CN111586000B

CN111586000B - Full-proxy homomorphic re-encryption transmission system and operation mechanism thereof

Info

Publication number: CN111586000B
Application number: CN202010347567.1A
Authority: CN
Inventors: 丁毅; 沈薇; 李洁; 靳军; 孙伽宁
Original assignee: Beijing Wuzi University
Current assignee: Beijing Wuzi University
Priority date: 2020-04-28
Filing date: 2020-04-28
Publication date: 2020-12-18
Anticipated expiration: 2040-04-28
Also published as: CN111586000A

Abstract

The invention provides a full-proxy homomorphic re-encryption transmission system, which comprises: the encryption module is used for generating a public and private key pair, encrypting a plaintext by using a public key, and supporting multiplication homomorphism and addition homomorphism by an encrypted ciphertext; the data agent interval key management module generates a key and transmits the key to the data provider interval and the data user interval, and the data provider interval generates a re-encryption key and generates a secondary ciphertext through a re-encryption algorithm; and the decryption module runs in the data user interval and is divided into two types of multiplication homomorphic decryption and encryption homomorphic decryption. A corresponding operation mechanism is based on a full proxy homomorphic encryption transmission model FPRM and is divided into a data provider interval, a data agent interval and a data user interval, a secret key does not need to be output in the data user interval, and the proxy re-encryption process does not depend on a data user any more.

Description

Full-proxy homomorphic re-encryption transmission system and operation mechanism thereof

Technical Field

The invention relates to the technical field of information security, in particular to a full-proxy homomorphic re-encryption transmission system and an operation mechanism thereof.

Background

At present, the common technologies in a data sharing scenario include Homomorphic Encryption (Homomorphic Encryption), Secure Multi-Party Computation (Secure Multi-Party Computation), federal Learning (fed Learning), and the like, and these methods can be used for solving the problem of data privacy disclosure. In practical application, the homomorphic encryption technology has wide application range and small dependence on environment, and is an important safety technical means.

The concept of homomorphic encryption was first proposed by Rivest in 1978, and is an encryption scheme capable of performing calculation operation on a ciphertext, and the core idea is to decrypt the result obtained by calculating (adding or multiplying) the ciphertext, and is equal to the result obtained by directly calculating the plaintext. Homomorphic encryption is divided into addition homomorphic, multiplication homomorphic and fully homomorphic algorithms, namely, the method only supports addition and subtraction, multiplication and division and satisfies addition homomorphic and multiplication homomorphic. It can be shown that other calculation methods, such as polynomial evaluation, exponential, logarithmic, trigonometric functions, etc., can be (or approximately) converted to a combination of addition and/or multiplication, and therefore the requirements of these calculations are also met by the homomorphism. In addition, the partial homomorphic algorithm can search the ciphertext by establishing an index file and an inverted file for the data. The homomorphic encryption technology is a current research hotspot, and a fully homomorphic encryption scheme based on ideal lattices is firstly proposed by Gentry in 2009, however, the technology is high in calculation cost and cannot be practically applied. Various improvements with different degrees appear subsequently, most of which are based on the scheme of Gentry, namely, the full homomorphic encryption DGHV on the integer, the full homomorphic encryption based on the LWE problem and the like. Because the complexity of the ideal lattice homomorphic encryption algorithm is high, and the expansion of ciphertext data cannot be solved, the practicability is not strong. At present, public key encryption algorithms are mature, such as ElGamal, Paillier and RSA algorithms, and all satisfy homomorphism. The RSA homomorphic algorithm relies on the difficulty of large integer decomposition and is homomorphic for multiplication operations. However, RSA is vulnerable to ciphertext attack because the same result is obtained when encrypting the same plaintext. The Paillier homomorphism algorithm aims at the problem of addition homomorphism and also relies on integer factorization. The Paillier homomorphic algorithm encryption process is relatively complex, and the homomorphic encryption efficiency is low. The ElGamal homomorphic algorithm is widely applied, the safety of the ElGamal homomorphic algorithm depends on the difficult problem of calculating discrete logarithms in a finite field, meanwhile, the ElGamal homomorphic algorithm can be used for digital signatures, multiplication homomorphism is achieved, even if the ElGamal homomorphic algorithm is encrypted by the same key, the obtained ciphertext is different, replay attack can be effectively avoided, the ElGamal homomorphic algorithm for brute force cracking variant is good in safety because the ElGamal algorithm needs to reversely solve exponential exponentiation, the ElGamal homomorphic algorithm only supports multiplication homomorphy in the traditional sense, and the ElGamal homomorphic algorithm can be achieved through modification of an encryption.

The homomorphic encryption technology can solve the encryption problem in data transmission, protect data privacy, enable data users not to obtain original data, and obtain the result after data calculation only through decryption. However, this method only supports the use of a pair of public and private keys to encrypt and decrypt data respectively, and if the data is used by multiple persons, the same private key needs to be shared by all persons, which makes it difficult to ensure the security of the data. In order to enable a plurality of data sharers to encrypt data and store the data in different receiving ends, a data user can decrypt the data by using a private key of the data user, different public and private key pairs are used in the encryption and decryption process, and the data needs to be subjected to proxy re-encryption. The Proxy Re-encryption (Proxy Re-encryption) technology was first proposed by Blaze et al in 1998, and by performing secondary encryption on the encrypted ciphertext, the data ciphertext can be decrypted by using private keys of different key pairs, and this way, the problem of multi-user (multi-key) can be solved.

As shown in fig. 1, the principle of the classical proxy re-encryption algorithm is described as follows: assume user A, B (having a different public-private key pair), agent P. A uses the public key to encrypt the data, then transmits to P, P processes and then transmits to B, B uses the private key to decrypt. This process can be broken down into the following steps:

A. b generate a public and private key pair, respectively (PK)_A，SK_A)、(PK_B，SK_B) A is the private key SK_ASending proxy Key Generator K, B Key PK_BOr SK_BSending the data to K;

a uses the public key PK_AEncrypting the data M to obtain a ciphertext C_PKACan be represented as C_PKA＝En(PK_AM), mixing C_PKASending the information to the agent P;

k uses the private key SK_AGenerating a new proxy key RK with the key of the B and sending the new proxy key RK to the proxy P;

p uses RK to convert C_PKAPerforming secondary encryption to obtain a result C_PKBIt can be expressed as follows: c_PKB＝Pre(C_PKARK), mixing C with_PKBSending the data to the B;

b uses the secret key SK_BC is to be_PKBThe decryption results in a plaintext M of data, which may be denoted as M ═ Dec (SK)_B，C_PKB)。

It should be noted that step 3, K, requires the private key of user a to be obtained, and requires both the secure transmission channel and the trust of the agent. If the user at the receiving end is a single individual B, only one pair of public and private keys is generated, the sender A needs B to provide the key of the sender A, and even under the condition that B provides the public key, the work of generating the proxy re-encryption key of K can be finished by A. If a plurality of users exist in an application scene and the processing result of data is needed to be commonly used by the plurality of users, a plurality of public and private key pairs are generated, and the calculation process of generating the proxy key by a reliable agent becomes a necessary link. How to strengthen the credibility of the agent and protect the private key from being disclosed is an important problem which is not solved in the application of the field.

Secondly, with the increasing requirements of information security and privacy protection, the attention of the proxy re-encryption technology is also rising year by year, and in recent years, the research on applying the proxy re-encryption technology to cloud computing is more, so that the improvement and innovation of an algorithm are mainly completed, or the security is improved by managing access rights or a block chain method.

However, for some application scenarios, such as channels of low-orbit constellations, the real-time requirement is high, a complex access control and blockchain system is not suitable for these application scenarios, and with the development and fusion of information technology, the application of the internet of things and big data technology in the aerospace field is also concerned, so that a set of novel trusted agent re-encryption model and its implementation architecture need to be designed for the features of many applications.

Disclosure of Invention

In order to overcome the defects in the prior art, the invention provides a full-proxy homomorphic re-encryption transmission system and an operation mechanism thereof, aiming at solving the problems of low use efficiency of encrypted data, stealing of a secret key in the midway, insufficient computing capacity, trust risk of proxy nodes and the like.

The invention aims to provide a full-proxy homomorphic re-encryption transmission system, which comprises:

the encryption module is used for generating a public and private key pair, encrypting a plaintext by using a public key, and supporting multiplication homomorphism and addition homomorphism by an encrypted ciphertext;

the re-encryption module applies two parts of a data provider interval and a data agent interval, and meanwhile, the key management module of the data agent interval can generate a key and transmit the key to the data provider interval and the data user interval, wherein the data provider interval is represented by the formula x-SK_AiSK generates re-encryption key x, and generates secondary cipher text through re-encryption algorithm;

and the decryption module runs in the data user interval and is divided into two types of multiplication homomorphic decryption and encryption homomorphic decryption.

Preferably, the generating the key by the encryption module includes: taking a large random prime number, generating a generating element of the random prime number, disclosing the random prime number and the generating element, randomly generating an integer as a private key, wherein the value range of the integer is between an integer 1 and the value of subtracting 1 from the random prime number, assigning different random integers to two keys required by re-encryption respectively, and simultaneously calculating a public key and assigning the public key to a corresponding key of primary encryption.

Preferably, the multiplicative homomorphism of the cryptographic module includes: encrypting plaintext data, specifically generating a random number, wherein the value range of the random number is between an integer 1 and a value obtained by subtracting 1 from a random prime number, and calculating u-y^kmod p, where k is the random number and p is the random prime number, to obtain a ciphertext c₁＝g^kmod p, and ciphertext c₂＝(m_iX u) mod p, where g is the generator, m_iIs plaintext data; the additive homomorphism of the cryptographic module comprises: encrypting plaintext data, specifically generating a random number, wherein the value range of the random number is between an integer 1 and a value obtained by subtracting 1 from a random prime number, generating a random small positive number alpha, and calculating u-y^kmod p, where k is the random number and p is the random prime number, to obtain a ciphertext c₁＝g^kmod p, and ciphertext

Wherein g is the generator, m_iAnd alpha is the random positive integer for plaintext data, and the encrypted ciphertext supports addition homomorphism and constant multiplication homomorphism.

Preferably, different algorithms of the decryption module need to be selected according to the application requirements, wherein the multiplicative homomorphic decryption includes: the data user utilizes the key SK sent by the key generation module of the data agent interval and the random positive integer K sent by the random key generation module_jGenerating a decryption key x ═ SK-K_jFor the ciphertext (C, C "), the decryption calculation v ═ C^x′mod p to obtain a plaintext M ═ C ″ × v^-1) mod p; wherein the decryption process of the addition homomorphism has one more log solving process than the decryption process of the multiplication homomorphism.

Preferably, the full-proxy homomorphic re-encryption transmission system is based on a full-proxy re-encryption transmission model, and places a key generation function in a trusted execution environment TEE to ensure that a key is not tampered, and sets two random numbers through different modules to ensure the security of transmission between intervals, wherein one random number is used for encryption and decryption from a data provider interval to a data agent interval module, and the other random number is used for data proxy re-encryption and decryption from the data agent interval module to a data user interval, and the full-proxy re-encryption transmission model includes:

the data provider interval is used for providing a data original text and completing two times of encryption and one time of locking processing operation;

the data agent interval is used for generating an agent key, re-encrypting data, unlocking data and generating random numbers, and is divided into three functional modules according to roles, wherein the three functional modules are respectively as follows:

the key management module is used for generating a key, a locking random number and an unlocking number involved in re-encryption, a computing part of the key management module runs in a trusted execution environment TEE, and the key is updated periodically;

the data re-encryption module: the unlocking of the ciphertext data of the data provider interval is completed by using the parameters transmitted by the key management module, and the proxy re-encryption operation is completed by using the proxy re-encryption parameters generated by the random key generation module;

a random key generation module: and generating random numbers for the data re-encryption module to complete the proxy re-encryption process, and sending the proxy re-encryption parameters to the data proxy interval for decrypting ciphertext data.

Preferably, the trusted execution environment TEE is implemented as an SGX based on an Intel architecture.

Preferably, the full-proxy re-encryption transmission model takes an ElGamal algorithm as a basis of the full-proxy re-encryption transmission model, and encryption and decryption of the ElGamal algorithm are divided into two types, namely, supporting addition homomorphism and multiplication homomorphism.

The invention also aims to provide an operation mechanism of the full-proxy homomorphic re-encryption transmission system, based on a full-proxy homomorphic encryption transmission model FPRM, the full-proxy homomorphic encryption transmission model FPRM is divided into a data provider interval, a data agent interval and a data user interval, the data user interval does not need to output a secret key, the proxy re-encryption process does not depend on a data user any more, the data agent interval is divided into three types of roles which are represented as three modules, namely an encryption module, a data re-encryption module and a random key generation module, and the three modules (roles) are mutually independent.

Preferably, the operation mechanism of the full-proxy homomorphic re-encryption transmission system includes:

step 1, encrypting the original data by the data provider interval by using a public key to obtain a ciphertext, which is the same as the original model and can be expressed as:

c_1i＝e(PK_Ai，m_i) Wherein PK is_AiPublic key representing data provider section, m_iRepresenting said raw data, c_1iRepresenting a ciphertext;

step 2, a key generation module in the data agent interval is stored in a set of trusted execution environment, an agent key and a random number are generated, the agent key and the random number are sent to a data user in the data provider interval, the agent key is used for replacing a public key in an original model, the ciphertext is re-encrypted, and a re-encryption result is obtained and expressed as:

c_2i＝re(SK_Ai，SK，c_1i) Where SK_AiRepresenting the private key, SK representing the proxy key, c_1iRepresenting a ciphertext, c_2iRepresenting the ciphertext re-encryption result, wherein the number of r is the same as the number of m;

the data provider interval uses the random number to complete the locking operation of the ciphertext re-encryption result to obtain a result l (c)_2i，r_i) Wherein r is_iRepresents the random number, c_2iRepresenting the ciphertext re-encryption result;

the encryption module periodically replaces the proxy key;

step 3, the data provider interval will be l (c)_2i，r_i) And the data re-encryption module is transmitted to the data agent interval, the key management module of the data agent interval generates a set R according to the sequence of the random numbers, and the set R is expressed as:

R＝{r₁，r₂...r_iin which r is₁，r₂，...r_iRespectively a plurality of random numbers;

then transmitting R to a data re-encryption module to complete l (R) in sequence_i，c_2i) The unlocking operation of the ciphertext can be expressed as follows:

c_2i＝l^-1(l(r_i，c_2i)，r_i)

further completing homomorphic calculation operation to obtain ciphertext result g (c)_2i)；

Step 4, the random key generation module of the data agent interval generates random numerical values and sends the random numerical values to the data re-encryption module and the data user interval respectively, and the data re-encryption module uses the random numerical values to perform agent re-encryption on the ciphertext results to obtain results p (g (c)_2i)，K_j) In which K is_jRepresents said random number, g (c)_2i) Representing the ciphertext result, and converting p (g (c)_2i)，K_j) Sending the data to the data user interval, wherein the encryption operation p () can be reversibly operated through the random number;

and 5, the data user interval firstly carries out decryption operation by using the received random numerical value to obtain a ciphertext result, which is expressed as:

g(c_2i)＝p^-1(p(g(c_2i)，K_j)，K_j) Wherein g (c)_2i) Representing the ciphertext result;

meanwhile, a key management module in the data agent interval also sends the agent key to the data user interval, and the data user interval utilizes the agent key to complete homomorphic calculation of the plaintext of the ciphertext result, which is expressed as follows:

g(m_i)＝d(SK，g(c_2i) SK denotes the proxy key, g (c)_2i) Representing the ciphertext result, g (m)_i) Representing the plaintext.

Preferably, if the homomorphic calculation in step 3 is converted into linear addition or linear multiplication, l (c)_2i，r_i) According with the homomorphic encryption calculation rule, performing homomorphic calculation operation g () with other locked ciphertext data to obtain result l (g (c)_2i) R) wherein

r＝g(r_i)

The key management module of the P interval calculates the operation rule according to the homomorphism to obtain r, and transmits the r to the data re-encryption module to carry out unlocking inverse operation to obtain a ciphertext result g (c)_2i) The expression is as follows:

g(c_2i)＝l^-1(l(g(c_2i) R), r) to further enhance security.

The invention has the beneficial effects that:

1) compared with the traditional agent re-encryption transmission model, the model has the advantages that in order to guarantee safety, a single agent is prevented from having higher authority, the risk of data decryption by interception in the midway is reduced, and three mutually independent modules are arranged in the P interval. The key generation function is placed in a Trusted Execution Environment (TEE) to ensure that the key is not tampered, and meanwhile, two random numbers are set through different modules and used for ensuring the security of interval transmission: one is used for locking and unlocking the interval module from the interval A to the interval P, and the other is used for data agent re-encryption and decryption from the interval module from the interval P to the interval B.

2) The model avoids the dependence of data encryption transmission on a data user (B interval), changes the active participation mode of the data user into a passive receiving mode, and is suitable for the characteristics of isomerism and dynamic joining and quitting of the data user in a meteorological satellite application scene.

The above and other objects, advantages and features of the present invention will become more apparent to those skilled in the art from the following detailed description of specific embodiments thereof, taken in conjunction with the accompanying drawings.

Drawings

Some specific embodiments of the invention will be described in detail hereinafter, by way of illustration and not limitation, with reference to the accompanying drawings. The same reference numbers in the drawings identify the same or similar elements or components. Those skilled in the art will appreciate that the drawings are not necessarily drawn to scale. The objects and features of the present invention will become more apparent in view of the following description taken in conjunction with the accompanying drawings, in which:

FIG. 1 is a schematic diagram of a classic proxy re-encryption process flow according to the prior art;

FIG. 2 is a conventional (classical) proxy re-encryption transport model framework and flow diagram according to the prior art;

FIG. 3 is a full proxy homomorphic encryption transport model framework and flow diagram according to an embodiment of the invention;

FIG. 4 is a flow diagram of system encryption according to an embodiment of the present invention;

FIG. 5 is a diagram illustrating a low-orbit constellation-based meteorological data transmission architecture according to an embodiment of the present invention;

fig. 6 is a diagram of an architecture of a trusted low-earth constellation data transmission system according to an embodiment of the present invention.

Detailed Description

In order to make the present invention more comprehensible with respect to its gist, the present invention will be further described with reference to the accompanying drawings and examples. In the following description, numerous specific details and specific examples are set forth in order to provide a more thorough understanding of the present invention and to provide a thorough understanding of the present invention. While this invention is susceptible of embodiment in many different forms than that described herein, there will be many equivalents to those skilled in the art which incorporate such variations and modifications without departing from the spirit and scope of the invention as defined by the appended claims and their equivalents.

The embodiment provides a full-proxy homomorphic re-encryption transmission system and an operation mechanism thereof, which are used for solving the problems of low use efficiency of encrypted data, stealing of a secret key in the midway, insufficient computing capacity, proxy node trust risk and the like, and comprise the following steps:

The encryption module generating the key includes: taking a large random prime number, generating a generating element of the random prime number, disclosing the random prime number and the generating element, randomly generating an integer as a private key, setting the value range of the integer between the integer 1 and the value of subtracting 1 from the random prime number, respectively assigning different random integers to two keys required by re-encryption, and simultaneously calculating a public key and assigning the public key to a key corresponding to primary encryption.

The multiplicative homomorphism of an encryption module includes: encrypting plaintext data, specifically generating a random number, wherein the value range of the random number is between an integer 1 and a value obtained by subtracting 1 from a random prime number, and calculating u-y^kmod p, where k is the random number and p is the random prime number, to obtain a ciphertext c₁＝g^kmod p, and ciphertext c₂＝(m_iX u) mod p, where g is the generator, m_iIs plaintext data; the additive homomorphism of the cryptographic module includes: encrypting plaintext data, specifically generating a random number, wherein the value range of the random number is between an integer 1 and a value obtained by subtracting 1 from a random prime number, generating a random small positive number alpha, and calculating u-y^kmod p, where k is the random number and p is the random prime numberTo obtain a ciphertext c₁＝g^kmod p, and ciphertext

Different algorithms of the decryption module need to be selected according to the application requirements, wherein the multiplicative homomorphic decryption comprises the following steps: the data user utilizes the key SK sent by the key generation module of the data agent interval and the random positive integer K sent by the random key generation module_jGenerating a decryption key x ═ SK-K_jFor the ciphertext (C, C "), the decryption calculation v ═ C^x′mod p to obtain a plaintext M ═ C ″ × v^-1) mod p; wherein the decryption process of the addition homomorphism has one more log solving process than the decryption process of the multiplication homomorphism.

The full-proxy homomorphic re-encryption transmission system is based on a full-proxy re-encryption transmission model, a key generation function is placed in a trusted execution environment TEE to guarantee that a key is not tampered, two random numbers are set through different modules and used for guaranteeing the transmission safety between intervals, one random number is used for locking and unlocking a data provider interval module and a data agent interval module, the other random number is used for re-encrypting and decrypting data between the data agent interval module and a data user interval, and the full-proxy re-encryption transmission model comprises:

The trusted execution environment TEE is implemented as an SGX based on the Intel architecture. There are multiple implementations of TEE, and there are popular trustzones based on the sgx (software Guard extensions) of Intel architecture and the ARM architecture of mobile phone terminal. In 2013, Intel corporation proposed a new security technology SGX based on processor hardware implementation, which is dedicated to protecting key data integrity and confidentiality. The SGX program generates an Enclave, usually called a security zone, when running, and stores the software to be protected in the Enclave, even if privileged software (such as a virtual machine monitor, BIOS, or operating system) or other software in the Enclave cannot access the code and data, the behavior of attempting to modify the contents in the Enclave is detected and prohibited. The critical data and code will be placed in the Enclave to run. And preventing the access of malicious software to the data in the Enclave through the technologies of memory access semantics, address mapping protection, remote authentication and the like. This secure area may be used to store keys and the like. The ARM TrustZone originated in 2004, is an important TEE implementation manner, and provides a hardware-level system security protection and an isolated execution environment for an embedded device. The TrustZone is not suitable for the embedded terminal such as a mobile phone in the main application scene, and the SGX technology has wide support for the mainstream Intel CPU. Therefore, system design is carried out according to the characteristics of the TEE, the SGX technology is selected to protect the operation safety of the program and take charge of the part generated by the trusted computing parameter in the key generation module, the calculation range which can be processed by the TEE cannot be exceeded, the data privacy can be effectively protected, the problem of leakage of a private key and a random number is solved, and the running program and the running data are ensured not to be easily tampered.

The present embodiment is based on the ElGamal algorithm as a full proxy re-encryption transmission model, and the design and implementation of the algorithm are described in detail below. The encryption and decryption of the ElGamal algorithm is divided into two types, supporting addition homomorphism and multiplication homomorphism. The following description is made separately.

1. Encryption module

This module involves the generation of a public-private key pair and uses the public key to encrypt the plaintext. The encrypted and re-encrypted ciphertext supports multiplication and addition homomorphism.

The idea of generating a key is to generate the above-mentioned model m_iSK for data use_AiAnd SK, and public key PK_AiFor example. Taking a large random prime number p, generating a generator g of p, and disclosing p and g. Randomly generating an integer x as a private key (1 < x < p-1), and respectively assigning to SK_AiAnd SK, and computing the public key y ═ g at the same time^xmod p and assign PK_Ai. The key pair generation algorithm is shown as algorithm 1:

(1) multiplication homomorphism

Then for the plaintext data m_iEncrypting to generate random number k (1 < k < p-1), and calculating u-y^kmod p to obtain ciphertext c₁＝g^k mod p，c₂＝(m_iX u) mod p. The cryptographic multiplication homomorphism is shown in algorithm 2:

(2) additive homomorphism

Similarly, for plaintext data m_iProceed to, toThe algorithm that the ciphertext after encryption supports the addition homomorphism and the constant multiplication homomorphism is described as follows:

2. re-encryption module

In this model, the re-encryption module applies two parts, a data user A interval and a proxy P interval. Meanwhile, the P interval key management module generates a key SK and transmits the key SK to the A interval and the B interval. The interval A is represented by the formula x-SK_AiSK generates a re-encryption key x and a secondary ciphertext via a re-encryption algorithm, where c₁Constant, calculate v ═ c₁)^xmod p, and then c₂′＝(c₂×v^-1)mod p。

The re-encryption algorithm is shown in algorithm 4:

at (c 1)_，c₂') before the transmission to the P interval, the secondary ciphertext needs to be locked with ri once, which is beneficial to reducing the potential safety hazard of transmission, and the step is specifically realized by c₂″←c₂′×r_iAlgorithm implementation, the result after locking is c₂". After the data in the interval P is re-encrypted, homomorphic calculation is carried out firstly because of r_iSimple multiplication is carried out and the homomorphic calculation rule is also met, so homomorphic calculation is carried out firstly in the P interval and then r (r is a plurality of r)_iProduct of) is unlocked (divided).

In addition, in the P interval data re-encryption module, the random positive integer K of the random key generation module is obtained_jTo complete homomorphic computed data (C, C'), then performing proxy re-encryption to obtain ciphertext data (C, C ″), wherein the algorithm is described as follows:

3. decryption module

(1) Multiplication homomorphism

The decryption module is operated at a data user position in the B interval, is divided into two types of multiplication and addition homomorphic decryption, and different algorithms need to be selected according to requirements. The data user utilizes the key SK sent by the key generation module of the data agent interval and the random positive integer K sent by the random key generation module_jGenerating a decryption key x ═ SK-K_jFor the ciphertext (C, C "), the decryption calculation v ═ C^xmod p to obtain a plaintext M ═ C ″ × v^-1) mod p. The decryption algorithm is described as follows:

(2) additive homomorphism

The decryption process of the addition homomorphism has one more step of logarithm solving than the multiplication homomorphism, and the algorithm 7 shows that:

the operation mechanism of the full-proxy homomorphic re-encryption transmission system is described in detail. As shown in fig. 2, a conventional (classic) proxy re-encryption transmission model framework and a flow chart are referred to as an original model, the framework is divided into three sections, namely a data provider section (referred to as an a section), a data agent section (referred to as a P section) and a data user section (referred to as a B section), different sections are represented by different depth dotted line boxes, and a model operation flow is described as follows according to a section sequence:

1) in the interval A, m_iRepresenting raw data (in practice there are multiple data providers, i in the figure representing one of the data provided by the interval a) In the encryption process, the data provider A needs to first obtain the public key PK between B intervals_BiBy means of the private key SK_AiAnd PK_BiSelf-generating proxy key RK_i. This process requires the use of the private key of a, and is therefore put into the interval a. At the same time, m_iBy PK_AiCompleting the primary encryption of the data to generate encrypted data c_1iIt can be expressed as:

c_1i＝e(PK_Ai，m_i)

2) the P interval mainly completes the functions of proxy re-encryption data and homomorphic ciphertext calculation. Two parts of information are input from the A section, and the two parts of information are respectively data c needing to be encrypted again_1iAnd a re-encryption key RK_iGenerating encrypted data c by proxy re-encryption_2iIt can be expressed as:

c_2i＝p(RK_i，c_1i)

ciphertext C_2iAccording to the homomorphic calculation rule, it can be calculated (addition, multiplication, etc. homomorphic operation) together with other cryptographs to obtain cryptograph result g (c)_2i) The result is transmitted to the B interval.

3) In the B interval, g (c)_2i) By SK_BDecryption yields the plaintext result g (m)_i) It can be expressed as:

g(m_i)＝d(SK_Bi，g(c_2i))

the conventional proxy re-encryption transport model runs to the end. The model is characterized in that a key is provided in the interval B, the key actively participates in the generation of the re-encryption key RK, and the model has higher requirements on data users and is not suitable for the application scene of the terminal dynamics.

Referring to fig. 3, a framework and a flowchart of a full proxy homomorphic encryption transport model (FPRM) according to the present embodiment are shown. Also, the model is divided into a section a, a section P, and a section B. With respect to fig. 2, the most significant features are two-fold: on one hand, the B interval does not need to output a key, and the proxy re-encryption process does not depend on a data user any more; on the other hand, the P interval is divided into three roles, which are represented by three modules, namely a key management module, a data re-encryption module and a random key generation module, and the three modules (roles) are mutually independent. The detailed steps of the model operation flow are as follows:

1) public key PK used in interval A_AiThe original data m_iEncrypting to obtain ciphertext c_1iLike the original model, it can be expressed as:

c_1i＝e(PK_Ai，m_i)

2) the key generation module in the P interval exists in a set of trusted execution environment and generates a proxy key SK and a random number r according to a certain rule_i(the number of r is the same as the number of m), and SK is added to the random number r_iSending to data provider in A interval, using SK to replace PK in original model_BiCan complete the pair c_1iIs re-encrypted to obtain a result c_2iIt can be expressed as:

c_2i＝re(SK_Ai，SK，c_1i)

then, in order to reduce the risk of reversely deducing the original data from the ciphertext after the P interval is attacked, the random number r is used by the A interval_iCompletion of pair c_2iA locking operation to obtain the result of l (c)_2i，r_i). Since the frequency of using SK in the model is high, the key generation module periodically replaces SK.

3) Interval A will be l (r)_i，c_2i) And transmitting the data to a data re-encryption module of the P interval. The key management module of the P interval is according to r_iGenerating a set R, expressed as:

R＝{r₁，r₂...r_i}

then, R is transmitted to a data re-encryption module, and l (R) is completed in sequence_i，c_2i) The unlocking operation of the ciphertext can be expressed as follows:

c_2i＝l^-1(l(r_i，c_2i)，r_i)

further completing homomorphic calculation operation to obtain ciphertext result g (c)_2i) See path a in the data re-encryption module in the figure. In particular, if the homomorphic calculation is converted to a linear addition or linear multiplication, then l (c)_2i，r_i) Sign contractThe state encryption calculation rule performs homomorphic calculation operation g () with other locked ciphertext data to obtain result l (g (c)_2i) R) wherein

r＝g(r_i)

The key management module of the P interval calculates the operation rule according to the homomorphism to obtain r, and transmits the r to the data re-encryption module to carry out unlocking inverse operation to obtain a ciphertext result g (c)_2i) It can be expressed as:

g(c_2i)＝l^-1(l(g(c_2i)，r)，r)

this process may further enhance security, see path b of the data re-encryption module in the figure.

4) Random K is generated by random key generation module of P interval_jAnd is combined with K_jAnd respectively sending the data to the data re-encryption module and the B interval. Data re-encryption module using K_jFor g (c)_2i) Performing proxy re-encryption to obtain the result p (g (c)_2i)，K_j) And sent to the B section. Wherein the encryption operation p () can pass K_jReversibly operated.

5) B interval using received random K_jFirst, a decryption operation is performed to obtain a result g (c)_2i) It can be expressed as follows:

g(c_2i)＝p^-1(p(g(c_2i)，K_j)，K_j)

meanwhile, the key management module in the P interval also sends the SK to the B interval, and the B interval completes homomorphic calculation of the ciphertext g (c) by using the SK_2i) G (m) of_i) It can be expressed as follows:

g(m_i)＝d(SK，g(c_2i))。

in the embodiment, the ElGamal algorithm is used as the implementation basis of the full-proxy homomorphic encryption transmission model. In contrast to the above model, detailed description is given in the detailed description, and after a plurality of data owners (section a) encrypt data, the calculation result of the data is sent to the data user (section B) by using a full proxy homomorphic encryption transmission model.

According to the FPRM abstract model, the model algorithm is instantiated in the part, and the flow design is shown in FIG. 4.

Model data:there are multiple data participating in secure transmission in the model, originating from multiple data providers, and presumably representing a raw plaintext data set

M＝{m₁，m₂，m₃...m_i}

Model components:the model can be divided into three intervals.

Data provider section (section a): and the system is responsible for providing data original text and completing two encryption and one locking processing operation.

Data broker section (P section): the system is responsible for the functions of proxy key generation, data re-encryption, data unlocking, random number generation and the like, and can be disassembled into the following three functional modules according to roles:

a key management module S: generating a key Sk, a locked random number r involved in a re-encryption_iAnd an unlock number r, the computing portion of the module running in the trusted execution environment SGX. In addition, since SK is more applied in this model, SK needs to be updated periodically to reduce risk.

The data re-encryption module R: unlocking the ciphertext data in the interval A by using the parameter r transmitted by the S, and generating a proxy re-encryption parameter K generated by a module G by using a random key_jAnd finishing the proxy re-encryption operation.

A random key generation module G: generating a random number K_jFor R module to complete proxy re-encryption process and to convert K_jThe transmission B section is used to decrypt ciphertext data.

The model is input and output and the algorithm,each interval and each module has input, output and related algorithms, described herein as follows:

input of an A interval: secret key SK and series locking random number r sent by P interval S module_iEach of r_iCorresponding to a data source m_i。

Output of the section A: after two times of encryption operation, the output homomorphic ciphertext data is locked.

The core function involved in the interval a is described as follows:

1) genkey (param): a key generation function. The import parameter param, the public-private key pair of the export data provider, is (PK), respectively_Ai，SK_Ai)；

2)Encrypt(PK_Ai，m_i): an encryption function. m is_iFor plaintext of A interval, input public key PK_AiFor plaintext m_iPerform encryption (PK)_Ai，m_i) Outputting the encrypted ciphertext pair (c) according to the characteristics of the ElGamal algorithm_1i，c_2i) Wherein c is_1iAn auxiliary private key generated for the algorithm, c_2iInitial ciphertext data calculated according to a plaintext;

3)ReEncrypt(SK_AiSK): the function is re-encrypted. The input data is a private key SK_AiA secret key SK and a ciphertext pair (c)_1i，c_2i) Outputting the re-encrypted ciphertext pair (c) according to the characteristics of the ElGamal algorithm_1i，c_2i') wherein c_1iStill the auxiliary private key generated by the previous cryptographic algorithm, c_2i' re-encrypting the ciphertext data according to the initial ciphertext;

4)Lock((c_1i，c_2i′)，r_i): a locking function. In order to complete safe transmission and reduce the risk of data leakage in the transmission to the R module in the P interval, R is used_iPasses to corresponding data cipher text (c)_1i，c_2i) Encryption is performed.

And P interval input and output.

The key management module S inputs: reading homomorphic calculation rules.

The key management module S outputs: the generated key SK which is periodically updated is sent to the interval A and the interval B; at the same time, lock the series with random number r_iSending to the A interval, and sending the set R of series random numbers to { R }₁，r₂...r_iSending the result to a data re-encryption module, homomorphically calculating multiplication expressed as linear multiplication (addition operation of plaintext, multiplication operation expressed as ciphertext and only different encryption algorithms) according to the characteristics of ElGamal algorithm, and then changing r to g (r is different from g) (r is different from g in encryption algorithm)_i) In the algorithm, a plurality of ri are multiplied to be transmitted to data to be addedAnd a cipher module, wherein g () is a homomorphic calculation rule of the A interval cipher text.

Inputting by a random key generation module G: none.

Outputting by the random key generation module G: random K to be generated_jAnd respectively sending the data to the data re-encryption modules R and B.

The data re-encryption module R inputs: the A section sends each locked ciphertext Lock ((c)_1i，c_2i′)，r_i) (ii) a The key management module sends r (r is a random parameter to carry out homomorphic operation); random K sent by random key generation module_j。

Output of the data re-encryption module R: the proxy re-encrypts the ciphertext (C, C') and transmits it to the B interval.

The core function involved in the P interval is described as follows:

1) random (): random number generating function, S, G module needs to use the function to generate the needed keys SK, K in the full-proxy homomorphic encryption_jAnd a random number r for locking in secure transmission_i. These processes can be performed in the SGX, in particular in the S module, generating a periodic key SK and a random number r_i。

2)UnLock(g(Lock((c_1i，c_2i′)，r_i) R) is: and unlocking the function. In the present algorithm, homomorphic calculations appear as linear product calculations, where r ═ g (r)_i) G () represents homomorphic calculation operation of a plurality of ciphertexts, the unlocking result is a cipher text (C, C '), wherein C represents the result of multiplication calculation of a plurality of auxiliary private keys, and C' is the result of homomorphic calculation of the data cipher text, and the proxy re-encryption operation is continued.

3)ProReEncrypt((C，C)，k_j): proxy re-encryption algorithm. Obtaining the random K required for proxy re-encryption from the G-module_jAnd outputting a proxy re-encrypted ciphertext (C, C '), wherein C is unchanged, C ' is a ciphertext result of the data ciphertext C ' proxy re-encrypted again, and the result is transmitted to the interval B to continue operation.

Input of the B interval: the key SK sent by the P interval key generation module S and the K transmitted by the random key generation module G_j。

The core function involved in the B interval is described as follows:

4)Decrypt((C，C)，d(SK，K_j)): and (4) a decryption algorithm. Wherein, according to ElGamal algorithm, K_jAnd SK can generate key d (SK, K) by calculation_j) And (4) finishing the decryption of (C, C'), wherein the decryption algorithm is divided into two modes of multiplication and addition decryption, and outputting the decrypted plaintext. And the interval B carries out calculation or other operations according to the needs.

The full-proxy homomorphic encryption transmission model is completed based on the ElGamal algorithm, and because multiplication and addition are respectively carried out, the security is enhanced in the transmission process, for example, the design of r reduces the risk of information being decrypted in the midway, and certainly, for the application of hybrid calculation, a plaintext further calculation may be required to be carried out by a data user in the B interval, but the leakage of source data cannot be caused. The use of the SGX strengthens the credible operation of key generation, and can effectively prevent the privacy variable in the code running from being stolen. In a word, based on the ElGamal algorithm, a full-proxy homomorphic encryption transmission model can be well realized, the dependence on the encryption transmission process of the B interval is reduced, and the A interval and the P interval are in charge of full proxy.

The following specific application examples are made for the existing architecture of a low earth constellation satellite communication system. The low-orbit constellation is a basic communication support for military and civil integration, can bear data exchange, sharing and application, and becomes an effective supplement of the traditional mobile internet, for example, the low-orbit constellation can play a specific role in a ground network signal blind area. A typical application scenario for low-orbit constellations is meteorological data acquisition systems. The meteorological observation data and the meteorological forecast have important functions in the fields of aerospace, disaster prevention and disaster avoidance, a data acquisition station is usually built in a remote area with a severe network environment, acquired data needs to be transmitted through a low-orbit constellation and can be processed and then transmitted to terminals of transportation departments such as airplanes, automobiles, ships and the like for use, and the customized data analysis requirements of different units are met. At present, a meteorological data transmission structure based on a low-orbit constellation is shown in fig. 5, the low-orbit constellation serves as a long-distance communication means, meteorological data are collected from an internet of things collection terminal, and the low-orbit constellation and a ground gateway station are utilized to transmit the data to a user end. The gateway station can be divided into a ground gateway station or a mobile gateway station and is responsible for connecting a ground network and a satellite constellation and carrying out forwarding processing. The data use terminal can be equipment and a transportation tool which are required by meteorological data, such as a mobile aircraft, an automobile, a ship and the like, and can also be connected with the Internet. Ground communication relies primarily on the internet to connect to various terminal devices. The management control center is arranged on the ground system, is a management center of the whole air-ground system, is responsible for functions of system monitoring, resource scheduling and the like, and is directly connected with the Internet. In practical application, if part of meteorological data is confidential, problems such as security and privacy exposure are highlighted, and further, how to safely and effectively transmit and share data by using a low-orbit constellation channel becomes a key problem to be solved urgently at present. Typically, a classical encryption algorithm (such as AES, DES, etc.) is used for transmission, and the decryption is performed directly after the party receives the data. However, these approaches will face the following challenges:

1) the traditional encrypted data is transmitted one to one, the data cannot be subjected to operations such as statistics and calculation, and the application range is limited;

2) because the data use terminal in the existing architecture usually has insufficient computing power, the architecture lacks high-performance computing nodes, and only supports scenes with low requirements on data confidentiality and low data computing processing capacity;

3) the safety risk exists in the intermediate transmission process, once safety accidents such as data leakage, data falsification in the use process, intrusion of an intermediate processing node and the like occur, the data can be randomly copied, processed and transmitted, and loss which is difficult to measure is caused;

4) the asymmetric encryption method is that a data use terminal generates a pair of public and private keys. And actively sending the public key to a data sending end through a network for encryption. In practice, there are multiple data sources and receivers, and the sender depends on the receiver. The dynamic exit mechanism of the data usage terminal may cause inefficient operation and transmission. To avoid this problem, it is necessary to reduce the dependence of the encryption process on the data usage terminal.

In this embodiment, an instantiation work of a full-proxy homomorphic encryption transmission model based on the ElGamal algorithm is performed, and each module is deployed and implemented in a meteorological data acquisition scene of the current low-orbit constellation communication transmission system. The transmission system consists of a satellite, a gateway station and a management control center, and a commercial data center (or a cloud computing center) participating in computing is added to jointly form a data agent interval (P interval) in the model; the meteorological collection terminal corresponds to a data provider interval (A interval); the data user terminal corresponds to the data user zone (B zone).

As shown in fig. 6, in the weather collection terminal, in addition to the data collection module, a public key encryption module, a re-encryption module and a locking module of the FPRM model a section are added to complete corresponding functions. And in the P interval, the management control center is responsible for functions of system monitoring, resource scheduling and the like. Besides the original monitoring management module carrying the functions, a key generation module (generating key SK and random number r) based on an SGX mechanism is additionally added_i) And a random number processing module (for performing a plurality of r)_iAn operation to generate r); the gateway station is added with a random key generation module; and the commercial data center comprises a data re-encryption module, and is further divided into a homomorphic calculation module, an unlocking module and an agent re-encryption module. The data user terminal has a decryption module and a function of post-processing the decrypted plaintext according to the requirement.

The low orbit constellation agent homomorphic credible transmission system circulates information among the modules. In order to ensure the safety of data transmission and communication, three independent Virtual Private channels (VPNs) are established in the internet, a gateway station and a low-orbit constellation system depending on the basic characteristics of the existing physical architecture, wherein the VPNs are respectively t1, t2 and t3, and the data are ensured to be independent and not interfered with each other. First, a key SK and a random number r generated by a management control center are managed_iAnd the data are transmitted to the weather acquisition terminal through the internet, a gateway station and a satellite through a t1 channel and are respectively transmitted to the re-encryption module and the locking module. Further, the data acquisition terminal completes operations such as encryption, re-encryption, locking and the like, and the locked re-encrypted data reaches the commercial data center through a t2 channel via a satellite, a gateway station and the internet. Meanwhile, r generated by the random number processing module of the management control center is transmitted through a special channel of the InternetTo a commercial data center. K to be generated by random key generation module on gateway station_jSent over the internet via channel t 3. The commercial data center obtains the information, then homomorphic calculation, unlocking and proxy re-encryption work are carried out, and the ciphertext after proxy secondary re-encryption homomorphic calculation is sent to a data user through an internet special channel. Meanwhile, the SK of the management control center and the K sent by the gateway station random key generation module are also sent to the data user through an internet dedicated channel_j. The data user firstly carries out decryption operation and then completes the relevant operation according to the self requirement. Thus, the data security circulation of the whole system is completed.

The low-orbit constellation full-proxy homomorphic trusted transmission system and the operation mechanism provided by the embodiment are suitable for the physical architecture of the current low-orbit constellation, can perform secure data transmission, protect original privacy data, avoid dependence on data users, solve the actual requirement of meteorological data transmission, effectively combine the low-orbit constellation with the internet and a commercial data center, and expand the application range of a low-orbit constellation communication system.

Specifically, the present embodiment:

1) compared with the traditional agent re-encryption transmission model, the model has the advantages that in order to guarantee safety, a single agent is prevented from having higher authority, the risk of data decryption by interception in the midway is reduced, and three mutually independent modules are arranged in the P interval. The key generation function is placed in a Trusted Execution Environment (TEE) to ensure that the key is not tampered, and meanwhile, two random numbers are set through different modules and used for ensuring the transmission safety between intervals: one is used for locking and unlocking the interval module from the interval A to the interval P, and the other is used for data agent re-encryption and decryption from the interval module from the interval P to the interval B.

2) The model avoids the dependence of data encryption transmission on data users, changes the active participation mode of the data users into the passive acceptance mode, and is suitable for the characteristics of isomerism and dynamic joining and quitting of the data users in the meteorological satellite application scene.

While the present invention has been described with reference to the particular illustrative embodiments, it is not to be restricted by the embodiments but only by the appended claims. It will be understood by those skilled in the art that variations and modifications of the embodiments of the present invention can be made without departing from the scope and spirit of the invention.

Claims

1. A full-proxy homomorphic re-encryption transmission system, comprising:

the re-encryption module applies two parts of a data provider interval and a data agent interval, meanwhile, a key management module of the data agent interval generates a key and transmits the key to the data provider interval and the data user interval, the data user interval completes homomorphic calculation of a plaintext of a ciphertext by using the key transmitted by the data agent interval and outputs the decrypted plaintext, and the data provider interval is represented by a formula x SK_AiSK generates a re-encryption key x and a secondary ciphertext through a re-encryption algorithm, wherein SK_AiThe private key of a data provider corresponding to the ith part of data provided by the interval A is represented, and SK represents a proxy key;

2. The system according to claim 1, wherein the encryption module generates the key comprising: taking a large random prime number, generating a generating element of the random prime number, disclosing the random prime number and the generating element, using a randomly generated integer as a private key, wherein the value range of the integer is between an integer 1 and the value of subtracting 1 from the random prime number, assigning different random integers to two keys required by re-encryption respectively, and simultaneously calculating a public key and assigning the public key to a key corresponding to primary encryption.

3. A full proxy homomorphic re-encryption transmission system according to claim 2, wherein said multiplicative homomorphy of said encryption module comprises: encrypting plaintext data, specifically generating a random number, wherein the value range of the random number is between an integer 1 and a value obtained by subtracting 1 from a random prime number, and calculating u-y^kmod p, where k is the random number and p is the random prime number, to obtain a ciphertext c₁＝g^kmod p, and ciphertext c₂＝(m_iX u) mod p, where g is the generator, m_iIs plaintext data; the additive homomorphism of the cryptographic module comprises: encrypting plaintext data, specifically generating a random number, wherein the value range of the random number is between an integer 1 and a value obtained by subtracting 1 from a random prime number, the generated random number is smaller than a random positive integer alpha, and calculating u-y^kmod p, where k is the random number, p is the random prime number, and y represents a public key, to obtain a ciphertext c₁＝g^kmod p, and ciphertext c₂＝(m_iX u) modp, where g is the generator, m_iFor plaintext data, additive homomorphism and constant multiplication homomorphism are supported for ciphertext after encryption.

4. The full-proxy homomorphic re-encryption transmission system according to claim 1, characterized in that different algorithms of the decryption module need to be selected according to the application requirements, wherein the multiplicative homomorphic decryption includes: the data user utilizes the key SK sent by the key generation module of the data agent interval and the random positive integer K sent by the random key generation module_jGenerating a decryption key x ═ SK-K_jFor the ciphertext (C, C "), the decryption calculation v ═ C^x′mod p to obtain a plaintext M ═ C ″ × v^-1) mod p; wherein the decryption process of the addition homomorphism has one more log solving process than the decryption process of the multiplication homomorphism.

5. The full-proxy homomorphic re-encryption transmission system according to claim 1, wherein the full-proxy homomorphic re-encryption transmission system is based on a full-proxy re-encryption transmission model, and places a key generation function in a trusted execution environment TEE to protect keys from being tampered, and sets two random numbers through different modules to ensure security of transmission between intervals, one random number is used for encryption and decryption from a data provider interval to a data agent interval module, and the other random number is used for data agent re-encryption and decryption from the data agent interval module to a data user interval, the full-proxy re-encryption transmission model comprises:

6. The full proxy homomorphic re-encryption transmission system according to claim 5, characterized in that: the trusted execution environment TEE is implemented as an SGX based on an Intel architecture.

7. The full proxy homomorphic re-encryption transmission system according to claim 5, characterized in that: the full-proxy re-encryption transmission model takes an EIGamal algorithm as a basis of the full-proxy re-encryption transmission model, and the encryption and decryption of the EIGamal algorithm are divided into two types, namely addition homomorphism and multiplication homomorphism.

8. A method of operating a full proxy homomorphic re-encryption transmission system according to any of claims 1-7, characterized by: based on full agent homomorphic encryption transmission model FPRM, full agent homomorphic encryption transmission model FPRM divide into between data provider interval, data agent person interval and the data user interval, the data user interval need not export the secret key, and agent heavy encryption process no longer relies on the data user, data agent person interval divides into three kinds of roles, shows into three module, is respectively encryption module, data heavy encryption module and random key generation module, and three module are mutually independent.

9. The method according to claim 8, wherein the operation mechanism of the full-proxy homomorphic re-encryption transmission system comprises:

step 2, the key generation module in the data agent interval exists in a set of trusted execution environment, generates an agent key and a random number, sends the agent key and the random number to a data user in the data provider interval, uses the agent key to replace a public key in an original model, completes the re-encryption of a ciphertext, and obtains a re-encryption result, which is expressed as:

c_2i＝re(SK_Ai，SK，c_1i) Where SK_AiA private key of a data provider corresponding to the ith data provided by the A interval, SK represents a proxy key, c_1iRepresenting a ciphertext, c_2iRepresenting a ciphertext re-encryption result;

the data provider interval is completed using the random numberLocking the ciphertext re-encryption result to obtain the result l (c)_2i，r_i) Wherein r is_iRepresents the random number, c_2iRepresenting the ciphertext re-encryption result;

the encryption module periodically replaces the proxy key;

R＝{r₁，r₂...r_iin which r is₁，r₂，...r_iAre respectively a plurality of random numbers, wherein r₁，r₂，...r_iNumber of (2) and m₁，m₂，...m_iThe number of the groups is the same;

c_2i＝l^-1(l(r_i，c_2i)，r_i)

10. The method of claim 9, wherein the method further comprises: if homomorphic calculation is converted into linear addition or linear multiplication in the step 3, then l (c)_2i，r_i) According with the homomorphic encryption calculation rule, performing homomorphic calculation operation g () with other locked ciphertext data to obtain result l (g (c)_2i) R) wherein

r＝g(r_i)

g(c_2i)＝l^-1(l(g(c_2i) R), r) to further enhance security.