CN108234108A - Weak leakage efficiently takes off sequence encryption method - Google Patents

Weak leakage efficiently takes off sequence encryption method Download PDF

Info

Publication number
CN108234108A
CN108234108A CN201711345316.4A CN201711345316A CN108234108A CN 108234108 A CN108234108 A CN 108234108A CN 201711345316 A CN201711345316 A CN 201711345316A CN 108234108 A CN108234108 A CN 108234108A
Authority
CN
China
Prior art keywords
plaintext
ciphertext
sub
bit
function
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201711345316.4A
Other languages
Chinese (zh)
Other versions
CN108234108B (en
Inventor
黎源
赵运磊
朱扬勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fudan University
Original Assignee
Fudan University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fudan University filed Critical Fudan University
Priority to CN201711345316.4A priority Critical patent/CN108234108B/en
Publication of CN108234108A publication Critical patent/CN108234108A/en
Application granted granted Critical
Publication of CN108234108B publication Critical patent/CN108234108B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
    • H04L9/0656Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention belongs to art of cryptography, specially a kind of weak leakage efficiently takes off sequence encryption method.The present invention includes initialization, encryption and comparison algorithm triple, is denoted as

Description

Weak leakage efficiently takes off sequence encryption method
Technical field
The invention belongs to art of cryptography, and in particular to take off sequence encryption method in private key encryption.
Background technology
Pre-knowledge and symbology:
Hash function H is a mapping from domain to codomain, i.e. H:{0,1}m→{0,1}n.Wherein, this definition domain can With the bit set of strings { 0,1 } of random length*Or the fixed bit set of strings { 0,1 } of some lengthm, codomain is often then The bit set of strings { 0,1 } of some regular lengthn.Here, it is desirable that m is bigger than n, that is, embodies the compressibility of hash function.One Hash function has anti-collision, then two different value x and x' are found in requirement from domain so that meet H (x)=H (x') it is that calculating is infeasible.One hash function has one-way (also known as antigen picture attack), then requirement is for from codomain Any given y finds x and so that it is that calculating is infeasible to meet H (x)=y.There are several hash functions wide in cryptography General use:For example the data of random length are converted to the 0-1 of one 128- and gone here and there by MD5, and another common hash function The output of SHA is the 0-1 strings of 160.Hash function returns can be very extensive:From simple mixing (mixing) function The function that there is pseudo random output property to one.Hash function with pseudo random output property normal quilt in Cryptanalysis It is idealized as one " random oracle (random oracle) ".Common pseudo-random function is also for this.One with key Function F:{0,1}n×{0,1}m→{0,1}nPseudo-random function, then need to meet to the opponent of arbitrary polynomial time all without Method distinguishes FkAnd fn, wherein k is from { 0,1 }mIn uniformly random selection, and fnBe then be all n from domain and codomain collection of functions In uniformly random selection.
It is Mechanism in Security Database Systems to take off sequence encryption and the encrypted main application direction of order-preserving, such as the CryptDB of Popa propositions. There are both cryptography tools, the database manipulation based on magnitude relationship such as range searching and sequence can directly act on ciphertext On, so as to provide the Database Systems for meeting security requirement.Order-preserving encryption is suggested prior to taking off sequence encryption, wherein, it carries The original intention for going out to take off sequence encipherment scheme is to get around a negative decision in order-preserving encryption, i.e., there is no efficient and satisfaction is preferable The order-preserving encipherment scheme of safety.Sequence encryption is taken off earliest by Boneh et al. propositions, however structure of the program based on multilinear pairing It makes and the immature of multilinear pairing technology at present causes its scheme to have no efficiency can to say.Then, Chenette et al. constructions It is a kind of it is efficient take off sequence encipherment scheme, but information content of its leakage is more, including plaintext size and highest difference bit. Information content is revealed to reduce scheme, that is, improves the safety of scheme, Cash et al. constructs one kind using bilinear map and takes off sequence Encipherment scheme, the information content of program leakage includes the phase isotype of plaintext size order and highest difference bit, stringent few In the information content that the scheme of Chenette et al. is revealed, but largely reduced in comparison algorithm using bilinear map operation The efficiency of scheme.Therefore, based on important application on encrypting database, taking off sequence encryption, to receive many scholars recent years wide General concern.
One take off sequence encipherment scheme include initialization, encrypt and compare three algorithm tuple ORE=(ORE.Setup, ORE.Encrypt, ORE.Compare), meet following three property respectively:
ORE.Setup(1λ)→sk.The algorithm inputs a security parameter λ, and one private key of output is as in Encryption Algorithm Key.
ORE.Encrypt(sk,m)→ct.The algorithm inputs private key and plaintext, generates a ciphertext c and as calculation The output of method.
ORE.Compare(ct1,ct2)→b.The algorithm inputs two ciphertexts, and one bit b ∈ { 0,1 } of output is for table Show that ciphertext corresponds to the magnitude relationship of plaintext.
Here, sequence encipherment scheme and the not specifically shown description as described in decipherment algorithm ORE.Decrypt are generally taken off, because of solution It is close to carry out binary chop by comparing algorithm to carry out.
Although the information content that the scheme of Cash et al. is revealed is lacked compared with Chenette et al. schemes, due to comparing calculation A large amount of bilinear map operation is used in method causes its efficiency more low, and therefore, The present invention gives compared with Cash et al. sides Case is safer and meet greater efficiency takes off sequence encipherment scheme.In fact, the sequence encipherment scheme of taking off of the present invention mainly considers It takes off in terms of sequence is encrypted in safety and efficiency two and is weighed, sequence encipherment scheme is more reasonably taken off so as to provide.
Invention content
The purpose of the present invention is to provide a kind of weak leakages (only to reveal plaintext size, plaintext highest difference bit Phase isotype and plaintext highest difference bit partial information) efficiently take off sequence encryption method.
Weak leakage provided by the invention efficiently takes off sequence encryption method ∏, includes initialization, encryption and comparison algorithm ternary Group is denoted as (ORESetup,OREEncrypt,ORECompare).If H is from { 0,1 }λ×{0,1}nIt is mapped to { 0,1 }λKazakhstan Uncommon function;PRF is pseudo-random function, and F, F' are two kinds of pseudo-random function with different definition domain and codomain, wherein, F:{0, 1}λ×([n]×{0,1}n-1)→{0,1}λ,F′:{0,1}λ×{0,1}λ→{0,1}。
Weak leakage provided by the invention efficiently takes off sequence encryption method, the specific steps are:
First, initialization algorithm Setup is performed, which inputs a security parameter λ, generates close needed for then encryption Key k, while a mapping ∈ is chosen, k and ∈ as the key sk of user and is exported;
Secondly, authorized user, which encrypts, needs by inputting key sk and plaintext m, and perform Encryption Algorithm Encrypt.The calculation Method chooses random number r, then generates the corresponding sub- ciphertext subct of each bit i from 1 to n by specific policyi.For i-th The sub- ciphertext subct of biti, mb (m, i, ∈) is calculated first, is then generated respectively by relative strategy for 0 or 1 according to its value Sub- cipher text part tc with authentication functioniWith the sub- cipher text part cc with computing functioni, tciAnd cciCollectively constitute i-th The sub- ciphertext of bit.A random permutation is chosen to subct1,…,subctnInto line replacement, will replace the result of gained together with Machine number r is exported as the ciphertext of plaintext m.
Then, comparison algorithm Compare is performed, even needs to compare two ciphertext ct1,ct2Size, first ciphertext is carried out Parsing, then obtained sub- ciphertext is further analyzed.If exist in the sub- ciphertext of two ciphertexts mutual " can verify that " Sub- ciphertext then calculates critical bit γ, and judge that two ciphertexts correspond to according to γ by the calculating section of corresponding sub- ciphertext again The size of plaintext.Otherwise, if the sub- ciphertext of mutual " can verify that " is not present, then it represents that the corresponding plaintext of two ciphertexts is equal.
The present invention's efficiently takes off sequence encryption method, three algorithms therein, specially:
Setup(1λ), initialization algorithm:According to the security parameter λ of input, proceed as follows:
I, generation are used for the key k of Encryption Algorithm;
II chooses a function ∈:[n]×{0,1}n-1→{0,1};
III, setting key sk=(k, ∈) are simultaneously used as output.
Encrypt (sk, m), Encryption Algorithm:According to the key and plaintext of input, proceed as follows and (set a1a2…anFor The binary coded form of plaintext m), choose a random numberFor each i ∈ [n], proceed as follows:
I calculates mb (m, i, ∈)=∈ (i, a1a2…ai-1||0n-i);
II, if mb (m, i, ∈)=aiThen calculate:
tci=F (k, i-1, a1a2…ai-1||0n-i+1);
Otherwise, then it calculates:
tci=H (F (k, i-1, a1a2…ai-1||0n-i+1),r);
III if mb (m, i, ∈)=0, randomly selects a bit as cci, i.e.,
If mb (m, i, ∈)=1, then calculate:
For each i ∈ [n], subct is seti=(tci,cci).Then, a random displacement π is chosen and by ciphertext Ct={ r, subct are setπ(1),…,subctπ(n)Be and as output.
Compare(ct1,ct2), comparison algorithm:First respectively to two ciphertext ct1,ct2Parsing is as follows:
Wherein, for e ∈ { 1,2 }, i ∈ { 1,2 ..., n } meetThen, as follows Size operation is compared to the corresponding plaintext of two ciphertexts:
I, if there are i, k ∈ [n] so thatWithBe mutually can " verification ", i.e.,Or haveSubsequently into next step;
Otherwise, 0 is exported, represents that the corresponding plaintext of two ciphertexts is equal.Here, it will be assumed that
II " can verify " satisfaction the sub- ciphertext of relationshipWithMeter It calculates:
If γ=0,1 is exported, represents ct1Corresponding plaintext is more than ct2Corresponding plaintext;Otherwise, it if γ=1, exports 2, represent ct1Corresponding plaintext is less than ct2Corresponding plaintext.
ForIn the case of, judge the processing method of plaintext magnitude relationship with It is similar.
Here, it is L to enable the leakage function originally taken off in sequence encryption method, and the information which includes is mainly three parts, bright Literary size, plaintext highest difference bit phase isotype and the partial information of plaintext highest difference bit.If note that lead to here It crosses and to ciphertext running and comparing algorithm, reveals the relevant information of corresponding plaintext and can be represented by revealing function.
Leakage function L is described below.Before this, several terms are first introduced, are that size compares (CMP) respectively, Highest difference bit (msdb) bit partial information (pmsdb) different with highest.
Size compares the comparison result that (CMP) is plaintext size, is defined as:
Highest difference bit (msdb), is defined as:
msdb(m1,m2)=min { i:m1[i]≠m2[i] } ∪ { n+1 } wherein, symbol min expression be minimized, m [i] table Show i-th of bit of literary m.
Highest difference bit partial information (pmsdb), is defined as:
Input:m1,m2
Output:pmsdb(m1,m2)
1. by pmsdb (m1,m2) it is initialized as 1;
2. for i from 1 to msdb (m1,m2) -1, performs by the following step:
If a. ∈ (i, a1a2…ai-1||0n-i)=0, then:
pmsdb(m1,m2)=pmsdb (m1,m2)+1;
B. otherwise, continue to execute;
3. return to pmsdb (m1,m2)。
Then, function is revealed as defined as follows:
Wherein, 1≤i, k≤q.
The present invention gives one kind efficiently to take off sequence encipherment scheme.The construction of the program only used pseudo-random function and Hash Two kinds of efficient cryptographic primitives of function, this is their ability to the basis applied to encrypting database.Meanwhile this takes off sequence encipherment scheme Three parts information is only revealed, respectively plaintext size, the phase isotype of plaintext highest difference bit and plaintext highest be not year-on-year The partial information of special position, scheme of the amount of leakage strictly less than Chenette et al. of this information, there is thus also provided comparable Safety.Although the outline on the amount of leakage of information of the scheme in the present invention more than the scheme of Cash et al., ensure that Computational efficiency is very high.And since the scheme of Cash et al. needs to carry out a large amount of bilinear operation in comparison algorithm so that its side Case is many compared to inefficiency for this programme, thus cannot be advantageously applied to encrypting database system.
Specific embodiment
Below by taking database is encrypted and compares integer data " 1011 " and " 987 " as an example, it is specific that algorithm is described in detail Embodiment.
In view of in practical application, key hashing and pseudo-random function and trapdoor permutation function have many schemes can To use, illustratively using SHA256 as pseudo-random function and the algorithm of keyed hash function in statement later.Number 16 systems represent according to this, and security parameter λ takes 128, it is assumed that plaintext space is 10.
First, the algorithm initialization stage
Randomly selecting the sub-key k that a length is 128 bits is;
2A8D8F6503CF1A36CC548712AB840D52。
Then, randomly selecting the sub-key that another length is 128 bits is:
A6810D0C6EF46EF324CC513D28650005,
It (will by the way that different data lengths can be met to the simple interception of output progress for generating ∈ with reference to HMAC-SHA256 It asks).
2nd, decimal integer data " 1011 " encrypting stage:
1. it is expressed as binary form 1111110011 by 123.
2. select 128 random number 4575F8DAD76981BFF081C911AB6B601C.
3. from a high position to the sub- ciphertext of low level step-by-step computation.
For example, to highest order, first, mb (123,1, ∈)=∈ (1,000000000), result of calculation 0 are calculated.It connects down Come, calculate:
F (k, 1,000000000) is:
14963467c6a2a4babd81cb6edc7620f078986ed083a52b81934db22332eff9e3。
Then it calculates:H (F (k, 1,1110000000), 4575F8DAD76981BFF081C911AB6B601C) is ddb57266534b3654da411dc4a2f68571026d6398f1e0ba7ab2fba62ca819b7e4。
Then it calculates:
F`(14963467c6a2a4babd81cb6edc7620f078986ed083a52b81934db22332eff9e3, 4575F8DAD76981BFF081C911AB6B601C) ⊕ 1 is 0.
Primary sub- ciphertext is:
(ddb57266534b3654da411dc4a2f68571026d6398f1e0ba7ab2fba62c a819b7e4,0)
Similar, can calculate the corresponding sub- ciphertext of following nine bits is:
(c6bab995ea2e8a3a902a5019b719b1aef46e6d90da22fcee1c9c1f6b 73fce725,0),
(1d29992e714404529e7a6b764434bd1029db0f5d4679a69961873fdb 2ec2fcc6,1),
(c938273a3cf72c5e417ecce3b5e81c3362f8014013d16694d445b70b 99b24e52,0),
(5bc27762abc0b0d9db0b447f9ddaa31ca5cd5d9a0edc40525efafedd dd59b497,0),
(a8ca3024ee214aaeba3da1bc314a30acf4325d6578a6bcb6015e1ca0 d0e9337e, 1),
(5b50f7213227ab4a5749cee14a986c17fd5dd188498d67d67a489a8e 80beabbe, 1),
(40c461f8f849110223c31d31f0cf6f73909621a75c25197075095537 1ed4ba81,0),
(a823032101d5d3712ff26cf444e90aa85d858d340b7a42995114c54b bb2fe0d6,1),
