CN111526002B - Fully homomorphic encryption method for multiple identities based on lattice - Google Patents
Fully homomorphic encryption method for multiple identities based on lattice Download PDFInfo
- Publication number
- CN111526002B CN111526002B CN202010578978.1A CN202010578978A CN111526002B CN 111526002 B CN111526002 B CN 111526002B CN 202010578978 A CN202010578978 A CN 202010578978A CN 111526002 B CN111526002 B CN 111526002B
- Authority
- CN
- China
- Prior art keywords
- ciphertext
- identity
- matrix
- user identity
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 24
- 239000011159 matrix material Substances 0.000 claims abstract description 48
- 239000013598 vector Substances 0.000 claims abstract description 40
- 238000006243 chemical reaction Methods 0.000 claims abstract description 31
- 238000011156 evaluation Methods 0.000 claims abstract description 14
- 230000002441 reversible effect Effects 0.000 claims abstract description 13
- 238000013507 mapping Methods 0.000 claims abstract description 9
- 238000004364 calculation method Methods 0.000 claims description 8
- 238000005070 sampling Methods 0.000 claims description 5
- 239000000758 substrate Substances 0.000 claims description 3
- 230000005540 biological transmission Effects 0.000 description 4
- 238000004891 communication Methods 0.000 description 4
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 102200058924 rs121909542 Human genes 0.000 description 1
- 102220221501 rs143229915 Human genes 0.000 description 1
- 239000010117 shenhua Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/008—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3006—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
Abstract
The invention discloses a multi-identity isomorphic encryption method based on grids, which comprises the following steps: initializing a system; extracting a user key: mapping the first user identity and the second user identity into a reversible matrix by using a full rank function, and generating a first private key corresponding to the first user identity and a second private key corresponding to the second user identity through vector operation; generating ciphertext: acquiring encryption selection of a first user identity, selecting a plaintext message to be encrypted, and encrypting to obtain a first ciphertext; decrypting the single identity: decrypting the first user identity through a first private key to obtain a plaintext message; identity conversion: converting the first ciphertext of the first user identity into a second ciphertext corresponding to the second user identity through an identity conversion algorithm; isomorphism evaluation: and (5) performing isomorphic operation on the ciphertext after identity conversion, and decrypting. The invention converts the encryption and decryption of the ciphertext with single identity into the encryption and decryption of a plurality of identity ciphertexts, and can realize correct isomorphic operation.
Description
Technical Field
The invention relates to the technical field of homomorphic encryption security, in particular to a homomorphic encryption method based on multiple identities of grids.
Background
Based on the multiplication homomorphism of the RSA public key cryptosystem, rivest et al [ Rivest R L, adleman L, denbouzos M L.on data banks and privacy homomorphisms [ J ]. Foundations of Secure Computation,1978:169-179 ] propose the concept of homomorphic encryption, namely, the operation on the plaintext is realized by executing the operation on the ciphertext without decrypting the ciphertext, and the result is consistent. The proposal of homomorphic encryption is widely paid attention to domestic and foreign scholars, but the proposal does not completely realize the homomorphic state and can not operate and process ciphertext for any times. The unique identity of the user is used as a public key based on the identity encryption system, the private key generation center generates the private key of the user by using the main private key of the system, and compared with the traditional public key encryption system, the identity encryption system can manage the secret key more effectively, and the secret key size is reduced. In order to reduce the key length of homomorphic encryption, researchers have combined the ideas of identity encryption and homomorphic encryption, and constructed an identity-based homomorphic encryption regime.
Based on the study of Gentry, scholars at home and abroad propose a plurality of improvement schemes. In 2017, shang Yongli et al [ Shang Yongli, hu Mingxing, liu, et al ] New identity-based isotactic encryption scheme [ J ]. Communicator, 2017,38 (5): 39-47 ] proposed a new identity-based isotactic encryption scheme. With the advent of confusion models, zhang Mingwu et al [ Zhang Mingwu, shen Hua, mu Yi ] virtual black box secure program confusion, model, progress and challenge [ J ]. Computer science report, 2017,40 (12) ] built a multi-identity, fully homomorphic encryption regime using a confusing machine based on confusion. The scheme provides a new identity-based isomorphic encryption scheme, but in actual life, the requirement of people on big data and cloud computing cannot be met at all for single identity operation.
Disclosure of Invention
The invention aims to overcome the defects and shortcomings of the prior art and provides a multi-identity full homomorphic encryption method based on grids.
