CN106534313A - Frequentness measuring method and system for security and privacy protection facing cloud data issuing - Google Patents
Frequentness measuring method and system for security and privacy protection facing cloud data issuing Download PDFInfo
- Publication number
- CN106534313A CN106534313A CN201611012810.4A CN201611012810A CN106534313A CN 106534313 A CN106534313 A CN 106534313A CN 201611012810 A CN201611012810 A CN 201611012810A CN 106534313 A CN106534313 A CN 106534313A
- Authority
- CN
- China
- Prior art keywords
- ciphertext
- frequency
- fhe
- homomorphism
- cloud server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/008—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
Abstract
The invention discloses a frequentness measuring method and system for security and privacy protection facing cloud data issuing. A database owner generates a secret key pair, encryption outsourcing processing is carried out on the database, encryption operation is carried out on complement of a frequentness threshold negative -k, the encrypted complement is uploaded to a cloud server, and a private key sk is authorized to a proxy server; a client applies to inquire the frequentness of a record R; the proxy server obtains permission from the database owner and assists the database owner in dealing with a transaction. The cloud server is used for storing a ciphertext database and carrying out a homomorphic operation on the ciphertext. According to the method and system disclosed by the invention, with the full-homomorphic encryption technology, the frequentness ciphertext in a data recording manner is obtained in a cloud environment and whether the frequentness of the record meets a privacy protection requirement is determined; and leaking of a recorded content inquired by a client as well as sensitive recorded content with the frequentness lower than a threshold in the database can be prevented during the whole process. Therefore, secure storage of data can be realized; and frequentness measurement for privacy protection can be carried out by the cloud conveniently.
Description
Technical field
The present invention relates to secret protection Related Research Domain, it is safe that more particularly to a kind of facing cloud end data issues protection
And the frequency assay method and system of privacy.
Background technology
In the epoch of information sharing, secret protection and information security become an important research field of IT circles.Information is pacified
Complete requirement to prevent unwarranted number is it is disclosed, and secret protection is intended to avoid disclosed data from being used for therefrom reasoning individual's
Sensitive information.
With the arrival in big data epoch, increasing people data storage and performs meter beyond the clouds using cloud computing technology
Process task is calculated, secret protection faces many new challenges.There is the danger of leakage privacy beyond the clouds in data storage procedure, except this
Outside, secret protection processing procedure is likely under attack in itself, and this undoubtedly increased the risk of privacy leakage and avoids risk
Difficulty.
The safety problem that high in the clouds data are solved with cryptographic technology is one and selects well, data are carried out adding
High in the clouds storage is uploaded to after close, just there is no the danger of privacy leakage.But encryption data presence in high in the clouds is difficult to computing
Problem.Fortunately full homomorphic cryptography technology provides possibility to solve new challenge.Full homomorphic cryptography is that one kind can be direct
The technology operated by ciphertext data under encrypted state.The general of homomorphic cryptography is proposed just early in Rivest in 1978 et al.
Read, wherein, public key algorithm RSA is multiplicative homomorphic encipherment scheme, and Paillier algorithms are additive homomorphism encipherment schemes, but this
Stagnate always afterwards.After Gentry in 2009 constructs first full homomorphic encryption scheme, have and develop rapidly, occur
Many achievements, including:Based on the scheme based on integer such as the full homomorphic encryption scheme of ideal lattice, Dijk,
The scheme based on LWE (Learning With Error) such as Gentry, Lyubaskevsky etc. are based on RLWE's (Ring LWE)
The scheme based on GLWE (Generalized LWE) such as scheme, Brakerski.But these schemes are mostly based on theory, need
Continue the efficient practical plan of research.
The data for needing to carry out secret protection process can be encrypted using full homomorphic cryptography technology, be recycled
Cloud computing carries out ciphertext data operation process, obtains meeting the ciphertext data of secret protection requirement.Using full homomorphic cryptography technology
Data content safety can be protected and data handling procedure safety can be protected.
Carry out beyond the clouds when data-privacy protection is processed, generally requiring the frequency in statistics record, the present invention combines same
State encryption technology, needs to protect the purpose of data safety and privacy in facing cloud end data issuing process, proposes that a kind of homomorphism is close
Data record frequency assay method and system under text, is processed for secret protection.
The content of the invention
Present invention aims to the deficiencies in the prior art, there is provided a kind of facing cloud end data issue protection safety and
The frequency assay method of privacy and system.
The purpose of the present invention is achieved through the following technical solutions:A kind of facing cloud end data issue protection safety and
The frequency assay method of privacy, comprises the steps:
S1, database owner generate public key pk and private key sk with homomorphism key schedule FHE.KeyGen;Frequency is set
Degree threshold value k, and the encrypted form cc_thd of the complement code of-k is uploaded to into cloud server;Outside the database that will be encrypted with public key pk
Wrap cloud server;Public key pk is uploaded to into cloud server preservation;
S2, client obtain public key pk from high in the clouds, need the record R for inquiring about frequency to obtain ciphertext RC with public key pk encryptions,
RC is uploaded to into cloud server;
S3, cloud server perform frequency ciphertexts of the record RC of homomorphism computing inquiry encryption in ciphertext database
csup;And threshold determination is carried out under homomorphism, obtain result of determination cresult;Cresult and csup are sent to agency service
Device;
S4, proxy server private key sk obtain plaintext m to cresult decryption, represent frequency result of determination;According to frequency
Result of determination m and csup decrypted results send information sup to cloud server;
Information sup that proxy server is returned is sent to client by S5, cloud server.
Further, the database owner in step S1 generates public key pk and private key sk, and private key sk is shared
To proxy server.
Further, homomorphism computing is performed in step S3 and inquires about frequency ciphertext csup tools of the RC in ciphertext database
Gymnastics is made as follows:
First, cloud server will record RC and do homomorphism computing respectively with common l bars ciphertext record in ciphertext tables of data, obtain
L ciphertext cc1,cc2,…,ccl, concrete operations are as follows:Cloud server will record RC=[rc1,rc2,…,rcn] and ciphertext number
R is recorded according to i-th ciphertext in storehousei=[ci1,ci2,…,cin] corresponding to ciphertext position rcjAnd cijHomomorphism add operation is done, n is obtained
Individual ciphertext position c 'ij=FHE.Add (pk, rcj,cij),j∈{1,2,…,n},i∈{1,2,…,l};Again by n ciphertext position c
’i1,c’i2,…,c’in(pk, 1) does homomorphism add operation, obtains the new ciphertexts of n with 1 ciphertext c_m1=FHE.Enc respectively
Position caddij=FHE.Add (pk, c 'ij, c_m1), i ∈ { 1,2 ..., n };Then, by n ciphertext position caddi1,caddi2,…,
caddinHomomorphism multiplying is done, ciphertext cc is obtainedi=FHE.Mult (pk, caddi1,caddi2,…,caddin),i∈{1,
2,…,l};
Then, by homomorphism addition FHE.Add computings and homomorphism multiplication FHE.Mult computings by ciphertext cc1,cc2,…,ccl
Add up, obtain recording frequency ciphertext csup of R, csup=[csN,…,cs2,cs1] for N number of ciphertext position,
Further, threshold determination is carried out under homomorphism in step S3, obtains the concrete of result of determination cresult
Operate and be:Cloud server is by csup=[csN,…,cs2,cs1] and cc_thd=FHE.Enc (pk ,-k)=[cthdN+1,
cthdN,…,cthd1] do following homomorphism computing:First, make c_carry0=FHE.Enc (pk, 0), then takes 1 up to N to i,
By the i-th -1 carry ciphertext c_carryi-1With the i-th bit ciphertext position cs of csupiWith the i-th bit ciphertext position cthd of cc_thdiCarry out
Homomorphism addition and homomorphism multiplying obtain carry ciphertext c_carryi=FHE.Add (pk, FHE.Mult (pk, cthdi,c_
carryi-1),FHE.Mult(pk,csi,FHE.Add(pk,cthdi,c_carryi-1)));By highest carry ciphertext c_carryN
With the highest ciphertext position cthd of cc_thdN+1(1) pk does homomorphism add operation, obtains ciphertext cresult==FHE.Enc
FHE.Add(pk,c_carryN,cthdN+1)。
Further, frequency result of determination concrete operations are obtained according to cresult plaintext results in step S4 as follows:
Proxy server private key sk decryption cresult obtain plaintext m=FHE.Dec (sk, cresult), if m=0, illustrate to record R
Frequency be not less than threshold value, proxy server sends the plaintext sup that csup decryption is obtained to cloud server;If m=1, judge
The plaintext sup that csup decryption is obtained, if record R is not queried in sup=0 database of descriptions, sends sup to cloud server
=0;If the frequency of sup ≠ 0 explanation record R is less than threshold value, the information sensing for recording R is strong, easily reveals privacy information, acts on behalf of
Server sends sup=-1 to cloud server.
Further, ciphertext computing is processed with cloud server obtain frequency, and by frequency and frequency threshold in ciphertext shape
Be compared under state, judgement be decrypted with proxy server compared result, there is no leakage client in this course
Situation of the frequency less than the sensitive record of threshold value in the record content inquired about, database.
A kind of facing cloud end data issues the frequency measurement system of protection safety and privacy, and the system includes four directions:Data
Storehouse owner, client, proxy server, cloud server.Database owner is mainly responsible for generating key pair, to database
Outsourcing process is encrypted, operation is encrypted to the complement code of frequency threshold negative-k, and is uploaded to cloud server, to agency
Server mandate private key sk.Client mainly applies for the frequency for inquiring about record R.Proxy server obtains database owner and awards
Power, assists database owner to process affairs, including preserves client private key sk, decrypting ciphertext;Cloud server is used to store
Ciphertext database, homomorphism arithmetic operation is carried out to ciphertext.
The invention has the beneficial effects as follows:The present invention combines full homomorphic cryptography technology, and data note can be obtained under cloud environment
The frequency ciphertext of record simultaneously judges whether the frequency for recording meets secret protection requirement, while guaranteeing that whole process will not reveal client
In the inquired about record content in end, database, less than the sensitive record content of threshold value, frequency can either realize that the safety of data is deposited
Storage facilitates high in the clouds to carry out protecting the frequency of privacy to determine again.
Description of the drawings
Fig. 1 is the frequency assay method operating process that the facing cloud end data that the present invention is provided issues protection safety and privacy
Figure;
Fig. 2 is the frequency assay method and system reality that the facing cloud end data that the present invention is provided issues protection safety and privacy
Apply illustration to be intended to;
Fig. 3 is the frequency measurement system structural representation that the facing cloud end data that the present invention is provided issues protection safety and privacy
Figure.
Specific embodiment
Before specific implementation is introduced, the rudimentary knowledge of some full homomorphic cryptographies is first introduced.Homomorphic encryption scheme bag
Containing four probability times multinomial algorithm HE={ KeyGen, Encrypt, Decrypt, Evaluate }, the work of this four algorithms
With as follows with process, λ is security parameter:
KeyGen is generation scheme key algorithm.Input security parameter λ, output obtain public key pk, private key sk and public comment
Estimate key evk, evk is public key information needed for computing Boolean circuit.(pk,evk,sk)←HE.KeyGen(1λ)。
Encrypt is ciphertext generating algorithm.Input public key pk and single bit of information m ∈ { 0,1 }, output obtain a ciphertext
c。c←HE.Encpk(m)。
Decrypt is that ciphertext is decrypted.Input private key sk and ciphertext c, output obtain information m*∈{0,1}。m*
←HE.Decsk(c)。
Evaluate is for ensuring that the correctness of homomorphic cryptography.Some ciphertexts are exactly carried out by the correctness of homomorphic cryptography
The calculated ciphertext of homomorphism is decrypted the plaintext obtained after processing, and plaintext corresponding with ciphertext is carried out obtained by identical calculations
As a result it is equal.Input assessment key evk, a functionAnd ciphertextOutput is obtained
One ciphertext cf。To cfBe decrypted the result for obtaining is processed equal to correspondence
In plain textThe result of identical operation is carried out, i.e., Topmost computing behaviour
Work is homomorphism add operation HE.Add and homomorphism multiplying HE.Mult.
The present invention use the higher full homomorphic encryption schemes of the BGV based on RLWE of current efficiency (Z.Brakerski,
C.Gentry,and V.Vaikuntanathan.(leveled)fully homomorphic encryptionwithout
bootstrapping.TOCT,6(3):13,2014.Preliminary version in ITCS 2012.), for the ease of reason
Principle to the full homomorphic cryptography is made introduction by solution first.
Structure based on the base case GHE of GLWE is as follows:
1、GHE.Setup(1λ,1μ,b):Determine that using bit b ∈ { 0,1 } we are to based on LWE schemes (d=1)
RLWE schemes (n=1) setup parameter is also based on, d parameters represent the polynomial degree of estimation.Select μ bit moduli q and its
His parameter (d=d (λ, μ, b), n=n (λ, μ, b),χ=χ (λ, μ, b)) is guaranteeing based on GLWE
The case of scheme has 2λSecurity with resist lattice attack.AllowWith parameter params=(q, d, n, N,
χ).
2、GHE.SecretKeyGen(params):Choose s' ← χn, obtain
3、GHE.PublicKeyGen(params,sk):Using private key as input sk=s=(1, s'), s [0]=1,Also parameter params.A matrix is generated uniformlyOne vector e ← χNWith a set b ← A'
S'+2e. arranging A becomes (n+1) column matrix comprising b, and aft section is the n column matrix (A s=2e) of-A'.Public key pk=A.
4、GHE.Enc(params,pk,m):In order to encrypt an information m ∈ R2, arrange
SamplingOutput ciphertext
5、GHE.Dec(params,sk,c):Output decryption information m ← [[<c,s>]q]2。
The full homomorphic encryption algorithm that need not bootstrap is realized as follows:
Firstth, parameter setting.The full homomorphic encryption scheme that the present invention is adopted is based on polynomial ring, polynomial ringD is 2 power power, and λ is the security parameter of homomorphic encryption scheme, and ciphertext multinomial coefficient takes μ bit moulds
Number q, L is binary arithmetic operation circuit depth, other specification (d=d (λ, μ, b), n=n (λ, μ, b),χ=χ (λ, μ, b)) is guaranteeing 2λSecurity.N=1 is exactly instantiation of the setting based on RLWE.
In order to allow full homomorphic cryptography to be applied to universe anonymity algorithm, plaintext space is set as R2=R/2R.
Secondth, key schedule FHE.KeyGen.Key is as follows to generating:GHE.SecretKeyGen(params):
Choose s' ← χn, obtain private keyGHE.PublicKeyGen(params,
sk):Using private key as input sk=s=(1, s'), s [0]=1,Also parameter params=(q, d, n, N, χ).
One matrix of even generationOne vector e ← χNA is arranged with a set b ← A's'+2e. becomes the (n+ comprising b
1) column matrix, aft section are the n column matrix (A s=2e) of-A'.Public key pk=A.
Circulation j=L to 0, runs paramsj←GHE.Setup(1λ,1(j+1)·μ, b) come the level of the mould that obtains successively decreasing from qL
((L+1) μ bits) is to q0(μ bits). circulation j=L-1 to 0, parameter paramsjMiddle djValue be replaced by d=dL, it is distributed χj
It is replaced by χ=χL。
FHE.KeyGen(paramsj):J=L is to 0 for circulation, is implemented as described below:
1st, run sj←GHE.SecretKeyGen(paramsj)and Aj←GHE.PublicKeyGen(paramsj,
sj)。
2nd, arranges'jIt is sjTensor, its coefficient is in RqjIn sjTwo coefficients
Product.
3rd, s is set "j←BitDecomp(s'j,qj)。
4th, run τs”j+1→sj←SwitchKeyGen(s”j,sj-1), this step is omitted as j=L.
Private key sk includes all sj, public key pk include all AjAnd τs”j+1→sj。
3rd, encryption algorithm F HE.Enc (params, pk, m):In R2In find information m, run GHE.Enc (AL,m)。
GHE.Enc(pk,m):In order to encrypt an information m ∈ R2, arrangeSamplingOutput
Ciphertext
4th, decipherment algorithm FHE.Dec (params, sk, c):Assume that ciphertext is in sjUnder, run GHE.Dec (sj,
c).GHE.Dec(sk,c):Output decryption information m ← [[<c,s>]q]2。
5th, homomorphism addition FHE.Add (pk, c1,c2):Input two equally uses private key sjThe ciphertext of encryption.C is set3←
c1+c2mod qj。c3It is exactly in s'jUnder ciphertext (s'jParameter include all sjParameter becauseAnd
s'jFirst coefficient for 1), export c4=FHE.Refresh (c3,τs”j→sj-1,qj,qj-1)。
6th, homomorphism multiplication FHE.Mult (pk, c1,c2):Input two equally uses private key sjThe ciphertext of encryption.First, newly
Ciphertext be in private keyUnder, it is linear equalityCoefficient vector c3, export c4=
FHE.Refresh(c3,τs”j→sj-1,qj,qj-1)。
FHE.Refresh(c,τs”j→sj-1,qj,qj-1):Input private key s'jUnder ciphertext, auxiliary information τs”j→sj-1To help
Key is helped to change, current and next modulus is qjAnd qj-1, do following work:Launch c first1←Powersof2(c,qj).So
After carry out analog-to-digital conversion, c2←Scale(c1,qj,qj-1, 2), corresponding private key s "jWith modulus qj-1.Key conversion is carried out again, is exported
c3←SwitchKey(τs”j→sj-1,c2,qj-1), corresponding private key sj-1With modulus qj-1。
(c, p, q, are 2) mould converting algorithm to wherein c'=Scale, and p, q are two odd modes, and c is an integer vectors, c'
It is the integer vectors for being close to (p/q) c and meets c'=c mod 2.X is decomposed
Become its bit method for expressing,Output
SwitchKeyGen(s1,s2,n1,n2, q) it is input into two private keysWith the dimension of private key, modulus q, private key s2WithOperation GHE.PublicKeyGen (s2, N) and public key A is obtained, generate B=A+Powesof2 (s1, q), then
Auxiliary information τ of outputs1→s2=B realizes exchanging.Wherein,
Below with reference to the accompanying drawings the present invention is described in detail and with reference to example.
Fig. 1 is the frequency assay method operating process that the facing cloud end data that the present invention is provided issues protection safety and privacy
Figure.As shown in figure 1, the facing cloud end data that the present invention is provided issues protection safety and the frequency assay method of privacy includes step
S1-S5。
Step S1:Database owner generates public key pk and private key sk with key schedule FHE.KeyGen, by frequency
Cloud server is uploaded after the complement code encryption of threshold value volume negative-k, then cloud service is uploaded after database public key pk is encrypted
Public key pk is equally uploaded to cloud server by device.
Step S2:Client obtains public key pk from cloud server request, with the note of inquiry frequency needed for public key pk encryptions
Record R, obtains ciphertext RC, RC is uploaded to cloud server.
Step S3:Cloud server performs the frequency csup that homomorphism computing obtains RC, carries out frequency threshold by homomorphism computing
Value judgement obtains cresult, and csup and cresult is sent to proxy server.
Step S4:Proxy server decryption cresult obtains plaintext m, and decryption csup obtains plaintext sup, according to m and sup
Judge to record that the frequency of R, whether more than threshold value, sets sup according to judgement and is sent to cloud server.
Step S5:Sup is sent to client by cloud server.
Further it is described in detail with the example in Fig. 2.Fig. 2 is that the facing cloud end data that the present invention is provided issues protection
The frequency assay method and system embodiment schematic diagram of safety and privacy.As shown in Fig. 2 the facing cloud end data that the present invention is provided
The frequency assay method for issuing protection safety and privacy includes step S1-S5, and the system for being provided includes database owner, visitor
Family end, proxy server, cloud server.
Specifically, by taking the database comprising 6 records in accompanying drawing 2 as an example, it is assumed that the record encrypted per bar is close with n
Literary position represents, the present invention is described in detail.
Step S1:Database owner generates public key pk and private key sk using homomorphism key schedule, and by database
In record change into binary representation after be encrypted with public key pk, the ciphertext database for obtaining is uploaded to into high in the clouds
Server, while it is 2 to arrange frequency threshold k, its negative value-k=-2 complement code public key pk is encrypted, and is uploaded to high in the clouds clothes
Business device.It is hereby stated that, in database, record and homomorphism calculating process, encrypt every time same plaintext position all produce it is different close
R is recorded in text, such as accompanying drawing 21(1) pk is mutually not to encrypted result FHE.Enc of 1 representated by each 1' of ciphertext form
Identical, same each 0' is mutually different.Also, database owner does not also outwardly reveal the frequency threshold of setting
k.The outer bag data of database owner to the process that cloud server is a continuous superposition, at one's leisure between complete.
Step S2:Client obtains itself wanting the record R's for inquiring about by sending inquiry request to cloud server
Frequency.First, client asks public key pk, cloud server to reach client under public key pk to cloud server;Secondly, visitor
Family end public key pk to need inquire about frequency record R={ 11, Female, 375720 } change into binary system [1,1,0,0 ...,
1] it is encrypted again, obtains ciphertext record RC=[1', 1', 0', 0' ..., 1'];RC is sent to cloud server is carried out
Homomorphism computing.
Step S3:First, cloud server by RC=[1', 1', 0', 0' ..., 1'] and ciphertext database totally 6 it is close
Text record carries out homomorphism computing, obtains 6 ciphertexts cc1=1', cc2=0', cc3=0', cc4=0', cc5=0', cc6=1'.
With RC and R2Do homomorphism and be calculated cc2As a example by, R2=[1', 0', 0', 1' ..., 1'], by RC and R2Corresponding i-th ciphertext
To do homomorphism add operation, n ciphertext 0', 1', 0', 1' ..., 0', i ∈ { 1,2 ..., n } are obtained;Above-mentioned n ciphertext is distinguished
Homomorphism add operation is carried out with 1 ciphertext 1', n new ciphertext 1', 0', 1', 0' ..., 1' is obtained;By above-mentioned n ciphertext position
It is homomorphism multiplying FHE.Mult (pk, 1', 0', 1', 0' ..., 1') and obtains ciphertext cc2=0'.In the same manner, by RC with other 5
Bar record does homomorphism computing.
Then, cloud server is to 6 ciphertexts cc1=1', cc2=0', cc3=0', cc4=0', cc5=0', cc6=1'
Added up, you can obtain recording frequency ciphertext csup of R, concrete operations are as follows:Due to counting the maximum possible frequency for obtaining
Ciphertext is related to data-base recording amount, and frequency ciphertext position is up toFirst, the initial of ciphertext csup is set
It is worth the ciphertext csup=[cs for 303,cs2,cs1]=[0', 0', 0'];Then, ciphertext csup is added into first ciphertext cc1
=1', computing ccarry1=FHE.Mult (pk, 1', 0') obtains carry ccarry1=0', computing cs1=FHE.Add (pk,
1', 0') obtain new minimum ciphertext position cs1=1', then computing ccarryi=FHE.Mult (pk, ccarryi-1,csi),csi
=FHE.Add (pk, ccarryi-1,csi), i ∈ { 2,3 } obtain carry ccarry2=0', ccarry3=0', new ciphertext position
cs3=0', cs2=0'.Then, add up upper first ciphertext cc1Frequency ciphertext csup=[cs after=1'3,cs2,cs1]=
[0', 0', 1'], then add up other 5 ciphertexts, finally gives frequency ciphertext csup=[cs3,cs2,cs1]=[0', 1',
0']。
Finally, cloud server carries out threshold determination after frequency ciphertext csup is obtained.Threshold value is database owner
Set and encrypt, threshold value ciphertext cc_thd=[cthdN+1,cthdN,…,cthd1] comprising N+1 ciphertext position.In this example
Cc_thd=FHE.Enc (pk, -2)=[cthd4,cthd3,cthd2,cthd1]=[1', 1', 1', 0'].First, make c_
carry0(0) pk, then carries out homomorphism computing and obtains carry c=FHE.Enc_carryi=FHE.Add (pk, FHE.Mult
(pk,cthdi,c_carryi-1),FHE.Mult(pk,csi,FHE.Add(pk,cthdi,c_carryi-1))), i ∈ { 1,2,3 },
Wherein c_carry3=1';Last computing cresult=FHE.Add (pk, cthd4,c_carry3) obtain result of determination
Cresult=0'.Cloud server will reach proxy server under ciphertext cresult for obtaining and be decrypted.
Step S4:Proxy server private key sk decryption cresult obtain plaintext m=FHE.Dec (sk, cresult)=
0, illustrate that the frequency for recording R={ 11, Female, 375720 } is not less than threshold value, proxy server is sent to cloud server
The plaintext sup=[0,1,0]=2 that csup decryption is obtained.
Step S5:Sup=2 is sent to client by cloud server, client just learn record R=11, Female,
375720 } frequency is 2.
Equally, if the frequency of the record R={ 32, Male, 375722 } of client request inquiry, will obtain
The decrypted result m=FHE.Dec (sk, cresult) of cresult=1, csup decrypted result sup=1, illustrates that the frequency of R is less than
Threshold value and for sensitive record, sends sup=-1 to cloud server;If the record R=of client request inquiry 67,
Male, 375720 } frequency, will obtain decrypted result m=FHE.Dec (sk, cresult)=1, csup solutions of cresult
, there is no record R in close result sup=0, send sup=0 to cloud server in database of descriptions;
Fig. 3 is the frequency measurement system knot of the protection data safety that the facing cloud end data that the present invention is provided is issued and privacy
Structure schematic diagram.As shown in figure 3, the protection data safety of facing cloud end data issue and the frequency of privacy of present invention offer are determined
System includes database owner, client, proxy server, four parts of cloud server.The database owner connects
Meet cloud server and proxy server, the Client Agent connection database owner and cloud server, the client
End connection cloud server.The database owner is used to generate public key pk and private key sk, and private key sk is shared to agency
Public key pk is sent to cloud server by server, is sent to cloud server, and sets after database public key pk is encrypted
Frequency threshold k is put, after the complement code public key pk encryptions of p- k, cloud server is sent to.The client is sent out to cloud server
Send, after public key pk being obtained from cloud server, need to inquire about frequency with public key pk encryptions
The record R of degree, and ciphertext RC of R is sent to cloud server.The cloud server performs homomorphism computing, including homomorphism addition
Computing and homomorphism multiplying, obtain frequency ciphertext csup and frequency judges ciphertext cresult and is sent to proxy server, together
When by proxy server return sup information be sent to client.Proxy server private key sk is to ciphertext csup and close
Literary cresult is decrypted, and judges frequency and threshold value relation according to decrypted result, sends corresponding sup information to cloud service
Device.
In sum, the frequency for issuing protection safety and privacy by the facing cloud end data that present example is provided is determined
Method and system, in the case where four directions participates in and do not reveal in plain text, by proxy server is to ciphertext decryption and then performs frequency
Threshold decision, returns frequency information to cloud server according to judged result, then information is returned to client by cloud server
End, and all records in high in the clouds are preserved with ciphertext form, that is, make use of the high efficiency of cloud computing, in turn ensure that the safety of record information
Property.
The present invention is not intended to be limited to embodiment illustrated herein, and is to fit to and principles disclosed herein and new
The consistent most wide scope of clever feature.The foregoing description of the disclosed embodiments, enables professional and technical personnel in the field
Realize or using the present invention.Various modifications to these embodiments will be apparent for those skilled in the art
, generic principles defined herein can without departing from the spirit or scope of the present invention, in other embodiments
Middle realization.
Claims (7)
1. a kind of facing cloud end data issues the frequency assay method of protection safety and privacy, it is characterised in that including following step
Suddenly:
S1, database owner generate public key pk and private key sk with homomorphism key schedule FHE.KeyGen;Frequency threshold is set
Value k, and the encrypted form cc_thd of the complement code of-k is uploaded to into cloud server;The database encrypted with public key pk is outsourced to
Cloud server;Public key pk is uploaded to into cloud server preservation;
S2, client obtain public key pk from high in the clouds, need the record R for inquiring about frequency to obtain ciphertext RC with public key pk encryptions, by RC
It is uploaded to cloud server;
S3, cloud server perform frequency ciphertexts csup of the record RC of homomorphism computing inquiry encryption in ciphertext database;And
Threshold determination is carried out under homomorphism, result of determination cresult is obtained;Cresult and csup are sent to proxy server;
S4, proxy server private key sk obtain plaintext m to cresult decryption, represent frequency result of determination;Judge according to frequency
As a result m and csup decrypted results send information sup to cloud server;
Information sup that proxy server is returned is sent to client by S5, cloud server.
2. a kind of facing cloud end data according to claim 1 issues the frequency assay method of protection safety and privacy, its
It is characterised by, the database owner in step S1 generates public key pk and private key sk, and private key sk is shared to agency's clothes
Business device.
3. a kind of facing cloud end data according to claim 1 issues the frequency assay method of protection safety and privacy, its
It is characterised by, frequency ciphertext csup concrete operations of the homomorphism computing inquiry RC in ciphertext database is performed in step S3 such as
Under:
First, cloud server will record RC and do homomorphism computing respectively with common l bars ciphertext record in ciphertext tables of data, obtain l
Ciphertext cc1,cc2,…,ccl, concrete operations are as follows:Cloud server will record RC=[rc1,rc2,…,rcn] and ciphertext data
In storehouse, i-th ciphertext records Ri=[ci1,ci2,…,cin] corresponding to ciphertext position rcjAnd cijHomomorphism add operation is done, n is obtained
Ciphertext position c 'ij=FHE.Add (pk, rcj,cij),j∈{1,2,…,n},i∈{1,2,…,l};Again by n ciphertext position c 'i1,
c’i2,…,c’in(pk, 1) does homomorphism add operation, obtains the new ciphertext positions of n with 1 ciphertext c_m1=FHE.Enc respectively
caddij=FHE.Add (pk, c 'ij, c_m1), i ∈ { 1,2 ..., n };Then, by n ciphertext position caddi1,caddi2,…,
caddinHomomorphism multiplying is done, ciphertext cc is obtainedi=FHE.Mult (pk, caddi1,caddi2,…,caddin),i∈{1,
2,…,l};
Then, by homomorphism addition FHE.Add computings and homomorphism multiplication FHE.Mult computings by ciphertext cc1,cc2,…,cclIt is cumulative
Get up, obtain recording frequency ciphertext csup of R, csup=[csN,…,cs2,cs1] for N number of ciphertext position,
4. a kind of facing cloud end data according to claim 1 issues the frequency assay method of protection safety and privacy, its
It is characterised by, threshold determination is carried out under homomorphism in step S3, the concrete operations for obtaining result of determination cresult are:
Cloud server is by csup=[csN,…,cs2,cs1] and cc_thd=FHE.Enc (pk ,-k)=[cthdN+1,cthdN,…,
cthd1] do following homomorphism computing:First, make c_carry0(0) pk, then takes 1 up to N, by the i-th -1 to=FHE.Enc to i
Carry ciphertext c_carryi-1With the i-th bit ciphertext position cs of csupiWith the i-th bit ciphertext position cthd of cc_thdiCarry out homomorphism addition
Carry ciphertext c_carry is obtained with homomorphism multiplyingi=FHE.Add (pk, FHE.Mult (pk, cthdi,c_carryi-1),
FHE.Mult(pk,csi,FHE.Add(pk,cthdi,c_carryi-1)));By highest carry ciphertext c_carryNWith cc_thd's
Highest ciphertext position cthdN+1(pk, 1) does homomorphism add operation to=FHE.Enc, obtains ciphertext cresult=FHE.Add (pk, c_
carryN,cthdN+1)。
5. a kind of facing cloud end data according to claim 1 issues the frequency assay method of protection safety and privacy, its
It is characterised by, frequency result of determination concrete operations is obtained according to cresult plaintext results in step S4 as follows:Agency service
Device private key sk decryption cresult obtain plaintext m=FHE.Dec (sk, cresult), if m=0, illustrate the frequency of record R not
Less than threshold value, proxy server sends the plaintext sup that csup decryption is obtained to cloud server;If m=1, judge that csup is decrypted
The plaintext sup for obtaining, if record R is not queried in sup=0 database of descriptions, sends sup=0 to cloud server;If
The frequency of sup ≠ 0 explanation record R is less than threshold value, and the information sensing for recording R is strong, easily reveals privacy information, proxy server
Sup=-1 is sent to cloud server.
6. a kind of facing cloud end data according to claim 1 issues the frequency assay method of protection safety and privacy, its
Be characterised by, ciphertext computing is processed with cloud server and obtain frequency, and frequency is carried out with frequency threshold under ciphertext state
Relatively, judgement is decrypted with proxy server compared result, do not exist in this course and reveal what client was inquired about
Situation of the frequency less than the sensitive record of threshold value in record content, database.
7. a kind of facing cloud end data issues the frequency measurement system of protection safety and privacy, it is characterised in that the system includes
Four directions:Database owner, client, proxy server, cloud server.Database owner is mainly responsible for generating key
It is right, outsourcing process is encrypted to database, operation is encrypted to the complement code of frequency threshold negative-k, and is uploaded to high in the clouds clothes
Business device, to proxy server mandate private key sk.Client mainly applies for the frequency for inquiring about record R.Proxy server obtains data
Storehouse owner authorizes, and assists database owner to process affairs, including preserves client private key sk, decrypting ciphertext;Cloud service
Device is used to store ciphertext database, carry out homomorphism arithmetic operation to ciphertext.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611012810.4A CN106534313B (en) | 2016-11-17 | 2016-11-17 | The frequency measuring method and system of facing cloud end data publication protection safety and privacy |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611012810.4A CN106534313B (en) | 2016-11-17 | 2016-11-17 | The frequency measuring method and system of facing cloud end data publication protection safety and privacy |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106534313A true CN106534313A (en) | 2017-03-22 |
CN106534313B CN106534313B (en) | 2019-09-13 |
Family
ID=58352203
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201611012810.4A Active CN106534313B (en) | 2016-11-17 | 2016-11-17 | The frequency measuring method and system of facing cloud end data publication protection safety and privacy |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106534313B (en) |
Cited By (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107154845A (en) * | 2017-04-11 | 2017-09-12 | 中国人民武装警察部队工程大学 | A kind of BGN types ciphertext decryption outsourcing scheme based on attribute |
WO2018205549A1 (en) * | 2017-05-09 | 2018-11-15 | 深圳市全同态科技有限公司 | Fully homomorphic encryption-based ciphertext query method and system |
CN109889320A (en) * | 2019-01-24 | 2019-06-14 | 中国人民武装警察部队工程大学 | A kind of full homomorphic cryptography method of efficient BGV type multi-key cipher |
CN110008717A (en) * | 2019-02-26 | 2019-07-12 | 东北大学 | Support the decision tree classification service system and method for secret protection |
CN110391895A (en) * | 2019-07-31 | 2019-10-29 | 阿里巴巴集团控股有限公司 | Data preprocessing method, ciphertext data capture method, device and electronic equipment |
CN110612696A (en) * | 2017-05-18 | 2019-12-24 | 罗伯特·博世有限公司 | Post-quantum secure private stream aggregation |
US10546032B2 (en) | 2017-11-21 | 2020-01-28 | International Business Machines Corporation | System and method for association rule mining from encrypted databases |
CN110999200A (en) * | 2017-07-28 | 2020-04-10 | 皇家飞利浦有限公司 | Evaluation of monitoring function |
CN111373401A (en) * | 2017-11-27 | 2020-07-03 | 三菱电机株式会社 | Homomorphic inference device, homomorphic inference method, homomorphic inference program, and hidden information processing system |
CN111526148A (en) * | 2020-04-26 | 2020-08-11 | 中山大学 | System and method for safely denoising encrypted audio in cloud computing environment |
US10790961B2 (en) | 2019-07-31 | 2020-09-29 | Alibaba Group Holding Limited | Ciphertext preprocessing and acquisition |
CN112073172A (en) * | 2020-09-02 | 2020-12-11 | 北京邮电大学 | Grid identity-based dual-receiver fully homomorphic encryption method and system |
CN113127536A (en) * | 2021-04-14 | 2021-07-16 | 上海同态信息科技有限责任公司 | Offline fuzzy matching framework based on homomorphic configuration encryption |
CN113157778A (en) * | 2021-06-09 | 2021-07-23 | 富算科技(上海)有限公司 | Proxiable query method, system, device and medium for distributed data warehouse |
CN113609503A (en) * | 2021-08-10 | 2021-11-05 | 支付宝(杭州)信息技术有限公司 | Highest bit carry calculation method for protecting data privacy |
CN114175568A (en) * | 2020-02-14 | 2022-03-11 | 谷歌有限责任公司 | Secure multi-party arrival frequency and frequency estimation |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103281377A (en) * | 2013-05-31 | 2013-09-04 | 北京鹏宇成软件技术有限公司 | Cryptograph data storage and searching method for cloud |
CN103401871A (en) * | 2013-08-05 | 2013-11-20 | 苏州大学 | Method and system for sequencing ciphertexts orienting to homomorphic encryption |
CN104881615A (en) * | 2015-06-08 | 2015-09-02 | 武汉大学 | Efficient privacy protection ciphertext connection access operation validation method under cloud environment |
CN105743888A (en) * | 2016-01-22 | 2016-07-06 | 河南理工大学 | Agent re-encryption scheme based on keyword research |
-
2016
- 2016-11-17 CN CN201611012810.4A patent/CN106534313B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103281377A (en) * | 2013-05-31 | 2013-09-04 | 北京鹏宇成软件技术有限公司 | Cryptograph data storage and searching method for cloud |
CN103401871A (en) * | 2013-08-05 | 2013-11-20 | 苏州大学 | Method and system for sequencing ciphertexts orienting to homomorphic encryption |
CN104881615A (en) * | 2015-06-08 | 2015-09-02 | 武汉大学 | Efficient privacy protection ciphertext connection access operation validation method under cloud environment |
CN105743888A (en) * | 2016-01-22 | 2016-07-06 | 河南理工大学 | Agent re-encryption scheme based on keyword research |
Non-Patent Citations (3)
Title |
---|
刘鹏亮,俎龙辉,白翠翠,马 华: "一种可验证的公钥可搜索加密方案", 《计算机工程》 * |
张雪娇: "基于整数上同态加密的云存储密文检索系统", 《中国海洋大学硕士学位论文》 * |
赵英明: "基于同态加密的密文检索技术研究", 《内蒙古大学硕士学位论文》 * |
Cited By (25)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107154845A (en) * | 2017-04-11 | 2017-09-12 | 中国人民武装警察部队工程大学 | A kind of BGN types ciphertext decryption outsourcing scheme based on attribute |
CN107154845B (en) * | 2017-04-11 | 2020-08-11 | 中国人民武装警察部队工程大学 | BGN type ciphertext decryption outsourcing scheme based on attributes |
WO2018205549A1 (en) * | 2017-05-09 | 2018-11-15 | 深圳市全同态科技有限公司 | Fully homomorphic encryption-based ciphertext query method and system |
CN110612696B (en) * | 2017-05-18 | 2023-04-14 | 罗伯特·博世有限公司 | Post-quantum secure private stream aggregation |
CN110612696A (en) * | 2017-05-18 | 2019-12-24 | 罗伯特·博世有限公司 | Post-quantum secure private stream aggregation |
CN110999200A (en) * | 2017-07-28 | 2020-04-10 | 皇家飞利浦有限公司 | Evaluation of monitoring function |
CN110999200B (en) * | 2017-07-28 | 2023-10-03 | 皇家飞利浦有限公司 | Method and system for evaluating monitoring function to determine whether triggering condition is met |
US10546032B2 (en) | 2017-11-21 | 2020-01-28 | International Business Machines Corporation | System and method for association rule mining from encrypted databases |
CN111373401A (en) * | 2017-11-27 | 2020-07-03 | 三菱电机株式会社 | Homomorphic inference device, homomorphic inference method, homomorphic inference program, and hidden information processing system |
CN111373401B (en) * | 2017-11-27 | 2023-04-25 | 三菱电机株式会社 | Homomorphic inference device, homomorphic inference method, computer-readable storage medium, and hidden information processing system |
CN109889320A (en) * | 2019-01-24 | 2019-06-14 | 中国人民武装警察部队工程大学 | A kind of full homomorphic cryptography method of efficient BGV type multi-key cipher |
CN110008717B (en) * | 2019-02-26 | 2023-04-11 | 东北大学 | Decision tree classification service system and method supporting privacy protection |
CN110008717A (en) * | 2019-02-26 | 2019-07-12 | 东北大学 | Support the decision tree classification service system and method for secret protection |
CN110391895B (en) * | 2019-07-31 | 2020-10-27 | 创新先进技术有限公司 | Data preprocessing method, ciphertext data acquisition method, device and electronic equipment |
US10790961B2 (en) | 2019-07-31 | 2020-09-29 | Alibaba Group Holding Limited | Ciphertext preprocessing and acquisition |
CN110391895A (en) * | 2019-07-31 | 2019-10-29 | 阿里巴巴集团控股有限公司 | Data preprocessing method, ciphertext data capture method, device and electronic equipment |
CN114175568A (en) * | 2020-02-14 | 2022-03-11 | 谷歌有限责任公司 | Secure multi-party arrival frequency and frequency estimation |
CN114175568B (en) * | 2020-02-14 | 2023-06-06 | 谷歌有限责任公司 | Secure multiparty arrival rate and frequency estimation |
CN111526148A (en) * | 2020-04-26 | 2020-08-11 | 中山大学 | System and method for safely denoising encrypted audio in cloud computing environment |
CN112073172B (en) * | 2020-09-02 | 2021-11-05 | 北京邮电大学 | Grid identity-based dual-receiver fully homomorphic encryption method and system |
CN112073172A (en) * | 2020-09-02 | 2020-12-11 | 北京邮电大学 | Grid identity-based dual-receiver fully homomorphic encryption method and system |
CN113127536A (en) * | 2021-04-14 | 2021-07-16 | 上海同态信息科技有限责任公司 | Offline fuzzy matching framework based on homomorphic configuration encryption |
CN113127536B (en) * | 2021-04-14 | 2023-07-28 | 上海同态信息科技有限责任公司 | Offline fuzzy matching system based on homomorphic encryption |
CN113157778A (en) * | 2021-06-09 | 2021-07-23 | 富算科技(上海)有限公司 | Proxiable query method, system, device and medium for distributed data warehouse |
CN113609503A (en) * | 2021-08-10 | 2021-11-05 | 支付宝(杭州)信息技术有限公司 | Highest bit carry calculation method for protecting data privacy |
Also Published As
Publication number | Publication date |
---|---|
CN106534313B (en) | 2019-09-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106534313B (en) | The frequency measuring method and system of facing cloud end data publication protection safety and privacy | |
CN106533650B (en) | Interactive method for secret protection and system towards cloud | |
US11201734B2 (en) | Method and system for fault tolerant and secure multiparty computation with SPDZ | |
CN111512589B (en) | Method for fast secure multiparty inner product with SPDZ | |
CN106953722B (en) | Ciphertext query method and system for full homomorphic encryption | |
Liang et al. | Searchable attribute-based mechanism with efficient data sharing for secure cloud storage | |
CN104283669B (en) | Re-encryption depth optimization method in full homomorphic cryptography | |
CN112989368A (en) | Method and device for processing private data by combining multiple parties | |
CN109740364B (en) | Attribute-based ciphertext searching method capable of controlling searching authority | |
Zhang et al. | A privacy protection scheme for IoT big data based on time and frequency limitation | |
Subramani et al. | Review of security methods based on classical cryptography and quantum cryptography | |
CN101321058B (en) | Method and system for encoding and decoding digital message | |
Peng et al. | One-time-pad cryptography scheme based on a three-dimensional DNA self-assembly pyramid structure | |
Patil et al. | Big data privacy using fully homomorphic non-deterministic encryption | |
Li et al. | Efficient and adaptively secure attribute-based proxy reencryption scheme | |
CN109451077A (en) | The model that medical cloud search permission is shared | |
Zuobin et al. | P2HBT: Partially Policy Hidden E‐Healthcare System with Black‐Box Traceability | |
JP5486519B2 (en) | Search system, determination device, vector construction device, method and program thereof | |
Debnath et al. | Large universe attribute based encryption enabled secured data access control for cloud storage with computation outsourcing | |
Zhao et al. | Dual-server certificateless public key encryption with authorized equality test for outsourced IoT data | |
CN101321059B (en) | Method and system for encoding and decoding digital message | |
Shen et al. | Secure access control for eHealth data in emergency rescue case based on traceable attribute-based encryption | |
Theodouli et al. | Implementing private k-means clustering using a LWE-based cryptosystem | |
Azuma | An entangling-probe attack on Shor’s algorithm for factorization | |
Zhang | Scalable One-Time Pad---From Information Theoretic Security to Information Conservational Security |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |