CN106534313B - The frequency measuring method and system of facing cloud end data publication protection safety and privacy - Google Patents
The frequency measuring method and system of facing cloud end data publication protection safety and privacy Download PDFInfo
- Publication number
- CN106534313B CN106534313B CN201611012810.4A CN201611012810A CN106534313B CN 106534313 B CN106534313 B CN 106534313B CN 201611012810 A CN201611012810 A CN 201611012810A CN 106534313 B CN106534313 B CN 106534313B
- Authority
- CN
- China
- Prior art keywords
- ciphertext
- frequency
- fhe
- homomorphism
- cloud server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/008—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
Abstract
The invention discloses frequency measuring methods and system that a kind of facing cloud end data issues protection safety and privacy; database owner generates key pair; encryption outsourcing processing is carried out to database; cryptographic operation is carried out to the complement code of frequency threshold negative-k; and it is uploaded to cloud server, to proxy server authorization private key sk.The frequency of client application inquiry record R.Proxy server obtains database owner's authorization, and database owner is assisted to handle affairs;Cloud server is for storing ciphertext database, carrying out homomorphism arithmetic operation to ciphertext.The present invention combines full homomorphic cryptography technology; the frequency ciphertext of data record can be obtained under cloud environment and determines whether the frequency of record meets secret protection requirement; ensure that whole process will not reveal the record content that client is inquired, lower than the sensitive record content of threshold value, the frequency that can either realize that the secure storage of data facilitates cloud protect privacy again measures frequency in database simultaneously.
Description
Technical field
The present invention relates to secret protection Related Research Domains, issue protection safety more particularly to a kind of facing cloud end data
And the frequency measuring method and system of privacy.
Background technique
In the epoch of information sharing, the important research field of secret protection and information security as IT circles.Information peace
Complete requirement to prevent unwarranted number is it is disclosed, and secret protection is intended to that disclosed data is avoided to be used for therefrom reasoning individual's
Sensitive information.
With the arrival of big data era, more and more people storing data and execute meter beyond the clouds using cloud computing technology
Processing task is calculated, secret protection faces many new challenges.There is the danger of leakage privacy in data storage procedure beyond the clouds, removes this
Except, secret protection treatment process itself may also be under attack, this undoubtedly increases the risk of privacy leakage and avoids risk
Difficulty.
The safety problem that cloud data are solved with the technology of cryptography is a selection well, and data are added
It is uploaded to cloud storage after close, the risk of privacy leakage is just not present.But encryption data presence in cloud is difficult to operation
Problem.Fortunately full homomorphic cryptography technology provides possibility to solve new challenge.Full homomorphic cryptography is that one kind can be direct
The technology that ciphertext data under encrypted state are operated.The general of homomorphic cryptography is just proposed early in Rivest in 1978 et al.
It reading, wherein public key algorithm RSA is multiplicative homomorphic encipherment scheme, and Paillier algorithm is additive homomorphism encipherment scheme, but this
It stagnates always afterwards.After Gentry in 2009 constructs first full homomorphic encryption scheme, there is rapid development, occurs
Many achievements, comprising: the full homomorphic encryption scheme based on ideal lattice, the scheme based on integer such as Dijk,
Gentry etc. is based on the scheme of LWE (Learning With Error), and Lyubaskevsky etc. is based on RLWE (Ring LWE)
Scheme, Brakerski etc. are based on the scheme of GLWE (Generalized LWE).But these schemes are mostly based on theory, need
Continue to study efficient practical plan.
The data for carrying out secret protection processing can will be needed to be encrypted using full homomorphic cryptography technology, recycled
Cloud computing carries out the processing of ciphertext data operation, obtains the ciphertext data for meeting secret protection requirement.Utilize full homomorphic cryptography technology
Data content safety can be protected but also protect data handling procedure safe.
It carries out generally requiring the frequency in statistical data record when data-privacy protection processing beyond the clouds, the present invention combines same
State encryption technology needs to protect the purpose of data safety and privacy in facing cloud end data issuing process, proposes that a kind of homomorphism is close
Data record frequency measuring method and system under text are handled for secret protection.
Summary of the invention
In view of the above-mentioned deficiencies in the prior art, it is an object of the present invention to provide a kind of facing cloud end data publication protection safety and
The frequency measuring method and system of privacy.
The purpose of the present invention is achieved through the following technical solutions: a kind of facing cloud end data publication protection safety and
The frequency measuring method of privacy, includes the following steps:
S1, database owner generate public key pk and private key sk with homomorphism key schedule FHE.KeyGen;Setting frequency
Threshold value k is spent, and the encrypted form cc_thd of the complement code of-k is uploaded to cloud server;It will be outside the database that encrypted with public key pk
Wrap cloud server;Public key pk is uploaded to cloud server to save;
S2, client obtain public key pk from cloud, obtain ciphertext RC with the record R that public key pk encryption needs to inquire frequency,
RC is uploaded to cloud server;
S3, cloud server execute frequency ciphertext of the record RC of homomorphism operation inquiry encryption in ciphertext database
csup;And threshold determination is carried out under homomorphism, it obtains determining result cresult;Cresult and csup are sent to agency service
Device;
S4, proxy server decrypt cresult with private key sk to obtain plaintext m, represent frequency and determine result;According to frequency
Determine that result m and csup decrypted result send information sup to cloud server;
The information sup that proxy server returns is sent to client by S5, cloud server.
Further, the database owner in the step S1 generates public key pk and private key sk, and private key sk is shared
To proxy server.
Further, frequency ciphertext csup tool of the homomorphism operation inquiry RC in ciphertext database is executed in the step S3
Gymnastics is made as follows:
Firstly, cloud server will record total l ciphertext record in RC and ciphertext tables of data does homomorphism operation respectively, obtain
L ciphertext cc1,cc2,…,ccl, concrete operations are as follows: cloud server will record RC=[rc1,rc2,…,rcn] and ciphertext number
R is recorded according to i-th ciphertext in libraryi=[ci1,ci2,…,cin] corresponding to ciphertext position rcjAnd cijHomomorphism add operation is done, n is obtained
A ciphertext position c 'ij=FHE.Add (pk, rcj,cij),j∈{1,2,…,n},i∈{1,2,…,l};Again by n ciphertext position c
’i1,c’i2,…,c’inThe ciphertext c_m1=FHE.Enc (pk, 1) with 1 does homomorphism add operation respectively, obtains n new ciphertexts
Position caddij=FHE.Add (pk, c 'ij, c_m1), i ∈ { 1,2 ..., n };Then, by n ciphertext position caddi1,caddi2,…,
caddinHomomorphism multiplying is done, ciphertext cc is obtainedi=FHE.Mult (pk, caddi1,caddi2,…,caddin),i∈{1,
2,…,l};
Then, by homomorphism addition FHE.Add operation and homomorphism multiplication FHE.Mult operation by ciphertext cc1,cc2,…,ccl
It adds up, obtains frequency ciphertext csup, the csup=[cs of record RN,…,cs2,cs1] it is N number of ciphertext position,
Further, threshold determination is carried out under homomorphism in the step S3, obtain determining that result cresult's is specific
Operation are as follows: cloud server is by csup=[csN,…,cs2,cs1] and cc_thd=FHE.Enc (pk ,-k)=[cthdN+1,
cthdN,…,cthd1] do following homomorphism operation: firstly, enabling c_carry0=FHE.Enc (pk, 0) then takes 1 until N i,
By (i-1)-th carry ciphertext c_carryi-1With the i-th bit ciphertext position cs of csupiWith the i-th bit ciphertext position cthd of cc_thdiIt carries out
Homomorphism addition and homomorphism multiplying obtain carry ciphertext c_carryi=FHE.Add (pk, FHE.Mult (pk, cthdi,c_
carryi-1),FHE.Mult(pk,csi,FHE.Add(pk,cthdi,c_carryi-1)));By highest carry ciphertext c_carryN
With the highest ciphertext position cthd of cc_thdN+1=FHE.Enc (pk, 1) does homomorphism add operation, obtains ciphertext cresult=
FHE.Add(pk,c_carryN,cthdN+1)。
Further, frequency is obtained according to cresult plaintext result in the step S4 and determines that result concrete operations are as follows:
Proxy server decrypts cresult with private key sk and obtains plaintext m=FHE.Dec (sk, cresult), if m=0, illustrates to record R
Frequency be not less than threshold value, proxy server sends the plaintext sup that decrypts of csup to cloud server;If m=1, judgement
The plaintext sup that csup is decrypted sends sup to cloud server if not being queried record R in sup=0 database of descriptions
=0;If sup ≠ 0 illustrates the frequency for recording R lower than threshold value, the information sensing for recording R is strong, is easy leakage privacy information, agency
Server sends sup=-1 to cloud server.
Further, frequency is obtained with cloud server processing ciphertext operation, and by frequency and frequency threshold in ciphertext shape
It is compared under state, judgement is decrypted with proxy server compared result, there is no leakage clients in this course
In the record content inquired, database frequency lower than threshold value sensitive record the case where.
A kind of facing cloud end data issues the frequency measurement system of protection safety and privacy, which includes four directions: data
Library owner, client, proxy server, cloud server.Database owner is mainly responsible for generation key pair, to database
Encryption outsourcing processing is carried out, cryptographic operation is carried out to the complement code of frequency threshold negative-k, and be uploaded to cloud server, to agency
Server authorization private key sk.Client mainly applies for the frequency of inquiry record R.Proxy server obtains database owner and awards
Power assists database owner to handle affairs, including saves client private key sk, decrypts ciphertext;Cloud server is for storing
Ciphertext database carries out homomorphism arithmetic operation to ciphertext.
The beneficial effects of the present invention are: the present invention combines full homomorphic cryptography technology, data note can be obtained under cloud environment
The frequency ciphertext of record simultaneously determines whether the frequency of record meets secret protection requirement, while ensuring that whole process will not reveal client
Frequency can either realize that the safety of data is deposited lower than the sensitive record content of threshold value in the inquired record content in end, database
The frequency that storage facilitates cloud to carry out protection privacy again measures.
Detailed description of the invention
Fig. 1 is the frequency measuring method operating process of facing cloud end data publication protection safety and privacy provided by the invention
Figure;
Fig. 2 is that the frequency measuring method and system of facing cloud end data publication protection safety and privacy provided by the invention are real
Illustration is applied to be intended to;
Fig. 3 is the frequency measurement system structure signal of facing cloud end data publication protection safety and privacy provided by the invention
Figure.
Specific embodiment
Before introducing specific implementation, the rudimentary knowledge of some full homomorphic cryptographies is first introduced.Homomorphic encryption scheme packet
Containing four probability times multinomial algorithm HE={ KeyGen, Encrypt, Decrypt, Evaluate }, the work of this four algorithms
With as follows with process, λ is security parameter:
KeyGen is generation scheme key algorithm.Security parameter λ is inputted, output obtains public key pk, private key sk and public comments
Estimate key evk, evk is public key information needed for operation Boolean circuit.(pk,evk,sk)←HE.KeyGen(1λ)。
Encrypt is ciphertext generating algorithm.Public key pk and single bit of information m ∈ { 0,1 } is inputted, output obtains a ciphertext
c。c←HE.Encpk(m)。
Decrypt is that ciphertext is decrypted.A private key sk and ciphertext c is inputted, output obtains information m*∈{0,1}。m*
←HE.Decsk(c)。
Evaluate is for ensuring that the correctness of homomorphic cryptography.The correctness of homomorphic cryptography exactly carries out several ciphertexts
The plaintext that the ciphertext that homomorphism is calculated obtains after being decrypted, plaintext corresponding with ciphertext carry out obtained by identical calculations
The result is that equal.Input assessment key evk, a functionAnd ciphertextOutput obtains
One ciphertext cf。To cfThe result being decrypted, which is equal to, to be corresponded to
In plain textCarry out identical operation as a result, i.e. Most important operation behaviour
Work is homomorphism add operation HE.Add and homomorphism multiplying HE.Mult.
The present invention using the full homomorphic encryption scheme of the higher BGV based on RLWE of current efficiency (Z.Brakerski,
C.Gentry,and V.Vaikuntanathan.(leveled)fully homomorphic encryptionwithout
Bootstrapping.TOCT, 6 (3): 13,2014.Preliminary version in ITCS 2012.), for the ease of reason
Solution, will make introduction to the principle of the full homomorphic cryptography first.
The building of base case GHE based on GLWE is as follows:
1、GHE.Setup(1λ,1μ, b): determine that we are to based on LWE scheme (d=1) using bit b ∈ { 0,1 }
Or it is based on RLWE scheme (n=1) setup parameter, d parameter indicates to estimate polynomial degree.Select a μ bit moduli q and its
His parameter (d=d (λ, μ, b), n=n (λ, μ, b),χ=χ (λ, μ, b)) to ensure to be based on
The case of GLWE scheme has 2λSafety with resist lattice attack.It allowsWith parameter params=(q, d,
n,N,χ).
2, GHE.SecretKeyGen (params): s' ← χ is chosenn, obtain
3, GHE.PublicKeyGen (params, sk): using private key as input sk=s=(1, s'), s [0]=1,There are also parameter params.Uniformly generate a matrixOne vector e ← χNWith a set b ← A'
S'+2e. setting A becomes (n+1) column matrix comprising b, and aft section is the n column matrix (As=2e) of-A'.Public key pk=A.
4, GHE.Enc (params, pk, m): in order to encrypt an information m ∈ R2, settingSamplingExport ciphertext
5, GHE.Dec (params, sk, c): output solution confidential information m ← [[<c, s>]q]2。
Full homomorphic encryption algorithm without bootstrapping is accomplished by
The first, parameter setting.The full homomorphic encryption scheme that the present invention uses is based on polynomial ring, polynomial ringD is 2 power power, and λ is the security parameter of homomorphic encryption scheme, and ciphertext multinomial coefficient takes μ bit
Modulus q, L are binary arithmetic operation circuit depths, other parameters (d=d (λ, μ, b), n=n (λ, μ, b),χ=χ (λ, μ, b)) to ensure 2λSafety.N=1 is exactly to set the instantiation based on RLWE.
In order to allow full homomorphic cryptography to be suitable for universe anonymity algorithm, plaintext space is set as R2=R/2R.
The second, key schedule FHE.KeyGen.Key pair generates as follows: GHE.SecretKeyGen (params):
Choose s' ← χn, obtain private keyGHE.PublicKeyGen(params,
Sk): using private key as input sk=s=(1, s'), s [0]=1,There are also parameter params=(q, d, n, N, χ).
Uniformly generate a matrixOne vector e ← χNBecome with set b ← A's'+2e. setting A and includes b's
(n+1) column matrix, aft section are the n column matrix (As=2e) of-A'.Public key pk=A.
J=L to 0 is recycled, params is runj←GHE.Setup(1λ,1(j+1)·μ, b) come the level for the mould that obtains successively decreasing from qL
((L+1) μ bits) is to q0(μ bits) recycles j=L-1 to 0, parameter paramsjMiddle djValue be replaced by d=dL, it is distributed χj
It is replaced by χ=χL。
FHE.KeyGen(paramsj): circulation j=L to 0, following realization:
1, s is runj←GHE.SecretKeyGen(paramsj)and Aj←GHE.PublicKeyGen(paramsj,
sj)。
2, it is arrangeds'jIt is sjTensor, its coefficient is in RqjIn sjTwo coefficients
Product.
3, s " is setj←BitDecomp(s'j,qj)。
4, τ is runs”j+1→sj←SwitchKeyGen(s”j,sj-1), this step is omitted as j=L.
Private key sk includes all sj, public key pk includes all AjAnd τs”j+1→sj。
Third, encryption algorithm F HE.Enc (params, pk, m): in R2In find information m, run GHE.Enc (AL,m)。
GHE.Enc (pk, m): in order to encrypt an information m ∈ R2, settingSamplingOutput
Ciphertext
4th, decipherment algorithm FHE.Dec (params, sk, c): assuming that ciphertext is in sjUnder, run GHE.Dec (sj,
c).GHE.Dec (sk, c): output solution confidential information m ← [[<c, s>]q]2。
5th, homomorphism addition FHE.Add (pk, c1,c2): private key s is equally used in input twojThe ciphertext of encryption.C is set3←
c1+c2mod qj。c3It is exactly in s'jUnder ciphertext (s'jParameter include all sjParameter becauseAnd
s'jFirst coefficient be 1), export c4=FHE.Refresh (c3,τs”j→sj-1,qj,qj-1)。
6th, homomorphism multiplication FHE.Mult (pk, c1,c2): private key s is equally used in input twojThe ciphertext of encryption.Firstly, new
Ciphertext be in private keyUnder, it is linear equalityCoefficient vector c3, export c4=
FHE.Refresh(c3,τs”j→sj-1,qj,qj-1)。
FHE.Refresh(c,τs”j→sj-1,qj,qj-1): input private key s'jUnder ciphertext, auxiliary information τs”j→sj-1To help
Key is helped to convert, current and next modulus is qjAnd qj-1, do following work: expansion c first1←Powersof2(c,qj).So
After carry out analog-to-digital conversion, c2←Scale(c1,qj,qj-1, 2), corresponding private key s "jWith modulus qj-1.Key conversion is carried out again, is exported
c3←SwitchKey(τs”j→sj-1,c2,qj-1), corresponding private key sj-1With modulus qj-1。
Wherein c'=Scale (c, p, q, 2) is mould converting algorithm, and p, q are two odd modes, and c is an integer vectors, c'
It is one close to the integer vectors of (p/q) c and meets c'=c mod 2.X is decomposed
As its bit representation method,Output
SwitchKeyGen(s1,s2,n1,n2, q) and two private keys of inputWith the dimension of private key, modulus q, private key s2
WithRun GHE.PublicKeyGen (s2, N) and public key A is obtained, generate B=A+Powesof2 (s1, q), so
The auxiliary information τ exported afterwardss1→s2=B realizes exchange.Wherein,
Below with reference to the accompanying drawings and in conjunction with example the present invention will be described in detail.
Fig. 1 is the frequency measuring method operating process of facing cloud end data publication protection safety and privacy provided by the invention
Figure.As shown in Figure 1, the frequency measuring method of facing cloud end data publication protection safety provided by the invention and privacy includes step
S1-S5。
Step S1: database owner generates public key pk and private key sk with key schedule FHE.KeyGen, by frequency
Cloud server is uploaded after the complement code encryption of threshold value volume negative-k, then uploads cloud service after database is encrypted with public key pk
Public key pk is equally uploaded to cloud server by device.
Step S2: client requests to obtain public key pk from cloud server, the note of inquiry frequency needed for being encrypted with public key pk
R is recorded, ciphertext RC is obtained, RC is uploaded to cloud server.
Step S3: cloud server executes homomorphism operation and obtains the frequency csup of RC, carries out frequency threshold by homomorphism operation
Value judgement obtains cresult, and csup and cresult are sent to proxy server.
Step S4: proxy server decryption cresult obtains plaintext m, and decryption csup obtains plaintext sup, according to m and sup
Judge whether the frequency for recording R is greater than threshold value, according to judgement setting sup and is sent to cloud server.
Step S5: sup is sent to client by cloud server.
Further it is described in detail with the example in Fig. 2.Fig. 2 is facing cloud end data publication protection provided by the invention
The frequency measuring method and system embodiment schematic diagram of safety and privacy.As shown in Fig. 2, facing cloud end data provided by the invention
The frequency measuring method of publication protection safety and privacy includes step S1-S5, and provided system includes database owner, visitor
Family end, proxy server, cloud server.
Specifically, by taking the database comprising 6 records in attached drawing 2 as an example, it is assumed that the record of every encryption is close with n
Literary position indicates, the present invention is described in detail.
Step S1: database owner generates public key pk and private key sk using homomorphism key schedule, and by database
In record be converted to after binary representation and be encrypted with public key pk, obtained ciphertext database is uploaded to cloud
Server, while it is 2 that frequency threshold k, which is arranged, its negative value-k=-2 complement code is encrypted with public key pk, and is uploaded to cloud clothes
Business device.It is hereby stated that in database, record and homomorphism calculating process, encrypt every time same plaintext position all generate it is different close
R is recorded in text, such as attached drawing 211 encrypted result FHE.Enc (pk, 1) representated by each 1' of ciphertext form be all mutually not
Identical, same each 0' is mutually different.Also, database owner does not also reveal the frequency threshold of setting outwardly
k.The outer bag data of database owner is the process being constantly superimposed to cloud server, is completed during idle time.
Step S2: client obtains itself wanting by sending inquiry request to cloud server the record R's of inquiry
Frequency.Firstly, client requests public key pk to cloud server, cloud server will reach client under public key pk;Secondly, objective
Family end public key pk to the record R={ 11, Female, 375720 } for needing to inquire frequency be converted to binary system [1,1,0,0 ...,
1] it is encrypted again, obtains ciphertext record RC=[1', 1', 0', 0' ..., 1'];RC is sent to cloud server to carry out
Homomorphism operation.
Step S3: firstly, cloud server by RC=[1', 1', 0', 0' ..., 1'] in ciphertext database totally 6 it is close
Text record carries out homomorphism operation, obtains 6 ciphertext cc1=1', cc2=0', cc3=0', cc4=0', cc5=0', cc6=1'.
With RC and R2It does homomorphism and cc is calculated2For, R2=[1', 0', 0', 1' ..., 1'], by RC and R2Corresponding i-th of ciphertext
To do homomorphism add operation, n ciphertext 0', 1', 0', 1' ..., 0', i ∈ { 1,2 ..., n } are obtained;Above-mentioned n ciphertext is distinguished
Ciphertext 1' with 1 carries out homomorphism add operation, obtains new n ciphertext 1', 0', 1', 0' ..., 1';By above-mentioned n ciphertext position
It is homomorphism multiplying FHE.Mult (pk, 1', 0', 1', 0' ..., 1') and obtains ciphertext cc2=0'.Similarly, by RC and other 5
Item record does homomorphism operation.
Then, cloud server is to 6 ciphertext cc1=1', cc2=0', cc3=0', cc4=0', cc5=0', cc6=1'
It adds up, the frequency ciphertext csup of record R can be obtained, concrete operations are as follows: due to counting obtained maximum possible frequency
Ciphertext is related to data-base recording amount, and frequency ciphertext position is up toFirstly, setting ciphertext csup's is initial
Ciphertext csup=[the cs that value is 303,cs2,cs1]=[0', 0', 0'];Then, ciphertext csup is added into first ciphertext cc1
=1', operation ccarry1=FHE.Mult (pk, 1', 0') obtains carry ccarry1=0', operation cs1=FHE.Add (pk,
1', 0') obtain new minimum ciphertext position cs1=1', then operation ccarryi=FHE.Mult (pk, ccarryi-1,csi),csi
=FHE.Add (pk, ccarryi-1,csi), i ∈ { 2,3 } obtains carry ccarry2=0', ccarry3=0', new ciphertext position
cs3=0', cs2=0'.Then, add up upper first ciphertext cc1Frequency ciphertext csup=[cs after=1'3,cs2,cs1]=
[0', 0', 1'], then add up other 5 ciphertexts, finally obtains frequency ciphertext csup=[cs3,cs2,cs1]=[0', 1',
0']。
Finally, cloud server carries out threshold determination after obtaining frequency ciphertext csup.Threshold value is database owner
It sets and encrypts, threshold value ciphertext cc_thd=[cthdN+1,cthdN,…,cthd1] it include N+1 ciphertext position.In this example
Cc_thd=FHE.Enc (pk, -2)=[cthd4,cthd3,cthd2,cthd1]=[1', 1', 1', 0'].Firstly, enabling c_
carry0=FHE.Enc (pk, 0) then carries out homomorphism operation and obtains carry c_carryi=FHE.Add (pk, FHE.Mult
(pk,cthdi,c_carryi-1),FHE.Mult(pk,csi,FHE.Add(pk,cthdi,c_carryi-1))), i ∈ { 1,2,3 },
Wherein c_carry3=1';Last operation cresult=FHE.Add (pk, cthd4,c_carry3) obtain determining result
Cresult=0'.Cloud server will reach proxy server under obtained ciphertext cresult and be decrypted.
Step S4: proxy server with private key sk decrypt cresult obtain plaintext m=FHE.Dec (sk, cresult)=
0, illustrate the frequency for recording R={ 11, Female, 375720 } not less than threshold value, proxy server is sent to cloud server
The plaintext sup=[0,1,0]=2 that csup is decrypted.
Step S5: sup=2 is sent to client by cloud server, client just learn record R=11, Female,
375720 } frequency is 2.
Equally, if the frequency of the record R={ 32, Male, 375722 } of client request inquiry, will obtain
The decrypted result m=FHE.Dec (sk, cresult) of cresult=1, csup decrypted result sup=1, illustrates that the frequency of R is lower than
Threshold value and be sensitive record, sends sup=-1 to cloud server;If client request inquiry record R=67,
Male, 375720 } frequency will obtain decrypted result m=FHE.Dec (sk, cresult)=1, csup solution of cresult
Close result sup=0, there is no record R in database of descriptions, send sup=0 to cloud server;
Fig. 3 is the protection data safety of facing cloud end data publication provided by the invention and the frequency measurement system knot of privacy
Structure schematic diagram.As shown in figure 3, the frequency measurement of the protection data safety and privacy of facing cloud end data publication provided by the invention
System includes four database owner, client, proxy server, cloud server parts.The database owner connects
Meet cloud server and proxy server, the Client Agent connection database owner and cloud server, the client
End connection cloud server.Private key sk is shared to agency for generating public key pk and private key sk by the database owner
Public key pk is sent to cloud server by server, will be sent to cloud server after database public key pk encryption, and set
Frequency threshold k is set, the complement code of p- k is sent to cloud server after being encrypted with public key pk.The client is sent out to cloud server
It send and frequency is requested and inquired using public key requests, after obtaining public key pk from cloud server, frequency need to be inquired with public key pk encryption
The record R of degree, and to cloud server send R ciphertext RC.The cloud server executes homomorphism operation, including homomorphism addition
Operation and homomorphism multiplying, obtain frequency ciphertext csup and frequency determines ciphertext cresult and is sent to proxy server, together
When by proxy server return sup information be sent to client.The proxy server is with private key sk to ciphertext csup and close
Literary cresult is decrypted, and determines frequency and threshold value relationship according to decrypted result, sends corresponding sup information to cloud service
Device.
In conclusion the frequency measurement of example provides through the invention facing cloud end data publication protection safety and privacy
Method and system decrypts ciphertext by proxy server and then executes frequency in the case where four directions participates in and do not reveal plaintext
Threshold decision returns to frequency information to cloud server according to judging result, then information is returned to client by cloud server
End, and all records in cloud are saved with ciphertext form, that is, the high efficiency of cloud computing is utilized, and in turn ensure the safety of record information
Property.
The present invention is not intended to be limited to embodiment illustrated herein, and is to fit to and principles disclosed herein and new
The consistent widest scope of clever feature.The foregoing description of the disclosed embodiments enables professional and technical personnel in the field
It realizes or uses the present invention.Various modifications to these embodiments will be apparent for those skilled in the art
, the general principles defined herein can without departing from the spirit or scope of the present invention, in other embodiments
Middle realization.
Claims (5)
1. the frequency measuring method of a kind of facing cloud end data publication protection safety and privacy, which is characterized in that including walking as follows
It is rapid:
S1, database owner generate public key pk and private key sk with homomorphism key schedule FHE.KeyGen;Frequency threshold is set
Value k, and the encrypted form cc_thd of the complement code of-k is uploaded to cloud server;The database encrypted with public key pk is outsourced to
Cloud server;Public key pk is uploaded to cloud server to save;
S2, client obtain public key pk from cloud, ciphertext RC are obtained with the record R that public key pk encryption needs to inquire frequency, by RC
It is uploaded to cloud server;
S3, cloud server execute frequency ciphertext csup of the record RC of homomorphism operation inquiry encryption in ciphertext database;And
Threshold determination is carried out under homomorphism, obtains determining result cresult;Cresult and csup are sent to proxy server;It is described
The concrete operations for executing frequency ciphertext csup of the record RC of homomorphism operation inquiry encryption in ciphertext database are as follows:
Firstly, cloud server will record total l ciphertext record in RC and ciphertext tables of data does homomorphism operation respectively, l are obtained
Ciphertext cc1,cc2,…,ccl, concrete operations are as follows: cloud server will record RC=[rc1,rc2,…,rcn] and ciphertext data
I-th ciphertext records R in libraryi=[ci1,ci2,…,cin] corresponding to ciphertext position rcjAnd cijHomomorphism add operation is done, obtains n
Ciphertext position c 'ij=FHE.Add (pk, rcj,cij),j∈{1,2,…,n},i∈{1,2,…,l};Again by n ciphertext position c 'i1,
c’i2,…,c’inThe ciphertext c_m1=FHE.Enc (pk, 1) with 1 does homomorphism add operation respectively, obtains n new ciphertext positions
caddij=FHE.Add (pk, c 'ij, c_m1), i ∈ { 1,2 ..., l };Then, by n ciphertext position caddi1,caddi2,…,
caddinHomomorphism multiplying is done, ciphertext cc is obtainedi=FHE.Mult (pk, caddi1,caddi2,…,caddin),i∈{1,
2,…,l};
Then, by homomorphism addition FHE.Add operation and homomorphism multiplication FHE.Mult operation by ciphertext cc1,cc2,…,cclIt is cumulative
Get up, obtains frequency ciphertext csup, the csup=[cs of record RN,…,cs2,cs1] it is N number of ciphertext position,
S4, proxy server decrypt cresult with private key sk to obtain plaintext m, represent frequency and determine result;Determine according to frequency
As a result m and csup decrypted result sends information sup to cloud server;
The information sup that proxy server returns is sent to client by S5, cloud server.
2. the frequency measuring method of a kind of facing cloud end data publication protection safety according to claim 1 and privacy,
It is characterized in that, the database owner in the step S1 generates public key pk and private key sk, and private key sk is shared to agency's clothes
Business device.
3. the frequency measuring method of a kind of facing cloud end data publication protection safety according to claim 1 and privacy,
It is characterized in that, carries out threshold determination under homomorphism in the step S3, obtain the concrete operations for determining result cresult are as follows:
Cloud server is by csup=[csN,…,cs2,cs1] and cc_thd=FHE.Enc (pk ,-k)=[cthdN+1,cthdN,…,
cthd1] do following homomorphism operation: firstly, enabling c_carry0=FHE.Enc (pk, 0) then takes 1 up to N, by (i-1)-th to i
Carry ciphertext c_carryi-1With the i-th bit ciphertext position cs of csupiWith the i-th bit ciphertext position cthd of cc_thdiCarry out homomorphism addition
Carry ciphertext c_carry is obtained with homomorphism multiplyingi=FHE.Add (pk, FHE.Mult (pk, cthdi,c_carryi-1),
FHE.Mult(pk,csi,FHE.Add(pk,cthdi,c_carryi-1)));By highest carry ciphertext c_carryNWith cc_thd's
Highest ciphertext position cthdN+1=FHE.Enc (pk, 1) does homomorphism add operation, obtains ciphertext cresult=FHE.Add (pk, c_
carryN,cthdN+1)。
4. the frequency measuring method of a kind of facing cloud end data publication protection safety according to claim 1 and privacy,
It is characterized in that, frequency is obtained according to cresult plaintext result in the step S4 and determines that result concrete operations are as follows: agency service
Device decrypts cresult with private key sk and obtains plaintext m=FHE.Dec (sk, cresult), if m=0, illustrates the frequency of record R not
Lower than threshold value, proxy server sends the plaintext sup that csup is decrypted to cloud server;If m=1, judge that csup is decrypted
Obtained plaintext sup sends sup=0 to cloud server if not being queried record R in sup=0 database of descriptions;If
Sup ≠ 0 illustrates the frequency for recording R lower than threshold value, and the information sensing for recording R is strong, is easy leakage privacy information, proxy server
Sup=-1 is sent to cloud server.
5. the frequency measuring method of a kind of facing cloud end data publication protection safety according to claim 1 and privacy,
It is characterized in that, obtains frequency with cloud server processing ciphertext operation, and frequency and frequency threshold are carried out under ciphertext state
Compare, judgement is decrypted with proxy server compared result, is inquired in this course there is no leakage client
The sensitive the case where recording of frequency lower than threshold value in record content, database.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611012810.4A CN106534313B (en) | 2016-11-17 | 2016-11-17 | The frequency measuring method and system of facing cloud end data publication protection safety and privacy |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611012810.4A CN106534313B (en) | 2016-11-17 | 2016-11-17 | The frequency measuring method and system of facing cloud end data publication protection safety and privacy |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106534313A CN106534313A (en) | 2017-03-22 |
CN106534313B true CN106534313B (en) | 2019-09-13 |
Family
ID=58352203
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201611012810.4A Active CN106534313B (en) | 2016-11-17 | 2016-11-17 | The frequency measuring method and system of facing cloud end data publication protection safety and privacy |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106534313B (en) |
Families Citing this family (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107154845B (en) * | 2017-04-11 | 2020-08-11 | 中国人民武装警察部队工程大学 | BGN type ciphertext decryption outsourcing scheme based on attributes |
CN106953722B (en) * | 2017-05-09 | 2017-11-07 | 深圳市全同态科技有限公司 | Ciphertext query method and system for full homomorphic encryption |
US10630655B2 (en) * | 2017-05-18 | 2020-04-21 | Robert Bosch Gmbh | Post-quantum secure private stream aggregation |
WO2019020830A1 (en) * | 2017-07-28 | 2019-01-31 | Koninklijke Philips N.V. | Evaluation of a monitoring function |
US10546032B2 (en) | 2017-11-21 | 2020-01-28 | International Business Machines Corporation | System and method for association rule mining from encrypted databases |
WO2019102624A1 (en) * | 2017-11-27 | 2019-05-31 | 三菱電機株式会社 | Homomorphic inference device, homomorphic inference method, homomorphic inference program, and anonymized information processing system |
CN109889320B (en) * | 2019-01-24 | 2022-04-15 | 中国人民武装警察部队工程大学 | BGV type multi-key fully homomorphic encryption method |
CN110008717B (en) * | 2019-02-26 | 2023-04-11 | 东北大学 | Decision tree classification service system and method supporting privacy protection |
CN110391895B (en) * | 2019-07-31 | 2020-10-27 | 创新先进技术有限公司 | Data preprocessing method, ciphertext data acquisition method, device and electronic equipment |
US10790961B2 (en) | 2019-07-31 | 2020-09-29 | Alibaba Group Holding Limited | Ciphertext preprocessing and acquisition |
US11784800B2 (en) * | 2020-02-14 | 2023-10-10 | Google Llc | Secure multi-party reach and frequency estimation |
CN111526148B (en) * | 2020-04-26 | 2022-02-25 | 中山大学 | System and method for safely denoising encrypted audio in cloud computing environment |
CN112073172B (en) * | 2020-09-02 | 2021-11-05 | 北京邮电大学 | Grid identity-based dual-receiver fully homomorphic encryption method and system |
CN113127536B (en) * | 2021-04-14 | 2023-07-28 | 上海同态信息科技有限责任公司 | Offline fuzzy matching system based on homomorphic encryption |
CN113157778B (en) * | 2021-06-09 | 2021-09-24 | 富算科技(上海)有限公司 | Proxiable query method, system, device and medium for distributed data warehouse |
CN113609503A (en) * | 2021-08-10 | 2021-11-05 | 支付宝(杭州)信息技术有限公司 | Highest bit carry calculation method for protecting data privacy |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103281377A (en) * | 2013-05-31 | 2013-09-04 | 北京鹏宇成软件技术有限公司 | Cryptograph data storage and searching method for cloud |
CN103401871A (en) * | 2013-08-05 | 2013-11-20 | 苏州大学 | Method and system for sequencing ciphertexts orienting to homomorphic encryption |
CN104881615A (en) * | 2015-06-08 | 2015-09-02 | 武汉大学 | Efficient privacy protection ciphertext connection access operation validation method under cloud environment |
CN105743888A (en) * | 2016-01-22 | 2016-07-06 | 河南理工大学 | Agent re-encryption scheme based on keyword research |
-
2016
- 2016-11-17 CN CN201611012810.4A patent/CN106534313B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103281377A (en) * | 2013-05-31 | 2013-09-04 | 北京鹏宇成软件技术有限公司 | Cryptograph data storage and searching method for cloud |
CN103401871A (en) * | 2013-08-05 | 2013-11-20 | 苏州大学 | Method and system for sequencing ciphertexts orienting to homomorphic encryption |
CN104881615A (en) * | 2015-06-08 | 2015-09-02 | 武汉大学 | Efficient privacy protection ciphertext connection access operation validation method under cloud environment |
CN105743888A (en) * | 2016-01-22 | 2016-07-06 | 河南理工大学 | Agent re-encryption scheme based on keyword research |
Non-Patent Citations (3)
Title |
---|
一种可验证的公钥可搜索加密方案;刘鹏亮,俎龙辉,白翠翠,马 华;《计算机工程》;20141130;全文 * |
基于同态加密的密文检索技术研究;赵英明;《内蒙古大学硕士学位论文》;20140504;第三章,图3.3-3.7 * |
基于整数上同态加密的云存储密文检索系统;张雪娇;《中国海洋大学硕士学位论文》;20130523;全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN106534313A (en) | 2017-03-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106534313B (en) | The frequency measuring method and system of facing cloud end data publication protection safety and privacy | |
CN106533650B (en) | Interactive method for secret protection and system towards cloud | |
US11201734B2 (en) | Method and system for fault tolerant and secure multiparty computation with SPDZ | |
CN111512589B (en) | Method for fast secure multiparty inner product with SPDZ | |
Liu et al. | Privacy-preserving patient-centric clinical decision support system on naive Bayesian classification | |
Liang et al. | Searchable attribute-based mechanism with efficient data sharing for secure cloud storage | |
CN112989368A (en) | Method and device for processing private data by combining multiple parties | |
CN104283669B (en) | Re-encryption depth optimization method in full homomorphic cryptography | |
Hu et al. | An expressive “test-decrypt-verify” attribute-based encryption scheme with hidden policy for smart medical cloud | |
CN109327304A (en) | The lightweight homomorphic cryptography method of secret protection is realized in a kind of cloud computing | |
CN101321058B (en) | Method and system for encoding and decoding digital message | |
CN105978689B (en) | Secret key leakage resistant cloud data secure sharing method | |
Gennaro | Randomness in cryptography | |
Smithamol et al. | Hybrid solution for privacy-preserving access control for healthcare data | |
Zheng et al. | Toward privacy-preserving healthcare monitoring based on time-series activities over cloud | |
Li et al. | Fully homomorphic encryption with table lookup for privacy-preserving smart grid | |
Yang et al. | Achieving privacy-preserving sensitive attributes for large universe based on private set intersection | |
Gentry et al. | How to compress (reusable) garbled circuits | |
Huang et al. | Privacy preserving IoT-based crowd-sensing network with comparable homomorphic encryption and its application in combating COVID19 | |
Zuobin et al. | P2HBT: Partially Policy Hidden E‐Healthcare System with Black‐Box Traceability | |
Yang et al. | Simulation Study Based on Somewhat Homomorphic Encryption | |
CN112765669B (en) | Regular language searchable encryption system based on time authorization | |
CN101321059B (en) | Method and system for encoding and decoding digital message | |
Peng et al. | A novel quantum solution to secure two-party distance computation | |
Shen et al. | Secure access control for eHealth data in emergency rescue case based on traceable attribute-based encryption |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |