Information & Communication Systems

Functional Encryption

Realizing the high-level security called for in the cloud era.


Resolving security issues in cloud environments.


Cloud computing is rapidly gaining popularity as a new form of data processing. When companies use cloud computing, they must pass private or confidential information over to an outsourced server; this necessitates steadfast security measures to eliminate concerns over the information being seen or leaked. In joint research conducted with NTT, Mitsubishi Electric has now developed "functional encryption." In particular, a specific form of functional encryption called "attribute-based encryption" incorporates into the ciphertext itself a function that restricts access rights to the ciphertext. This is a form of next-generation technology that represents a step forward in the evolution of conventional encryption technology, and it succeeds in realizing the high-level security that is called for in the cloud era. With the encryption algorithm MISTY® and a quantum cryptographic communication system as just two out of our many achievements, Mitsubishi Electric has long been a leader in the cryptographic technology industry. Expectations are therefore high that functional encryption technology will open new doors in the field. *MISTY is a registered trademark of Mitsubishi Electric Corporation.


An advanced encryption method equipped with standard functions that incorporate a variety of existing methods.

Our attribute-based encryption is able to incorporate into the ciphertext conditional sentences that restrict access rights and attribute information, as well as the key that decrypts the ciphertext itself. Attribute information might include a company name, department, and position, while conditional sentences will apply terms such as AND, OR, or NOT to access rights. For example, in the case of "Human Resources Department AND Section Manager, OR General Manager," access will be granted to section managers in the human resources department and general managers in any department. Conventionally, separate systems have been required for encryption and access rights, but attribute-based encryption is capable of performing both roles simultaneously. Existing encryption methods have also traditionally required the generation of one ciphertext for each decryption key. In order to make a given document accessible to 100 staff members, it has until now been necessary to generate 100 ciphertexts corresponding to 100 decryption keys. There has always been the option of issuing a single ciphertext to all 100 staff members and giving them the same decryption key, but this increases the risk of the key being misused. However, with attribute-based encryption, a single ciphertext which incorporates a complex condition can be decrypted by multiple keys which include employees' attributes. The system therefore not only ensures security but also reduces the labor involved in generating ciphertexts. Furthermore, it reduces the amount of data involved, thus contributing to reducing the costs associated with outsourced servers.

■ In the case of conventional encryption methods

diagram: In the case of conventional encryption methods

■ In the case of attribute-based encryption

diagram: In the case of attribute-based encryption

Attribute-based encryption is an extremely versatile method of generating ciphertexts. It makes it possible either to apply conditionals to the ciphertext and incorporate attribute information into the decryption key, or to incorporate attribute information into the ciphertext and apply conditionals to the decryption key. This type of encryption is expected to be applied in a wide range of fields, such as the management of company information and content distribution via networks. The ability to use "NOT" as a conditional is another attractive feature of the system. This is because attribute-based encryption is an advanced encryption method equipped with standard functions that incorporate all existing methods. The exclusion function represented by "NOT" makes it possible to reduce the number of tasks involved when, for example, access rights are changed and the human resources department is to be excluded from access. If only Z is to be excluded in attribute information spanning A-Z, in contrast with the conventional description "A AND B AND…Y," attribute-based encryption merely needs to include "NOT Z," which simplifies the creation of a condition and reduces the size of data required.

Development of searchable encryption and attribute-based signatures.

We are proceeding with our efforts to extend the application of attribute-based encryption to searchable encryption and attribute-based signatures. Searchable encryption is a type of technology that has attracted considerable attention, and research is being conducted on it worldwide. Normally, when a user retrieves an encrypted document on a server, it is necessary to temporarily decrypt the document. While the threat is slight, this does present a risk of information leak. Mitsubishi Electric's searchable encryption makes the retrieval of documents possible by incorporating into the ciphertext keywords that represent the content of the document in place of attribute information, and by applying a condition consisting of AND, OR, and NOT to users. Because documents can be retrieved by means of keyword matching without the need for decryption, the technology will be effective in areas such as the storing and managing of medical and other highly confidential information. Attribute-based signatures are digital signatures that are authorized by attribute information while protecting the privacy of the user (real name, etc.), and they are expected to have applications such as enabling users to respond to questionnaires pseudonymously.

  • ■ Searchable encryption

    diagram: Searchable encryption
  • ■ Attribute-based signatures

    diagram: Attribute-based signatures