The aim of the invention is achieved by the following technical scheme:
a lattice-based multi-identity isomorphic encryption method comprising the steps of:
initializing a system: firstly, generating a system public and private key;
extracting a user key: mapping the first user identity and the second user identity into a reversible matrix by using a full rank function, and generating a first private key corresponding to the first user identity and a second private key corresponding to the second user identity through vector operation;
generating ciphertext: acquiring encryption selection of a first user identity, selecting a plaintext message to be encrypted, and encrypting to obtain a first ciphertext;
decrypting the single identity: decrypting the first user identity through a first private key to obtain a plaintext message;
identity conversion: converting the first ciphertext of the first user identity into a second ciphertext corresponding to the second user identity through an identity conversion algorithm;
isomorphism evaluation: inputting a group of ciphertext after identity conversion, and decrypting after isomorphic operation.
Preferably, the system parameters are input, and two matrices are generated through a trapdoor generation algorithm, wherein one matrix is a trapdoor matrix, the trapdoor matrix is used as a system private key, and the other matrix is used as a system public key.
Further, in the system initializing step, the public-private key generation of the system includes the following sub-steps:
selecting uniform random momentArrayn-dimensional uniform random vector->
Trapdoor generation algorithm trapmen (1) n 1m, q, h), output matrixAnd its trapdoor matrix->Outputting a system public key mpk= (B, t), and a system private key msk=r; thereby generating a uniform random public and private key of the system;
wherein n, m,representing the dimension of the public and private key vector of the system, wherein the value of n is an integer and the range of n is more than or equal to 1, q represents the modulus, the value of n is an integer and the range of q is more than or equal to 2, m and->And n, q are in the relationship +.>O () represents the higher order infinitely small of a base-2 q logarithm where m is equal to n times, used here to calculate the number of rows and columns of the public key vector; k represents the upper integer of the logarithm of the base q of2, where the dimension +.>H is represented as a random invertible matrix->The random even distribution matrix can be generated by using the trapdoor generation algorithm, and public and private keys constructed by using the matrix are also randomly even distributed.
Preferably, in the step of extracting the user key, the private key obtaining of the user includes the following sub-steps:
using full rank coding functionsMapping user identity id to a reversible matrix +.>
Running left sampling function output vector e≡samplel (B, H) id G, R, t, σ) and such that the vector satisfies B id e=t, wherein
Order theOutput user identity key +.>
Where B and t represent the system public key,is the primitive matrix disclosed, w represents the column number of matrix G, and the expression is w=nk, H id A reversible matrix representing the identity of the user, +.>Representing a decimal user identity key vector, which is then converted into a binary user identity key v,/by the function Powersof2 ()>Is a system private key; the purpose of the left sampling function is here to produce a vector e with indistinguishable from a certain distributionThe output user identity private key is indistinguishable from certain distribution, so that the difficulty of the adversary in acquiring the private key is increased; the operation of the function Powersof2 () is as follows: for any->Vector a of dimensions, the following equation holds:
preferably, in the step of generating the ciphertext, the encryption method includes:
where μ ε {0,1} is the plaintext to be encrypted, C' represents the ciphertext obtained by encrypting the plaintext Wen once using the encryption algorithm constructed by the obfuscator, I N Is an N-dimensional identity matrix;
the function BitDecomp () operates as follows: for any oneThe vector a of the dimensions is defined as,wherein a is i,j Representation a i The j-th binary bit of the component; the operation of the function flat () is as follows: is provided with->There is flat (a') =bitdecomp (BitDecomp) -1 (a')), wherein the function BitDecomp -1 () Is operated as
Preferably, in the step of decrypting the single identity, the specific decryption step is as follows:
calculation ofOutput plaintext μ=x i /v[i];
Make sk id Let v, the first l coefficients of the known vector v be 1,2, …,2 l-1 Let v [ i ]]=2 i ∈(q/4,q/2],C i For the ith row of ciphertext C, obtain x i ←<C i ,v>。
Preferably, in the step of identity conversion, the step of converting the first ciphertext of the first user identity into the second ciphertext corresponding to the second user identity through an identity conversion algorithm is as follows:
ciphertext for inputting a first user identity idAnd passing the identity id of the first user through a coding functionMapping from binary to reversible matrix +.>
(1) If the identity before and after conversion is the same, i.e. id=id', then the ciphertext is outputVerifying whether the identities are the same or not, wherein an identity conversion algorithm is suitable for ciphertext conversion between different identities; otherwise, the following operation is carried out:
1) Calculating a reversible matrix of id' identities:
2) The identity id and the plaintext mu are calculated as follows:
a. randomly selected vectorRandom matrix->
b. Encrypting the plaintext mu by using an identity-based encryption algorithm IBE-Enc (), and obtaining a ciphertext for encrypting the plaintext of the first user identity once:
wherein MPK is the system public key of the encryption system, id is the user identity, mu E {0,1} is the encrypted plaintext, and the first ciphertext obtained after encryption is divided into two parts c 0 And
3) Executing the step in 2) for N times to obtain an N-dimensional ciphertext matrix with the identity of id, and using C' id To express:
4) Check if there is some plaintext p e {0,1} so that equation C id =Flatten(p·I N +BitDecomp(C' id ) If yes, outputting p, if not, outputting T;
where p represents whether there is some plaintext in the conversion process so that the conversion equation is true, equation C id =Flatten(p·I N +BitDecomp(C' id ) Representing ciphertext C to n dimensions i ' d Conversion to binary, I N The unit vector of the N dimension is represented, and when the T represents that the p does not exist, the output symbol of the algorithm is represented;
(2) And carrying out the following operation on the second user identity id ' and the plaintext mu ' E {0,1} which correspond to the converted user identity id ':
1) Randomly selected vectorRandom matrix->
2) Encrypting the plaintext mu' by using an identity-based encryption algorithm IBE-Enc (), and obtaining a ciphertext for encrypting the plaintext of the second user identity once: c'. i =(c' 0 ,c' i T )←IBE-Enc(MPK,id',μ'∈{0,1});
3) Executing the step in 2) N times to obtain an N-dimensional ciphertext matrix with identity of id ', and using C' id' To express:
4) Ciphertext C' is obtained by using plaintext p obtained in step (1) and 4) " id' Conversion to binary C' id' ,C' id' =Flatten(p·I N +BitDecomp(C” id' ));
(3) Output ciphertext C i ' d' ;
So far, the ciphertext with the first user identity as id is converted into the ciphertext with the second user identity as id'; through an identity conversion algorithm, the second user identity can firstly convert the ciphertext of the first user identity into the ciphertext of the second user identity, and then homomorphic evaluation operation is carried out instead of independently carrying out decryption operation on the ciphertext of the first user identity, so that decryption time is saved, and decryption efficiency is improved.
Preferably, in the isomorphism evaluation step, the step of performing full homomorphism operation by the user satisfying a plurality of different identities is as follows:
firstly, ciphertext C of different identities is converted into ciphertext C of the same identity through an identity conversion algorithm id ;
Then, the system public key MPK, boolean circuit f and ciphertext group (C) of the same identity are input into the isomorphic evaluation algorithm 1 ,C 2 ,…,C t ) The isomorphic evaluation algorithm outputs a new set of ciphertext C f Satisfies the requirement that for circuit set F, arbitrary f.epsilon.F, there is Dec (sk) id ,C f )=f(μ 1 ,…,μ t ) To facilitate the operation of sk id =v;
Homomorphism addition calculation formula is (C 1 +C 2 )v=(μ 1 +μ 2 )v+(z 1 ,z 2 );
Homomorphic multiplication formula (C) 1 C 2 )v=C 1 (μ 2 v+z 2 )=μ 2 (μ 1 v+z 1 )+C 1 z 2 =μ 1 μ 2 v mod q;
Wherein C is id Is ciphertext with user identity as id, C id' Is ciphertext with user identity as id', sk id For the private key of the user,representing fault tolerant vector->Expressed in distribution->N-dimensional fault-tolerant vector of random access +.>Represents a center of 0 and a standard deviation of +.>Normal distribution on [0,1 ]) +.>Discrete distribution on the substrate.
Compared with the prior art, the invention has the following advantages and beneficial effects:
1) The homomorphic encryption algorithm based on the multiple identities of the lattices converts encryption and decryption of ciphertext with single identity into encryption and decryption of ciphertext with multiple identities, and can realize correct homomorphic operation, thereby increasing the transmission quantity of data and improving the operation efficiency.
2) The scheme provided by the invention can carry out full homomorphic encryption and decryption on the messages with different identities, so that the calculation efficiency is improved.
Drawings
Fig. 1 is a schematic diagram of a server-client communication system architecture to which the homomorphic encryption method of the present invention is applied.
FIG. 2 is a flow chart of the multi-identity fully homomorphic encryption method based on the lattice of the present invention.
Detailed Description
For a better understanding of the technical solution of the present invention, examples provided by the present invention are described in detail below with reference to the accompanying drawings, but embodiments of the present invention are not limited thereto.
The embodiment of the invention solves the problems of small data transmission quantity and low efficiency in the prior art that homomorphic operation of ciphertext can only be carried out on a single user identity on a grid by providing the grid-based homomorphic encryption method of multiple identities.
The quantum computer is rapidly developed, the quantum algorithm is also greatly broken through, under the quantum computing model, the algorithm with polynomial time can solve the problem of difficulty under a code system assumed by classical number theory, so that a post-quantum code is generated, a lattice is a mathematical tool common to the constructed quantum code, namely, the code algorithm is constructed on a vector space with coefficients being integers to operate, and therefore, in the construction of the scheme, the generation of public and private keys and the operation are operated in vectors and matrixes.
The technical scheme in the embodiment of the invention aims to solve the problem that only a single identity can be subjected to ciphertext operation on the grid, and the overall thought is as follows:
generating a uniform random system public and private key, generating a user identity key with indistinguishability, encrypting a plaintext by using an identity-based encryption algorithm to obtain a ciphertext, executing an identity conversion algorithm to convert the ciphertext with a single identity into a ciphertext with multiple identities, and decrypting by using an homomorphic evaluation algorithm to obtain a plaintext, so that decryption time is saved, and the efficiency of the algorithm is improved.
Examples
The following describes the technical scheme of the present invention in detail with reference to fig. 1.
The technical scheme is applied to a server-client communication system, the client encrypts the plaintext information and then uploads the encrypted plaintext information to the server, and the server performs statistic operation on the ciphertext data. Communication between them may be either wireless or wired.
In the system initialization stage, a public and private key of a server side and an identity key of a client side are generated, the client R and the client S upload plaintext information of the client S to the server side through own system encryption, the client J needs to acquire ciphertext from the server, firstly converts the ciphertext into own ciphertext, and then decrypts the ciphertext to obtain plaintext.
The identity key of the client J as the decryption party is sk Jid Identity key sk of client R Rid The identity key of the client S is sk Sid 。
Step S1, firstly, generating server public and private keys MPK and MSK through the following algorithm, wherein the specific steps are as follows:
step S11, selecting a uniform random matrixn-dimensional uniform random vector->
Step S12, operation trapdoor generation algorithm TrapGen (1 n ,1 m Q, H), output matrixAnd its trapdoor matrix->Public key mpk= (B, t) and private key msk=r are output. Wherein n and q are each an integer n.gtoreq.1, q.gtoreq.gtoreq.2,/>And m are respectively represented as-> H is represented as a reversible matrix
Step S2, the identity key of the client J and the identity key of the clients R and S are extracted, and the specific steps are as follows:
step S21, utilizing full rank coding functionMapping the user identities Jid, rid and Sid into a reversible matrix H Jid ,H Rid ,H Sid ;
Step S22, running left sampling function output vector e Jid ←SampleL(B,H Jid G, R, t, σ) and such that the vector satisfies B Jid e Jid =t, whereLet->Output user Key +.>Wherein->Is the primitive matrix disclosed, w=nk,a trapdoor function generated for the trapdoor algorithm. The operation of the function Powersof2 () is as follows: for any->The vector a of the dimension has the following equation:
step S23, generating an identity private key sk of the client R, S in step S22 Rid ,sk Sid 。
Step S3, the client R, S encrypts the plaintext information to obtain the corresponding ciphertext, and the generated ciphertext is uploaded and stored to the server, wherein the specific steps are as follows:
step S31, plain text information mu of the client R Rid The encryption is performed, and the encryption mode related to the generation of the ciphertext is as follows:wherein mu Rid E {0,1} is the plaintext to be encrypted, C' Rid Representing the customer R versus plaintext μ Rid Encrypting the ciphertext obtained once, N represents the number of times the process is executed, I N Is an N-dimensional identity matrix. The function BitDecomp () operates as follows: for any->The vector a of the dimensions is defined as,wherein a is i,j Representation a i The j-th binary bit of the component. The operation of the function flat () is as follows: is provided with->There is flat (a') =bitdecomp (BitDecomp) -1 (a')), wherein the function BitDecomp -1 () Is operated as
Step S32, step S31 generates ciphertext C corresponding to plaintext information of client S Sid 。
And S4, decrypting the ciphertext of the client R and S to obtain a plaintext message.
Step S41, the client R calculates the following equation:
plaintext is mu Rid =x i /v Rid [i]. Wherein, to facilitate the operation, make sk Rid =v Rid Known vector v Rid The first l coefficients of (2) are 1,2, …,2 l-1 Let v [ i ]]=2 i ∈(q/4,q/2],C i Is ciphertext C Rid Is the ith row of (2) to obtain x i ←<C i ,v Rid >。
In step S42 and step S41, the client S may decrypt the ciphertext to obtain a corresponding plaintext.
Step S5, converting the ciphertext of the clients R, S into the ciphertext of the client J with the identity of Jid, wherein the specific steps are as follows:
step S51, inputting ciphertext of client RPassing the identity Rid of the client R through a coding functionMapping from binary to reversible matrix +.>And calculates the invertible matrix of the identity of the customer J
Step S52, randomly selecting vectorsRandom matrix->Plaintext mu for client R using identity-based encryption algorithm Rid Encryption is carried out by utilizing server-side public key MPK to obtain ciphertext
Step S53, executing the step S52N times to obtain a ciphertext matrix of the client R:
step S54, checking whether a plaintext p E {0,1} exists, so that the following equation is established: c (C) Rid =Flatten(p·I N +BitDecomp(C' Rid ) If present, output p, if not present, output t.
Step S55, randomly selecting vectorsRandom matrix->Plaintext mu for client J using identity-based encryption algorithm Jid Encryption is carried out by utilizing server-side public key MPK to obtain ciphertext
Step S56, executing the step S55N times to obtain a ciphertext matrix of the client J:
step S57, using the plaintext p obtained in step S54, and ciphertext C' Jid Conversion to binary C id1 ,C id1 =Flatten(p·I N +BitDec omp (C' Jid ))。
Step S58, outputting the ciphertext C converted by the client R id1 。
Step S59, similarly, the ciphertext of the client S can be converted into the ciphertext corresponding to the identity id of the client J, and the ciphertext is recorded as C id2 。
In the step S6, in the isomorphism evaluation step, users meeting a plurality of different identities perform full homomorphism operation and can decrypt correctly, and the specific steps are as follows:
step S61, step 5 the ciphertext of the client R, S is convertedCiphertext C corresponding to identity id of client J id1 ,C id2 。
Step S62, inputting the master public key MPK, the Boolean circuit f and the converted ciphertext group C of the doctor into the isomorphic evaluation algorithm f =(C id1 ,C id2 ) For the circuit set F, there is Dec (sk) id ,C f )=f(μ 1 ,…,μ t ) To facilitate the operation of sk id =v。
Step S63, homomorphism addition calculation formula is (C id1 +C id2 )v id =(μ Rid +μ Sid )v id +(z Rid ,z Sid )。
Step S64, homomorphic multiplication calculation is
(C id1 C id2 )v id =C id1 (μ Sid v id +z Sid )=μ Sid (μ Rid v id +z Rid )+C id1 z Rid =μ Rid μ Sid v id mod q。
Wherein z is Rid ,z Sid Fault tolerant vectors representing clients R and S satisfyingA distribution, the distribution being represented byN-dimensional fault-tolerant vector of random access +.>Represents a center of 0 and a standard deviation of +.>Normal distribution on [0,1 ]) +.>Discrete distribution on the substrate.
In the embodiment, a uniform random system public and private key is generated through a trapdoor function, a user identity key with indistinguishability is generated by adopting a left sampling algorithm, a plaintext is encrypted by utilizing an identity-based encryption algorithm to obtain a ciphertext, an identity conversion algorithm is executed to convert the ciphertext with a single identity into a ciphertext with multiple identities, then an isomorphic evaluation algorithm is executed to decrypt the ciphertext to obtain a plaintext, decryption time is saved, and algorithm efficiency is improved. In the method of the embodiment, the decryption party can decrypt the ciphertext with multiple identities, and the performance analysis shows that the method is superior to the existing scheme in efficiency and performance. The invention provides an application method of the full homomorphic encryption algorithm with multiple identities on the grid for communication between users, increases the transmission quantity of information, improves the transmission speed, and meets the requirements of the existing big data society.
The above examples are preferred embodiments of the present invention, but the embodiments of the present invention are not limited to the above examples, and any other changes, modifications, substitutions, combinations, and simplifications that do not depart from the spirit and principle of the present invention should be made in the equivalent manner, and the embodiments are included in the protection scope of the present invention.
Claims (6)
1. A lattice-based multi-identity isomorphic encryption method, comprising the steps of:
initializing a system: firstly, generating a system public and private key;
extracting a user key: mapping the first user identity and the second user identity into a reversible matrix by using a full rank function, and generating a first private key corresponding to the first user identity and a second private key corresponding to the second user identity through vector operation;
generating ciphertext: acquiring encryption selection of a first user identity, selecting a plaintext message to be encrypted, and encrypting to obtain a first ciphertext;
decrypting the single identity: decrypting the first user identity through a first private key to obtain a plaintext message;
identity conversion: converting the first ciphertext of the first user identity into a second ciphertext corresponding to the second user identity through an identity conversion algorithm;
isomorphism evaluation: inputting a group of ciphertext after identity conversion, and decrypting after isomorphic operation;
in the step of generating the ciphertext, the encryption mode is as follows:
where μ ε {0,1} is the plaintext to be encrypted, C' represents the ciphertext obtained by encrypting the plaintext Wen once using the encryption algorithm constructed by the obfuscator, I N Is an N-dimensional identity matrix;
the function BitDecomp () operates as follows: for any oneThe vector a of the dimensions is defined as,wherein a is i,j Representation a i The j-th binary bit of the component; the operation of the function flat () is as follows: is provided with->There is flat (a') =bitdecomp (BitDecomp) -1 (a')), wherein the function BitDecomp -1 () Is operated as
In the step of identity conversion, the step of converting the first ciphertext of the first user identity into the second ciphertext corresponding to the second user identity through an identity conversion algorithm is as follows:
ciphertext for inputting a first user identity idAnd passing the identity id of the first user through a coding functionMapping from binary to invertible matrix/>Wherein N represents the ciphertext matrix C of the identity id id Is the number of rows and columns, q represents->Modulus of (a);
(1) If the identity before and after conversion is the same, i.e. id=id', then the ciphertext is outputOtherwise, the following operation is carried out:
1) Calculating a reversible matrix of id' identities:
2) The identity id and the plaintext mu are calculated as follows:
a. randomly selected vectorRandom matrix->Wherein (1)>Representation matrix->W represents the number of columns of matrix G;
b. encrypting the plaintext mu by using an identity-based encryption algorithm IBE-Enc (), and obtaining a ciphertext for encrypting the plaintext of the first user identity once:wherein c 0 And->Is a ciphertext component, jointly forms ciphertext C i ;
Wherein MPK is the system public key of the encryption system, id is the user identity, mu E {0,1} is the encrypted plaintext, and the first ciphertext obtained after encryption is divided into two parts c 0 And
3) Executing the step in 2) for N times to obtain an N-dimensional ciphertext matrix with the identity of id, and using C' id To express:
4) Check if there is some plaintext p e {0,1} so that equation C id =Flatten(p·I N +BitDecomp(C' id ) If yes, outputting p, if not, outputting T;
where p represents whether there is some plaintext in the conversion process so that the conversion equation is true, equation C id =Flatten(p·I N +BitDecomp(C' id ) Represents ciphertext C 'in n dimensions' id Conversion to binary, I N The unit vector of the N dimension is represented, and when the T represents that the p does not exist, the output symbol of the algorithm is represented;
(2) And carrying out the following operation on the second user identity id ' and the plaintext mu ' E {0,1} which correspond to the converted user identity id ':
1) Randomly selected vectorRandom matrix->
2) Encrypting the plaintext mu' by using an identity-based encryption algorithm IBE-Enc (), and obtaining a ciphertext for encrypting the plaintext of the second user identity once:wherein c' 0 And->Is a ciphertext component, which jointly forms ciphertext C' i ;
3) Executing the step in 2) N times to obtain an N-dimensional ciphertext matrix with identity of id ', and using C' id' To express:
4) Ciphertext C' is obtained by using plaintext p obtained in step (1) and 4) " id' Conversion to binary C' id' ,C' id' =Flatten(p·I N +BitDecomp(C” id' ));
(3) Output ciphertext C' id' ;
So far, the ciphertext with the first user identity as id is converted into the ciphertext with the second user identity as id'.
2. The isomorphic encryption method of claim 1, characterized in that the system parameters are input and two matrices are generated by a trapdoor generation algorithm, one of which is a trapdoor matrix, the trapdoor matrix being the system private key and the other being the system public key.
3. The isomorphic encryption method according to claim 2, characterized in that in the system initialization step, the public-private key generation of the system comprises the sub-steps of:
selecting a uniform random matrixn-dimensional uniform random vector->
Trapdoor generation algorithm trapmen (1) n ,1 m ,qH), output matrixAnd trapdoor matrix thereofOutputting a system public key mpk= (B, t), and a system private key msk=r;
wherein n, m,representing the dimension of the public and private key vector of the system, wherein the value of n is an integer and the range of n is more than or equal to 1, q represents the modulus, the value of n is an integer and the range of q is more than or equal to 2, m and->And n and q are m=o (nlbq), respectively>O () represents the higher order infinitely small of a base-2 q logarithm where m is equal to n times, used here to calculate the number of rows and columns of the public key vector; k represents the upper integer of the logarithm of the base q of2, where the dimension +.>H is represented as a random invertible matrix->The random even distribution matrix can be generated by using the trapdoor generation algorithm, and public and private keys constructed by using the matrix are also randomly even distributed.
4. The isomorphic encryption method according to claim 1, characterized in that in the step of extracting the user key, the private key of the user is obtained by the sub-steps of:
using full rank coding functionsMapping user identity id to a reversible matrix +.>
Running left sampling function output vector e≡samplel (B, H) id G, R, t, σ) and such that the vector satisfies B id e=t, whereinWherein m represents matrix B id The number of columns of (a);
order theOutput user identity key +.>
Where B and t represent the system public key,is the primitive matrix disclosed, w represents the column number of matrix G, and the expression is w=nk, H id A reversible matrix representing the identity of the user, +.>Representing a decimal user identity key vector, which is then converted into a binary user identity key v,/by the function Powersof2 ()>Is a system private key; the operation of the function Powersof2 () is as follows: for any->Vector a of dimensions, the following equation holds:
5. the isomorphic encryption method of claim 1, wherein in the decrypting single identity step, the specific decrypting step is:
calculation ofOutput plaintext μ=x i /v[i]The method comprises the steps of carrying out a first treatment on the surface of the Wherein Cv represents the multiplication of ciphertext C with user private key v, < >>The user identity key vector is decimal, and v is binary;
make sk id =v, where sk id A private key for the user; the first l coefficients of the vector v are known to be 1,2, …,2 l-1 Let v [ i ]]=2 i ∈(q/4,q/2],C i For the ith row of ciphertext C, obtain x i ←<C i ,v>。
6. The isomorphic encryption method according to claim 1, characterized in that, in the isomorphic evaluation step, the user satisfying a plurality of different identities performs the homomorphic operation steps as follows:
firstly, ciphertext C of different identities is converted into ciphertext C of the same identity through an identity conversion algorithm id ;
Then, the system public key MPK, boolean circuit f and ciphertext group (C) of the same identity are input into the isomorphic evaluation algorithm 1 ,C 2 ,…,C t ) The isomorphic evaluation algorithm outputs a new set of ciphertext C f Satisfies the requirement that for circuit set F, arbitrary f.epsilon.F, there is Dec (sk) id ,C f )=f(μ 1 ,…,μ t ) Wherein μ is 1 Represents the first plaintext, μ, after decryption t Represents the t-th plaintext after decryption, to facilitate the calculation of sk id =v;
Homomorphism addition calculation formula is (C 1 +C 2 )v=(μ 1 +μ 2 )v+(z 1 ,z 2 );
Homomorphic multiplication formula (C) 1 C 2 )v=C 1 (μ 2 v+z 2 )=μ 2 (μ 1 v+z 1 )+C 1 z 2 =μ 1 μ 2 vmodq;
Wherein C is id Is ciphertext with user identity as id, C id' Is ciphertext with user identity as id', sk id C is the private key of the user 1 v=μ 1 v+z 1 ,C 2 v=μ 2 v+z 2 ,Representing fault tolerant vector->Expressed in distribution->N-dimensional fault-tolerant vector of random access +.>Represents a center of 0 and a standard deviation of +.>Normal distribution on [0,1 ]) +.>Discrete distribution on the substrate.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2019111256940 | 2019-11-18 | ||
CN201911125694 | 2019-11-18 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111526002A CN111526002A (en) | 2020-08-11 |
CN111526002B true CN111526002B (en) | 2023-11-14 |
Family
ID=71910171
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010578978.1A Active CN111526002B (en) | 2019-11-18 | 2020-06-23 | Fully homomorphic encryption method for multiple identities based on lattice |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111526002B (en) |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112016120B (en) * | 2020-08-26 | 2024-03-26 | 支付宝(杭州)信息技术有限公司 | Event prediction method and device based on user privacy protection |
CN112039653B (en) * | 2020-08-28 | 2021-09-28 | 西安电子科技大学 | Cloud outsourcing data encryption and decryption method based on neural network activation unit |
CN112073172B (en) * | 2020-09-02 | 2021-11-05 | 北京邮电大学 | Grid identity-based dual-receiver fully homomorphic encryption method and system |
CN112929153B (en) * | 2021-02-23 | 2022-07-22 | 上海麟羿信息科技有限公司 | Data multi-stage encryption system and method based on complete homomorphic encryption |
CN113204755B (en) * | 2021-04-20 | 2022-10-14 | 重庆工业职业技术学院 | Data capture method for block chain big data security |
CN114422107B (en) * | 2022-03-31 | 2022-06-17 | 四川高速公路建设开发集团有限公司 | Fault-tolerant ciphertext data aggregation method based on intelligent engineering construction system platform |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105933102A (en) * | 2016-04-06 | 2016-09-07 | 重庆大学 | Identity-based and hidden matrix-constructed fully homomorphic encryption method |
CN106788963A (en) * | 2017-01-05 | 2017-05-31 | 河南理工大学 | A kind of full homomorphic cryptography method of identity-based on improved lattice |
CN109831297A (en) * | 2019-01-24 | 2019-05-31 | 中国人民武装警察部队工程大学 | A kind of full homomorphic cryptography method of more identity for supporting thresholding to decrypt |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10333696B2 (en) * | 2015-01-12 | 2019-06-25 | X-Prime, Inc. | Systems and methods for implementing an efficient, scalable homomorphic transformation of encrypted data with minimal data expansion and improved processing efficiency |
EP3166251B1 (en) * | 2015-11-09 | 2020-10-28 | Certsign S.A. | Fully homomorphic encryption from monoid algebras |
-
2020
- 2020-06-23 CN CN202010578978.1A patent/CN111526002B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105933102A (en) * | 2016-04-06 | 2016-09-07 | 重庆大学 | Identity-based and hidden matrix-constructed fully homomorphic encryption method |
CN106788963A (en) * | 2017-01-05 | 2017-05-31 | 河南理工大学 | A kind of full homomorphic cryptography method of identity-based on improved lattice |
CN109831297A (en) * | 2019-01-24 | 2019-05-31 | 中国人民武装警察部队工程大学 | A kind of full homomorphic cryptography method of more identity for supporting thresholding to decrypt |
Non-Patent Citations (1)
Title |
---|
汤永利 ; 胡明星 ; 叶青 ; 秦攀科 ; 于金霞 ; ."改进的格上基于多身份全同态加密方案".《北京邮电大学学报》.2018,(01),参见正文第2-3节. * |
Also Published As
Publication number | Publication date |
---|---|
CN111526002A (en) | 2020-08-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111526002B (en) | Fully homomorphic encryption method for multiple identities based on lattice | |
JP4859933B2 (en) | Ciphertext generation apparatus, cryptographic communication system, and group parameter generation apparatus | |
CN110233730B (en) | Privacy information protection method based on K-means clustering | |
TW202013927A (en) | Post-quantum asymmetric key generation method and system, encryption method, decryption method, and encrypted communication system based on prime array | |
CN104320393B (en) | The controllable efficient attribute base proxy re-encryption method of re-encryption | |
CN110635909B (en) | Attribute-based collusion attack resistant proxy re-encryption method | |
WO1997031448A1 (en) | Communication method using common key | |
CN110138543B (en) | Blind signcryption method under lattice public key cryptosystem | |
CN106788963B (en) | Improved identity-based full homomorphic encryption method on lattice | |
CN109981265B (en) | Identity-based ciphertext equivalence determination method without using bilinear pairings | |
CN107425955B (en) | High-efficiency fixable-dimension trap door derived lattice upper identity base hierarchical encryption method | |
CN105933101B (en) | A kind of full homomorphic cryptography public key compression method based on the offset of parameter high order | |
CN113162751A (en) | Encryption method and system with homomorphism adding function and readable storage medium | |
CN113660226A (en) | Energy data credible sharing system and method based on block chain | |
CN112152779A (en) | Lattice-based homomorphic proxy re-encryption method for resisting strong collusion attack | |
Zhao et al. | Quantum-safe HIBE: does it cost a Latte? | |
Mittal et al. | A quantum secure ID-based cryptographic encryption based on group rings | |
Ma et al. | Lattice-based identity-based homomorphic conditional proxy re-encryption for secure big data computing in cloud environment | |
Wei et al. | Cost-effective and scalable data sharing in cloud storage using hierarchical attribute-based encryption with forward security | |
CN110247761B (en) | Ciphertext strategy attribute encryption method supporting attribute revocation in lattice manner | |
CN112468284A (en) | SHE-based secure outsourcing method | |
CN110460442B (en) | Grid-based key encapsulation method | |
Nayak et al. | SEMKC: secure and efficient computation over outsourced data encrypted under multiple keys | |
CN107425972B (en) | Graded encryption method based on identity | |
CN111817853A (en) | Signcryption algorithm for post-quantum security |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |