CN114020842A - Data sharing method and device based on homomorphic encryption technology - Google Patents

Data sharing method and device based on homomorphic encryption technology Download PDF

Info

Publication number
CN114020842A
CN114020842A CN202111298314.0A CN202111298314A CN114020842A CN 114020842 A CN114020842 A CN 114020842A CN 202111298314 A CN202111298314 A CN 202111298314A CN 114020842 A CN114020842 A CN 114020842A
Authority
CN
China
Prior art keywords
data
data sharing
ciphertext
homomorphic encryption
client
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111298314.0A
Other languages
Chinese (zh)
Inventor
冯欣
胡振涛
姜晓明
吴森森
梁玉柱
刘庆宗
陈占芳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chongqing Research Institute Of Changchun University Of Technology
Changchun University of Science and Technology
Original Assignee
Chongqing Research Institute Of Changchun University Of Technology
Changchun University of Science and Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chongqing Research Institute Of Changchun University Of Technology, Changchun University of Science and Technology filed Critical Chongqing Research Institute Of Changchun University Of Technology
Priority to CN202111298314.0A priority Critical patent/CN114020842A/en
Publication of CN114020842A publication Critical patent/CN114020842A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6236Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database between heterogeneous systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Abstract

The invention discloses a data sharing method and a device based on a homomorphic encryption technology, which comprises the following steps: utilizing a data sharing system to group all reported data sharing mechanisms; generating a homomorphic encryption public key and a homomorphic encryption private key for the data sharing mechanism after the team is formed by utilizing a key management center; carrying out homomorphic encryption on the client data to be shared by using the data sharing mechanism and the homomorphic encryption public key after the team formation to obtain ciphertext data of the client; performing addition homomorphic calculation on the ciphertext data of the same client in the ciphertext data of all clients by using a data statistics center to obtain the ciphertext data of all clients; decrypting the ciphertext data of all the clients by using the grouped data sharing mechanism and the homomorphic encryption private key to obtain ciphertext results of all the client data to be shared; and decrypting the ciphertext result by using the data sharing mechanism and the RSA public key after the formation to obtain plaintext results of all the client data to be shared. The invention can improve the reliability of data sharing.

Description

Data sharing method and device based on homomorphic encryption technology
Technical Field
The present invention relates to the field of information encryption technologies, and in particular, to a data sharing method and apparatus based on a homomorphic encryption technology.
Background
At present, due to rapid development of science and technology, personal private data are easy to leak, and in the data transmission process, the personal data are easy to leak by lawbreakers, so that the data are stolen.
In data sharing, a data sharing method based on a conventional encryption technology is adopted to achieve data sharing. In the data sharing method based on the traditional encryption technology, each data sharing mechanism encrypts data to be shared by adopting a traditional encryption method, and the traditional data encryption algorithm directly accesses the data to be shared by the data sharing mechanisms, then encrypts the data, transmits the encrypted data, cannot directly calculate the data on a ciphertext level, generally has the defects of low encryption and decryption efficiency, poor safety performance and the like, and influences the reliability of data sharing.
Disclosure of Invention
The invention aims to provide a data sharing method and device based on a homomorphic encryption technology so as to improve the reliability of data sharing.
In order to achieve the purpose, the invention provides the following scheme:
a data sharing method based on a homomorphic encryption technique, the method comprising:
generating a digital signature key for the data statistics center and each reported data sharing mechanism by using the authentication center; the digital signature key comprises an RSA public key and an RSA private key; the reported data sharing mechanism is a data sharing mechanism reporting to the authentication center;
utilizing a data sharing system to group all the reported data sharing mechanisms to obtain the grouped data sharing mechanisms;
generating a homomorphic encryption public key and a homomorphic encryption private key for the data sharing mechanism after the team is formed by utilizing a key management center;
carrying out homomorphic encryption on the client data to be shared by using the data sharing mechanism after the team is formed and the homomorphic encryption public key to obtain ciphertext data of the client; the client data to be shared is the client data encrypted by the RSA private key;
performing addition homomorphic calculation on the ciphertext data of the same client in the ciphertext data of all the clients by using a data statistics center to obtain the ciphertext data of all the clients;
decrypting the ciphertext data of all the clients by using the grouped data sharing mechanism and the homomorphic encryption private key to obtain ciphertext results of all the client data to be shared;
and decrypting the ciphertext result by using the data sharing mechanism after the team formation and the RSA public key to obtain the plaintext results of all the client data to be shared.
Optionally, the generating, by the authentication center, a digital signature key for the data statistics center and each prepared data sharing authority includes:
and allocating a unique registration credential code for each data sharing mechanism by using the authentication center.
Optionally, the generating, by the authentication center, a digital signature key for the data statistics center and each prepared data sharing authority, and then further includes:
utilizing a data sharing system and the registration certificate code to carry out identity verification on all the reported data sharing mechanisms participating in data sharing to obtain all legal data sharing mechanisms; the legal data sharing mechanism is the reported data sharing mechanism which passes identity authentication and participates in data sharing.
Optionally, the performing homomorphic encryption on the client data to be shared by using the data sharing mechanism after the team is formed and the homomorphic encryption public key to obtain ciphertext data of the client, and then the performing method further includes:
generating a first information summary by using the grouped data sharing mechanism; the first information abstract is an information abstract corresponding to the ciphertext data;
carrying out digital signature on the first information abstract by using the data sharing mechanism after the team formation and the RSA private key to obtain first signature information; the first signature information is signature information corresponding to the first information abstract;
verifying the first signature information by using a data statistics center and the RSA public key to obtain first legal ciphertext data; the first legal ciphertext data is the ciphertext data of the client corresponding to the first signature information which passes the verification.
Optionally, the performing, by the data statistics center, addition homomorphic calculation on the ciphertext data of the same client in the ciphertext data of all the clients to obtain the ciphertext data of all the clients, and then the method further includes:
carrying out digital signature on the ciphertext data of all the clients by using a data statistics center and the RSA private key to obtain second signature information; the second signature information is signature information corresponding to the ciphertext data of all the clients;
generating a second information abstract by using a data statistics center; the second information abstract is an information abstract corresponding to the ciphertext data of all the clients;
verifying the second signature information by using the data sharing mechanism after the team formation and the RSA public key to obtain second legal ciphertext data; and the second legal ciphertext data are the ciphertext data of all clients corresponding to the second signature information which passes the verification.
The invention also provides the following scheme:
a data sharing device based on a homomorphic encryption technology and a data sharing method based on the homomorphic encryption technology are applied, and the device is characterized by comprising an authentication center, a data sharing system, a key management center, a data statistics center and a plurality of data sharing mechanisms;
the authentication center is used for generating a digital signature key for the data statistics center and each reported data sharing mechanism; the digital signature key comprises an RSA public key and an RSA private key; the provisioned data sharing mechanism is the data sharing mechanism that is provisioned for the certification center;
the data sharing system is used for grouping all the reported data sharing mechanisms to obtain the grouped data sharing mechanisms;
the key management center is used for generating a homomorphic encryption public key and a homomorphic encryption private key for the grouped data sharing mechanism;
the data sharing mechanism after the team is formed is used for carrying out homomorphic encryption on the client data to be shared by utilizing the homomorphic encryption public key to obtain ciphertext data of the client; the client data to be shared is the client data encrypted by the RSA private key;
the data statistics center is used for performing addition homomorphic calculation on the ciphertext data of the same client in the ciphertext data of all the clients to obtain the ciphertext data of all the clients;
the data sharing mechanism after the team formation is further used for decrypting the ciphertext data of all the clients by using the homomorphic encryption private key to obtain ciphertext results of all the client data to be shared;
and the data sharing mechanism after the team formation is also used for decrypting the ciphertext result by using the RSA public key to obtain the plaintext results of all the client data to be shared.
Optionally, the certificate authority is further configured to assign a unique registration credential code to each data sharing authority.
Optionally, the data sharing system is further configured to perform identity verification on all the provisioned data sharing mechanisms participating in data sharing by using the registration credential code to obtain all the legitimate data sharing mechanisms; the legal data sharing mechanism is the reported data sharing mechanism which passes identity authentication and participates in data sharing.
Optionally, the data sharing mechanism after the team formation is further configured to generate a first information summary; the first information abstract is an information abstract corresponding to the ciphertext data;
the data sharing mechanism after the team formation is further used for digitally signing the first information abstract by using the RSA private key to obtain first signature information; the first signature information is signature information corresponding to the first information abstract;
the data statistics center is further used for verifying the first signature information by using the RSA public key to obtain first legal ciphertext data; the first legal ciphertext data is the ciphertext data of the client corresponding to the first signature information which passes the verification.
Optionally, the data statistics center is further configured to perform digital signature on the ciphertext data of all the clients by using the RSA private key to obtain second signature information; the second signature information is signature information corresponding to the ciphertext data of all the clients;
the data statistics center is also used for generating a second information abstract; the second information abstract is an information abstract corresponding to the ciphertext data of all the clients;
the data sharing mechanism after the team formation is further used for verifying the second signature information by using the RSA public key to obtain second legal ciphertext data; and the second legal ciphertext data are the ciphertext data of all clients corresponding to the second signature information which passes the verification.
According to the specific embodiment provided by the invention, the invention discloses the following technical effects:
in the data sharing process, each data sharing mechanism encrypts data to be shared by using homomorphic encryption, a ciphertext is directly calculated based on a homomorphic encryption algorithm, namely the ciphertext is directly encrypted again, the result obtained by decrypting the calculated (encrypted) ciphertext is the same as the result obtained by directly calculating (encrypting) the plaintext in the same way, the defect that the client data cannot be directly calculated on the ciphertext level because the client data is encrypted and transmitted by the traditional encryption algorithm is overcome, and the traditional encryption mode is overturned. Homomorphic encryption allows the encrypted data (the data shared by the data sharing mechanism is encrypted) to be processed, and the purpose is to ensure the data processing safety, namely, the original data cannot be leaked when the ciphertext data is processed, and a user with a private key can decrypt the processed data to obtain a correct operation result. Compared with the method and the device for directly decrypting the ciphertext, the method and the device for data sharing based on the homomorphic encryption technology have higher safety, so that the reliability of data sharing can be improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings without inventive exercise.
Fig. 1 is a flowchart of an embodiment of a data sharing method based on a homomorphic encryption technique according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The invention aims to provide a data sharing method and device based on a homomorphic encryption technology so as to improve the reliability of data sharing.
In order to make the aforementioned objects, features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in further detail below.
Fig. 1 is a flowchart of an embodiment of a data sharing method based on a homomorphic encryption technique according to the present invention. Referring to fig. 1, the data sharing method based on the homomorphic encryption technology includes:
step 101: generating a digital signature key for the data statistics center and each reported data sharing mechanism by using the authentication center; the digital signature key comprises an RSA public key and an RSA private key; the provisioned data sharing mechanism is a data sharing mechanism that provisions a certification center.
This step 101 is preceded by:
and allocating a unique registration credential code for each data sharing mechanism by using the authentication center.
This step 101 further comprises, after:
utilizing a data sharing system and a registration certificate code to carry out identity verification on all reported data sharing mechanisms participating in data sharing to obtain all legal data sharing mechanisms; the legal data sharing mechanism is a reported data sharing mechanism which passes identity authentication and participates in data sharing.
The steps are all main steps of an initialization stage, and the initialization stage mainly comprises the steps of generating a legal organization identity certificate, setting a digital signature key and arranging a homomorphic encryption environment.
The initialization stage specifically includes:
the authentication center is each data sharing institution Fi(i e 1,2, …, n) is assigned a unique and unalterable registration credential code CeriAnd preparing for verifying the legality of the mechanism (data sharing mechanism) subsequently. In this embodiment, the simulated registration certificate is a 32-bit long string of 36 characters consisting of a-z, 0-9 randomly. The data sharing organization must register with the certification center, which is the legal organization Fi(i ∈ 1,2,3, …, n) and the data statistics center (DC) generate a digital signature key uniquely corresponding thereto.
The process of the authentication center generating the digital signature key specifically includes:
randomly selecting two unequal large prime numbers p and q, calculating the length n of a secret key, namely p and q (in order to ensure safety, the length of n needs to be larger than 512-bit, and 1024-bit or 2048-bit is usually selected as appropriate), and calculating an Euler function phi (n) of n, wherein the phi (n) is (p-1) (q-1); randomly selecting an integer e, wherein the integer e is more than 1 and less than phi (n), and gcd (e, phi (n)) -1 (gcd represents the greatest common divisor), namely e and phi (n) are relatively prime; the modulo element d of e for φ (n), i.e., d.e ≡ 1(mod φ (n)), is calculated (the remainder of de divided by φ (n) is 1).
Obtaining RSA public key PKRSA(n, e), private key SKRSA=(n,d)。
The above is the process of generating a pair of RSA public and private keys, mechanism FiThe RSA public key of (A) is PKRSAi=(n,e)iThe private key is SKRSAi=(n,d)iThe RSA public key of the data statistics center is PKRSADC=(n,e)DC(following ciphertext computation requires PKRSADC=(n,e)DC) The private key is SKRSADC=(n,d)DCPrivate key distribution to FiAnd DC when used to sign ciphertext data provided by a user (SK is used)RSAiTo give FiTo SKRSADCTo DC), public key public for FiAnd the DC is used for carrying out signature verification on the received ciphertext data provided by the user.
Step 102: and utilizing the data sharing system to group all the reported data sharing mechanisms to obtain the grouped data sharing mechanisms.
Step 103: and generating a homomorphic encryption public key and a homomorphic encryption private key for the data sharing mechanism after the team is formed by utilizing the key management center.
The steps 102 and 103 are the main steps in the team and key application phase. The team and key application stage is mainly to receive legal organization to carry out system registration, establish data sharing team and distribute homomorphic encryption keys.
The team and key application stage specifically comprises:
organization F for first team formation and participation in sharingiUsing identity certificates (registration certificate codes) CeriEntering a data sharing system for registration, and distributing an authentication center to FiCer ofiData to data sharingThe system receives the request and compares the CeriTo FiAuthentication of identity of, and FiCer ofiCer for comparisoniIs preset and stored in a certification center, and ensures that an organization which successfully verifies can log in the system (the data sharing system receives the Cer)iThen, Cer is addediSending to the certification center, and Cer being performed by the certification centeriAnd comparing, and sending a comparison result to a data sharing system). The organization that successfully logs into the system selects other organizations that need to be teamed and issues a team invitation. After seeing the team request information, the invited mechanism can choose whether to accept the invitation according to the requirement. And after the organization participating in the customer data sharing completes the formation, the organization initiates a key application to the key management center, and the key management center executes a Paillier homomorphic key generation algorithm KeyGen after receiving the application.
The encryption method in the key management center specifically comprises the following steps:
first, the number of key bits bitlength of the algorithm (set according to the length of the public key parameter), that is, the length of the public key parameter n1 (unit is bit) needs to be set. n1, i.e. n, i.e. the public key parameter obtained above. Next, two independent large prime numbers p1 and q1 are randomly selected, and since n1 is p1 · q1, the length of p1 and q1 is about half of n1, that is, if bitlength (n) is 1024, bitlength (p1) ═ bitlength (q 1): 512 is set, and p1 and q1 are to satisfy gcd (p1q1, (p1-1) (q1-1)) ═ 1(gcd represents the greatest common divisor). Then randomly selecting an integer
Figure BDA0003337232940000071
(Z*Represents a set of positive integers) such that Z is gnmodn2Satisfying the order of n dividing g, and determining that Z is modulo n2Is not remained for n times, satisfies gcd (L (g)λmodn2) N) 1(λ represents the least common multiple obtained, L is a function equal to x-1/n, L being described later), where Z represents an integer, let:
μ=(L(gλ(modn2)))-1(modn) indicating the remainder for determining that Z is modulo n2Is not yet left. Wherein, gλ(modn2) To represent
Figure BDA0003337232940000072
The remainder of (c) is denoted as a herein. (La)-1To represent
Figure BDA0003337232940000073
Here, b (modn) represents
Figure BDA0003337232940000074
The remainder of (1).
Wherein the content of the first and second substances,
Figure BDA0003337232940000081
lcm represents the least common multiple.
Then, the homomorphic encryption public key PK of the team (team of organizations participating in client data sharing)HE(n, g) (the value of n, g is determined by the above calculation), the private key SKHEThe key management center assigns (λ, μ) key-related parameters (homomorphic encryption public key PK)HEGiven as (n, g) and the private key SKHEλ, μ)) are stored in a database and returned to the institution when needed.
Step 104: carrying out homomorphic encryption on the client data to be shared by using the data sharing mechanism and the homomorphic encryption public key after the team formation to obtain ciphertext data of the client; the client data to be shared is the client data encrypted by the RSA private key.
This step 104 is followed by:
generating a first information summary by using the grouped data sharing mechanism; the first information abstract is an information abstract corresponding to the ciphertext data.
Carrying out digital signature on the first information abstract by using the data sharing mechanism and the RSA private key after the formation to obtain first signature information; the first signature information is signature information corresponding to the first information abstract.
Verifying the first signature information by using a data statistics center and an RSA public key to obtain first legal ciphertext data; the first legal ciphertext data is the ciphertext data of the client corresponding to the verified first signature information.
This step 104 is the main step in the encryption and transmission phase. In the encryption and transmission stage, each organization mainly encrypts own client data and submits the client data to a data statistics center.
The encryption and transmission stage specifically comprises:
mechanism FiFor client data M to be sharedi={Pi,SiPerforming homomorphic encryption operation on (RSA encrypted data), and performing homomorphic encryption operation on the data MiFirst field (P) ofi) For customer ID (each ID number corresponds to one ID, and the IDs of the same customer in different organizations are the same), the subsequent k fields are the data of the customer
Figure BDA0003337232940000082
Each organization in the same team has its own customer data spqEncrypting, the data comprising n records and k fields (n records being the number of records in the organization, k fields being the data in each record), and s for each datapqSequential use of homomorphic public keys PKHEEncrypted under (n, g), EncHEFor the encryption algorithm, obtain the ciphertext ctxtspq,ctxtspq=EncHE(spq,PKHE)。
All the data are encrypted to obtain ciphertext data CiCustomer data becomes Ci={Pi,Ctxti}. Ciphertext data CiAnd ciphertext ctxtspqThere is a whole and partial relationship between them, i.e. a plurality of ciphertext ctxtspqComposing ciphertext data Ci
Next, a digital signature is generated, and the mechanism FiC is first generated by MD5 in one-way hash functioniInformation abstract of
Figure BDA0003337232940000091
Reuse its RSA private key SKRSAi=(n,d)iDigitally signing message digests
Figure BDA0003337232940000092
(Sig is signature algorithm), secret is addedTextual data, message digests and signature information, i.e.
Figure BDA0003337232940000093
And submitting the data to a data statistics center.
Step 105: and performing addition homomorphic calculation on the ciphertext data of the same client in the ciphertext data of all clients by using the data statistics center to obtain the ciphertext data of all clients.
This step 105 is followed by:
carrying out digital signature on the ciphertext data of all clients by using a data statistics center and an RSA private key to obtain second signature information; the second signature information is signature information corresponding to the ciphertext data of all the clients.
Generating a second information abstract by using a data statistics center; the second information abstract is the information abstract corresponding to the ciphertext data of all the clients.
Verifying the second signature information by using the data sharing mechanism and the RSA public key after the formation of the team to obtain second legal ciphertext data; the second legal ciphertext data is the ciphertext data of all clients corresponding to the verified second signature information.
The steps are all main steps of a ciphertext calculation stage. And in the ciphertext calculation stage, the data statistics center checks the data transmitted by each mechanism and then performs ciphertext calculation data check and decryption to obtain client data sharing.
The ciphertext calculation stage specifically comprises:
the data statistics center receives information sent by each organization and uses PKRSAiThe signature information is verified by comparing the message digests to determine if they are equal, and first, C is carried outiThe same MD5 algorithm is adopted to calculate the message digest
Figure BDA0003337232940000094
With simultaneous mechanism FiRSA public key PK ofRSAi=(n,e)iFor the signature SigiDecrypting to obtain message digests, comparing whether the two message digests are equal, if so, passing the verification, otherwise, the signature is invalid, and the information may come from the non-agreementAnd the legal organization can not enter the data statistics center, so that the information is confirmed to belong to the legal organization and is not tampered.
Respectively carrying out addition homomorphic calculation on k field data of each data record with the same ID in all ciphertext after passing the verification, and respectively finishing the calculation on the field data in all IDs to obtain ciphertext data CtxtALL(ciphertext data CtxtALLAnd Ctxt are in integral and partial relation, namely a plurality of Ctxts form ciphertext data CtxtALL)。
Obtaining ciphertext data composed of all client data to obtain CtxtHE={CtxtALL,PALLIn which CtxtALLIs all ciphertext data (Ctxt)ALLRepresenting all ciphertext data, the decryption is for CtxtALLDecryption of the inner ciphertext data), CtxtHEIs data of the same client of all organizations, PALLIs the owner (client) ID and then uses SKRSADCMaking a digital signature SigDC=Sig(CtxtHE,SKRSADC) Finally, the ciphertext information, the message digest (the calculation method of the message digest is the same as that of the message digest) and the signature information are obtained
Figure BDA0003337232940000101
To the respective authorities.
Step 106: and decrypting the ciphertext data of all the clients by using the data sharing mechanism and the homomorphic encryption private key after the team formation to obtain the ciphertext results of all the client data to be shared.
Step 107: and decrypting the ciphertext result by using the data sharing mechanism and the RSA public key after the formation to obtain plaintext results of all the client data to be shared.
The step 106 and the step 107 are main steps of a decryption sharing stage, and the decryption sharing stage is mainly implemented by a mechanism for decrypting and sharing a calculated ciphertext result.
The decryption sharing stage specifically includes:
mechanism FiUsing a homomorphic private key SKHEFor (λ, μ) versus CtxtALLEach data in (1) is decrypted in turn, MALL=DecALL(CtxtALL,SKHE)(DecALLEnc is an encryption algorithm for decryption algorithm) to obtain a plaintext result M of the shared client dataALL(this result is shared by the participating institutions FiAnd then shared out).
The invention discloses a data sharing method based on a homomorphic encryption technology, which is a method for processing data (encrypting the data) without accessing the data. The method applies the homomorphic encryption algorithm on the basis of the homomorphic encryption technology, applies the homomorphic encryption technology to data sharing, ensures the privacy of multi-party data in the sharing and processing process by utilizing the characteristic that the homomorphic encryption algorithm can operate the ciphertext, enhances the encryption effect, processes the data under the condition of not accessing the data, and improves the safety performance.
Compared with the prior art, the invention has the following advantages:
the method has the advantages that: compared with the traditional data sharing encryption method, the Paillier homomorphic encryption algorithm is superior to the traditional algorithm in the encryption process and the decryption process.
The method has the advantages that: by applying the Paillier homomorphic encryption algorithm, the ciphertext can be effectively calculated, and the data processing safety is ensured.
The method has the advantages that: by using the Paillier homomorphic encryption algorithm, the time efficiency of key generation is higher, and the method has safer data sharing conditions.
The invention also provides a data sharing device based on the homomorphic encryption technology, which applies the data sharing method based on the homomorphic encryption technology in the embodiment of the data sharing method based on the homomorphic encryption technology.
The authentication center is used for generating a digital signature key for the data statistics center and each reported data sharing mechanism; the digital signature key comprises an RSA public key and an RSA private key; the provisioned data sharing mechanism is a data sharing mechanism that provisions a certification center.
The data sharing system is used for grouping all the reported data sharing mechanisms to obtain the grouped data sharing mechanisms.
And the key management center is used for generating a homomorphic encryption public key and a homomorphic encryption private key for the data sharing mechanism after the team is formed.
The data sharing mechanism after the team formation is used for carrying out homomorphic encryption on the client data to be shared by using the homomorphic encryption public key to obtain ciphertext data of the client; the client data to be shared is the client data encrypted by the RSA private key.
And the data statistics center is used for performing addition homomorphic calculation on the ciphertext data of the same client in the ciphertext data of all the clients to obtain the ciphertext data of all the clients.
And the data sharing mechanism after the team formation is also used for decrypting the ciphertext data of all the clients by using the homomorphic encryption private key to obtain the ciphertext results of all the client data to be shared.
And the data sharing mechanism after the team formation is also used for decrypting the ciphertext result by using the RSA public key to obtain the plaintext results of all the client data to be shared.
In particular, the certificate authority is further configured to assign a unique registration credential code to each data sharing authority.
The data sharing system is also used for carrying out identity verification on all reported data sharing mechanisms participating in data sharing by using the registration certificate codes to obtain all legal data sharing mechanisms; the legal data sharing mechanism is a reported data sharing mechanism which passes identity authentication and participates in data sharing.
The data sharing mechanism after the team formation is also used for generating a first information abstract; the first information abstract is an information abstract corresponding to the ciphertext data.
The data sharing mechanism after the team formation is further used for digitally signing the first information abstract by using an RSA private key to obtain first signature information; the first signature information is signature information corresponding to the first information abstract.
The data statistics center is also used for verifying the first signature information by using the RSA public key to obtain first legal ciphertext data; the first legal ciphertext data is the ciphertext data of the client corresponding to the verified first signature information.
The data statistics center is also used for carrying out digital signature on the ciphertext data of all the clients by utilizing an RSA private key to obtain second signature information; the second signature information is signature information corresponding to the ciphertext data of all the clients.
The data statistics center is also used for generating a second information abstract; the second information abstract is the information abstract corresponding to the ciphertext data of all the clients.
The data sharing mechanism after the team formation is further used for verifying the second signature information by using the RSA public key to obtain second legal ciphertext data; the second legal ciphertext data is the ciphertext data of all clients corresponding to the verified second signature information.
The embodiments in the present description are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
The principles and embodiments of the present invention have been described herein using specific examples, which are provided only to help understand the method and the core concept of the present invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, the specific embodiments and the application range may be changed. In view of the above, the present disclosure should not be construed as limiting the invention.

Claims (10)

1. A data sharing method based on a homomorphic encryption technology, the method comprising:
generating a digital signature key for the data statistics center and each reported data sharing mechanism by using the authentication center; the digital signature key comprises an RSA public key and an RSA private key; the reported data sharing mechanism is a data sharing mechanism reporting to the authentication center;
utilizing a data sharing system to group all the reported data sharing mechanisms to obtain the grouped data sharing mechanisms;
generating a homomorphic encryption public key and a homomorphic encryption private key for the data sharing mechanism after the team is formed by utilizing a key management center;
carrying out homomorphic encryption on the client data to be shared by using the data sharing mechanism after the team is formed and the homomorphic encryption public key to obtain ciphertext data of the client; the client data to be shared is the client data encrypted by the RSA private key;
performing addition homomorphic calculation on the ciphertext data of the same client in the ciphertext data of all the clients by using a data statistics center to obtain the ciphertext data of all the clients;
decrypting the ciphertext data of all the clients by using the grouped data sharing mechanism and the homomorphic encryption private key to obtain ciphertext results of all the client data to be shared;
and decrypting the ciphertext result by using the data sharing mechanism after the team formation and the RSA public key to obtain the plaintext results of all the client data to be shared.
2. The data sharing method based on the homomorphic encryption technology of claim 1, wherein the generating digital signature keys for the data statistics center and each prepared data sharing organization by using the certification center further comprises:
and allocating a unique registration credential code for each data sharing mechanism by using the authentication center.
3. The data sharing method based on the homomorphic encryption technology of claim 2, wherein the using of the certification center generates digital signature keys for the data statistics center and each of the prepared data sharing organizations, and then further comprises:
utilizing a data sharing system and the registration certificate code to carry out identity verification on all the reported data sharing mechanisms participating in data sharing to obtain all legal data sharing mechanisms; the legal data sharing mechanism is the reported data sharing mechanism which passes identity authentication and participates in data sharing.
4. The data sharing method based on the homomorphic encryption technology according to claim 1, wherein the homomorphic encryption is performed on the client data to be shared by using the data sharing mechanism after the team formation and the homomorphic encryption public key to obtain ciphertext data of the client, and then the method further comprises:
generating a first information summary by using the grouped data sharing mechanism; the first information abstract is an information abstract corresponding to the ciphertext data;
carrying out digital signature on the first information abstract by using the data sharing mechanism after the team formation and the RSA private key to obtain first signature information; the first signature information is signature information corresponding to the first information abstract;
verifying the first signature information by using a data statistics center and the RSA public key to obtain first legal ciphertext data; the first legal ciphertext data is the ciphertext data of the client corresponding to the first signature information which passes the verification.
5. The data sharing method based on homomorphic encryption technology of claim 1, wherein the data statistics center performs additive homomorphic calculation on the ciphertext data of the same client in the ciphertext data of all the clients to obtain the ciphertext data of all the clients, and then further comprises:
carrying out digital signature on the ciphertext data of all the clients by using a data statistics center and the RSA private key to obtain second signature information; the second signature information is signature information corresponding to the ciphertext data of all the clients;
generating a second information abstract by using a data statistics center; the second information abstract is an information abstract corresponding to the ciphertext data of all the clients;
verifying the second signature information by using the data sharing mechanism after the team formation and the RSA public key to obtain second legal ciphertext data; and the second legal ciphertext data are the ciphertext data of all clients corresponding to the second signature information which passes the verification.
6. A data sharing device based on a homomorphic encryption technology, which applies the data sharing method based on the homomorphic encryption technology of any one of claims 1 to 5, characterized in that the device comprises a certification center, a data sharing system, a key management center, a data statistics center and a plurality of data sharing mechanisms;
the authentication center is used for generating a digital signature key for the data statistics center and each reported data sharing mechanism; the digital signature key comprises an RSA public key and an RSA private key; the provisioned data sharing mechanism is the data sharing mechanism that is provisioned for the certification center;
the data sharing system is used for grouping all the reported data sharing mechanisms to obtain the grouped data sharing mechanisms;
the key management center is used for generating a homomorphic encryption public key and a homomorphic encryption private key for the grouped data sharing mechanism;
the data sharing mechanism after the team is formed is used for carrying out homomorphic encryption on the client data to be shared by utilizing the homomorphic encryption public key to obtain ciphertext data of the client; the client data to be shared is the client data encrypted by the RSA private key;
the data statistics center is used for performing addition homomorphic calculation on the ciphertext data of the same client in the ciphertext data of all the clients to obtain the ciphertext data of all the clients;
the data sharing mechanism after the team formation is further used for decrypting the ciphertext data of all the clients by using the homomorphic encryption private key to obtain ciphertext results of all the client data to be shared;
and the data sharing mechanism after the team formation is also used for decrypting the ciphertext result by using the RSA public key to obtain the plaintext results of all the client data to be shared.
7. The homomorphic encryption technology-based data sharing apparatus according to claim 6, wherein the certificate authority is further configured to assign a unique registration credential code to each data sharing authority.
8. The homomorphic encryption technology-based data sharing device according to claim 7, wherein the data sharing system is further configured to authenticate all the provisioned data sharing organizations participating in data sharing by using the registration credential code to obtain all the legitimate data sharing organizations; the legal data sharing mechanism is the reported data sharing mechanism which passes identity authentication and participates in data sharing.
9. The homomorphic encryption technology-based data sharing device according to claim 6, wherein the grouped data sharing mechanism is further configured to generate a first information summary; the first information abstract is an information abstract corresponding to the ciphertext data;
the data sharing mechanism after the team formation is further used for digitally signing the first information abstract by using the RSA private key to obtain first signature information; the first signature information is signature information corresponding to the first information abstract;
the data statistics center is further used for verifying the first signature information by using the RSA public key to obtain first legal ciphertext data; the first legal ciphertext data is the ciphertext data of the client corresponding to the first signature information which passes the verification.
10. The homomorphic encryption technology-based data sharing device according to claim 6, wherein the data statistics center is further configured to digitally sign the ciphertext data of all the clients using the RSA private key to obtain second signature information; the second signature information is signature information corresponding to the ciphertext data of all the clients;
the data statistics center is also used for generating a second information abstract; the second information abstract is an information abstract corresponding to the ciphertext data of all the clients;
the data sharing mechanism after the team formation is further used for verifying the second signature information by using the RSA public key to obtain second legal ciphertext data; and the second legal ciphertext data are the ciphertext data of all clients corresponding to the second signature information which passes the verification.
CN202111298314.0A 2021-11-04 2021-11-04 Data sharing method and device based on homomorphic encryption technology Pending CN114020842A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111298314.0A CN114020842A (en) 2021-11-04 2021-11-04 Data sharing method and device based on homomorphic encryption technology

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111298314.0A CN114020842A (en) 2021-11-04 2021-11-04 Data sharing method and device based on homomorphic encryption technology

Publications (1)

Publication Number Publication Date
CN114020842A true CN114020842A (en) 2022-02-08

Family

ID=80060590

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111298314.0A Pending CN114020842A (en) 2021-11-04 2021-11-04 Data sharing method and device based on homomorphic encryption technology

Country Status (1)

Country Link
CN (1) CN114020842A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116170131A (en) * 2023-04-20 2023-05-26 浪潮(北京)电子信息产业有限公司 Ciphertext processing method, ciphertext processing device, storage medium and trusted execution device

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116170131A (en) * 2023-04-20 2023-05-26 浪潮(北京)电子信息产业有限公司 Ciphertext processing method, ciphertext processing device, storage medium and trusted execution device
CN116170131B (en) * 2023-04-20 2023-07-14 浪潮(北京)电子信息产业有限公司 Ciphertext processing method, ciphertext processing device, storage medium and trusted execution device

Similar Documents

Publication Publication Date Title
US10903991B1 (en) Systems and methods for generating signatures
CN110391911B (en) System and method for anonymously voting block chain
US10211981B2 (en) System and method for generating a server-assisted strong password from a weak secret
US9967239B2 (en) Method and apparatus for verifiable generation of public keys
US7526651B2 (en) Electronic group signature method with revocable anonymity, equipment and programs for implementing the method
JP4639084B2 (en) Encryption method and encryption apparatus for secure authentication
US20050097316A1 (en) Digital signature method based on identification information of group members, and method of acquiring identification information of signed-group member, and digital signature system for performing digital signature based on identification information of group members
CN116566660B (en) Identity authentication method based on medical block chain
CN108712259B (en) Identity-based cloud storage efficient auditing method capable of uploading data by proxy
TW202318833A (en) Threshold signature scheme
CN115208586A (en) Secret sharing-based digital signature method and system
CN114020842A (en) Data sharing method and device based on homomorphic encryption technology
CN116702191A (en) Federally learned local model parameter aggregation method
CN114389808B (en) OpenID protocol design method based on SM9 blind signature
Hassouna et al. A New Level 3 Trust Hierarchal Certificateless Public Key Cryptography Scheme in the Random Oracle Model.
Harn et al. An efficient group authentication for group communications
Priyadarshini et al. Digital signature and its pivotal role in affording security services
Zaw et al. User authentication in SSL handshake protocol with zero-knowledge proof
Samundiswary et al. Public auditing for shared data in cloud with safe user revocation
CN110572257A (en) Anti-quantum computing data source identification method and system based on identity
CN113055392B (en) Block chain-based unified identity authentication method
CN117896168A (en) Security authentication method and equipment
CN117614624A (en) Identity authentication security trust method based on key agreement in Internet of vehicles
CN114900296A (en) Power data security sharing method and device based on IPFS
Raghavendran et al. Security Challenges for Public Cloud

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination