CN112737764A - Lightweight multi-user multi-data all-homomorphic data encryption packaging method - Google Patents

Lightweight multi-user multi-data all-homomorphic data encryption packaging method Download PDF

Info

Publication number
CN112737764A
CN112737764A CN202011448937.7A CN202011448937A CN112737764A CN 112737764 A CN112737764 A CN 112737764A CN 202011448937 A CN202011448937 A CN 202011448937A CN 112737764 A CN112737764 A CN 112737764A
Authority
CN
China
Prior art keywords
data
service provider
cloud server
csp
calculation
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202011448937.7A
Other languages
Chinese (zh)
Other versions
CN112737764B (en
Inventor
周俊
沈华杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
East China Normal University
Original Assignee
East China Normal University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by East China Normal University filed Critical East China Normal University
Priority to CN202011448937.7A priority Critical patent/CN112737764B/en
Publication of CN112737764A publication Critical patent/CN112737764A/en
Application granted granted Critical
Publication of CN112737764B publication Critical patent/CN112737764B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/008Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions

Abstract

The invention discloses a light-weight multi-user multi-data fully homomorphic data encryption packaging method which is characterized in that a homomorphic configuration of multi-user multi-keys, an arbitrary one-way trapdoor replacement and an outsourcing calculation method of an arbitrary hash function are adopted, privacy protection of multiple users and each user with multiple input data and independent encryption keys is realized, and outsourcing calculation and decryption specifically comprise the following steps: system initialization, key generation, encryption, outsourcing calculation and decryption. Compared with the prior art, the method is simpler and easier to implement, efficient privacy protection outsourcing computation can be realized under the condition that a plurality of users and each user have a plurality of input data and independent encryption keys, the data security of the users is ensured by using the cloud server and the password service provider, the ciphertext security can be adaptively selected, and the requirements of high efficiency and privacy of multi-user multi-data security outsourcing computation are met.

Description

Lightweight multi-user multi-data all-homomorphic data encryption packaging method
Technical Field
The invention relates to the technical field of security outsourcing calculation and homomorphic encryption, in particular to a light-weight multi-user multi-data fully homomorphic data encryption packaging method under a double-server model.
Background
With the rapid development of computer applications, more and more valuable data are generated from each terminal, and the value of the data cannot be played through effective processing due to the limitation of storage and computing capacity of the device. Massive data owners outsource data to resource-rich cloud servers for processing and storage. However, in real-world applications, the cloud server often works in an untrusted environment, and for the purpose of business interest and the like, the semi-trusted cloud server usually honestly performs data processing and returns correct results to the outsourced computing result receiver. But the private data of the user is snooped in the data processing process or the interaction process with the user, and the malicious cloud server can destroy the correct execution of the outsourcing computing protocol through any behavior. On the other hand, even if the cloud server itself has no malicious behavior, the servers exposed on the network are still subject to infiltration of hackers, and the leakage of user privacy data caused by server attacks or loopholes is countless every year. Therefore, how to realize efficient and correct ciphertext domain data processing and outsourcing computation on the premise of protecting user data privacy becomes a very challenging open research problem in the current cloud computing field.
In order to prevent privacy leakage of user data and guarantee information security, the most direct method is to protect confidentiality of data through various encryption methods before outsourcing the data to a cloud server. The basic process of data encryption is to process original plaintext data into an unreadable code, i.e. ciphertext, according to a certain encryption algorithm under the action of a secret key. The decryption party can recover the original plaintext data only by inputting the corresponding secret key and decrypting the ciphertext through the decryption algorithm, and the data is encrypted through the means, so that the aim of protecting the data from being illegally stolen is fulfilled.
The secure outsourcing computation needs to meet the following two basic privacy protection requirements: 1) input privacy: namely, the input data privacy of the data owner can resist collusion attack initiated by a semi-trusted or malicious cloud server and a malicious receiver; 2) calculating result privacy: i.e. outsourced computation results can only be decrypted by the authorized recipient. The public key homomorphic encryption has the property that the computing operation executed on the ciphertext keeps the same computing operation executed on the corresponding plaintext, so that various secure outsourcing computing functions on the ciphertext domain can be realized, and the public key homomorphic encryption is widely applied to the field of cloud computing. Specifically, a data owner uses a public key of a receiving party of outsourced computing results, encrypts each input data locally used for outsourced computing by using public key homomorphic encryption and then sends the encrypted input data to a cloud server, the cloud server performs various outsourced function computations on a ciphertext domain and sends ciphertext computing results to the receiving party, and the receiving party decrypts plaintext computing results by using a private key of the receiving party.
Although the public key homomorphic encryption in the prior art can realize the secure outsourcing calculation on a cryptograph domain in function, the calculation and communication complexity of the algorithm is overhigh, and the complexity of the use times of the local public key encryption algorithm of a user is as follows: and O (n), wherein n is the number of input data. Therefore, the huge computation overhead and communication overhead cannot meet the objective performance requirement of the limited local user resources. More importantly, most of international lightweight security outsourcing computing protocols only provide effective solutions for single-user multi-data scenes, and cannot meet the more general scene requirement of multi-user multi-data, namely, each user encrypts respective input data by using own secret key, and the cloud server executes privacy protection outsourcing computing on ciphertext data encrypted by using different secret keys. Therefore, finding a new lightweight multi-user multidata outsourcing computation method is a challenging open problem to be solved urgently.
Disclosure of Invention
The invention aims to design a lightweight multi-user multi-data all homomorphic data encryption packaging method aiming at the defects of the existing security outsourcing computation, which adopts an outsourcing computation method of random one-way trapdoor replacement and random hash function and homomorphic configuration of multi-user multi-key to realize high-efficiency privacy protection outsourcing computation, simultaneously supports addition, multiplication on a ciphertext domain and various complex outsourcing function computations formed by the addition and the multiplication, ensures the data security of users by using two outsourcing servers (namely a cloud server and a password service provider) which cooperate but not cooperate to achieve the adaptive selection of the ciphertext security (CCA2), can realize high-efficiency privacy protection outsourcing computation under the scene that a double-server model and a plurality of users each have a plurality of input data and independent encryption keys, and has the advantages of simple, easy, flexible and high-efficiency, the requirements of high efficiency and privacy of multi-user multi-data security outsourcing calculation are met.
The purpose of the invention is realized as follows: a lightweight multi-user multi-data all-homomorphic data encryption packaging method is characterized in that a plurality of data owners, a calculation result receiver, a cloud server SER (cloud Server) and an encryption service provider CSP (cryptographic Services provider) are adopted for security outsourcing calculation under a multi-user multi-data scene. The method comprises the following steps that a computation result receiving party requests a outsourcing computation task from a cloud server, a plurality of data owners provide input data encrypted by respective keys, the cloud server and a password service provider jointly execute outsourcing function computation on ciphertext input data to obtain an encrypted computation result, and a computation result receiving party decrypts the encrypted computation result to obtain a plaintext computation result, wherein the outsourcing computation and decryption specifically comprises the following steps:
system initialization
Under the condition of given security parameters, the system executes the trapdoor replacement generator to generate public keys and private keys of a pair of one-way trapdoor replacement and reverse replacement and three pairs of trapdoor replacement, respectively sends the public keys and the private keys to the cloud server, the password service provider and the receiver, and generates two hash functions. And disclosing three public keys and two hash functions, wherein the three private keys are respectively stored by the cloud server, the password service provider and the receiver.
(II) Key Generation
Each data owner generates a set of keys for encrypting input data, and the cryptographic service provider also generates a set of keys for re-encryption.
(III) data encryption
The data owner encrypts and encapsulates all input data owned by the data owner by using an own encryption key, and encrypts the data encryption key under a public key of the cloud server and a public key of a password service provider respectively by utilizing one-way trapdoor replacement. And selecting random numbers to blindly encrypt data. And meanwhile, the hash function is used for abstracting all ciphertext input data, so that the ciphertext input data are prevented from being tampered in the transmission process, and finally, the input data encryption result is sent to the cloud server.
(IV) outsourcing computation of data
The cloud server receives ciphertext input data sent by all data owners, performs random outsourcing function calculation based on addition and multiplication on the data on a ciphertext domain together with a password service provider, and sends a ciphertext calculation result to a receiving party.
(V) data decryption
And the receiver decrypts the data encryption key by using the private key replaced by the one-way trapdoor, and then decrypts the outsourced calculation result on the ciphertext by using the private key.
The main use parameters are shown in the following table 1:
TABLE 1 parameter List
Parameter(s) Means of
λ Safety parameter
f,f-1 Unidirectional trapdoor displacement and reverse displacement
pkf,skf Public and private key replaced by one-way trap door
H0,H1 Cryptographic hash function
pbki=Yi Temporary public key of ith data owner
pvki=(pi,qi,si,vi,Ti) Temporary private key of ith data owner
mi.i Ith data of ith data owner
ns(i=1,2,…,nS) Number of data owners
ni(i′=1,2,…,ni) Amount of data owned by each data owner
ri Random number for data owner i to encrypt data
r Random number for CSP re-encrypted data
The specific processes of generating the public parameters, unidirectional trapdoor replacement and public and private keys thereof in the step (I) are as follows:
a) input 1λWherein λ is a security parameter;
b) system (trusted third party) running probabilistic polynomial time algorithm
Figure BDA0002831577560000031
Output a set of {0,1}Function (f, f) of-1) Three pairs of public and private keys (pk)f,ser,skf,ser),(pkf,csp,skf,csp) And (pk)f,rec,skf,rec) Two hash functions H0,H1The mapping range is {0,1}*→{0,1}The common parameter thus generated is PPR ═ p (pk)f,ser,pkf,csp,pkf,rec,H0,H1The secret parameter is SK (SK ═ sf,ser,skf,csp,skf,rec) The secret parameters are respectively kept by the cloud server, the encryption service provider and the receiver.
The specific process of generating the data encryption key in the step (two) is as follows:
a) the system initializes a plaintext space size N0And sets the plaintext space to
Figure BDA00028315775600000412
b) Each data owner i randomly selects four large prime numbers pi,qi,si,viWherein: | pi|=|qi|=|si|=|viλ, such that piqi=Ni≥N0Let Ti=piqisi,Yi=piqisiviThe temporary public key of the sender i is recorded as pbki=YiThe temporary private key is pvki=(pi,qi,si,vi,Ti
c) The cryptographic service provider randomly selects four large prime numbers p, q, s, v, where: i p | q | s | v | λ, so that pq ≧ N0Let T be pqs, Y be pqsv, let pbk be T, and the temporary private key be pvk (p, q, s, v, N, T).
The specific process of adding the sealed data in the step (three) is as follows:
a) data owner i generates niA plaintext data mi,i′(i=1,2,…,nS;i′=1,2,…,ni) Each of
Figure BDA0002831577560000041
Are all in the clear space. For each plaintext, m is calculatedi,i′,p=mi,i′mod p,mi,i′,q=mi,i′mod q。
b) Data owner i calculation
Figure BDA0002831577560000042
So that
Figure BDA0002831577560000043
Randomly selecting a random prime number ri∈{0,1}And n isiIndividual blinding factor ri,i′∈{0,1}. And respectively using public keys of the server and the cryptographic service provider to perform one-way trap door replacement calculation according to the following formula 1:
Figure BDA0002831577560000044
for each piece of data mi,i′The one-way trapdoor replacement calculation is carried out according to the following formula 2:
Figure BDA0002831577560000045
c) data owner i uses a cryptographic hash function H0Calculating according to the following formula 3-4:
Figure BDA0002831577560000046
Figure BDA0002831577560000047
the data owner i will then
Figure BDA0002831577560000048
And sending the data to the cloud server.
The specific process of performing any polynomial calculation on the ciphertext by the data in the step (four) is as follows:
a) let the polynomial of the outsourcing calculation be
Figure BDA0002831577560000049
Wherein
Figure BDA00028315775600000410
Degree of the polynomial is degF=max(e1,e2,…,en)。
b) Cloud server receiving
Figure BDA00028315775600000411
Then, using one-way trapdoor inverse permutation calculation
Figure BDA0002831577560000051
And checking and calculating
Figure BDA0002831577560000052
If not, the cloud server terminates the protocol, and if so, the cloud server sends Ci,i′,Ci,csp,C′i,cspTo a cryptographic service provider.
c) The cryptographic service provider receives Ci,i′,Ci,csp,C′i,cspThen, the inverse permutation calculation of the one-way trap door is firstly used
Figure BDA0002831577560000053
And verify
Figure BDA0002831577560000054
Whether or not this is true. If not, the cryptographic service provider stops the agreement, if so, the cryptographic service provider selects a random number ri,csp∈{0,1}And each ciphertext is re-encrypted according to the following formulas 5-7:
C′i,i′=Ci,i′mod Ni=rimi,i′mod Ni, (5);
C′i,i′,q=C′i,i′mod q,C′i,i′,p=C′i,i′mod p, (6);
Figure BDA0002831577560000055
wherein: p is a radical of-1p≡1mod q,q-1q≡1mod p。
The cryptographic service provider then performs the calculation of the cryptographic hash function according to equation 8 below:
Figure BDA0002831577560000056
finally, the cryptographic service provider sends CCsP=({C″i,i′(i=1,2,…,nS,i′=1,2,…,ni)},C′rec,csp) To the cloud server.
d) Server receives CCSPThen, a priori calculate
Figure BDA0002831577560000057
If not, terminating the protocol, if not, then the server randomly selects a prime number r belonging to {0,1}And calculate
Figure BDA0002831577560000058
C″i,i′,SER=rC″i,i′,ser
Memory polynomial
Figure BDA0002831577560000059
One of them is
Figure BDA00028315775600000510
Computing
Figure BDA00028315775600000511
And will be
Figure BDA00028315775600000512
To a cryptographic service provider.
e) Cryptographic service provider receipt
Figure BDA00028315775600000513
Then, checking
Figure BDA00028315775600000514
If the answer is not true, the protocol is terminated, and if the answer is true, the following formulas 9-11 are calculated:
Figure BDA00028315775600000515
Figure BDA00028315775600000516
Figure BDA0002831577560000061
and will be
Figure BDA0002831577560000062
And sending the data to the cloud server.
f) Last cloud server computing
Figure BDA0002831577560000063
Then will be
Figure BDA0002831577560000064
Figure BDA0002831577560000065
Is sent to a receiving party。
The decryption algorithm involved in the step (five) comprises the following specific processes:
a) the receiving party receives CFAnd then, performing inverse replacement calculation of the one-way trap door according to the following formula 12:
Figure BDA0002831577560000066
then checking
Figure BDA0002831577560000067
If the answer is not true, the protocol is terminated, and if the answer is true, the protocol is calculated according to the following formula 13:
Figure BDA0002831577560000068
the mathematical theory involved in the invention is as follows:
1. hash function
The Hash function maps the variable-length message to a fixed-length Hash value or message digest, and the Hash algorithm is performed in many ways, and currently, methods commonly used include MD2, MD4, MD5, and secure Hash algorithm (SHA-1). For a Hash function (a string composed of 0 and 1) in which both input and output are bit strings, the length of the bit string x is denoted as | x |, and the bit strings x and y are denoted as x | | y. Let compression: {0,1}m+t→{0,1}mIs a compression function (where t ≧ 1). An iterative Hash function h is constructed based on the compression function compress:
Figure BDA0002831577560000069
the evaluation of the iterative Hash function h consists essentially of the following three steps.
1) Pretreatment: given an input bit string x, where | x | ≧ m + t +1, a string y is constructed with a disclosed algorithm such that | y | ≡ 0(mod t). Is recorded as y ═ y1||y2||…||yrWherein for 1. ltoreq. i. ltoreq. r, there is yi|=t。
2) And (3) treatment: let IV be oneA disclosed initial value bit string of length m. Then calculate: z is a radical of0←IV,
z1←compress(z0||y1),
z2←compress(z1||y2),
Figure BDA00028315775600000610
zr←compress(zr-1||yr),
3) And (3) output conversion: let g: {0,1}m→{0,1}lIs a public function. Define hash function h (x) g (z)r)。
2. Public key encryption scheme
The public key encryption scheme consists of a key generation algorithm, an encryption algorithm and a decryption algorithm.
The key generation algorithm: input of safety parameters 1nOutputting a pair of public and private keys (pk, sk), wherein pk is the public key and sk is the private key;
and (3) encryption algorithm: inputting public key pk, message m, and outputting cipher text c ← Encpk(m);
And (3) decryption algorithm: inputting private key sk and cipher text c, and outputting m as Decsk(c)。
Correctness requirements for public key cryptographic algorithms, except for negligible probability, for the algorithm Gen (1) generated by the keyn) The obtained public and private keys (pk, sk) have Decsk(Encpk(m)) — m holds.
3. Theorem of Chinese remainder
By setting m1,m2,…,mkIs a positive integer of two-two reciprocity, then for any integer b1,b2,…,bkFirst congruence equation set
Figure BDA0002831577560000071
Must have a solution and all solutions form a modulus m1,m2,…,mkA congruence class of (c).
Compared with the prior art, the invention has the following advantages:
1) safety: in the security outsourcing computation realized by public key homomorphic encryption, the input privacy and the computation result privacy can only achieve the adaptive selection plaintext security (CPA security), in the lightweight multi-user multidata homomorphic data encapsulation method under the double-server model provided by the invention, the computation result privacy can achieve the adaptive selection ciphertext security (CCA2 security) for unauthorized receivers under the condition that the input privacy is not conspirable by a cloud server and a password service provider, wherein the CCA2 security is higher than the CPA security.
2) The efficiency achieved: the computation complexity of an outsourcing computation protocol realized by utilizing the public key fully homomorphic encryption in the local resource-limited user is O (n), wherein n is the number of input data; in the method for encapsulating the lightweight multi-user multi-data fully homomorphic data under the dual-server model, only two times of random one-way trapdoor replacement (the algorithm complexity of the method is equivalent to that of one-time public key encryption) are needed to calculate the encrypted random number as the symmetric key, and then the symmetric fully homomorphic mapping with the key is used for encrypting and encapsulating the input data. Since the algorithm complexity of symmetric encryption is 3 to 5 orders of magnitude faster than public key encryption, the computational complexity of this part is negligible. Therefore, in the light-weight multi-user multi-data fully homomorphic data encapsulation method under the dual-server model, the calculation complexity is increased to O (1), namely, the method is independent of the number n of input data.
3) High availability: most of international existing security outsourcing computing protocols are usually only suitable for single-user multi-data scenes, and the outsourcing computing scheme realized by the method supports arbitrary multivariate polynomial function outsourcing computing under multi-user multi-data scenes and has higher availability. In the lightweight multi-user multi-data fully homomorphic data packaging method under the dual-server model, the unidirectional trapdoor replacement can be instantiated by various specific public key encryption algorithms according to the security requirements under different network application scenes, such as RSA encryption, identity-based encryption, attribute-based encryption, proxy re-encryption and the like, and the method has more flexibility.
Drawings
FIG. 1 is a system diagram of the architecture of the present invention;
FIG. 2 is a schematic flow chart of the present invention.
Detailed Description
The present invention is further illustrated by the following specific examples.
Example 1
Referring to fig. 1, in the present invention, a system (trusted third party) generates public parameters and keys, a plurality of data owners encrypt and encapsulate a plurality of messages with their respective keys and send the messages to a cloud server, the cloud server and a cryptographic service provider perform multivariate polynomial calculation on encrypted data in a ciphertext domain, and a receiver decrypts a calculation result. The method is realized based on two times of random one-way trapdoor replacement, can be flexibly applied to different network scenes, meets the requirements on correctness, high efficiency and privacy, and can achieve the safety of adaptively selecting the ciphertext (CCA2 safety) in the aspects of the safety of input privacy and the privacy of calculation results.
Referring to fig. 2, the specific implementation process of the present invention is as follows:
the method comprises the following steps: system (trusted third party) initialization
a) Input 1λWherein λ is a safety parameter, and λ is 512;
b) system (trusted third party) running probabilistic polynomial time algorithm
Figure BDA0002831577560000081
Output a set of {0,1}Function (f, f) of-1) Three pairs of public and private keys (pk)f,ser,skf,ser),(pkf,csp,skf,csp) And (pk)f,rec,skf,rec) Two hash functions H0,H1The mapping range is {0,1}*→{0,1}The common parameter thus generated is PPR ═ p (pk)f,ser,pkf,csp,pkf,rec,H0,H1) The secret parameter is SK (SK ═ sf,ser,skf,csp,skf,rec) Secret parameter scoreRespectively, kept by the cloud server, the encryption service provider and the receiver. In a specific implementation, we use RSA as a single trap gate to generate three pairs of RSA keys.
For the cloud server, two 1024-bit big prime numbers are selected:
pf,ser=122182835497602646970435161652673859489388648119023022721640022253004097852738500457923107218337120884509714428573065515141617542509728502027111707207772238846505714021188709219013288021835624583947890928789406604357074680786482122540676609811492233762394550112870985911335964387656100770874761812431557859229;
qf,ser=146816290651568552463520893108450661851266711447975232562124137261274811464154583402940643941562833744801896250653909610028020274741135187141746077452251712450380256984468264435119556062306391941855485115558267743235453032634555141091710215468523927326037675740069924200773724586876543458902282339357446443627;
calculating n ═ p × q;
nf,ser=pf,ser*qf,ser=17938430689048817783440483309661157377611271517276081186433284542789174731557582611259003711414243221597425843307613681734792534345750155812092072667611985373839179706273895437237500391305542495510527791335918969395574735004498810988762474474749672056035044626846420678977515288543196203598867011282401629515353005267333293837859090007000682677471036803597974218003173440948153567004587369657294962557458595352199094485110690809949352266016441796445592958345822941530806698695982156405413833836632510516812455998770673231429438285097455647006836641835720099487008083386857949676688581497406968185344050755687550183583;
selecting prime e, ef,ser=65537;
Calculating d so that d is e-1modφ(n);
Figure BDA0002831577560000091
Figure BDA0002831577560000092
skf,ser=(df,ser);
For the cryptographic service provider, two large prime numbers of 1024 bits are chosen:
pf,csp=171264298779685239581536383180723040790941972865837421833280255944444153148729296493618345344066877975943815976882912906424025161637173989978784510791287962170210136940863753413333979268721465734734727934038588562311440958965856676847252156164875649028288078043757416277300587487665932208269895339670227784711;
qf,csp=109336909022555504734614917909130513387802617738328881676890937082092219514999911192112761544724354250572905019730363639830348101504338027912854752296186274739149027658427888565710485783132159768633993884335081922779501508005538010700046336028483359124689907883946961736611137810280727910939072333861721942823;
calculating n ═ p × q
nf,csp=pf,csp*qf,csp=18725509054486208790765335936945421318033565874923140747577739921387460916236243836844882857172586276882181436048833971572221094727101420454201914250920064619273961646000001424241628801090561699422963689989036078741903476469576492870235837171931035145046742165517648692705339881575712364212656884574525937786071664285060895679363266406185520450612120717900049822299075036527869461337360148137121550988958548415300835802409131292910777685991736865757186316854697332077766922531523221899419657349853560738187230707398513314640121629901232771587290162180357845361437596886206430740419320525542120083482691535118295579153;
Selecting prime e, ef,csp=65537;
Calculating d such that d is equal toe-1modφ(n);
Figure BDA0002831577560000101
pkf,csp=(nf,csp,ef,csp);
skf,csp=(df,csp);
For the receiver, two large prime numbers of 1024 bits are selected:
pf,rec=176065764957007503583966108739314752193663118671660394808180098009955848417674886957762663447393897714688476985470769701772382869599004267780000452707842076819793910051796644977218627532010666208522069782125483130757011868520349888360636521921928583489112098792161216386316538481862099707241130190930651137763;
qf,rec=90504743214929193654191021476685689885363668274292847353277599597011846975692383696753972603241163282734339697759655473831217420297100683121139413605209428299006953523285522412994860150965644180993960673895220244156169155637659811002160220966588071407538067527931303716476691586713623328746547036632477973161;
calculating n ═ p × q;
nf,rec=pf,rec*qf,rec=15934786846374043053256376656706969642068690495453919368453605660206275312654453663238196608887170179315207706497579873626198660903689639612381907074017597110645657778603059697983885458871380130465748605951521563915204779189533326377277331280267503279387202777546830874283192676895400318041381228002610897032020047823080824648144176865694083370960290284918028733336735866039187543504448748304704586420807625186760399934405163758244225267530930399622073459694165257655893856523686506826922836596766580407382893246948816247794632300380518257894381931996452462139952986479681090273089909524371721965738496390320827578843;
selecting prime e, ef,rec=65537;
Calculating d so that d is e-1modφ(n);
Figure BDA0002831577560000111
pkf,rec=(nf,rec,ef,rec);
skf,rec=(df,rec)。
Step two: key generation
a) The system initializes a plaintext space size N0And sets the plaintext space to
Figure BDA0002831577560000112
N0=28088143026658587954712639591696820848925374214980814442303043904573965801716266964654049619179401927733997388196270615119407163486954878100290689787567717583286649727433785530465428140745089513995269455229327911758489754184204487843008227417543978659709595782535221609741288137733012722023080856295020317631;
b) Randomly selecting four large prime numbers p by each data owner ii,qi,si,viWherein: | pi|=|qi|=|si|=|viλ, such that piqi=Ni≥N0Let Ti=piqisi,Yi=piqisiviThe temporary public key of the sender i is recorded as pbki=YiThe temporary private key is pvki=(pi,qi,si,vi,Ti);
In this case, two data owners are selected, and the temporary public and private key generation process of the data owner 1 is as follows:
p1=11099536553499459898516049664967251737499063278333702052526991495067871775158295400297965317872050972378517828382705877058120311419742640666521555853492287;
q1=9194893298935351728001588829826916490207244335204463850316984841070975758431400808385102430015197346835233732300753968907123798485465759923860423879054241;
s1=12523019225077159287665906501626625103372331350880922929412298034043122455436294962985303319555044204546295963708780504060524940438378805229367988307438721;
v1=6767971895215293416530261319164008397382046068199056757012828419896434116188025383664064519279775548395390373582083066016327007292819258747816994235713121
N1=p1*q1=102059054277060172962817504747727369883587818222266646567301027482286244943030092211006884037726549622090735766816625016291741146840404474589721278772201914240903227909711289968085070869942933247170290831519335424838985522945181752534106065281851263082425062791328579871453748497657844971183685988170548139167;
T1=p1*q1*s1=1278087498804817826423062873317185294068879832960594051055643032880510657744981233255654914705383015028835270648826989744568416469427553326711911100246839837571557774807511193319257054128477035914349050556668312544360214412041310721976950357375543471478430447817410913926406520843010766082271435580101017878170638887904539065539091980714580392940769717121516571625337950667141012121828521798168162954061554772732546003562697279562741510467859241653235770432485407;
Y1=p1q1s1v1=8650060271537016964068583416660242464531533239621167526395677474909527688711401072041199168083557353749329630742390037452061450827508326945524450400923789796957929046630618752147337789773206798251955926675655757760921284741625576429797138764619331720267586586625293591711249828416776999094653835002535212205672651264098300528753297583060560526184413758440962805200774375714760651940448089533985091969196309071897466722967942593769107611456245990165099930983152557329820741431998046808315295092564995560948345922844796630638123706990256420651866753328295916604730029912396393699984321461201230440726209087213070925247
the temporary public key is pbk1=Y1The temporary private key is pvk1=(p1,q1,s1,v1,N1,T1)。
The temporary public and private key generation process of the data owner 2 is as follows:
p2=8775962283543411198995238036523693737439740017930452128349615981039060599032137369762819115501558204860395734335512819933983359398838922342356845708403007;
q2=9146114780791983977404804189280723014572807755285331117170206537297914463118065116924547238746024261565592206787584244901184534886810869226132400671740147;
s2=13271609844297503119508230267825779083590169723107634547770144167240356182765975408764931409721973430950936714510586541856789627653203365506967923519474283;
v2=12390016500853115282354559043564379585405211339927293724511586461124517020901941891929738510167097711433577194071653536644088787214005182052904437384069089
N2=p2*q2=80265958357189365453623126506342115341135104954224145472901895742770573568726128569542681967544649778296130863750261387522675548273566714621420996429082163677816446481237349381804112039626311171335617926341744364939789514137996106466187797039789048473686186973201094068276459082193739930327002745755057422029;
T2=p2*q2*s2=1065258483095247823727999753016878258489102446421468969069520777571161589712138229262223588531897878753521614013421870543056354160300966494680680617686710810075865073772632131706954411223313988792276510821645860570011539835423774241389872579454639311191112719550344308804426388103972611135095251786543324242301466436779405854934861422010823131099102676451713163076947547703620315680317075843396822793823039551102056691792781145727877246396162466916323699343180207;
Y2=p2q2s2v2=13198570183223879899165400060789738089029681411868570121726878480884112650156382686188272534981302156304691303562024558791209756251172695534124174073516179487854365529258077955972333493272857858545708139535426364635942917432950061738931581465217090306224202549897505375193511804070825704081545497022021408055624302721620809964137777096088747922311264036130608105107650188615854223624051724111804132630632505886464106046902531081164475743239659606976067420785827291327677052023270278434183908307818801195863781199356540643125457332228335162765720672502335510142267547826584501841730497831352845885975076723579465321423
the temporary public key is pbk2=Y2The temporary private key is pvk2=(p2,q2,s2,v2,N2,T2)。
c) The cryptographic service provider randomly selects four large prime numbers p, q, s, v, where: i p | q | s | v | λ, so that pq ≧ N0Let T be pqs, Y be pqsv, let pbk be T, and the temporary private key be pvk (p, q, s, v, N, T).
P is 9289878302888150863914474498352928928332946842718512265330071523962939394301183687826264082118605614104565178122739647960472448270630557638408684081139779;
q=11276303102752040299608605406369939227606782460316296329157916705440909732416336143075396034239743030665777693333756451283233966888929612941121810819376393;
s=8033578914450776359144513070467450583461683897451899910512683768881747936804393843640139615347977007267759127407926921867535340071401840614743825758184669;
v=8062392842760160262881400557885474161887347722891043184191219727057034846286535621504105828196362034976236033907942065363002222983867974021422598267763739
N=p*q=104755483531046514008034256347388900510568924962205210108849231090832971743964674149131338896507804138196813369424919499252763468989856664064944344436220038493668256834106315218176358074298776473387626262726449377602467923291067377555798762746749167577239629206596787489803730048534699734109497760821445837147;
T=p*q*s=841561443668110834754697775999612292872396503988360828903550362558139097427356043611464411680141880501966705340066846131060975525972321671049200628605500504232371606243880192813182935565259581552245885688713529982739023526413393202213319199422610209896649226533813429460241226368798952257299582158151333548709564491525132958755795035352823649768204753067531930026727363929906633019551551860911020673553095527222772534882631193029294449144475982722947413726099343;
Y=p*q*s*v=6784998960172684586038522274228741238863552198293828679760140371378157381067796258368314467827198008648970158960863245294295625338762269642078576627343166609133313260970133201165282713405493796375616457983809535362657878544965800272464411499673637703592906143236037164335354563349227220734484057064583263628055939932376649100187844153269621161787147935163226110266239598746550032420914155661771669587401084699223155745647346377668597171469273077536686854429088429299412640021626579834918520787590034255903021676499360636430404427598041586091106860197379877720909079603672474784102286376185669130790932833395967123477
the temporary public key is pbk ═ Y, and the temporary private key is pvk ═ p, q, s, v, N, T.
Step three: data encryption
In the implementation process, taking two data owners, respectively owning 2 and 3 pieces of data as an example,
the final calculation function:
Figure BDA0002831577560000151
a) data owner 1 generates 5 plaintext data 9257,5405, for each plaintext,
calculate mi,i′,p=mi,i′mod p,mi,i′,q=mi,i′mod q。
Data owner 2 generates 3 plaintext data [11307,10059,7846]For each plaintext, m is calculatedi,i′,p=mi,i′mod p,mi,i′,q=mi,i′mod q。
b) Data owner i calculation
Figure BDA0002831577560000152
So that
Figure BDA0002831577560000153
Figure BDA0002831577560000161
Figure BDA0002831577560000162
Figure BDA0002831577560000163
Figure BDA0002831577560000164
Randomly selecting a random prime number ri∈{0,1}And n isiIndividual blinding factor ri,i′∈{0,1}. Respectively using public keys of a cloud server and a password service provider to perform one-way trap door replacement calculation:
r1=10646712892003829280515525854885442975862032001197737276656751403889793851636729131988380395793657982324877634941217066383853168796866630443818455890520812;
r2=10138025061207181251439247067150137728718992384059309657994107207359954080306747499565315177793547388665823918656598855434814809990022138456868348221475787;
for each piece of data mi,i′And calculating:
Figure BDA0002831577560000165
r1,1=7077631767042737356738007505374172908050556169030432541486442660568435390953865488011119593363043500423889486743238224765115995966298482031363372492484567;
c1,1=879423495763146660829798584478009990867674601906808062658652333569150834483335708953145773196399916052705664710267512604566618384081942054276349495379082416414851597911719999417784024143900461599342019058114220175500422108017208924743745618370363343406158884391184379017681922893487700320767125084205949599629529597978641709825333927036134139986227245928747629144124558533087312972544181981883191544477727808662204352402432425694107638669925640387559793072444516487372673376005570989533611080143823683602255157479488314407471516666990336017789553000501936953326109906876649792120573088212628108660942359722605427772;
r1,2=10420594737448884811854359901331444820470089359751094764828040243487402364623099108357333067243775264762569813219150570255765277714206657649031598997816543;
c1,2=452626364395707491021539027033505127084334120857762759336578864554577022280056928911064157500854275296203168932512864417833319187863038305341271991587570476539157800116879152674486863892137578469365651614641984766981225407569041253665240143267016336212055469694584131827363699835471563211831209213672458012555490482965603529241814852407308814646181995745272472108009032300004668385687983804534385948896589439822593076438992454112095919038133628253105221034133030081521817417935975379827625974072937567033323111338087451535411932615836188553994835432170004991506966542590326462103290948041905230394402685441398226362;
r2,1=8619582333843958381555705734914791903349729883070277300983252623741877523519164701326946897747179211556369940593198831328329191490017669580072234897271717;
c2,1=6126572384885936914351288890552001756632642292653207707166226797425295860238056514447142682128124564243545171987693188185491333165954865728799691592606457727548057377296013066316917202805098778639457676918638976529876686336937241849533955252270112503309463325993494597059935348416157193578335307051304156656830839307051240692331619721703742109692369219397006217300629865232655151725976118976301367638197024717788436093945917158017979712434243670168018941303743147330325559797474186835930273555915497396565379283861554292019132598035433301500725213650414233193447839902063789972535212760102845271213271938412298982245;
r2,2=12848951224986499687902404755603111375003720922592487082743268974604487532732839839067193979259361995908522522555431561064063804224397414901569022211335947;
c2,2=3136972520666224351613546002342173072644700644936610096478018214777348888640707064519518306979096624770154463357054848093569300926794446367469331853170395042502291865307430470893174911029801813797110182850675446798909243510787772082354099031360272745048641644036615644910780356955622822551742652652355365544465038077526077801044212081701944517940339549876038968788480518887555323659101844202170280296215319196576671272487237590607558838889221983217486821268541385615907453374651990309281274150453792543002363548852681278940331750146718790515605291907463981270608447260867292224446142447322395930364528225801154669678;
r2,3=11813683428747356202487153045715296895755015845916125616491414991695831471186832693920934766036268867170135365225715867180717646307391823463942468462491203;
c2,3=5959701343940758153685213203106343847354924954778343395575647226544629488064785723022950221812564086638183654694629131482824044424728658417653275433134152225514408377726476238946872131116785203970496790671655837361461590158693078066319265900558746869234327839112985530333413371844688017886495922626034821942789089397264417335564083091783848154843190591957446991705433746176116819568096294682265465707627696946870078357657335195292273640711928148352856570880604765579976962107084184733801711565533761105901283618922205481637873241367222220499088185717000704078187720300996569995649522917911424050155311923331899786892;
Figure BDA0002831577560000181
C1,ser=2372195018499060927411796564302843526593375770254110157700502310480484882527281732276199991501929596994723755226692585344339136348154789857137495209913970964396202102620246942147680848736993644111171574008822037120392831717920767992832963913351780176696942298248980187597243434120901534357709891171011145536868678663191874210085375580530336169712020894121369598508925974089619004264606754664918906264793088434930343730032497664815938646481528639976520876633936942462346179902647418067132988973782835040179516712541232293930001805668589808041780337955540616134084939316860468726913620729362105810828942120153699759659
C2,ser=15462323538336414078739904585896083231088892735156595344225599073194036848742270093359924186873259870165165555183580960096718216497995435994311483650311843722971343019500846567527638778752250273944714260255599883817092073348532764621542063048610962966940793167464307694285851820871806739115651945705861322002209775133621370254955924874596402734815453580604671018992230349763293449466418505696792763323116525517784646326679624248024593859204785296367115409840388989952203119098857467037760023641279290837170061117134183659647490744611296402902903646250614065972737165004293654392143790119731101875706776161766978888656
C1,csp=16842263567780748495101104107306655608455568496160993468674640748278562510742171933208058186918125153561784770165578476142047339731707132121419431249702754575854239761662506722834049335164066698623130733033812042732448820652218523043937820773284041762977994393476392078792026241268475861383988522289631412747859140083241802712387618434584215478350812001124857536146886039425885216199030529807414190104913841270498189770964329122669446161602351654101875238995885867071376270857841052918362195338654247342347314712072812972975953847951496362687213664606295938128942175001220776150085794706233684648307012920588203924021
C2,csp=8726007791087960710451256930992326176971838195766559392533748652268808860154264581322771158948196053589828027831977517755459189928791593988161599072347051010981543635096735304973469372716025845183337717096336033443557857630681290719028503327156169408949409122710288225839929952314713264416563603990785315603258360952512032955526444993904604313479446356104520842044858258006278404692585332203540974884397109104443826151533289035092743226041099236178223401401782399999963320097274111762857018329012022556232547760195079288340448382963954361401207318754833035013280131178578963655841617164721572749161215123916755384626
c) data owner i uses a cryptographic hash function H0And (3) calculating:
Figure BDA0002831577560000194
Figure BDA0002831577560000195
C′i,ser=0468726913620729362105810828942120153699759659;
C′i,csp=8573655841617164721572749161215123916755384626;
the data owner i will then
Figure BDA0002831577560000191
And sending the data to the cloud server.
Step four: data outsourcing computation
Cloud server receiving
Figure BDA0002831577560000192
Then, using one-way trapdoor inverse permutation calculation
Figure BDA0002831577560000193
ri=10646712892003829280515525854885442975862032001197737276656751403889793851636729131988380395793657982324877634941217066383853168796866630443818455890520812;
Then calculated to give C'i,ser=0468726913620729362105810828942120153699759659;
The cloud server passes the verification and sends Ci,i′,Ci,csp,C′i,cspTo a cryptographic service provider.
The cryptographic service provider receives Ci,i′,Ci,csp,C′i,cspThen, the inverse permutation calculation of the one-way trap door is firstly used:
Figure BDA0002831577560000201
Figure BDA0002831577560000202
Ni102059054277060172962817504747727369883587818222266646567301027482286244943030092211006884037726549622090735766816625016291741146840404474589721278772201914240903227909711289968085070869942933247170290831519335424838985522945181752534106065281851263082425062791328579871453748497657844971183685988170548139167; authentication
Figure BDA0002831577560000203
Figure BDA0002831577560000204
This is true. The cryptographic service provider selects a random number:
ri,csp=4644670264372612513551956026182336370622993766671396264914130557307203876651255940466168615851785698309322226109480474204911568555196223796776401435290912;
and re-encrypting each ciphertext:
C′i,i′=Ci,i′mod Ni=rimi,i′mod Ni,
C′i,i′,q=C′i,i′mod q,C′i,i′,p=C′i,i′mod p,
Figure BDA0002831577560000205
wherein p is-1p≡1mod q,q-1q≡1mod p。
c′1,1=99012988245644473033857380649103137734753936603545679474924795306679570811315398402158061790180725826689843540888655451541315232102474410786500501075678725907883627102493707068224614908600042976779284455555694257746265500251981431638703330376425932405160613354730230199660698345710289976096944430371437249132;
c′1,1,q=9126740475323640325852091455498347479177522472206963638123559063160078629081823420810773198584369315728984013568269544644424700378617282951959238830710759;
c′1,1,p=3578990704873225128548092655029143716438666524188291852982441006160425293070907422282781513161286241989024496335976337254852674502582089248875288118307955;
c″1,1=1069064672760692832732501460985861770466446563968473488194194752026254888694450099483982030266664312662329441123239704924145274684765378636757752542514271197562565121795238390469414830741837294277763649019685254902136154620507013568561883291556104230633088295725331225522092001987842472339866275186154400850923424946138762395150896008765893382236275598005032864039416874699813391820776074239096637186349133516210586928094980532072691285906090234325157998184659386398364729917450473652125762399843130273645050038774082814375034645898857050521287696997583913039805797760245216288568232168346885875331795314576006604006;
c′1,2=35373955255387402147591282253793164980296328039384653488654706457386091669205323452546959182799738120275992054247907799616937765466726106708437260926744428647648467322558448474924079315092154813962517471414658069419049889996567566658882855481499575018199130010011161888869028937803758483731332715349074263802;
c′1,2,q=3443298406163950839696609461706106079833702529404178502142019061265164568675331507353786606053847853139489029250099609732145657098994200390194219008358453;
c′1,2,p=2325242018054715551971600491324216044975268883906251459180297997809449414554195631385486601434545938034579351277464156484302059364357344967479545396265897;
c″1,2=594951280982868508860287282456754130083577615984792850349408828332814748710962997284694112523172689044927406892645370853747224701723707183730641451725891770318046433332598229626126492414762266799114330634149013079257542604291602710136395263220153936959416047748324460751261651093132335741700481290395800194476330046531944902052258317468195841777042946769919312328408067373019281787779548599839921916109993177232113440324458493198338007570775732810922487527715135850872248426673510619240121762719345984335102496552471559220306720398807967968367295595671951216333848848102329939426271072239663898780377526732177405735;
c′1,3=27962672981310285554705473879832164761055950639884023166740493267329166223875566948792055255330985920287431862851363413218209466049084893857767443532182996282716510269442528296187600023037880837455306998719686277608491863948112129594394894886768405070551482198223769703339381428460628100513320516368894004741;
c′1,3,q=8381403286699895262520564722813668870273031250221493967937866615985551324333483092835087336905912893170402492411715775341490488677103454741075080779600415;
c′1,3,p=5405330369569297392164786230480200501344207363559932982221110478152542013020569373313868823306838842531379047000768747610712683354086086811007568742502464;
c″1,3=5630644743681323743469407404665119821900300545909072446417725068794015462308472359220318933221775810878744332788070250129583336210524426275809891028303561485059152474300030100902575071679239836694554682905374004596127542006734078833465315966855307215821375734005126213715288383337201505908868237501013018064791475736452363501274376662659517172662301140632209140878920850453778598075737285225867308214754950766126596934048908033253620345567275767051947536367344855452060021758646554069776059715559269863595476275794295544939572899161814013198467533277762804915068080418561296428540612884620731807919413382956921549418;
c′2,1=69507926157512260135230644956492319478599667940565699837408944524536070836705331485198969681407642474096934452033035339724508961824795091673282896292203499665563341789987144692337278327724699589679961659794381676965512803662235412844895609858691045145626461870241222760688494476735710499300543523512363128289;
c′2,1,q=538120908132915408524259904628078378522237275229379429741744922177876520131192561802475739697384831096598191227610528376989811507011459083414754753881465;
c′2,1,p=2124444927527445451581899294081578841112025017343631863196824365701660791462351293142311931563129081743751880650089103670825507640228179614643324648903466;
c″2,1=2453582992626680856145935567896939853106822815921294097779356128687768820494283300710137417872967111687099141094299334132681420862657116621158422218011534325037371375923290550205510569523494759494361401545239509446085830247320167341808528904374129018553799899000038039174444941284366554368440090553284689347000170160203743103782302786392957733280976530818026901745919762004395908121293037896695281028160268143737282859998734347765336743535231304095876659703821694797368964409472252393679992217777000774922403081089667786425369914223921811251609065084605072527078119221641470785318655015412505824676712142766915314086;
c′2,2=73748407340119280059674392133433289912968617632862111933519531137277349449023042211580624495060397094832580008008213085466643674645683241087015342380191539774269810554418039384995519917077558711935403041073040473452918237240762881731682890891565108962341684239975910325128576251409908853609012010565587114936;
c′2,2,q=168789613685972750904755293185793938205002801730049256195922766155783061970928689782460045242941491646053231719991690631527805399965921613044992912569662;
c′2,2,p=4861026624949152574350829199441697249882478016616055733498787258386210710910658766747602117000359893561227879937332071194153826999419017666139256849761726;
c″2,2=6324694815720361140229012940586813234741463667054026318778537021923484820841007090288612567967118357351037657624147076701988834941508984601915906757994465031771581109620797034227315386501821483960496100959758484796633056194916455725595271730647708048778916791620481191729270101790207199674161690584226037748773303767210837304887797820994105273693102438062125190287303159709066878168800907438236938342983048673325920829355961809675795050086019488578890261053082700022184976952058216020063194830396522525073699580465640955159536178046123472159910281564763730088673557490894467824418720468421159872747394076090440945902;
The cryptographic service provider then uses a cryptographic hash function to compute:
Figure BDA0002831577560000231
Figure BDA0002831577560000232
finally, the cryptographic service provider sends CCsP=({C″i,i′(i=1,2,…,nS,i′=1,2,…,ni)},C′rec,csp) To the cloud server.
Cloud server receives CCSPThen, a priori calculate
Figure BDA0002831577560000233
Figure BDA0002831577560000234
If yes, the cloud server randomly selects a prime number r epsilon {0,1}
r=11878026336293554905333519624429340715515873170118700190707927333589167324001983810392766289874817422932065670432888891800952956989607955932713513775788367666390562201932938381891085660960696448840501720631565264131437227298233503184634553401948413076680324158339942863389400590297214548923516362829331868028;
And calculating:
Figure BDA0002831577560000241
Figure BDA0002831577560000242
C″i,i′,SER=rC″i,i′,ser=18725509054486208790765335936945421318033565874923140747577739921387460916236243836844882857172586276882181436048833971572221094727101420454201914250920064619273961646000001424241628801090561699422963689989036078741903476469576492870235837171931035145046742165517648692705339881575712364212656884574525937785791063077258654935047115105095666896433376127295883518788903843501333088673630940451390444100167316188784114805795854746656404422850224847865547053767223095168407757932231579920375192297999935234818508889024842829549179162929838084039991669986998837208459610958502052726507595227595459964273723861586345851620;
memory polynomial
Figure BDA0002831577560000243
One of them is
Figure BDA0002831577560000244
Computing
Figure BDA0002831577560000245
Figure BDA0002831577560000246
Figure BDA0002831577560000251
Figure BDA0002831577560000252
And will be
Figure BDA0002831577560000253
To a cryptographic service provider. Cryptographic service provider receipt
Figure BDA0002831577560000254
Then, checking
Figure BDA0002831577560000255
Figure BDA0002831577560000256
And (3) if true, calculating:
Figure BDA0002831577560000257
Figure BDA0002831577560000258
Figure BDA0002831577560000259
and will be
Figure BDA00028315775600002510
Sending to a cloud server, and finally computing by the cloud server
Figure BDA00028315775600002511
Figure BDA00028315775600002512
Figure BDA0002831577560000261
Figure BDA0002831577560000262
Then will be
Figure BDA0002831577560000263
And sending the data to a receiving party.
Step five: data decryption
a) The receiving party receives CFThen, first, using one-way trapdoor reverse displacement
Figure BDA0002831577560000264
Figure BDA0002831577560000265
Figure BDA0002831577560000266
Then, checking:
Figure BDA0002831577560000267
Figure BDA0002831577560000268
Figure BDA0002831577560000269
all are true, continue to calculate:
Figure BDA00028315775600002610
and after checking calculation, the calculation result is consistent with the calculation result on the plaintext, and the scheme is verified to be correct. The above example describes only performing a multivariate polynomial outsourcing computation on 5 pieces of data for 2 data owners. Through the embodiments, the invention can support ciphertext outsourcing calculation of any number of users and any number of data on any multivariate polynomial.
The invention has been described in further detail in order to avoid limiting the scope of the invention, and it is intended that all such equivalent embodiments be included within the scope of the following claims. The present invention is not limited to the above embodiments, and variations and advantages that can be realized by those skilled in the art are included in the present invention without departing from the spirit and scope of the inventive concept, and the scope of the present invention is defined by the appended claims.

Claims (6)

1. A lightweight multi-user multi-data all-homomorphic data encryption packaging method is characterized in that an outsourcing calculation method of one-way trapdoor replacement and a Hash function and a homomorphic configuration of multi-user multi-keys are adopted, so that privacy protection of multiple users and each user with multiple input data and independent encryption keys is realized, and outsourcing calculation and decryption specifically comprise the following steps:
system initialization
Under the given safety parameters, the system respectively sends public and private keys of a pair of one-way trapdoor replacement and inverse replacement and three pairs of trapdoor replacement generated by the trapdoor replacement generator to a cloud server, a password service provider and a receiver to generate two hash functions, and discloses three public keys and two hash functions, wherein the three private keys are respectively stored by the cloud server, the password service provider and the receiver;
(II) Key Generation
Each data holder generating a set of keys for encrypting input data; the cryptographic service provider generates a set of keys for re-encryption;
(III) data encryption
A data holder encrypts and encapsulates all input data held by the data holder by using a key of the data holder, encrypts the key of the data under public keys of a cloud server and a password service provider respectively by using one-way trapdoor replacement, and then selects a random number to blindly encrypt the data; meanwhile, a hash function is used for abstracting all ciphertext input data, and an input data encryption result is sent to a cloud server;
(IV) outsourcing computation of data
The cloud server performs addition, multiplication and various outsourcing function calculations formed by the addition and the multiplication on data on a ciphertext domain by using ciphertext input data sent by all data holders and a password service provider together, and sends a ciphertext calculation result to a receiving party;
(V) data decryption
And the receiver decrypts the data encryption key by using the private key replaced by the one-way trapdoor, and decrypts the outsourcing calculation result on the ciphertext to obtain a plaintext calculation result.
2. The method for encrypting and encapsulating lightweight multi-user multiple data in fully homogeneous state according to claim 1, wherein the specific operation steps of the system initialization are as follows:
a) input 1λWherein: λ is a safety parameter;
b) probability polynomial time algorithm operated under given safety parameter of system
Figure FDA0002831577550000021
Output a set of {0,1}Function (f, f) of-1) Three pairs of public and private keys (pk)f,ser,skf,ser),(pkf,csp,skf,csp) And (pk)f,rec,skf,rec) And two hash functions H0,H1The generated common parameters are: PPR ═ p (pk)f,ser,pkf,csp,pkf,rec,H0,H1) (ii) a The secret parameters are: SK ═ SK ═ (SK ═f,ser,skf,csp,skf,rec) The secret parameters are respectively kept by the cloud server, the encryption service provider and the receiver; the hash function H0,H1Has a mapping range of {0,1}*→{0,1}
3. The method for encrypting and encapsulating lightweight multi-user multiple data in fully homogeneous state according to claim 1, wherein the key generation specifically comprises the following steps:
a) the system initializes a plaintext space size N0And sets the plaintext space to
Figure FDA0002831577550000022
b) Each sender i randomly selects four large prime numbers pi,qi,si,viWherein: | pi|=|qi|=|si|=|viλ, such that piqi=Ni≥N0Let Ti=piqisi,Yi=piqisiviThe temporary public key of the sender i is recorded as pbki=YiThe temporary private key is pvki=(pi,qi,si,vi,Ti);
c) The cryptographic service provider randomly selects four large prime numbers p, q, s, v, where: i p | q | s | v | λ, so that pq ≧ N0Let T be pqs, Y be pqsv, let pbk be T, and the temporary private key be pvk (p, q, s, v, N, T).
4. The method for encrypting and packaging lightweight multi-user multiple data in fully homogeneous state according to claim 1, is characterized in that the data encrypting and packaging specifically comprises the following steps:
a) sender i generates niA plaintext data mi,i′(i=1,2,…,nS;i′=1,2,…,ni) Each of
Figure FDA0002831577550000023
All in the plaintext space, for each plaintext, m is calculatedi,i′,p=mi′mod p,mi,i′,q=mi′mod q;
b) Sender i calculation
Figure FDA0002831577550000024
So that
Figure FDA0002831577550000025
Randomly selecting a prime number ri∈{0,1}And n isiIndividual blinding factor ri,i′∈{0,1}Respectively using public keys of a server and a password service provider to perform one-way trap door replacement calculation according to the following formula 1:
Figure FDA0002831577550000031
for each piece of data mi,i′The one-way trapdoor replacement calculation is carried out according to the following formula 2:
Figure FDA0002831577550000032
c) sender i uses a cryptographic hash function H0Performing one-way trap door replacement calculation according to the following formulas 3-4:
Figure FDA0002831577550000033
Figure FDA0002831577550000034
d) the sender i will
Figure FDA00028315775500000313
And sending the data to the cloud server.
5. The method for encrypting and encapsulating lightweight multi-user multiple data in fully homogeneous state according to claim 1, wherein the specific operation steps of the data outsourcing computation are as follows:
a) let the polynomial of the outsourcing computation be:
Figure FDA0002831577550000035
the order of the notation polynomial is: degF=max(e1,e2,…,en) Wherein:
Figure FDA0002831577550000036
b) cloud server receiving
Figure FDA0002831577550000037
Tongue, using one-way trapdoor inverse permutation calculation
Figure FDA0002831577550000038
And checking and calculating
Figure FDA0002831577550000039
If true, the cloud server will Ci,i′,Ci,csp,C′i,cspSending the information to a password service provider, otherwise, terminating the protocol by the cloud server;
c) the cryptographic service provider will receive Ci,i′,Ci,csp,C′i,cspThen, using one-way trapdoor inverse permutation calculation
Figure FDA00028315775500000310
And verify
Figure FDA00028315775500000311
If it is not, the cryptographic service provider stops the agreement, if it is, the cryptographic service provider selects a random number ri,csp∈{0,1}And carrying out re-encryption on each ciphertext according to the following formulas 5-7:
C′i,i′=Ci,i′mod Ni=rimi,i′mod Ni, (5);
C′i,i′,q=C′i,i′mod q,C′i,i′,p=C′i,i′mod p, (6);
Figure FDA00028315775500000312
wherein: p is a radical of-1p≡1 mod q, q-1q≡1 mod p。
d) The cryptographic service provider performs the calculation of the cryptographic hash function according to the following equation 8:
Figure FDA0002831577550000041
and mixing CCSP=({C′i,i′′(i=1,2,…,nS,i′=1,2,…,ni)},C′rec,csp) Sending the calculation result to the cloud server:
e) server receives CCSPPost-inspection
Figure FDA0002831577550000042
If not, terminating the protocol, if not, then the server randomly selects a prime number r belonging to {0,1}And calculate
Figure FDA0002831577550000043
Figure FDA0002831577550000044
Memory polynomial
Figure FDA0002831577550000045
One of them is
Figure FDA0002831577550000046
Computing
Figure FDA0002831577550000047
And will be
Figure FDA0002831577550000048
Sending to a cryptographic service provider;
f) cryptographic service provider receipt
Figure FDA0002831577550000049
Then, checking
Figure FDA00028315775500000410
If the answer is not true, the protocol is terminated, and if the answer is true, the following formulas 9-11 are calculated:
Figure FDA00028315775500000411
Figure FDA00028315775500000412
Figure FDA00028315775500000413
and will be
Figure FDA00028315775500000414
And sending the data to the cloud server.
g) Cloud server computing
Figure FDA00028315775500000415
And then will
Figure FDA00028315775500000416
And sending the data to a receiving party.
6. The method for encrypting and encapsulating lightweight multi-user multiple data in fully homogeneous state according to claim 1, wherein the data decryption comprises the following specific operation steps:
a) the receiving party receives CFAnd then performing inverse replacement calculation of the one-way trap door according to the following formula 12:
Figure FDA00028315775500000417
then checking
Figure FDA00028315775500000418
If the answer is not true, the protocol is terminated, and if the answer is true, the protocol is calculated according to the following formula 13:
Figure FDA0002831577550000051
CN202011448937.7A 2020-12-11 2020-12-11 Lightweight multi-user multi-data all-homomorphic data encryption packaging method Active CN112737764B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011448937.7A CN112737764B (en) 2020-12-11 2020-12-11 Lightweight multi-user multi-data all-homomorphic data encryption packaging method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011448937.7A CN112737764B (en) 2020-12-11 2020-12-11 Lightweight multi-user multi-data all-homomorphic data encryption packaging method

Publications (2)

Publication Number Publication Date
CN112737764A true CN112737764A (en) 2021-04-30
CN112737764B CN112737764B (en) 2023-02-03

Family

ID=75599588

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011448937.7A Active CN112737764B (en) 2020-12-11 2020-12-11 Lightweight multi-user multi-data all-homomorphic data encryption packaging method

Country Status (1)

Country Link
CN (1) CN112737764B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113783682A (en) * 2021-08-25 2021-12-10 华东师范大学 Threshold fully homomorphic data encapsulation method supporting packaging
CN114499822A (en) * 2021-12-27 2022-05-13 上海海洋大学 Efficient outsourcing aggregation and appointed acquisition method of multi-source data
CN115442134A (en) * 2022-09-02 2022-12-06 暨南大学 Multi-key multi-party secure computing method based on homomorphic bidirectional proxy re-encryption
CN117640066A (en) * 2024-01-26 2024-03-01 北京隐算科技有限公司 Multi-user joint encryption and decryption method based on homomorphic encryption
CN114499822B (en) * 2021-12-27 2024-05-14 上海海洋大学 Efficient outsourcing aggregation and appointed acquisition method for multi-source data

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120002811A1 (en) * 2010-06-30 2012-01-05 The University Of Bristol Secure outsourced computation
CN105721485A (en) * 2016-03-04 2016-06-29 安徽大学 Secure nearest neighbor query method oriented to plurality of data owners in outsourcing cloud environment
WO2016141860A1 (en) * 2015-03-09 2016-09-15 Jintai Ding Hybrid fully homomorphic encryption (f.h.e.) systems
CN109936530A (en) * 2017-12-16 2019-06-25 河南师范大学 Secret key sharing method based on cloud outsourcing and access control system thereof
CN109936435A (en) * 2019-01-24 2019-06-25 中国人民武装警察部队工程大学 With the quick full homomorphic cryptography method of homomorphism calculating process NTRU type multi-key cipher
US20190207763A1 (en) * 2017-12-29 2019-07-04 Huazhong University Of Science And Technology Method of searchable public-key encryption and system and server using the same
CN110176983A (en) * 2019-05-22 2019-08-27 西安电子科技大学 Privacy protection association rule mining based on full homomorphic cryptography
CN110851845A (en) * 2019-10-18 2020-02-28 华东师范大学 Light-weight single-user multi-data all-homomorphic data packaging method
CN111698078A (en) * 2020-06-13 2020-09-22 中国人民解放军国防科技大学 Cloud outsourcing data privacy protection frequent item mining method based on double cloud models

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120002811A1 (en) * 2010-06-30 2012-01-05 The University Of Bristol Secure outsourced computation
WO2016141860A1 (en) * 2015-03-09 2016-09-15 Jintai Ding Hybrid fully homomorphic encryption (f.h.e.) systems
CN105721485A (en) * 2016-03-04 2016-06-29 安徽大学 Secure nearest neighbor query method oriented to plurality of data owners in outsourcing cloud environment
CN109936530A (en) * 2017-12-16 2019-06-25 河南师范大学 Secret key sharing method based on cloud outsourcing and access control system thereof
US20190207763A1 (en) * 2017-12-29 2019-07-04 Huazhong University Of Science And Technology Method of searchable public-key encryption and system and server using the same
CN109936435A (en) * 2019-01-24 2019-06-25 中国人民武装警察部队工程大学 With the quick full homomorphic cryptography method of homomorphism calculating process NTRU type multi-key cipher
CN110176983A (en) * 2019-05-22 2019-08-27 西安电子科技大学 Privacy protection association rule mining based on full homomorphic cryptography
CN110851845A (en) * 2019-10-18 2020-02-28 华东师范大学 Light-weight single-user multi-data all-homomorphic data packaging method
CN111698078A (en) * 2020-06-13 2020-09-22 中国人民解放军国防科技大学 Cloud outsourcing data privacy protection frequent item mining method based on double cloud models

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113783682A (en) * 2021-08-25 2021-12-10 华东师范大学 Threshold fully homomorphic data encapsulation method supporting packaging
CN113783682B (en) * 2021-08-25 2023-09-29 华东师范大学 Packaging-supporting threshold full homomorphic data packaging method
CN114499822A (en) * 2021-12-27 2022-05-13 上海海洋大学 Efficient outsourcing aggregation and appointed acquisition method of multi-source data
CN114499822B (en) * 2021-12-27 2024-05-14 上海海洋大学 Efficient outsourcing aggregation and appointed acquisition method for multi-source data
CN115442134A (en) * 2022-09-02 2022-12-06 暨南大学 Multi-key multi-party secure computing method based on homomorphic bidirectional proxy re-encryption
CN117640066A (en) * 2024-01-26 2024-03-01 北京隐算科技有限公司 Multi-user joint encryption and decryption method based on homomorphic encryption
CN117640066B (en) * 2024-01-26 2024-04-05 北京隐算科技有限公司 Multi-user joint encryption and decryption method based on homomorphic encryption

Also Published As

Publication number Publication date
CN112737764B (en) 2023-02-03

Similar Documents

Publication Publication Date Title
CN112737764B (en) Lightweight multi-user multi-data all-homomorphic data encryption packaging method
Das Secure cloud computing algorithm using homomorphic encryption and multi-party computation
WO2018104412A1 (en) Method of rsa signature or decryption protected using a homomorphic encryption
CN110851845B (en) Full homomorphic data encapsulation method for lightweight single-user multi-data
KR102656403B1 (en) Generate keys for use in secure communications
CN110572370A (en) Agent re-encryption system and method for resisting quantum attack
Mousavi et al. Security of Internet of Things using RC4 and ECC algorithms (case study: smart irrigation systems)
CN106850584B (en) A kind of anonymous authentication method of curstomer-oriented/server network
Tahir et al. A scheme for the generation of strong icmetrics based session key pairs for secure embedded system applications
Yang Application of hybrid encryption algorithm in hardware encryption interface card
Kumar et al. Privacy Preserving Data Sharing in Cloud Using EAE Technique
Gobi et al. A comparative study on the performance and the security of RSA and ECC algorithm
Chavan et al. Data transmission using RSA algorithm
Kumar et al. Hybridization of Cryptography for Security of Cloud Data
Basu et al. Secured hierarchical secret sharing using ECC based signcryption
CN115336224A (en) Adaptive attack-resistant distributed symmetric encryption
Al-Attab et al. Hybrid data encryption technique for data security in cloud computing
CN113783682B (en) Packaging-supporting threshold full homomorphic data packaging method
Jain Enhancing security in Tokenization using NGE for storage as a service
Harba Secure Data Encryption by Combination AES, RSA and HMAC
Anuradha et al. Hybrid Multiple Cryptography for Data Encryption
Ukwuoma et al. Optimised Privacy Model for Cloud Data
Das A hybrid algorithm for secure cloud computing
Prabu et al. Ultra secure secret communication by crypto stegano techniques for defence applications
Chaudhary et al. Comparative Study Between Cryptographic and Hybrid Techniques for Implementation of Security in Cloud.

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant