Various improvements and functional expansions have been implemented on the public key cryptosystem developed by Diffie and Hellman in 1976. In the year of 2001, a public key cryptosystem based on a pairing operation, which is called ID based encryption, was developed by Bonne and Franklin. Recent years, schemes based on the pairing operation have been ardently researched.
As a high-functional public key cryptosystem using the pairing, there is an encryption scheme (hereinafter, referred to as a functional encryption scheme) with enhanced security described in Non-Patent Literatures 1 and 2. Different from the conventional cryptosystem, the functional encryption scheme can implement encryption with specifying a plurality of users (secret keys) who can decrypt encrypted data using one public key.
When the public key cryptosystem is applied to a system used by general users, a secret key might be lost by a user. In this case, in order to prevent malicious use of the lost secret key, the lost secret key must be invalidated.
As an invalidation scheme to invalidate the secret key, schemes described in Patent Literatures 1 and 2 are available.
Patent Literature 1 describes an invalidation scheme to invalidate a secret key of a specific user when a command to invalidate the secret key of the specific user is input; and to generate a key pair of a new cipher key and a secret key when a command to re-issue a secret key is input.
Patent Literature 2 describes an invalidation scheme, when an access request and an access identifier are received, to check whether or not the access identifier and an identifier written in a list of invalidated identifiers are matched; and to terminate the access if the identifiers are matched.