(ef49759c1abe501794cb15066d44d4e77ced968437808186c1b863a2 30c3c9c4,0).
4. choosing a random permutation, by the sequence of sub- ciphertext into line replacement, obtaining ciphertext is:
4575F8DAD76981BFF081C911AB6B601C,
(5b50f7213227ab4a5749cee14a986c17fd5dd188498d67d67a489a8e 80beabbe, 1),
(1d29992e714404529e7a6b764434bd1029db0f5d4679a69961873fdb 2ec2fcc6,1),
(c938273a3cf72c5e417ecce3b5e81c3362f8014013d16694d445b70b 99b24e52,0),
(ef49759c1abe501794cb15066d44d4e77ced968437808186c1b863a2 30c3c9c4,0),
(a8ca3024ee214aaeba3da1bc314a30acf4325d6578a6bcb6015e1ca0 d0e9337e, 1),
(ddb57266534b3654da411dc4a2f68571026d6398f1e0ba7ab2fba62c a819b7e4,0),
(40c461f8f849110223c31d31f0cf6f73909621a75c25197075095537 1ed4ba81,0),
(5bc27762abc0b0d9db0b447f9ddaa31ca5cd5d9a0edc40525efafedd dd59b497,0),
(a823032101d5d3712ff26cf444e90aa85d858d340b7a42995114c54b bb2fe0d6,1),
(c6bab995ea2e8a3a902a5019b719b1aef46e6d90da22fcee1c9c1f6b 73fce725,0),
3rd, decimal integer data " 987 " encrypting stage:
1. it is expressed as binary form 1111011011 by 987.
2. select 128 random number AB76AF098185B17A6597F61005BDD541.
3. from a high position to the sub- ciphertext of low level step-by-step computation.
For example, to highest order, first, mb (123,1, ∈)=∈ (1,000000000), result of calculation 0 are calculated.It connects down Come, calculate:
F (k, 1,000000000) is:
14963467c6a2a4babd81cb6edc7620f078986ed083a52b81934db22332eff9e3。
Then, it calculates:H (F (k, 1,1110000000), AB76AF098185B17A6597F61005BDD541) is 9238b2b7cc25101e447f7058fb3f15af26f860c19bb2f4020b3f486f73174d4e。
Then it calculates:
F`(9238b2b7cc25101e447f7058fb3f15af26f860c19bb2f4020b3f486f73174d4e, AB76AF098185B17A6597F61005BDD541) ⊕ 1 is 1.
Primary sub- ciphertext is:
(9238b2b7cc25101e447f7058fb3f15af26f860c19bb2f4020b3f486f 73174d4e, 1).
Similar, can calculate the corresponding sub- ciphertext of following nine bits is:
(995a148417c9b57345f1e3ed6e87d00c6d279f4274d9ebdc3757175f 8b700653,0),
(1d29992e714404529e7a6b764434bd1029db0f5d4679a69961873fdb 2ec2fcc6,0),
(c938273a3cf72c5e417ecce3b5e81c3362f8014013d16694d445b70b 99b24e52,1),
(c030c851817ca02f339b6a49daee7aa49d4bf0ffa25531cb5bb5155c a01ff07f, 1),
(f9bbc5905b743a6a8b63134900ab85b6c39d2f9afc6bdf3d0e7da670 9e7c0684,0),
(51c9d8ef7a981e0b75251ffe3f97638d87a428e39d15209beb03c811 7e412746,1),
(8208be7415566251b93b696a43ecaff9d31d82bdc1f5baae40e97d8f ee3e235b, 0),
(ed8f2af9f682dc63c2f15f0b1424904dbdd74b3d6b5046b752f8278a a7eb5767,1),
(6066f821e33d7d8836b9688adac986bb10aac4617e0905a6e7447ce7 72f2dbbd, 1)
4. choosing a random permutation, by the sequence of sub- ciphertext into line replacement, obtaining ciphertext is:
AB76AF098185B17A6597F61005BDD541,
(c030c851817ca02f339b6a49daee7aa49d4bf0ffa25531cb5bb5155c a01ff07f, 1),
(9238b2b7cc25101e447f7058fb3f15af26f860c19bb2f4020b3f486f 73174d4e, 1),
(995a148417c9b57345f1e3ed6e87d00c6d279f4274d9ebdc3757175f 8b700653,0),
(51c9d8ef7a981e0b75251ffe3f97638d87a428e39d15209beb03c811 7e412746,1),
(1d29992e714404529e7a6b764434bd1029db0f5d4679a69961873fdb 2ec2fcc6,0),
(c938273a3cf72c5e417ecce3b5e81c3362f8014013d16694d445b70b 99b24e52,1),
(6066f821e33d7d8836b9688adac986bb10aac4617e0905a6e7447ce7 72f2dbbd, 1),
(f9bbc5905b743a6a8b63134900ab85b6c39d2f9afc6bdf3d0e7da670 9e7c0684,0),
(8208be7415566251b93b696a43ecaff9d31d82bdc1f5baae40e97d8f ee3e235b, 0),
(ed8f2af9f682dc63c2f15f0b1424904dbdd74b3d6b5046b752f8278a a7eb5767,1)
4th, two ciphertexts of gained are compared the stage above:
1. finally having is verified to the sub- ciphertext of bit-by-bit first:
H (5bc27762abc0b0d9db0b447f9ddaa31ca5cd5d9a0edc40525efafedd dd59b49,
AB76AF098185B17A6597F61005BDD541)
=c030c851817ca02f339b6a49daee7aa49d4bf0ffa25531cb5bb5155c a01ff07f.
2. then, pass through calculating:
F`(5bc27762abc0b0d9db0b447f9ddaa31ca5cd5d9a0edc40525efafedddd59b49, AB76AF098185B17A6597F61005BDD541) ⊕ 1=0,
May know that the latter's ciphertext corresponds to the critical bit position of plaintext is 0, thus can be obtained after the former ciphertext corresponds to and be more than in plain text Person's ciphertext corresponds in plain text.

Claims (3)

1. a kind of weak leakage efficiently takes off sequence encryption method, comprising initialization, encryption and comparison algorithm triple, it is denoted as (ORESetup,OREEncrypt,ORECompare);If H is from { 0,1 }λ×{0,1}nIt is mapped to { 0,1 }λHash function;PRF is puppet Random function, F, F' are two kinds of pseudo-random function with different definition domain and codomain, wherein, F:{0,1}λ×([n]×{0, 1}n-1)→{0,1}λ,F′:{0,1}λ×{0,1}λ→{0,1};It is characterized in that, the specific steps are:
(1) first, initialization algorithm Setup is performed, which inputs a security parameter λ, generates close needed for then encryption Key k, while a mapping ∈ is chosen, k and ∈ as the key sk of user and is exported;
(2) secondly, authorized user, which encrypts, needs by inputting key sk and plaintext m, and perform Encryption Algorithm Encrypt;The calculation Method chooses random number r, then generates the corresponding sub- ciphertext subct of each bit i from 1 to n by specific policyi;For i-th The sub- ciphertext subct of biti, mb (m, i, ∈) is calculated first, is then generated respectively by relative strategy for 0 or 1 according to its value Sub- cipher text part tc with authentication functioniWith the sub- cipher text part cc with computing functioni, tciAnd cciCollectively constitute i-th The sub- ciphertext of bit;A random permutation is chosen to subct1,…,subctnInto line replacement, will replace the result of gained together with Machine number r is exported as the ciphertext of plaintext m;
(3) then, comparison algorithm Compare is performed, even needs to compare two ciphertext ct1,ct2Size, first ciphertext is solved Analysis, then obtained sub- ciphertext is further analyzed:If there is the son of mutual " can verify that " in the sub- ciphertext of two ciphertexts Ciphertext then calculates critical bit γ by the calculating section of corresponding sub- ciphertext again, and it is bright according to γ to judge that two ciphertexts correspond to The size of text;Otherwise, if the sub- ciphertext of mutual " can verify that " is not present, then it represents that the corresponding plaintext of two ciphertexts is equal.
2. weak leakage according to claim 1 efficiently takes off sequence encryption method, which is characterized in that the Setup (1λ), Initialization algorithm:According to the security parameter λ of input, proceed as follows:
I, generation are used for the key k of Encryption Algorithm;
II chooses a function ∈:[n]×{0,1}n-1→{0,1};
III, setting key sk=(k, ∈) are simultaneously used as output;
The Encrypt (sk, m), Encryption Algorithm:According to the key and plaintext of input, proceed as follows and (set a1a2…an Binary coded form for plaintext m), choose a random numberFor each i ∈ [n], proceed as follows:
I calculates mb (m, i, ∈)=∈ (i, a1a2…ai-1||0n-i);
II, if mb (m, i, ∈)=aiThen calculate:
tci=F (k, i-1, a1a2…ai-1||0n-i+1);
Otherwise, then it calculates:
tci=H (F (k, i-1, a1a2…ai-1||0n-i+1),r);
III if mb (m, i, ∈)=0, randomly selects a bit as cci, i.e.,
If mb (m, i, ∈)=1, then calculate:
For each i ∈ [n], subct is seti=(tci,cci), then, choose a random displacement π and ciphertext is set Ct={ r, subctπ(1),…,subctπ(n)Be and as output;
Compare (the ct1,ct2), comparison algorithm:First respectively to two ciphertext ct1,ct2Parsing is as follows:
Wherein, for e ∈ { 1,2 }, i ∈ { 1,2 ..., n } meetThen, as follows to two The corresponding plaintext of a ciphertext is compared size operation:
I, if there are i, k ∈ [n] so thatWithBe mutually can " verification ", i.e.,Or haveSubsequently into next step;
Otherwise, 0 is exported, represents that the corresponding plaintext of two ciphertexts is equal;Here, suppose that
II " can verify " satisfaction the sub- ciphertext of relationshipWithIt calculates:
If γ=0,1 is exported, represents ct1Corresponding plaintext is more than ct2Corresponding plaintext;Otherwise, if γ=1,2 are exported, table Show ct1Corresponding plaintext is less than ct2Corresponding plaintext;
ForIn the case of, judge the processing method of plaintext magnitude relationship withClass Seemingly.
3. weak leakage according to claim 2 efficiently takes off sequence encryption method, which is characterized in that is let out involved in comparison algorithm The relevant information of the corresponding plaintext of dew represents that the information that the function includes is mainly three parts by revealing function L:It is big in plain text Small, plaintext highest difference bit phase isotype and the partial information of plaintext highest difference bit;Function is revealed by following fixed Justice:
Wherein, 1≤i, k≤q;
CMP compares for size, as the comparison result of plaintext size, is defined as:
Msdb is highest difference bit, is defined as:
msdb(m1,m2)=min { i:m1[i]≠m2[i] } ∪ { n+1 } wherein, symbol min expression be minimized, m [i] represent it is bright I-th of bit of literary m;
Pmsdb is highest difference bit partial information, is defined as:
Input:m1,m2
Output:pmsdb(m1,m2)
(1) is by pmsdb (m1,m2) it is initialized as 1;
(2) for i from 1 to msdb (m1,m2) -1, performs by the following step:
If (a) ∈ (i, a1a2…ai-1||0n-i)=0, then
pmsdb(m1,m2)=pmsdb (m1,m2)+1;
(b) otherwise., is continued to execute;
(3) returns to pmsdb (m1,m2)。
CN201711345316.4A 2017-12-15 2017-12-15 High-efficiency de-ordering encryption method for weak leakage Active CN108234108B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711345316.4A CN108234108B (en) 2017-12-15 2017-12-15 High-efficiency de-ordering encryption method for weak leakage

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711345316.4A CN108234108B (en) 2017-12-15 2017-12-15 High-efficiency de-ordering encryption method for weak leakage

Publications (2)

Publication Number Publication Date
CN108234108A true CN108234108A (en) 2018-06-29
CN108234108B CN108234108B (en) 2021-06-22

Family

ID=62649602

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711345316.4A Active CN108234108B (en) 2017-12-15 2017-12-15 High-efficiency de-ordering encryption method for weak leakage

Country Status (1)

Country Link
CN (1) CN108234108B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109088721A (en) * 2018-10-02 2018-12-25 复旦大学 One kind, which can entrust, takes off sequence encryption method
WO2020253106A1 (en) * 2019-06-21 2020-12-24 深圳壹账通智能科技有限公司 Method and apparatus for proving size relationship of encrypted data, device, and storage medium
CN113254971A (en) * 2021-06-09 2021-08-13 中国电子科技集团公司第三十研究所 Multi-data type ciphertext comparison method based on de-scrambling encryption

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7725397B2 (en) * 2005-04-13 2010-05-25 Hewlett-Packard Development Company, L.P. Method and system for time-sequential authentication of shipments in supply chains
WO2010115063A1 (en) * 2009-04-03 2010-10-07 Wms Gaming, Inc. Integrating social networks and wagering games
CN107147487A (en) * 2017-05-23 2017-09-08 高胜法 The random block cipher of symmetric key

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7725397B2 (en) * 2005-04-13 2010-05-25 Hewlett-Packard Development Company, L.P. Method and system for time-sequential authentication of shipments in supply chains
WO2010115063A1 (en) * 2009-04-03 2010-10-07 Wms Gaming, Inc. Integrating social networks and wagering games
CN107147487A (en) * 2017-05-23 2017-09-08 高胜法 The random block cipher of symmetric key

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
DAVID CASH等: "Reducing the Leakage in Practical Order-Revealing Encryption", 《IACR CRYPTOLOGY EPRINT ARCHIVE》 *
NATHAN CHENETTE等: "Practical Order-Revealing Encryption with Limited Leakage", 《FAST SOFTWARE ENCRYPTION-FSE 2016,SPRINGER BERLIN HEIDELBERG》 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109088721A (en) * 2018-10-02 2018-12-25 复旦大学 One kind, which can entrust, takes off sequence encryption method
CN109088721B (en) * 2018-10-02 2022-01-28 复旦大学 Entrustable uncovering and encrypting method
WO2020253106A1 (en) * 2019-06-21 2020-12-24 深圳壹账通智能科技有限公司 Method and apparatus for proving size relationship of encrypted data, device, and storage medium
CN113254971A (en) * 2021-06-09 2021-08-13 中国电子科技集团公司第三十研究所 Multi-data type ciphertext comparison method based on de-scrambling encryption

Also Published As

Publication number Publication date
CN108234108B (en) 2021-06-22

Similar Documents

Publication Publication Date Title
US8559631B1 (en) Systems and methods for efficient decryption of attribute-based encryption
JP4712017B2 (en) Message authentication code generation method using stream cipher, authentication encryption method using stream cipher, and authentication decryption method using stream cipher
CN107294697B (en) Symmetrical full homomorphic cryptography method based on plaintext similar matrix
KR100930577B1 (en) Message authentication code generation method using stream cipher, authentication encryption method using stream cipher, and authentication decryption method using stream cipher
US8566601B1 (en) Systems and methods for functional encryption using a string of arbitrary length
CN106789044B (en) Searchable encryption method for cipher text data public key stored in cloud on grid under standard model
CN110719159A (en) Multi-party privacy set intersection method for resisting malicious enemies
CN106953722A (en) Ciphertext query method and system for full homomorphic encryption
EP3718250A1 (en) Cryptography device having secure provision of random number sequences
TWI688250B (en) Method and device for data encryption and decryption
KR20160131798A (en) Method and system for additive homomorphic encryption scheme with error detection functionality
CN105184115A (en) Method For Including An Implicit Integrity Or Authenticity Check Into A White-box Implementation
Kumar et al. Novel pseudo random key & cosine transformed chaotic maps based satellite image encryption
CN108234108A (en) Weak leakage efficiently takes off sequence encryption method
WO2021129470A1 (en) Polynomial-based system and method for fully homomorphic encryption of binary data
CN105095695A (en) Realizing authorization via incorrect functional behavior of a white-box implementation
CN110851845A (en) Light-weight single-user multi-data all-homomorphic data packaging method
CN111314050A (en) Encryption and decryption method and device
CN109981265A (en) A kind of ciphertext equivalence determination method without using Bilinear map of identity-based
CN104753947A (en) Attribute-based verifiable outsourcing decryption system and method with fixed ciphertext length
Walia et al. Implementation of new modified MD5-512 bit algorithm for cryptography
CN105721134A (en) Using single white-box implementation with multiple external encodings
WO2020213114A1 (en) Mac tag list generation device, mac tag list verification device, method, and program
CN109088721B (en) Entrustable uncovering and encrypting method
CN105281893A (en) Method for introducing dependence of white-box implementation on a set of strings

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant