KR101608515B1 - Computation Method of encrypted data using Homomorphic Encryption and Public Key Encryption and Server using the same - Google Patents

Abstract

A method of computing data encrypted by an EIGamal encryption algorithm, the method comprising: converting data encrypted by an EIGamal encryption algorithm into a data form encrypted by a fully isomorphic or perturbed or perturbative algorithm; ; And performing an operation on data of a type that is encrypted by the same type or encryption algorithm, and a method of computing data encrypted with a public key.

Description

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a method for computing encrypted data using a homogeneous encryption algorithm and a public key encryption algorithm and a server using the same,

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a method of computing encrypted data using the same encryption algorithm and a public key encryption algorithm, and a server using the same.

The completely homogeneous or perturbed cryptographic technique is an encryption technology that enables multiplication or addition in an encrypted state, and is expected to be used in various fields. For example, if privacy needs to be protected, the perturbed encryption technique can be useful because it can be processed in an encrypted state without having to decrypt it.

Full-fledged-type encryption is being actively researched since full-fledged encryption technology was presented in 2009, and in particular, integer-based full-fledged encryption is a technique that can support addition and multiplication between ciphertexts without limitation .

However, encryption statements encrypted with fully homogeneous or perceptual encryption techniques are not only very large, but also take a long time to encrypt.

According to an embodiment of the present invention, there can be provided a method of computing encrypted data and a server using the same, which can perform operations such as multiplication and addition in an encrypted state, but has a small size of an encryption statement and a high encryption speed.

According to one or more embodiments of the present invention, there is provided a server for computing data encrypted with a public key,

And computer program code that is loaded into and executed by the computer processor in the memory,

The computer program code comprising:

PKE (m) = PKE (m _i ) | 1? I? N, i, n is an integer) = PKE (m ₁ ), PKE ₂ ), ..., PKE (m _n )) into a data form encrypted by a completely isochronous or perturbative algorithm; And

(FHE (m) = {FHE (m _i ) | 1? I? N, i, n is an integer) = (FHE (FHE (m ₁ ), FHE (m ₂ ), ..., FHE (m _n )).

Wherein the converting comprises:

(FHE (e)) encrypted by the completely isochronous or perturbative algorithm.

The public key encryption data PKE (m _i ) is encrypted by the EIGamal encryption algorithm,

PKE (m _i ) = (g ^-r , m _i · y ^r )

, Where r is a randomly selected value in [0, | G |], g is selected from the set defined by G = {g, g ² , ....}, y = g ^e , And e may be a secret key.

The secret key (e)

이며,Here, e _i ∈ {0, 1},

Lt;

Which may be developed in binary representation.

Wherein the converting comprises:

The PKE (m _i ) = (g ^-r , m _i · y ^r )

FHE (m _i ).

Wherein the converting comprises:

이고, h = g^-r 인 것일 수 있다., Wherein: < RTI ID = 0.0 >

, And h = g- ^r .

The encrypted secret key FHE (e) used in the transforming step may be one generated by the server using the public key, or the server may be received from an external device.

The computer program code, when a multiplication operation is included in the operation,

Before performing the transforming step,

(PKE (m ₁ ), PKE (m ₂ ), ..., PKE (m _n )) encrypted with the public key is performed first,

The transforming step may be performed on the result of the multiplication operation.

The secret key (e)

May be developed in a W-ary representation.

And converting the PKE (m _i ) = (g ^-r , m _i · y ^r ) into FHE (m _i ).

Wherein the converting comprises:

, ≪ / RTI >

Here, k ∈ {0, 1, 2, ... , w-1},

_{Ψ (e i) = (e} i0, e i1, ..., e ik, ..., e iw -1), e ik ∈ {0, 1}, where Ψ is the function belongs to the elements belonging to the set of W in the set Z Element, and W = {0, 1, 2, ... , w-1}, Z = {f ₁ , f ₂ , f ₃ , ... , f _w }, and h = g- ^r .

E _i0 , e _i1 , ... , _eik , ... , e _{iw -1} may have a value of '1' only in the case of k = e _i +1, and the rest may have a value of '0'.

According to another embodiment of the present invention, there is provided a method of computing encrypted data,

Encrypting data to be operated by a client with a public key and transmitting the encrypted data to a server;

(PKE (m) = {PKE (m _i ) | 1? I? N, i, n is an integer) encrypted with the public key transmitted from the client = PKE (m ₁ ), PKE (m ₂ ), ..., PKE (m _n ) into a data form encrypted by a completely isochronous or cantilever algorithm; And

(FHE (m) = {FHE (m _i ) | 1? I? N, i, n (m _i )) data encrypted by a completely isochronous or quasi-dynamic algorithm (M ₁ ), FHE (m ₁ ), FHE (m ₂ ), ..., FHE (m _n ).

Wherein the converting comprises:

(FHE (e)) encrypted by the completely isochronous or perturbative algorithm.

The public key encryption data PKE (m _i ) is encrypted by the EIGamal encryption algorithm,

PKE (m _i ) = (g ^-r , m _i · y ^r )

, Where r is a randomly selected value in [0, | G |], g is selected from the set defined by G = {g, g ² , ....}, y = g ^e , And e may be a secret key.

The secret key (e)

이며,Here, e _i ∈ {0, 1},

Lt;

Which may be developed in binary representation.

Wherein the converting comprises:

The PKE (m _i ) = (g ^-r , m _i · y ^r )

Into FHE (m _i ).

Wherein the converting comprises:

, Where h = g- ^r . &^Lt; / RTI >

The encrypted private key FHE (e) used in the transforming step may be generated by the server using the public key, or the server may be received from the client.

The server, when the operation includes a multiplication operation,

Before performing the transforming step,

(PKE (m ₁ ), PKE (m ₂ ), ..., PKE (m _n )) encrypted with the public key is performed first,

The transforming step may be performed on the result of the multiplication operation.

The secret key (e)

May be developed in a W-ary representation.

Wherein the converting comprises:

And converting the PKE (m _i ) = (g ^-r , m _i · y ^r ) into FHE (m _i ).

, ≪ / RTI >

Here, k ∈ {0, 1, 2, ... , w-1},

_{Ψ (e i) = (e} i0, e i1, ..., e ik, ..., e iw -1), e ik ∈ {0, 1}, where Ψ is the function belongs to the elements belonging to the set of W in the set Z Element, and W = {0, 1, 2, ... , w-1}, Z = {f ₁ , f ₂ , f ₃ , ... , f _w }, and h = g- ^r .

The _{(e i0, e i1, ...} , e ik, ..., e iw -1) In the case of k = e _i 1 'only in the case of +1, and all of the others have a value of' 0 '.

The server comprises:

And transmits the calculation result of the calculating step to the client, or

Decrypting the result of the operation in the calculating step with the secret key of the completely homogeneous or perceptual algorithm, and transmitting the decrypted result to the client.

According to another embodiment of the present invention, there is provided a method of computing data encrypted by an EIGamal encryption algorithm,

Converting the data encrypted by the EIGamal encryption algorithm into a data form encrypted by a fully isochronous or perturbed or perturbed algorithm; And

And a step of performing an operation on data of a type that is encrypted by the same type or encryption algorithm, and a method of computing data encrypted with the public key.

Wherein the converting comprises:

(FHE (e)) encrypted by the completely isochronous or perturbative algorithm.

According to one or more embodiments of the present invention, the size of the encryption query may be significantly reduced since a public key based encryption algorithm such as an Elagar encryption algorithm may be used when transmitting encrypted data to a computation server.

According to one or more embodiments of the present invention, since multiplication operation can be performed in the state of an Eligibility ciphertext, operations can be performed without boot trapping even if the degree is high.

The operation server also stores the encrypted statement encrypted by the public key-based encryption algorithm such as the Elgar encryption algorithm, not the encryption statement encrypted by the same encryption algorithm, so that the load is small.

FIG. 1 is a flowchart illustrating a method of computing encrypted data using an encryption algorithm and a public key encryption algorithm according to an embodiment of the present invention.
FIG. 2 is a diagram for explaining a system for calculating encrypted data using an encryption algorithm and a public key encryption algorithm according to an embodiment of the present invention,
FIGS. 3 to 5 are diagrams for explaining a system for computing encrypted data using the same type of encryption algorithm and the public key encryption algorithm according to the embodiment of FIG.

BRIEF DESCRIPTION OF THE DRAWINGS The above and other objects, features, and advantages of the present invention will become more readily apparent from the following description of preferred embodiments with reference to the accompanying drawings. However, the present invention is not limited to the embodiments described herein but may be embodied in other forms. Rather, the embodiments disclosed herein are provided so that the disclosure can be thorough and complete, and will fully convey the scope of the invention to those skilled in the art. In this specification, when an element is referred to as being on another element, it means that it can be formed directly on the other element, or a third element may be placed therebetween.

It is to be understood that when an element, component, apparatus, or system is referred to as comprising a program or a component made up of software, it is not explicitly stated that the element, component, (E.g., memory, CPU, etc.) or other programs or software (e.g., drivers necessary to run an operating system or hardware, etc.)

It is also to be understood that the elements (or components) may be implemented in software, hardware, or any form of software and hardware, unless the context clearly dictates otherwise.

The terminology used herein is for the purpose of illustrating embodiments and is not intended to be limiting of the present invention. In the present specification, the singular form includes plural forms unless otherwise specified in the specification. The terms "comprises" and / or "comprising" used in the specification do not exclude the presence or addition of one or more other elements.

Hereinafter, the present invention will be described in detail with reference to the drawings. In describing the specific embodiments below, various specific details have been set forth in order to explain the invention in greater detail and to assist in understanding it. However, it will be appreciated by those skilled in the art that the present invention may be understood by those skilled in the art without departing from such specific details. In some instances, it should be noted that portions of the invention that are not commonly known in the description of the invention and are not significantly related to the invention do not describe confusing reasons for explaining the present invention.

1 is a flowchart illustrating a method of computing encrypted data using an encryption algorithm and a public key encryption algorithm according to an embodiment of the present invention.

Referring to FIG. 1, a method of computing encrypted data according to an exemplary embodiment of the present invention includes encrypting data to be computed using a public key (S101), encrypting the encrypted data in step S101, (S103), a step S105 of performing the operation using the result of the operation of the step S103, and a step S107 of decrypting the operation result of the operation S105 have.

The method of computing the encrypted data described with reference to FIG. 1 is implemented in a computer device (hereinafter also referred to as a " device ") and may be implemented, for example, in one computer device or in two or more computer devices And can be implemented in a distributed manner.

In the case where it is performed in one computer device, S101, S103, S105, and S107 are performed in the server or the client. In the present description, 'server' and 'client' are each configured to include a computer processor (not shown), a memory (not shown), and computer program code (not shown) Device ".

In a case where the program is distributed in two or more computer devices, for example, steps S101 and S107 may be performed in the client, and steps S103 and S105 may be performed in the server. As another example, step S101 may be performed in the client, and steps S103, S105, and S107 may be performed in the server. As another example, steps S101 and S107 may be performed in the client, S103 may be performed in the first server, and step S105 may be performed in the second server. As another example, step S101 may be performed in the client, step S103 may be performed in the first server, and steps S105 and step S107 may be performed in the second server.

Referring to FIG. 1, step S101 is a step of encrypting data to be processed with a public key.

Step S101 is a step of encrypting the data to be operated using the public key encryption algorithm. As an encryption algorithm based on a public key, for example, an ELGamal encryption algorithm (see TE Gamal, A public key cryptosystem and a signature scheme based on discrete logarithms. In GR Blakley and D. Chaum, eds., Advances in Cryptology - CRYPTO 1984, volume 196 of Lecture Notes in Computer Sciences, pages 10-18 Springer, 1984.).

On the other hand, the ELGAR encryption algorithm is exemplary and the present invention can be applied to other types of public key based encryption algorithms other than the ELGAR encryption algorithm.

For purposes of the description of the present invention, the data m to be computed is expressed as follows.

_{M = {m i | 1≤i≤n,} i, n is an _{integer} = (m 1, m 2} , ... m n)

When step S101 is performed, data ( _denoted by 'm' or 'm _i ') is derived from the data encrypted with the public key as follows.

PKE (m) = {PKE ( m i) | 1≤i≤n, i, n is an _{integer} = PKE (m 1),} PKE (m 2), ..., PKE (m n))

Here, it is described that the PKE represents any public key encryption algorithm, and the PKE can be, for example, an Elgar encryption algorithm.

That is, in step S101, the data m _i to be computed is encrypted using the public key and the encryption algorithm based on the public key

When the step S101 is performed by the ELGARE encryption algorithm, PKE (m) can be expressed in the following form.

Where r is a randomly selected value in [0, | G |], g is a value generated by the group generator, and the group generator is defined as G = {g, g ² , ....} Select g in the set, y = g ^e to be. Here, e means a secret key, and (g, y = g ^e ) is a public key.

When defined as above, the following conditions are satisfied.

(g- ^r ) ^e · m · y ^r = (g- ^r ) ^e m (g ^e ) ^r = m

Step S103 is a step of converting the encrypted data in the step S101 into a form encrypted with a completely homogeneous or perceptual type encryption algorithm.

The Fully Homomorphic Encryption or Perceptual Encryption algorithm used in this step is an algorithm that can support operations on ciphertext. A completely homogeneous encryption algorithm is an encryption algorithm that supports infinite number of operations in a state of being encrypted by a technique called refresh, and the number of times of support of operations in an encrypted state is limited. Is an encryption algorithm that can no longer be operated on.

Any completely homogeneous or perceptual type encryption algorithm that can be used in the present invention can be used in any known manner, and an algorithm to be developed in the future can also be used.

 For the purposes of the present description, the term " homogeneous encryption algorithm " is used herein to mean both a 'completely homogeneous encryption algorithm' or a 'perceptual encryption algorithm'.

When the step S103 is performed, it is converted into a form encrypted by the same type encryption algorithm as follows.

FHE (m) = {FHE ( m i) | 1≤i≤n, i, n is an _{integer} = FHE (m 1),} FHE (m 2), ..., FHE (m n))

Here, for the purpose of description of the present invention, 'FHE' shall be used to mean both a completely homogeneous encryption algorithm and a perceptual encryption algorithm.

That is, in step S103, the operation of converting PKE (m _i ) into FHE (m _i ) is performed, for example, as follows.

_{PKE (m 1) -> FHE} (m 1), PKE (m 2) -> FHE (m 2), ..., PKE (m n) -> FHE (m n)

In step S103, an encrypted private key (FHE (e)) is used in performing the above-described conversion operation. Here, the encrypted secret key (FHE (e)) is one obtained by encrypting the secret key corresponding to the public key used in step S101, and encrypted by the same type encryption algorithm.

According to an embodiment of the present invention, the encrypted secret key (FHE (e)) used in step S103 is one in which the secret key developed in binary representation by the following equation is encrypted by the same type of encryption algorithm .

로 정의된다.Here, e _i ∈ {0, 1},

.

은(여기서, 2는 밑이고 e는 지수를 의미), log₂e보다 작은 정수들 중에서 가장 큰 정수를 의미한다. 예를 들면, log₂e 가 10.7이 나왔다면 ℓ은 10이 된다.

(Where 2 means lower and e means exponent) and log ₂ is the largest integer of integers less than e. For example, if log ₂ e is 10.7, then l is 10.

In this embodiment, in step S103, the secret key corresponding to the public key used in step S101 is expanded in a binary manner according to equation (2) (C.Gentry and S. Halevi, Fully homomorphic encryption without squashing using depth -3 arithmetic circuits. In R. Ostrovsky, editor, I EEE 52 nd Annual Symposium on Foundations of Computer Science - FOCS 2011, pages 107-109, IEEE, 2011), and uses a secret key developed by the binary method encrypted by the same type encryption algorithm.

If the secret key developed by the binary method according to Equation (2) is encrypted by the same type encryption algorithm, step S103 may perform the conversion operation according to the following equation.

Here, h = g- ^r .

When step S103 is performed using Equation (3), the following data are calculated.

FHE (m ₁ ), FHE (m ₂ ), ..., FHE (m _n )

According to another embodiment of the present invention, the encrypted secret key FHE (e) used in step S103 may be developed into a W-ary representation by the following equation.

According to the present embodiment, in step S103, the secret key corresponding to the public key used in step S101 is developed by the W-ary method according to equation (4), and the secret key developed in the W- .

If the secret key developed by the winshage method according to Equation (4) is encrypted by the same type encryption algorithm, step S103 can perform the conversion operation according to the following equation.

Here, k ∈ {0, 1, 2, ... , w-1},

이고, h = g^-r 이다. 여기서, w는 밑이고 e는 지수를 의미하며, log₂e보다 작은 정수들 중에서 가장 큰 정수를 의미한다. 예를 들면, log₂e 가 10.7이 나왔다면 ℓ은 10이 된다. _{Ψ (e i) = (e} i0, e i1, ..., e ik, ..., e iw -1), e ik ∈ {0, 1}, where Ψ is the function belongs to the elements belonging to the set of W in the set Z Element, and W = {0, 1, 2, ... , w-1}, Z = {f ₁ , f ₂ , f ₃ , ... , f _w }

, And h = g- ^r . Where w is the base and e means exponent, which means the largest integer among integers smaller than log ₂ e. For example, if log ₂ e is 10.7, then l is 10.

When the step S103 is performed using the equation 5, the following data are calculated.

FHE (m ₁ ), FHE (m ₂ ), ..., FHE (m _n )

According to an embodiment of the present invention, (e _i0 , e _i1 , ..., e _ik , ..., e _{iw -1} ) In the case of k = e _i 1 'only in the case of +1, and the rest are all defined as having a value of' 0 '. In this case, f ₁ , f ₂ , f ₃ , ... , f _{w - 1} can be described as follows.

f ₁ = (1, 0, 0, ..., 0)

f ₂ = (0, 1, 0, ..., 0)

f ₃ = (0, 0, 1, ..., 0)

...

f _{w -1} = (0, 0, 0, ..., 1)

(E _i0 , e _i1 , ..., e _ik , ..., e _{iw -1} ) In the case of k = e _i Is defined as having a value of '1' in the case of +1 and all values of '0' in the others, and Ψ (e _i ) can be described as follows.

Ψ (e ₀ ) = (e ₀₀ , e ₀₁ , ... e _{0w -1} )

Ψ (e ₁ ) = (e ₁₀ , e ₁₁ , ... e _{1w -1} )

Ψ (e₂) = (e₂₀, e₂₁, ... e_{2w -One})

                 ...

Ψ (e _w ) = (e ₀ , e _w1 , ... e _{ww -1} )

In step S103, the following data can be calculated by applying Ψ (e _i ) as described above to equation (5).

FHE (m ₁ ), FHE (m ₂ ), ..., FHE (m _n )

In the above embodiments, the encrypted secret key (FHE (e)) described by way of example in Equation 2 and Equation 5 is generated (for example, from a device (e.g., a server) In this case, the device performing step S103 must know the secret key e), or may be generated in a device (e.g., a client) where step S101 is performed and then sent to the device on which step S103 is performed have.

Step S105 is a step of calculating data converted into the same type of encryption algorithm in step S103. For example, assuming that the operation to be performed in step S105 _{a (m) = m 1 +} m 2 + 3m 3, in step S105, and performs the following operations from the data calculated in step S103.

FHE (m ₁ ) + FHE (m ₂ ) + 3FHE (m ₃ )

As another example, assuming that the operation to be performed at S105 step _{a (m) = m 1 ·} m 2 + 3m 3, in step S105, and performs the following operations from the data calculated in the S103 step.

FHE (m ₁ ) FHE (m ₂ ) + ₃ FHE (m ₃ )

Step S107 is an operation for decoding the result calculated in step S105. The decryption of the data encrypted by the same encryption algorithm can be decrypted using the secret key corresponding to the public key used for the same type of encryption. On the other hand, the apparatus for performing the step S107 as described above may be the same (or different) as the apparatus for performing the steps S103 and / or S105.

2 is a diagram for explaining a system for computing encrypted data using the same encryption algorithm and a public key encryption algorithm according to an embodiment of the present invention.

Referring to FIG. 2, a system for computing encrypted data (hereinafter referred to as "the present system") according to an embodiment of the present invention includes at least one client (C1, C2, C3) .

In the present embodiment, the server 100 may include a memory 101, a computer processor 103, and a storage unit 105, and the memory 101 may include a computer program running under the control of the computer processor 103 Is stored. The storage unit 105 stores computer programs and data necessary for the operation of the server 100.

According to the present embodiment, the storage unit 105 stores the secret key encrypted by the same encryption algorithm (here, the secret key corresponds to the public key used to encrypt the data to be computed) And may store the public key of the algorithm. In this embodiment, the storage unit 105 may additionally store data necessary for performing the above-described formula.

According to another embodiment, the storage unit 105 may store a secret key corresponding to a public key used to encrypt data to be computed, a secret key of the same type encryption algorithm, and a public key. In this alternative embodiment, the storage unit 105 may additionally store the data necessary to perform the above-described equations.

In the embodiments described above, at least some of the data stored in the storage unit 105 may be loaded into the memory 101 and used for operation of the computer program code.

In the embodiments described above, at least some of the data stored in the storage unit 105 may be stored in another memory (not shown) (e.g., nonvolatile memory) that the server 100 additionally includes.

The computer program code may be implemented to perform at least one of steps S101 to S107 as described later.

Alternatively, the server 100 may be configured so that at least some of steps S101 through S107 are performed by hardware (not shown), and the computer program code executes the remaining part.

The system can perform the methods of computing the encryption described with reference to FIG. Hereinafter, various embodiments of the system shown in FIG. 2 will be described with reference to FIGS. 1 and 2. FIG.

First Embodiment

According to the first embodiment, at least one of the clients C1, C2, and C3 performs step S101, and the server 100 is configured to perform steps S103 to S107.

In the first embodiment, at least one client (hereinafter referred to as 'client') performs steps S101 and transmits the result of the operation to the server 100. [ The server 100 converts the encrypted data (i.e., the data encrypted by the public key based algorithm) transmitted from the client into the encrypted form by the same type encryption algorithm (S103), and the server 100 (S105), and performs calculation (S107) to the client.

When the client performs step S101, it encrypts the data to be operated using a public key-based encryption algorithm. In one embodiment, the client may encrypt the data that it intends to operate, by means of an algorithmic encryption algorithm.

When the server 100 performs step S103, it converts the public key encrypted data received from the client into an encrypted form by the same type encryption algorithm.

The encrypted secret key (FHE (e)) used by the server 100 in step S103 is a secret key generated in binary representation by the following equation (2) . In this case, the server 100 performs step S103 using Equation (2).

Alternatively, the 'encrypted secret key (FHE (e))' used by the server 100 in step S103 may be generated by encrypting the secret key developed in the binary representation according to Equation (4) It may be encrypted by an algorithm. In this case, the server 100 performs step S103 using Equation (5).

FIG. 4 is a view for explaining an embodiment according to the present system, and an understanding of the first embodiment.

4, the client encrypts data to be computed using a public key encryption algorithm, and transmits the encrypted data to the server 100. [ The server 100 converts the encrypted data received from the client into a form encrypted by the same type encryption algorithm, and performs calculation using the result of the conversion. Thereafter, the server 100 decrypts the operation result using the secret key corresponding to the public key of the isomorphic encryption algorithm. Then, the server 100 transmits the decryption result to the client.

For a more detailed description of each step than those described above, please refer to the section described with reference to FIG.

Second Embodiment

According to the second embodiment, at least one of the clients C1, C2, and C3 may perform steps S101 and S107, and the server 100 may be configured to perform steps S103 through S105.

The difference between the second embodiment and the first embodiment is that step S107 is performed in the client, not in the server 100. [

FIG. 3 is a view for explaining an embodiment according to the present system, specifically, an understanding of the second embodiment.

3, the client encrypts data to be computed using a public key encryption algorithm, and transmits the encrypted data to the server 100. [ The server 100 converts the encrypted data received from the client into a form encrypted by the same type encryption algorithm, and performs calculation using the result of the conversion. Thereafter, the server 100 transmits the operation result to the client, and the client decrypts the operation result received from the server 100 by using the secret key corresponding to the public key of the same type encryption algorithm.

For a more detailed description of each step performed in the second embodiment, please refer to the portion described with reference to Fig.

Third Embodiment

According to the third embodiment, at least one of the clients C1, C2, and C3 performs steps S101, S105, and S107, and the server 100 may be configured to perform step S103.

The difference between the third embodiment and the first embodiment is that steps S105 and S107 are performed by the client rather than the server 100. [

That is, according to the second embodiment, the server 100 transmits the execution result of step S103 to the client, and the client can receive the execution result of step S103 and perform steps S105 and S107. For a detailed description of each step performed in the second embodiment, please refer to the portion described with reference to Fig.

Fourth Embodiment

According to the fourth embodiment, at least one of the clients C1, C2, and C3 performs steps S101 and S107, and the server 100 is configured to perform steps S103 through S105, but before step S103, Step can be further performed.

That is, when the client performs step S101 and transmits the execution result to the server 100, the server 100 performs steps S102, S103, and S105 and transmits the execution result to the client. Thereafter, the client performs step S107.

For a detailed description of each step performed in the fourth embodiment, see the description with reference to Fig. 1

On the other hand, step S102 (not shown) will be described with reference to FIG.

5 is a diagram for explaining a system according to an embodiment of the present invention, and is a diagram for explaining the fourth embodiment described above.

Referring to FIG. 5, the client C1 encrypts the data to be operated by the ElGarn encryption algorithm, and transmits the encryption result to the server 100. [

The server 100 performs a multiplication operation on the encrypted data received from the client C1 (step S102). This is because the data encrypted by the ELG encoding algorithm can be multiplied in the encrypted state.

After completing the multiplication operation, the server 100 converts the results of the multiplication operation into data types encrypted by the same type encryption algorithm.

Subsequently, the server 100 performs the remaining operations and transmits the operation result to the client.

The client decrypts the operation result received from the server 100 by using the secret key corresponding to the public key used in the same type of encryption algorithm.

For purposes of the present description, the embodiment of FIG. 5 will be described assuming that the operation to be performed is a (m) = m ₁ · m ₂ + 3m ₃ .

The client C1 sends data (m ₁ , m ₂ , m ₃ ) to be calculated Encryption by Elgar end encryption algorithm, and transmits the encryption result (PKE (m _1), PKE (m _2), PKE (m ₃₎₎ to the server (100).

The server 100 to the client (C1) the encrypted data received from (PKE (m _1), PKE (m _2), PKE (m _3)), and determining the portion to be a multiply operation, requires a multiplication operation (Step S102).

PKE (m ₁ ) · PKE (m ₂ ) = PKE (m ₁ m ₂ )

After completing the multiplication operation, the server 100 converts the result (PKE (m ₁ m ₂ )) of the multiplication operation and PKE (m ₃ ) into the data type encrypted by the same encryption algorithm. In this example, the conversion results are FHE (m ₁ m ₂ ) and FHE (m ₃ ).

The server 100 performs the operations other than the multiplication operation using the conversion result, that is, calculates FHE (m ₁ m ₂ ) + 3FHE (m ₃ ), and the result is transmitted to the client.

The client decrypts the operation result received from the server 100 by using the secret key corresponding to the public key used in the same type of encryption algorithm.

While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is to be understood that the invention is not limited to the disclosed exemplary embodiments, but, on the contrary, Various modifications and variations are possible. Therefore, the scope of the present invention should not be limited to the described embodiments, but should be determined by equivalents to the scope of the appended claims, as well as the appended claims.

100: Server
101: Memory
103: Computer processor
105:

Claims (27)

A server for computing data encrypted with a public key,
And computer program code that is loaded into and executed by the computer processor in the memory,
The computer program code comprising:
PKE (m) = PKE (m _i ) | 1? I? N, i, n is an integer) = PKE (m ₁ ), PKE ₂ ), ..., PKE (m _n )) into a data form encrypted by a completely isochronous or perturbative algorithm; And
(FHE (m) = {FHE (m _i ) | 1? I? N, i, n is an integer) = (FHE FHE (m ₁ ), FHE (m ₂ ), ..., FHE (m _n )
Wherein the converting comprises:
Wherein the secret key (FHE (e)) encrypted by the completely homogeneous or perceptual algorithm is used. delete The method according to claim 1,
The public key encryption data PKE (m _i ) is encrypted by the EIGamal encryption algorithm,
PKE (m _i ) = (g ^-r , m _i · y ^r )
, Where r is a randomly selected value in [0, | G |], g is selected from the set defined by G = {g, g ² , ....}, y = g ^e , and e is a secret key. The method of claim 3,
The secret key (e)

(Where e _i ∈ {0, 1},

)
Wherein the server is deployed in a binary representation. 5. The method of claim 4,
Wherein the converting comprises:
The PKE (m _i ) = (g ^-r , m _i · y ^r )
To FHE (m _i ). 6. The method of claim 5,
Wherein the converting comprises:

, Wherein h = g- ^r . ≪ / RTI > The method according to claim 6,
Wherein the encrypted secret key FHE (e) used in the transforming step is generated by the server using the public key, or the server is received from an external device. The method of claim 3,
The computer program code, when a multiplication operation is included in the operation,
Before performing the transforming step,
(PKE (m ₁ ), PKE (m ₂ ), ..., PKE (m _n )) encrypted with the public key is performed first,
Wherein the step of transforming is performed on the result of the multiplication operation. The method of claim 3,
The secret key (e)

Wherein the server is developed in a W-ary representation. 10. The method of claim 9,
Wherein the converting comprises:
And converting the PKE (m _i ) = (g ^-r , m _i · y ^r ) into FHE (m _i ). 11. The method of claim 10,
Wherein the converting comprises:

, ≪ / RTI >
Here, k ∈ {0, 1, 2, ... , w-1},
(E _i ) = (e _i0 , e _i1 , ..., e _ik , ..., e _{iw -1} ) , e _ik ∈ {0, 1}, where the function Ψ is a function that converts an element belonging to set W into an element belonging to set Z, and W = {0, 1, 2, ... , w-1}, Z = {f ₁ , f ₂ , f ₃ , ... , f _w }, and h = g- ^r . 12. The method of claim 11,
The _{(e i0, e i1, ...} , e ik, ..., e iw -1) In the case of k = e _i 1 " only in the case of " 1 ", and all of the other values are " 0 ". A method for computing encrypted data,
Encrypting data to be operated by a client with a public key and transmitting the encrypted data to a server;
(PKE (m) = {PKE (m _i ) | 1? I? N, i, n is an integer) encrypted with the public key transmitted from the client = PKE (m ₁ ), PKE (m ₂ ), ..., PKE (m _n ) into a data form encrypted by a completely isochronous or cantilever algorithm; And
(FHE (m) = {FHE (m _i ) | 1? I? N, i, n (m _i )) data encrypted by a completely isochronous or quasi-dynamic algorithm Performing an operation on an integer FHE (m ₁ ), FHE (m ₂ ), ..., FHE (m _n )
Wherein the converting comprises:
Using a secret key (FHE (e)) encrypted by the completely homogeneous or perturbative algorithm. delete 14. The method of claim 13,
The public key encryption data PKE (m _i ) is encrypted by the EIGamal encryption algorithm,
PKE (m _i ) = (g ^-r , m _i · y ^r )
, Where r is a randomly selected value in [0, | G |], g is selected from the set defined by G = {g, g ² , ....}, y = g ^e , and e is a secret key. 16. The method of claim 15,
The secret key (e)

(Where e _i ∈ {0, 1},

being)
Wherein the encrypted data is developed in a binary representation by means of a computer. 17. The method of claim 16,
Wherein the converting comprises:
The PKE (m _i ) = (g ^-r , m _i · y ^r )
FHE &_lt; / RTI > (m _i ). 18. The method of claim 17,
Wherein the converting comprises:

, Wherein h = g- ^r . ≪ / RTI > 19. The method of claim 18,
Characterized in that the encrypted secret key (FHE (e)) used in the transforming step is generated by the server using the public key or is transmitted from the client / RTI > 16. The method of claim 15,
The server, when the operation includes a multiplication operation,
Before performing the transforming step,
(PKE (m ₁ ), PKE (m ₂ ), ..., PKE (m _n )) encrypted with the public key is performed first,
Wherein the step of transforming is performed on the result of the multiplication operation. 16. The method of claim 15,
The secret key (e)

Wherein the W-ary representation is developed by a W-ary representation. 22. The method of claim 21,
Wherein the converting comprises:
Wherein the step of converting the PKE (m _i ) = (g ^-r , m _i , y ^r ) into FHE (m _i ). 23. The method of claim 22,
Wherein the converting comprises:

, ≪ / RTI >
Here, k ∈ {0, 1, 2, ... , w-1},
_{Ψ (e i) = (e} i0, e i1, ..., e ik, ..., e iw -1), e ik ∈ {0, 1}, where Ψ is the function belongs to the elements belonging to the set of W in the set Z Element, and W = {0, 1, 2, ... , w-1}, Z = {f ₁ , f ₂ , f ₃ , ... , f _w }, and h = g- ^r . 24. The method of claim 23,
The _{(e i0, e i1, ...} , e ik, ..., e iw -1) Between has a value of '1' only in the case of k = e _i +1, and all of the values have a value of '0'. 14. The method of claim 13,
The server comprises:
And transmits the calculation result of the calculating step to the client, or
And decrypting the result of the operation in the calculating step with a secret key of the completely isomorphic or perceptual algorithm and transmitting the decrypted result to the client. A method for computing data encrypted by an EIGamal encryption algorithm,
Converting the data encrypted by the EIGamal encryption algorithm into a data form encrypted by a fully isochronous or perceptual algorithm; And
And performing an operation on data converted into an encrypted form by the completely isochronous or quasi-dynamic algorithm,
The data encrypted by the above EIGamal encryption algorithm is
PKE (m _i ) = (g ^-r , m _i · y ^r )
, Where r is a randomly selected value in [0, | G |], g is selected from the set defined by G = {g, g ² , ....}, y = g ^e , e means a secret key,
Wherein the converting comprises:
Using the secret key (FHE (e)) encrypted by the completely homogeneous or perceptual algorithm
The PKE (m _i ) = (g ^-r , m _i · y ^r )
FHE &_lt; / RTI > (mi). ≪ / RTI > delete

Images