CN106534313B - The frequency measuring method and system of facing cloud end data publication protection safety and privacy - Google Patents

The frequency measuring method and system of facing cloud end data publication protection safety and privacy Download PDF

Info

Publication number
CN106534313B
CN106534313B CN201611012810.4A CN201611012810A CN106534313B CN 106534313 B CN106534313 B CN 106534313B CN 201611012810 A CN201611012810 A CN 201611012810A CN 106534313 B CN106534313 B CN 106534313B
Authority
CN
China
Prior art keywords
ciphertext
frequency
fhe
homomorphism
cloud server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201611012810.4A
Other languages
Chinese (zh)
Other versions
CN106534313A (en
Inventor
刘君强
陈芳慧
李挺
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Gongshang University
Original Assignee
Zhejiang Gongshang University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang Gongshang University filed Critical Zhejiang Gongshang University
Priority to CN201611012810.4A priority Critical patent/CN106534313B/en
Publication of CN106534313A publication Critical patent/CN106534313A/en
Application granted granted Critical
Publication of CN106534313B publication Critical patent/CN106534313B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/008Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords

Abstract

The invention discloses frequency measuring methods and system that a kind of facing cloud end data issues protection safety and privacy; database owner generates key pair; encryption outsourcing processing is carried out to database; cryptographic operation is carried out to the complement code of frequency threshold negative-k; and it is uploaded to cloud server, to proxy server authorization private key sk.The frequency of client application inquiry record R.Proxy server obtains database owner's authorization, and database owner is assisted to handle affairs;Cloud server is for storing ciphertext database, carrying out homomorphism arithmetic operation to ciphertext.The present invention combines full homomorphic cryptography technology; the frequency ciphertext of data record can be obtained under cloud environment and determines whether the frequency of record meets secret protection requirement; ensure that whole process will not reveal the record content that client is inquired, lower than the sensitive record content of threshold value, the frequency that can either realize that the secure storage of data facilitates cloud protect privacy again measures frequency in database simultaneously.

Description

The frequency measuring method and system of facing cloud end data publication protection safety and privacy
Technical field
The present invention relates to secret protection Related Research Domains, issue protection safety more particularly to a kind of facing cloud end data And the frequency measuring method and system of privacy.
Background technique
In the epoch of information sharing, the important research field of secret protection and information security as IT circles.Information peace Complete requirement to prevent unwarranted number is it is disclosed, and secret protection is intended to that disclosed data is avoided to be used for therefrom reasoning individual's Sensitive information.
With the arrival of big data era, more and more people storing data and execute meter beyond the clouds using cloud computing technology Processing task is calculated, secret protection faces many new challenges.There is the danger of leakage privacy in data storage procedure beyond the clouds, removes this Except, secret protection treatment process itself may also be under attack, this undoubtedly increases the risk of privacy leakage and avoids risk Difficulty.
The safety problem that cloud data are solved with the technology of cryptography is a selection well, and data are added It is uploaded to cloud storage after close, the risk of privacy leakage is just not present.But encryption data presence in cloud is difficult to operation Problem.Fortunately full homomorphic cryptography technology provides possibility to solve new challenge.Full homomorphic cryptography is that one kind can be direct The technology that ciphertext data under encrypted state are operated.The general of homomorphic cryptography is just proposed early in Rivest in 1978 et al. It reading, wherein public key algorithm RSA is multiplicative homomorphic encipherment scheme, and Paillier algorithm is additive homomorphism encipherment scheme, but this It stagnates always afterwards.After Gentry in 2009 constructs first full homomorphic encryption scheme, there is rapid development, occurs Many achievements, comprising: the full homomorphic encryption scheme based on ideal lattice, the scheme based on integer such as Dijk, Gentry etc. is based on the scheme of LWE (Learning With Error), and Lyubaskevsky etc. is based on RLWE (Ring LWE) Scheme, Brakerski etc. are based on the scheme of GLWE (Generalized LWE).But these schemes are mostly based on theory, need Continue to study efficient practical plan.
The data for carrying out secret protection processing can will be needed to be encrypted using full homomorphic cryptography technology, recycled Cloud computing carries out the processing of ciphertext data operation, obtains the ciphertext data for meeting secret protection requirement.Utilize full homomorphic cryptography technology Data content safety can be protected but also protect data handling procedure safe.
It carries out generally requiring the frequency in statistical data record when data-privacy protection processing beyond the clouds, the present invention combines same State encryption technology needs to protect the purpose of data safety and privacy in facing cloud end data issuing process, proposes that a kind of homomorphism is close Data record frequency measuring method and system under text are handled for secret protection.
Summary of the invention
In view of the above-mentioned deficiencies in the prior art, it is an object of the present invention to provide a kind of facing cloud end data publication protection safety and The frequency measuring method and system of privacy.
The purpose of the present invention is achieved through the following technical solutions: a kind of facing cloud end data publication protection safety and The frequency measuring method of privacy, includes the following steps:
S1, database owner generate public key pk and private key sk with homomorphism key schedule FHE.KeyGen;Setting frequency Threshold value k is spent, and the encrypted form cc_thd of the complement code of-k is uploaded to cloud server;It will be outside the database that encrypted with public key pk Wrap cloud server;Public key pk is uploaded to cloud server to save;
S2, client obtain public key pk from cloud, obtain ciphertext RC with the record R that public key pk encryption needs to inquire frequency, RC is uploaded to cloud server;
S3, cloud server execute frequency ciphertext of the record RC of homomorphism operation inquiry encryption in ciphertext database csup;And threshold determination is carried out under homomorphism, it obtains determining result cresult;Cresult and csup are sent to agency service Device;
S4, proxy server decrypt cresult with private key sk to obtain plaintext m, represent frequency and determine result;According to frequency Determine that result m and csup decrypted result send information sup to cloud server;
The information sup that proxy server returns is sent to client by S5, cloud server.
Further, the database owner in the step S1 generates public key pk and private key sk, and private key sk is shared To proxy server.
Further, frequency ciphertext csup tool of the homomorphism operation inquiry RC in ciphertext database is executed in the step S3 Gymnastics is made as follows:
Firstly, cloud server will record total l ciphertext record in RC and ciphertext tables of data does homomorphism operation respectively, obtain L ciphertext cc1,cc2,…,ccl, concrete operations are as follows: cloud server will record RC=[rc1,rc2,…,rcn] and ciphertext number R is recorded according to i-th ciphertext in libraryi=[ci1,ci2,…,cin] corresponding to ciphertext position rcjAnd cijHomomorphism add operation is done, n is obtained A ciphertext position c 'ij=FHE.Add (pk, rcj,cij),j∈{1,2,…,n},i∈{1,2,…,l};Again by n ciphertext position c ’i1,c’i2,…,c’inThe ciphertext c_m1=FHE.Enc (pk, 1) with 1 does homomorphism add operation respectively, obtains n new ciphertexts Position caddij=FHE.Add (pk, c 'ij, c_m1), i ∈ { 1,2 ..., n };Then, by n ciphertext position caddi1,caddi2,…, caddinHomomorphism multiplying is done, ciphertext cc is obtainedi=FHE.Mult (pk, caddi1,caddi2,…,caddin),i∈{1, 2,…,l};
Then, by homomorphism addition FHE.Add operation and homomorphism multiplication FHE.Mult operation by ciphertext cc1,cc2,…,ccl It adds up, obtains frequency ciphertext csup, the csup=[cs of record RN,…,cs2,cs1] it is N number of ciphertext position,
Further, threshold determination is carried out under homomorphism in the step S3, obtain determining that result cresult's is specific Operation are as follows: cloud server is by csup=[csN,…,cs2,cs1] and cc_thd=FHE.Enc (pk ,-k)=[cthdN+1, cthdN,…,cthd1] do following homomorphism operation: firstly, enabling c_carry0=FHE.Enc (pk, 0) then takes 1 until N i, By (i-1)-th carry ciphertext c_carryi-1With the i-th bit ciphertext position cs of csupiWith the i-th bit ciphertext position cthd of cc_thdiIt carries out Homomorphism addition and homomorphism multiplying obtain carry ciphertext c_carryi=FHE.Add (pk, FHE.Mult (pk, cthdi,c_ carryi-1),FHE.Mult(pk,csi,FHE.Add(pk,cthdi,c_carryi-1)));By highest carry ciphertext c_carryN With the highest ciphertext position cthd of cc_thdN+1=FHE.Enc (pk, 1) does homomorphism add operation, obtains ciphertext cresult= FHE.Add(pk,c_carryN,cthdN+1)。
Further, frequency is obtained according to cresult plaintext result in the step S4 and determines that result concrete operations are as follows: Proxy server decrypts cresult with private key sk and obtains plaintext m=FHE.Dec (sk, cresult), if m=0, illustrates to record R Frequency be not less than threshold value, proxy server sends the plaintext sup that decrypts of csup to cloud server;If m=1, judgement The plaintext sup that csup is decrypted sends sup to cloud server if not being queried record R in sup=0 database of descriptions =0;If sup ≠ 0 illustrates the frequency for recording R lower than threshold value, the information sensing for recording R is strong, is easy leakage privacy information, agency Server sends sup=-1 to cloud server.
Further, frequency is obtained with cloud server processing ciphertext operation, and by frequency and frequency threshold in ciphertext shape It is compared under state, judgement is decrypted with proxy server compared result, there is no leakage clients in this course In the record content inquired, database frequency lower than threshold value sensitive record the case where.
A kind of facing cloud end data issues the frequency measurement system of protection safety and privacy, which includes four directions: data Library owner, client, proxy server, cloud server.Database owner is mainly responsible for generation key pair, to database Encryption outsourcing processing is carried out, cryptographic operation is carried out to the complement code of frequency threshold negative-k, and be uploaded to cloud server, to agency Server authorization private key sk.Client mainly applies for the frequency of inquiry record R.Proxy server obtains database owner and awards Power assists database owner to handle affairs, including saves client private key sk, decrypts ciphertext;Cloud server is for storing Ciphertext database carries out homomorphism arithmetic operation to ciphertext.
The beneficial effects of the present invention are: the present invention combines full homomorphic cryptography technology, data note can be obtained under cloud environment The frequency ciphertext of record simultaneously determines whether the frequency of record meets secret protection requirement, while ensuring that whole process will not reveal client Frequency can either realize that the safety of data is deposited lower than the sensitive record content of threshold value in the inquired record content in end, database The frequency that storage facilitates cloud to carry out protection privacy again measures.
Detailed description of the invention
Fig. 1 is the frequency measuring method operating process of facing cloud end data publication protection safety and privacy provided by the invention Figure;
Fig. 2 is that the frequency measuring method and system of facing cloud end data publication protection safety and privacy provided by the invention are real Illustration is applied to be intended to;
Fig. 3 is the frequency measurement system structure signal of facing cloud end data publication protection safety and privacy provided by the invention Figure.
Specific embodiment
Before introducing specific implementation, the rudimentary knowledge of some full homomorphic cryptographies is first introduced.Homomorphic encryption scheme packet Containing four probability times multinomial algorithm HE={ KeyGen, Encrypt, Decrypt, Evaluate }, the work of this four algorithms With as follows with process, λ is security parameter:
KeyGen is generation scheme key algorithm.Security parameter λ is inputted, output obtains public key pk, private key sk and public comments Estimate key evk, evk is public key information needed for operation Boolean circuit.(pk,evk,sk)←HE.KeyGen(1λ)。
Encrypt is ciphertext generating algorithm.Public key pk and single bit of information m ∈ { 0,1 } is inputted, output obtains a ciphertext c。c←HE.Encpk(m)。
Decrypt is that ciphertext is decrypted.A private key sk and ciphertext c is inputted, output obtains information m*∈{0,1}。m* ←HE.Decsk(c)。
Evaluate is for ensuring that the correctness of homomorphic cryptography.The correctness of homomorphic cryptography exactly carries out several ciphertexts The plaintext that the ciphertext that homomorphism is calculated obtains after being decrypted, plaintext corresponding with ciphertext carry out obtained by identical calculations The result is that equal.Input assessment key evk, a functionAnd ciphertextOutput obtains One ciphertext cfTo cfThe result being decrypted, which is equal to, to be corresponded to In plain textCarry out identical operation as a result, i.e. Most important operation behaviour Work is homomorphism add operation HE.Add and homomorphism multiplying HE.Mult.
The present invention using the full homomorphic encryption scheme of the higher BGV based on RLWE of current efficiency (Z.Brakerski, C.Gentry,and V.Vaikuntanathan.(leveled)fully homomorphic encryptionwithout Bootstrapping.TOCT, 6 (3): 13,2014.Preliminary version in ITCS 2012.), for the ease of reason Solution, will make introduction to the principle of the full homomorphic cryptography first.
The building of base case GHE based on GLWE is as follows:
1、GHE.Setup(1λ,1μ, b): determine that we are to based on LWE scheme (d=1) using bit b ∈ { 0,1 } Or it is based on RLWE scheme (n=1) setup parameter, d parameter indicates to estimate polynomial degree.Select a μ bit moduli q and its His parameter (d=d (λ, μ, b), n=n (λ, μ, b),χ=χ (λ, μ, b)) to ensure to be based on The case of GLWE scheme has 2λSafety with resist lattice attack.It allowsWith parameter params=(q, d, n,N,χ).
2, GHE.SecretKeyGen (params): s' ← χ is chosenn, obtain
3, GHE.PublicKeyGen (params, sk): using private key as input sk=s=(1, s'), s [0]=1,There are also parameter params.Uniformly generate a matrixOne vector e ← χNWith a set b ← A' S'+2e. setting A becomes (n+1) column matrix comprising b, and aft section is the n column matrix (As=2e) of-A'.Public key pk=A.
4, GHE.Enc (params, pk, m): in order to encrypt an information m ∈ R2, settingSamplingExport ciphertext
5, GHE.Dec (params, sk, c): output solution confidential information m ← [[<c, s>]q]2
Full homomorphic encryption algorithm without bootstrapping is accomplished by
The first, parameter setting.The full homomorphic encryption scheme that the present invention uses is based on polynomial ring, polynomial ringD is 2 power power, and λ is the security parameter of homomorphic encryption scheme, and ciphertext multinomial coefficient takes μ bit Modulus q, L are binary arithmetic operation circuit depths, other parameters (d=d (λ, μ, b), n=n (λ, μ, b),χ=χ (λ, μ, b)) to ensure 2λSafety.N=1 is exactly to set the instantiation based on RLWE. In order to allow full homomorphic cryptography to be suitable for universe anonymity algorithm, plaintext space is set as R2=R/2R.
The second, key schedule FHE.KeyGen.Key pair generates as follows: GHE.SecretKeyGen (params): Choose s' ← χn, obtain private keyGHE.PublicKeyGen(params, Sk): using private key as input sk=s=(1, s'), s [0]=1,There are also parameter params=(q, d, n, N, χ). Uniformly generate a matrixOne vector e ← χNBecome with set b ← A's'+2e. setting A and includes b's (n+1) column matrix, aft section are the n column matrix (As=2e) of-A'.Public key pk=A.
J=L to 0 is recycled, params is runj←GHE.Setup(1λ,1(j+1)·μ, b) come the level for the mould that obtains successively decreasing from qL ((L+1) μ bits) is to q0(μ bits) recycles j=L-1 to 0, parameter paramsjMiddle djValue be replaced by d=dL, it is distributed χj It is replaced by χ=χL
FHE.KeyGen(paramsj): circulation j=L to 0, following realization:
1, s is runj←GHE.SecretKeyGen(paramsj)and Aj←GHE.PublicKeyGen(paramsj, sj)。
2, it is arrangeds'jIt is sjTensor, its coefficient is in RqjIn sjTwo coefficients Product.
3, s " is setj←BitDecomp(s'j,qj)。
4, τ is runs”j+1→sj←SwitchKeyGen(s”j,sj-1), this step is omitted as j=L.
Private key sk includes all sj, public key pk includes all AjAnd τs”j+1→sj
Third, encryption algorithm F HE.Enc (params, pk, m): in R2In find information m, run GHE.Enc (AL,m)。 GHE.Enc (pk, m): in order to encrypt an information m ∈ R2, settingSamplingOutput Ciphertext
4th, decipherment algorithm FHE.Dec (params, sk, c): assuming that ciphertext is in sjUnder, run GHE.Dec (sj, c).GHE.Dec (sk, c): output solution confidential information m ← [[<c, s>]q]2
5th, homomorphism addition FHE.Add (pk, c1,c2): private key s is equally used in input twojThe ciphertext of encryption.C is set3← c1+c2mod qj。c3It is exactly in s'jUnder ciphertext (s'jParameter include all sjParameter becauseAnd s'jFirst coefficient be 1), export c4=FHE.Refresh (c3s”j→sj-1,qj,qj-1)。
6th, homomorphism multiplication FHE.Mult (pk, c1,c2): private key s is equally used in input twojThe ciphertext of encryption.Firstly, new Ciphertext be in private keyUnder, it is linear equalityCoefficient vector c3, export c4= FHE.Refresh(c3s”j→sj-1,qj,qj-1)。
FHE.Refresh(c,τs”j→sj-1,qj,qj-1): input private key s'jUnder ciphertext, auxiliary information τs”j→sj-1To help Key is helped to convert, current and next modulus is qjAnd qj-1, do following work: expansion c first1←Powersof2(c,qj).So After carry out analog-to-digital conversion, c2←Scale(c1,qj,qj-1, 2), corresponding private key s "jWith modulus qj-1.Key conversion is carried out again, is exported c3←SwitchKey(τs”j→sj-1,c2,qj-1), corresponding private key sj-1With modulus qj-1
Wherein c'=Scale (c, p, q, 2) is mould converting algorithm, and p, q are two odd modes, and c is an integer vectors, c' It is one close to the integer vectors of (p/q) c and meets c'=c mod 2.X is decomposed As its bit representation method,Output SwitchKeyGen(s1,s2,n1,n2, q) and two private keys of inputWith the dimension of private key, modulus q, private key s2 WithRun GHE.PublicKeyGen (s2, N) and public key A is obtained, generate B=A+Powesof2 (s1, q), so The auxiliary information τ exported afterwardss1→s2=B realizes exchange.Wherein,
Below with reference to the accompanying drawings and in conjunction with example the present invention will be described in detail.
Fig. 1 is the frequency measuring method operating process of facing cloud end data publication protection safety and privacy provided by the invention Figure.As shown in Figure 1, the frequency measuring method of facing cloud end data publication protection safety provided by the invention and privacy includes step S1-S5。
Step S1: database owner generates public key pk and private key sk with key schedule FHE.KeyGen, by frequency Cloud server is uploaded after the complement code encryption of threshold value volume negative-k, then uploads cloud service after database is encrypted with public key pk Public key pk is equally uploaded to cloud server by device.
Step S2: client requests to obtain public key pk from cloud server, the note of inquiry frequency needed for being encrypted with public key pk R is recorded, ciphertext RC is obtained, RC is uploaded to cloud server.
Step S3: cloud server executes homomorphism operation and obtains the frequency csup of RC, carries out frequency threshold by homomorphism operation Value judgement obtains cresult, and csup and cresult are sent to proxy server.
Step S4: proxy server decryption cresult obtains plaintext m, and decryption csup obtains plaintext sup, according to m and sup Judge whether the frequency for recording R is greater than threshold value, according to judgement setting sup and is sent to cloud server.
Step S5: sup is sent to client by cloud server.
Further it is described in detail with the example in Fig. 2.Fig. 2 is facing cloud end data publication protection provided by the invention The frequency measuring method and system embodiment schematic diagram of safety and privacy.As shown in Fig. 2, facing cloud end data provided by the invention The frequency measuring method of publication protection safety and privacy includes step S1-S5, and provided system includes database owner, visitor Family end, proxy server, cloud server.
Specifically, by taking the database comprising 6 records in attached drawing 2 as an example, it is assumed that the record of every encryption is close with n Literary position indicates, the present invention is described in detail.
Step S1: database owner generates public key pk and private key sk using homomorphism key schedule, and by database In record be converted to after binary representation and be encrypted with public key pk, obtained ciphertext database is uploaded to cloud Server, while it is 2 that frequency threshold k, which is arranged, its negative value-k=-2 complement code is encrypted with public key pk, and is uploaded to cloud clothes Business device.It is hereby stated that in database, record and homomorphism calculating process, encrypt every time same plaintext position all generate it is different close R is recorded in text, such as attached drawing 211 encrypted result FHE.Enc (pk, 1) representated by each 1' of ciphertext form be all mutually not Identical, same each 0' is mutually different.Also, database owner does not also reveal the frequency threshold of setting outwardly k.The outer bag data of database owner is the process being constantly superimposed to cloud server, is completed during idle time.
Step S2: client obtains itself wanting by sending inquiry request to cloud server the record R's of inquiry Frequency.Firstly, client requests public key pk to cloud server, cloud server will reach client under public key pk;Secondly, objective Family end public key pk to the record R={ 11, Female, 375720 } for needing to inquire frequency be converted to binary system [1,1,0,0 ..., 1] it is encrypted again, obtains ciphertext record RC=[1', 1', 0', 0' ..., 1'];RC is sent to cloud server to carry out Homomorphism operation.
Step S3: firstly, cloud server by RC=[1', 1', 0', 0' ..., 1'] in ciphertext database totally 6 it is close Text record carries out homomorphism operation, obtains 6 ciphertext cc1=1', cc2=0', cc3=0', cc4=0', cc5=0', cc6=1'. With RC and R2It does homomorphism and cc is calculated2For, R2=[1', 0', 0', 1' ..., 1'], by RC and R2Corresponding i-th of ciphertext To do homomorphism add operation, n ciphertext 0', 1', 0', 1' ..., 0', i ∈ { 1,2 ..., n } are obtained;Above-mentioned n ciphertext is distinguished Ciphertext 1' with 1 carries out homomorphism add operation, obtains new n ciphertext 1', 0', 1', 0' ..., 1';By above-mentioned n ciphertext position It is homomorphism multiplying FHE.Mult (pk, 1', 0', 1', 0' ..., 1') and obtains ciphertext cc2=0'.Similarly, by RC and other 5 Item record does homomorphism operation.
Then, cloud server is to 6 ciphertext cc1=1', cc2=0', cc3=0', cc4=0', cc5=0', cc6=1' It adds up, the frequency ciphertext csup of record R can be obtained, concrete operations are as follows: due to counting obtained maximum possible frequency Ciphertext is related to data-base recording amount, and frequency ciphertext position is up toFirstly, setting ciphertext csup's is initial Ciphertext csup=[the cs that value is 303,cs2,cs1]=[0', 0', 0'];Then, ciphertext csup is added into first ciphertext cc1 =1', operation ccarry1=FHE.Mult (pk, 1', 0') obtains carry ccarry1=0', operation cs1=FHE.Add (pk, 1', 0') obtain new minimum ciphertext position cs1=1', then operation ccarryi=FHE.Mult (pk, ccarryi-1,csi),csi =FHE.Add (pk, ccarryi-1,csi), i ∈ { 2,3 } obtains carry ccarry2=0', ccarry3=0', new ciphertext position cs3=0', cs2=0'.Then, add up upper first ciphertext cc1Frequency ciphertext csup=[cs after=1'3,cs2,cs1]= [0', 0', 1'], then add up other 5 ciphertexts, finally obtains frequency ciphertext csup=[cs3,cs2,cs1]=[0', 1', 0']。
Finally, cloud server carries out threshold determination after obtaining frequency ciphertext csup.Threshold value is database owner It sets and encrypts, threshold value ciphertext cc_thd=[cthdN+1,cthdN,…,cthd1] it include N+1 ciphertext position.In this example Cc_thd=FHE.Enc (pk, -2)=[cthd4,cthd3,cthd2,cthd1]=[1', 1', 1', 0'].Firstly, enabling c_ carry0=FHE.Enc (pk, 0) then carries out homomorphism operation and obtains carry c_carryi=FHE.Add (pk, FHE.Mult (pk,cthdi,c_carryi-1),FHE.Mult(pk,csi,FHE.Add(pk,cthdi,c_carryi-1))), i ∈ { 1,2,3 }, Wherein c_carry3=1';Last operation cresult=FHE.Add (pk, cthd4,c_carry3) obtain determining result Cresult=0'.Cloud server will reach proxy server under obtained ciphertext cresult and be decrypted.
Step S4: proxy server with private key sk decrypt cresult obtain plaintext m=FHE.Dec (sk, cresult)= 0, illustrate the frequency for recording R={ 11, Female, 375720 } not less than threshold value, proxy server is sent to cloud server The plaintext sup=[0,1,0]=2 that csup is decrypted.
Step S5: sup=2 is sent to client by cloud server, client just learn record R=11, Female, 375720 } frequency is 2.
Equally, if the frequency of the record R={ 32, Male, 375722 } of client request inquiry, will obtain The decrypted result m=FHE.Dec (sk, cresult) of cresult=1, csup decrypted result sup=1, illustrates that the frequency of R is lower than Threshold value and be sensitive record, sends sup=-1 to cloud server;If client request inquiry record R=67, Male, 375720 } frequency will obtain decrypted result m=FHE.Dec (sk, cresult)=1, csup solution of cresult Close result sup=0, there is no record R in database of descriptions, send sup=0 to cloud server;
Fig. 3 is the protection data safety of facing cloud end data publication provided by the invention and the frequency measurement system knot of privacy Structure schematic diagram.As shown in figure 3, the frequency measurement of the protection data safety and privacy of facing cloud end data publication provided by the invention System includes four database owner, client, proxy server, cloud server parts.The database owner connects Meet cloud server and proxy server, the Client Agent connection database owner and cloud server, the client End connection cloud server.Private key sk is shared to agency for generating public key pk and private key sk by the database owner Public key pk is sent to cloud server by server, will be sent to cloud server after database public key pk encryption, and set Frequency threshold k is set, the complement code of p- k is sent to cloud server after being encrypted with public key pk.The client is sent out to cloud server It send and frequency is requested and inquired using public key requests, after obtaining public key pk from cloud server, frequency need to be inquired with public key pk encryption The record R of degree, and to cloud server send R ciphertext RC.The cloud server executes homomorphism operation, including homomorphism addition Operation and homomorphism multiplying, obtain frequency ciphertext csup and frequency determines ciphertext cresult and is sent to proxy server, together When by proxy server return sup information be sent to client.The proxy server is with private key sk to ciphertext csup and close Literary cresult is decrypted, and determines frequency and threshold value relationship according to decrypted result, sends corresponding sup information to cloud service Device.
In conclusion the frequency measurement of example provides through the invention facing cloud end data publication protection safety and privacy Method and system decrypts ciphertext by proxy server and then executes frequency in the case where four directions participates in and do not reveal plaintext Threshold decision returns to frequency information to cloud server according to judging result, then information is returned to client by cloud server End, and all records in cloud are saved with ciphertext form, that is, the high efficiency of cloud computing is utilized, and in turn ensure the safety of record information Property.
The present invention is not intended to be limited to embodiment illustrated herein, and is to fit to and principles disclosed herein and new The consistent widest scope of clever feature.The foregoing description of the disclosed embodiments enables professional and technical personnel in the field It realizes or uses the present invention.Various modifications to these embodiments will be apparent for those skilled in the art , the general principles defined herein can without departing from the spirit or scope of the present invention, in other embodiments Middle realization.

Claims (5)

1. the frequency measuring method of a kind of facing cloud end data publication protection safety and privacy, which is characterized in that including walking as follows It is rapid:
S1, database owner generate public key pk and private key sk with homomorphism key schedule FHE.KeyGen;Frequency threshold is set Value k, and the encrypted form cc_thd of the complement code of-k is uploaded to cloud server;The database encrypted with public key pk is outsourced to Cloud server;Public key pk is uploaded to cloud server to save;
S2, client obtain public key pk from cloud, ciphertext RC are obtained with the record R that public key pk encryption needs to inquire frequency, by RC It is uploaded to cloud server;
S3, cloud server execute frequency ciphertext csup of the record RC of homomorphism operation inquiry encryption in ciphertext database;And Threshold determination is carried out under homomorphism, obtains determining result cresult;Cresult and csup are sent to proxy server;It is described The concrete operations for executing frequency ciphertext csup of the record RC of homomorphism operation inquiry encryption in ciphertext database are as follows:
Firstly, cloud server will record total l ciphertext record in RC and ciphertext tables of data does homomorphism operation respectively, l are obtained Ciphertext cc1,cc2,…,ccl, concrete operations are as follows: cloud server will record RC=[rc1,rc2,…,rcn] and ciphertext data I-th ciphertext records R in libraryi=[ci1,ci2,…,cin] corresponding to ciphertext position rcjAnd cijHomomorphism add operation is done, obtains n Ciphertext position c 'ij=FHE.Add (pk, rcj,cij),j∈{1,2,…,n},i∈{1,2,…,l};Again by n ciphertext position c 'i1, c’i2,…,c’inThe ciphertext c_m1=FHE.Enc (pk, 1) with 1 does homomorphism add operation respectively, obtains n new ciphertext positions caddij=FHE.Add (pk, c 'ij, c_m1), i ∈ { 1,2 ..., l };Then, by n ciphertext position caddi1,caddi2,…, caddinHomomorphism multiplying is done, ciphertext cc is obtainedi=FHE.Mult (pk, caddi1,caddi2,…,caddin),i∈{1, 2,…,l};
Then, by homomorphism addition FHE.Add operation and homomorphism multiplication FHE.Mult operation by ciphertext cc1,cc2,…,cclIt is cumulative Get up, obtains frequency ciphertext csup, the csup=[cs of record RN,…,cs2,cs1] it is N number of ciphertext position,
S4, proxy server decrypt cresult with private key sk to obtain plaintext m, represent frequency and determine result;Determine according to frequency As a result m and csup decrypted result sends information sup to cloud server;
The information sup that proxy server returns is sent to client by S5, cloud server.
2. the frequency measuring method of a kind of facing cloud end data publication protection safety according to claim 1 and privacy, It is characterized in that, the database owner in the step S1 generates public key pk and private key sk, and private key sk is shared to agency's clothes Business device.
3. the frequency measuring method of a kind of facing cloud end data publication protection safety according to claim 1 and privacy, It is characterized in that, carries out threshold determination under homomorphism in the step S3, obtain the concrete operations for determining result cresult are as follows: Cloud server is by csup=[csN,…,cs2,cs1] and cc_thd=FHE.Enc (pk ,-k)=[cthdN+1,cthdN,…, cthd1] do following homomorphism operation: firstly, enabling c_carry0=FHE.Enc (pk, 0) then takes 1 up to N, by (i-1)-th to i Carry ciphertext c_carryi-1With the i-th bit ciphertext position cs of csupiWith the i-th bit ciphertext position cthd of cc_thdiCarry out homomorphism addition Carry ciphertext c_carry is obtained with homomorphism multiplyingi=FHE.Add (pk, FHE.Mult (pk, cthdi,c_carryi-1), FHE.Mult(pk,csi,FHE.Add(pk,cthdi,c_carryi-1)));By highest carry ciphertext c_carryNWith cc_thd's Highest ciphertext position cthdN+1=FHE.Enc (pk, 1) does homomorphism add operation, obtains ciphertext cresult=FHE.Add (pk, c_ carryN,cthdN+1)。
4. the frequency measuring method of a kind of facing cloud end data publication protection safety according to claim 1 and privacy, It is characterized in that, frequency is obtained according to cresult plaintext result in the step S4 and determines that result concrete operations are as follows: agency service Device decrypts cresult with private key sk and obtains plaintext m=FHE.Dec (sk, cresult), if m=0, illustrates the frequency of record R not Lower than threshold value, proxy server sends the plaintext sup that csup is decrypted to cloud server;If m=1, judge that csup is decrypted Obtained plaintext sup sends sup=0 to cloud server if not being queried record R in sup=0 database of descriptions;If Sup ≠ 0 illustrates the frequency for recording R lower than threshold value, and the information sensing for recording R is strong, is easy leakage privacy information, proxy server Sup=-1 is sent to cloud server.
5. the frequency measuring method of a kind of facing cloud end data publication protection safety according to claim 1 and privacy, It is characterized in that, obtains frequency with cloud server processing ciphertext operation, and frequency and frequency threshold are carried out under ciphertext state Compare, judgement is decrypted with proxy server compared result, is inquired in this course there is no leakage client The sensitive the case where recording of frequency lower than threshold value in record content, database.
CN201611012810.4A 2016-11-17 2016-11-17 The frequency measuring method and system of facing cloud end data publication protection safety and privacy Active CN106534313B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611012810.4A CN106534313B (en) 2016-11-17 2016-11-17 The frequency measuring method and system of facing cloud end data publication protection safety and privacy

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611012810.4A CN106534313B (en) 2016-11-17 2016-11-17 The frequency measuring method and system of facing cloud end data publication protection safety and privacy

Publications (2)

Publication Number Publication Date
CN106534313A CN106534313A (en) 2017-03-22
CN106534313B true CN106534313B (en) 2019-09-13

Family

ID=58352203

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611012810.4A Active CN106534313B (en) 2016-11-17 2016-11-17 The frequency measuring method and system of facing cloud end data publication protection safety and privacy

Country Status (1)

Country Link
CN (1) CN106534313B (en)

Families Citing this family (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107154845B (en) * 2017-04-11 2020-08-11 中国人民武装警察部队工程大学 BGN type ciphertext decryption outsourcing scheme based on attributes
CN106953722B (en) * 2017-05-09 2017-11-07 深圳市全同态科技有限公司 Ciphertext query method and system for full homomorphic encryption
US10630655B2 (en) * 2017-05-18 2020-04-21 Robert Bosch Gmbh Post-quantum secure private stream aggregation
WO2019020830A1 (en) * 2017-07-28 2019-01-31 Koninklijke Philips N.V. Evaluation of a monitoring function
US10546032B2 (en) 2017-11-21 2020-01-28 International Business Machines Corporation System and method for association rule mining from encrypted databases
WO2019102624A1 (en) * 2017-11-27 2019-05-31 三菱電機株式会社 Homomorphic inference device, homomorphic inference method, homomorphic inference program, and anonymized information processing system
CN109889320B (en) * 2019-01-24 2022-04-15 中国人民武装警察部队工程大学 BGV type multi-key fully homomorphic encryption method
CN110008717B (en) * 2019-02-26 2023-04-11 东北大学 Decision tree classification service system and method supporting privacy protection
CN110391895B (en) * 2019-07-31 2020-10-27 创新先进技术有限公司 Data preprocessing method, ciphertext data acquisition method, device and electronic equipment
US10790961B2 (en) 2019-07-31 2020-09-29 Alibaba Group Holding Limited Ciphertext preprocessing and acquisition
US11784800B2 (en) * 2020-02-14 2023-10-10 Google Llc Secure multi-party reach and frequency estimation
CN111526148B (en) * 2020-04-26 2022-02-25 中山大学 System and method for safely denoising encrypted audio in cloud computing environment
CN112073172B (en) * 2020-09-02 2021-11-05 北京邮电大学 Grid identity-based dual-receiver fully homomorphic encryption method and system
CN113127536B (en) * 2021-04-14 2023-07-28 上海同态信息科技有限责任公司 Offline fuzzy matching system based on homomorphic encryption
CN113157778B (en) * 2021-06-09 2021-09-24 富算科技(上海)有限公司 Proxiable query method, system, device and medium for distributed data warehouse
CN113609503A (en) * 2021-08-10 2021-11-05 支付宝(杭州)信息技术有限公司 Highest bit carry calculation method for protecting data privacy

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103281377A (en) * 2013-05-31 2013-09-04 北京鹏宇成软件技术有限公司 Cryptograph data storage and searching method for cloud
CN103401871A (en) * 2013-08-05 2013-11-20 苏州大学 Method and system for sequencing ciphertexts orienting to homomorphic encryption
CN104881615A (en) * 2015-06-08 2015-09-02 武汉大学 Efficient privacy protection ciphertext connection access operation validation method under cloud environment
CN105743888A (en) * 2016-01-22 2016-07-06 河南理工大学 Agent re-encryption scheme based on keyword research

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103281377A (en) * 2013-05-31 2013-09-04 北京鹏宇成软件技术有限公司 Cryptograph data storage and searching method for cloud
CN103401871A (en) * 2013-08-05 2013-11-20 苏州大学 Method and system for sequencing ciphertexts orienting to homomorphic encryption
CN104881615A (en) * 2015-06-08 2015-09-02 武汉大学 Efficient privacy protection ciphertext connection access operation validation method under cloud environment
CN105743888A (en) * 2016-01-22 2016-07-06 河南理工大学 Agent re-encryption scheme based on keyword research

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
一种可验证的公钥可搜索加密方案;刘鹏亮,俎龙辉,白翠翠,马 华;《计算机工程》;20141130;全文 *
基于同态加密的密文检索技术研究;赵英明;《内蒙古大学硕士学位论文》;20140504;第三章,图3.3-3.7 *
基于整数上同态加密的云存储密文检索系统;张雪娇;《中国海洋大学硕士学位论文》;20130523;全文 *

Also Published As

Publication number Publication date
CN106534313A (en) 2017-03-22

Similar Documents

Publication Publication Date Title
CN106534313B (en) The frequency measuring method and system of facing cloud end data publication protection safety and privacy
CN106533650B (en) Interactive method for secret protection and system towards cloud
US11201734B2 (en) Method and system for fault tolerant and secure multiparty computation with SPDZ
CN111512589B (en) Method for fast secure multiparty inner product with SPDZ
Liu et al. Privacy-preserving patient-centric clinical decision support system on naive Bayesian classification
Liang et al. Searchable attribute-based mechanism with efficient data sharing for secure cloud storage
CN112989368A (en) Method and device for processing private data by combining multiple parties
CN104283669B (en) Re-encryption depth optimization method in full homomorphic cryptography
Hu et al. An expressive “test-decrypt-verify” attribute-based encryption scheme with hidden policy for smart medical cloud
CN109327304A (en) The lightweight homomorphic cryptography method of secret protection is realized in a kind of cloud computing
CN101321058B (en) Method and system for encoding and decoding digital message
CN105978689B (en) Secret key leakage resistant cloud data secure sharing method
Gennaro Randomness in cryptography
Smithamol et al. Hybrid solution for privacy-preserving access control for healthcare data
Zheng et al. Toward privacy-preserving healthcare monitoring based on time-series activities over cloud
Li et al. Fully homomorphic encryption with table lookup for privacy-preserving smart grid
Yang et al. Achieving privacy-preserving sensitive attributes for large universe based on private set intersection
Gentry et al. How to compress (reusable) garbled circuits
Huang et al. Privacy preserving IoT-based crowd-sensing network with comparable homomorphic encryption and its application in combating COVID19
Zuobin et al. P2HBT: Partially Policy Hidden E‐Healthcare System with Black‐Box Traceability
Yang et al. Simulation Study Based on Somewhat Homomorphic Encryption
CN112765669B (en) Regular language searchable encryption system based on time authorization
CN101321059B (en) Method and system for encoding and decoding digital message
Peng et al. A novel quantum solution to secure two-party distance computation
Shen et al. Secure access control for eHealth data in emergency rescue case based on traceable attribute-based encryption

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant