CN111526002A - Lattice-based multi-identity fully homomorphic encryption method - Google Patents
Lattice-based multi-identity fully homomorphic encryption method Download PDFInfo
- Publication number
- CN111526002A CN111526002A CN202010578978.1A CN202010578978A CN111526002A CN 111526002 A CN111526002 A CN 111526002A CN 202010578978 A CN202010578978 A CN 202010578978A CN 111526002 A CN111526002 A CN 111526002A
- Authority
- CN
- China
- Prior art keywords
- identity
- ciphertext
- matrix
- user identity
- vector
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 29
- 239000011159 matrix material Substances 0.000 claims abstract description 60
- 239000013598 vector Substances 0.000 claims abstract description 47
- 238000006243 chemical reaction Methods 0.000 claims abstract description 28
- 238000011156 evaluation Methods 0.000 claims abstract description 13
- 230000002441 reversible effect Effects 0.000 claims abstract description 12
- 238000013507 mapping Methods 0.000 claims abstract description 9
- 238000005070 sampling Methods 0.000 claims description 5
- 238000004364 calculation method Methods 0.000 claims description 2
- DJQJFMSHHYAZJD-UHFFFAOYSA-N lidofenin Chemical compound CC1=CC=CC(C)=C1NC(=O)CN(CC(O)=O)CC(O)=O DJQJFMSHHYAZJD-UHFFFAOYSA-N 0.000 claims description 2
- 230000009466 transformation Effects 0.000 claims 2
- 230000001131 transforming effect Effects 0.000 claims 1
- 238000004891 communication Methods 0.000 description 7
- 230000005540 biological transmission Effects 0.000 description 4
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000006467 substitution reaction Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 102200058924 rs121909542 Human genes 0.000 description 1
- 102220221501 rs143229915 Human genes 0.000 description 1
- 239000010117 shenhua Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/008—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3006—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Collating Specific Patterns (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a lattice-based multi-identity fully homomorphic encryption method, which comprises the following steps of: initializing a system; extracting a user key: mapping the first user identity and the second user identity into a reversible matrix by using a full-rank function, and generating a first private key corresponding to the first user identity and a second private key corresponding to the second user identity through vector operation; and (3) generating a ciphertext: acquiring encryption selection of a first user identity, selecting a plaintext message to be encrypted, and encrypting to obtain a first ciphertext; decrypting the single identity: for the first user identity, decrypting through a first private key to obtain a plaintext message; identity conversion: converting a first ciphertext of the first user identity into a second ciphertext corresponding to a second user identity through an identity conversion algorithm; evaluation of full homomorphism: and carrying out full homomorphic operation on the ciphertext subjected to identity conversion and then decrypting the ciphertext. The invention converts the encryption and decryption of the ciphertext with single identity into the encryption and decryption of the ciphertexts with multiple identities, and can realize correct homomorphic operation.
Description
Technical Field
The invention relates to the technical field of fully homomorphic encryption security, in particular to a multi-identity fully homomorphic encryption method based on lattices.
Background
Based on the multiplication homomorphism of RSA public key encryption system, Rivest et al [ Rivest R L, Adleman L, Dertozos M L.on data banks and privacy homomorphism [ J ]. Foundation of secure Computation,1978:169-179 ] propose the concept of homomorphic encryption, that is, under the condition of not decrypting ciphertext, the operation on plaintext is realized by executing operation on ciphertext, and the results are consistent. The proposal of homomorphic encryption is widely concerned by domestic and foreign scholars, but the scheme does not completely realize homomorphism and can not operate and process ciphertext any times. And the unique identity of the user is used as a public key based on the identity encryption system, and the private key generation center generates the private key of the user by using the system master private key. In order to reduce the key length of the fully homomorphic encryption, researchers combine the ideas of identity encryption and fully homomorphic encryption to construct a fully homomorphic encryption system based on identity.
Based on the study of Gentry, scholars at home and abroad propose a plurality of improvement schemes. In 2017, the new lattice identity-based all homomorphic encryption scheme is proposed in Tang Yongli and the like [ Tang Yongli, Summin, Liu beautiful, and the like ] in the new lattice identity-based all homomorphic encryption scheme [ J ] in the Communications, 2017,38(5):39-47 ]. With the advent of obfuscation models, Zhang Mingwu et al [ Zhang Mingwu, Shenhua, Muyi. procedure obfuscation of virtual black box Security [ model, progress and challenge [ J ]. computer science, 2017,40(12) ], a multi-identity homomorphic cryptosystem was constructed using obfuscators on the basis of obfuscation. Although the scheme provides a new identity-based fully homomorphic encryption scheme, in actual life, the requirement of people on big data and cloud computing cannot be met at all for single identity operation.
Disclosure of Invention
The invention aims to overcome the defects of the prior art and provide a lattice-based multi-identity fully homomorphic encryption method, which can convert the encryption and decryption of a ciphertext with a single identity into the encryption and decryption of ciphertexts with multiple identities and can realize correct fully homomorphic operation.
The purpose of the invention is realized by the following technical scheme:
a lattice-based multi-identity fully homomorphic encryption method comprises the following steps:
initializing a system: firstly, generating a public key and a private key of a system;
extracting a user key: mapping the first user identity and the second user identity into a reversible matrix by using a full-rank function, and generating a first private key corresponding to the first user identity and a second private key corresponding to the second user identity through vector operation;
and (3) generating a ciphertext: acquiring encryption selection of a first user identity, selecting a plaintext message to be encrypted, and encrypting to obtain a first ciphertext;
decrypting the single identity: for the first user identity, decrypting through a first private key to obtain a plaintext message;
identity conversion: converting a first ciphertext of the first user identity into a second ciphertext corresponding to a second user identity through an identity conversion algorithm;
evaluation of full homomorphism: and inputting a group of ciphertexts after identity conversion, and carrying out decryption after fully homomorphic operation.
Preferably, system parameters are input, and two matrices are generated through a trapdoor generation algorithm, wherein one matrix is a trapdoor matrix, the trapdoor matrix is used as a system private key, and the other matrix is used as a system public key.
Further, in the system initialization step, the generation of the public and private keys of the system includes the following sub-steps:
Trap door generation algorithm TrapGen (1)n1m, q, H), output matrixAnd trapdoor matrix thereofOutputting a system public key MPK ═ B, t, and a system private key MSK ═ R; thereby generating uniform and random system public and private keys;
wherein the ratio of n, m,representing the dimension of the system public and private key vector, wherein n is an integer and has a range of n more than or equal to 1, q is a modulus, and q is an integer and has a range of q more than or equal to 2, m,And n, q have a relationship ofO () represents the higher order infinitesimal magnitude of the base-2 q logarithm of m equal to n, used here to compute the row of the public key vectorNumber and column number; k represents the upper rounding of the base 2 q logarithm, used here to compute the dimension of the private key vectorH is expressed as a random invertible matrixHere, a randomly and uniformly distributed matrix can be generated by using a trapdoor generation algorithm, and public keys constructed by using the matrix are also randomly and uniformly distributed.
Preferably, in the step of extracting the user key, the obtaining of the private key of the user includes the following sub-steps:
Run left sample function output vector e ← SampleL (B, H)idG, R, t, σ), and such that the vector satisfies Bide ═ t, where
Where B and t represent the system public key,is a public primitive matrix, w represents the column number of the matrix G, and the expression is w ═ nk, HidA reversible matrix representing the identity of the user, ← representing the result output by this function as a vector e, σ representing the gaussian in the sampling functionThe noise is generated by the noise-generating device,representing a decimal user identity key vector, which is then converted to a binary user identity key v by means of the function Powersof2(),is a system private key; the left sampling function is adopted, so that the vector e generated by the function has indistinguishability with certain distribution, the output user identity private key is indistinguishable from certain distribution, and the difficulty of an adversary in obtaining the private key is increased; the function Powersof2() operates as follows: for any purposeThe vector a of dimensions, the following equation holds:
preferably, in the step of generating the ciphertext, the encryption method involved is:
where μ ∈ {0,1} is the plaintext to be encrypted, C' represents the ciphertext resulting from a single encryption of the plaintext μ by an encryption algorithm constructed by an obfuscator, INIs an N-dimensional unit matrix;
the function bitdecmp () operates as follows: for any purposeThe vector of the dimension a is then,wherein, ai,jDenotes aiThe jth binary bit of the component; the function Flatten () operates as follows: is provided withThen there is flat (a') ═ BitDecomp (BitDecomp)-1(a')), wherein the function BitDecomp-1() Is operated as
Preferably, in the step of decrypting the single identity, the specific decryption step is as follows:
Let skidThe first i coefficients of the known vector v are 1,2, …,2l-1Let v [ i ]]=2i∈(q/4,q/2],CiFor line i of ciphertext C, get xi←<Ci,v>。
Preferably, in the step of converting identities, the step of converting a first ciphertext of a first user identity into a second ciphertext corresponding to a second user identity through an identity conversion algorithm is as follows:
input ciphertext of first user identity idAnd passing the identity id of the first user through an encoding functionMapping from binary to invertible matrix
(1) If the identity before and after the conversion is the same, namely id ═ id', the ciphertext is outputThe identity conversion algorithm is suitable for ciphertext conversion among different identities; otherwise, the following operation is carried out:
2) the identity id and the plaintext mu are calculated as follows:
b. Encrypting the plaintext mu by using an identity-based encryption algorithm IBE-Enc () to obtain a ciphertext obtained by encrypting the plaintext of the first user identity once:
wherein MPK is the system public key of the encryption system, id is the user identity, mu ∈ {0,1} is the encrypted plaintext, the first ciphertext obtained after encryption is divided into two parts c0And
3) executing the steps in the step 2) for N times to obtain an N-dimensional ciphertext matrix with the identity id, and using the matrix C'idTo show that:
4) it is checked whether some plaintext p ∈ {0,1} exists, so that equation Cid=Flatten(p·IN+BitDecomp(C'id) True), if present, output p, if not present, output ⊥;
where p denotes whether some plaintext exists in the conversion process such that the conversion equation holds, equation Cid=Flatten(p·IN+BitDecomp(C'id) Represents ciphertext C of n dimensionsi'dConversion to binary, INRepresenting the unit vector of dimension N, ⊥ representing the output symbol of the algorithm when p is not present;
(2) and performing the following operation on the corresponding second user identity id 'and the plaintext mu' e {0,1} after conversion:
2) Encrypting the plaintext mu' by using an identity-based encryption algorithm IBE-Enc () to obtain a ciphertext obtained by encrypting the plaintext of the second user identity once: c'i=(c'0,c'i T)←IBE-Enc(MPK,id',μ'∈{0,1});
3) Executing the steps in 2) for N times to obtain an N-dimensional ciphertext matrix with the identity of id ', and using C'id'To show that:
4) using the plaintext p obtained in step (1) 4), and adding the ciphertext C "id'Converted to binary C'id',C'id'=Flatten(p·IN+BitDecomp(C”id'));
(3) Outputting the ciphertext Ci'd';
So far, the ciphertext with the first user identity id is converted into the ciphertext with the second user identity id'; through the identity conversion algorithm, the second user identity can firstly convert the ciphertext of the first user identity into the ciphertext of the second user identity, and then homomorphic evaluation operation is carried out instead of independently carrying out decryption operation on the ciphertext of the first user identity, so that the decryption time is saved, and the decryption efficiency is improved.
Preferably, in the fully homomorphic evaluation step, the fully homomorphic operation performed by the user who satisfies the plurality of different identities is as follows:
firstly, the cryptographs of different identities are converted into the cryptograph C of the same identity through an identity conversion algorithmid;
Then inputting a system public key MPK, a Boolean circuit f and a ciphertext group (C) with the same identity in a full homomorphic evaluation algorithm1,C2,…,Ct) The homomorphic evaluation algorithm outputs a new group of ciphertext CfIt is satisfied that there is Dec (sk) for any F ∈ F in the circuit set Fid,Cf)=f(μ1,…,μt) To facilitate the operation of the skid=v;
The homomorphic addition formula is (C)1+C2)v=(μ1+μ2)v+(z1,z2);
The homomorphic multiplication formula is (C)1C2)v=C1(μ2v+z2)=μ2(μ1v+z1)+C1z2=μ1μ2v mod q;
Wherein, CidIs a ciphertext with user identity id, Cid'Is the cipher text with user identity ididIs the private key of the user and is,a fault-tolerant vector is represented that is,is shown in distributionIn the case of a randomly taken N-dimensional fault-tolerant vector,denotes a center of 0 and a standard deviation ofCorresponding to a normal distribution on [0,1) ]A discrete distribution of.
Compared with the prior art, the invention has the following advantages and beneficial effects:
1) the lattice-based multi-identity fully homomorphic encryption algorithm converts the encryption and decryption of a ciphertext with a single identity into the encryption and decryption of a plurality of identity ciphertexts, and can realize correct fully homomorphic operation, thereby increasing the transmission quantity of data and improving the operation efficiency.
2) The scheme provided by the invention can carry out fully homomorphic encryption and decryption on a plurality of messages with different identities, thereby improving the calculation efficiency.
Drawings
Fig. 1 is a schematic diagram of a server-client communication system architecture to which the fully homomorphic encryption method of the present invention is applied.
FIG. 2 is a flow chart of the lattice-based multi-identity fully homomorphic encryption method of the present invention.
Detailed Description
For better understanding of the technical solutions of the present invention, the following detailed description is provided for the embodiments of the present invention with reference to the accompanying drawings, but the embodiments of the present invention are not limited thereto.
The embodiment of the invention provides a lattice-based multi-identity fully homomorphic encryption method, and solves the problems that in the prior art, only a single user identity can be subjected to homomorphic operation of a ciphertext, the data transmission quantity is small, and the efficiency is low.
The quantum computer is rapidly developed, the quantum algorithm is greatly broken through, under a quantum computing model, the polynomial time algorithm can solve the difficult problem under a cryptosystem assumed by classical number theory, so that the later quantum cryptography is generated, the lattice is a common mathematical tool for the constructed quantum cryptography, namely, the cryptographic algorithm is constructed on a vector space with coefficients being integers for operation, and therefore, in the construction of the scheme, the generation and the operation of public and private keys are operated in vectors and matrixes.
In order to solve the problem that only a single identity can be subjected to ciphertext operation on the above lattice, the technical scheme in the embodiment of the present invention has the following general idea:
the method comprises the steps of generating uniform and random system public and private keys, generating an indistinguishable user identity key, encrypting a plaintext by using an identity-based encryption algorithm to obtain a ciphertext, executing an identity conversion algorithm to convert the ciphertext with a single identity into a ciphertext with multiple identities, and then decrypting by using a full homomorphic evaluation algorithm to obtain the plaintext, so that the decryption time is saved, and the algorithm efficiency is improved.
Examples
The technical solution of the present invention will be described in detail with reference to fig. 1.
The technical scheme is applied to a server-client communication system, the client encrypts own plaintext information and uploads the encrypted plaintext information to the server, and the server performs statistical operation on ciphertext data. The communication between them can be wireless communication or wired communication.
In the system initialization stage, a server side public and private key and a client side identity key are generated, a client R and a client S encrypt and upload own plaintext information to the server side through a system of the client R and the client S, and a client J needs to obtain a ciphertext from the server, firstly converts the ciphertext into the ciphertext and then decrypts the ciphertext to obtain the plaintext.
The identity key of client J as the decrypter is skJidIdentity key sk of client RRidThe identity key of client S is skSid。
Step S1, the step first generates a server-side public-private key MPK, MSK by the following algorithm, and the specific steps are as follows:
Step S12, operation trapdoor generation algorithm TrapGen (1)n,1mQ, H), output matrixAnd trapdoor matrix thereofThe output public key MPK ═ (B, t), and the private key MSK ═ R. Wherein n and q are respectively represented by integers n.gtoreq.1, q.gtoreq.2,and m is respectively represented as H is expressed as a reversible matrix
Step S2, the steps of extracting the identity key of the client J and the client R, S, the specific steps are as follows:
step S21, utilizing full rank coding functionMapping the user identities Jid, Rid, Sid into a reversible matrix HJid,HRid,HSid;
Step S22, operating left sampling function output vector eJid←SampleL(B,HJidG, R, t, σ), and such that the vector satisfies BJideJidT, whereinOrder toExporting user keysWhereinIs a published primitive matrix, w is nk,a trapdoor function generated for the trapdoor algorithm. The function Powersof2() operates as follows: for any purposeThe vector a of dimension is satisfied by the following equation:
step S23, synchronizing step S22 to generate the identity private key sk of the client R, SRid,skSid。
Step S3, the client R, S encrypts own plaintext information to obtain a corresponding ciphertext, uploads the generated ciphertext to the server and stores the generated ciphertext, and the specific steps are as follows:
step S31, plaintext information mu for client RRidThe encryption is carried out, and the encryption mode related to the generation of the ciphertext is as follows:wherein muRid∈ {0,1} is the plaintext, C 'to be encrypted'RidRepresenting the client R versus the plaintext muRidEncrypting the ciphertext obtained once, N representing the number of executions of the process, INIs an N-dimensional identity matrix. The function bitdecmp () operates as follows: for any purposeThe vector of the dimension a is then,wherein, ai,jDenotes aiThe jth binary bit of the component. The function Flatten () operates as follows: is provided withThen there is flat (a') ═ BitDecomp (BitDecomp)-1(a')), wherein the function BitDecomp-1() Is operated as
Step S32, synchronization step S31 generates ciphertext C corresponding to plaintext information of client SSid。
And step S4, decryption of the client R, S ciphertext to obtain a plaintext message.
Step S41, the client R calculates the following equation:
plaintext is muRid=xi/vRid[i]. Wherein, in order to facilitate the operation of the command skRid=vRidKnown vector vRidThe first coefficients of (1), (2), (…), (2)l-1Let v [ i ]]=2i∈(q/4,q/2],CiAs a ciphertext CRidLine i of (1), get xi←<Ci,vRid>。
Step S42, and step S41, the client S can decrypt the ciphertext to obtain the corresponding plaintext.
Step S5, the cryptograph of the client R, S is converted into the cryptograph of the client J with the identity of Jid, and the specific steps are as follows:
step S51, input ciphertext of client RPassing the identity Rid of the client R through an encoding functionMapping from binary to invertible matrixAnd calculates a reversible matrix of identities of client J
Step S52, randomly selecting vectorRandom matrixClear text mu for client R using identity-based encryption algorithmRidEncrypting by using the public key MPK of the server side to obtain a ciphertext
Step S53, executing step S52N times to obtain the ciphertext matrix of the client R:
step S54, checking whether there is some plaintext p ∈ {0,1}, so that the following equation holdsRid=Flatten(p·IN+BitDecomp(C'Rid) P if present, and ⊥ if not present.
Step S55, randomly selecting vectorRandom matrixPlaintext mu for client J using identity-based encryption algorithmJidEncrypting by using the public key MPK of the server side to obtain a ciphertext
step S57, using the plaintext p obtained in step S54 to obtain ciphertext C'JidConversion to binary Cid1,Cid1=Flatten(p·IN+BitDecomp(C'Jid))。
Step S58, outputting ciphertext C converted by client Rid1。
Step S59, the same method can convert the ciphertext of the client S into the ciphertext corresponding to the identity id of the client J, and the ciphertext is recorded as Cid2。
Step S6, in the step of evaluating the full homomorphism, the user who satisfies a plurality of different identities performs the full homomorphic operation and can correctly decrypt the data, and the specific steps are as follows:
step S61, step 5 has already converted the ciphertext of client R, S into ciphertext C corresponding to identity id of client Jid1,Cid2。
Step S62, inputting the master public key MPK, the Boolean circuit f and the converted cipher text group C of the doctor in the homomorphic evaluation algorithmf=(Cid1,Cid2) For the circuit set F, there is Dec (sk) for any F ∈ Fid,Cf)=f(μ1,…,μt) To facilitate the operation of the skid=v。
Step S63, homomorphic addition formula is (C)id1+Cid2)vid=(μRid+μSid)vid+(zRid,zSid)。
Step S64, homomorphic multiplication formula is
(Cid1Cid2)vid=Cid1(μSidvid+zSid)=μSid(μRidvid+zRid)+Cid1zRid=μRidμSidvidmod q。
Wherein z isRid,zSidFault tolerant vectors representing customer R and customer S, satisfyDistribution, the distribution being indicated in the distributionIn the case of a randomly taken N-dimensional fault-tolerant vector,denotes a center of 0 and a standard deviation ofCorresponding to a normal distribution on [0,1) ]A discrete distribution of.
In the embodiment, a uniform and random system public and private key is generated through a trapdoor function, a user identity key with indistinguishability is generated by adopting a left sampling algorithm, a plaintext is encrypted by utilizing an identity-based encryption algorithm to obtain a ciphertext, an identity conversion algorithm is executed to convert the ciphertext with a single identity into the ciphertext with multiple identities for operation, then a plaintext is obtained by carrying out decryption through a homomorphic evaluation algorithm, the decryption time is saved, and the algorithm efficiency is improved. In the method of the embodiment, the decryption party can decrypt the ciphertexts with a plurality of identities, and performance analysis shows that the method is superior to the existing scheme in efficiency and performance. The invention provides an application method of a multi-identity full homomorphic encryption algorithm on grids for communication between users, which increases the transmission quantity of information, improves the transmission speed and better meets the requirements of the existing big data society.
The above embodiments are preferred embodiments of the present invention, but the present invention is not limited to the above embodiments, and any other changes, modifications, substitutions, combinations, and simplifications which do not depart from the spirit and principle of the present invention should be construed as equivalents thereof, and all such changes, modifications, substitutions, combinations, and simplifications are intended to be included in the scope of the present invention.
Claims (8)
1. A lattice-based multi-identity fully homomorphic encryption method is characterized by comprising the following steps:
initializing a system: firstly, generating a public key and a private key of a system;
extracting a user key: mapping the first user identity and the second user identity into a reversible matrix by using a full-rank function, and generating a first private key corresponding to the first user identity and a second private key corresponding to the second user identity through vector operation;
and (3) generating a ciphertext: acquiring encryption selection of a first user identity, selecting a plaintext message to be encrypted, and encrypting to obtain a first ciphertext;
decrypting the single identity: for the first user identity, decrypting through a first private key to obtain a plaintext message;
identity conversion: converting a first ciphertext of the first user identity into a second ciphertext corresponding to a second user identity through an identity conversion algorithm;
evaluation of full homomorphism: and inputting a group of ciphertexts after identity conversion, and carrying out decryption after fully homomorphic operation.
2. The fully homomorphic encryption method of claim 1, wherein system parameters are input, and two matrices are generated by a trapdoor generation algorithm, wherein one matrix is a trapdoor matrix, the trapdoor matrix is used as a system private key, and the other matrix is used as a system public key.
3. The fully homomorphic encryption method according to claim 2, wherein in said system initialization step, the generation of the public-private key of the system comprises the following sub-steps:
Trap door generation algorithm TrapGen (1)n,1mQ, H), output matrixAnd trapdoor matrix thereofOutputting a system public key MPK ═ B, t, and a system private key MSK ═ R;
wherein the ratio of n, m,the dimension of the system public and private key vector is represented, the value of n is an integer and the range of n is more than or equal to 1, q represents modulus, the value of q is an integer and the range of q is more than or equal to 2,and n and q are in the relationship of m ═ o (nlbq),o () represents the high order infinitesimal of the base-2 q logarithm with m equal to n times, used here to compute the number of rows and columns of the public key vector; k represents the upper rounding of the base 2 q logarithm, used here to compute the dimension of the private key vectorH is expressed as a random invertible matrixHere, a randomly and uniformly distributed matrix can be generated by using a trapdoor generation algorithm, and public keys constructed by using the matrix are also randomly and uniformly distributed.
4. The fully homomorphic encryption method according to claim 1, wherein in the step of extracting the user key, the obtaining of the user's private key comprises the sub-steps of:
Run left sample function output vector e ← SampleL (B, H)idG, R, t, σ), and such that the vector satisfies Bide ═ t, where
Where B and t represent the system public key,is a public primitive matrix, w represents the column number of the matrix G, and the expression is w ═ nk, HidA reversible matrix representing the identity of the user, ← representing the result output by this function as a vector e, σ representing gaussian noise in the sampling function,representing a decimal user identity key vector, which is then converted to a binary user identity key v by means of the function Powersof2(),is a system private key; the function Powersof2() operates as follows: for any purposeThe vector a of dimensions, the following equation holds:
5. the fully homomorphic encryption method according to claim 1, wherein in the step of generating the ciphertext, the encryption method involved is:
where μ ∈ {0,1} is the plaintext to be encrypted, C' represents the ciphertext resulting from a single encryption of the plaintext μ by an encryption algorithm constructed by an obfuscator, INIs an N-dimensional unit matrix;
the function bitdecmp () operates as follows: for any purposeThe vector of the dimension a is then,wherein, ai,jDenotes aiThe jth binary bit of the component; the function Flatten () operates as follows: is provided withThen there is flat (a') ═ BitDecomp (BitDecomp)-1(a')), wherein the function BitDecomp-1() Is operated as
6. The fully homomorphic encryption method according to claim 1, wherein in the decrypting the single identity step, the specific decrypting step is:
Let skidThe first i coefficients of the known vector v are 1,2, …,2l-1Let v [ i ]]=2i∈(q/4,q/2],CiFor line i of ciphertext C, get xi←<Ci,v>。
7. The fully homomorphic encryption method according to claim 5, wherein in the identity transformation step, the step of transforming the first ciphertext of the first user identity into the second ciphertext corresponding to the second user identity by using an identity transformation algorithm comprises:
input ciphertext of first user identity idAnd passing the identity id of the first user through a code letterNumber F:mapping from binary to invertible matrix
(1) If the identity before and after the conversion is the same, namely id ═ id', the ciphertext is outputOtherwise, the following operation is carried out:
2) the identity id and the plaintext mu are calculated as follows:
b. Encrypting the plaintext mu by using an identity-based encryption algorithm IBE-Enc () to obtain a ciphertext obtained by encrypting the plaintext of the first user identity once:
wherein MPK is the system public key of the encryption system, id is the user identity, mu ∈ {0,1} is the encrypted plaintext, the first ciphertext obtained after encryption is divided into two parts c0And
3) executing the steps in the step 2) for N times to obtain an N-dimensional ciphertext matrix with the identity id, and using the matrix C'idTo show that:
4) it is checked whether some plaintext p ∈ {0,1} exists, so that equation Cid=Flatten(p·IN+BitDecomp(C′id) True), if present, output p, if not present, output ⊥;
where p denotes whether some plaintext exists in the conversion process such that the conversion equation holds, equation Cid=Flatten(p·IN+BitDecomp(C′id) Is represented by n-dimensional ciphertext C'idConversion to binary, INRepresenting the unit vector of dimension N, ⊥ representing the output symbol of the algorithm when p is not present;
(2) and performing the following operation on the corresponding second user identity id 'and the plaintext mu' e {0,1} after conversion:
2) Encrypting the plaintext mu' by using an identity-based encryption algorithm IBE-Enc () to obtain a ciphertext obtained by encrypting the plaintext of the second user identity once:
3) executing the steps in the step 2) for N times to obtain an N-dimensional ciphertext matrix with the identity id', and using C ″id'To show that:
4) utilizing the plaintext p obtained in the step (1) 4) to obtain a ciphertext C ″)id'Converted to binary C'id',C′id'=Flatten(p·IN+BitDecomp(C″id'));
(3) Output ciphertext C'id';
At this point, the ciphertext with the first user identity id is converted into the ciphertext with the second user identity id'.
8. The fully homomorphic encryption method according to claim 1, wherein in the fully homomorphic evaluation step, the fully homomorphic calculation step performed by the users with different identities is as follows:
firstly, the cryptographs of different identities are converted into the cryptograph C of the same identity through an identity conversion algorithmid;
Then inputting a system public key MPK, a Boolean circuit f and a ciphertext group (C) with the same identity in a full homomorphic evaluation algorithm1,C2,…,Ct) The homomorphic evaluation algorithm outputs a new group of ciphertext CfIt is satisfied that there is Dec (sk) for any F ∈ F in the circuit set Fid,Cf)=f(μ1,…,μt) To facilitate the operation of the skid=v;
The homomorphic addition formula is (C)1+C2)v=(μ1+μ2)v+(z1,z2);
The homomorphic multiplication formula is (C)1C2)v=C1(μ2v+z2)=μ2(μ1v+z1)+C1z2=μ1μ2vmodq;
Wherein, CidIs a ciphertext with user identity id, Cid'Is the cipher text with user identity ididAs a user private key, C1v=μ1v+z1,C2v=μ2v+z2,A fault-tolerant vector is represented that is,is shown in distributionIn the case of a randomly taken N-dimensional fault-tolerant vector,denotes a center of 0 and a standard deviation ofCorresponding to a normal distribution on [0,1) ]A discrete distribution of.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911125694 | 2019-11-18 | ||
CN2019111256940 | 2019-11-18 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111526002A true CN111526002A (en) | 2020-08-11 |
CN111526002B CN111526002B (en) | 2023-11-14 |
Family
ID=71910171
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010578978.1A Active CN111526002B (en) | 2019-11-18 | 2020-06-23 | Fully homomorphic encryption method for multiple identities based on lattice |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111526002B (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112016120A (en) * | 2020-08-26 | 2020-12-01 | 支付宝(杭州)信息技术有限公司 | Event prediction method and device based on user privacy protection |
CN112039653A (en) * | 2020-08-28 | 2020-12-04 | 西安电子科技大学 | Cloud outsourcing data encryption and decryption method based on neural network activation unit |
CN112073172A (en) * | 2020-09-02 | 2020-12-11 | 北京邮电大学 | Grid identity-based dual-receiver fully homomorphic encryption method and system |
CN112929153A (en) * | 2021-02-23 | 2021-06-08 | 上海麟羿信息科技有限公司 | Data multi-stage encryption system and method based on complete homomorphic encryption |
CN113204755A (en) * | 2021-04-20 | 2021-08-03 | 重庆工业职业技术学院 | English data capture method for block chain big data security |
CN114422107A (en) * | 2022-03-31 | 2022-04-29 | 四川高速公路建设开发集团有限公司 | Fault-tolerant ciphertext data aggregation method based on intelligent engineering construction system platform |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105933102A (en) * | 2016-04-06 | 2016-09-07 | 重庆大学 | Identity-based and hidden matrix-constructed fully homomorphic encryption method |
US20170134158A1 (en) * | 2015-11-09 | 2017-05-11 | CertSIGN S.A. | Fully Homomorphic Encryption from Monoid Algebras |
CN106788963A (en) * | 2017-01-05 | 2017-05-31 | 河南理工大学 | A kind of full homomorphic cryptography method of identity-based on improved lattice |
US20190036678A1 (en) * | 2015-01-12 | 2019-01-31 | Morphology, LLC | Systems and methods for implementing an efficient, scalable homomorphic transformation of encrypted data with minimal data expansion and improved processing efficiency |
CN109831297A (en) * | 2019-01-24 | 2019-05-31 | 中国人民武装警察部队工程大学 | A kind of full homomorphic cryptography method of more identity for supporting thresholding to decrypt |
-
2020
- 2020-06-23 CN CN202010578978.1A patent/CN111526002B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20190036678A1 (en) * | 2015-01-12 | 2019-01-31 | Morphology, LLC | Systems and methods for implementing an efficient, scalable homomorphic transformation of encrypted data with minimal data expansion and improved processing efficiency |
US20170134158A1 (en) * | 2015-11-09 | 2017-05-11 | CertSIGN S.A. | Fully Homomorphic Encryption from Monoid Algebras |
CN105933102A (en) * | 2016-04-06 | 2016-09-07 | 重庆大学 | Identity-based and hidden matrix-constructed fully homomorphic encryption method |
CN106788963A (en) * | 2017-01-05 | 2017-05-31 | 河南理工大学 | A kind of full homomorphic cryptography method of identity-based on improved lattice |
CN109831297A (en) * | 2019-01-24 | 2019-05-31 | 中国人民武装警察部队工程大学 | A kind of full homomorphic cryptography method of more identity for supporting thresholding to decrypt |
Non-Patent Citations (1)
Title |
---|
汤永利;胡明星;叶青;秦攀科;于金霞;: ""改进的格上基于多身份全同态加密方案"" * |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112016120A (en) * | 2020-08-26 | 2020-12-01 | 支付宝(杭州)信息技术有限公司 | Event prediction method and device based on user privacy protection |
CN112016120B (en) * | 2020-08-26 | 2024-03-26 | 支付宝(杭州)信息技术有限公司 | Event prediction method and device based on user privacy protection |
CN112039653A (en) * | 2020-08-28 | 2020-12-04 | 西安电子科技大学 | Cloud outsourcing data encryption and decryption method based on neural network activation unit |
CN112073172A (en) * | 2020-09-02 | 2020-12-11 | 北京邮电大学 | Grid identity-based dual-receiver fully homomorphic encryption method and system |
CN112073172B (en) * | 2020-09-02 | 2021-11-05 | 北京邮电大学 | Grid identity-based dual-receiver fully homomorphic encryption method and system |
CN112929153A (en) * | 2021-02-23 | 2021-06-08 | 上海麟羿信息科技有限公司 | Data multi-stage encryption system and method based on complete homomorphic encryption |
CN113204755A (en) * | 2021-04-20 | 2021-08-03 | 重庆工业职业技术学院 | English data capture method for block chain big data security |
CN114422107A (en) * | 2022-03-31 | 2022-04-29 | 四川高速公路建设开发集团有限公司 | Fault-tolerant ciphertext data aggregation method based on intelligent engineering construction system platform |
CN114422107B (en) * | 2022-03-31 | 2022-06-17 | 四川高速公路建设开发集团有限公司 | Fault-tolerant ciphertext data aggregation method based on intelligent engineering construction system platform |
Also Published As
Publication number | Publication date |
---|---|
CN111526002B (en) | 2023-11-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111526002B (en) | Fully homomorphic encryption method for multiple identities based on lattice | |
Liu et al. | An efficient privacy-preserving outsourced calculation toolkit with multiple keys | |
JP6934963B2 (en) | Data encryption methods and systems | |
JP6083234B2 (en) | Cryptographic processing device | |
CN108737115B (en) | Private attribute set intersection solving method with privacy protection | |
CN110113155B (en) | High-efficiency certificateless public key encryption method | |
CN110635909B (en) | Attribute-based collusion attack resistant proxy re-encryption method | |
CN104320393B (en) | The controllable efficient attribute base proxy re-encryption method of re-encryption | |
CN103401871A (en) | Method and system for sequencing ciphertexts orienting to homomorphic encryption | |
JP5852551B2 (en) | Functional encryption system, key generation device, encryption device, decryption device, functional encryption method, and program | |
JP4869824B2 (en) | Receiver device, sender device, cryptographic communication system, and program | |
CN105933101B (en) | A kind of full homomorphic cryptography public key compression method based on the offset of parameter high order | |
CN113660226A (en) | Energy data credible sharing system and method based on block chain | |
Zhao et al. | Quantum-safe HIBE: does it cost a Latte? | |
CN114095171A (en) | Identity-based wearable proxy re-encryption method | |
Nayak et al. | SEMKC: secure and efficient computation over outsourced data encrypted under multiple keys | |
CN110247761B (en) | Ciphertext strategy attribute encryption method supporting attribute revocation in lattice manner | |
CN116684062A (en) | Cloud computing outsourcing and data dynamic sharing method and system based on proxy re-encryption | |
CN113259107B (en) | Grid-based dual-mode encryption method | |
CN107425972B (en) | Graded encryption method based on identity | |
CN113343258B (en) | Attribute-based agent re-encryption method applicable to lattice-based ciphertext strategy shared by body test result cloud | |
CN115865302A (en) | Multi-party matrix multiplication method with privacy protection attribute | |
CN111797907B (en) | Safe and efficient SVM privacy protection training and classification method for medical Internet of things | |
Wang et al. | Secure outsourced calculations with homomorphic encryption | |
CN110912673B (en) | Additive homomorphic encryption and decryption method with double decryption mechanisms |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |