CN103428299A - Cloud storage access control method - Google Patents

Abstract

The invention discloses a cloud storage access control method based on a cloud storage access control system which is composed of a cloud storage service provider CSP, a data owner A and a plurality of users. The cloud storage access control method is characterized in that linear transformation is used for realizing encryption of a dataset, a dot product operation is used for realizing decryption of certain private data in the dataset, and therefore a cloud storage access control policy is realized. The cloud storage access control method can effectively solve the problems that in an existing ciphertext access control method based on cloud storage, a decryption process is complex for the users and the ciphertext access control method is difficult to realize, thereby lowering the computation complexity of encryption and particularly decryption, and improving the efficiency of encryption and decryption.

Description

A kind of cloud memory access control method

Technical field

The present invention relates to data encryption and access control technology field, specifically a kind of ciphertext access control method based on the cloud storage of protecting the privacy of user data.

Background technology

The cloud storage is in the conceptive extension of cloud computing and a derivative development new concept out.Cloud storage relies on it highly reliable, low-cost and non-maintaining stores service to be realized to revolutionary change.In the service mode of cloud storage, due to data, in the uncontrollable scope of user, how to protect the confidentiality of private data and Lawful access to become the problem that the user pays close attention to the most.

Access control mechanisms can be authorized the validated user access certain resources, refuses disabled user's access simultaneously.Although existing a lot of cloud stores service all provide simple access control function, for example, for file arranges access rights, this depends on the control of server end, and its fail safe is based upon on the trust to cloud stores service business.The ciphertext access control technology can guarantee the confidentiality of data and the Lawful access of data in the incredible environment of server end.The data owner was encrypted it in advance before data are stored, and by controlling the user key was obtained to realize the access control target.

At present, in various ciphertext access control policies, the scheme based on encryption attribute accounts for main flow.Yet in these schemes, generation and the administration overhead of key are large, and encrypt and decrypt efficiency is low.Particularly decrypting process is very complicated, and this is forbidding for general domestic consumer, is difficult to realize.

Summary of the invention

Technical problem to be solved by this invention is to provide a kind of simple and reliable cloud memory access control method, can effectively solve and have user's decrypting process complexity in the ciphertext access control method of storing based on cloud now, be difficult to the problems such as realization, reduce encryption, the especially computation complexity of deciphering, improved the efficiency that realizes encrypt and decrypt.

The present invention is that the technical solution problem adopts following technical scheme to be:

A kind of cloud memory access of the present invention control method, be based on the cloud memory access control system that cloud stores service business CSP, a data owner A and several users form, be characterized in, set up a finite field gf (p), wherein p is a large prime number, and large prime number p is open to all users; Described cloud memory access control method is carried out as follows:

Step 1, data owner A adopt the method for linear transformation to be encrypted the generating ciphertext collection to the private data collection;

Step 2, data owner A are committed to described cloud stores service business CSP by described ciphertext collection and are stored, described ciphertext collection is checked or downloaded to the cloud storage server that any use can provide by described cloud stores service business CSP per family online, but can not revise described ciphertext collection;

I the element that step 3, certain user U concentrate to data owner A request access private data, described data owner A is after authentication of users U has access rights, to the secret decruption key of providing i element of user U;

Step 4, user U utilize described decruption key and ciphertext collection, adopt the dot-product operation deciphering to obtain i the element that private data is concentrated.

The characteristics of cloud memory access control method of the present invention also are:

In described step 1, adopting the method for linear transformation to be encrypted the generating ciphertext collection to the private data collection is to carry out as follows:

1) suppose that the private data collection that described data owner A has is { x ₁, x ₂..., x _n, described private data is concentrated i element x _i∈ GF (p) (1≤i≤n); Setting the concentrated effective element number of described private data is n-1, remains an element and generates at random; The n of data owner A full rank of random generation on finite field gf (p) * n matrix $A=\left[\begin{array}{cccc}{a}_{11}& a_{12}& \·\·\·& a_{1n}\\ a_{21}& a_{22}& \·\·\·& a_{2n}\\ \·& \·& \·& \·\\ \·& \·& \·& \·\\ \·& \·& \·& \·\\ a_{n1}& a_{n2}& \·\·\·& a_{\mathrm{nn}}\end{array}\right],$ A in described matrix A _Ij∈ GF (p) (1≤i≤n, 1≤j≤n);

2) described data owner A generates expressly vector

Described plaintext vector

I component be i the element x that described private data is concentrated _i(1≤i≤n), $\stackrel{\→}{x}=\left[\begin{array}{c}{x}_1\\ x_2\\ \·\\ \·\\ \·\\ x_n\end{array}\right];$

3) upper at described finite field gf (p), data owner A utilizes formula (1) to obtain cyphertext vector

$\left\{\begin{array}{c}{y}_1=(a_{11}{x}_1+a_{12}{x}_2+\·\·\·+a_{1n}{x}_n)\mathrm{mod}p\\ y_2=(a_{21}{x}_1+a_{22}{x}_2+\·\·\·+a_{2n}{x}_n)\mathrm{mod}p\\ \·\\ \·\\ \·\\ y_n=(a_{n1}{x}_1+a_{n2}{x}_2+\·\·\·+a_{\mathrm{nn}}{x}_n)\mathrm{mod}p\end{array}\right.---\left(1\right)$

Described private data collection { x ₁, x ₂..., x _nCorresponding ciphertext collection is { y ₁, y ₂..., y _n.

Decruption key in described step 3 is to generate as follows:

Data owner A utilizes formula (2) to obtain decruption key

$A^T{\stackrel{\→}{k}}_i={\stackrel{\→}{I}}_i---\left(2\right)$

In formula (2), A ^TFor the transposed matrix of matrix A,

It is the n dimension unit vector that i component is 1, other component is 0;

Order ${\stackrel{\→}{k}}_i={(k_{i1},k_{i2},\·\·\·,k_{\mathrm{in}})}^T,$ Decruption key

Solution vector for equation group (3):

$\left\{\begin{array}{c}(a_{11}{k}_{i1}+a_{21}{k}_{i2}+\·\·\·+a_{n1}{k}_{\mathrm{in}})\mathrm{mod}p=0\\ \·\\ \·\\ \·\\ (a_{1(i-1)}{k}_{i1}+a_{2(i-1)}{k}_{i2}+\·\·\·+a_{n(i-1)}{k}_{\mathrm{in}})\mathrm{mod}p=0\\ (a_{1i}{k}_{i1}+a_{2i}{k}_{i2}+\·\·\·+a_{\mathrm{ni}}{k}_{\mathrm{in}})\mathrm{mod}p=1\\ (a_{1(i+1)}{k}_{i1}+a_{2(i+1)}{k}_{i2}+\·\·\·+a_{n(i+1)}{k}_{\mathrm{in}})\mathrm{mod}p=0\\ \·\\ \·\\ \·\\ (a_{1n}{k}_{i1}+a_{2n}{k}_{i2}+\·\·\·+a_{\mathrm{nn}}{k}_{\mathrm{in}})\mathrm{mod}p=0\end{array}\right.---\left(3\right)$

The concentrated effective element number according to described private data, setting data owner A at most only distributes n-1 decruption key.

In described step 4, adopting the dot-product operation deciphering to obtain i concentrated element of private data is to carry out as follows:

User U utilizes formula (4) to obtain i the element x that described private data is concentrated _i:

$x_i=({\stackrel{\→}{k}}_i\·\stackrel{\→}{y})\mathrm{mod}p---\left(4\right)$

In formula (4), For decruption key,

For cyphertext vector.

Compared with the prior art, beneficial effect of the present invention is embodied in:

1, data owner of the present invention utilizes the method for linear transformation to realize the encryption to the private data collection, has guaranteed the confidentiality of private data.Can expressly collect one and change the ciphertext collection into based on a scrambled matrix.Same scrambled matrix can be reused repeatedly again, and in order to resist known plain text attack, scrambled matrix A can reuse at most time n-1, if one-time pad can reach unconditional security.

2, user of the present invention only need adopt dot-product operation can realize private data is concentrated the deciphering of certain data, the complicated crypto-operation without other, thereby simple to operate, be easy to realize.

3, the present invention is because having limited the concentrated effective element number of private data, and concentrates to mix at random at valid data and insert a random number, thereby can resist user's collusion, thus the fail safe that has improved system.

Embodiment

In the present embodiment, a kind of cloud memory access control method is based on the cloud memory access control system of cloud stores service business CSP, a data owner A and several users formation, at first, system need be set up a finite field gf (p), wherein p is a large prime number, and large prime number p is open to all users; Finite field and large prime number are the well-known concepts of information security field;

Large prime number p is to generate as follows:

A) determine the long d in position of large prime number p; For example, according to concrete demand for security, the long d in position can be set as to 256,512 or 1024 etc.;

B) generate at random the long first place for the d bit, a position and end and be 1 odd number q;

C) adopt the prime number detection method to judge whether q is prime number, if make p=q, otherwise re-execute step b.

Cloud memory access control method is carried out according to the following procedure:

Step 1, data owner A adopt the method for linear transformation to be encrypted the generating ciphertext collection to the private data collection;

1.1) the private data collection that has of tentation data owner A is { x ₁, x ₂..., x _n, private data is concentrated i element x _i∈ GF (p) (1≤i≤n); In order to resist collusion, setting the concentrated effective element number of described private data is n-1, for example { x ₁, x ₂..., x _N-1Be the valid data collection, remain an element x _nFor random generation; Like this, at most only need n-1 decruption key of distribution.For example, even all user's collusions, also can only obtain at most n-1 decruption key,

Thereby set up following equation:

$\left\{\begin{array}{c}{A}^T{\stackrel{\→}{k}}_1={\stackrel{\→}{I}}_1\\ A^T{\stackrel{\→}{k}}_2={\stackrel{\→}{I}}_2\\ \·\\ \·\\ \·\\ A^T{\stackrel{\→}{k}}_{n-1}={\stackrel{\→}{I}}_{n-1}\end{array}\right.---\left(1\right)$

In formula (1), the total number of known equation is (n-1) * n, and total number of known variables is n * n(, is the element number of scrambled matrix A); Because the total number of equation is less than total number of known variables, can't calculate scrambled matrix A.

The n of data owner A full rank of random generation on finite field gf (p) * n matrix $A=\left[\begin{array}{cccc}{a}_{11}& a_{12}& \·\·\·& a_{1n}\\ a_{21}& a_{22}& \·\·\·& a_{2n}\\ \·& \·& \·& \·\\ \·& \·& \·& \·\\ \·& \·& \·& \·\\ a_{n1}& a_{n2}& \·\·\·& a_{\mathrm{nn}}\end{array}\right],$ A in matrix A _Ij∈ GF (p) (1≤i≤n, 1≤j≤n);

1.2) data owner A generation plaintext vector

Expressly vectorial

I component be i the element x that private data is concentrated _i(1≤i≤n), $\stackrel{\→}{x}=\left[\begin{array}{c}{x}_1\\ x_2\\ \·\\ \·\\ \·\\ x_n\end{array}\right];$

1.3) upper at finite field gf (p), data owner A utilizes formula (2) to obtain cyphertext vector

$\left\{\begin{array}{c}{y}_1=(a_{11}{x}_1+a_{12}{x}_2+\·\·\·+a_{1n}{x}_n)\mathrm{mod}p\\ y_2=(a_{21}{x}_1+a_{22}{x}_2+\·\·\·+a_{2n}{x}_n)\mathrm{mod}p\\ \·\\ \·\\ \·\\ y_n=(a_{n1}{x}_1+a_{n2}{x}_2+\·\·\·+a_{\mathrm{nn}}{x}_n)\mathrm{mod}p\end{array}\right.---\left(2\right)$

Private data collection { x ₁, x ₂..., x _nCorresponding ciphertext collection is { y ₁, y ₂..., y _n.

Step 2, data owner A are committed to cloud stores service business CSP by the ciphertext collection and are stored, and the ciphertext collection is checked or downloaded to the cloud storage server that any use can provide by cloud stores service business CSP per family online, but can not revise the ciphertext collection;

I the element that step 3, certain user U are concentrated to data owner A request access private data, i.e. individual data, data owner A is after authentication of users U has access rights, to the secret decruption key of distributing i element of user U;

In order to obtain data set { x ₁, x ₂..., x _nIn i private data x _i(1≤i≤n), data owner A utilizes formula (3) to obtain decruption key

$A^T{\stackrel{\→}{k}}_i={\stackrel{\→}{I}}_i---\left(3\right)$

In formula (3), A ^TFor the transposed matrix of matrix A,

Be that i component is the n dimension unit vector that 1 other component is 0;

Order ${\stackrel{\→}{k}}_i={(k_{i1},k_{i2},\·\·\·,k_{\mathrm{in}})}^T,$ Decruption key Solution vector for equation group (4):

$\left\{\begin{array}{c}(a_{11}{k}_{i1}+a_{21}{k}_{i2}+\·\·\·+a_{n1}{k}_{\mathrm{in}})\mathrm{mod}p=0\\ \·\\ \·\\ \·\\ (a_{1(i-1)}{k}_{i1}+a_{2(i-1)}{k}_{i2}+\·\·\·+a_{n(i-1)}{k}_{\mathrm{in}})\mathrm{mod}p=0\\ (a_{1i}{k}_{i1}+a_{2i}{k}_{i2}+\·\·\·+a_{\mathrm{ni}}{k}_{\mathrm{in}})\mathrm{mod}p=1\\ (a_{1(i+1)}{k}_{i1}+a_{2(i+1)}{k}_{i2}+\·\·\·+a_{n(i+1)}{k}_{\mathrm{in}})\mathrm{mod}p=0\\ \·\\ \·\\ \·\\ (a_{1n}{k}_{i1}+a_{2n}{k}_{i2}+\·\·\·+a_{\mathrm{nn}}{k}_{\mathrm{in}})\mathrm{mod}p=0\end{array}\right.---\left(4\right)$

Setting data owner A at most only distributes n-1 decruption key, for example distributes n-1 decruption key

(1≤i≤n-1); Thereby can resist collusion.

Step 4, user U utilize decruption key and ciphertext collection, adopt the dot-product operation deciphering to obtain i element;

User U utilizes formula (5) to obtain i the element x that private data is concentrated _i:

$x_i=({\stackrel{\→}{k}}_i\·\stackrel{\→}{y})\mathrm{mod}p---\left(5\right)$

In formula (5),

For decruption key,

For cyphertext vector.

In the present embodiment, suppose n=3, scrambled matrix $A=\left[\begin{array}{ccc}{a}_{11}& a_{12}& a_{13}\\ a_{21}& a_{22}& a_{23}\\ a_{31}& a_{32}& a_{33}\end{array}\right],$ Require r (A)=3; Expressly vectorial $\stackrel{\→}{x}=\left(\begin{array}{c}{x}_1\\ x_2\\ x_3\end{array}\right).$ Because $\stackrel{\→}{y}=A\stackrel{\→}{x},$ Therefore have

$\left\{\begin{array}{c}{y}_1=(a_{11}{x}_1+a_{12}{x}_2+a_{13}{x}_3)\mathrm{mod}p\\ y_2=(a_{21}{x}_1+a_{22}{x}_2+a_{23}{x}_3)\mathrm{mod}p\\ y_3=(a_{31}{x}_1+a_{32}{x}_2+a_{33}{x}_3)\mathrm{mod}p\end{array}\right.---\left(6\right)$

According to $A^T{\stackrel{\→}{k}}_1={\left(\mathrm{1,0,0}\right)}^T,A^T{\stackrel{\→}{k}}_2={\left(\mathrm{0,1,0}\right)}^T,A^T{\stackrel{\→}{k}}_3={\left(\mathrm{0,0,1}\right)}^T$ Obtain following three equation group:

$\left\{\begin{array}{c}(a_{11}{k}_{11}+a_{21}{k}_{12}+a_{31}{k}_{13})\mathrm{mod}p=1\\ (a_{12}{k}_{11}+a_{22}{k}_{12}+a_{32}{k}_{13})\mathrm{mod}p=0\\ (a_{13}{k}_{11}+a_{23}{k}_{12}+a_{33}{k}_{13})\mathrm{mod}p=0\end{array}\right.---\left(7\right)$

$\left\{\begin{array}{c}(a_{11}{k}_{21}+a_{21}{k}_{22}+a_{31}{k}_{23})\mathrm{mod}p=0\\ (a_{12}{k}_{21}+a_{22}{k}_{22}+a_{32}{k}_{23})\mathrm{mod}p=1\\ (a_{13}{k}_{21}+a_{23}{k}_{22}+a_{33}{k}_{23})\mathrm{mod}p=0\end{array}\right.---\left(8\right)$

$\left\{\begin{array}{c}(a_{11}{k}_{31}+a_{21}{k}_{32}+a_{31}{k}_{33})\mathrm{mod}p=0\\ (a_{12}{k}_{31}+a_{22}{k}_{32}+a_{32}{k}_{33})\mathrm{mod}p=0\\ (a_{13}{k}_{31}+a_{23}{k}_{32}+a_{33}{k}_{33})\mathrm{mod}p=1\end{array}\right.---\left(9\right)$

Wherein ${\stackrel{\→}{k}}_1={(k_{11},k_{12},k_{13})}^T,{\stackrel{\→}{k}}_2={(k_{21},k_{22},k_{23})}^T,{\stackrel{\→}{k}}_3={(k_{31},k_{32},k_{33})}^T.$ Because r (A)=3, A is full rank, therefore equation group (7-9) all has unique solution.And then,

${\stackrel{\→}{k}}_1\·\stackrel{\→}{y}=k_{11}{y}_1+k_{12}{y}_2+k_{13}{y}_3$

=k ₁₁(a ₁₁x ₁+a ₁₂x ₂+a ₁₃x ₃)+k ₁₂(a ₂₁x ₁+a ₂₂x ₂+a ₂₃x ₃)+k ₁₃(a ₃₁x ₁+a ₃₂x ₂+a ₃₃x ₃)

=(k ₁₁a ₁₁+k ₁₂a ₂₁+k ₁₃a ₃₁)x ₁+(k ₁₁a ₁₂+k ₁₂a ₂₂+k ₁₃a ₃₂)x ₂+(k ₁₁a ₁₃+k ₁₂a ₂₃+k ₁₃a ₃₃)x ₃

=x ₁Modp(is according to equation group (7))

${\stackrel{\→}{k}}_2\·\stackrel{\→}{y}=k_{21}{y}_1+k_{22}{y}_2+k_{23}{y}_3$

=k ₂₁(a ₁₁x ₁+a ₁₂x ₂+a ₁₃x ₃)+k ₂₂(a ₂₁x ₁+a ₂₂x ₂+a ₂₃x ₃)+k ₂₃(a ₃₁x ₁+a ₃₂x ₂+a ₃₃x ₃)

=(k ₂₁a ₁₁+k ₂₂a ₂₁+k ₂₃a ₃₁)x ₁+(k ₂₁a ₁₂+k ₂₂a ₂₂+k ₂₃a ₃₂)x ₂+(k ₂₁a ₁₃+k ₂₂a ₂₃+k ₂₃a ₃₃)x ₃

=x ₂Modp(is according to equation group (8))

${\stackrel{\→}{k}}_3\·\stackrel{\→}{y}=k_{31}{y}_1+k_{32}{y}_2+k_{33}{y}_3$

=k ₃₁(a ₁₁x ₁+a ₁₂x ₂+a ₁₃x ₃)+k ₃₂(a ₂₁x ₁+a ₂₂x ₂+a ₂₃x ₃)+k ₃₃(a ₃₁x ₁+a ₃₂x ₂+a ₃₃x ₃)

=(k ₃₁a ₁₁+k ₃₂a ₂₁+k ₃₃a ₃₁)x ₁+(k ₃₁a ₁₂+k ₃₂a ₂₂+k ₃₃a ₃₂)x ₂+(k ₃₁a ₁₃+k ₃₂a ₂₃+k ₃₃a ₃₃)x ₃

=x ₃Modp(is according to equation group (9)).

Claims (4)

1. a cloud memory access control method, be based on the cloud memory access control system that cloud stores service business CSP, a data owner A and several users form, it is characterized in that, set up a finite field gf (p), wherein p is a large prime number, and large prime number p is open to all users; Described cloud memory access control method is carried out as follows:

Step 1, data owner A adopt the method for linear transformation to be encrypted the generating ciphertext collection to the private data collection;

Step 2, data owner A are committed to described cloud stores service business CSP by described ciphertext collection and are stored, described ciphertext collection is checked or downloaded to the cloud storage server that any use can provide by described cloud stores service business CSP per family online, but can not revise described ciphertext collection;

I the element that step 3, certain user U concentrate to data owner A request access private data, described data owner A is after authentication of users U has access rights, to the secret decruption key of providing i element of user U;

Step 4, user U utilize described decruption key and ciphertext collection, adopt the dot-product operation deciphering to obtain i the element that private data is concentrated.

2. cloud memory access control method according to claim 1, is characterized in that, in described step 1, adopting the method for linear transformation to be encrypted the generating ciphertext collection to the private data collection is to carry out as follows:

1) suppose that the private data collection that described data owner A has is { x ₁, x ₂..., x _n, described private data is concentrated i element x _i∈ GF (p) (1≤i≤n); Setting the concentrated effective element number of described private data is n-1, remains an element and generates at random; The n of data owner A full rank of random generation on finite field gf (p) * n matrix $A=\left[\begin{array}{cccc}{a}_{11}& a_{12}& \·\·\·& a_{1n}\\ a_{21}& a_{22}& \·\·\·& a_{2n}\\ \·& \·& \·& \·\\ \·& \·& \·& \·\\ \·& \·& \·& \·\\ a_{n1}& a_{n2}& \·\·\·& a_{\mathrm{nn}}\end{array}\right],$ A in described matrix A _Ij∈ GF (p) (1≤i≤n, 1≤j≤n);

2) described data owner A generates expressly vector

Described plaintext vector I component be i the element x that described private data is concentrated _i(1≤i≤n), $\stackrel{\→}{x}=\left[\begin{array}{c}{x}_1\\ x_2\\ \·\\ \·\\ \·\\ x_n\end{array}\right];$

3) upper at described finite field gf (p), data owner A utilizes formula (1) to obtain cyphertext vector

$\left\{\begin{array}{c}{y}_1=(a_{11}{x}_1+a_{12}{x}_2+\·\·\·+a_{1n}{x}_n)\mathrm{mod}p\\ y_2=(a_{21}{x}_1+a_{22}{x}_2+\·\·\·+a_{2n}{x}_n)\mathrm{mod}p\\ \·\\ \·\\ \·\\ y_n=(a_{n1}{x}_1+a_{n2}{x}_2+\·\·\·+a_{\mathrm{nn}}{x}_n)\mathrm{mod}p\end{array}\right.---\left(1\right)$

Described private data collection { x ₁, x ₂..., x _nCorresponding ciphertext collection is { y ₁, y ₂..., y _n.

3. cloud memory access control method according to claim 1 and 2, is characterized in that, the decruption key in described step 3 is to generate as follows:

Data owner A utilizes formula (2) to obtain decruption key

$A^T{\stackrel{\→}{k}}_i={\stackrel{\→}{I}}_i---\left(2\right)$

In formula (2), A ^TFor the transposed matrix of matrix A,

It is the n dimension unit vector that i component is 1, other component is 0;

Order ${\stackrel{\→}{k}}_i={(k_{i1},k_{i2},\·\·\·,k_{\mathrm{in}})}^T,$ Decruption key

Solution vector for equation group (3):

$\left\{\begin{array}{c}(a_{11}{k}_{i1}+a_{21}{k}_{i2}+\·\·\·+a_{n1}{k}_{\mathrm{in}})\mathrm{mod}p=0\\ \·\\ \·\\ \·\\ (a_{1(i-1)}{k}_{i1}+a_{2(i-1)}{k}_{i2}+\·\·\·+a_{n(i-1)}{k}_{\mathrm{in}})\mathrm{mod}p=0\\ (a_{1i}{k}_{i1}+a_{2i}{k}_{i2}+\·\·\·+a_{\mathrm{ni}}{k}_{\mathrm{in}})\mathrm{mod}p=1\\ (a_{1(i+1)}{k}_{i1}+a_{2(i+1)}{k}_{i2}+\·\·\·+a_{n(i+1)}{k}_{\mathrm{in}})\mathrm{mod}p=0\\ \·\\ \·\\ \·\\ (a_{1n}{k}_{i1}+a_{2n}{k}_{i2}+\·\·\·+a_{\mathrm{nn}}{k}_{\mathrm{in}})\mathrm{mod}p=0\end{array}\right.---\left(3\right)$

The concentrated effective element number according to described private data, setting data owner A at most only distributes n-1 decruption key.

4. according to claim 1,2 or 3 described cloud memory access control methods, it is characterized in that, in described step 4, adopting the dot-product operation deciphering to obtain i concentrated element of private data is to carry out as follows:

User U utilizes formula (4) to obtain i the element x that described private data is concentrated _i:

$x_i=({\stackrel{\→}{k}}_i\·\stackrel{\→}{y})\mathrm{mod}p---\left(4\right)$

In formula (4),

For decruption key,

For cyphertext vector.