As one of technique of technical field of the public key encryption, various implementing systems of a hierarchical identity-based encryption are known, each having an implementing system with various features.
Among them, some anonymous hierarchical identity-based encryption systems which provide ciphertext with anonymity are known (for instance, Patent Literature 1, Non Patent Literature 1).
The anonymity is property that does not reveal an ID which is the destination of ciphertext even if the ciphertext is seen.
The anonymity is sometimes an indispensable property, depending on how the hierarchical identity-based encryption is used.
For instance, it is assumed that ciphertext of the hierarchical identity-based encryption is sent to a specific user using a message board of the Internet or a file server.
Here, if it is inexpedient to reveal the destination (for instance, in case of correspondence between companies before merger and it is inexpedient to reveal the correspondence itself), the system without anonymity cannot be employed for the correspondence.
This is because the destination may be leaked if the ciphertext is analyzed.
Therefore, the anonymity is indispensable in such a case.
Further, it is known that the hierarchical identity-based encryption can be applied to secret search. The secret search is a technique to carry out a keyword search for encrypted data, which is also referred to as searchable encryption.
The anonymity is indispensable also in this case. This is because, since an ID of the identity-based encryption corresponds to the keyword of the secret search, and having no anonymity (that is, the ID may be leaked) corresponds to the leakage of the keyword.
As discussed above, some methods are known as anonymous hierarchical identity-based encryption which provide the ciphertext with the anonymity (for instance, Patent Literature 1, Non Patent Literature 1).
However, in these methods, if ciphertext having identical contents are generated for plural destination IDs, it is required to generate the number of IDs of ciphertext, thereby increasing the number of ciphertext.
Then, “Wildcard-applicable hierarchical identity-based encryption system” (Non Patent Literature 2) is known as a developed system which enables to send message to all the users belonging to the same hierarchy using one ciphertext.
Further, it is known that “Group-oriented public key secret search system” can be implemented by applying “Wildcard-applicable hierarchical identity-based encryption system” to the field of the secret search with public key (Non Patent Literature 2).
In “Group-oriented public key secret search system”, one ciphertext can be shared within a group, and each user of the group can generate a search query for the ciphertext using his own secret key.