CN108234108A - Weak leakage efficiently takes off sequence encryption method - Google Patents
Weak leakage efficiently takes off sequence encryption method Download PDFInfo
- Publication number
- CN108234108A CN108234108A CN201711345316.4A CN201711345316A CN108234108A CN 108234108 A CN108234108 A CN 108234108A CN 201711345316 A CN201711345316 A CN 201711345316A CN 108234108 A CN108234108 A CN 108234108A
- Authority
- CN
- China
- Prior art keywords
- plaintext
- ciphertext
- sub
- bit
- function
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/065—Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
- H04L9/0656—Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Storage Device Security (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention belongs to art of cryptography, specially a kind of weak leakage efficiently takes off sequence encryption method.The present invention includes initialization, encryption and comparison algorithm triple, is denoted as
Description
Technical field
The invention belongs to art of cryptography, and in particular to take off sequence encryption method in private key encryption.
Background technology
Pre-knowledge and symbology:
Hash function H is a mapping from domain to codomain, i.e. H:{0,1}m→{0,1}n.Wherein, this definition domain can
With the bit set of strings { 0,1 } of random length*Or the fixed bit set of strings { 0,1 } of some lengthm, codomain is often then
The bit set of strings { 0,1 } of some regular lengthn.Here, it is desirable that m is bigger than n, that is, embodies the compressibility of hash function.One
Hash function has anti-collision, then two different value x and x' are found in requirement from domain so that meet H (x)=H
(x') it is that calculating is infeasible.One hash function has one-way (also known as antigen picture attack), then requirement is for from codomain
Any given y finds x and so that it is that calculating is infeasible to meet H (x)=y.There are several hash functions wide in cryptography
General use:For example the data of random length are converted to the 0-1 of one 128- and gone here and there by MD5, and another common hash function
The output of SHA is the 0-1 strings of 160.Hash function returns can be very extensive:From simple mixing (mixing) function
The function that there is pseudo random output property to one.Hash function with pseudo random output property normal quilt in Cryptanalysis
It is idealized as one " random oracle (random oracle) ".Common pseudo-random function is also for this.One with key
Function F:{0,1}n×{0,1}m→{0,1}nPseudo-random function, then need to meet to the opponent of arbitrary polynomial time all without
Method distinguishes FkAnd fn, wherein k is from { 0,1 }mIn uniformly random selection, and fnBe then be all n from domain and codomain collection of functions
In uniformly random selection.
It is Mechanism in Security Database Systems to take off sequence encryption and the encrypted main application direction of order-preserving, such as the CryptDB of Popa propositions.
There are both cryptography tools, the database manipulation based on magnitude relationship such as range searching and sequence can directly act on ciphertext
On, so as to provide the Database Systems for meeting security requirement.Order-preserving encryption is suggested prior to taking off sequence encryption, wherein, it carries
The original intention for going out to take off sequence encipherment scheme is to get around a negative decision in order-preserving encryption, i.e., there is no efficient and satisfaction is preferable
The order-preserving encipherment scheme of safety.Sequence encryption is taken off earliest by Boneh et al. propositions, however structure of the program based on multilinear pairing
It makes and the immature of multilinear pairing technology at present causes its scheme to have no efficiency can to say.Then, Chenette et al. constructions
It is a kind of it is efficient take off sequence encipherment scheme, but information content of its leakage is more, including plaintext size and highest difference bit.
Information content is revealed to reduce scheme, that is, improves the safety of scheme, Cash et al. constructs one kind using bilinear map and takes off sequence
Encipherment scheme, the information content of program leakage includes the phase isotype of plaintext size order and highest difference bit, stringent few
In the information content that the scheme of Chenette et al. is revealed, but largely reduced in comparison algorithm using bilinear map operation
The efficiency of scheme.Therefore, based on important application on encrypting database, taking off sequence encryption, to receive many scholars recent years wide
General concern.
One take off sequence encipherment scheme include initialization, encrypt and compare three algorithm tuple ORE=(ORE.Setup,
ORE.Encrypt, ORE.Compare), meet following three property respectively:
ORE.Setup(1λ)→sk.The algorithm inputs a security parameter λ, and one private key of output is as in Encryption Algorithm
Key.
ORE.Encrypt(sk,m)→ct.The algorithm inputs private key and plaintext, generates a ciphertext c and as calculation
The output of method.
ORE.Compare(ct1,ct2)→b.The algorithm inputs two ciphertexts, and one bit b ∈ { 0,1 } of output is for table
Show that ciphertext corresponds to the magnitude relationship of plaintext.
Here, sequence encipherment scheme and the not specifically shown description as described in decipherment algorithm ORE.Decrypt are generally taken off, because of solution
It is close to carry out binary chop by comparing algorithm to carry out.
Although the information content that the scheme of Cash et al. is revealed is lacked compared with Chenette et al. schemes, due to comparing calculation
A large amount of bilinear map operation is used in method causes its efficiency more low, and therefore, The present invention gives compared with Cash et al. sides
Case is safer and meet greater efficiency takes off sequence encipherment scheme.In fact, the sequence encipherment scheme of taking off of the present invention mainly considers
It takes off in terms of sequence is encrypted in safety and efficiency two and is weighed, sequence encipherment scheme is more reasonably taken off so as to provide.
Invention content
The purpose of the present invention is to provide a kind of weak leakages (only to reveal plaintext size, plaintext highest difference bit
Phase isotype and plaintext highest difference bit partial information) efficiently take off sequence encryption method.
Weak leakage provided by the invention efficiently takes off sequence encryption method ∏, includes initialization, encryption and comparison algorithm ternary
Group is denoted as (ORESetup,OREEncrypt,ORECompare).If H is from { 0,1 }λ×{0,1}nIt is mapped to { 0,1 }λKazakhstan
Uncommon function;PRF is pseudo-random function, and F, F' are two kinds of pseudo-random function with different definition domain and codomain, wherein, F:{0,
1}λ×([n]×{0,1}n-1)→{0,1}λ,F′:{0,1}λ×{0,1}λ→{0,1}。
Weak leakage provided by the invention efficiently takes off sequence encryption method, the specific steps are:
First, initialization algorithm Setup is performed, which inputs a security parameter λ, generates close needed for then encryption
Key k, while a mapping ∈ is chosen, k and ∈ as the key sk of user and is exported;
Secondly, authorized user, which encrypts, needs by inputting key sk and plaintext m, and perform Encryption Algorithm Encrypt.The calculation
Method chooses random number r, then generates the corresponding sub- ciphertext subct of each bit i from 1 to n by specific policyi.For i-th
The sub- ciphertext subct of biti, mb (m, i, ∈) is calculated first, is then generated respectively by relative strategy for 0 or 1 according to its value
Sub- cipher text part tc with authentication functioniWith the sub- cipher text part cc with computing functioni, tciAnd cciCollectively constitute i-th
The sub- ciphertext of bit.A random permutation is chosen to subct1,…,subctnInto line replacement, will replace the result of gained together with
Machine number r is exported as the ciphertext of plaintext m.
Then, comparison algorithm Compare is performed, even needs to compare two ciphertext ct1,ct2Size, first ciphertext is carried out
Parsing, then obtained sub- ciphertext is further analyzed.If exist in the sub- ciphertext of two ciphertexts mutual " can verify that "
Sub- ciphertext then calculates critical bit γ, and judge that two ciphertexts correspond to according to γ by the calculating section of corresponding sub- ciphertext again
The size of plaintext.Otherwise, if the sub- ciphertext of mutual " can verify that " is not present, then it represents that the corresponding plaintext of two ciphertexts is equal.
The present invention's efficiently takes off sequence encryption method, three algorithms therein, specially:
Setup(1λ), initialization algorithm:According to the security parameter λ of input, proceed as follows:
I, generation are used for the key k of Encryption Algorithm;
II chooses a function ∈:[n]×{0,1}n-1→{0,1};
III, setting key sk=(k, ∈) are simultaneously used as output.
Encrypt (sk, m), Encryption Algorithm:According to the key and plaintext of input, proceed as follows and (set a1a2…anFor
The binary coded form of plaintext m), choose a random numberFor each i ∈ [n], proceed as follows:
I calculates mb (m, i, ∈)=∈ (i, a1a2…ai-1||0n-i);
II, if mb (m, i, ∈)=aiThen calculate:
tci=F (k, i-1, a1a2…ai-1||0n-i+1);
Otherwise, then it calculates:
tci=H (F (k, i-1, a1a2…ai-1||0n-i+1),r);
III if mb (m, i, ∈)=0, randomly selects a bit as cci, i.e.,
If mb (m, i, ∈)=1, then calculate:
For each i ∈ [n], subct is seti=(tci,cci).Then, a random displacement π is chosen and by ciphertext
Ct={ r, subct are setπ(1),…,subctπ(n)Be and as output.
Compare(ct1,ct2), comparison algorithm:First respectively to two ciphertext ct1,ct2Parsing is as follows:
Wherein, for e ∈ { 1,2 }, i ∈ { 1,2 ..., n } meetThen, as follows
Size operation is compared to the corresponding plaintext of two ciphertexts:
I, if there are i, k ∈ [n] so thatWithBe mutually can " verification ", i.e.,Or haveSubsequently into next step;
Otherwise, 0 is exported, represents that the corresponding plaintext of two ciphertexts is equal.Here, it will be assumed that
II " can verify " satisfaction the sub- ciphertext of relationshipWithMeter
It calculates:
If γ=0,1 is exported, represents ct1Corresponding plaintext is more than ct2Corresponding plaintext;Otherwise, it if γ=1, exports
2, represent ct1Corresponding plaintext is less than ct2Corresponding plaintext.
ForIn the case of, judge the processing method of plaintext magnitude relationship with
It is similar.
Here, it is L to enable the leakage function originally taken off in sequence encryption method, and the information which includes is mainly three parts, bright
Literary size, plaintext highest difference bit phase isotype and the partial information of plaintext highest difference bit.If note that lead to here
It crosses and to ciphertext running and comparing algorithm, reveals the relevant information of corresponding plaintext and can be represented by revealing function.
Leakage function L is described below.Before this, several terms are first introduced, are that size compares (CMP) respectively,
Highest difference bit (msdb) bit partial information (pmsdb) different with highest.
Size compares the comparison result that (CMP) is plaintext size, is defined as:
Highest difference bit (msdb), is defined as:
msdb(m1,m2)=min { i:m1[i]≠m2[i] } ∪ { n+1 } wherein, symbol min expression be minimized, m [i] table
Show i-th of bit of literary m.
Highest difference bit partial information (pmsdb), is defined as:
Input:m1,m2
Output:pmsdb(m1,m2)
1. by pmsdb (m1,m2) it is initialized as 1;
2. for i from 1 to msdb (m1,m2) -1, performs by the following step:
If a. ∈ (i, a1a2…ai-1||0n-i)=0, then:
pmsdb(m1,m2)=pmsdb (m1,m2)+1;
B. otherwise, continue to execute;
3. return to pmsdb (m1,m2)。
Then, function is revealed as defined as follows:
Wherein, 1≤i, k≤q.
The present invention gives one kind efficiently to take off sequence encipherment scheme.The construction of the program only used pseudo-random function and Hash
Two kinds of efficient cryptographic primitives of function, this is their ability to the basis applied to encrypting database.Meanwhile this takes off sequence encipherment scheme
Three parts information is only revealed, respectively plaintext size, the phase isotype of plaintext highest difference bit and plaintext highest be not year-on-year
The partial information of special position, scheme of the amount of leakage strictly less than Chenette et al. of this information, there is thus also provided comparable
Safety.Although the outline on the amount of leakage of information of the scheme in the present invention more than the scheme of Cash et al., ensure that
Computational efficiency is very high.And since the scheme of Cash et al. needs to carry out a large amount of bilinear operation in comparison algorithm so that its side
Case is many compared to inefficiency for this programme, thus cannot be advantageously applied to encrypting database system.
Specific embodiment
Below by taking database is encrypted and compares integer data " 1011 " and " 987 " as an example, it is specific that algorithm is described in detail
Embodiment.
In view of in practical application, key hashing and pseudo-random function and trapdoor permutation function have many schemes can
To use, illustratively using SHA256 as pseudo-random function and the algorithm of keyed hash function in statement later.Number
16 systems represent according to this, and security parameter λ takes 128, it is assumed that plaintext space is 10.
First, the algorithm initialization stage
Randomly selecting the sub-key k that a length is 128 bits is;
2A8D8F6503CF1A36CC548712AB840D52。
Then, randomly selecting the sub-key that another length is 128 bits is:
A6810D0C6EF46EF324CC513D28650005,
It (will by the way that different data lengths can be met to the simple interception of output progress for generating ∈ with reference to HMAC-SHA256
It asks).
2nd, decimal integer data " 1011 " encrypting stage:
1. it is expressed as binary form 1111110011 by 123.
2. select 128 random number 4575F8DAD76981BFF081C911AB6B601C.
3. from a high position to the sub- ciphertext of low level step-by-step computation.
For example, to highest order, first, mb (123,1, ∈)=∈ (1,000000000), result of calculation 0 are calculated.It connects down
Come, calculate:
F (k, 1,000000000) is:
14963467c6a2a4babd81cb6edc7620f078986ed083a52b81934db22332eff9e3。
Then it calculates:H (F (k, 1,1110000000), 4575F8DAD76981BFF081C911AB6B601C) is
ddb57266534b3654da411dc4a2f68571026d6398f1e0ba7ab2fba62ca819b7e4。
Then it calculates:
F`(14963467c6a2a4babd81cb6edc7620f078986ed083a52b81934db22332eff9e3,
4575F8DAD76981BFF081C911AB6B601C) ⊕ 1 is 0.
Primary sub- ciphertext is:
(ddb57266534b3654da411dc4a2f68571026d6398f1e0ba7ab2fba62c a819b7e4,0)
Similar, can calculate the corresponding sub- ciphertext of following nine bits is:
(c6bab995ea2e8a3a902a5019b719b1aef46e6d90da22fcee1c9c1f6b 73fce725,0),
(1d29992e714404529e7a6b764434bd1029db0f5d4679a69961873fdb 2ec2fcc6,1),
(c938273a3cf72c5e417ecce3b5e81c3362f8014013d16694d445b70b 99b24e52,0),
(5bc27762abc0b0d9db0b447f9ddaa31ca5cd5d9a0edc40525efafedd dd59b497,0),
(a8ca3024ee214aaeba3da1bc314a30acf4325d6578a6bcb6015e1ca0 d0e9337e, 1),
(5b50f7213227ab4a5749cee14a986c17fd5dd188498d67d67a489a8e 80beabbe, 1),
(40c461f8f849110223c31d31f0cf6f73909621a75c25197075095537 1ed4ba81,0),
(a823032101d5d3712ff26cf444e90aa85d858d340b7a42995114c54b bb2fe0d6,1),
(ef49759c1abe501794cb15066d44d4e77ced968437808186c1b863a2 30c3c9c4,0).
4. choosing a random permutation, by the sequence of sub- ciphertext into line replacement, obtaining ciphertext is:
4575F8DAD76981BFF081C911AB6B601C,
(5b50f7213227ab4a5749cee14a986c17fd5dd188498d67d67a489a8e 80beabbe, 1),
(1d29992e714404529e7a6b764434bd1029db0f5d4679a69961873fdb 2ec2fcc6,1),
(c938273a3cf72c5e417ecce3b5e81c3362f8014013d16694d445b70b 99b24e52,0),
(ef49759c1abe501794cb15066d44d4e77ced968437808186c1b863a2 30c3c9c4,0),
(a8ca3024ee214aaeba3da1bc314a30acf4325d6578a6bcb6015e1ca0 d0e9337e, 1),
(ddb57266534b3654da411dc4a2f68571026d6398f1e0ba7ab2fba62c a819b7e4,0),
(40c461f8f849110223c31d31f0cf6f73909621a75c25197075095537 1ed4ba81,0),
(5bc27762abc0b0d9db0b447f9ddaa31ca5cd5d9a0edc40525efafedd dd59b497,0),
(a823032101d5d3712ff26cf444e90aa85d858d340b7a42995114c54b bb2fe0d6,1),
(c6bab995ea2e8a3a902a5019b719b1aef46e6d90da22fcee1c9c1f6b 73fce725,0),
3rd, decimal integer data " 987 " encrypting stage:
1. it is expressed as binary form 1111011011 by 987.
2. select 128 random number AB76AF098185B17A6597F61005BDD541.
3. from a high position to the sub- ciphertext of low level step-by-step computation.
For example, to highest order, first, mb (123,1, ∈)=∈ (1,000000000), result of calculation 0 are calculated.It connects down
Come, calculate:
F (k, 1,000000000) is:
14963467c6a2a4babd81cb6edc7620f078986ed083a52b81934db22332eff9e3。
Then, it calculates:H (F (k, 1,1110000000), AB76AF098185B17A6597F61005BDD541) is
9238b2b7cc25101e447f7058fb3f15af26f860c19bb2f4020b3f486f73174d4e。
Then it calculates:
F`(9238b2b7cc25101e447f7058fb3f15af26f860c19bb2f4020b3f486f73174d4e,
AB76AF098185B17A6597F61005BDD541) ⊕ 1 is 1.
Primary sub- ciphertext is:
(9238b2b7cc25101e447f7058fb3f15af26f860c19bb2f4020b3f486f 73174d4e, 1).
Similar, can calculate the corresponding sub- ciphertext of following nine bits is:
(995a148417c9b57345f1e3ed6e87d00c6d279f4274d9ebdc3757175f 8b700653,0),
(1d29992e714404529e7a6b764434bd1029db0f5d4679a69961873fdb 2ec2fcc6,0),
(c938273a3cf72c5e417ecce3b5e81c3362f8014013d16694d445b70b 99b24e52,1),
(c030c851817ca02f339b6a49daee7aa49d4bf0ffa25531cb5bb5155c a01ff07f, 1),
(f9bbc5905b743a6a8b63134900ab85b6c39d2f9afc6bdf3d0e7da670 9e7c0684,0),
(51c9d8ef7a981e0b75251ffe3f97638d87a428e39d15209beb03c811 7e412746,1),
(8208be7415566251b93b696a43ecaff9d31d82bdc1f5baae40e97d8f ee3e235b, 0),
(ed8f2af9f682dc63c2f15f0b1424904dbdd74b3d6b5046b752f8278a a7eb5767,1),
(6066f821e33d7d8836b9688adac986bb10aac4617e0905a6e7447ce7 72f2dbbd, 1)
4. choosing a random permutation, by the sequence of sub- ciphertext into line replacement, obtaining ciphertext is:
AB76AF098185B17A6597F61005BDD541,
(c030c851817ca02f339b6a49daee7aa49d4bf0ffa25531cb5bb5155c a01ff07f, 1),
(9238b2b7cc25101e447f7058fb3f15af26f860c19bb2f4020b3f486f 73174d4e, 1),
(995a148417c9b57345f1e3ed6e87d00c6d279f4274d9ebdc3757175f 8b700653,0),
(51c9d8ef7a981e0b75251ffe3f97638d87a428e39d15209beb03c811 7e412746,1),
(1d29992e714404529e7a6b764434bd1029db0f5d4679a69961873fdb 2ec2fcc6,0),
(c938273a3cf72c5e417ecce3b5e81c3362f8014013d16694d445b70b 99b24e52,1),
(6066f821e33d7d8836b9688adac986bb10aac4617e0905a6e7447ce7 72f2dbbd, 1),
(f9bbc5905b743a6a8b63134900ab85b6c39d2f9afc6bdf3d0e7da670 9e7c0684,0),
(8208be7415566251b93b696a43ecaff9d31d82bdc1f5baae40e97d8f ee3e235b, 0),
(ed8f2af9f682dc63c2f15f0b1424904dbdd74b3d6b5046b752f8278a a7eb5767,1)
4th, two ciphertexts of gained are compared the stage above:
1. finally having is verified to the sub- ciphertext of bit-by-bit first:
H (5bc27762abc0b0d9db0b447f9ddaa31ca5cd5d9a0edc40525efafedd dd59b49,
AB76AF098185B17A6597F61005BDD541)
=c030c851817ca02f339b6a49daee7aa49d4bf0ffa25531cb5bb5155c a01ff07f.
2. then, pass through calculating:
F`(5bc27762abc0b0d9db0b447f9ddaa31ca5cd5d9a0edc40525efafedddd59b49,
AB76AF098185B17A6597F61005BDD541) ⊕ 1=0,
May know that the latter's ciphertext corresponds to the critical bit position of plaintext is 0, thus can be obtained after the former ciphertext corresponds to and be more than in plain text
Person's ciphertext corresponds in plain text.
Claims (3)
1. a kind of weak leakage efficiently takes off sequence encryption method, comprising initialization, encryption and comparison algorithm triple, it is denoted as
(ORESetup,OREEncrypt,ORECompare);If H is from { 0,1 }λ×{0,1}nIt is mapped to { 0,1 }λHash function;PRF is puppet
Random function, F, F' are two kinds of pseudo-random function with different definition domain and codomain, wherein, F:{0,1}λ×([n]×{0,
1}n-1)→{0,1}λ,F′:{0,1}λ×{0,1}λ→{0,1};It is characterized in that, the specific steps are:
(1) first, initialization algorithm Setup is performed, which inputs a security parameter λ, generates close needed for then encryption
Key k, while a mapping ∈ is chosen, k and ∈ as the key sk of user and is exported;
(2) secondly, authorized user, which encrypts, needs by inputting key sk and plaintext m, and perform Encryption Algorithm Encrypt;The calculation
Method chooses random number r, then generates the corresponding sub- ciphertext subct of each bit i from 1 to n by specific policyi;For i-th
The sub- ciphertext subct of biti, mb (m, i, ∈) is calculated first, is then generated respectively by relative strategy for 0 or 1 according to its value
Sub- cipher text part tc with authentication functioniWith the sub- cipher text part cc with computing functioni, tciAnd cciCollectively constitute i-th
The sub- ciphertext of bit;A random permutation is chosen to subct1,…,subctnInto line replacement, will replace the result of gained together with
Machine number r is exported as the ciphertext of plaintext m;
(3) then, comparison algorithm Compare is performed, even needs to compare two ciphertext ct1,ct2Size, first ciphertext is solved
Analysis, then obtained sub- ciphertext is further analyzed:If there is the son of mutual " can verify that " in the sub- ciphertext of two ciphertexts
Ciphertext then calculates critical bit γ by the calculating section of corresponding sub- ciphertext again, and it is bright according to γ to judge that two ciphertexts correspond to
The size of text;Otherwise, if the sub- ciphertext of mutual " can verify that " is not present, then it represents that the corresponding plaintext of two ciphertexts is equal.
2. weak leakage according to claim 1 efficiently takes off sequence encryption method, which is characterized in that the Setup (1λ),
Initialization algorithm:According to the security parameter λ of input, proceed as follows:
I, generation are used for the key k of Encryption Algorithm;
II chooses a function ∈:[n]×{0,1}n-1→{0,1};
III, setting key sk=(k, ∈) are simultaneously used as output;
The Encrypt (sk, m), Encryption Algorithm:According to the key and plaintext of input, proceed as follows and (set a1a2…an
Binary coded form for plaintext m), choose a random numberFor each i ∈ [n], proceed as follows:
I calculates mb (m, i, ∈)=∈ (i, a1a2…ai-1||0n-i);
II, if mb (m, i, ∈)=aiThen calculate:
tci=F (k, i-1, a1a2…ai-1||0n-i+1);
Otherwise, then it calculates:
tci=H (F (k, i-1, a1a2…ai-1||0n-i+1),r);
III if mb (m, i, ∈)=0, randomly selects a bit as cci, i.e.,
If mb (m, i, ∈)=1, then calculate:
For each i ∈ [n], subct is seti=(tci,cci), then, choose a random displacement π and ciphertext is set
Ct={ r, subctπ(1),…,subctπ(n)Be and as output;
Compare (the ct1,ct2), comparison algorithm:First respectively to two ciphertext ct1,ct2Parsing is as follows:
Wherein, for e ∈ { 1,2 }, i ∈ { 1,2 ..., n } meetThen, as follows to two
The corresponding plaintext of a ciphertext is compared size operation:
I, if there are i, k ∈ [n] so thatWithBe mutually can " verification ", i.e.,Or haveSubsequently into next step;
Otherwise, 0 is exported, represents that the corresponding plaintext of two ciphertexts is equal;Here, suppose that
II " can verify " satisfaction the sub- ciphertext of relationshipWithIt calculates:
If γ=0,1 is exported, represents ct1Corresponding plaintext is more than ct2Corresponding plaintext;Otherwise, if γ=1,2 are exported, table
Show ct1Corresponding plaintext is less than ct2Corresponding plaintext;
ForIn the case of, judge the processing method of plaintext magnitude relationship withClass
Seemingly.
3. weak leakage according to claim 2 efficiently takes off sequence encryption method, which is characterized in that is let out involved in comparison algorithm
The relevant information of the corresponding plaintext of dew represents that the information that the function includes is mainly three parts by revealing function L:It is big in plain text
Small, plaintext highest difference bit phase isotype and the partial information of plaintext highest difference bit;Function is revealed by following fixed
Justice:
Wherein, 1≤i, k≤q;
CMP compares for size, as the comparison result of plaintext size, is defined as:
Msdb is highest difference bit, is defined as:
msdb(m1,m2)=min { i:m1[i]≠m2[i] } ∪ { n+1 } wherein, symbol min expression be minimized, m [i] represent it is bright
I-th of bit of literary m;
Pmsdb is highest difference bit partial information, is defined as:
Input:m1,m2
Output:pmsdb(m1,m2)
(1) is by pmsdb (m1,m2) it is initialized as 1;
(2) for i from 1 to msdb (m1,m2) -1, performs by the following step:
If (a) ∈ (i, a1a2…ai-1||0n-i)=0, then
pmsdb(m1,m2)=pmsdb (m1,m2)+1;
(b) otherwise., is continued to execute;
(3) returns to pmsdb (m1,m2)。
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711345316.4A CN108234108B (en) | 2017-12-15 | 2017-12-15 | High-efficiency de-ordering encryption method for weak leakage |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711345316.4A CN108234108B (en) | 2017-12-15 | 2017-12-15 | High-efficiency de-ordering encryption method for weak leakage |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108234108A true CN108234108A (en) | 2018-06-29 |
CN108234108B CN108234108B (en) | 2021-06-22 |
Family
ID=62649602
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711345316.4A Active CN108234108B (en) | 2017-12-15 | 2017-12-15 | High-efficiency de-ordering encryption method for weak leakage |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108234108B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109088721A (en) * | 2018-10-02 | 2018-12-25 | 复旦大学 | One kind, which can entrust, takes off sequence encryption method |
WO2020253106A1 (en) * | 2019-06-21 | 2020-12-24 | 深圳壹账通智能科技有限公司 | Method and apparatus for proving size relationship of encrypted data, device, and storage medium |
CN113254971A (en) * | 2021-06-09 | 2021-08-13 | 中国电子科技集团公司第三十研究所 | Multi-data type ciphertext comparison method based on de-scrambling encryption |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7725397B2 (en) * | 2005-04-13 | 2010-05-25 | Hewlett-Packard Development Company, L.P. | Method and system for time-sequential authentication of shipments in supply chains |
WO2010115063A1 (en) * | 2009-04-03 | 2010-10-07 | Wms Gaming, Inc. | Integrating social networks and wagering games |
CN107147487A (en) * | 2017-05-23 | 2017-09-08 | 高胜法 | The random block cipher of symmetric key |
-
2017
- 2017-12-15 CN CN201711345316.4A patent/CN108234108B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7725397B2 (en) * | 2005-04-13 | 2010-05-25 | Hewlett-Packard Development Company, L.P. | Method and system for time-sequential authentication of shipments in supply chains |
WO2010115063A1 (en) * | 2009-04-03 | 2010-10-07 | Wms Gaming, Inc. | Integrating social networks and wagering games |
CN107147487A (en) * | 2017-05-23 | 2017-09-08 | 高胜法 | The random block cipher of symmetric key |
Non-Patent Citations (2)
Title |
---|
DAVID CASH等: "Reducing the Leakage in Practical Order-Revealing Encryption", 《IACR CRYPTOLOGY EPRINT ARCHIVE》 * |
NATHAN CHENETTE等: "Practical Order-Revealing Encryption with Limited Leakage", 《FAST SOFTWARE ENCRYPTION-FSE 2016,SPRINGER BERLIN HEIDELBERG》 * |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109088721A (en) * | 2018-10-02 | 2018-12-25 | 复旦大学 | One kind, which can entrust, takes off sequence encryption method |
CN109088721B (en) * | 2018-10-02 | 2022-01-28 | 复旦大学 | Entrustable uncovering and encrypting method |
WO2020253106A1 (en) * | 2019-06-21 | 2020-12-24 | 深圳壹账通智能科技有限公司 | Method and apparatus for proving size relationship of encrypted data, device, and storage medium |
CN113254971A (en) * | 2021-06-09 | 2021-08-13 | 中国电子科技集团公司第三十研究所 | Multi-data type ciphertext comparison method based on de-scrambling encryption |
Also Published As
Publication number | Publication date |
---|---|
CN108234108B (en) | 2021-06-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8559631B1 (en) | Systems and methods for efficient decryption of attribute-based encryption | |
JP4712017B2 (en) | Message authentication code generation method using stream cipher, authentication encryption method using stream cipher, and authentication decryption method using stream cipher | |
CN107294697B (en) | Symmetrical full homomorphic cryptography method based on plaintext similar matrix | |
KR100930577B1 (en) | Message authentication code generation method using stream cipher, authentication encryption method using stream cipher, and authentication decryption method using stream cipher | |
US8566601B1 (en) | Systems and methods for functional encryption using a string of arbitrary length | |
CN106789044B (en) | Searchable encryption method for cipher text data public key stored in cloud on grid under standard model | |
CN110719159A (en) | Multi-party privacy set intersection method for resisting malicious enemies | |
CN106953722A (en) | Ciphertext query method and system for full homomorphic encryption | |
EP3718250A1 (en) | Cryptography device having secure provision of random number sequences | |
TWI688250B (en) | Method and device for data encryption and decryption | |
KR20160131798A (en) | Method and system for additive homomorphic encryption scheme with error detection functionality | |
CN105184115A (en) | Method For Including An Implicit Integrity Or Authenticity Check Into A White-box Implementation | |
Kumar et al. | Novel pseudo random key & cosine transformed chaotic maps based satellite image encryption | |
CN108234108A (en) | Weak leakage efficiently takes off sequence encryption method | |
WO2021129470A1 (en) | Polynomial-based system and method for fully homomorphic encryption of binary data | |
CN105095695A (en) | Realizing authorization via incorrect functional behavior of a white-box implementation | |
CN110851845A (en) | Light-weight single-user multi-data all-homomorphic data packaging method | |
CN111314050A (en) | Encryption and decryption method and device | |
CN109981265A (en) | A kind of ciphertext equivalence determination method without using Bilinear map of identity-based | |
CN104753947A (en) | Attribute-based verifiable outsourcing decryption system and method with fixed ciphertext length | |
Walia et al. | Implementation of new modified MD5-512 bit algorithm for cryptography | |
CN105721134A (en) | Using single white-box implementation with multiple external encodings | |
WO2020213114A1 (en) | Mac tag list generation device, mac tag list verification device, method, and program | |
CN109088721B (en) | Entrustable uncovering and encrypting method | |
CN105281893A (en) | Method for introducing dependence of white-box implementation on a set of strings |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |