CN112737764B - Lightweight multi-user multi-data all-homomorphic data encryption packaging method - Google Patents
Lightweight multi-user multi-data all-homomorphic data encryption packaging method Download PDFInfo
- Publication number
- CN112737764B CN112737764B CN202011448937.7A CN202011448937A CN112737764B CN 112737764 B CN112737764 B CN 112737764B CN 202011448937 A CN202011448937 A CN 202011448937A CN 112737764 B CN112737764 B CN 112737764B
- Authority
- CN
- China
- Prior art keywords
- data
- service provider
- csp
- cloud server
- calculation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/008—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a light-weight multi-user multi-data fully homomorphic data encryption packaging method which is characterized in that a homomorphic configuration of multi-user multi-keys, an arbitrary one-way trapdoor replacement and an outsourcing calculation method of an arbitrary hash function are adopted, privacy protection of multiple users and each user with multiple input data and independent encryption keys is realized, and outsourcing calculation and decryption specifically comprise the following steps: system initialization, key generation, encryption, outsourcing calculation and decryption. Compared with the prior art, the method is simpler and easier to implement, efficient privacy protection outsourcing computation can be realized under the condition that a plurality of users and each user have a plurality of input data and independent encryption keys, the data security of the users is ensured by using the cloud server and the password service provider, the ciphertext security can be adaptively selected, and the requirements of high efficiency and privacy of multi-user multi-data security outsourcing computation are met.
Description
Technical Field
The invention relates to the technical field of security outsourcing calculation and homomorphic encryption, in particular to a light-weight multi-user multi-data fully homomorphic data encryption packaging method under a double-server model.
Background
With the rapid development of computer applications, more and more valuable data are generated from each terminal, and the value of the data cannot be played through effective processing due to the limitation of storage and computing capacity of the device. Massive data owners outsource data to resource-rich cloud servers for processing and storage. However, in real-world applications, the cloud server often works in an untrusted environment, and for the purpose of business interest, etc., the semi-trusted cloud server usually performs data processing honestly and returns the correct result to the outsourced computing result receiver. But the private data of the user is snooped in the data processing process or the interaction process with the user, and the malicious cloud server can destroy the correct execution of the outsourcing computing protocol through any behavior. On the other hand, even if the cloud server itself has no malicious behavior, the servers exposed on the network are still subject to infiltration of hackers, and the leakage of user privacy data caused by server attacks or loopholes is countless every year. Therefore, how to realize efficient and correct ciphertext domain data processing and outsourcing computation on the premise of protecting user data privacy becomes a very challenging open research problem in the current cloud computing field.
In order to prevent privacy leakage of user data and guarantee information security, the most direct method is to protect confidentiality of data through various encryption methods before outsourcing the data to a cloud server. The basic process of data encryption is to process original plaintext data into an unreadable code, i.e. ciphertext, according to a certain encryption algorithm under the action of a secret key. The decryption party can recover the original plaintext data only by inputting the corresponding secret key and decrypting the ciphertext through the decryption algorithm, and the data is encrypted through the means, so that the aim of protecting the data from being illegally stolen is fulfilled.
The secure outsourcing computation needs to meet the following two basic privacy protection requirements: 1) Input privacy: namely, the input data privacy of the data owner can resist collusion attack initiated by a semi-trusted or malicious cloud server and a malicious receiver; 2) Privacy of calculation results: i.e. outsourced computation results can only be decrypted by the authorized receiver. The public key homomorphic encryption has the property that the computing operation executed on the ciphertext keeps the same computing operation executed on the corresponding plaintext, so that various secure outsourcing computing functions on the ciphertext domain can be realized, and the public key homomorphic encryption is widely applied to the field of cloud computing. Specifically, a data owner uses a public key of a receiving party of outsourced computing results, encrypts each input data locally used for outsourced computing by using public key homomorphic encryption and then sends the encrypted input data to a cloud server, the cloud server performs various outsourced function computations on a ciphertext domain and sends ciphertext computing results to the receiving party, and the receiving party decrypts plaintext computing results by using a private key of the receiving party.
Although the public key homomorphic encryption in the prior art can realize the secure outsourcing calculation on a cryptograph domain in function, the calculation and communication complexity of the algorithm is overhigh, and the complexity of the use times of the local public key encryption algorithm of a user is as follows: and O (n), wherein n is the number of input data. Therefore, the huge computation overhead and communication overhead cannot meet the objective performance requirement of the limited local user resources. More importantly, most of international lightweight security outsourcing computing protocols only provide effective solutions for single-user multi-data scenes, and cannot meet the more general scene requirement of multi-user multi-data, namely, each user encrypts respective input data by using own secret key, and the cloud server executes privacy protection outsourcing computing on ciphertext data encrypted by using different secret keys. Therefore, finding a new lightweight multi-user multidata outsourcing computation method is a challenging open problem to be solved urgently.
Disclosure of Invention
The invention aims to design a lightweight multi-user multi-data all homomorphic data encryption packaging method aiming at the defects of the existing security outsourcing computation, which adopts an outsourcing computation method of any one-way trapdoor replacement and any hash function and homomorphic configuration of multi-user multi-key to realize high-efficiency privacy protection outsourcing computation, simultaneously supports addition, multiplication and various complex outsourcing function computations formed by the addition and the multiplication on a cryptograph domain, ensures the data security of users by using two cooperative but discordant outsourcing servers (namely a cloud server and a password service provider), achieves the adaptive selection of cryptograph security (CCA 2), can realize high-efficiency privacy protection outsourcing computation under the scene that a double-server model and a plurality of users each have a plurality of input data and independent encryption keys, and has the advantages of simplicity, feasibility, flexibility and high efficiency, and meets the requirements of high-efficiency and privacy of multi-user multi-data security outsourcing computation.
The purpose of the invention is realized as follows: a light-weight multi-user multi-data fully homomorphic data encryption packaging method is characterized by adopting multi-user multi-data scene security outsourcing computation of a plurality of data owners, a computation result receiver, a Cloud Server (SER) and an encryption service Provider (CSP) framework. The method comprises the following steps that a computation result receiving party requests a outsourcing computation task from a cloud server, a plurality of data owners provide input data encrypted by respective keys, the cloud server and a password service provider jointly execute outsourcing function computation on ciphertext input data to obtain an encrypted computation result, and a computation result receiving party decrypts the encrypted computation result to obtain a plaintext computation result, wherein the outsourcing computation and decryption specifically comprises the following steps:
system initialization
Under the condition of given security parameters, the system executes the trapdoor replacement generator to generate public keys and private keys of a pair of one-way trapdoor replacement and reverse replacement and three pairs of trapdoor replacement, respectively sends the public keys and the private keys to the cloud server, the password service provider and the receiver, and generates two hash functions. And disclosing three public keys and two hash functions, wherein the three private keys are respectively stored by the cloud server, the password service provider and the receiver.
(II) Key Generation
Each data owner generates a set of keys for encrypting input data, and the cryptographic service provider also generates a set of keys for re-encryption.
(III) data encryption
The data owner encrypts and encapsulates all input data held by the data owner by using an own encryption key, and encrypts the data encryption key under the public key of the cloud server and the public key of the cryptographic service provider respectively by utilizing one-way trapdoor replacement. And selecting random numbers to blindly encrypt data. And meanwhile, the hash function is used for abstracting all ciphertext input data, so that the ciphertext input data are prevented from being tampered in the transmission process, and finally, the input data encryption result is sent to the cloud server.
(IV) data outsourcing computation
The cloud server receives ciphertext input data sent by all data owners, performs random outsourcing function calculation based on addition and multiplication on the data on a ciphertext domain together with a password service provider, and sends a ciphertext calculation result to a receiving party.
(V) data decryption
And the receiver decrypts the data encryption key by using the private key replaced by the one-way trapdoor, and then decrypts the outsourced calculation result on the ciphertext by using the private key.
The main use parameters are shown in table 1 below:
TABLE 1 parameter List
Parameter(s) | Means of |
λ | Safety parameter |
f,f -1 | Unidirectional trapdoor displacement and reverse displacement |
pk f ,sk f | Public and private key replaced by one-way trapdoor |
H 0 ,H 1 | Cryptographic hash function |
pbk i =Y i | Temporary public key of ith data owner |
pvk i =(p i ,q i ,s i ,v i ,T i ) | Temporary private key of ith data owner |
m i.i ′ | Ith data of ith data owner |
n s (i=1,2,…,n S ) | Number of data owners |
n i (i′=1,2,…,n i ) | Amount of data owned by each data owner |
r i | Random number for data owner i to encrypt data |
r | Random number for CSP re-encrypted data |
The specific processes of generating the public parameters, unidirectional trapdoor replacement and public and private keys thereof in the step (I) are as follows:
a) Input 1 λ Wherein λ is a security parameter;
b) System (trusted third party) running probabilistic polynomial time algorithmOutput a set of {0,1} 2λ Function (f, f) of -1 ) Three pairs of public and private keys (pk) f,ser ,sk f,ser ),(pk f,csp ,sk f,csp ) And (pk) f,rec ,sk f,rec ) Two hash functions H 0 ,H 1 The mapping range is {0,1} * →{0,1} 2λ The common parameter thus generated is PPR = (pk) f,ser ,pk f,csp ,pk f,rec ,H 0 ,H 1 The secret parameter is SK = (SK) f,ser ,sk f,csp ,sk f,rec ) The secret parameters are respectively kept by the cloud server, the encryption service provider and the receiver.
The specific process of generating the data encryption key in the step (two) is as follows:
b) Each data owner i randomly selects four large prime numbers p i ,q i ,s i ,v i Wherein: | p i |=|q i |=|s i |=|v i L = λ, such that p i q i =N i ≥N 0 Let T i =p i q i s i ,Y i =p i q i s i v i The temporary public key of sender i is pbk i =Y i The temporary private key is pvk i =(p i ,q i ,s i ,v i ,T i ;
c) The cryptographic service provider randomly selects four large prime numbers p, q, s, v, where: p | = | q | = | s | = | v | = λ, so that pq = N ≧ N 0 Let T = pqs, Y = pqsv, let the temporary public key provided by the cryptographic service be pbk = T, and the temporary private key be pvk = (p, q, s, v, N, T).
The specific process of adding the sealed data in the step (III) is as follows:
a) Data owner i generates n i A plaintext data m i,i′ (i=1,2,…,n S ;i′=1,2,…,n i ) Each ofAre all in the clear space. For each plaintext, m is calculated i,i′,p =m i,i′ mod p,m i,i′,q =m i,i′ mod q。
b) Data owner i calculationSo thatRandomly selecting a random prime number r i ∈{0,1} 2λ And n is i Individual blinding factor r i,i′ ∈{0,1} 2λ . And respectively using public keys of the server and the cryptographic service provider to perform one-way trap door replacement calculation according to the following formula 1:
for each piece of data m i,i′ The one-way trapdoor replacement calculation is performed according to the following formula 2:
c) Data owner i uses a cryptographic hash function H 0 Calculated according to the following formulas 3 to 4:
The specific process of performing any polynomial calculation on the ciphertext by the data in the step (four) is as follows:
a) Let the polynomial of the outsourcing calculation beWhereinDegree of the polynomial is deg F =max(e 1 ,e 2 ,…,e n )。
b) Cloud server receivesThen, using one-way trapdoor inverse permutation calculationAnd checking and calculatingIf not, the cloud server terminates the protocol, and if so, the cloud server sends C i,i′ ,C i,csp ,C′ i,csp To a cryptographic service provider.
c) The cryptographic service provider receives C i,i′ ,C i,csp ,C′ i,csp Then, the inverse permutation calculation of the one-way trap door is used firstlyAnd verifyWhether or not this is true. If not, the cryptographic service provider stops the agreement, if so, the cryptographic service provider selects a random number r i,csp ∈{0,1} 2λ And each ciphertext is re-encrypted according to the following formulas 5 to 7:
C′ i,i′ =C i,i′ mod N i =r i m i,i′ mod N i , (5);
C′ i,i′,q =C′ i,i′ mod q,C′ i,i′,p =C′ i,i′ mod p, (6);
wherein: p is a radical of formula -1 p≡1mod q,q -1 q≡1mod p。
The cryptographic service provider then performs the calculation of the cryptographic hash function according to equation 8 below:
finally, the cryptographic service provider sends C CsP =({C″ i,i′ (i=1,2,…,n S ,i′=1,2,…,n i )},C′ rec,csp ) To the cloud server.
d) Server receives C CSP Then, a priori calculate
If not, terminating the protocol, if not, then the server randomly selects a prime number r belonging to {0,1} 2λ And calculateC″ i,i′,SER =rC″ i,i′,ser 。
e) Reception by the cryptographic service providerThen, checkingIf the answer is not true, the protocol is terminated, and if true, the following equations 9 to 11 are calculated:
The decryption algorithm involved in the step (five) comprises the following specific processes:
a) The receiving party receives C F And then, performing inverse replacement calculation of the one-way trap door according to the following formula 12:
then checkingIf the answer is not true, the protocol is terminated, and if the answer is true, the protocol is calculated according to the following formula 13:
the mathematical theory involved in the invention is as follows:
1. hash function
The Hash function maps the variable-length message into a fixed-length Hash value or message digest, and the Hash algorithm has many ways, and currently, methods commonly used include MD2, MD4, MD5, and secure Hash algorithm (SHA-1). For a Hash function (a string composed of 0 and 1) in which both input and output are bit strings, the length of the bit string x is denoted as | x |, and the bit strings x and y are denoted as x | | y. Let compression: {0,1} m+t →{0,1} m Is a compression function (where t ≧ 1). An iterative Hash function h is constructed based on the compression function compress:the evaluation of the iterative Hash function h consists essentially of the following three steps.
1) Pretreatment: given an input bit string x, where | x | ≧ m + t +1, a string y is constructed with a published algorithm such that | y | ≡ 0 (mod t). Is noted as y = y 1 ||y 2 ||…||y r Wherein for 1. Ltoreq. I. Ltoreq. R, there is y i |=t。
2) And (3) treatment: let IV be a public initial value bit string of length m. Then calculate: z is a radical of 0 ←IV,
z 1 ←compress(z 0 ||y 1 ),
z 2 ←compress(z 1 ||y 2 ),
z r ←compress(z r-1 ||y r ),
3) And (3) output conversion: let g: {0,1} m →{0,1} l Is a public function. Defining a hash function h (x) = g (z) r )。
2. Public key encryption scheme
The public key encryption scheme consists of a key generation algorithm, an encryption algorithm and a decryption algorithm.
The key generation algorithm: input of safety parameters 1 n Outputting a pair of public and private keys (pk, sk), wherein pk is the public key and sk is the private key;
and (3) encryption algorithm: inputting public key pk, message m, and outputting cipher text c ← Enc pk (m);
And (3) decryption algorithm: inputting a private key sk and a ciphertext c, and outputting m = Dec sk (c)。
Correctness requirements for public key cryptographic algorithms, except for negligible probability, for the algorithm Gen (1) generated by the key n ) The obtained public and private keys (pk, sk) have Dec sk (Enc pk (m)) = m holds.
3. Theorem of Chinese remainder
By setting m 1 ,m 2 ,…,m k Is a positive integer of two-two reciprocity, then for any integer b 1 ,b 2 ,…,b k First congruence equation set
Must have a solution and all solutions form a modulus m 1 ,m 2 ,…,m k A congruence class of (c).
Compared with the prior art, the invention has the following advantages:
1) Safety is as follows: in the security outsourcing computation realized by public key full homomorphic encryption, input privacy and computation result privacy only can achieve the security of adaptively selecting plaintext (CPA security), in the method for encapsulating lightweight multi-user multiple data full homomorphic data under a dual-server model provided by the invention, the input privacy can achieve the security of adaptively selecting ciphertext (CCA 2 security) for an unauthorized receiver under the condition that a cloud server and a password service provider are not conspired by the input privacy, wherein the CCA2 security is higher than the CPA security.
2) The efficiency achieved: the computation complexity of an outsourcing computation protocol realized by utilizing the public key full homomorphic encryption in the local resource-limited user is O (n), wherein n is the number of input data; in the method for encapsulating the lightweight multi-user multi-data fully homomorphic data under the dual-server model, only two times of random one-way trapdoor replacement (the algorithm complexity of the method is equivalent to that of one-time public key encryption) are needed to calculate the encrypted random number as the symmetric key, and then the symmetric fully homomorphic mapping with the key is used for encrypting and encapsulating the input data. Since the algorithm complexity of symmetric encryption is 3 to 5 orders of magnitude faster than public key encryption, the computational complexity of this part is negligible. Therefore, in the light-weight multi-user multi-data fully homomorphic data encapsulation method under the dual-server model, the calculation complexity is increased to O (1), namely, the method is independent of the number n of input data.
3) High availability: most of international existing safety outsourcing computing protocols are usually only suitable for single-user multi-data scenes, and the outsourcing computing scheme realized by the method supports arbitrary multivariate polynomial function outsourcing computing under multi-user multi-data scenes, and has higher availability. In the light-weight multi-user multi-data fully homomorphic data packaging method under the double-server model, the one-way trapdoor replacement can be instantiated by various specific public key encryption algorithms according to the security requirements under different network application scenes, such as RSA encryption, identity-based encryption, attribute-based encryption, proxy re-encryption and the like, and the method is more flexible.
Drawings
FIG. 1 is a system diagram of the architecture of the present invention;
FIG. 2 is a schematic flow chart of the present invention.
Detailed Description
The present invention is further illustrated by the following specific examples.
Example 1
Referring to fig. 1, in the present invention, a public parameter and a key are generated by a system (trusted third party), a plurality of data owners encrypt and encapsulate a plurality of messages with their respective keys and send the messages to a cloud server, the cloud server and a cryptographic service provider perform multivariate polynomial calculation on encrypted data in a ciphertext domain, and a receiver decrypts a calculation result. The method is realized based on two times of arbitrary one-way trapdoor replacement, can be flexibly applied to different network scenes, meets the requirements of correctness, high efficiency and privacy, and can achieve the safety of adaptively selecting the ciphertext (CCA 2 safety) in the aspects of the safety of input privacy and the privacy of a calculation result.
Referring to fig. 2, the specific implementation process of the present invention is as follows:
the method comprises the following steps: system (trusted third party) initialization
a) Input 1 λ Wherein λ is a safety parameter, and λ =512 is taken;
b) System (trusted third party) running probabilistic polynomial time algorithmOutput a set of {0,1} 2λ Function (f, f) of -1 ) Three pairs of public and private keys (pk) f,ser ,sk f,ser ),(pk f,csp ,sk f,csp ) And (pk) f,rec ,sk f,rec ) Two hash functions H 0 ,H 1 The mapping range is {0,1} * →{0,1} 2λ The common parameter thus generated is PPR = (pk) f,ser ,pk f,csp ,pk f,rec ,H 0 ,H 1 ) The secret parameter is SK = (SK) f,ser ,sk f,csp ,sk f,rec ) The secret parameters are respectively kept by the cloud server, the encryption service provider and the receiver. In a specific implementation, we use RSA as a single trap gate to generate three pairs of RSA keys.
For the cloud server, two 1024-bit large prime numbers are selected:
p f,ser =122182835497602646970435161652673859489388648119023022721640022253004097852738500457923107218337120884509714428573065515141617542509728502027111707207772238846505714021188709219013288021835624583947890928789406604357074680786482122540676609811492233762394550112870985911335964387656100770874761812431557859229;
q f,ser =146816290651568552463520893108450661851266711447975232562124137261274811464154583402940643941562833744801896250653909610028020274741135187141746077452251712450380256984468264435119556062306391941855485115558267743235453032634555141091710215468523927326037675740069924200773724586876543458902282339357446443627;
calculating n = p × q;
n f,ser =p f,ser *qf ,ser =17938430689048817783440483309661157377611271517276081186433284542789174731557582611259003711414243221597425843307613681734792534345750155812092072667611985373839179706273895437237500391305542495510527791335918969395574735004498810988762474474749672056035044626846420678977515288543196203598867011282401629515353005267333293837859090007000682677471036803597974218003173440948153567004587369657294962557458595352199094485110690809949352266016441796445592958345822941530806698695982156405413833836632510516812455998770673231429438285097455647006836641835720099487008083386857949676688581497406968185344050755687550183583;
selecting prime e, e f,ser =65537;
Calculating d such that d = e -1 modφ(n);
sk f,ser =(d f,ser );
For the cryptographic service provider, two large prime numbers of 1024 bits are chosen:
p f,csp =171264298779685239581536383180723040790941972865837421833280255944444153148729296493618345344066877975943815976882912906424025161637173989978784510791287962170210136940863753413333979268721465734734727934038588562311440958965856676847252156164875649028288078043757416277300587487665932208269895339670227784711;
q f,csp =109336909022555504734614917909130513387802617738328881676890937082092219514999911192112761544724354250572905019730363639830348101504338027912854752296186274739149027658427888565710485783132159768633993884335081922779501508005538010700046336028483359124689907883946961736611137810280727910939072333861721942823;
calculate n = p × q
n f,csp =p f,csp *q f,csp =18725509054486208790765335936945421318033565874923140747577739921387460916236243836844882857172586276882181436048833971572221094727101420454201914250920064619273961646000001424241628801090561699422963689989036078741903476469576492870235837171931035145046742165517648692705339881575712364212656884574525937786071664285060895679363266406185520450612120717900049822299075036527869461337360148137121550988958548415300835802409131292910777685991736865757186316854697332077766922531523221899419657349853560738187230707398513314640121629901232771587290162180357845361437596886206430740419320525542120083482691535118295579153;
Selecting prime e, e f,csp =65537;
Calculating d such that d = e -1 modφ(n);
pk f,csp =(n f,csp ,e f,csp );
sk f,csp =(d f,csp );
For the receiver, two large prime numbers of 1024 bits are selected:
p f,rec =176065764957007503583966108739314752193663118671660394808180098009955848417674886957762663447393897714688476985470769701772382869599004267780000452707842076819793910051796644977218627532010666208522069782125483130757011868520349888360636521921928583489112098792161216386316538481862099707241130190930651137763;
q f,rec =90504743214929193654191021476685689885363668274292847353277599597011846975692383696753972603241163282734339697759655473831217420297100683121139413605209428299006953523285522412994860150965644180993960673895220244156169155637659811002160220966588071407538067527931303716476691586713623328746547036632477973161;
calculating n = p × q;
n f,rec =p f,rec *q f,rec =15934786846374043053256376656706969642068690495453919368453605660206275312654453663238196608887170179315207706497579873626198660903689639612381907074017597110645657778603059697983885458871380130465748605951521563915204779189533326377277331280267503279387202777546830874283192676895400318041381228002610897032020047823080824648144176865694083370960290284918028733336735866039187543504448748304704586420807625186760399934405163758244225267530930399622073459694165257655893856523686506826922836596766580407382893246948816247794632300380518257894381931996452462139952986479681090273089909524371721965738496390320827578843;
selecting prime e, e f,rec =65537;
Calculating d such that d = e -1 modφ(n);
pk f,rec =(n f,rec ,e f,rec );
sk f,rec =(d f,rec )。
Step two: key generation
N 0 =28088143026658587954712639591696820848925374214980814442303043904573965801716266964654049619179401927733997388196270615119407163486954878100290689787567717583286649727433785530465428140745089513995269455229327911758489754184204487843008227417543978659709595782535221609741288137733012722023080856295020317631;
b) Randomly selecting four large prime numbers p by each data owner i i ,q i ,s i ,v i Wherein: | p i |=|q i |=|s i |=|v i L = λ, such that p i q i =N i ≥N 0 Let T i =p i q i s i ,Y i =p i q i s i v i The temporary public key of the sender i is recorded as pbk i =Y i The temporary private key is pvk i =(p i ,q i ,s i ,v i ,T i );
In this case, two data owners are selected, and the temporary public and private key generation process of the data owner 1 is as follows:
p 1 =11099536553499459898516049664967251737499063278333702052526991495067871775158295400297965317872050972378517828382705877058120311419742640666521555853492287;
q 1 =9194893298935351728001588829826916490207244335204463850316984841070975758431400808385102430015197346835233732300753968907123798485465759923860423879054241;
s 1 =12523019225077159287665906501626625103372331350880922929412298034043122455436294962985303319555044204546295963708780504060524940438378805229367988307438721;
v 1 =6767971895215293416530261319164008397382046068199056757012828419896434116188025383664064519279775548395390373582083066016327007292819258747816994235713121
N 1 =p 1 *q 1 =102059054277060172962817504747727369883587818222266646567301027482286244943030092211006884037726549622090735766816625016291741146840404474589721278772201914240903227909711289968085070869942933247170290831519335424838985522945181752534106065281851263082425062791328579871453748497657844971183685988170548139167;
T 1 =p 1 *q 1 *s 1 =1278087498804817826423062873317185294068879832960594051055643032880510657744981233255654914705383015028835270648826989744568416469427553326711911100246839837571557774807511193319257054128477035914349050556668312544360214412041310721976950357375543471478430447817410913926406520843010766082271435580101017878170638887904539065539091980714580392940769717121516571625337950667141012121828521798168162954061554772732546003562697279562741510467859241653235770432485407;
Y 1 =p 1 q 1 s 1 v 1 =8650060271537016964068583416660242464531533239621167526395677474909527688711401072041199168083557353749329630742390037452061450827508326945524450400923789796957929046630618752147337789773206798251955926675655757760921284741625576429797138764619331720267586586625293591711249828416776999094653835002535212205672651264098300528753297583060560526184413758440962805200774375714760651940448089533985091969196309071897466722967942593769107611456245990165099930983152557329820741431998046808315295092564995560948345922844796630638123706990256420651866753328295916604730029912396393699984321461201230440726209087213070925247
the temporary public key is pbk 1 =Y 1 The temporary private key is pvk 1 =(p 1 ,q 1 ,s 1 ,v 1 ,N 1 ,T 1 )。
The temporary public and private key generation process of the data owner 2 is as follows:
p 2 =8775962283543411198995238036523693737439740017930452128349615981039060599032137369762819115501558204860395734335512819933983359398838922342356845708403007;
q 2 =9146114780791983977404804189280723014572807755285331117170206537297914463118065116924547238746024261565592206787584244901184534886810869226132400671740147;
s 2 =13271609844297503119508230267825779083590169723107634547770144167240356182765975408764931409721973430950936714510586541856789627653203365506967923519474283;
v 2 =12390016500853115282354559043564379585405211339927293724511586461124517020901941891929738510167097711433577194071653536644088787214005182052904437384069089
N 2 =p 2 *q 2 =80265958357189365453623126506342115341135104954224145472901895742770573568726128569542681967544649778296130863750261387522675548273566714621420996429082163677816446481237349381804112039626311171335617926341744364939789514137996106466187797039789048473686186973201094068276459082193739930327002745755057422029;
T 2 =p 2 *q 2 *s 2 =1065258483095247823727999753016878258489102446421468969069520777571161589712138229262223588531897878753521614013421870543056354160300966494680680617686710810075865073772632131706954411223313988792276510821645860570011539835423774241389872579454639311191112719550344308804426388103972611135095251786543324242301466436779405854934861422010823131099102676451713163076947547703620315680317075843396822793823039551102056691792781145727877246396162466916323699343180207;
Y 2 =p 2 q 2 s 2 v 2 =13198570183223879899165400060789738089029681411868570121726878480884112650156382686188272534981302156304691303562024558791209756251172695534124174073516179487854365529258077955972333493272857858545708139535426364635942917432950061738931581465217090306224202549897505375193511804070825704081545497022021408055624302721620809964137777096088747922311264036130608105107650188615854223624051724111804132630632505886464106046902531081164475743239659606976067420785827291327677052023270278434183908307818801195863781199356540643125457332228335162765720672502335510142267547826584501841730497831352845885975076723579465321423
the temporary public key is pbk 2 =Y 2 The temporary private key is pvk 2 =(p 2 ,q 2 ,s 2 ,v 2 ,N 2 ,T 2 )。
c) The cryptographic service provider randomly selects four large prime numbers p, q, s, v, where: p | = | q | = | s | = | v | = λ, so that pq = N ≧ N 0 Let T = pqs, Y = pqsv, let the temporary public key provided by the cryptographic service be pbk = T, and the temporary private key be pvk = (p, q, s, v, N, T).
<xnotran> p =9289878302888150863914474498352928928332946842718512265330071523962939394301183687826264082118605614104565178122739647960472448270630557638408684081139779; </xnotran>
q=11276303102752040299608605406369939227606782460316296329157916705440909732416336143075396034239743030665777693333756451283233966888929612941121810819376393;
s=8033578914450776359144513070467450583461683897451899910512683768881747936804393843640139615347977007267759127407926921867535340071401840614743825758184669;
v=8062392842760160262881400557885474161887347722891043184191219727057034846286535621504105828196362034976236033907942065363002222983867974021422598267763739
N=p*q=104755483531046514008034256347388900510568924962205210108849231090832971743964674149131338896507804138196813369424919499252763468989856664064944344436220038493668256834106315218176358074298776473387626262726449377602467923291067377555798762746749167577239629206596787489803730048534699734109497760821445837147;
T=p*q*s=841561443668110834754697775999612292872396503988360828903550362558139097427356043611464411680141880501966705340066846131060975525972321671049200628605500504232371606243880192813182935565259581552245885688713529982739023526413393202213319199422610209896649226533813429460241226368798952257299582158151333548709564491525132958755795035352823649768204753067531930026727363929906633019551551860911020673553095527222772534882631193029294449144475982722947413726099343;
Y=p*q*s*v=6784998960172684586038522274228741238863552198293828679760140371378157381067796258368314467827198008648970158960863245294295625338762269642078576627343166609133313260970133201165282713405493796375616457983809535362657878544965800272464411499673637703592906143236037164335354563349227220734484057064583263628055939932376649100187844153269621161787147935163226110266239598746550032420914155661771669587401084699223155745647346377668597171469273077536686854429088429299412640021626579834918520787590034255903021676499360636430404427598041586091106860197379877720909079603672474784102286376185669130790932833395967123477
The temporary public key is pbk = Y and the temporary private key is pvk = (p, q, s, v, N, T).
Step three: data encryption
In the implementation process, taking two data owners, respectively owning 2 and 3 pieces of data as an example,
the final calculation function:
a) The data owner 1 generates 5 plaintext data [9257,5405], and for each plaintext,
calculate m i,i′,p =m i,i′ mod p,m i,i′,q =m i,i′ mod q。
Data owner 2 generates 3 plaintext data [11307,10059,7846]For each plaintext, m is calculated i,i′,p =m i,i′ mod p,m i,i′,q =m i,i′ mod q。
Randomly selecting a random prime number r i ∈{0,1} 2λ And n is i Individual blinding factor r i,i′ ∈{0,1} 2λ . Respectively using public keys of a cloud server and a password service provider to perform one-way trapdoor replacement calculation:
r 1 =10646712892003829280515525854885442975862032001197737276656751403889793851636729131988380395793657982324877634941217066383853168796866630443818455890520812;
r 2 =10138025061207181251439247067150137728718992384059309657994107207359954080306747499565315177793547388665823918656598855434814809990022138456868348221475787;
for each piece of data m i,i′ And calculating:
r 1,1 =7077631767042737356738007505374172908050556169030432541486442660568435390953865488011119593363043500423889486743238224765115995966298482031363372492484567;
c 1,1 =879423495763146660829798584478009990867674601906808062658652333569150834483335708953145773196399916052705664710267512604566618384081942054276349495379082416414851597911719999417784024143900461599342019058114220175500422108017208924743745618370363343406158884391184379017681922893487700320767125084205949599629529597978641709825333927036134139986227245928747629144124558533087312972544181981883191544477727808662204352402432425694107638669925640387559793072444516487372673376005570989533611080143823683602255157479488314407471516666990336017789553000501936953326109906876649792120573088212628108660942359722605427772;
r 1,2 =10420594737448884811854359901331444820470089359751094764828040243487402364623099108357333067243775264762569813219150570255765277714206657649031598997816543;
c 1,2 =452626364395707491021539027033505127084334120857762759336578864554577022280056928911064157500854275296203168932512864417833319187863038305341271991587570476539157800116879152674486863892137578469365651614641984766981225407569041253665240143267016336212055469694584131827363699835471563211831209213672458012555490482965603529241814852407308814646181995745272472108009032300004668385687983804534385948896589439822593076438992454112095919038133628253105221034133030081521817417935975379827625974072937567033323111338087451535411932615836188553994835432170004991506966542590326462103290948041905230394402685441398226362;
r 2,1 =8619582333843958381555705734914791903349729883070277300983252623741877523519164701326946897747179211556369940593198831328329191490017669580072234897271717;
c 2,1 =6126572384885936914351288890552001756632642292653207707166226797425295860238056514447142682128124564243545171987693188185491333165954865728799691592606457727548057377296013066316917202805098778639457676918638976529876686336937241849533955252270112503309463325993494597059935348416157193578335307051304156656830839307051240692331619721703742109692369219397006217300629865232655151725976118976301367638197024717788436093945917158017979712434243670168018941303743147330325559797474186835930273555915497396565379283861554292019132598035433301500725213650414233193447839902063789972535212760102845271213271938412298982245;
r 2,2 =12848951224986499687902404755603111375003720922592487082743268974604487532732839839067193979259361995908522522555431561064063804224397414901569022211335947;
c 2,2 =3136972520666224351613546002342173072644700644936610096478018214777348888640707064519518306979096624770154463357054848093569300926794446367469331853170395042502291865307430470893174911029801813797110182850675446798909243510787772082354099031360272745048641644036615644910780356955622822551742652652355365544465038077526077801044212081701944517940339549876038968788480518887555323659101844202170280296215319196576671272487237590607558838889221983217486821268541385615907453374651990309281274150453792543002363548852681278940331750146718790515605291907463981270608447260867292224446142447322395930364528225801154669678;
r 2,3 =11813683428747356202487153045715296895755015845916125616491414991695831471186832693920934766036268867170135365225715867180717646307391823463942468462491203;
c 2,3 =5959701343940758153685213203106343847354924954778343395575647226544629488064785723022950221812564086638183654694629131482824044424728658417653275433134152225514408377726476238946872131116785203970496790671655837361461590158693078066319265900558746869234327839112985530333413371844688017886495922626034821942789089397264417335564083091783848154843190591957446991705433746176116819568096294682265465707627696946870078357657335195292273640711928148352856570880604765579976962107084184733801711565533761105901283618922205481637873241367222220499088185717000704078187720300996569995649522917911424050155311923331899786892;
C 1,ser =2372195018499060927411796564302843526593375770254110157700502310480484882527281732276199991501929596994723755226692585344339136348154789857137495209913970964396202102620246942147680848736993644111171574008822037120392831717920767992832963913351780176696942298248980187597243434120901534357709891171011145536868678663191874210085375580530336169712020894121369598508925974089619004264606754664918906264793088434930343730032497664815938646481528639976520876633936942462346179902647418067132988973782835040179516712541232293930001805668589808041780337955540616134084939316860468726913620729362105810828942120153699759659
C 2,ser =15462323538336414078739904585896083231088892735156595344225599073194036848742270093359924186873259870165165555183580960096718216497995435994311483650311843722971343019500846567527638778752250273944714260255599883817092073348532764621542063048610962966940793167464307694285851820871806739115651945705861322002209775133621370254955924874596402734815453580604671018992230349763293449466418505696792763323116525517784646326679624248024593859204785296367115409840388989952203119098857467037760023641279290837170061117134183659647490744611296402902903646250614065972737165004293654392143790119731101875706776161766978888656
C 1,csp =16842263567780748495101104107306655608455568496160993468674640748278562510742171933208058186918125153561784770165578476142047339731707132121419431249702754575854239761662506722834049335164066698623130733033812042732448820652218523043937820773284041762977994393476392078792026241268475861383988522289631412747859140083241802712387618434584215478350812001124857536146886039425885216199030529807414190104913841270498189770964329122669446161602351654101875238995885867071376270857841052918362195338654247342347314712072812972975953847951496362687213664606295938128942175001220776150085794706233684648307012920588203924021
C 2,csp =8726007791087960710451256930992326176971838195766559392533748652268808860154264581322771158948196053589828027831977517755459189928791593988161599072347051010981543635096735304973469372716025845183337717096336033443557857630681290719028503327156169408949409122710288225839929952314713264416563603990785315603258360952512032955526444993904604313479446356104520842044858258006278404692585332203540974884397109104443826151533289035092743226041099236178223401401782399999963320097274111762857018329012022556232547760195079288340448382963954361401207318754833035013280131178578963655841617164721572749161215123916755384626
c) Data owner i uses a cryptographic hash function H 0 And (3) calculating:
C′ i,ser =0468726913620729362105810828942120153699759659;
C′ i,csp =8573655841617164721572749161215123916755384626;
Step four: outsourcing of data computing
r i =10646712892003829280515525854885442975862032001197737276656751403889793851636729131988380395793657982324877634941217066383853168796866630443818455890520812;
Then calculated to give C' i,ser =0468726913620729362105810828942120153699759659;
The cloud server passes the verification and sends C i,i′ ,C i,csp ,C′ i,csp To a cryptographic service provider.
The cryptographic service provider receives C i,i′ ,C i,csp ,C′ i,csp Then, the inverse permutation calculation of the one-way trap door is firstly used:
N i <xnotran> =102059054277060172962817504747727369883587818222266646567301027482286244943030092211006884037726549622090735766816625016291741146840404474589721278772201914240903227909711289968085070869942933247170290831519335424838985522945181752534106065281851263082425062791328579871453748497657844971183685988170548139167; </xnotran> Authentication This is true. The cryptographic service provider selects a random number:
r i,csp =4644670264372612513551956026182336370622993766671396264914130557307203876651255940466168615851785698309322226109480474204911568555196223796776401435290912;
and re-encrypting each ciphertext:
C′ i,i′ =C i,i′ mod N i =r i m i,i′ mod N i ,
C′ i,i′,q =C′ i,i′ mod q,C′ i,i′,p =C′ i,i′ mod p,
wherein p is -1 p≡1mod q,q -1 q≡1mod p。
c′ 1,1 =99012988245644473033857380649103137734753936603545679474924795306679570811315398402158061790180725826689843540888655451541315232102474410786500501075678725907883627102493707068224614908600042976779284455555694257746265500251981431638703330376425932405160613354730230199660698345710289976096944430371437249132;
c′ 1,1,q =9126740475323640325852091455498347479177522472206963638123559063160078629081823420810773198584369315728984013568269544644424700378617282951959238830710759;
c′ 1,1,p =3578990704873225128548092655029143716438666524188291852982441006160425293070907422282781513161286241989024496335976337254852674502582089248875288118307955;
c″ 1,1 =1069064672760692832732501460985861770466446563968473488194194752026254888694450099483982030266664312662329441123239704924145274684765378636757752542514271197562565121795238390469414830741837294277763649019685254902136154620507013568561883291556104230633088295725331225522092001987842472339866275186154400850923424946138762395150896008765893382236275598005032864039416874699813391820776074239096637186349133516210586928094980532072691285906090234325157998184659386398364729917450473652125762399843130273645050038774082814375034645898857050521287696997583913039805797760245216288568232168346885875331795314576006604006;
c′ 1,2 =35373955255387402147591282253793164980296328039384653488654706457386091669205323452546959182799738120275992054247907799616937765466726106708437260926744428647648467322558448474924079315092154813962517471414658069419049889996567566658882855481499575018199130010011161888869028937803758483731332715349074263802;
c′ 1,2,q =3443298406163950839696609461706106079833702529404178502142019061265164568675331507353786606053847853139489029250099609732145657098994200390194219008358453;
c′ 1,2,p =2325242018054715551971600491324216044975268883906251459180297997809449414554195631385486601434545938034579351277464156484302059364357344967479545396265897;
c″ 1,2 =594951280982868508860287282456754130083577615984792850349408828332814748710962997284694112523172689044927406892645370853747224701723707183730641451725891770318046433332598229626126492414762266799114330634149013079257542604291602710136395263220153936959416047748324460751261651093132335741700481290395800194476330046531944902052258317468195841777042946769919312328408067373019281787779548599839921916109993177232113440324458493198338007570775732810922487527715135850872248426673510619240121762719345984335102496552471559220306720398807967968367295595671951216333848848102329939426271072239663898780377526732177405735;
c′ 1,3 =27962672981310285554705473879832164761055950639884023166740493267329166223875566948792055255330985920287431862851363413218209466049084893857767443532182996282716510269442528296187600023037880837455306998719686277608491863948112129594394894886768405070551482198223769703339381428460628100513320516368894004741;
c′ 1,3,q =8381403286699895262520564722813668870273031250221493967937866615985551324333483092835087336905912893170402492411715775341490488677103454741075080779600415;
c′ 1,3,p =5405330369569297392164786230480200501344207363559932982221110478152542013020569373313868823306838842531379047000768747610712683354086086811007568742502464;
c″ 1,3 =5630644743681323743469407404665119821900300545909072446417725068794015462308472359220318933221775810878744332788070250129583336210524426275809891028303561485059152474300030100902575071679239836694554682905374004596127542006734078833465315966855307215821375734005126213715288383337201505908868237501013018064791475736452363501274376662659517172662301140632209140878920850453778598075737285225867308214754950766126596934048908033253620345567275767051947536367344855452060021758646554069776059715559269863595476275794295544939572899161814013198467533277762804915068080418561296428540612884620731807919413382956921549418;
c′ 2,1 =69507926157512260135230644956492319478599667940565699837408944524536070836705331485198969681407642474096934452033035339724508961824795091673282896292203499665563341789987144692337278327724699589679961659794381676965512803662235412844895609858691045145626461870241222760688494476735710499300543523512363128289;
c′ 2,1,q =538120908132915408524259904628078378522237275229379429741744922177876520131192561802475739697384831096598191227610528376989811507011459083414754753881465;
c′ 2,1,p =2124444927527445451581899294081578841112025017343631863196824365701660791462351293142311931563129081743751880650089103670825507640228179614643324648903466;
c″ 2,1 =2453582992626680856145935567896939853106822815921294097779356128687768820494283300710137417872967111687099141094299334132681420862657116621158422218011534325037371375923290550205510569523494759494361401545239509446085830247320167341808528904374129018553799899000038039174444941284366554368440090553284689347000170160203743103782302786392957733280976530818026901745919762004395908121293037896695281028160268143737282859998734347765336743535231304095876659703821694797368964409472252393679992217777000774922403081089667786425369914223921811251609065084605072527078119221641470785318655015412505824676712142766915314086;
c′ 2,2 =73748407340119280059674392133433289912968617632862111933519531137277349449023042211580624495060397094832580008008213085466643674645683241087015342380191539774269810554418039384995519917077558711935403041073040473452918237240762881731682890891565108962341684239975910325128576251409908853609012010565587114936;
c′ 2,2,q =168789613685972750904755293185793938205002801730049256195922766155783061970928689782460045242941491646053231719991690631527805399965921613044992912569662;
c′ 2,2,p =4861026624949152574350829199441697249882478016616055733498787258386210710910658766747602117000359893561227879937332071194153826999419017666139256849761726;
c″ 2,2 =6324694815720361140229012940586813234741463667054026318778537021923484820841007090288612567967118357351037657624147076701988834941508984601915906757994465031771581109620797034227315386501821483960496100959758484796633056194916455725595271730647708048778916791620481191729270101790207199674161690584226037748773303767210837304887797820994105273693102438062125190287303159709066878168800907438236938342983048673325920829355961809675795050086019488578890261053082700022184976952058216020063194830396522525073699580465640955159536178046123472159910281564763730088673557490894467824418720468421159872747394076090440945902;
The cryptographic service provider then uses a cryptographic hash function to compute:
finally, the cryptographic service provider sends C CsP =({C″ i,i′ (i=1,2,…,n S ,i′=1,2,…,n i )},C′ rec,csp ) To the cloud server.
Cloud server receives C CSP Then, a priori calculate
r=11878026336293554905333519624429340715515873170118700190707927333589167324001983810392766289874817422932065670432888891800952956989607955932713513775788367666390562201932938381891085660960696448840501720631565264131437227298233503184634553401948413076680324158339942863389400590297214548923516362829331868028;
C″ i,i′,SER =rC″ i,i′,ser =18725509054486208790765335936945421318033565874923140747577739921387460916236243836844882857172586276882181436048833971572221094727101420454201914250920064619273961646000001424241628801090561699422963689989036078741903476469576492870235837171931035145046742165517648692705339881575712364212656884574525937785791063077258654935047115105095666896433376127295883518788903843501333088673630940451390444100167316188784114805795854746656404422850224847865547053767223095168407757932231579920375192297999935234818508889024842829549179162929838084039991669986998837208459610958502052726507595227595459964273723861586345851620;
And will beTo a cryptographic service provider. Cryptographic service provider receiptThen, checking And (3) if true, calculating:
Step five: data decryption
a) The receiving party receives C F After that, the air conditioner is started to work,first use unidirectional trapdoor inverse permutation
and after checking calculation, the calculation result is consistent with the calculation result on the plaintext, and the scheme is verified to be correct. The above example describes only performing a multivariate polynomial outsourcing computation on 5 pieces of data for 2 data owners. Through the embodiment, the method supports ciphertext outsourcing computation of any number of users and any number of data on any multivariate polynomial.
The invention is further described and not intended to be limited to the details shown, since equivalent implementations of the invention are within the scope and range of equivalents of the claims. The present invention is not limited to the above embodiments, and variations and advantages that can be realized by those skilled in the art are included in the present invention without departing from the spirit and scope of the inventive concept, and the scope of the present invention is defined by the appended claims.
Claims (5)
1. A lightweight multi-user multi-data all-homomorphic data encryption packaging method is characterized in that an outsourcing calculation method of one-way trapdoor replacement and a Hash function and a homomorphic configuration of multi-user multi-keys are adopted, so that privacy protection of multiple users and each user with multiple input data and independent encryption keys is realized, and outsourcing calculation and decryption specifically comprise the following steps:
system initialization
Under the given safety parameters, the system respectively sends public and private keys of a pair of one-way trapdoor replacement and inverse replacement and three pairs of trapdoor replacement generated by the trapdoor replacement generator to a cloud server, a password service provider and a receiver to generate two hash functions, and discloses three public keys and two hash functions, wherein the three private keys are respectively stored by the cloud server, the password service provider and the receiver;
(II) Key Generation
Each data holder generating a set of keys for encrypting input data; the cryptographic service provider generates a set of keys for re-encryption;
(III) data encryption
A data holder encrypts and encapsulates all input data held by the data holder by using a key of the data holder, encrypts the key of the data under public keys of a cloud server and a password service provider respectively by using one-way trapdoor replacement, and then selects a random number to blindly encrypt the data; meanwhile, a hash function is used for abstracting all ciphertext input data, and an input data encryption result is sent to a cloud server;
(IV) data outsourcing computation
The cloud server performs various outsourcing function calculations of addition, multiplication and formation on data on a ciphertext domain by using ciphertext input data sent by all data holders and a password service provider together, and sends a ciphertext calculation result to a receiving party, wherein the specific operation steps of the data outsourcing calculation are as follows:
a) Let the polynomial of the outsourcing computation be:the order of the polynomial is: deg F =max(e 1 ,e 2 ,…,e n ) Wherein:n S indicating the number of senders; n is a radical of an alkyl radical i (i=1,…,n S ) Indicating the amount of input data held by sender i;
b) Cloud server receivingThen, using one-way trapdoor inverse permutation calculationAnd checking and calculatingIf yes, the cloud server sends C i,i′ ,C i,csp ,C′ i,csp Sending the information to a password service provider, otherwise, terminating the protocol by the cloud server;
c) The cryptographic service provider will receive C i,i′ ,C i,csp ,C′ i,csp Then, using one-way trapdoor inverse permutation calculationAnd verifyIf it is not, the cryptographic service provider stops the agreement, if it is, the cryptographic service provider selects a random number r i,csp ∈{0,1} 2λ And each cipher text is re-encrypted according to the following formulas 5 to 7:
C′ i,i′ =C i,i′ mod N i =r i m i,i′ mod N i , (5);
C′ i,i′,q =C′ i,i′ mod q,C′ i,i′,p =C′ i,i′ mod p, (6);
wherein: p is a radical of -1 p≡1 mod q,q -1 q≡1 mod p;
d) The cryptographic service provider performs the calculation of the cryptographic hash function according to the following equation 8:
and mix C CSP =({C″ i,i' (i=1,2,…,n S ,i'=1,2,…,n i )},C' rec,csp ) Sending the calculation result to the cloud server:
e) Server receives C CSP Post-inspectionIf not, terminating the protocol, if not, then the server randomly selects a prime number r belonging to {0,1} 2λ And calculateC″ i,i′,SER =rC″ i,i′,ser Wherein: λ is a safety parameter;
f) Cryptographic service provider receiptThen, checkingIf the answer is not true, the protocol is terminated, and if true, the following equations 9 to 11 are calculated:
(V) data decryption
And the receiver decrypts the data encryption key by using the private key replaced by the one-way trapdoor, and decrypts the outsourcing calculation result on the ciphertext to obtain a plaintext calculation result.
2. The method for encrypting and encapsulating lightweight multi-user multiple data in fully homogeneous state according to claim 1, wherein the specific operation steps of the system initialization are as follows:
a) Input 1 λ Wherein: λ is a safety parameter;
b) Probability polynomial time algorithm operated under given safety parameter of systemOutput a set of {0,1} 2λ Function (f, f) of -1 ) Three pairs of public and private keys (pk) f,ser ,sk f,ser ),(pk f,csp ,sk f,csp ) And (pk) f,rec ,sk f,rec ) And two hash functions H 0 ,H 1 The generated common parameters are: PPR = (pk) f,ser ,pk f,csp ,pk f,rec ,H 0 ,H 1 ) (ii) a The secret parameters are: SK = (SK) f,ser ,sk f,csp ,sk f,rec ) The secret parameters are respectively kept by the cloud server, the encryption service provider and the receiver; the hash function H 0 ,H 1 Has a mapping range of {0,1} * →{0,1} 2λ In which H 0 ,H 1 Represents the mapping range as 0,1 * →{0,1} 2λ The hash function of (1); PPR = (pk) f,ser ,pk f,csp ,pk f,rec ,H 0 ,H 1 ) Indicating the published parameters.
3. The method for encrypting and encapsulating lightweight multi-user multiple data in fully homogeneous state according to claim 1, wherein the key generation specifically comprises the following steps:
b) Each sender i randomly selectsTaking four large prime numbers p i ,q i ,s i ,v i Wherein: | p i |=|q i |=|s i |=|v i L = λ, such that p i q i =N i ≥N 0 Let T i =p i q i s i ,Y i =p i q i s i v i The temporary public key of the sender i is recorded as pbk i =Y i The temporary private key is pvk i =(p i ,q i ,s i ,v i ,T i );
c) The cryptographic service provider randomly selects four large prime numbers p, q, s, v, where: p | = | q | = | s | = | v | = λ, so that pq = N ≧ N 0 Let T = pqs, Y = pqsv, let pbk = T be the temporary public key provided by the cryptographic service, and let pvk = (p, q, s, v, N, T) be the temporary private key, where p is i ,q i ,s i ,v i Representing four large prime numbers selected by each sender i; pbk i =Y i =p i q i s i v i A temporary public key representing the sender i; pvk i =(p i ,q i ,s i ,v i ,T i ) A temporary private key representing sender i; p, q, s, v represents that the cryptographic service provider CSP randomly selects four large prime numbers; pbk = Y = pqs denotes the temporary public key of the cryptographic service provider CSP; pvk = (p, q, s, v, N, T) represents the temporary private key of the cryptographic service provider CSP.
4. The method for encrypting and encapsulating the fully homomorphic data of the lightweight multi-user multi-data according to claim 1, wherein the specific operation steps of the data encryption and encapsulation are as follows:
a) Sender i generates n i A plaintext data m i,i′ (i=1,2,…,n S ;i′=1,2,…,n i ) Each ofAll in the plaintext space, for each plaintext, m is calculated i,i′,p =m i,i′ mod p,m i,i′,q =m i,i′ mod q;
b) Sender i calculationSo thatRandomly selecting a prime number r i ∈{0,1} 2λ And n is i A blinding factor r i,i′ ∈{0,1} 2λ Respectively using public keys of a server and a password service provider to perform one-way trap door replacement calculation according to the following formula 1:
for each piece of data m i,i′ The one-way trapdoor replacement calculation is carried out according to the following formula 2:
c) Sender i uses a cryptographic hash function H 0 And (3) performing one-way trap door replacement calculation according to the following formulas 3 to 4:
5. The method for encrypting and encapsulating lightweight multi-user multiple data in fully homogeneous state according to claim 1, wherein the data decryption comprises the following specific operation steps:
a) The receiving party receives C F And then performing the inverse displacement calculation of the one-way trap door according to the following formula 12:
then checkingIf the answer is not true, the protocol is terminated, and if the answer is true, the protocol is calculated according to the following formula 13:
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011448937.7A CN112737764B (en) | 2020-12-11 | 2020-12-11 | Lightweight multi-user multi-data all-homomorphic data encryption packaging method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011448937.7A CN112737764B (en) | 2020-12-11 | 2020-12-11 | Lightweight multi-user multi-data all-homomorphic data encryption packaging method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN112737764A CN112737764A (en) | 2021-04-30 |
CN112737764B true CN112737764B (en) | 2023-02-03 |
Family
ID=75599588
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202011448937.7A Active CN112737764B (en) | 2020-12-11 | 2020-12-11 | Lightweight multi-user multi-data all-homomorphic data encryption packaging method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112737764B (en) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113783682B (en) * | 2021-08-25 | 2023-09-29 | 华东师范大学 | Packaging-supporting threshold full homomorphic data packaging method |
CN114499822B (en) * | 2021-12-27 | 2024-05-14 | 上海海洋大学 | Efficient outsourcing aggregation and appointed acquisition method for multi-source data |
CN115442134B (en) * | 2022-09-02 | 2024-05-07 | 暨南大学 | Multi-key multiparty security calculation method based on homomorphic bidirectional proxy re-encryption |
CN117640066B (en) * | 2024-01-26 | 2024-04-05 | 北京隐算科技有限公司 | Multi-user joint encryption and decryption method based on homomorphic encryption |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105721485A (en) * | 2016-03-04 | 2016-06-29 | 安徽大学 | Secure nearest neighbor query method for multiple data owners in outsourcing cloud environment |
WO2016141860A1 (en) * | 2015-03-09 | 2016-09-15 | Jintai Ding | Hybrid fully homomorphic encryption (f.h.e.) systems |
CN109936435A (en) * | 2019-01-24 | 2019-06-25 | 中国人民武装警察部队工程大学 | With the quick full homomorphic cryptography method of homomorphism calculating process NTRU type multi-key cipher |
CN109936530A (en) * | 2017-12-16 | 2019-06-25 | 河南师范大学 | Secret key sharing method based on cloud outsourcing and access control system thereof |
CN110176983A (en) * | 2019-05-22 | 2019-08-27 | 西安电子科技大学 | Privacy protection association rule mining based on full homomorphic cryptography |
CN110851845A (en) * | 2019-10-18 | 2020-02-28 | 华东师范大学 | Light-weight single-user multi-data all-homomorphic data packaging method |
CN111698078A (en) * | 2020-06-13 | 2020-09-22 | 中国人民解放军国防科技大学 | Cloud outsourcing data privacy protection frequent item mining method based on double cloud models |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20120002811A1 (en) * | 2010-06-30 | 2012-01-05 | The University Of Bristol | Secure outsourced computation |
CN108200063B (en) * | 2017-12-29 | 2020-01-03 | 华中科技大学 | Searchable public key encryption method, system and server adopting same |
-
2020
- 2020-12-11 CN CN202011448937.7A patent/CN112737764B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2016141860A1 (en) * | 2015-03-09 | 2016-09-15 | Jintai Ding | Hybrid fully homomorphic encryption (f.h.e.) systems |
CN105721485A (en) * | 2016-03-04 | 2016-06-29 | 安徽大学 | Secure nearest neighbor query method for multiple data owners in outsourcing cloud environment |
CN109936530A (en) * | 2017-12-16 | 2019-06-25 | 河南师范大学 | Secret key sharing method based on cloud outsourcing and access control system thereof |
CN109936435A (en) * | 2019-01-24 | 2019-06-25 | 中国人民武装警察部队工程大学 | With the quick full homomorphic cryptography method of homomorphism calculating process NTRU type multi-key cipher |
CN110176983A (en) * | 2019-05-22 | 2019-08-27 | 西安电子科技大学 | Privacy protection association rule mining based on full homomorphic cryptography |
CN110851845A (en) * | 2019-10-18 | 2020-02-28 | 华东师范大学 | Light-weight single-user multi-data all-homomorphic data packaging method |
CN111698078A (en) * | 2020-06-13 | 2020-09-22 | 中国人民解放军国防科技大学 | Cloud outsourcing data privacy protection frequent item mining method based on double cloud models |
Also Published As
Publication number | Publication date |
---|---|
CN112737764A (en) | 2021-04-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN112737764B (en) | Lightweight multi-user multi-data all-homomorphic data encryption packaging method | |
CN104168108B (en) | It is a kind of to reveal the traceable attribute base mixed encryption method of key | |
Das | Secure cloud computing algorithm using homomorphic encryption and multi-party computation | |
WO2018104412A1 (en) | Method of rsa signature or decryption protected using a homomorphic encryption | |
JP2016036166A (en) | System and method for designing secure client-server communication protocols based on certificateless public key infrastructure | |
CN110851845B (en) | Full homomorphic data encapsulation method for lightweight single-user multi-data | |
CN115549891B (en) | Homomorphic encryption method, homomorphic decryption method, homomorphic calculation method and equipment | |
Agarwal et al. | A survey on cloud computing security issues and cryptographic techniques | |
CN114095170A (en) | Data processing method, device, system and computer readable storage medium | |
Khatarkar et al. | A survey and performance analysis of various RSA based encryption techniques | |
CN106850584B (en) | Anonymous authentication method facing client/server network | |
Kumar et al. | Privacy preserving data sharing in cloud using EAE technique | |
CN115336224A (en) | Adaptive attack-resistant distributed symmetric encryption | |
CN114362912A (en) | Identification password generation method based on distributed key center, electronic device and medium | |
Mateescu et al. | A hybrid approach of system security for small and medium enterprises: Combining different cryptography techniques | |
CN115865313A (en) | Lightweight privacy protection longitudinal federal learning model parameter aggregation method | |
Gobi et al. | A comparative study on the performance and the security of RSA and ECC algorithm | |
Chavan et al. | Data transmission using RSA algorithm | |
CN114070550B (en) | Information processing method, device, equipment and storage medium | |
KR102304831B1 (en) | Encryption systems and method using permutaion group based cryptographic techniques | |
Basu et al. | Secured hierarchical secret sharing using ECC based signcryption | |
CN113783682B (en) | Packaging-supporting threshold full homomorphic data packaging method | |
Prabu et al. | Ultra secure secret communication by crypto stegano techniques for defence applications | |
Nguyen et al. | Developing Secure Messaging Software using Post-Quantum Cryptography | |
Jain | Enhancing security in Tokenization using NGE for storage as a service |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |