CN114915401A - Verifiable homomorphic proxy re-encryption method and system - Google Patents

Abstract

The invention relates to a verifiable homomorphic proxy re-encryption method and a verifiable homomorphic proxy re-encryption system. The invention introduces the idea of proxy re-encryption, each participant is encrypted by respective private key and then converted into the ciphertext of the cloud server, so that multi-party cloud computing can be realized, and the problem that the ciphertext under different public key encryption can not be homomorphic operated is solved; in order to meet the sharing requirements among different users, the calculation result can be selected to be sent to a designated and legal non-data provider, the one-time re-encryption technology is used again, and other users except the designated receiver can not decrypt the calculation result even if the original ciphertext of the data provider is obtained. Given a re-encryption key and a signature on the original message, the proxy can not only convert the ciphertext, but can also provide a signature of the converted ciphertext by evaluating the original signature using the re-encryption key, which can be used to verify whether the cloud server performs the correct function computation and the correctness of the function result.

Description

Verifiable homomorphic agent re-encryption method and system

Technical Field

The invention relates to the technical field of data encryption, in particular to a verifiable homomorphic proxy re-encryption method and a verifiable homomorphic proxy re-encryption system.

Background

The rapid development of networks and informatization has led to the explosive growth of data, and in order to save local resources and efficiently utilize the data, more and more organizations and users select to encrypt a large amount of data and upload the encrypted data to a cloud server for storage and processing. In order to facilitate the sharing of the ciphertext data, an agent re-encryption mechanism is usually adopted, the ciphertext file to be shared is directly converted into a ciphertext file which can be decrypted by another user through a cloud server, and the cloud server cannot obtain any bottom layer plaintext information in the process. However, the proxy re-encryption technology cannot realize the operation and processing between ciphertexts, which brings inconvenience to many practical requirements in the real world. Therefore, how to calculate ciphertext data under the condition of protecting the information security and privacy of the user is a problem which is urgently needed to be solved under the current cloud environment. The homomorphic encryption has strong cryptographic calculation capacity, so that an untrusted third party can process information in a ciphertext environment, and any information of a user is not disclosed.

The patent with application number 202011045388.9 provides a lattice-based homomorphic proxy re-encryption method for resisting collusion attack, the proxy re-encryption method of the method only relates to a layer of ciphertext, layered processing is not needed to be carried out on the ciphertext, interaction overhead is saved, but the method cannot verify the correct behavior of a server, and the private key of a user is overlarge in size and needs to occupy a larger storage space; the patent with application number 202111314232.0 provides a proxy re-encryption system and method based on double entities, and the method has the problems of more required parameters, high operation overhead, complex operation, incapability of resisting quantum attack, incapability of verifying the correctness of a server, incapability of carrying out homomorphic operation and the like.

The diversity and complexity of users in a cloud environment require homomorphic encryption technology to meet the requirements of ciphertext calculation and sharing of multiple users, but the traditional homomorphic encryption technology is only suitable for homomorphic calculation of ciphertext related to a single user, namely all ciphertexts participating in calculation belong to the same user, and the homomorphic encryption technology cannot be used when random operation is required to be performed on ciphertexts among different users. However, in many real-world scenarios, secure multi-party joint computation of data uploaded to the cloud by multiple users is generally required. When an agent has many ciphertexts sent from different authorizers and needs to perform calculation on the ciphertexts without revealing the information of the ciphertexts, the agent needs to support homomorphic operation. How to combine proxy re-encryption with homomorphic encryption is a challenging problem to design a homomorphic proxy re-encryption method which is quantum attack resistant and can be verified.

