In communication using a public key cryptosystem, a sender of a message encrypts the message using a public key of a recipient and then transmits the encrypted message. Only the recipient having a secret key corresponding to the public key can decrypt the cipher text (hereinafter, the term “recipient” indicates a member holding a secret key (decryption key) corresponding to a cipher text).
Here, consideration will be made of a situation where the recipient cannot perform decryption processing using the secret key, such as a case in which the recipient is not connected to a network. In such a situation, there are many cases where it is not desirable that processing is interrupted because of the disconnected state of a particular recipient in continuous processing that a plurality of hosts are related to, or the like. In such a case, a technique is desired where, before being disconnected, the recipient can delegate its own decryption power to an agent specified by the recipient in order to avoid the interruption of the processing. In a case that decryption processing by a particular recipient is required and the recipient is in the disconnected state, execution of the decryption processing is requested for an agent previously specified, thus making it possible to avoid the interruption of the continuous processing.
There have been many studies on the delegation of the power by reflecting a practical importance. However, most of the studies are concerned with delegation of credentials. There are few studies on delegation of the decryption power called “proxy cryptosystem”. As the conventional technology of this type, for example, technologies described in the following references are conceived.    Reference 1: Mambo, M and Okamoto, E., “Proxy Cryptosystems: Delegation of the Power to Decrypt Ciphertexts,” IEICE Trans. Fund. Electronics Communications and Comp. Sci. E80-A/1. pp. 54-63, 1997.    Reference 2: Blaze, M., Bleumer, G. and Strauss, M., “Divertible Protocols and Atomic Proxy Cryptography,” Proc. of EUROCRYPT '98, LNCS, 1998.    Reference 3: Jakobsson, M., “On Quorum Controlled Asymmetric Proxy Re-encryption,” Proc. of PKC '99, LNCS, 1999.
A reason for fewer studies on the delegation of decryption power, is the difficulty of limited delegation of the decryption power conceived. If the decryption power is delegated permanently with no limitation, it is sufficient to give information of the secret key held by the recipient to the agent. However, permanent delegation of the power is not necessary in the situation described above, and the power is delegated while the condition for exercising the power is limited. For example, the decryption power is set to be valid at a start time and set to be invalid at a finish time. Such delegation of the power is a very difficult problem in terms of cryptology.
The conventional arts described in References 1-3, propose methods of converting a cipher text so as to allow the agent to decrypt the cipher text. However, none of the references deal with delegation of the decryption power for a limited period.
In a peer to peer (P2P) network expected to be widely used in the future, hosts (peers) frequently withdraw from the network or (re)join the network unlike a conventional statically structured network. On the other hand, in order to provide a security service consistent throughout the entire P2P network (access to encrypted data, for example), a situation requiring a decryption key of the peer in the disconnected state can frequently occur. Therefore, if the power to use the decryption key can be delegated to another peer under a certain restricted condition, the peer with the power delegated can continue the decryption processing even when the predetermined peer is in the disconnected state. Accordingly, a very flexible security service can be constructed.