	US 11,888,977 B2
	Share generating device, share converting device, secure computation system, share generation method, share conversion method, program, and recording medium
Dai Ikarashi, Musashino (JP); Ryo Kikuchi, Musashino (JP); and Koji Chida, Musashino (JP)
Assigned to NIPPON TELEGRAPH AND TELEPHONE CORPORATION, Chiyoda-ku (JP)
Filed by NIPPON TELEGRAPH AND TELEPHONE CORPORATION, Chiyoda-ku (JP)
Filed on May 12, 2022, as Appl. No. 17/742,632.
Application 17/742,632 is a division of application No. 16/640,092, granted, now 11,374,743, previously published as PCT/JP2018/030439, filed on Aug. 16, 2018.
Claims priority of application No. 2017-159345 (JP), filed on Aug. 22, 2017.
Prior Publication US 2022/0278829 A1, Sep. 1, 2022
Int. Cl. H04L 9/08 (2006.01)

CPC H04L 9/085 (2013.01) [H04L 9/0819 (2013.01); H04L 9/0869 (2013.01)]

6 Claims

1. A share converting device for secure communication that is a share converting device A_iincluded in N share converting devices A₀, . . . , A_N−1, wherein

N is an integer greater than or equal to 2, m is an integer greater than or equal to 1, m(i) is an integer greater than or equal to 0, i=0, . . . , N−1 holds, u=0, . . . , N−1 holds, P is a function, and a range of the function P belongs to a set F^mwhose members are sequences of m elements of field F, and

the share converting device includes processing circuitry configured to:

accept a share SS_icontaining N−1 seeds s_d, where d∈{0, . . . , N−1} and d≠i, and a member y_j∈F^m(i)belonging to a set F^m(j), the share SS_jbeing a share of plaintext x in secret sharing received, over a network, from a share generating device,

possess an arbitrary value t_i∈F^m(i)jointly with another share converting device A_j−1mod N,

obtain a share [y_i]_u∈F^m(i)of each share converting device A_uby secret-sharing the member y_iin accordance with Shamir's secret sharing scheme on an assumption that the arbitrary value t_iis a share [y_j]_{j−1 mod N}of the share converting device A_{i−1 mod N}and outputs the share [y_i]_u,

accept shares [y_d]_i,

obtain function values P(s_d)∈F^mof the seeds s_d,

convert a set SET_iof the N−1 function values P(s_d), where d∈{0, . . . , N−1} and d≠i, which is a share of a function value e=f(P(s₀), . . . , P(s_N−1))∈F^mwith respect to function values P(s₀), . . . , P(s_N−1) of N seeds s₀, . . . , s_N−1, into a share [e]_jof the function value e in accordance with Shamir's secret sharing scheme, and

obtain a share [x]_iof x=g⁻¹(y, e) in accordance with Shamir's secret sharing scheme by secure computation using a share [y]_iand the share [e]_j, where the share [y]_iwhich is expressed by shares [y₀]_i, . . . , [y_N−1]_iis a share of a function value y=g(x, e)∈F^mwith respect to plaintext x and the function value e,

wherein each share SS_jis a share that is transmitted respectively to each of the plurality of share converting devices A_j, and each share converting device A_jconverts each respective share SS_j, whose total amount of communication data is smaller than that of shares in accordance with Shamir's secret sharing scheme, into a respective share [x]_jin accordance with Shamir's secret sharing scheme.