Disclosure of Invention

In view of the problems in the prior art, the invention discloses a verifiable homomorphic proxy re-encryption system, which comprises a system establishing module IB-VHPRE ^λ ,1 ^L ) Private key extraction module IB-VHPRE

Re-encryption module

Verification module

Decryption module IB-VHPRE ₁ ,C ₂ F), specifically:

setup module IB-vhpre ^λ ,1 ^L )：

Inputting a safety parameter lambda, the number of circuit layers L, selecting a modulus q with a binary bit represented by k bits, where k is a polynomial k ═ k (lambda, L) with respect to lambda and L, a grid dimension n ═ n (lambda, L), an error distribution χ ═ χ (lambda, L), a parameter m ═ m (lambda, L) ═ o (nlogq),

matrix generation using trapdoor generation algorithm trapGen (q, n)

And its grid

A trap door base

Randomly selecting a vector

Two matrices

The output common parameter is pp ═ n, q, χ, m, a ₀ ,A ₁ ,A ₂ U) the system master private key is

Private key extraction module IB-vhpre extract (pp, msk, id):

inputting a public parameter pp, a system main private key msk and a user identity id

Running left-sampling algorithm output vector

So that P is _id s ═ u; order to

With B _id T is 0; export public key pk _id ＝B _id Private key sk _id ＝t；

Encryption module IB-vhpre. encryption (pp, m, id):

inputting a public parameter pp, a message bit m ← {0,1} and a user identity id; selecting a noise vector e ← χ ^(1+2m)×1 Randomly selecting a uniform vector r ← -1,1} ^n×1 Outputting the ciphertext

Wherein x is ₁ Is (1,0,0,.., 0);

re-encryption key generation module

(1) Inputting the private key of the ith participant

And a public key pk of the cloud server _o ＝B _o Let us order

Randomly selecting an invertible matrix

Generating proxy re-encryption key rk of cloud server _i→o ＝(Power2(t _i )Z XG)；

(2) Inputting the private key of the ith participant

User id _j Public key pk of _j ＝B _j Randomly selecting two error vectors e ₁ ,e ₂ ←χ ⁿ Generating a user id _j Proxy re-encryption key of

rk _i→j ＝(e ₁ B _j e ₂ -Power2(t _i ))；

(3) And running AFHS (advanced software architecture) KeyGen (MSK, f, tau) algorithm to generate a signature key

Let rk _i→j Each row of (1) with x _i Marking, running

Algorithm generating signature sigma _i ；

(4) And the re-encryption key and the corresponding signature (rk) _i→j ,σ _i ) Sending the data to a cloud server;

re-encryption module

(1) And inputting the ciphertext of the user i

Re-encryption key rk _i→o And the inverse matrix X of the matrix X ^-1 Converting the ciphertext of the user i into the ciphertext C of the cloud server _o ＝G ^-1 (C _i )X ^-1 ·rk _i→o ；

(2) And inputting the ciphertext of the user i

And re-encrypting the secret key rk _i→j Converting the ciphertext of user i into the ciphertext of user j

(3) And run

Algorithmic generation of signatures

Wherein the function

Is defined as

(4) Outputting the re-encrypted ciphertext and the signature;

verification module

Inputting authentication keys

Ciphertext and signature set (C) _id ,σ _*→j ) If it is the original ciphertext

Then the signature σ _*→j Is empty; if the ciphertext is converted

The signature is σ _i→j (ii) a Operation of

An algorithm for outputting a verification result;

decryption module IB-vhpre. decryption (C, sk):

(1) and using the private key sk of each party to the ciphertext of each party _i Calculating m' ═ 2<C,sk>] _q ；

(2) And for the ciphertext C converted into the cloud server _o The cloud server uses its own private key sk _o

Decrypting to obtain the ciphertext C of each participant _id '＝[<C ₀ ,sk ₀ >] _q ；

(3) And for the user j ciphertext subjected to proxy re-encryption conversion

User j uses its own private key sk _j Decrypting to obtain the final result m _i '＝[<C _j ,sk _j >] _q ；

Homomorphic computing module Eval (C) ₁ ,C ₂ ,f)：

Performing multi-party cloud computing, wherein a cloud server performs homomorphic operation on ciphertext subjected to proxy re-encryption by each participant;

(1)Add(C ₁ ,C ₂ )：C _Add @C ₁ +C ₂

(2)Mult(C ₁ ,C ₂ )：C _Mult @C ₁ ·G ^-1 (C ₂ )

(3)NAND(C ₁ ,C ₂ )：C _NAND @G-C ₁ ·G ^-1 (C ₂ )

the cloud server sends the homomorphic calculation result to each participant, and each participant obtains a final calculation result through decryption of a private key of each participant, so that multi-party cloud calculation is realized, and the problem that cryptographs generated by encryption of different public keys cannot be homomorphic calculated is solved.

Based on the system, the verifiable homomorphic proxy re-encryption method comprises the following steps:

step one, a private key extraction module IB-VHPRE.extract (pp, msk, id) establishes a module IB-VHPRE.setup (1) according to a system ^λ ,1 ^L ) Generating a public and private key pair of a user by the generated public parameter and a system main private key; entering an encryption module IB-VHPRE.

Step two, generating module by re-encrypting key

And re-encryption module

Generating a ciphertext of the cloud server, and carrying out homomorphic computing module Eval (C) by the cloud server according to the function f ₁ ,C ₂ ,f)；

Step three, sending homomorphic ciphertext results to each user;

step four, entering a verification module

If the verification is passed, entering a decryption module IB-VHPRE.

Step five, re-entering the re-encryption key generation module

And re-encryption module

Generating a new ciphertext of the user P, and decrypting by the user P by using a private key of the user P to obtain a homomorphic operation result so as to realize ciphertext sharing; the whole process is finished.

The invention has the beneficial effects that: in order to realize multi-user homomorphic operation, the concept of proxy re-encryption is introduced, each participant is encrypted by a respective private key and then converted into a ciphertext of a cloud server, so that multi-party cloud computing can be realized, and the problem that the ciphertext cannot be subjected to homomorphic operation under different public key encryption is solved; in order to meet the sharing requirements among different users, the calculation result can be selected to be sent to a designated and legal non-data provider, the one-time re-encryption technology is used again, and other users except a designated receiver can not decrypt the calculation result even if the original ciphertext of the data provider is obtained, so that the confidentiality effect is better. The authorization function homomorphic signature is embedded into a homomorphic proxy re-encryption scheme as a black box to realize re-encryption verification, namely, given a re-encryption key and a signature on an original message, the proxy not only can convert a ciphertext, but also can provide a signature of the converted ciphertext by evaluating the original signature by using the re-encryption key, and can be used for verifying whether the cloud server executes correct function calculation and the correctness of a function result.

Drawings

FIG. 1 is a flowchart illustrating an embodiment of a verifiable homomorphic proxy re-encryption method;

FIG. 2 is a flow chart of an expert telemedicine consultation system in an embodiment.

Detailed Description

Example 1

The verifiable homomorphic proxy re-encryption system comprises a system establishment module IB-VHPRE ^λ ,1 ^L ) Private key extraction module IB-VHPRE

Re-encryption module

Verification module

Decryption module IB-VHPRE ₁ ,C ₂ F), specifically:

setup (1) of system setup module IB-vhpre ^λ ,1 ^L )：

Inputting a safety parameter lambda, a number of circuit layers L, selecting a modulus q with a binary bit represented as k bits, where k is a polynomial k (lambda, L) about lambda and L, grid dimension n (lambda, L), error distribution χ (χ, L), parameter m (λ, L) o (nlogq),

matrix generation by using trapdoor generation algorithm TrapGen (q, n)

And its grid

A trap door base

Randomly selecting a vector

Two matrices

The output common parameter is pp ═ n, q, χ, m, a ₀ ,A ₁ ,A ₂ U) the system master private key is

Private key extraction module IB-vhpre extract (pp, msk, id):

inputting public parameter pp, system major and privateKey msk and user identity id

Running left-sampling algorithm output vector

So that P is _id s ═ u; order to

Has B _id T is 0; export public key pk _id ＝B _id Private key sk _id ＝t；

Encryption module IB-vhpre. encryption (pp, m, id):

inputting a public parameter pp, a message bit m ← {0,1} and a user identity id; selecting a noise vector e ← χ ^(1+2m)×1 Randomly selecting a uniform vector r ← -1,1} ^n×1 Outputting the ciphertext

Wherein x is ₁ Is (1,0,0,.., 0);

re-encryption key generation module

(1) Inputting the private key of the ith participant

And public key pk of cloud server _o ＝B _o Let us order

Randomly selecting an invertible matrix

Generating proxy re-encryption key rk of cloud server _i→o ＝(Power2(t _i )Z XG)；

(2) Inputting the private key of the ith participant

User id _j Public key pk _j ＝B _j Randomly selecting two error vectors e ₁ ,e ₂ ←χ ⁿ Generating a user id _j Proxy re-encryption key of

rk _i→j ＝(e ₁ B _j e ₂ -Power2(t _i ))；

(3) Running AFHS KeyGen (MSK, f, tau) algorithm to generate signature key

Let rk _i→j Each row of (1) with x _i Marking, running

Algorithm generation of signature σ _i ；

(4) And the re-encryption key and the corresponding signature (rk) _i→j ,σ _i ) Sending the data to a cloud server;

re-encryption module

(1) And inputting the ciphertext of the user i

Re-encryption key rk _i→o And inverse matrix X of matrix X ^-1 Converting the ciphertext of the user i into the ciphertext C of the cloud server _o ＝G ^-1 (C _i )X ^-1 ·rk _i→o ；

(2) Inputting ciphertext of user i

And re-encryption key rk _i→j Converting the ciphertext of user i into the ciphertext of user j

(3) And run

Algorithmic generation of signatures

Wherein the function

Is defined as

(4) Outputting the re-encrypted ciphertext and the signature;

verification module

Inputting authentication keys

Ciphertext and signature set (C) _id ,σ _*→j ) If it is the original ciphertext

Then the signature σ _*→j Is empty; if the ciphertext is converted

The signature is σ _i→j (ii) a Operation of

An algorithm outputs a verification result;

decryption module IB-vhpre. decryption (C, sk):

(1) and using the private key sk of each party to the ciphertext of each party _i Calculating m' ═ 2<C,sk>] _q ；

(2) And for the ciphertext C converted into the cloud server _o The cloud server uses its own private key sk _o

Decrypting to obtain ciphertext C of each participant _id '＝[<C ₀ ,sk ₀ >] _q ；

(3) And for the user j ciphertext subjected to proxy re-encryption conversion

User j uses its own private key sk _j Decrypting to obtain the final result m _i '＝[<C _j ,sk _j >] _q ；

Homomorphic computing module Eval (C) ₁ ,C ₂ ,f)：

Performing multi-party cloud computing, wherein a cloud server performs homomorphic operation on ciphertext subjected to proxy re-encryption by each participant;

(4)Add(C ₁ ,C ₂ )：C _Add @C ₁ +C ₂

(5)Mult(C ₁ ,C ₂ )：C _Mult @C ₁ ·G ^-1 (C ₂ )

(6)NAND(C ₁ ,C ₂ )：C _NAND @G-C ₁ ·G ^-1 (C ₂ )

the cloud server sends the homomorphic calculation result to each participant, and each participant obtains a final calculation result through decryption of a private key of each participant, so that multi-party cloud calculation is realized, and the problem that cryptographs generated by encryption of different public keys cannot be homomorphic calculated is solved.

As shown in fig. 1, a verifiable homomorphic proxy re-encryption method based on the above system includes the following steps:

step one, a private key extraction module IB-VHPRE.extract (pp, msk, id) establishes a module IB-VHPRE.setup (1) according to a system ^λ ,1 ^L ) Generating a public and private key pair of a user by the generated public parameter and a system main private key; entering an encryption module IB-VHPRE.

Step two, passing through heavyEncryption key generation module

And re-encryption module

Generating a ciphertext of the cloud server, and carrying out homomorphic computing on a module Eval (C) by the cloud server according to the function f ₁ ,C ₂ ,f)；

Step three, sending homomorphic ciphertext results to each user;

step four, entering a verification module

If the verification is passed, entering a decryption module IB-VHPRE.

Step five, re-entering the re-encryption key generation module

And re-encryption module

Generating a new ciphertext of the user P, and decrypting by the user P by using a private key of the user P to obtain a homomorphic operation result so as to realize ciphertext sharing; the whole process is finished.

The specific implementation case is as follows: the invention can be applied to a personal electronic health medical record system, such as a flow chart of an expert remote medical consultation system shown in figure 2, and comprises the following specific steps:

step one, a credible center registers doctors and patients according to a system establishing module and generates public parameters of the system;

secondly, the doctor and the patient run the key extraction module to generate respective public and private key pairs;

step three, the patient runs the encryption module to encrypt the electronic health medical record of the patient and uploads the encrypted electronic health medical record to the cloud server for storage;

step four, assuming that a doctor needs to analyze and calculate the electronic medical records of a plurality of patients, and in order to save the local calculation and communication overhead, the doctor hands the calculation task to a cloud agent;

running a re-encryption key generation module and a re-encryption module to generate a ciphertext of the cloud server, running a homomorphic calculation module by the cloud server, and executing homomorphic operation on the re-encrypted ciphertext;

the cloud server operates the re-encryption module again to generate a cipher text of the doctor;

and step seven, downloading the homomorphic calculation result by the doctor, firstly verifying whether the ciphertext is legal, and if the ciphertext is verified to be legal, decrypting locally by using a decryption algorithm to acquire the required data.

Parts not described in detail herein are prior art.

Although the present invention has been described in detail with reference to the specific embodiments thereof, the present invention is not limited to the above embodiments, and various changes can be made without departing from the gist of the present invention within the knowledge of those skilled in the art without departing from the scope of the present invention.

Claims (2)

1. An authenticatable homomorphic proxy re-encryption system is characterized by comprising a system establishment module IB-VHPRE ^λ ,1 ^L ) Private key extraction module IB-VHPRE

Re-encryption module

Verification module

Decryption module IB-VHPRE ₁ ,C ₂ F), specifically:

setup module IB-vhprep(1 ^λ ,1 ^L )：

Inputting a safety parameter lambda, a number of circuit layers L, selecting a modulus q with a binary bit represented as k bits, where k is a polynomial k (lambda, L) about lambda and L, grid dimension n (lambda, L), error distribution χ (χ, L), parameter m (λ, L) o (nlogq),

matrix generation using trapdoor generation algorithm trapGen (q, n)

And its grid

A trap door base

Randomly selecting a vector

Two matrices

The output common parameter is pp ═ n, q, χ, m, a ₀ ,A ₁ ,A ₂ U) the system master private key is

Private key extraction module IB-vhpre extract (pp, msk, id):

inputting a public parameter pp, a system main private key msk and a user identity id

Running left-sampling algorithm output vector

So that P is _id s ═ u; order to

Has B _id T is 0; export public key pk _id ＝B _id Private key sk _id T; encryption module IB-vhpre. encryption (pp, m, id):

inputting a public parameter pp, a message bit m ← {0,1} and a user identity id; selecting a noise vector e ← χ ^(1+2m)×1 Randomly selecting a uniform vector r ← -1,1} ^n×1 Outputting the ciphertext

Wherein x is ₁ Is (1,0,0,.., 0);

re-encryption key generation module

(1) Inputting the private key of the ith participant

And public key pk of cloud server _o ＝B _o Let us order

Randomly selecting an invertible matrix

Generating proxy re-encryption key rk of cloud server _i→o ＝(Power2(t _i )Z XG)；

(2) Inputting the private key of the ith participant

User id _j Public key pk of _j ＝B _j Randomly selecting two error vectors e ₁ ,e ₂ ←χ ⁿ Generating a user id _j Proxy re-encryption key rk of _i→j ＝(e ₁ B _j e ₂ -Power2(t _i ))；

(3) And running AFHS (advanced software architecture) KeyGen (MSK, f, tau) algorithm to generate a signature key

Let rk _i→j Each row of (1) with x _i Marking, running

Algorithm generation of signature σ _i ；

(4) And the re-encryption key and the corresponding signature (rk) _i→j ,σ _i ) Sending the data to a cloud server;

re-encryption module

(1) And inputting the ciphertext of the user i

Re-encryption key rk _i→o And inverse matrix X of matrix X ^-1 Converting the ciphertext of the user i into the ciphertext C of the cloud server _o ＝G ^-1 (C _i )X ^-1 ·rk _i→o ；

(2) And inputting the ciphertext of the user i

And re-encryption key rk _i→j Converting the ciphertext of the user i into the ciphertext of the user j

(3) And run

Algorithmic generation of signatures

Wherein the function

Is defined as

(4) Outputting the re-encrypted ciphertext and the signature;

verification module

Inputting authentication keys

Ciphertext and signature set (C) _id ,σ _*→j ) If it is the original ciphertext

Then the signature σ _*→j Is empty; if the ciphertext is converted

The signature is σ _i→j (ii) a Operation of

An algorithm outputs a verification result;

decryption module IB-vhpre. decryption (C, sk):

(1) and using the private key sk of each party to the ciphertext of each party _i Calculating m' ═ 2<C,sk>] _q ；

(2) And for the ciphertext C converted into the cloud server _o The cloud server uses its ownPrivate key sk _o Decrypting to obtain the ciphertext C of each participant _id '＝[<C ₀ ,sk ₀ >] _q ；

(3) And for the user j ciphertext subjected to proxy re-encryption conversion

User j uses its own private key sk _j Decrypting to obtain the final result m _i '＝[<C _j ,sk _j >] _q ；

Homomorphic computing module Eval (C) ₁ ,C ₂ ,f)：

Performing multi-party cloud computing, wherein a cloud server performs homomorphic operation on ciphertext subjected to proxy re-encryption by each participant;

(1)Add(C ₁ ,C ₂ )：C _Add @C ₁ +C ₂

(2)Mult(C ₁ ,C ₂ )：C _Mult @C ₁ ·G ^-1 (C ₂ )

(3)NAND(C ₁ ,C ₂ )：C _NAND @G-C ₁ ·G ^-1 (C ₂ )

the cloud server sends the homomorphic calculation result to each participant, and each participant obtains a final calculation result through decryption of a private key of each participant, so that multi-party cloud calculation is realized, and the problem that cryptographs generated by encryption of different public keys cannot be homomorphic calculated is solved.

2. A verifiable homomorphic proxy re-encryption method is characterized by comprising the following steps:

step one, a private key extraction module IB-VHPRE.extract (pp, msk, id) establishes a module IB-VHPRE.setup (1) according to a system ^λ ,1 ^L ) Generating a public and private key pair of a user by the generated public parameter and a system main private key; entering an encryption module IB-VHPRE.

Step two, generating module by re-encrypting key

And re-encryption module

Generating a ciphertext of the cloud server, and carrying out homomorphic computing module Eval (C) by the cloud server according to the function f ₁ ,C ₂ ,f)；

Step three, sending homomorphic ciphertext results to each user;

step four, entering a verification module

If the verification is passed, entering a decryption module IB-VHPRE.

Step five, re-entering the re-encryption key generation module

And re-encryption module

Generating a new ciphertext of the user P, and decrypting by the user P by using a private key of the user P to obtain a homomorphic operation result so as to realize ciphertext sharing; the whole process is finished.

Images