CN108768612A - A kind of full homomorphic cryptography method based on random unitary matrix during outsourcing calculates - Google Patents

A kind of full homomorphic cryptography method based on random unitary matrix during outsourcing calculates Download PDF

Info

Publication number
CN108768612A
CN108768612A CN201810563241.5A CN201810563241A CN108768612A CN 108768612 A CN108768612 A CN 108768612A CN 201810563241 A CN201810563241 A CN 201810563241A CN 108768612 A CN108768612 A CN 108768612A
Authority
CN
China
Prior art keywords
matrix
random
encryption
dimension
generating
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810563241.5A
Other languages
Chinese (zh)
Other versions
CN108768612B (en
Inventor
陈永辉
张明武
谢海涛
舒红章
袁金龙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hubei University of Technology
Original Assignee
Hubei University of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hubei University of Technology filed Critical Hubei University of Technology
Priority to CN201810563241.5A priority Critical patent/CN108768612B/en
Publication of CN108768612A publication Critical patent/CN108768612A/en
Application granted granted Critical
Publication of CN108768612B publication Critical patent/CN108768612B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/008Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Complex Calculations (AREA)

Abstract

A kind of full homomorphic cryptography method based on random unitary matrix in being calculated the invention discloses outsourcing.The existing full homomorphic cryptography characteristic of this method, and the calculating of non-integer domain is can apply to, while there is the honesty verification characteristic in total domain.Integer field is can be only applied to compared to classical cryptoraphy scheme, this method can be applied to the manipulable number field of any matrix, including real number, plural number etc.;Compared to existing same type encryption method, this programme not only has full homomorphic characteristic, but also because using unitary matrice, ill-condition number will not be introduced to being calculated after encryption, to have true verification characteristic.This method is suitable for any matrix encryption, because isomorphism is good, especially suitable for calculating and encrypting independent application scenario, such as outsourcing calculating.

Description

Fully homomorphic encryption method based on random unitary matrix in outsourcing calculation
Technical Field
The invention belongs to the technical field of information security, relates to an encryption method, and particularly relates to a symmetric key homomorphic encryption method based on a random unitary matrix in outsourcing computation, which is applied to the field of computation outsourcing.
Background
Mobile devices and internet services are becoming more and more popular, and computing outsourcing services have created strong demands for homomorphic encryption methods. For example, in outsourced computing services, it appears that outsourced computing obtains good win-win results between the customer and the service provider based on the shared economy. In practice, however, the customer loses all sensitive information in the data during the outsourcing of the computing process, particularly when the network is not trusted, or the service provider is not trusted, or the server computing environment is not trusted. A theoretically good homomorphic encryption method ensures that data privacy is not revealed when a user fully applies computing resources.
However, current homomorphic encryption methods based on classical cryptography, such as a large number decomposition assumption, a discrete logarithm assumption, an elliptic curve assumption, a lattice-based assumption and the like, are all based on an integer domain, and obviously cannot cover non-integer domain calculations. Most of the matrix calculations are performed in the real number domain, even the complex number domain. There is a class of encryption methods that use matrix multiplication similar to the method of the present invention, but the prior art methods use random invertible matrices. The norm of the random invertible matrix cannot be determined and may directly cause morbidity of the calculation result. For example, in a calculation, assuming a register of 16 bits, less than 2 would be absorbed-16Error of (2) canOverflow greater than 216Is an integer of (1). A normal equation solution results in:
however, when both sides of the equation are multiplied by the same random inverse matrix, the result may become uncontrollable:
possibly resulting in a false output being completed. This is because a random matrix is used, which causes the coefficient matrix to appear ill-conditioned. In the complex field or real field calculation, because the number of bits of the CPU register is always limited, the number of truncated bits, overflow, etc. are inevitable. The random encryption is carried out by introducing a matrix with uncertain norm, which can cause uncertain calculation results. There is a certain probability that, as in the example, not only is there an incorrect result, but the integrity check problem cannot be passed. Thereby causing embarrassment that the calculation result is uncertain. Or, the calculation loses due certainty value.
Disclosure of Invention
In order to solve the technical problem, the invention provides a symmetric key homomorphic encryption method based on a random unitary matrix in outsourcing calculation, which belongs to an encryption method determined by norm and is a homomorphic method; by adopting the unitary matrix, the problem of uncertainty of a calculation result can not be caused.
The technical scheme adopted by the invention is as follows: a full homomorphic encryption method based on a random unitary matrix in outsourcing calculation is characterized in that an encryption process comprises the following steps:
step 1: inputting parameters;
the parameters include the set of matrices that need to be encrypted Pi}、Safety control parameters K and q; wherein K is more than 2 and less than or equal to { PiHalf of the dimension of the maximum row or column of the matrix in the array, and q is more than or equal to 2; let a set of matrices { PiThe number of all the dimensions of different rows or columns in the page is m, and the number of the dimensions of different columns is recorded as n1,…,nm};
Step 2: generating a secret key;
according to the safety control parameter K, q and each dimension ni∈{n1,…,nmGenerating a random unitary matrix set (R)1,…,RmAs a key; wherein, { R1,…,RmOne and only one matrix for each dimension in the tree;
step 2.1: selecting a random sequence k1,…,ks}; wherein k isiSatisfies the condition 2. ltoreq. ki≤K,
Step 2.2: random selection of unitary matrix sequence { M1,...,Ms}; wherein M isiSatisfies the condition Dim (M)i)=kiI.e. each matrix dimension MiInteger k of position corresponding to random sequenceiSame, requiring each M simultaneouslyiThe middle element has at least entropy value q;
step 2.3: generating two random permutationsWherein,all lengths are niEach element randomly and differently takes a natural number sequence {1, …, ni};Refers toMiddle (i)And (4) each element.
Step 2.4: according to two random arrangementsGenerating two ni×niElementary transformation matrixWherein each element of the matrix isIf it is not If it is not Generating method andthe same process is carried out;
step 2.5: output ofWherein diag { M1,...,MmDenotes a matrix sequence of { M }1,...,MmA block diagonal matrix formed by the columns;
and step 3: matrix encryption;
get the secret key { R1,…,RmAfter the previous step, with Ci=RLPiRR HMode encryption { PiAll the matrixes in the set get the corresponding ciphertext set { Ci}; wherein R isL,RR∈{R1,…,RmAccording to PiCalculating the required value; if P hereiDifferent dimension of rows and columns, then RL,RRThe dimensions are also different; the superscript H denotes the conjugate transpose matrix.
Compared with the prior art, the invention has the following advantages and beneficial effects:
(1) the unitary matrix replaces the random inverse matrix, so that the condition number of a calculation task is kept unchanged, namely the error estimation in the calculation is not expanded; thus allowing errors in the calculations to exist;
(2) since the allowable error exists, in the verification, when the error is within the design allowable range, the calculation result is honest. Or errors among all honest calculation results cannot be uncontrollable due to the introduction of an encryption method, so that the errors can be verified; this is not effectively achieved by current methods, because at present, random invertible matrices may cause uncontrollable computer results;
(3) the invention improves the safety of the current method, and simultaneously uses two primary transformations to ensure full randomization;
(4) thereby effectively reducing the amount of calculation caused by the increase of the lengths of K and q.
Drawings
Fig. 1 is a schematic diagram of an application scenario of outsourcing computation in the embodiment of the present invention.
Detailed Description
In order to facilitate the understanding and implementation of the present invention for those of ordinary skill in the art, the present invention is further described in detail with reference to the accompanying drawings and examples, it is to be understood that the embodiments described herein are merely illustrative and explanatory of the present invention and are not restrictive thereof.
The application scenario of the embodiment is outsourcing calculation, and a certain application is assumedFamily presence set of data Pi}={P1(r×t),P2(t×t),P3(t×t),(P4(t×t)A calculation task f1({Pi})=P1P2÷(P3+P4) In which P isiThe corner marks representing the number of rows and columns of the matrix, e.g. P1(r×t)Denotes P1Is an (r × t) matrix. The user gives a security target G, and a security parameter λ under the target. Assuming that a user selects an internet cloud server, as shown in fig. 1, the invention provides a random unitary matrix-based fully homomorphic encryption method in outsourcing computation, which includes the following steps:
step 1: inputting parameters;
parameter has matrix set { P) that needs encryptioniH, safety control parameters K and q; requirement K>2, but not preferably more than { PiHalf of the maximum row or column dimension of the matrix in the row; q is required to be more than or equal to 2; set of matrices P in this exampleiThe number of all different row or column dimensions in the row is m-2, and the number of different dimensions is n1=r,n2=t}。
When K is 4 and q is 8, the method is resistant to random guess attack, and the worst probability is given Failure, where n ═ min (r, t). After a user selects K and q once, the security probability of the random guess attack resistance provided by the method is 1-g (K and q);
step 2: generating a secret key;
according to the safety control parameters K, q and each dimension ni∈{n1=r,n2T, generating a random unitary matrix set { R }t,Rr};
The specific implementation of the step 2 comprises the following substeps:
step 2.1: selecting a random sequencek1,…,ks}; wherein k isiSatisfies the condition 2. ltoreq. ki≤K,
Step 2.2: random selection of unitary matrix sequence { M1,...,Ms}; wherein M isiSatisfies the condition Dim (M)i)=kiI.e. each matrix dimension MiInteger k of position corresponding to random sequenceiSame, requiring each M simultaneouslyiThe middle element has at least entropy value q;
step 2.3: generating two random permutationsWherein,all lengths are niEach element randomly and differently takes a natural number sequence {1, …, ni};Refers toThe ith element.
Step 2.4: according to two random arrangementsGenerating two ni×niElementary transformation matrixWherein each element of the matrix isIf it is not If it is not Generating method andthe same process is carried out;
for example: when n isiIs equal to 3, provided withThenBecause of the fact thatTherefore, it is not only easy to useThe other same principles are adopted.
Step 2.5: output ofWherein diag { M1,...,MmDenotes a matrix sequence of { M }1,...,MmThe columns form a block diagonal matrix.
By running steps 2.1-2.5 in two runs, { R } can be obtainedt,Rr}
And step 3: matrix encryption: get the secret key { Rt,RrAfter the previous step, with Ci=RLPiRR HMode encryption { PiAll the matrixes in the set get the corresponding ciphertext set { Ci}. Note that RL,RR∈{Rt,RrAccording to PiCalculating the need to get(ii) a If P hereiDifferent dimension of rows and columns, then RL,RRThe dimensions are also different; the superscript H denotes the conjugate transpose matrix. Obtaining:
the invention supports full homomorphic calculation in the full number domain: if necessary according to the calculation logic fiIn data { PiOn f, the result f is calculatedi({Pi}) that the method supports the use of the same computation logic fiAfter encryption data { CiCalculate f on }i({Ci) }) and satisfies fi({Pi})=RL Hfi({Ci})RRWherein R isL,RR∈{R1,…,Rm}. I.e. fi({CiIs f)i({Pi}). The method being fully homomorphic, i.e. allowing fiIncluding add, subtract, multiply, divide, and bracket operations. The method can operate in real number and complex number domains by fully homomorphic calculation, and is not limited to integer domains. Therefore, the method can be used for applications including outsourcing computation, and privacy protection completely independent of computation and encryption is provided. I.e. the user can outsource fi({Ci}) to any computing-capable entity without fear of leaking { P }i}; and f can be obtained with less calculation costi({Pi});
For example, f can be output1({Ci})=C1C2÷(C3+C4) To any computing capable entity, such as cloud server S, if S is theoretically available:
the invention supports the calculation integrity check of the whole number field: let the computational entity be S, let fi,S({Ci}) calculating f for the calculation entity Si({Ci}). When S is dishonest, fi({Ci}) result is not true fi({Ci}). However, the user can repeat steps 1-3 to encrypt the same f with different keysi({Pi}) to obtain different f in the same Si,s({Ci}) by decrypting different fi,S({Ci}) to obtain a difference fi,S({Pi})=RL Hfi,s({Ci})RRIf S is honest, all different fi,s({Pi}) will be very small, whereas all different f's will be very smalli,s({Pi}) may be very large. The method supports outsourced homomorphic computational inspection because R1,…,RmMean unitary matrix in the (f) does not cause fi({Ci}) the calculation of the morbidity of the result, so that the error test method holds. When the user security objective is resistance, S is dishonest, and through random guess attack, the probability that integrity verification can be passed is less thanWhen K, q are chosen appropriately, this probability is negligible.
The user of this embodiment has { PiAnd calculation task fi({Pi}) selecting K and q, and generating a group of random unitary matrixes { R by the method disclosed by the patent1,…,RmThe number m of matrixes with different dimensionalities in R is equal to a matrix set P appearing in a calculation taskiThe number of all different dimensions in the page is multiplied; user usage Ci=RLPiRR HMethod encryption { PiEach matrix of (i) }, wherein R isL,RR∈{R1,…,RmIs adapted to each PiThe matrix calculated accordingly is known as such. Because of PiThe calculation dimension is not predicted, and each dimension matrix has one or only one in R, so that the form and conclusion are not influenced by adopting the general expression; obtaining a new encrypted calculation task f according to the original logic expressioni({Ci}); this computing task can be performed by any entity S with computing powerCalculating; when the user obtains the calculation result f returned by Si,S({CiH) after (f), withi,S({Pi})=RHfi,s({Ci}) R method. The encryption method is not limited to integer domains and can be applied to any matrix-applicable calculation number domain; and due to { R } in the encryption matrix1,…,RmThe calculation results are not ill-conditioned, so that whether the calculation entities are honest or not can be verified in comparison of different outsourcing results of the same task. Therefore, the method disclosed by the patent has homomorphism, can cover all number domains and can obtain good verification characteristics.
The invention is characterized in that:
(1) all the whole number domain calculation suitable for the calculation task is realized, and the calculation task is not required to be limited to an integer;
(2) the result obtained by encryption is reliable, and because of norm invariance of the unitary matrix, the calculation result is not ill-conditioned by encryption;
(3) and under the condition of reliable results, the verification is guaranteed to be true and reliable.
It should be understood that parts of the specification not set forth in detail are well within the prior art.
It should be understood that the above description of the preferred embodiments is given for clarity and not for any purpose of limitation, and that various changes, substitutions and alterations can be made herein without departing from the spirit and scope of the invention as defined by the appended claims.

Claims (2)

1. A full homomorphic encryption method based on a random unitary matrix in outsourcing calculation is characterized by comprising the following steps:
step 1: inputting parameters;
the parameters include the set of matrices that need to be encrypted PiA safety control parameter K and q; wherein K is more than 2 and less than or equal to { PiHalf of the dimension of the maximum row or column of the matrix in the array, and q is more than or equal to 2; let a set of matrices { PiThe number of all the dimensions of different rows or columns in the page is m, and the number of the dimensions of different columns is recorded as n1,…,nm};
Step 2: generating a secret key;
according to the safety control parameter K, q and each dimension ni∈{n1,…,nmGenerating a random unitary matrix set (R)1,…,RmAs a key; wherein, { R1,…,RmOne and only one matrix for each dimension in the tree;
and step 3: matrix encryption;
get the secret key { R1,…,RmAfter the previous step, with Ci=RLPiRR HMode encryption { PiAll the matrixes in the set get the corresponding ciphertext set { Ci}; wherein R isL,RR∈{R1,…,RmAccording to PiCalculating the required value; if P hereiDifferent dimension of rows and columns, then RL,RRThe dimensions are also different; the superscript H denotes the conjugate transpose matrix.
2. The fully homomorphic encryption method based on random unitary matrix in outsourcing computation of claim 1, wherein the specific implementation of step 2 comprises the following sub-steps:
step 2.1: selecting a random sequence k1,…,ks}; wherein k isiSatisfies the condition 2. ltoreq. ki≤K,
Step 2.2: random selection of unitary matrix sequence { M1,...,Ms}; wherein M isiSatisfies the condition Dim (M)i)=kiI.e. each matrix dimension MiInteger k of position corresponding to random sequenceiSame, requiring each M simultaneouslyiThe middle element has at least entropy value q;
step 2.3: generating two random permutationsWherein,all lengths are niEach element randomly and differently takes a natural number sequence {1, …, ni};Refers toThe ith element.
Step 2.4: according to two random arrangementsGenerating two ni×niElementary transformation matrixWherein each element of the matrix isIf it is not If it is not Generating method andthe same process is carried out;
step 2.5: output ofWherein diag { M1,...,MmDenotes a matrix sequence of { M }1,...,MmThe columns form a block diagonal matrix.
CN201810563241.5A 2018-06-04 2018-06-04 Fully homomorphic encryption method based on random unitary matrix in outsourcing calculation Expired - Fee Related CN108768612B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810563241.5A CN108768612B (en) 2018-06-04 2018-06-04 Fully homomorphic encryption method based on random unitary matrix in outsourcing calculation

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810563241.5A CN108768612B (en) 2018-06-04 2018-06-04 Fully homomorphic encryption method based on random unitary matrix in outsourcing calculation

Publications (2)

Publication Number Publication Date
CN108768612A true CN108768612A (en) 2018-11-06
CN108768612B CN108768612B (en) 2020-12-18

Family

ID=64002586

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810563241.5A Expired - Fee Related CN108768612B (en) 2018-06-04 2018-06-04 Fully homomorphic encryption method based on random unitary matrix in outsourcing calculation

Country Status (1)

Country Link
CN (1) CN108768612B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020041680A1 (en) * 2000-02-08 2002-04-11 George Cybenko System and methods for encrypted execution of computer programs
CN105812128A (en) * 2016-03-09 2016-07-27 湖北工业大学 Malicious data mining attack-resisting data aggregation system and method for smart grid
CN106788980A (en) * 2017-01-16 2017-05-31 中国人民解放军国防科学技术大学 Safe encryption method in a kind of matrix multiplication sub-contract management towards cloud computing
CN106850021A (en) * 2017-02-03 2017-06-13 中国科学院信息工程研究所 Radio communication safety of physical layer implementation method and device based on polarization precoding

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020041680A1 (en) * 2000-02-08 2002-04-11 George Cybenko System and methods for encrypted execution of computer programs
CN105812128A (en) * 2016-03-09 2016-07-27 湖北工业大学 Malicious data mining attack-resisting data aggregation system and method for smart grid
CN106788980A (en) * 2017-01-16 2017-05-31 中国人民解放军国防科学技术大学 Safe encryption method in a kind of matrix multiplication sub-contract management towards cloud computing
CN106850021A (en) * 2017-02-03 2017-06-13 中国科学院信息工程研究所 Radio communication safety of physical layer implementation method and device based on polarization precoding

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
LIWEI KUANG ECT.: "Secure Tensor Decomposition Using Fully Homomorphic Encryption Scheme", 《IEEE TRANSACTIONS ON CLOUD COMPUTING》 *
王育齐、佘堃: "通用的量子同态加密框架", 《计算机科学与探索》 *
白平、张薇: "多属性环境下基于容错学习的全同态加密方案", 《计算机应用》 *

Also Published As

Publication number Publication date
CN108768612B (en) 2020-12-18

Similar Documents

Publication Publication Date Title
Gai et al. Blend arithmetic operations on tensor-based fully homomorphic encryption over real numbers
Giacomelli et al. Privacy-preserving ridge regression with only linearly-homomorphic encryption
CN109922077B (en) Identity authentication method and system based on block chain
Chen et al. Privacy-preserving and verifiable protocols for scientific computation outsourcing to the cloud
Davidson et al. An efficient toolkit for computing private set operations
CN109787743B (en) Verifiable fully homomorphic encryption method based on matrix operation
Cheon et al. Ghostshell: Secure biometric authentication using integrity-based homomorphic evaluations
CN109446828B (en) Secure multi-party computing method and device
CN112104619A (en) Data access control system and method based on outsourcing ciphertext attribute encryption
EP2965462A1 (en) Privacy-preserving ridge regression using partially homomorphic encryption and masks
JP2018507658A (en) Authentication system and device including physically non-replicatable function and threshold encryption
Chen et al. Data dynamics for remote data possession checking in cloud storage
Syam Kumar et al. RSA-based dynamic public audit service for integrity verification of data storage in cloud computing using Sobol sequence
Liu et al. DHSA: efficient doubly homomorphic secure aggregation for cross-silo federated learning
CN108632033B (en) Homomorphic encryption method based on random weighted unitary matrix in outsourcing calculation
Feng et al. Efficient and verifiable outsourcing scheme of sequence comparisons
Mehta et al. Secret sharing using near-MDS codes
Zajac Upper bounds on the complexity of algebraic cryptanalysis of ciphers with a low multiplicative complexity
Zhou et al. CASO: Cost-aware secure outsourcing of general computational problems
CN111740959A (en) Verifiable privacy protection method in mobile crowd sensing system
Mondal et al. A practical key-recovery attack on LWE-based key-encapsulation mechanism schemes using Rowhammer
CN108768612B (en) Fully homomorphic encryption method based on random unitary matrix in outsourcing calculation
Ding et al. An injectivity analysis of crystals-kyber and implications on quantum security
Dumas et al. Prover efficient public verification of dense or sparse/structured matrix-vector multiplication
Noel et al. Review and analysis of classical algorithms and hash-based post-quantum algorithm

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20201218

CF01 Termination of patent right due to non-payment of annual fee