moreover, the matching method may further include (G) identifying a component whose value is 0 in a vector included in the result of the predetermined operation. Doing this enables a decision to be made on the position in which the first text matches within the second text.

[0110] Furthermore, the polynomial transformation to obtain the fourth to sixth polynomials may differ from the polynomial transformation to obtain the first to third polynomials.

[0111] An encryption method relating to a second aspect of this embodiment includes: (H) first generating a first numerical vector by numerically vectorizing first text stored in a first data storage unit; (I) second generating a second numerical vector by squaring each component of the first numerical vector and a third numerical vector by cubing each component of the first numerical vector; (J) third generating a first polynomial by executing a polynomial transformation of the first numerical vector, a second polynomial by executing the polynomial transformation of the second numerical vector, and a third polynomial by executing the polynomial transformation of the third numerical vector; and (K) encrypting the first polynomial, the second polynomial and the third polynomial by a homomorphic encryption scheme capable of operating polynomials.

[0112] Aforementioned processing is executed when registering text and searching by a pattern.

[0113] An encryption method relating to a third aspect of this embodiment includes: (L) receiving a first polynomial obtained by a polynomial transformation and homomorphic encryption of a first numerical vector, a second polynomial obtained by the polynomial transformation and the homomorphic encryption of a second numerical vector, and a third polynomial obtained by the polynomial transformation and the homomorphic encryption of a third numerical vector, wherein the first numerical vector is generated by numerically vectorizing first text, the second numerical vector is generated by squaring each component of the first numerical vector, the third numerical vector is generated by cubing each component of the first numerical vector; (M) executing a predetermined operation while keeping data used in the predetermined operation encrypted, by using a fourth polynomial obtained by the polynomial transformation and the homomorphic encryption of a fourth numerical vector, a fifth polynomial obtained by the polynomial transformation and the homomorphic encryption of a fifth numerical vector, and a sixth polynomial obtained by the polynomial transformation and the homomorphic encryption of a sixth numerical vector, wherein the fourth numerical vector is generated by numerically vectorizing second text, the fifth numerical vector is generated by squaring each component of the fourth numerical vector, the sixth numerical vector is generated by cubing each component of the fourth numerical vector, and the fourth polynomial, the fifth polynomial and the sixth polynomial are stored inadata storage unit; and (N) sendingbacka result of the predetermined operation.

[0114] For example, a computer in a cloud executes.

[0115] An information processing apparatus has: circuitry configured or programmed to generate a first numerical vector by numerically vectorizing first text stored in a first data storage unit; circuitry configured or programmed to generate a second numerical vector by squaring each component of the first numerical vector and a third numerical vector by cubing each component of the first numerical vector; circuitry configured or programmed to generate a first polynomial by executing a polynomial transformation of the first numerical vector, a second polynomial by executing the polynomial transformation of the second numerical vector, and a third polynomial by executing the polynomial transformation of the third numerical vector; and circuitry configured or programmed to encrypt the first polynomial, the second polynomial and the third polynomial by a homomorphic encryption scheme capable of operating polynomials.

[0116] An information processing apparatus has: circuitry configured or programmed to receive a first polynomial obtained by a polynomial transformation and homomorphic encryption of a first numerical vector, a second polynomial obtained by the polynomial transformation and the homomorphic encryption of a second numerical vector, and a third polynomial obtained by the polynomial transformation and the homomorphic encryption of a third numerical vector, wherein the first numerical vector is generated by numerically vectorizing first text, the second numerical vector is generated by squaring each component of the first numerical vector, the third numerical vector is generated by cubing each component of the first numerical vector; circuitry configured or programmed to execute a predetermined operation while keeping data used in the predetermined operation encrypted, by using a fourth polynomial obtained by the polynomial transformation and the homomorphic encryption of a fourth numerical vector, a fifth polynomial obtained by the polynomial transformation and the homomorphic encryption of a fifth numerical vector, and a sixth polynomial obtained by the polynomial transformation and the homomorphic encryption of a sixth numerical vector, wherein the fourth numerical vector is generated by numerically vectorizing second text, the fifth numerical vector is generated by squaring each component of the fourth numerical vector, the sixth numerical vector is generated by cubing each component of the fourth numerical vector, and the fourth polynomial, the fifth polynomial and the sixth polynomial are stored in a data storage unit; and circuitry configured or programmed to send back a result of the predetermined operation.

[0117] Incidentally, it is possible to create a program causing a computer or processor to execute the aforementioned processing, and such a program is stored in a computer readable storage medium or storage device such as a flexible disk, CD-ROM, DVD-ROM, magneto-optic disk, a semiconductor memory, and hard disk. In addition, the intermediate processing result is temporarily stored in a storage device such as a main memory or the like.

[0118] All examples and conditional language recited herein are intended for pedagogical purposes to aid the reader in understanding the invention and the concepts contributed by the inventor to furthering the art, and are to be construed as being without limitation to such specifically recited examples and conditions, nor does the organization of such examples in the specification relate to a showing of the superiority and inferiority of the invention. Although the embodiments of the present inventions have been described in detail, it should be understood that the various changes, substitutions, and alterations could be made hereto without departing from the scope of the invention, which is defined in the claims.


Claims

1. A matching method, comprising:

first generating (S23), by a collator apparatus (7), a first numerical vector, P, by numerically vectorizing first text stored in a first data storage unit;

second generating (S25), by the collator apparatus (7), a second numerical vector, P2, by squaring each component of the first numerical vector, and a third numerical vector, P3, by cubing each component of the first numerical vector;

third generating (S27), by the collator apparatus (7), a first polynomial, mp(P), that is represented by using, as coefficients, components of the first numerical vector in a first order with respect to the degree of the first polynomial, a second polynomial, mp(P2), that is represented by using, as coefficients, components of the second numerical vector in the first order with respect to the degree of the second polynomial, and a third polynomial, mp(P3), that is represented by using, as coefficients, components of the third numerical vector in the first order with respect to the degree of the third polynomial;

encrypting (S29), by the collator apparatus (7), the first polynomial, the second polynomial and the third polynomial by a homomorphic encryption scheme capable of operating polynomials;

executing, by an information processing apparatus (3), an operation (S35) in which a distance becomes 0 in a first case where the first text coincides with a part of second text, a second case where the first text that includes a special character representing any character coincides with the part of the second text, and a third case where the first text coincides with the part of the second text that includes the special character, wherein the operation (S35) includes evaluating the following expression:

wherein E(mp(P3)) is an encryption of the third polynomial and E(mt(T)) is a fourth polynomial that is represented by using, as coefficients, components of a fourth numerical vector, T, in a second order with respect to the degree of the fourth polynomial and has been encrypted by the homomorphic encryption scheme,

wherein E(mp(P2)) is an encryption of the second polynomial and E(mt(T2)) is a fifth polynomial that is represented by using, as coefficients, components of a fifth numerical vector, T2, in the second order with respect to the degree of the fifth polynomial and has been encrypted by the homomorphic encryption scheme,

wherein E(mp(P)) is an encryption of the first polynomial and E(mt(T3)) is a sixth polynomial that is represented by using, as coefficients, components of a sixth numerical vector, T3, in the second order with respect to the degree of the sixth polynomial and has been encrypted by the homomorphic encryption scheme, and

wherein the fourth numerical vector T is generated by numerically vectorizing the second text, the fifth numerical vector T2 is generated by squaring each component of the fourth numerical vector T, the sixth numerical vector T3 is generated by cubing each component of the fourth numerical vector T, the second order is different from the first order, and the fourth polynomial, the fifth polynomial and the sixth polynomial are stored in a second data storage unit; and

fourth generating (S41), by the collator apparatus (7), a seventh numerical vector by decrypting a result of the operation (S35), wherein the seventh numerical vector includes a component which is equal to 0 and whose position corresponds to a head component of plural successive components of the fourth numerical vector, which coincide with plural successive components of the first numerical vector.


 
2. An information processing system, comprising:

a collator apparatus (7) accessible to a first data storage unit (71) arranged to store first text; and

an information processing apparatus (3), and

wherein the collator apparatus (7) comprises:

a first generation unit (72) arranged to generate a first numerical vector, P, by numerically vectorizing the first text stored in the first data storage unit (71);

a second generation unit (74) arranged to generate a second numerical vector, P2, by squaring each component of the first numerical vector and a third numerical vector, P3, by cubing each component of the first numerical vector;

a third generation unit (76) arranged to generate a first polynomial, mp(P), that is represented by using, as coefficients, components of the first numerical vector in a first order with respect to the degree of the first polynomial, a second polynomial, mp(P2), that is represented by using, as coefficients, components of the second numerical vector in the first order with respect to the degree of the second polynomial, and a third polynomial, mp(P3), that is represented by using, as coefficients, components of the third numerical vector in the first order with respect to the degree of the third polynomial;

an encryption unit (78) arranged to encrypt the first polynomial, the second polynomial and the third polynomial by a homomorphic encryption scheme capable of operating polynomials; and

a first transmitter (81) arranged to transmit the first polynomial, the second polynomial, and the third polynomial to the information processing apparatus (3),

the information processing apparatus (3) comprises:

a first receiver (31) arranged to receive the first polynomial, the second polynomial, and the third polynomial from the collator apparatus (7);

an execution unit (35) arranged to execute an operation (S35) in which a distance becomes 0 in a first case where the first text coincides with a part of second text, a second case where the first text that includes a special character representing any character coincides with the part of the second text, and a third case where the first text coincides with the part of the second text that includes the special character, wherein the operation (S35) includes evaluating the expression:

wherein E(mp(P3)) is an encryption of the third polynomial and E(mt(T)) is a fourth polynomial that is represented by using, as coefficients, components of a fourth numerical vector, T, in the second order with respect to the degree of the fourth polynomial and has been encrypted by the homomorphic encryption scheme,

wherein E(mp(P2)) is an encryption of the second polynomial and E(mt(T2)) is a fifth polynomial that is represented by using, as coefficients, components of a fifth numerical vector, T2, in the second order with respect to the degree of the fifth polynomial and has been encrypted by the homomorphic encryption scheme,

wherein E(mp(P)) is an encryption of the first polynomial and E(mt(T3)) is a sixth polynomial that is represented by using, as coefficients, components of a sixth numerical vector, T3, in the second order with respect to the degree of the sixth polynomial and has been encrypted by the homomorphic encryption scheme, and

wherein the fourth numerical vector T is generated by numerically vectorizing the second text, the fifth numerical vector T2 is generated by squaring each component of the fourth numerical vector, the sixth numerical vector T3 is generated by cubing each component of the fourth numerical vector T, the second order is different from the first order, and the fourth polynomial, the fifth polynomial and the sixth polynomial are stored in a second data storage unit; and

a second transmitter (37) arranged to transmit a result of the operation (S35), and

the collator apparatus (7) further comprises:

a second receiver (82) arranged to receive the result of the operation; and

a fourth generation unit (84) arranged to generate a seventh numerical vector by decrypting the result of the operation, wherein the seventh numerical vector includes a component which is equal to 0 and whose position corresponds to a head component of plural successive components of the fourth numerical vector, which coincide with plural successive components of the first numerical vector.


 
3. A matching method executed by an information processing apparatus (3), comprising:

receiving (S33) a first polynomial, mp(P), that is represented by using, as coefficients, components of a first numerical vector, P, in a first order with respect to the degree of the first polynomial and has been encrypted by a homomorphic encryption scheme capable of operating polynomials, a second polynomial, mp(P2), that is represented by using, as coefficients, components of a second numerical vector, P2, in the first order with respect to the degree of the second polynomial and has been encrypted by the homomorphic encryption scheme, and a third polynomial, mp(P3), that is represented by using, as coefficients, components of a third numerical vector, P3, in the first order with respect to the degree of the third polynomial and has been encrypted by the homomorphic encryption scheme, wherein the first numerical vector P is generated by numerically vectorizing first text, the second numerical vector P2 is generated by squaring each component of the first numerical vector, the third numerical vector P3 is generated by cubing each component of the first numerical vector P;

executing an operation (S35) in which a distance becomes 0 in a first case where the first text coincides with a part of second text, a second case where the first text that includes a special character representing any character coincides with the part of the second text, and a third case where the first text coincides with the part of the second text that includes the special character, wherein the operation (S35) includes evaluating the following expression:

wherein E(mp(P3)) is an encryption of the third polynomial and E(mt(T)) is a fourth polynomial that is represented by using, as coefficients, components of a fourth numerical vector, T, in a second order with respect to the degree of the fourth polynomial and has been encrypted by the homomorphic encryption scheme,

wherein E(mp(P2)) is an encryption of the second polynomial and E(mt(T2)) is a fifth polynomial that is represented by using, as coefficients, components of a fifth numerical vector, T2, in the second order with respect to the degree of the fifth polynomial and has been encrypted by the homomorphic encryption scheme,

wherein E(mp(P)) is an encryption of the first polynomial and a sixth polynomial that is represented by using, as coefficients, components of a sixth numerical vector in the second order with respect to the degree of the sixth polynomial and has been encrypted by the homomorphic encryption scheme, the fourth numerical vector is generated by numerically vectorizing the second text, the fifth numerical vector is generated by squaring each component of the fourth numerical vector, the sixth numerical vector is generated by cubing each component of the fourth numerical vector, the second order is different from the first order, and the fourth polynomial, the fifth polynomial and the sixth polynomial are stored in a data storage unit; and

sending back (S37) a result of the operation.


 
4. A computer program for causing a computer to execute the matching method as set forth in claim 3.
 


Ansprüche

1. Abgleichverfahren, umfassend:

erstes Generieren (S23), durch eine Kollationiervorrichtung (7), eines ersten numerischen Vektors P durch numerisches Vektorisieren eines ersten Textes, der in einer ersten Datenspeichereinheit gespeichert ist;

zweites Generieren (S25), durch die Kollationiervorrichtung (7), eines zweiten numerischen Vektors P2 durch Quadrieren jeder Komponente des ersten numerischen Vektors und eines dritten numerischen Vektors P3 durch Kubieren jeder Komponente des ersten numerischen Vektors;

drittes Generieren (S27), durch die Kollationiervorrichtung (7), eines ersten Polynoms mp(P), das unter Verwendung, als Koeffizienten, von Komponenten des ersten numerischen Vektors in einer ersten Ordnung in Bezug auf den Grad des ersten Polynoms dargestellt ist, eines zweiten Polynoms mp(P2), das unter Verwendung, als Koeffizienten, von Komponenten des zweiten numerischen Vektors in der ersten Ordnung in Bezug auf den Grad des zweiten Polynoms dargestellt ist, und eines dritten Polynoms mp(P3), das unter Verwendung, als Koeffizienten, von Komponenten des dritten numerischen Vektors in der ersten Ordnung in Bezug auf den Grad des dritten Polynoms dargestellt ist;

Verschlüsseln (S29), durch die Kollationiervorrichtung (7), des ersten Polynoms, des zweiten Polynoms und des dritten Polynoms durch ein homomorphes Verschlüsselungsschema, das imstande ist, Polynome zu bearbeiten;

Ausführen, durch eine Informationsverarbeitungsvorrichtung (3), einer Operation (S35), in der ein Abstand 0 wird, in einem ersten Fall, wo der erste Text mit einem Teil eines zweiten Textes übereinstimmt, einem zweiten Fall, wo der erste Text, der ein Sonderzeichen beinhaltet, das ein beliebiges Zeichen darstellt, mit dem Teil des zweiten Textes übereinstimmt, und einem dritten Fall, wo der erste Text mit dem Teil des zweiten Textes übereinstimmt, der das Sonderzeichen beinhaltet, wobei die Operation (S35) ein Auswerten des folgenden Ausdrucks beinhaltet:

wobei E(mp(P3)) eine Verschlüsselung des dritten Polynoms ist und E(mt(T)) ein viertes Polynom ist, das unter Verwendung, als Koeffizienten, von Komponenten eines vierten numerischen Vektors T in einer zweiten Ordnung in Bezug auf den Grad des vierten Polynoms dargestellt ist und durch das homomorphe Verschlüsselungsschema verschlüsselt wurde,

wobei E(mp(P2)) eine Verschlüsselung des zweiten Polynoms ist und E(mt(T2)) ein fünftes Polynom ist, das unter Verwendung, als Koeffizienten, von Komponenten eines fünften numerischen Vektors T2 in der zweiten Ordnung in Bezug auf den Grad des fünften Polynoms dargestellt ist und durch das homomorphe Verschlüsselungsschema verschlüsselt wurde,

wobei E(mp(P)) eine Verschlüsselung des ersten Polynoms ist und E(mt(T3)) ein sechstes Polynom ist, das unter Verwendung, als Koeffizienten, von Komponenten eines sechsten numerischen Vektors T3 in der zweiten Ordnung in Bezug auf den Grad des sechsten Polynoms dargestellt ist und durch das homomorphe Verschlüsselungsschema verschlüsselt wurde, und

wobei der vierte numerische Vektor T durch numerisches Vektorisieren des zweiten Textes generiert wird, der fünfte numerische Vektor T2 durch Quadrieren jeder Komponente des vierten numerischen Vektors T generiert wird, der sechste numerische Vektor T3 durch Kubieren jeder Komponente des vierten numerischen Vektors T generiert wird, die zweite Ordnung sich von der ersten Ordnung unterscheidet und das vierte Polynom, das fünfte Polynom und das sechste Polynom in einer zweiten Datenspeichereinheit gespeichert sind; und

viertes Generieren (S41), durch die Kollationiervorrichtung (7), eines siebten numerischen Vektors durch Entschlüsseln eines Ergebnisses der Operation (S35), wobei der siebte numerische Vektor eine Komponente beinhaltet, die gleich 0 ist und deren Position einer Kopfkomponente von mehreren aufeinanderfolgenden Komponenten des vierten numerischen Vektors entspricht, die mit mehreren aufeinanderfolgenden Komponenten des ersten numerischen Vektors übereinstimmen.


 
2. Informationsverarbeitungssystem, umfassend:

eine Kollationiervorrichtung (7), die für eine erste Datenspeichereinheit (71) zugänglich ist, die angeordnet ist, um einen ersten Text zu speichern; und

eine Informationsverarbeitungsvorrichtung (3) und

wobei die Kollationiervorrichtung (7) umfasst:

eine erste Generierungseinheit (72), die angeordnet ist, um einen ersten numerischen Vektor P durch numerisches Vektorisieren des ersten Textes, der in der ersten Datenspeichereinheit (71) gespeichert ist, zu generieren;

eine zweite Generierungseinheit (74), die angeordnet ist, um einen zweiten numerischen Vektor P2 durch Quadrieren jeder Komponente des ersten numerischen Vektors und einen dritten numerischen Vektor P3 durch Kubieren jeder Komponente des ersten numerischen Vektors zu generieren;

eine dritte Generierungseinheit (76), die angeordnet ist, um ein ersten Polynom mp(P), das unter Verwendung, als Koeffizienten, von Komponenten des ersten numerischen Vektors in einer ersten Ordnung in Bezug auf den Grad des ersten Polynoms dargestellt ist, ein zweites Polynom mp(P2), das unter Verwendung, als Koeffizienten, von Komponenten des zweiten numerischen Vektors in der ersten Ordnung in Bezug auf den Grad des zweiten Polynoms dargestellt ist, und ein drittes Polynom mp(P3), das unter Verwendung, als Koeffizienten, von Komponenten des dritten numerischen Vektors in der ersten Ordnung in Bezug auf den Grad des dritten Polynoms dargestellt ist, zu generieren;

eine Verschlüsselungseinheit (78), die angeordnet ist, um das erste Polynom, das zweite Polynom und das dritte Polynom durch ein homomorphes Verschlüsselungsschema, das imstande ist, Polynome zu bearbeiten, zu verschlüsseln; und

einen ersten Sender (81), der angeordnet ist, um das erste Polynom, das zweite Polynom und das dritte Polynoms an die Informationsverarbeitungsvorrichtung (3) zu senden,

wobei die Informationsverarbeitungsvorrichtung (3) umfasst:

einen ersten Empfänger (31), der angeordnet ist, um das erste Polynom, das zweite Polynom und das dritte Polynom von der Kollationiervorrichtung (7) zu empfangen;

eine Ausführungseinheit (35), die angeordnet ist, um eine Operation (S35) auszuführen, in der ein Abstand 0 wird, in einem ersten Fall, wo der erste Text mit einem Teil eines zweiten Textes übereinstimmt, einem zweiten Fall, wo der erste Text, der ein Sonderzeichen beinhaltet, das ein beliebiges Zeichen darstellt, mit dem Teil des zweiten Textes übereinstimmt, und einem dritten Fall, wo der erste Text mit dem Teil des zweiten Textes übereinstimmt, der das Sonderzeichen beinhaltet, wobei die Operation (S35) ein Auswerten des Ausdrucks beinhaltet:

wobei E(mp(P3)) eine Verschlüsselung des dritten Polynoms ist und E(mt(T)) ein viertes Polynom ist, das unter Verwendung, als Koeffizienten, von Komponenten eines vierten numerischen Vektors T in der zweiten Ordnung in Bezug auf den Grad des vierten Polynoms dargestellt ist und durch das homomorphe Verschlüsselungsschema verschlüsselt wurde,

wobei E(mp(P2)) eine Verschlüsselung des zweiten Polynoms ist und E(mt(T2)) ein fünftes Polynom ist, das unter Verwendung, als Koeffizienten, von Komponenten eines fünften numerischen Vektors T2 in der zweiten Ordnung in Bezug auf den Grad des fünften Polynoms dargestellt ist und durch das homomorphe Verschlüsselungsschema verschlüsselt wurde,

wobei E(mp(P)) eine Verschlüsselung des ersten Polynoms ist und E(mt(T3)) ein sechstes Polynom ist, das unter Verwendung, als Koeffizienten, von Komponenten eines sechsten numerischen Vektors T3 in der zweiten Ordnung in Bezug auf den Grad des sechsten Polynoms dargestellt ist und durch das homomorphe Verschlüsselungsschema verschlüsselt wurde, und

wobei der vierte numerische Vektor T durch numerisches Vektorisieren des zweiten Textes generiert wird, der fünfte numerische Vektor T2 durch Quadrieren jeder Komponente des vierten numerischen Vektors generiert wird, der sechste numerische Vektor T3 durch Kubieren jeder Komponente des vierten numerischen Vektors T generiert wird, die zweite Ordnung sich von der ersten Ordnung unterscheidet und das vierte Polynom, das fünfte Polynom und das sechste Polynom in einer zweiten Datenspeichereinheit gespeichert sind; und

einen zweiten Sender (37), der angeordnet ist, um ein Ergebnis der Operation (S35) zu senden, und

wobei die Kollationiervorrichtung (7) weiter umfasst:

einen zweiten Empfänger (82), der angeordnet ist, um das Ergebnis der Operation zu empfangen; und

eine vierte Generierungseinheit (84), die angeordnet ist, um einen siebten numerischen Vektor durch Entschlüsseln eines Ergebnisses der Operation zu generieren, wobei der siebte numerische Vektor eine Komponente beinhaltet, die gleich 0 ist und deren Position einer Kopfkomponente von mehreren aufeinanderfolgenden Komponenten des vierten numerischen Vektors entspricht, die mit mehreren aufeinanderfolgenden Komponenten des ersten numerischen Vektors übereinstimmen.


 
3. Abgleichverfahren, das durch eine Informationsverarbeitungsvorrichtung (3) ausgeführt wird, umfassend:

Empfangen (S33) eines ersten Polynoms mp(P), das unter Verwendung, als Koeffizienten, von Komponenten eines ersten numerischen Vektors P in einer ersten Ordnung in Bezug auf den Grad des ersten Polynoms dargestellt ist und durch ein homomorphes Verschlüsselungsschema verschlüsselt wurde, das imstande ist, Polynome zu bearbeiten, eines zweiten Polynoms mp(P2), das unter Verwendung, als Koeffizienten, von Komponenten eines zweiten numerischen Vektors P2 in der ersten Ordnung in Bezug auf den Grad des zweiten Polynoms dargestellt ist und durch das homomorphe Verschlüsselungsschema verschlüsselt wurde, und eines dritten Polynoms mp(P3), das unter Verwendung, als Koeffizienten, von Komponenten eines dritten numerischen Vektors P3 in der ersten Ordnung in Bezug auf den Grad des dritten Polynoms dargestellt ist und durch das homomorphe Verschlüsselungsschema verschlüsselt wurde, wobei der erste numerische Vektor P durch numerisches Vektorisieren eines ersten Textes generiert wird, der zweite numerische Vektor P2 durch Quadrieren jeder Komponente des ersten numerischen Vektors generiert wird und der dritte numerische Vektor P3 durch Kubieren jeder Komponente des ersten numerischen Vektors P generiert wird;

Ausführen einer Operation (S35), in der ein Abstand 0 wird, in einem ersten Fall, wo der erste Text mit einem Teil eines zweiten Textes übereinstimmt, einem zweiten Fall, wo der erste Text, der ein Sonderzeichen beinhaltet, das ein beliebiges Zeichen darstellt, mit dem Teil des zweiten Textes übereinstimmt, und einem dritten Fall, wo der erste Text mit dem Teil des zweiten Textes übereinstimmt, der das Sonderzeichen beinhaltet, wobei die Operation (S35) ein Auswerten des Ausdrucks beinhaltet:

wobei E(mp(P3)) eine Verschlüsselung des dritten Polynoms ist und E(mt(T)) ein viertes Polynom ist, das unter Verwendung, als Koeffizienten, von Komponenten eines vierten numerischen Vektors T in einer zweiten Ordnung in Bezug auf den Grad des vierten Polynoms dargestellt ist und durch das homomorphe Verschlüsselungsschema verschlüsselt wurde,

wobei E(mp(P2)) eine Verschlüsselung des zweiten Polynoms ist und E(mt(T2)) ein fünftes Polynom ist, das unter Verwendung, als Koeffizienten, von Komponenten eines fünften numerischen Vektors T2 in der zweiten Ordnung in Bezug auf den Grad des fünften Polynoms dargestellt ist und durch das homomorphe Verschlüsselungsschema verschlüsselt wurde,

wobei E(mp(P)) eine Verschlüsselung des ersten Polynoms ist und eines sechsten Polynoms ist, das unter Verwendung, als Koeffizienten, von Komponenten eines sechsten numerischen Vektors in der zweiten Ordnung in Bezug auf den Grad des sechsten Polynoms dargestellt ist und durch das homomorphe Verschlüsselungsschema verschlüsselt wurde, der vierte numerische Vektor durch numerisches Vektorisieren des zweiten Textes generiert wird, der fünfte numerische Vektor durch Quadrieren jeder Komponente des vierten numerischen Vektors generiert wird, der sechste numerische Vektor durch Kubieren jeder Komponente des vierten numerischen Vektors generiert wird, die zweite Ordnung sich von der ersten Ordnung unterscheidet und das vierte Polynom, das fünfte Polynom und das sechste Polynom in einer Datenspeichereinheit gespeichert sind; und

Zurücksenden (S37) eines Ergebnisses der Operation.


 
4. Computerprogramm zum Veranlassen eines Computers, das Abgleichverfahren nach Anspruch 3 auszuführen.
 


Revendications

1. Procédé de mise en correspondance, comprenant :

premièrement, la génération (S23), par un appareil de fusionnement de données (7), d'un premier vecteur numérique, P, en vectorisant de façon numérique un premier texte stocké dans une première unité de stockage de données ;

deuxièmement, la génération (S25), par l'appareil de fusionnement de données (7), d'un deuxième vecteur numérique, P2, en élevant au carré chaque composante du premier vecteur numérique, et d'un troisième vecteur numérique, P3, en élevant au cube chaque composante du premier vecteur numérique ;

troisièmement, la génération (S27), par l'appareil de fusionnement de données (7), d'un premier polynôme, mp(P), qui est représenté en utilisant, en tant que coefficients, des composantes du premier vecteur numérique dans un premier ordre par rapport au degré du premier polynôme, d'un deuxième polynôme, mp(P2), qui est représenté en utilisant, en tant que coefficients, des composantes du deuxième vecteur numérique dans le premier ordre par rapport au degré du deuxième polynôme, et d'un troisième polynôme, mp(P3), qui est représenté en utilisant, en tant que coefficients, des composantes du troisième vecteur numérique dans le premier ordre par rapport au degré du troisième polynôme ;

le chiffrage (S29), par l'appareil de fusionnement de données (7), du premier polynôme, du deuxième polynôme et du troisième polynôme par un système de chiffrage homomorphe capable d'opérations sur des polynômes ;

l'exécution, par un appareil de traitement d'informations (3), d'une opération (S35) dans laquelle une distance devient égale à 0 dans un premier cas où le premier texte coïncide avec une partie d'un second texte, un deuxième cas où le premier texte qui inclut un caractère spécial représentant n'importe quel caractère coïncide avec la partie du second texte, et un troisième cas où le premier texte coïncide avec la partie du second texte qui inclut le caractère spécial, dans lequel l'opération (S35) inclut l'évaluation de l'expression suivante :

dans laquelle E(mp(P3)) est un chiffrage du troisième polynôme et E(mt(T)) est un quatrième polynôme qui est représenté en utilisant, en tant que coefficients, des composantes d'un quatrième vecteur numérique, T, dans un second ordre par rapport au degré du quatrième polynôme et a été chiffré par le système de chiffrage homomorphe,

dans laquelle E(mp(P2)) est un chiffrage du deuxième polynôme et E(mt(T2)) est un cinquième polynôme qui est représenté en utilisant, en tant que coefficients, des composantes d'un cinquième vecteur numérique, T2, dans le second ordre par rapport au degré du cinquième polynôme et a été chiffré par le système de chiffrage homomorphe,

dans laquelle E(mp(P)) est un chiffrage du premier polynôme et E(mt(T3)) est un sixième polynôme qui est représenté en utilisant, en tant que coefficients, des composantes d'un sixième vecteur numérique, T3, dans le second ordre par rapport au degré du sixième polynôme et a été chiffré par le système de chiffrage homomorphe, et

dans laquelle le quatrième vecteur numérique T est généré en vectorisant de façon numérique le second texte, le cinquième vecteur numérique T2 est généré en élevant au carré chaque composante du quatrième vecteur numérique T, le sixième vecteur numérique T3 est généré en élevant au cube chaque composante du quatrième vecteur numérique T, le second ordre est différent du premier ordre, et le quatrième polynôme, le cinquième polynôme et le sixième polynôme sont stockés dans une seconde unité de stockage de données ; et

quatrièmement, la génération (S41), par l'appareil de fusionnement de données (7), d'un septième vecteur numérique en déchiffrant un résultat de l'opération (S35), dans lequel le septième vecteur numérique inclut une composante qui est égale à 0 et dont la position correspond à une composante principale de plusieurs composantes successives du quatrième vecteur numérique, qui coïncident avec plusieurs composantes successives du premier vecteur numérique.


 
2. Système de traitement d'informations, comprenant :

un appareil de fusionnement de données (7) accessible à une première unité de stockage de données (71) agencée pour stocker un premier texte ; et

un appareil de traitement d'informations (3), et

dans lequel l'appareil de fusionnement de données (7) comprend :

une première unité de génération (72) agencée pour générer un premier vecteur numérique, P, en vectorisant de façon numérique le premier texte stocké dans la première unité de stockage de données (71) ;

une deuxième unité de génération (74) agencée pour générer un deuxième vecteur numérique, P2, en élevant au carré chaque composante du premier vecteur numérique et un troisième vecteur numérique, P3, en élevant au cube chaque composante du premier vecteur numérique ;

une troisième unité de génération (76) agencée pour générer un premier polynôme, mp(P), qui est représenté en utilisant, en tant que coefficients, des composantes du premier vecteur numérique dans un premier ordre par rapport au degré du premier polynôme, un deuxième polynôme, mp(P2), qui est représenté en utilisant, en tant que coefficients, des composantes du deuxième vecteur numérique dans le premier ordre par rapport au degré du deuxième polynôme, et un troisième polynôme, mp(P3), qui est représenté en utilisant, en tant que coefficients, des composantes du troisième vecteur numérique dans le premier ordre par rapport au degré du troisième polynôme ;

une unité de chiffrage (78) agencée pour chiffrer le premier polynôme, le deuxième polynôme et le troisième polynôme par un système de chiffrage homomorphe capable d'opérations sur des polynômes ; et

un premier émetteur (81) agencé pour émettre le premier polynôme, le deuxième polynôme et le troisième polynôme vers l'appareil de traitement d'informations (3),

l'appareil de traitement d'informations (3) comprend :

un premier récepteur (31) agencé pour recevoir le premier polynôme, le deuxième polynôme et le troisième polynôme en provenance de l'appareil de fusionnement de données (7) ;

une unité d'exécution (35) agencée pour exécuter une opération (S35) dans laquelle une distance devient égale à 0 dans un premier cas où le premier texte coïncide avec une partie d'un second texte, un deuxième cas où le premier texte qui inclut un caractère spécial représentant n'importe quel caractère coïncide avec la partie du second texte, et un troisième cas où le premier texte coïncide avec la partie du second texte qui inclut le caractère spécial, dans laquelle l'opération (S35) inclut l'évaluation de l'expression :

dans laquelle E(mp(P3)) est un chiffrage du troisième polynôme et E(mt(T)) est un quatrième polynôme qui est représenté en utilisant, en tant que coefficients, des composantes d'un quatrième vecteur numérique, T, dans le second ordre par rapport au degré du quatrième polynôme et a été chiffré par le système de chiffrage homomorphe,

dans laquelle E(mp(P2)) est un chiffrage du deuxième polynôme et E(mt(T2)) est un cinquième polynôme qui est représenté en utilisant, en tant que coefficients, des composantes d'un cinquième vecteur numérique, T2, dans le second ordre par rapport au degré du cinquième polynôme et a été chiffré par le système de chiffrage homomorphe,

dans laquelle E(mp(P)) est un chiffrage du premier polynôme et E(mt(T3)) est un sixième polynôme qui est représenté en utilisant, en tant que coefficients, des composantes d'un sixième vecteur numérique, T3, dans le second ordre par rapport au degré du sixième polynôme et a été chiffré par le système de chiffrage homomorphe, et

dans laquelle le quatrième vecteur numérique T est généré en vectorisant de façon numérique le second texte, le cinquième vecteur numérique T2 est généré en élevant au carré chaque composante du quatrième vecteur numérique, le sixième vecteur numérique T3 est généré en élevant au cube chaque composante du quatrième vecteur numérique T, le second ordre est différent du premier ordre, et le quatrième polynôme, le cinquième polynôme et le sixième polynôme sont stockés dans une seconde unité de stockage de données ; et

un second émetteur (37) agencé pour émettre un résultat de l'opération (S35), et

l'appareil de fusionnement de données (7) comprend en outre :

un second récepteur (82) agencé pour recevoir le résultat de l'opération ; et

une quatrième unité de génération (84) agencée pour générer un septième vecteur numérique en déchiffrant le résultat de l'opération, dans lequel le septième vecteur numérique inclut une composante qui est égale à 0 et dont la position correspond à une composante principale de plusieurs composantes successives du quatrième vecteur numérique, qui coïncident avec plusieurs composantes successives du premier vecteur numérique.


 
3. Procédé de mise en correspondance exécuté par un appareil de traitement d'informations (3), comprenant :

la réception (S33) d'un premier polynôme, mp(P), qui est représenté en utilisant, en tant que coefficients, des composantes d'un premier vecteur numérique, P, dans un premier ordre par rapport au degré du premier polynôme et a été chiffré par un système de chiffrage homomorphe capable d'opérations sur des polynômes, d'un deuxième polynôme, mp(P2), qui est représenté en utilisant, en tant que coefficients, des composantes d'un deuxième vecteur numérique, P2, dans le premier ordre par rapport au degré du deuxième polynôme et a été chiffré par le système de chiffrage homomorphe, et d'un troisième polynôme, mp(P3), qui est représenté en utilisant, en tant que coefficients, des composantes d'un troisième vecteur numérique, P3, dans le premier ordre par rapport au degré du troisième polynôme et a été chiffré par le système de chiffrage homomorphe, dans lequel le premier vecteur numérique P est généré en vectorisant de façon numérique le premier texte, le deuxième vecteur numérique P2 est généré en élevant au carré chaque composante du premier vecteur numérique, le troisième vecteur numérique P3 est généré en élevant au cube chaque composante du premier vecteur numérique P ;

l'exécution d'une opération (S35) dans laquelle une distance devient égale à 0 dans un premier cas où le premier texte coïncide avec une partie d'un second texte, un deuxième cas où le premier texte qui inclut un caractère spécial représentant n'importe quel caractère coïncide avec la partie du second texte, et un troisième cas où le premier texte coïncide avec la partie du second texte qui inclut le caractère spécial, dans lequel l'opération (S35) inclut l'évaluation de l'expression suivante :

dans laquelle E(mp(P3)) est un chiffrage du troisième polynôme et E(mt(T)) est un quatrième polynôme qui est représenté en utilisant, en tant que coefficients, des composantes d'un quatrième vecteur numérique, T, dans un second ordre par rapport au degré du quatrième polynôme et a été chiffré par le système de chiffrage homomorphe,

dans laquelle E(mp(P2)) est un chiffrage du deuxième polynôme et E(mt(T2)) est un cinquième polynôme qui est représenté en utilisant, en tant que coefficients, des composantes d'un cinquième vecteur numérique, T2, dans le second ordre par rapport au degré du cinquième polynôme et a été chiffré par le système de chiffrage homomorphe,

dans laquelle E(mp(P)) est un chiffrage du premier polynôme et d'un sixième polynôme qui est représenté en utilisant, en tant que coefficients, des composantes d'un sixième vecteur numérique dans le second ordre par rapport au degré du sixième polynôme et a été chiffré par le système de chiffrage homomorphe, le quatrième vecteur numérique est généré en vectorisant de façon numérique le second texte, le cinquième vecteur numérique est généré en élevant au carré chaque composante du quatrième vecteur numérique, le sixième vecteur numérique est généré en élevant au cube chaque composante du quatrième vecteur numérique, le second ordre est différent du premier ordre, et le quatrième polynôme, le cinquième polynôme et le sixième polynôme sont stockés dans une unité de stockage de données ; et

le renvoi (S37) d'un résultat de l'opération.


 
4. Programme informatique pour amener un ordinateur à exécuter le procédé de mise en correspondance comme exposé dans la revendication 3.
 




Drawing



























REFERENCES CITED IN THE DESCRIPTION



This list of references cited by the applicant is for the reader's convenience only. It does not form part of the European patent document. Even though great care has been taken in compiling the references, errors or omissions cannot be excluded and the EPO disclaims all liability in this regard.

Non-patent literature cited in the description