CN111526002B - Fully homomorphic encryption method for multiple identities based on lattice - Google Patents

Fully homomorphic encryption method for multiple identities based on lattice Download PDF

Info

Publication number
CN111526002B
CN111526002B CN202010578978.1A CN202010578978A CN111526002B CN 111526002 B CN111526002 B CN 111526002B CN 202010578978 A CN202010578978 A CN 202010578978A CN 111526002 B CN111526002 B CN 111526002B
Authority
CN
China
Prior art keywords
ciphertext
identity
matrix
user identity
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010578978.1A
Other languages
Chinese (zh)
Other versions
CN111526002A (en
Inventor
成玉丹
翁健
刘志全
马建峰
颉满刚
孙红亮
殷菊笠
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jinan University
Original Assignee
Jinan University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jinan University filed Critical Jinan University
Publication of CN111526002A publication Critical patent/CN111526002A/en
Application granted granted Critical
Publication of CN111526002B publication Critical patent/CN111526002B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/008Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters

Abstract

The invention discloses a multi-identity isomorphic encryption method based on grids, which comprises the following steps: initializing a system; extracting a user key: mapping the first user identity and the second user identity into a reversible matrix by using a full rank function, and generating a first private key corresponding to the first user identity and a second private key corresponding to the second user identity through vector operation; generating ciphertext: acquiring encryption selection of a first user identity, selecting a plaintext message to be encrypted, and encrypting to obtain a first ciphertext; decrypting the single identity: decrypting the first user identity through a first private key to obtain a plaintext message; identity conversion: converting the first ciphertext of the first user identity into a second ciphertext corresponding to the second user identity through an identity conversion algorithm; isomorphism evaluation: and (5) performing isomorphic operation on the ciphertext after identity conversion, and decrypting. The invention converts the encryption and decryption of the ciphertext with single identity into the encryption and decryption of a plurality of identity ciphertexts, and can realize correct isomorphic operation.

Description

Fully homomorphic encryption method for multiple identities based on lattice
Technical Field
The invention relates to the technical field of homomorphic encryption security, in particular to a homomorphic encryption method based on multiple identities of grids.
Background
Based on the multiplication homomorphism of the RSA public key cryptosystem, rivest et al [ Rivest R L, adleman L, denbouzos M L.on data banks and privacy homomorphisms [ J ]. Foundations of Secure Computation,1978:169-179 ] propose the concept of homomorphic encryption, namely, the operation on the plaintext is realized by executing the operation on the ciphertext without decrypting the ciphertext, and the result is consistent. The proposal of homomorphic encryption is widely paid attention to domestic and foreign scholars, but the proposal does not completely realize the homomorphic state and can not operate and process ciphertext for any times. The unique identity of the user is used as a public key based on the identity encryption system, the private key generation center generates the private key of the user by using the main private key of the system, and compared with the traditional public key encryption system, the identity encryption system can manage the secret key more effectively, and the secret key size is reduced. In order to reduce the key length of homomorphic encryption, researchers have combined the ideas of identity encryption and homomorphic encryption, and constructed an identity-based homomorphic encryption regime.
Based on the study of Gentry, scholars at home and abroad propose a plurality of improvement schemes. In 2017, shang Yongli et al [ Shang Yongli, hu Mingxing, liu, et al ] New identity-based isotactic encryption scheme [ J ]. Communicator, 2017,38 (5): 39-47 ] proposed a new identity-based isotactic encryption scheme. With the advent of confusion models, zhang Mingwu et al [ Zhang Mingwu, shen Hua, mu Yi ] virtual black box secure program confusion, model, progress and challenge [ J ]. Computer science report, 2017,40 (12) ] built a multi-identity, fully homomorphic encryption regime using a confusing machine based on confusion. The scheme provides a new identity-based isomorphic encryption scheme, but in actual life, the requirement of people on big data and cloud computing cannot be met at all for single identity operation.
Disclosure of Invention
The invention aims to overcome the defects and shortcomings of the prior art and provides a multi-identity full homomorphic encryption method based on grids.
The aim of the invention is achieved by the following technical scheme:
a lattice-based multi-identity isomorphic encryption method comprising the steps of:
initializing a system: firstly, generating a system public and private key;
extracting a user key: mapping the first user identity and the second user identity into a reversible matrix by using a full rank function, and generating a first private key corresponding to the first user identity and a second private key corresponding to the second user identity through vector operation;
generating ciphertext: acquiring encryption selection of a first user identity, selecting a plaintext message to be encrypted, and encrypting to obtain a first ciphertext;
decrypting the single identity: decrypting the first user identity through a first private key to obtain a plaintext message;
identity conversion: converting the first ciphertext of the first user identity into a second ciphertext corresponding to the second user identity through an identity conversion algorithm;
isomorphism evaluation: inputting a group of ciphertext after identity conversion, and decrypting after isomorphic operation.
Preferably, the system parameters are input, and two matrices are generated through a trapdoor generation algorithm, wherein one matrix is a trapdoor matrix, the trapdoor matrix is used as a system private key, and the other matrix is used as a system public key.
Further, in the system initializing step, the public-private key generation of the system includes the following sub-steps:
selecting uniform random momentArrayn-dimensional uniform random vector->
Trapdoor generation algorithm trapmen (1) n 1m, q, h), output matrixAnd its trapdoor matrix->Outputting a system public key mpk= (B, t), and a system private key msk=r; thereby generating a uniform random public and private key of the system;
wherein n, m,representing the dimension of the public and private key vector of the system, wherein the value of n is an integer and the range of n is more than or equal to 1, q represents the modulus, the value of n is an integer and the range of q is more than or equal to 2, m and->And n, q are in the relationship +.>O () represents the higher order infinitely small of a base-2 q logarithm where m is equal to n times, used here to calculate the number of rows and columns of the public key vector; k represents the upper integer of the logarithm of the base q of2, where the dimension +.>H is represented as a random invertible matrix->The random even distribution matrix can be generated by using the trapdoor generation algorithm, and public and private keys constructed by using the matrix are also randomly even distributed.
Preferably, in the step of extracting the user key, the private key obtaining of the user includes the following sub-steps:
using full rank coding functionsMapping user identity id to a reversible matrix +.>
Running left sampling function output vector e≡samplel (B, H) id G, R, t, σ) and such that the vector satisfies B id e=t, wherein
Order theOutput user identity key +.>
