CN106534313A - Frequentness measuring method and system for security and privacy protection facing cloud data issuing - Google Patents

Frequentness measuring method and system for security and privacy protection facing cloud data issuing Download PDF

Info

Publication number
CN106534313A
CN106534313A CN201611012810.4A CN201611012810A CN106534313A CN 106534313 A CN106534313 A CN 106534313A CN 201611012810 A CN201611012810 A CN 201611012810A CN 106534313 A CN106534313 A CN 106534313A
Authority
CN
China
Prior art keywords
ciphertext
frequency
fhe
homomorphism
cloud server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201611012810.4A
Other languages
Chinese (zh)
Other versions
CN106534313B (en
Inventor
刘君强
陈芳慧
李挺
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Gongshang University
Original Assignee
Zhejiang Gongshang University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang Gongshang University filed Critical Zhejiang Gongshang University
Priority to CN201611012810.4A priority Critical patent/CN106534313B/en
Publication of CN106534313A publication Critical patent/CN106534313A/en
Application granted granted Critical
Publication of CN106534313B publication Critical patent/CN106534313B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/008Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords

Abstract

The invention discloses a frequentness measuring method and system for security and privacy protection facing cloud data issuing. A database owner generates a secret key pair, encryption outsourcing processing is carried out on the database, encryption operation is carried out on complement of a frequentness threshold negative -k, the encrypted complement is uploaded to a cloud server, and a private key sk is authorized to a proxy server; a client applies to inquire the frequentness of a record R; the proxy server obtains permission from the database owner and assists the database owner in dealing with a transaction. The cloud server is used for storing a ciphertext database and carrying out a homomorphic operation on the ciphertext. According to the method and system disclosed by the invention, with the full-homomorphic encryption technology, the frequentness ciphertext in a data recording manner is obtained in a cloud environment and whether the frequentness of the record meets a privacy protection requirement is determined; and leaking of a recorded content inquired by a client as well as sensitive recorded content with the frequentness lower than a threshold in the database can be prevented during the whole process. Therefore, secure storage of data can be realized; and frequentness measurement for privacy protection can be carried out by the cloud conveniently.

Description

Facing cloud end data issues the frequency assay method and system of protection safety and privacy
Technical field
The present invention relates to secret protection Related Research Domain, it is safe that more particularly to a kind of facing cloud end data issues protection And the frequency assay method and system of privacy.
Background technology
In the epoch of information sharing, secret protection and information security become an important research field of IT circles.Information is pacified Complete requirement to prevent unwarranted number is it is disclosed, and secret protection is intended to avoid disclosed data from being used for therefrom reasoning individual's Sensitive information.
With the arrival in big data epoch, increasing people data storage and performs meter beyond the clouds using cloud computing technology Process task is calculated, secret protection faces many new challenges.There is the danger of leakage privacy beyond the clouds in data storage procedure, except this Outside, secret protection processing procedure is likely under attack in itself, and this undoubtedly increased the risk of privacy leakage and avoids risk Difficulty.
The safety problem that high in the clouds data are solved with cryptographic technology is one and selects well, data are carried out adding High in the clouds storage is uploaded to after close, just there is no the danger of privacy leakage.But encryption data presence in high in the clouds is difficult to computing Problem.Fortunately full homomorphic cryptography technology provides possibility to solve new challenge.Full homomorphic cryptography is that one kind can be direct The technology operated by ciphertext data under encrypted state.The general of homomorphic cryptography is proposed just early in Rivest in 1978 et al. Read, wherein, public key algorithm RSA is multiplicative homomorphic encipherment scheme, and Paillier algorithms are additive homomorphism encipherment schemes, but this Stagnate always afterwards.After Gentry in 2009 constructs first full homomorphic encryption scheme, have and develop rapidly, occur Many achievements, including:Based on the scheme based on integer such as the full homomorphic encryption scheme of ideal lattice, Dijk, The scheme based on LWE (Learning With Error) such as Gentry, Lyubaskevsky etc. are based on RLWE's (Ring LWE) The scheme based on GLWE (Generalized LWE) such as scheme, Brakerski.But these schemes are mostly based on theory, need Continue the efficient practical plan of research.
The data for needing to carry out secret protection process can be encrypted using full homomorphic cryptography technology, be recycled Cloud computing carries out ciphertext data operation process, obtains meeting the ciphertext data of secret protection requirement.Using full homomorphic cryptography technology Data content safety can be protected and data handling procedure safety can be protected.
Carry out beyond the clouds when data-privacy protection is processed, generally requiring the frequency in statistics record, the present invention combines same State encryption technology, needs to protect the purpose of data safety and privacy in facing cloud end data issuing process, proposes that a kind of homomorphism is close Data record frequency assay method and system under text, is processed for secret protection.
The content of the invention
Present invention aims to the deficiencies in the prior art, there is provided a kind of facing cloud end data issue protection safety and The frequency assay method of privacy and system.
The purpose of the present invention is achieved through the following technical solutions:A kind of facing cloud end data issue protection safety and The frequency assay method of privacy, comprises the steps:
S1, database owner generate public key pk and private key sk with homomorphism key schedule FHE.KeyGen;Frequency is set Degree threshold value k, and the encrypted form cc_thd of the complement code of-k is uploaded to into cloud server;Outside the database that will be encrypted with public key pk Wrap cloud server;Public key pk is uploaded to into cloud server preservation;
S2, client obtain public key pk from high in the clouds, need the record R for inquiring about frequency to obtain ciphertext RC with public key pk encryptions, RC is uploaded to into cloud server;
S3, cloud server perform frequency ciphertexts of the record RC of homomorphism computing inquiry encryption in ciphertext database csup;And threshold determination is carried out under homomorphism, obtain result of determination cresult;Cresult and csup are sent to agency service Device;
S4, proxy server private key sk obtain plaintext m to cresult decryption, represent frequency result of determination;According to frequency Result of determination m and csup decrypted results send information sup to cloud server;
Information sup that proxy server is returned is sent to client by S5, cloud server.
Further, the database owner in step S1 generates public key pk and private key sk, and private key sk is shared To proxy server.
Further, homomorphism computing is performed in step S3 and inquires about frequency ciphertext csup tools of the RC in ciphertext database Gymnastics is made as follows:
First, cloud server will record RC and do homomorphism computing respectively with common l bars ciphertext record in ciphertext tables of data, obtain L ciphertext cc1,cc2,…,ccl, concrete operations are as follows:Cloud server will record RC=[rc1,rc2,…,rcn] and ciphertext number R is recorded according to i-th ciphertext in storehousei=[ci1,ci2,…,cin] corresponding to ciphertext position rcjAnd cijHomomorphism add operation is done, n is obtained Individual ciphertext position c 'ij=FHE.Add (pk, rcj,cij),j∈{1,2,…,n},i∈{1,2,…,l};Again by n ciphertext position c ’i1,c’i2,…,c’in(pk, 1) does homomorphism add operation, obtains the new ciphertexts of n with 1 ciphertext c_m1=FHE.Enc respectively Position caddij=FHE.Add (pk, c 'ij, c_m1), i ∈ { 1,2 ..., n };Then, by n ciphertext position caddi1,caddi2,…, caddinHomomorphism multiplying is done, ciphertext cc is obtainedi=FHE.Mult (pk, caddi1,caddi2,…,caddin),i∈{1, 2,…,l};
Then, by homomorphism addition FHE.Add computings and homomorphism multiplication FHE.Mult computings by ciphertext cc1,cc2,…,ccl Add up, obtain recording frequency ciphertext csup of R, csup=[csN,…,cs2,cs1] for N number of ciphertext position,
Further, threshold determination is carried out under homomorphism in step S3, obtains the concrete of result of determination cresult Operate and be:Cloud server is by csup=[csN,…,cs2,cs1] and cc_thd=FHE.Enc (pk ,-k)=[cthdN+1, cthdN,…,cthd1] do following homomorphism computing:First, make c_carry0=FHE.Enc (pk, 0), then takes 1 up to N to i, By the i-th -1 carry ciphertext c_carryi-1With the i-th bit ciphertext position cs of csupiWith the i-th bit ciphertext position cthd of cc_thdiCarry out Homomorphism addition and homomorphism multiplying obtain carry ciphertext c_carryi=FHE.Add (pk, FHE.Mult (pk, cthdi,c_ carryi-1),FHE.Mult(pk,csi,FHE.Add(pk,cthdi,c_carryi-1)));By highest carry ciphertext c_carryN With the highest ciphertext position cthd of cc_thdN+1(1) pk does homomorphism add operation, obtains ciphertext cresult==FHE.Enc FHE.Add(pk,c_carryN,cthdN+1)。
Further, frequency result of determination concrete operations are obtained according to cresult plaintext results in step S4 as follows: Proxy server private key sk decryption cresult obtain plaintext m=FHE.Dec (sk, cresult), if m=0, illustrate to record R Frequency be not less than threshold value, proxy server sends the plaintext sup that csup decryption is obtained to cloud server;If m=1, judge The plaintext sup that csup decryption is obtained, if record R is not queried in sup=0 database of descriptions, sends sup to cloud server =0;If the frequency of sup ≠ 0 explanation record R is less than threshold value, the information sensing for recording R is strong, easily reveals privacy information, acts on behalf of Server sends sup=-1 to cloud server.
Further, ciphertext computing is processed with cloud server obtain frequency, and by frequency and frequency threshold in ciphertext shape Be compared under state, judgement be decrypted with proxy server compared result, there is no leakage client in this course Situation of the frequency less than the sensitive record of threshold value in the record content inquired about, database.
A kind of facing cloud end data issues the frequency measurement system of protection safety and privacy, and the system includes four directions:Data Storehouse owner, client, proxy server, cloud server.Database owner is mainly responsible for generating key pair, to database Outsourcing process is encrypted, operation is encrypted to the complement code of frequency threshold negative-k, and is uploaded to cloud server, to agency Server mandate private key sk.Client mainly applies for the frequency for inquiring about record R.Proxy server obtains database owner and awards Power, assists database owner to process affairs, including preserves client private key sk, decrypting ciphertext;Cloud server is used to store Ciphertext database, homomorphism arithmetic operation is carried out to ciphertext.
The invention has the beneficial effects as follows:The present invention combines full homomorphic cryptography technology, and data note can be obtained under cloud environment The frequency ciphertext of record simultaneously judges whether the frequency for recording meets secret protection requirement, while guaranteeing that whole process will not reveal client In the inquired about record content in end, database, less than the sensitive record content of threshold value, frequency can either realize that the safety of data is deposited Storage facilitates high in the clouds to carry out protecting the frequency of privacy to determine again.
Description of the drawings
Fig. 1 is the frequency assay method operating process that the facing cloud end data that the present invention is provided issues protection safety and privacy Figure;
Fig. 2 is the frequency assay method and system reality that the facing cloud end data that the present invention is provided issues protection safety and privacy Apply illustration to be intended to;
Fig. 3 is the frequency measurement system structural representation that the facing cloud end data that the present invention is provided issues protection safety and privacy Figure.
Specific embodiment
Before specific implementation is introduced, the rudimentary knowledge of some full homomorphic cryptographies is first introduced.Homomorphic encryption scheme bag Containing four probability times multinomial algorithm HE={ KeyGen, Encrypt, Decrypt, Evaluate }, the work of this four algorithms With as follows with process, λ is security parameter:
KeyGen is generation scheme key algorithm.Input security parameter λ, output obtain public key pk, private key sk and public comment Estimate key evk, evk is public key information needed for computing Boolean circuit.(pk,evk,sk)←HE.KeyGen(1λ)。
Encrypt is ciphertext generating algorithm.Input public key pk and single bit of information m ∈ { 0,1 }, output obtain a ciphertext c。c←HE.Encpk(m)。
Decrypt is that ciphertext is decrypted.Input private key sk and ciphertext c, output obtain information m*∈{0,1}。m* ←HE.Decsk(c)。
Evaluate is for ensuring that the correctness of homomorphic cryptography.Some ciphertexts are exactly carried out by the correctness of homomorphic cryptography The calculated ciphertext of homomorphism is decrypted the plaintext obtained after processing, and plaintext corresponding with ciphertext is carried out obtained by identical calculations As a result it is equal.Input assessment key evk, a functionAnd ciphertextOutput is obtained One ciphertext cfTo cfBe decrypted the result for obtaining is processed equal to correspondence In plain textThe result of identical operation is carried out, i.e., Topmost computing behaviour Work is homomorphism add operation HE.Add and homomorphism multiplying HE.Mult.
The present invention use the higher full homomorphic encryption schemes of the BGV based on RLWE of current efficiency (Z.Brakerski, C.Gentry,and V.Vaikuntanathan.(leveled)fully homomorphic encryptionwithout bootstrapping.TOCT,6(3):13,2014.Preliminary version in ITCS 2012.), for the ease of reason Principle to the full homomorphic cryptography is made introduction by solution first.
Structure based on the base case GHE of GLWE is as follows:
1、GHE.Setup(1λ,1μ,b):Determine that using bit b ∈ { 0,1 } we are to based on LWE schemes (d=1) RLWE schemes (n=1) setup parameter is also based on, d parameters represent the polynomial degree of estimation.Select μ bit moduli q and its His parameter (d=d (λ, μ, b), n=n (λ, μ, b),χ=χ (λ, μ, b)) is guaranteeing based on GLWE The case of scheme has 2λSecurity with resist lattice attack.AllowWith parameter params=(q, d, n, N, χ).
2、GHE.SecretKeyGen(params):Choose s' ← χn, obtain
3、GHE.PublicKeyGen(params,sk):Using private key as input sk=s=(1, s'), s [0]=1,Also parameter params.A matrix is generated uniformlyOne vector e ← χNWith a set b ← A' S'+2e. arranging A becomes (n+1) column matrix comprising b, and aft section is the n column matrix (A s=2e) of-A'.Public key pk=A.
4、GHE.Enc(params,pk,m):In order to encrypt an information m ∈ R2, arrange SamplingOutput ciphertext
5、GHE.Dec(params,sk,c):Output decryption information m ← [[<c,s>]q]2
The full homomorphic encryption algorithm that need not bootstrap is realized as follows:
Firstth, parameter setting.The full homomorphic encryption scheme that the present invention is adopted is based on polynomial ring, polynomial ringD is 2 power power, and λ is the security parameter of homomorphic encryption scheme, and ciphertext multinomial coefficient takes μ bit moulds Number q, L is binary arithmetic operation circuit depth, other specification (d=d (λ, μ, b), n=n (λ, μ, b),χ=χ (λ, μ, b)) is guaranteeing 2λSecurity.N=1 is exactly instantiation of the setting based on RLWE. In order to allow full homomorphic cryptography to be applied to universe anonymity algorithm, plaintext space is set as R2=R/2R.
Secondth, key schedule FHE.KeyGen.Key is as follows to generating:GHE.SecretKeyGen(params): Choose s' ← χn, obtain private keyGHE.PublicKeyGen(params, sk):Using private key as input sk=s=(1, s'), s [0]=1,Also parameter params=(q, d, n, N, χ). One matrix of even generationOne vector e ← χNA is arranged with a set b ← A's'+2e. becomes the (n+ comprising b 1) column matrix, aft section are the n column matrix (A s=2e) of-A'.Public key pk=A.
Circulation j=L to 0, runs paramsj←GHE.Setup(1λ,1(j+1)·μ, b) come the level of the mould that obtains successively decreasing from qL ((L+1) μ bits) is to q0(μ bits). circulation j=L-1 to 0, parameter paramsjMiddle djValue be replaced by d=dL, it is distributed χj It is replaced by χ=χL
FHE.KeyGen(paramsj):J=L is to 0 for circulation, is implemented as described below:
1st, run sj←GHE.SecretKeyGen(paramsj)and Aj←GHE.PublicKeyGen(paramsj, sj)。
2nd, arranges'jIt is sjTensor, its coefficient is in RqjIn sjTwo coefficients Product.
3rd, s is set "j←BitDecomp(s'j,qj)。
4th, run τs”j+1→sj←SwitchKeyGen(s”j,sj-1), this step is omitted as j=L.
Private key sk includes all sj, public key pk include all AjAnd τs”j+1→sj
3rd, encryption algorithm F HE.Enc (params, pk, m):In R2In find information m, run GHE.Enc (AL,m)。 GHE.Enc(pk,m):In order to encrypt an information m ∈ R2, arrangeSamplingOutput Ciphertext
4th, decipherment algorithm FHE.Dec (params, sk, c):Assume that ciphertext is in sjUnder, run GHE.Dec (sj, c).GHE.Dec(sk,c):Output decryption information m ← [[<c,s>]q]2
5th, homomorphism addition FHE.Add (pk, c1,c2):Input two equally uses private key sjThe ciphertext of encryption.C is set3← c1+c2mod qj。c3It is exactly in s'jUnder ciphertext (s'jParameter include all sjParameter becauseAnd s'jFirst coefficient for 1), export c4=FHE.Refresh (c3s”j→sj-1,qj,qj-1)。
6th, homomorphism multiplication FHE.Mult (pk, c1,c2):Input two equally uses private key sjThe ciphertext of encryption.First, newly Ciphertext be in private keyUnder, it is linear equalityCoefficient vector c3, export c4= FHE.Refresh(c3s”j→sj-1,qj,qj-1)。
FHE.Refresh(c,τs”j→sj-1,qj,qj-1):Input private key s'jUnder ciphertext, auxiliary information τs”j→sj-1To help Key is helped to change, current and next modulus is qjAnd qj-1, do following work:Launch c first1←Powersof2(c,qj).So After carry out analog-to-digital conversion, c2←Scale(c1,qj,qj-1, 2), corresponding private key s "jWith modulus qj-1.Key conversion is carried out again, is exported c3←SwitchKey(τs”j→sj-1,c2,qj-1), corresponding private key sj-1With modulus qj-1
(c, p, q, are 2) mould converting algorithm to wherein c'=Scale, and p, q are two odd modes, and c is an integer vectors, c' It is the integer vectors for being close to (p/q) c and meets c'=c mod 2.X is decomposed Become its bit method for expressing,Output SwitchKeyGen(s1,s2,n1,n2, q) it is input into two private keysWith the dimension of private key, modulus q, private key s2WithOperation GHE.PublicKeyGen (s2, N) and public key A is obtained, generate B=A+Powesof2 (s1, q), then Auxiliary information τ of outputs1→s2=B realizes exchanging.Wherein,
Below with reference to the accompanying drawings the present invention is described in detail and with reference to example.
Fig. 1 is the frequency assay method operating process that the facing cloud end data that the present invention is provided issues protection safety and privacy Figure.As shown in figure 1, the facing cloud end data that the present invention is provided issues protection safety and the frequency assay method of privacy includes step S1-S5。
Step S1:Database owner generates public key pk and private key sk with key schedule FHE.KeyGen, by frequency Cloud server is uploaded after the complement code encryption of threshold value volume negative-k, then cloud service is uploaded after database public key pk is encrypted Public key pk is equally uploaded to cloud server by device.
Step S2:Client obtains public key pk from cloud server request, with the note of inquiry frequency needed for public key pk encryptions Record R, obtains ciphertext RC, RC is uploaded to cloud server.
Step S3:Cloud server performs the frequency csup that homomorphism computing obtains RC, carries out frequency threshold by homomorphism computing Value judgement obtains cresult, and csup and cresult is sent to proxy server.
Step S4:Proxy server decryption cresult obtains plaintext m, and decryption csup obtains plaintext sup, according to m and sup Judge to record that the frequency of R, whether more than threshold value, sets sup according to judgement and is sent to cloud server.
Step S5:Sup is sent to client by cloud server.
Further it is described in detail with the example in Fig. 2.Fig. 2 is that the facing cloud end data that the present invention is provided issues protection The frequency assay method and system embodiment schematic diagram of safety and privacy.As shown in Fig. 2 the facing cloud end data that the present invention is provided The frequency assay method for issuing protection safety and privacy includes step S1-S5, and the system for being provided includes database owner, visitor Family end, proxy server, cloud server.
Specifically, by taking the database comprising 6 records in accompanying drawing 2 as an example, it is assumed that the record encrypted per bar is close with n Literary position represents, the present invention is described in detail.
Step S1:Database owner generates public key pk and private key sk using homomorphism key schedule, and by database In record change into binary representation after be encrypted with public key pk, the ciphertext database for obtaining is uploaded to into high in the clouds Server, while it is 2 to arrange frequency threshold k, its negative value-k=-2 complement code public key pk is encrypted, and is uploaded to high in the clouds clothes Business device.It is hereby stated that, in database, record and homomorphism calculating process, encrypt every time same plaintext position all produce it is different close R is recorded in text, such as accompanying drawing 21(1) pk is mutually not to encrypted result FHE.Enc of 1 representated by each 1' of ciphertext form Identical, same each 0' is mutually different.Also, database owner does not also outwardly reveal the frequency threshold of setting k.The outer bag data of database owner to the process that cloud server is a continuous superposition, at one's leisure between complete.
Step S2:Client obtains itself wanting the record R's for inquiring about by sending inquiry request to cloud server Frequency.First, client asks public key pk, cloud server to reach client under public key pk to cloud server;Secondly, visitor Family end public key pk to need inquire about frequency record R={ 11, Female, 375720 } change into binary system [1,1,0,0 ..., 1] it is encrypted again, obtains ciphertext record RC=[1', 1', 0', 0' ..., 1'];RC is sent to cloud server is carried out Homomorphism computing.
Step S3:First, cloud server by RC=[1', 1', 0', 0' ..., 1'] and ciphertext database totally 6 it is close Text record carries out homomorphism computing, obtains 6 ciphertexts cc1=1', cc2=0', cc3=0', cc4=0', cc5=0', cc6=1'. With RC and R2Do homomorphism and be calculated cc2As a example by, R2=[1', 0', 0', 1' ..., 1'], by RC and R2Corresponding i-th ciphertext To do homomorphism add operation, n ciphertext 0', 1', 0', 1' ..., 0', i ∈ { 1,2 ..., n } are obtained;Above-mentioned n ciphertext is distinguished Homomorphism add operation is carried out with 1 ciphertext 1', n new ciphertext 1', 0', 1', 0' ..., 1' is obtained;By above-mentioned n ciphertext position It is homomorphism multiplying FHE.Mult (pk, 1', 0', 1', 0' ..., 1') and obtains ciphertext cc2=0'.In the same manner, by RC with other 5 Bar record does homomorphism computing.
Then, cloud server is to 6 ciphertexts cc1=1', cc2=0', cc3=0', cc4=0', cc5=0', cc6=1' Added up, you can obtain recording frequency ciphertext csup of R, concrete operations are as follows:Due to counting the maximum possible frequency for obtaining Ciphertext is related to data-base recording amount, and frequency ciphertext position is up toFirst, the initial of ciphertext csup is set It is worth the ciphertext csup=[cs for 303,cs2,cs1]=[0', 0', 0'];Then, ciphertext csup is added into first ciphertext cc1 =1', computing ccarry1=FHE.Mult (pk, 1', 0') obtains carry ccarry1=0', computing cs1=FHE.Add (pk, 1', 0') obtain new minimum ciphertext position cs1=1', then computing ccarryi=FHE.Mult (pk, ccarryi-1,csi),csi =FHE.Add (pk, ccarryi-1,csi), i ∈ { 2,3 } obtain carry ccarry2=0', ccarry3=0', new ciphertext position cs3=0', cs2=0'.Then, add up upper first ciphertext cc1Frequency ciphertext csup=[cs after=1'3,cs2,cs1]= [0', 0', 1'], then add up other 5 ciphertexts, finally gives frequency ciphertext csup=[cs3,cs2,cs1]=[0', 1', 0']。
Finally, cloud server carries out threshold determination after frequency ciphertext csup is obtained.Threshold value is database owner Set and encrypt, threshold value ciphertext cc_thd=[cthdN+1,cthdN,…,cthd1] comprising N+1 ciphertext position.In this example Cc_thd=FHE.Enc (pk, -2)=[cthd4,cthd3,cthd2,cthd1]=[1', 1', 1', 0'].First, make c_ carry0(0) pk, then carries out homomorphism computing and obtains carry c=FHE.Enc_carryi=FHE.Add (pk, FHE.Mult (pk,cthdi,c_carryi-1),FHE.Mult(pk,csi,FHE.Add(pk,cthdi,c_carryi-1))), i ∈ { 1,2,3 }, Wherein c_carry3=1';Last computing cresult=FHE.Add (pk, cthd4,c_carry3) obtain result of determination Cresult=0'.Cloud server will reach proxy server under ciphertext cresult for obtaining and be decrypted.
Step S4:Proxy server private key sk decryption cresult obtain plaintext m=FHE.Dec (sk, cresult)= 0, illustrate that the frequency for recording R={ 11, Female, 375720 } is not less than threshold value, proxy server is sent to cloud server The plaintext sup=[0,1,0]=2 that csup decryption is obtained.
Step S5:Sup=2 is sent to client by cloud server, client just learn record R=11, Female, 375720 } frequency is 2.
Equally, if the frequency of the record R={ 32, Male, 375722 } of client request inquiry, will obtain The decrypted result m=FHE.Dec (sk, cresult) of cresult=1, csup decrypted result sup=1, illustrates that the frequency of R is less than Threshold value and for sensitive record, sends sup=-1 to cloud server;If the record R=of client request inquiry 67, Male, 375720 } frequency, will obtain decrypted result m=FHE.Dec (sk, cresult)=1, csup solutions of cresult , there is no record R in close result sup=0, send sup=0 to cloud server in database of descriptions;
Fig. 3 is the frequency measurement system knot of the protection data safety that the facing cloud end data that the present invention is provided is issued and privacy Structure schematic diagram.As shown in figure 3, the protection data safety of facing cloud end data issue and the frequency of privacy of present invention offer are determined System includes database owner, client, proxy server, four parts of cloud server.The database owner connects Meet cloud server and proxy server, the Client Agent connection database owner and cloud server, the client End connection cloud server.The database owner is used to generate public key pk and private key sk, and private key sk is shared to agency Public key pk is sent to cloud server by server, is sent to cloud server, and sets after database public key pk is encrypted Frequency threshold k is put, after the complement code public key pk encryptions of p- k, cloud server is sent to.The client is sent out to cloud server Send, after public key pk being obtained from cloud server, need to inquire about frequency with public key pk encryptions The record R of degree, and ciphertext RC of R is sent to cloud server.The cloud server performs homomorphism computing, including homomorphism addition Computing and homomorphism multiplying, obtain frequency ciphertext csup and frequency judges ciphertext cresult and is sent to proxy server, together When by proxy server return sup information be sent to client.Proxy server private key sk is to ciphertext csup and close Literary cresult is decrypted, and judges frequency and threshold value relation according to decrypted result, sends corresponding sup information to cloud service Device.
In sum, the frequency for issuing protection safety and privacy by the facing cloud end data that present example is provided is determined Method and system, in the case where four directions participates in and do not reveal in plain text, by proxy server is to ciphertext decryption and then performs frequency Threshold decision, returns frequency information to cloud server according to judged result, then information is returned to client by cloud server End, and all records in high in the clouds are preserved with ciphertext form, that is, make use of the high efficiency of cloud computing, in turn ensure that the safety of record information Property.
The present invention is not intended to be limited to embodiment illustrated herein, and is to fit to and principles disclosed herein and new The consistent most wide scope of clever feature.The foregoing description of the disclosed embodiments, enables professional and technical personnel in the field Realize or using the present invention.Various modifications to these embodiments will be apparent for those skilled in the art , generic principles defined herein can without departing from the spirit or scope of the present invention, in other embodiments Middle realization.

Claims (7)

1. a kind of facing cloud end data issues the frequency assay method of protection safety and privacy, it is characterised in that including following step Suddenly:
S1, database owner generate public key pk and private key sk with homomorphism key schedule FHE.KeyGen;Frequency threshold is set Value k, and the encrypted form cc_thd of the complement code of-k is uploaded to into cloud server;The database encrypted with public key pk is outsourced to Cloud server;Public key pk is uploaded to into cloud server preservation;
S2, client obtain public key pk from high in the clouds, need the record R for inquiring about frequency to obtain ciphertext RC with public key pk encryptions, by RC It is uploaded to cloud server;
S3, cloud server perform frequency ciphertexts csup of the record RC of homomorphism computing inquiry encryption in ciphertext database;And Threshold determination is carried out under homomorphism, result of determination cresult is obtained;Cresult and csup are sent to proxy server;
S4, proxy server private key sk obtain plaintext m to cresult decryption, represent frequency result of determination;Judge according to frequency As a result m and csup decrypted results send information sup to cloud server;
Information sup that proxy server is returned is sent to client by S5, cloud server.
2. a kind of facing cloud end data according to claim 1 issues the frequency assay method of protection safety and privacy, its It is characterised by, the database owner in step S1 generates public key pk and private key sk, and private key sk is shared to agency's clothes Business device.
3. a kind of facing cloud end data according to claim 1 issues the frequency assay method of protection safety and privacy, its It is characterised by, frequency ciphertext csup concrete operations of the homomorphism computing inquiry RC in ciphertext database is performed in step S3 such as Under:
First, cloud server will record RC and do homomorphism computing respectively with common l bars ciphertext record in ciphertext tables of data, obtain l Ciphertext cc1,cc2,…,ccl, concrete operations are as follows:Cloud server will record RC=[rc1,rc2,…,rcn] and ciphertext data In storehouse, i-th ciphertext records Ri=[ci1,ci2,…,cin] corresponding to ciphertext position rcjAnd cijHomomorphism add operation is done, n is obtained Ciphertext position c 'ij=FHE.Add (pk, rcj,cij),j∈{1,2,…,n},i∈{1,2,…,l};Again by n ciphertext position c 'i1, c’i2,…,c’in(pk, 1) does homomorphism add operation, obtains the new ciphertext positions of n with 1 ciphertext c_m1=FHE.Enc respectively caddij=FHE.Add (pk, c 'ij, c_m1), i ∈ { 1,2 ..., n };Then, by n ciphertext position caddi1,caddi2,…, caddinHomomorphism multiplying is done, ciphertext cc is obtainedi=FHE.Mult (pk, caddi1,caddi2,…,caddin),i∈{1, 2,…,l};
Then, by homomorphism addition FHE.Add computings and homomorphism multiplication FHE.Mult computings by ciphertext cc1,cc2,…,cclIt is cumulative Get up, obtain recording frequency ciphertext csup of R, csup=[csN,…,cs2,cs1] for N number of ciphertext position,
4. a kind of facing cloud end data according to claim 1 issues the frequency assay method of protection safety and privacy, its It is characterised by, threshold determination is carried out under homomorphism in step S3, the concrete operations for obtaining result of determination cresult are: Cloud server is by csup=[csN,…,cs2,cs1] and cc_thd=FHE.Enc (pk ,-k)=[cthdN+1,cthdN,…, cthd1] do following homomorphism computing:First, make c_carry0(0) pk, then takes 1 up to N, by the i-th -1 to=FHE.Enc to i Carry ciphertext c_carryi-1With the i-th bit ciphertext position cs of csupiWith the i-th bit ciphertext position cthd of cc_thdiCarry out homomorphism addition Carry ciphertext c_carry is obtained with homomorphism multiplyingi=FHE.Add (pk, FHE.Mult (pk, cthdi,c_carryi-1), FHE.Mult(pk,csi,FHE.Add(pk,cthdi,c_carryi-1)));By highest carry ciphertext c_carryNWith cc_thd's Highest ciphertext position cthdN+1(pk, 1) does homomorphism add operation to=FHE.Enc, obtains ciphertext cresult=FHE.Add (pk, c_ carryN,cthdN+1)。
5. a kind of facing cloud end data according to claim 1 issues the frequency assay method of protection safety and privacy, its It is characterised by, frequency result of determination concrete operations is obtained according to cresult plaintext results in step S4 as follows:Agency service Device private key sk decryption cresult obtain plaintext m=FHE.Dec (sk, cresult), if m=0, illustrate the frequency of record R not Less than threshold value, proxy server sends the plaintext sup that csup decryption is obtained to cloud server;If m=1, judge that csup is decrypted The plaintext sup for obtaining, if record R is not queried in sup=0 database of descriptions, sends sup=0 to cloud server;If The frequency of sup ≠ 0 explanation record R is less than threshold value, and the information sensing for recording R is strong, easily reveals privacy information, proxy server Sup=-1 is sent to cloud server.
6. a kind of facing cloud end data according to claim 1 issues the frequency assay method of protection safety and privacy, its Be characterised by, ciphertext computing is processed with cloud server and obtain frequency, and frequency is carried out with frequency threshold under ciphertext state Relatively, judgement is decrypted with proxy server compared result, do not exist in this course and reveal what client was inquired about Situation of the frequency less than the sensitive record of threshold value in record content, database.
7. a kind of facing cloud end data issues the frequency measurement system of protection safety and privacy, it is characterised in that the system includes Four directions:Database owner, client, proxy server, cloud server.Database owner is mainly responsible for generating key It is right, outsourcing process is encrypted to database, operation is encrypted to the complement code of frequency threshold negative-k, and is uploaded to high in the clouds clothes Business device, to proxy server mandate private key sk.Client mainly applies for the frequency for inquiring about record R.Proxy server obtains data Storehouse owner authorizes, and assists database owner to process affairs, including preserves client private key sk, decrypting ciphertext;Cloud service Device is used to store ciphertext database, carry out homomorphism arithmetic operation to ciphertext.
CN201611012810.4A 2016-11-17 2016-11-17 The frequency measuring method and system of facing cloud end data publication protection safety and privacy Active CN106534313B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201611012810.4A CN106534313B (en) 2016-11-17 2016-11-17 The frequency measuring method and system of facing cloud end data publication protection safety and privacy

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201611012810.4A CN106534313B (en) 2016-11-17 2016-11-17 The frequency measuring method and system of facing cloud end data publication protection safety and privacy

Publications (2)

Publication Number Publication Date
CN106534313A true CN106534313A (en) 2017-03-22
CN106534313B CN106534313B (en) 2019-09-13

Family

ID=58352203

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201611012810.4A Active CN106534313B (en) 2016-11-17 2016-11-17 The frequency measuring method and system of facing cloud end data publication protection safety and privacy

Country Status (1)

Country Link
CN (1) CN106534313B (en)

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107154845A (en) * 2017-04-11 2017-09-12 中国人民武装警察部队工程大学 A kind of BGN types ciphertext decryption outsourcing scheme based on attribute
WO2018205549A1 (en) * 2017-05-09 2018-11-15 深圳市全同态科技有限公司 Fully homomorphic encryption-based ciphertext query method and system
CN109889320A (en) * 2019-01-24 2019-06-14 中国人民武装警察部队工程大学 A kind of full homomorphic cryptography method of efficient BGV type multi-key cipher
CN110008717A (en) * 2019-02-26 2019-07-12 东北大学 Support the decision tree classification service system and method for secret protection
CN110391895A (en) * 2019-07-31 2019-10-29 阿里巴巴集团控股有限公司 Data preprocessing method, ciphertext data capture method, device and electronic equipment
CN110612696A (en) * 2017-05-18 2019-12-24 罗伯特·博世有限公司 Post-quantum secure private stream aggregation
US10546032B2 (en) 2017-11-21 2020-01-28 International Business Machines Corporation System and method for association rule mining from encrypted databases
CN110999200A (en) * 2017-07-28 2020-04-10 皇家飞利浦有限公司 Evaluation of monitoring function
CN111373401A (en) * 2017-11-27 2020-07-03 三菱电机株式会社 Homomorphic inference device, homomorphic inference method, homomorphic inference program, and hidden information processing system
CN111526148A (en) * 2020-04-26 2020-08-11 中山大学 System and method for safely denoising encrypted audio in cloud computing environment
US10790961B2 (en) 2019-07-31 2020-09-29 Alibaba Group Holding Limited Ciphertext preprocessing and acquisition
CN112073172A (en) * 2020-09-02 2020-12-11 北京邮电大学 Grid identity-based dual-receiver fully homomorphic encryption method and system
CN113127536A (en) * 2021-04-14 2021-07-16 上海同态信息科技有限责任公司 Offline fuzzy matching framework based on homomorphic configuration encryption
CN113157778A (en) * 2021-06-09 2021-07-23 富算科技(上海)有限公司 Proxiable query method, system, device and medium for distributed data warehouse
CN113609503A (en) * 2021-08-10 2021-11-05 支付宝(杭州)信息技术有限公司 Highest bit carry calculation method for protecting data privacy
CN114175568A (en) * 2020-02-14 2022-03-11 谷歌有限责任公司 Secure multi-party arrival frequency and frequency estimation

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103281377A (en) * 2013-05-31 2013-09-04 北京鹏宇成软件技术有限公司 Cryptograph data storage and searching method for cloud
CN103401871A (en) * 2013-08-05 2013-11-20 苏州大学 Method and system for sequencing ciphertexts orienting to homomorphic encryption
CN104881615A (en) * 2015-06-08 2015-09-02 武汉大学 Efficient privacy protection ciphertext connection access operation validation method under cloud environment
CN105743888A (en) * 2016-01-22 2016-07-06 河南理工大学 Agent re-encryption scheme based on keyword research

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103281377A (en) * 2013-05-31 2013-09-04 北京鹏宇成软件技术有限公司 Cryptograph data storage and searching method for cloud
CN103401871A (en) * 2013-08-05 2013-11-20 苏州大学 Method and system for sequencing ciphertexts orienting to homomorphic encryption
CN104881615A (en) * 2015-06-08 2015-09-02 武汉大学 Efficient privacy protection ciphertext connection access operation validation method under cloud environment
CN105743888A (en) * 2016-01-22 2016-07-06 河南理工大学 Agent re-encryption scheme based on keyword research

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
刘鹏亮,俎龙辉,白翠翠,马 华: "一种可验证的公钥可搜索加密方案", 《计算机工程》 *
张雪娇: "基于整数上同态加密的云存储密文检索系统", 《中国海洋大学硕士学位论文》 *
赵英明: "基于同态加密的密文检索技术研究", 《内蒙古大学硕士学位论文》 *

Cited By (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107154845A (en) * 2017-04-11 2017-09-12 中国人民武装警察部队工程大学 A kind of BGN types ciphertext decryption outsourcing scheme based on attribute
CN107154845B (en) * 2017-04-11 2020-08-11 中国人民武装警察部队工程大学 BGN type ciphertext decryption outsourcing scheme based on attributes
WO2018205549A1 (en) * 2017-05-09 2018-11-15 深圳市全同态科技有限公司 Fully homomorphic encryption-based ciphertext query method and system
CN110612696B (en) * 2017-05-18 2023-04-14 罗伯特·博世有限公司 Post-quantum secure private stream aggregation
CN110612696A (en) * 2017-05-18 2019-12-24 罗伯特·博世有限公司 Post-quantum secure private stream aggregation
CN110999200A (en) * 2017-07-28 2020-04-10 皇家飞利浦有限公司 Evaluation of monitoring function
CN110999200B (en) * 2017-07-28 2023-10-03 皇家飞利浦有限公司 Method and system for evaluating monitoring function to determine whether triggering condition is met
US10546032B2 (en) 2017-11-21 2020-01-28 International Business Machines Corporation System and method for association rule mining from encrypted databases
CN111373401A (en) * 2017-11-27 2020-07-03 三菱电机株式会社 Homomorphic inference device, homomorphic inference method, homomorphic inference program, and hidden information processing system
CN111373401B (en) * 2017-11-27 2023-04-25 三菱电机株式会社 Homomorphic inference device, homomorphic inference method, computer-readable storage medium, and hidden information processing system
CN109889320A (en) * 2019-01-24 2019-06-14 中国人民武装警察部队工程大学 A kind of full homomorphic cryptography method of efficient BGV type multi-key cipher
CN110008717B (en) * 2019-02-26 2023-04-11 东北大学 Decision tree classification service system and method supporting privacy protection
CN110008717A (en) * 2019-02-26 2019-07-12 东北大学 Support the decision tree classification service system and method for secret protection
CN110391895B (en) * 2019-07-31 2020-10-27 创新先进技术有限公司 Data preprocessing method, ciphertext data acquisition method, device and electronic equipment
US10790961B2 (en) 2019-07-31 2020-09-29 Alibaba Group Holding Limited Ciphertext preprocessing and acquisition
CN110391895A (en) * 2019-07-31 2019-10-29 阿里巴巴集团控股有限公司 Data preprocessing method, ciphertext data capture method, device and electronic equipment
CN114175568A (en) * 2020-02-14 2022-03-11 谷歌有限责任公司 Secure multi-party arrival frequency and frequency estimation
CN114175568B (en) * 2020-02-14 2023-06-06 谷歌有限责任公司 Secure multiparty arrival rate and frequency estimation
CN111526148A (en) * 2020-04-26 2020-08-11 中山大学 System and method for safely denoising encrypted audio in cloud computing environment
CN112073172B (en) * 2020-09-02 2021-11-05 北京邮电大学 Grid identity-based dual-receiver fully homomorphic encryption method and system
CN112073172A (en) * 2020-09-02 2020-12-11 北京邮电大学 Grid identity-based dual-receiver fully homomorphic encryption method and system
CN113127536A (en) * 2021-04-14 2021-07-16 上海同态信息科技有限责任公司 Offline fuzzy matching framework based on homomorphic configuration encryption
CN113127536B (en) * 2021-04-14 2023-07-28 上海同态信息科技有限责任公司 Offline fuzzy matching system based on homomorphic encryption
CN113157778A (en) * 2021-06-09 2021-07-23 富算科技(上海)有限公司 Proxiable query method, system, device and medium for distributed data warehouse
CN113609503A (en) * 2021-08-10 2021-11-05 支付宝(杭州)信息技术有限公司 Highest bit carry calculation method for protecting data privacy

Also Published As

Publication number Publication date
CN106534313B (en) 2019-09-13

Similar Documents

Publication Publication Date Title
CN106534313B (en) The frequency measuring method and system of facing cloud end data publication protection safety and privacy
CN106533650B (en) Interactive method for secret protection and system towards cloud
US11201734B2 (en) Method and system for fault tolerant and secure multiparty computation with SPDZ
CN111512589B (en) Method for fast secure multiparty inner product with SPDZ
CN106953722B (en) Ciphertext query method and system for full homomorphic encryption
Liang et al. Searchable attribute-based mechanism with efficient data sharing for secure cloud storage
CN104283669B (en) Re-encryption depth optimization method in full homomorphic cryptography
CN112989368A (en) Method and device for processing private data by combining multiple parties
CN109740364B (en) Attribute-based ciphertext searching method capable of controlling searching authority
Zhang et al. A privacy protection scheme for IoT big data based on time and frequency limitation
Subramani et al. Review of security methods based on classical cryptography and quantum cryptography
CN101321058B (en) Method and system for encoding and decoding digital message
Peng et al. One-time-pad cryptography scheme based on a three-dimensional DNA self-assembly pyramid structure
Patil et al. Big data privacy using fully homomorphic non-deterministic encryption
Li et al. Efficient and adaptively secure attribute-based proxy reencryption scheme
CN109451077A (en) The model that medical cloud search permission is shared
Zuobin et al. P2HBT: Partially Policy Hidden E‐Healthcare System with Black‐Box Traceability
JP5486519B2 (en) Search system, determination device, vector construction device, method and program thereof
Debnath et al. Large universe attribute based encryption enabled secured data access control for cloud storage with computation outsourcing
Zhao et al. Dual-server certificateless public key encryption with authorized equality test for outsourced IoT data
CN101321059B (en) Method and system for encoding and decoding digital message
Shen et al. Secure access control for eHealth data in emergency rescue case based on traceable attribute-based encryption
Theodouli et al. Implementing private k-means clustering using a LWE-based cryptosystem
Azuma An entangling-probe attack on Shor’s algorithm for factorization
Zhang Scalable One-Time Pad---From Information Theoretic Security to Information Conservational Security

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant