Field of the Invention
This disclosure relates to a cryptographic system which manages encrypted data, a method of updating a key used in encrypting data, and a program to update that key.
Description of the Related Art
In recent years, cloud services are widely spread. By use of cloud services, a service provided to employees by an in-house system is inexpensively provided by a server on the cloud, for example. In an in-house system, an in-house operator manages a database, and a risk of information leaking outside is limited. In cloud services, a database in a server may be read by an operator of a third party, and there is a risk of information leaking outside. Accordingly, it is desirable that security data in a cloud server be managed in an encrypted form.
Regarding such a cryptographic technique, Japanese Laid-Open Patent Publication No. 2014-17763 discloses a technique to update an encryption while alleviating a load of a device on the side of a user desiring updating the encryption without providing an administrator of a database having encrypted data stored therein with plaintext, decrypting information and the like.
Generally, when data is encrypted, an encryption key (hereinafter also referred to as a “key”) is used. In terms of security, it is preferable that the key is periodically updated. When the key is updated, it is necessary to re-encrypt a database in accordance with the updated key.
The re-encryption process is performed by a client connected to a cloud server via a network, for example. More specifically, the client obtains data from the cloud server, decrypts that data with a pre-update key, re-encrypts that data with a post-update key, and stores that data to the cloud server. When millions of data are managed on a database, the re-encryption process may take time and interfere with provision of services.
Japanese Laid-Open Patent Publication No. 2014-17763 discloses a technique such that whenever a new encryption key is created, encrypted data is encrypted with the new encryption key. Thus, this technique encrypts data with encryption keys manyfold and accordingly, it takes time to decrypt the data. Furthermore, the size of the data increases whenever the encryption key is updated.