Where B and t represent the system public key,is the primitive matrix disclosed, w represents the column number of matrix G, and the expression is w=nk, H id A reversible matrix representing the identity of the user, +.>Representing a decimal user identity key vector, which is then converted into a binary user identity key v,/by the function Powersof2 ()>Is a system private key; the purpose of the left sampling function is here to produce a vector e with indistinguishable from a certain distributionThe output user identity private key is indistinguishable from certain distribution, so that the difficulty of the adversary in acquiring the private key is increased; the operation of the function Powersof2 () is as follows: for any->Vector a of dimensions, the following equation holds:
preferably, in the step of generating the ciphertext, the encryption method includes:
where μ ε {0,1} is the plaintext to be encrypted, C' represents the ciphertext obtained by encrypting the plaintext Wen once using the encryption algorithm constructed by the obfuscator, I N Is an N-dimensional identity matrix;
the function BitDecomp () operates as follows: for any oneThe vector a of the dimensions is defined as,wherein a is i,j Representation a i The j-th binary bit of the component; the operation of the function flat () is as follows: is provided with->There is flat (a') =bitdecomp (BitDecomp) -1 (a')), wherein the function BitDecomp -1 () Is operated as
Preferably, in the step of decrypting the single identity, the specific decryption step is as follows:
calculation ofOutput plaintext μ=x i /v[i];
Make sk id Let v, the first l coefficients of the known vector v be 1,2, …,2 l-1 Let v [ i ]]=2 i ∈(q/4,q/2],C i For the ith row of ciphertext C, obtain x i ←<C i ,v>。
Preferably, in the step of identity conversion, the step of converting the first ciphertext of the first user identity into the second ciphertext corresponding to the second user identity through an identity conversion algorithm is as follows:
ciphertext for inputting a first user identity idAnd passing the identity id of the first user through a coding functionMapping from binary to reversible matrix +.>
(1) If the identity before and after conversion is the same, i.e. id=id', then the ciphertext is outputVerifying whether the identities are the same or not, wherein an identity conversion algorithm is suitable for ciphertext conversion between different identities; otherwise, the following operation is carried out:
1) Calculating a reversible matrix of id' identities:
2) The identity id and the plaintext mu are calculated as follows:
a. randomly selected vectorRandom matrix->
b. Encrypting the plaintext mu by using an identity-based encryption algorithm IBE-Enc (), and obtaining a ciphertext for encrypting the plaintext of the first user identity once:
wherein MPK is the system public key of the encryption system, id is the user identity, mu E {0,1} is the encrypted plaintext, and the first ciphertext obtained after encryption is divided into two parts c 0 And
3) Executing the step in 2) for N times to obtain an N-dimensional ciphertext matrix with the identity of id, and using C' id To express:
4) Check if there is some plaintext p e {0,1} so that equation C id =Flatten(p·I N +BitDecomp(C' id ) If yes, outputting p, if not, outputting T;
where p represents whether there is some plaintext in the conversion process so that the conversion equation is true, equation C id =Flatten(p·I N +BitDecomp(C' id ) Representing ciphertext C to n dimensions i ' d Conversion to binary, I N The unit vector of the N dimension is represented, and when the T represents that the p does not exist, the output symbol of the algorithm is represented;
(2) And carrying out the following operation on the second user identity id ' and the plaintext mu ' E {0,1} which correspond to the converted user identity id ':
1) Randomly selected vectorRandom matrix->
2) Encrypting the plaintext mu' by using an identity-based encryption algorithm IBE-Enc (), and obtaining a ciphertext for encrypting the plaintext of the second user identity once: c'. i =(c' 0 ,c' i T )←IBE-Enc(MPK,id',μ'∈{0,1});
3) Executing the step in 2) N times to obtain an N-dimensional ciphertext matrix with identity of id ', and using C' id' To express:
4) Ciphertext C' is obtained by using plaintext p obtained in step (1) and 4) " id' Conversion to binary C' id' ,C' id' =Flatten(p·I N +BitDecomp(C” id' ));
(3) Output ciphertext C i ' d'
So far, the ciphertext with the first user identity as id is converted into the ciphertext with the second user identity as id'; through an identity conversion algorithm, the second user identity can firstly convert the ciphertext of the first user identity into the ciphertext of the second user identity, and then homomorphic evaluation operation is carried out instead of independently carrying out decryption operation on the ciphertext of the first user identity, so that decryption time is saved, and decryption efficiency is improved.
Preferably, in the isomorphism evaluation step, the step of performing full homomorphism operation by the user satisfying a plurality of different identities is as follows:
firstly, ciphertext C of different identities is converted into ciphertext C of the same identity through an identity conversion algorithm id
Then, the system public key MPK, boolean circuit f and ciphertext group (C) of the same identity are input into the isomorphic evaluation algorithm 1 ,C 2 ,…,C t ) The isomorphic evaluation algorithm outputs a new set of ciphertext C f Satisfies the requirement that for circuit set F, arbitrary f.epsilon.F, there is Dec (sk) id ,C f )=f(μ 1 ,…,μ t ) To facilitate the operation of sk id =v;
Homomorphism addition calculation formula is (C 1 +C 2 )v=(μ 12 )v+(z 1 ,z 2 );
Homomorphic multiplication formula (C) 1 C 2 )v=C 12 v+z 2 )=μ 21 v+z 1 )+C 1 z 2 =μ 1 μ 2 v mod q;
Wherein C is id Is ciphertext with user identity as id, C id' Is ciphertext with user identity as id', sk id For the private key of the user,representing fault tolerant vector->Expressed in distribution->N-dimensional fault-tolerant vector of random access +.>Represents a center of 0 and a standard deviation of +.>Normal distribution on [0,1 ]) +.>Discrete distribution on the substrate.
Compared with the prior art, the invention has the following advantages and beneficial effects:
1) The homomorphic encryption algorithm based on the multiple identities of the lattices converts encryption and decryption of ciphertext with single identity into encryption and decryption of ciphertext with multiple identities, and can realize correct homomorphic operation, thereby increasing the transmission quantity of data and improving the operation efficiency.
2) The scheme provided by the invention can carry out full homomorphic encryption and decryption on the messages with different identities, so that the calculation efficiency is improved.
Drawings
Fig. 1 is a schematic diagram of a server-client communication system architecture to which the homomorphic encryption method of the present invention is applied.
FIG. 2 is a flow chart of the multi-identity fully homomorphic encryption method based on the lattice of the present invention.
Detailed Description
For a better understanding of the technical solution of the present invention, examples provided by the present invention are described in detail below with reference to the accompanying drawings, but embodiments of the present invention are not limited thereto.
The embodiment of the invention solves the problems of small data transmission quantity and low efficiency in the prior art that homomorphic operation of ciphertext can only be carried out on a single user identity on a grid by providing the grid-based homomorphic encryption method of multiple identities.
The quantum computer is rapidly developed, the quantum algorithm is also greatly broken through, under the quantum computing model, the algorithm with polynomial time can solve the problem of difficulty under a code system assumed by classical number theory, so that a post-quantum code is generated, a lattice is a mathematical tool common to the constructed quantum code, namely, the code algorithm is constructed on a vector space with coefficients being integers to operate, and therefore, in the construction of the scheme, the generation of public and private keys and the operation are operated in vectors and matrixes.
The technical scheme in the embodiment of the invention aims to solve the problem that only a single identity can be subjected to ciphertext operation on the grid, and the overall thought is as follows:
generating a uniform random system public and private key, generating a user identity key with indistinguishability, encrypting a plaintext by using an identity-based encryption algorithm to obtain a ciphertext, executing an identity conversion algorithm to convert the ciphertext with a single identity into a ciphertext with multiple identities, and decrypting by using an homomorphic evaluation algorithm to obtain a plaintext, so that decryption time is saved, and the efficiency of the algorithm is improved.
Examples
The following describes the technical scheme of the present invention in detail with reference to fig. 1.
The technical scheme is applied to a server-client communication system, the client encrypts the plaintext information and then uploads the encrypted plaintext information to the server, and the server performs statistic operation on the ciphertext data. Communication between them may be either wireless or wired.
In the system initialization stage, a public and private key of a server side and an identity key of a client side are generated, the client R and the client S upload plaintext information of the client S to the server side through own system encryption, the client J needs to acquire ciphertext from the server, firstly converts the ciphertext into own ciphertext, and then decrypts the ciphertext to obtain plaintext.
The identity key of the client J as the decryption party is sk Jid Identity key sk of client R Rid The identity key of the client S is sk Sid
Step S1, firstly, generating server public and private keys MPK and MSK through the following algorithm, wherein the specific steps are as follows:
step S11, selecting a uniform random matrixn-dimensional uniform random vector->
Step S12, operation trapdoor generation algorithm TrapGen (1 n ,1 m Q, H), output matrixAnd its trapdoor matrix->Public key mpk= (B, t) and private key msk=r are output. Wherein n and q are each an integer n.gtoreq.1, q.gtoreq.gtoreq.2,/>And m are respectively represented as-> H is represented as a reversible matrix
Step S2, the identity key of the client J and the identity key of the clients R and S are extracted, and the specific steps are as follows:
step S21, utilizing full rank coding functionMapping the user identities Jid, rid and Sid into a reversible matrix H Jid ,H Rid ,H Sid
Step S22, running left sampling function output vector e Jid ←SampleL(B,H Jid G, R, t, σ) and such that the vector satisfies B Jid e Jid =t, whereLet->Output user Key +.>Wherein->Is the primitive matrix disclosed, w=nk,a trapdoor function generated for the trapdoor algorithm. The operation of the function Powersof2 () is as follows: for any->The vector a of the dimension has the following equation:
step S23, generating an identity private key sk of the client R, S in step S22 Rid ,sk Sid
Step S3, the client R, S encrypts the plaintext information to obtain the corresponding ciphertext, and the generated ciphertext is uploaded and stored to the server, wherein the specific steps are as follows:
step S31, plain text information mu of the client R Rid The encryption is performed, and the encryption mode related to the generation of the ciphertext is as follows:wherein mu Rid E {0,1} is the plaintext to be encrypted, C' Rid Representing the customer R versus plaintext μ Rid Encrypting the ciphertext obtained once, N represents the number of times the process is executed, I N Is an N-dimensional identity matrix. The function BitDecomp () operates as follows: for any->The vector a of the dimensions is defined as,wherein a is i,j Representation a i The j-th binary bit of the component. The operation of the function flat () is as follows: is provided with->There is flat (a') =bitdecomp (BitDecomp) -1 (a')), wherein the function BitDecomp -1 () Is operated as
Step S32, step S31 generates ciphertext C corresponding to plaintext information of client S Sid
And S4, decrypting the ciphertext of the client R and S to obtain a plaintext message.
Step S41, the client R calculates the following equation:
plaintext is mu Rid =x i /v Rid [i]. Wherein, to facilitate the operation, make sk Rid =v Rid Known vector v Rid The first l coefficients of (2) are 1,2, …,2 l-1 Let v [ i ]]=2 i ∈(q/4,q/2],C i Is ciphertext C Rid Is the ith row of (2) to obtain x i ←<C i ,v Rid >。
In step S42 and step S41, the client S may decrypt the ciphertext to obtain a corresponding plaintext.
Step S5, converting the ciphertext of the clients R, S into the ciphertext of the client J with the identity of Jid, wherein the specific steps are as follows:
step S51, inputting ciphertext of client RPassing the identity Rid of the client R through a coding functionMapping from binary to reversible matrix +.>And calculates the invertible matrix of the identity of the customer J
Step S52, randomly selecting vectorsRandom matrix->Plaintext mu for client R using identity-based encryption algorithm Rid Encryption is carried out by utilizing server-side public key MPK to obtain ciphertext
Step S53, executing the step S52N times to obtain a ciphertext matrix of the client R:
step S54, checking whether a plaintext p E {0,1} exists, so that the following equation is established: c (C) Rid =Flatten(p·I N +BitDecomp(C' Rid ) If present, output p, if not present, output t.
Step S55, randomly selecting vectorsRandom matrix->Plaintext mu for client J using identity-based encryption algorithm Jid Encryption is carried out by utilizing server-side public key MPK to obtain ciphertext
Step S56, executing the step S55N times to obtain a ciphertext matrix of the client J:
step S57, using the plaintext p obtained in step S54, and ciphertext C' Jid Conversion to binary C id1 ,C id1 =Flatten(p·I N +BitDec omp (C' Jid ))。
Step S58, outputting the ciphertext C converted by the client R id1
Step S59, similarly, the ciphertext of the client S can be converted into the ciphertext corresponding to the identity id of the client J, and the ciphertext is recorded as C id2
In the step S6, in the isomorphism evaluation step, users meeting a plurality of different identities perform full homomorphism operation and can decrypt correctly, and the specific steps are as follows:
step S61, step 5 the ciphertext of the client R, S is convertedCiphertext C corresponding to identity id of client J id1 ,C id2
Step S62, inputting the master public key MPK, the Boolean circuit f and the converted ciphertext group C of the doctor into the isomorphic evaluation algorithm f =(C id1 ,C id2 ) For the circuit set F, there is Dec (sk) id ,C f )=f(μ 1 ,…,μ t ) To facilitate the operation of sk id =v。
Step S63, homomorphism addition calculation formula is (C id1 +C id2 )v id =(μ RidSid )v id +(z Rid ,z Sid )。
Step S64, homomorphic multiplication calculation is
(C id1 C id2 )v id =C id1Sid v id +z Sid )=μ SidRid v id +z Rid )+C id1 z Rid =μ Rid μ Sid v id mod q。
Wherein z is Rid ,z Sid Fault tolerant vectors representing clients R and S satisfyingA distribution, the distribution being represented byN-dimensional fault-tolerant vector of random access +.>Represents a center of 0 and a standard deviation of +.>Normal distribution on [0,1 ]) +.>Discrete distribution on the substrate.
In the embodiment, a uniform random system public and private key is generated through a trapdoor function, a user identity key with indistinguishability is generated by adopting a left sampling algorithm, a plaintext is encrypted by utilizing an identity-based encryption algorithm to obtain a ciphertext, an identity conversion algorithm is executed to convert the ciphertext with a single identity into a ciphertext with multiple identities, then an isomorphic evaluation algorithm is executed to decrypt the ciphertext to obtain a plaintext, decryption time is saved, and algorithm efficiency is improved. In the method of the embodiment, the decryption party can decrypt the ciphertext with multiple identities, and the performance analysis shows that the method is superior to the existing scheme in efficiency and performance. The invention provides an application method of the full homomorphic encryption algorithm with multiple identities on the grid for communication between users, increases the transmission quantity of information, improves the transmission speed, and meets the requirements of the existing big data society.
The above examples are preferred embodiments of the present invention, but the embodiments of the present invention are not limited to the above examples, and any other changes, modifications, substitutions, combinations, and simplifications that do not depart from the spirit and principle of the present invention should be made in the equivalent manner, and the embodiments are included in the protection scope of the present invention.

Claims (6)

1. A lattice-based multi-identity isomorphic encryption method, comprising the steps of:
initializing a system: firstly, generating a system public and private key;
extracting a user key: mapping the first user identity and the second user identity into a reversible matrix by using a full rank function, and generating a first private key corresponding to the first user identity and a second private key corresponding to the second user identity through vector operation;
generating ciphertext: acquiring encryption selection of a first user identity, selecting a plaintext message to be encrypted, and encrypting to obtain a first ciphertext;
decrypting the single identity: decrypting the first user identity through a first private key to obtain a plaintext message;
identity conversion: converting the first ciphertext of the first user identity into a second ciphertext corresponding to the second user identity through an identity conversion algorithm;
isomorphism evaluation: inputting a group of ciphertext after identity conversion, and decrypting after isomorphic operation;
in the step of generating the ciphertext, the encryption mode is as follows:
where μ ε {0,1} is the plaintext to be encrypted, C' represents the ciphertext obtained by encrypting the plaintext Wen once using the encryption algorithm constructed by the obfuscator, I N Is an N-dimensional identity matrix;
the function BitDecomp () operates as follows: for any oneThe vector a of the dimensions is defined as,wherein a is i,j Representation a i The j-th binary bit of the component; the operation of the function flat () is as follows: is provided with->There is flat (a') =bitdecomp (BitDecomp) -1 (a')), wherein the function BitDecomp -1 () Is operated as
In the step of identity conversion, the step of converting the first ciphertext of the first user identity into the second ciphertext corresponding to the second user identity through an identity conversion algorithm is as follows:
ciphertext for inputting a first user identity idAnd passing the identity id of the first user through a coding functionMapping from binary to invertible matrix/>Wherein N represents the ciphertext matrix C of the identity id id Is the number of rows and columns, q represents->Modulus of (a);
(1) If the identity before and after conversion is the same, i.e. id=id', then the ciphertext is outputOtherwise, the following operation is carried out:
1) Calculating a reversible matrix of id' identities:
2) The identity id and the plaintext mu are calculated as follows:
a. randomly selected vectorRandom matrix->Wherein (1)>Representation matrix->W represents the number of columns of matrix G;
b. encrypting the plaintext mu by using an identity-based encryption algorithm IBE-Enc (), and obtaining a ciphertext for encrypting the plaintext of the first user identity once:wherein c 0 And->Is a ciphertext component, jointly forms ciphertext C i
Wherein MPK is the system public key of the encryption system, id is the user identity, mu E {0,1} is the encrypted plaintext, and the first ciphertext obtained after encryption is divided into two parts c 0 And
3) Executing the step in 2) for N times to obtain an N-dimensional ciphertext matrix with the identity of id, and using C' id To express:
4) Check if there is some plaintext p e {0,1} so that equation C id =Flatten(p·I N +BitDecomp(C' id ) If yes, outputting p, if not, outputting T;
where p represents whether there is some plaintext in the conversion process so that the conversion equation is true, equation C id =Flatten(p·I N +BitDecomp(C' id ) Represents ciphertext C 'in n dimensions' id Conversion to binary, I N The unit vector of the N dimension is represented, and when the T represents that the p does not exist, the output symbol of the algorithm is represented;
(2) And carrying out the following operation on the second user identity id ' and the plaintext mu ' E {0,1} which correspond to the converted user identity id ':
1) Randomly selected vectorRandom matrix->
2) Encrypting the plaintext mu' by using an identity-based encryption algorithm IBE-Enc (), and obtaining a ciphertext for encrypting the plaintext of the second user identity once:wherein c' 0 And->Is a ciphertext component, which jointly forms ciphertext C' i
3) Executing the step in 2) N times to obtain an N-dimensional ciphertext matrix with identity of id ', and using C' id' To express:
4) Ciphertext C' is obtained by using plaintext p obtained in step (1) and 4) " id' Conversion to binary C' id' ,C' id' =Flatten(p·I N +BitDecomp(C” id' ));
(3) Output ciphertext C' id'
So far, the ciphertext with the first user identity as id is converted into the ciphertext with the second user identity as id'.
2. The isomorphic encryption method of claim 1, characterized in that the system parameters are input and two matrices are generated by a trapdoor generation algorithm, one of which is a trapdoor matrix, the trapdoor matrix being the system private key and the other being the system public key.
3. The isomorphic encryption method according to claim 2, characterized in that in the system initialization step, the public-private key generation of the system comprises the sub-steps of:
selecting a uniform random matrixn-dimensional uniform random vector->
Trapdoor generation algorithm trapmen (1) n ,1 m ,qH), output matrixAnd trapdoor matrix thereofOutputting a system public key mpk= (B, t), and a system private key msk=r;
wherein n, m,representing the dimension of the public and private key vector of the system, wherein the value of n is an integer and the range of n is more than or equal to 1, q represents the modulus, the value of n is an integer and the range of q is more than or equal to 2, m and->And n and q are m=o (nlbq), respectively>O () represents the higher order infinitely small of a base-2 q logarithm where m is equal to n times, used here to calculate the number of rows and columns of the public key vector; k represents the upper integer of the logarithm of the base q of2, where the dimension +.>H is represented as a random invertible matrix->The random even distribution matrix can be generated by using the trapdoor generation algorithm, and public and private keys constructed by using the matrix are also randomly even distributed.
4. The isomorphic encryption method according to claim 1, characterized in that in the step of extracting the user key, the private key of the user is obtained by the sub-steps of:
using full rank coding functionsMapping user identity id to a reversible matrix +.>
Running left sampling function output vector e≡samplel (B, H) id G, R, t, σ) and such that the vector satisfies B id e=t, whereinWherein m represents matrix B id The number of columns of (a);
order theOutput user identity key +.>
Where B and t represent the system public key,is the primitive matrix disclosed, w represents the column number of matrix G, and the expression is w=nk, H id A reversible matrix representing the identity of the user, +.>Representing a decimal user identity key vector, which is then converted into a binary user identity key v,/by the function Powersof2 ()>Is a system private key; the operation of the function Powersof2 () is as follows: for any->Vector a of dimensions, the following equation holds:
5. the isomorphic encryption method of claim 1, wherein in the decrypting single identity step, the specific decrypting step is:
calculation ofOutput plaintext μ=x i /v[i]The method comprises the steps of carrying out a first treatment on the surface of the Wherein Cv represents the multiplication of ciphertext C with user private key v, < >>The user identity key vector is decimal, and v is binary;
make sk id =v, where sk id A private key for the user; the first l coefficients of the vector v are known to be 1,2, …,2 l-1 Let v [ i ]]=2 i ∈(q/4,q/2],C i For the ith row of ciphertext C, obtain x i ←<C i ,v>。
6. The isomorphic encryption method according to claim 1, characterized in that, in the isomorphic evaluation step, the user satisfying a plurality of different identities performs the homomorphic operation steps as follows:
firstly, ciphertext C of different identities is converted into ciphertext C of the same identity through an identity conversion algorithm id
Then, the system public key MPK, boolean circuit f and ciphertext group (C) of the same identity are input into the isomorphic evaluation algorithm 1 ,C 2 ,…,C t ) The isomorphic evaluation algorithm outputs a new set of ciphertext C f Satisfies the requirement that for circuit set F, arbitrary f.epsilon.F, there is Dec (sk) id ,C f )=f(μ 1 ,…,μ t ) Wherein μ is 1 Represents the first plaintext, μ, after decryption t Represents the t-th plaintext after decryption, to facilitate the calculation of sk id =v;
Homomorphism addition calculation formula is (C 1 +C 2 )v=(μ 12 )v+(z 1 ,z 2 );
Homomorphic multiplication formula (C) 1 C 2 )v=C 12 v+z 2 )=μ 21 v+z 1 )+C 1 z 2 =μ 1 μ 2 vmodq;
Wherein C is id Is ciphertext with user identity as id, C id' Is ciphertext with user identity as id', sk id C is the private key of the user 1 v=μ 1 v+z 1 ,C 2 v=μ 2 v+z 2Representing fault tolerant vector->Expressed in distribution->N-dimensional fault-tolerant vector of random access +.>Represents a center of 0 and a standard deviation of +.>Normal distribution on [0,1 ]) +.>Discrete distribution on the substrate.
CN202010578978.1A 2019-11-18 2020-06-23 Fully homomorphic encryption method for multiple identities based on lattice Active CN111526002B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN2019111256940 2019-11-18
CN201911125694 2019-11-18

Publications (2)

Publication Number Publication Date
CN111526002A CN111526002A (en) 2020-08-11
CN111526002B true CN111526002B (en) 2023-11-14

Family

ID=71910171

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010578978.1A Active CN111526002B (en) 2019-11-18 2020-06-23 Fully homomorphic encryption method for multiple identities based on lattice

Country Status (1)

Country Link
CN (1) CN111526002B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112016120B (en) * 2020-08-26 2024-03-26 支付宝(杭州)信息技术有限公司 Event prediction method and device based on user privacy protection
CN112039653B (en) * 2020-08-28 2021-09-28 西安电子科技大学 Cloud outsourcing data encryption and decryption method based on neural network activation unit
CN112073172B (en) * 2020-09-02 2021-11-05 北京邮电大学 Grid identity-based dual-receiver fully homomorphic encryption method and system
CN112929153B (en) * 2021-02-23 2022-07-22 上海麟羿信息科技有限公司 Data multi-stage encryption system and method based on complete homomorphic encryption
CN113204755B (en) * 2021-04-20 2022-10-14 重庆工业职业技术学院 Data capture method for block chain big data security
CN114422107B (en) * 2022-03-31 2022-06-17 四川高速公路建设开发集团有限公司 Fault-tolerant ciphertext data aggregation method based on intelligent engineering construction system platform

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105933102A (en) * 2016-04-06 2016-09-07 重庆大学 Identity-based and hidden matrix-constructed fully homomorphic encryption method
CN106788963A (en) * 2017-01-05 2017-05-31 河南理工大学 A kind of full homomorphic cryptography method of identity-based on improved lattice
CN109831297A (en) * 2019-01-24 2019-05-31 中国人民武装警察部队工程大学 A kind of full homomorphic cryptography method of more identity for supporting thresholding to decrypt

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10333696B2 (en) * 2015-01-12 2019-06-25 X-Prime, Inc. Systems and methods for implementing an efficient, scalable homomorphic transformation of encrypted data with minimal data expansion and improved processing efficiency
EP3166251B1 (en) * 2015-11-09 2020-10-28 Certsign S.A. Fully homomorphic encryption from monoid algebras

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105933102A (en) * 2016-04-06 2016-09-07 重庆大学 Identity-based and hidden matrix-constructed fully homomorphic encryption method
CN106788963A (en) * 2017-01-05 2017-05-31 河南理工大学 A kind of full homomorphic cryptography method of identity-based on improved lattice
CN109831297A (en) * 2019-01-24 2019-05-31 中国人民武装警察部队工程大学 A kind of full homomorphic cryptography method of more identity for supporting thresholding to decrypt

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
汤永利 ; 胡明星 ; 叶青 ; 秦攀科 ; 于金霞 ; ."改进的格上基于多身份全同态加密方案".《北京邮电大学学报》.2018,(01),参见正文第2-3节. *

Also Published As

Publication number Publication date
CN111526002A (en) 2020-08-11

Similar Documents

Publication Publication Date Title
CN111526002B (en) Fully homomorphic encryption method for multiple identities based on lattice
JP4859933B2 (en) Ciphertext generation apparatus, cryptographic communication system, and group parameter generation apparatus
CN110233730B (en) Privacy information protection method based on K-means clustering
TW202013927A (en) Post-quantum asymmetric key generation method and system, encryption method, decryption method, and encrypted communication system based on prime array
CN104320393B (en) The controllable efficient attribute base proxy re-encryption method of re-encryption
CN110635909B (en) Attribute-based collusion attack resistant proxy re-encryption method
WO1997031448A1 (en) Communication method using common key
CN110138543B (en) Blind signcryption method under lattice public key cryptosystem
CN106788963B (en) Improved identity-based full homomorphic encryption method on lattice
CN109981265B (en) Identity-based ciphertext equivalence determination method without using bilinear pairings
CN107425955B (en) High-efficiency fixable-dimension trap door derived lattice upper identity base hierarchical encryption method
CN105933101B (en) A kind of full homomorphic cryptography public key compression method based on the offset of parameter high order
CN113162751A (en) Encryption method and system with homomorphism adding function and readable storage medium
CN113660226A (en) Energy data credible sharing system and method based on block chain
CN112152779A (en) Lattice-based homomorphic proxy re-encryption method for resisting strong collusion attack
Zhao et al. Quantum-safe HIBE: does it cost a Latte?
Mittal et al. A quantum secure ID-based cryptographic encryption based on group rings
Ma et al. Lattice-based identity-based homomorphic conditional proxy re-encryption for secure big data computing in cloud environment
Wei et al. Cost-effective and scalable data sharing in cloud storage using hierarchical attribute-based encryption with forward security
CN110247761B (en) Ciphertext strategy attribute encryption method supporting attribute revocation in lattice manner
CN112468284A (en) SHE-based secure outsourcing method
CN110460442B (en) Grid-based key encapsulation method
Nayak et al. SEMKC: secure and efficient computation over outsourced data encrypted under multiple keys
CN107425972B (en) Graded encryption method based on identity
CN111817853A (en) Signcryption algorithm for post-quantum security

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant