Secret search is a technique capable of retrieving search target data and search contents in an encrypted state.
In recent years, the spread of cloud services, etc., has made it possible to manage data over the internet. However, data management over the internet has a risk of external leakage of deposited data by such reasons that a cloud server entrusted with data management is infected with malware, such as a computer virus, etc., or an administrator of a server commits a fraud, etc. If the data deposited in the server is private information or confidential corporate data, this leakage is a serious problem.
There are encryption techniques as methods to avoid such a security threat. However, there is a problem that data search becomes impossible when data is simply encrypted and stored on a server. In order to avoid the problem, a method has been conventionally adopted wherein encryption data stored on a server is temporarily decrypted and searched at the time of performing search. However, since a plaintext is recovered from the data for a certain period of time in the server, it cannot be said that the method is sufficient as a security measure. Thus, secret search techniques that are cryptographic techniques capable of searching while keeping data in an encrypted state have been devised, and a number of specific methods of the secret search techniques have been disclosed in recent years.
Non-Patent Literature 1 discloses, as a search function in a secret search technique, a scheme capable of exact-match searches being simple searches.
Further, Patent Literature 1, Patent Literature 2, Patent Literature 3 and Non-Patent Literature 2 disclose schemes capable of similarity searches being more flexible searches. Hereinafter, secret search techniques capable of similarity searches are called secret similarity search techniques. Patent Literature 1 and Non-Patent literature 2 disclose secret similarity search techniques capable of efficiently calculating the Hamming distance using special cryptographic techniques referred to as homomorphic encryptions capable of operations while keeping an encrypted state.
Further, Non-Patent Literature 3, Non-Patent Literature 4, Non-Patent Literature 5 and Non-Patent Literature 6 also disclose homomorphic encryptions.
In the secret similarity search techniques, from encryption data stored in a server by a data registrant, and a ciphertext of data which a data searcher desires to retrieve, it is possible to calculate a similarity degree between each plaintext while keeping the encryption data and the ciphertext of data secret without decrypting each of the encryption data and the ciphertext. Hereinafter, the encryption data stored in the server by the data registrant is called storage encryption data. In addition, the ciphertext of data which the data searcher desires to retrieve is called search encryption data. Further, as schematic examples of the similarity degree between plaintexts, there are the squared Euclidean distance between a plaintext of the storage encryption data and a plaintext of the search encryption data, and etc.
If there is a request for search from the data searcher, i.e., a request for similarity calculation, the server calculates a similarity degree while keeping it secret, and transmits the calculation result to the data searcher. Then, the data searcher can recognize the similarity degree by decryption. As mentioned above, the secret similarity search technique has an aspect as a secret analytical technique not only as a search technique.
As a specific example, when it is assumed that a data registrant is a patient, and a data searcher is an analyst, the secret similarity search technique is capable of analyzing private data of the patient in an encrypted state while keeping privacy of the patient, i.e., without opening the private data to the public. Therefore, the patient can request analysis to the data analyst at ease. Thus, such a secret similarity search technique is very useful also from the point of view of privacy protection.