CN112737764B - Lightweight multi-user multi-data all-homomorphic data encryption packaging method - Google Patents

Lightweight multi-user multi-data all-homomorphic data encryption packaging method Download PDF

Info

Publication number
CN112737764B
CN112737764B CN202011448937.7A CN202011448937A CN112737764B CN 112737764 B CN112737764 B CN 112737764B CN 202011448937 A CN202011448937 A CN 202011448937A CN 112737764 B CN112737764 B CN 112737764B
Authority
CN
China
Prior art keywords
data
service provider
csp
cloud server
calculation
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011448937.7A
Other languages
Chinese (zh)
Other versions
CN112737764A (en
Inventor
周俊
沈华杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
East China Normal University
Original Assignee
East China Normal University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by East China Normal University filed Critical East China Normal University
Priority to CN202011448937.7A priority Critical patent/CN112737764B/en
Publication of CN112737764A publication Critical patent/CN112737764A/en
Application granted granted Critical
Publication of CN112737764B publication Critical patent/CN112737764B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/008Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a light-weight multi-user multi-data fully homomorphic data encryption packaging method which is characterized in that a homomorphic configuration of multi-user multi-keys, an arbitrary one-way trapdoor replacement and an outsourcing calculation method of an arbitrary hash function are adopted, privacy protection of multiple users and each user with multiple input data and independent encryption keys is realized, and outsourcing calculation and decryption specifically comprise the following steps: system initialization, key generation, encryption, outsourcing calculation and decryption. Compared with the prior art, the method is simpler and easier to implement, efficient privacy protection outsourcing computation can be realized under the condition that a plurality of users and each user have a plurality of input data and independent encryption keys, the data security of the users is ensured by using the cloud server and the password service provider, the ciphertext security can be adaptively selected, and the requirements of high efficiency and privacy of multi-user multi-data security outsourcing computation are met.

Description

Lightweight multi-user multi-data all-homomorphic data encryption packaging method
Technical Field
The invention relates to the technical field of security outsourcing calculation and homomorphic encryption, in particular to a light-weight multi-user multi-data fully homomorphic data encryption packaging method under a double-server model.
Background
With the rapid development of computer applications, more and more valuable data are generated from each terminal, and the value of the data cannot be played through effective processing due to the limitation of storage and computing capacity of the device. Massive data owners outsource data to resource-rich cloud servers for processing and storage. However, in real-world applications, the cloud server often works in an untrusted environment, and for the purpose of business interest, etc., the semi-trusted cloud server usually performs data processing honestly and returns the correct result to the outsourced computing result receiver. But the private data of the user is snooped in the data processing process or the interaction process with the user, and the malicious cloud server can destroy the correct execution of the outsourcing computing protocol through any behavior. On the other hand, even if the cloud server itself has no malicious behavior, the servers exposed on the network are still subject to infiltration of hackers, and the leakage of user privacy data caused by server attacks or loopholes is countless every year. Therefore, how to realize efficient and correct ciphertext domain data processing and outsourcing computation on the premise of protecting user data privacy becomes a very challenging open research problem in the current cloud computing field.
In order to prevent privacy leakage of user data and guarantee information security, the most direct method is to protect confidentiality of data through various encryption methods before outsourcing the data to a cloud server. The basic process of data encryption is to process original plaintext data into an unreadable code, i.e. ciphertext, according to a certain encryption algorithm under the action of a secret key. The decryption party can recover the original plaintext data only by inputting the corresponding secret key and decrypting the ciphertext through the decryption algorithm, and the data is encrypted through the means, so that the aim of protecting the data from being illegally stolen is fulfilled.
The secure outsourcing computation needs to meet the following two basic privacy protection requirements: 1) Input privacy: namely, the input data privacy of the data owner can resist collusion attack initiated by a semi-trusted or malicious cloud server and a malicious receiver; 2) Privacy of calculation results: i.e. outsourced computation results can only be decrypted by the authorized receiver. The public key homomorphic encryption has the property that the computing operation executed on the ciphertext keeps the same computing operation executed on the corresponding plaintext, so that various secure outsourcing computing functions on the ciphertext domain can be realized, and the public key homomorphic encryption is widely applied to the field of cloud computing. Specifically, a data owner uses a public key of a receiving party of outsourced computing results, encrypts each input data locally used for outsourced computing by using public key homomorphic encryption and then sends the encrypted input data to a cloud server, the cloud server performs various outsourced function computations on a ciphertext domain and sends ciphertext computing results to the receiving party, and the receiving party decrypts plaintext computing results by using a private key of the receiving party.
Although the public key homomorphic encryption in the prior art can realize the secure outsourcing calculation on a cryptograph domain in function, the calculation and communication complexity of the algorithm is overhigh, and the complexity of the use times of the local public key encryption algorithm of a user is as follows: and O (n), wherein n is the number of input data. Therefore, the huge computation overhead and communication overhead cannot meet the objective performance requirement of the limited local user resources. More importantly, most of international lightweight security outsourcing computing protocols only provide effective solutions for single-user multi-data scenes, and cannot meet the more general scene requirement of multi-user multi-data, namely, each user encrypts respective input data by using own secret key, and the cloud server executes privacy protection outsourcing computing on ciphertext data encrypted by using different secret keys. Therefore, finding a new lightweight multi-user multidata outsourcing computation method is a challenging open problem to be solved urgently.
Disclosure of Invention
The invention aims to design a lightweight multi-user multi-data all homomorphic data encryption packaging method aiming at the defects of the existing security outsourcing computation, which adopts an outsourcing computation method of any one-way trapdoor replacement and any hash function and homomorphic configuration of multi-user multi-key to realize high-efficiency privacy protection outsourcing computation, simultaneously supports addition, multiplication and various complex outsourcing function computations formed by the addition and the multiplication on a cryptograph domain, ensures the data security of users by using two cooperative but discordant outsourcing servers (namely a cloud server and a password service provider), achieves the adaptive selection of cryptograph security (CCA 2), can realize high-efficiency privacy protection outsourcing computation under the scene that a double-server model and a plurality of users each have a plurality of input data and independent encryption keys, and has the advantages of simplicity, feasibility, flexibility and high efficiency, and meets the requirements of high-efficiency and privacy of multi-user multi-data security outsourcing computation.
The purpose of the invention is realized as follows: a light-weight multi-user multi-data fully homomorphic data encryption packaging method is characterized by adopting multi-user multi-data scene security outsourcing computation of a plurality of data owners, a computation result receiver, a Cloud Server (SER) and an encryption service Provider (CSP) framework. The method comprises the following steps that a computation result receiving party requests a outsourcing computation task from a cloud server, a plurality of data owners provide input data encrypted by respective keys, the cloud server and a password service provider jointly execute outsourcing function computation on ciphertext input data to obtain an encrypted computation result, and a computation result receiving party decrypts the encrypted computation result to obtain a plaintext computation result, wherein the outsourcing computation and decryption specifically comprises the following steps:
system initialization
Under the condition of given security parameters, the system executes the trapdoor replacement generator to generate public keys and private keys of a pair of one-way trapdoor replacement and reverse replacement and three pairs of trapdoor replacement, respectively sends the public keys and the private keys to the cloud server, the password service provider and the receiver, and generates two hash functions. And disclosing three public keys and two hash functions, wherein the three private keys are respectively stored by the cloud server, the password service provider and the receiver.
(II) Key Generation
Each data owner generates a set of keys for encrypting input data, and the cryptographic service provider also generates a set of keys for re-encryption.
(III) data encryption
The data owner encrypts and encapsulates all input data held by the data owner by using an own encryption key, and encrypts the data encryption key under the public key of the cloud server and the public key of the cryptographic service provider respectively by utilizing one-way trapdoor replacement. And selecting random numbers to blindly encrypt data. And meanwhile, the hash function is used for abstracting all ciphertext input data, so that the ciphertext input data are prevented from being tampered in the transmission process, and finally, the input data encryption result is sent to the cloud server.
(IV) data outsourcing computation
The cloud server receives ciphertext input data sent by all data owners, performs random outsourcing function calculation based on addition and multiplication on the data on a ciphertext domain together with a password service provider, and sends a ciphertext calculation result to a receiving party.
(V) data decryption
And the receiver decrypts the data encryption key by using the private key replaced by the one-way trapdoor, and then decrypts the outsourced calculation result on the ciphertext by using the private key.
The main use parameters are shown in table 1 below:
TABLE 1 parameter List
Parameter(s) Means of
λ Safety parameter
f,f -1 Unidirectional trapdoor displacement and reverse displacement
pk f ,sk f Public and private key replaced by one-way trapdoor
H 0 ,H 1 Cryptographic hash function
pbk i =Y i Temporary public key of ith data owner
pvk i =(p i ,q i ,s i ,v i ,T i ) Temporary private key of ith data owner
m i.i Ith data of ith data owner
n s (i=1,2,…,n S ) Number of data owners
n i (i′=1,2,…,n i ) Amount of data owned by each data owner
r i Random number for data owner i to encrypt data
r Random number for CSP re-encrypted data
The specific processes of generating the public parameters, unidirectional trapdoor replacement and public and private keys thereof in the step (I) are as follows:
a) Input 1 λ Wherein λ is a security parameter;
b) System (trusted third party) running probabilistic polynomial time algorithm
Figure BDA0002831577560000031
Output a set of {0,1} Function (f, f) of -1 ) Three pairs of public and private keys (pk) f,ser ,sk f,ser ),(pk f,csp ,sk f,csp ) And (pk) f,rec ,sk f,rec ) Two hash functions H 0 ,H 1 The mapping range is {0,1} * →{0,1} The common parameter thus generated is PPR = (pk) f,ser ,pk f,csp ,pk f,rec ,H 0 ,H 1 The secret parameter is SK = (SK) f,ser ,sk f,csp ,sk f,rec ) The secret parameters are respectively kept by the cloud server, the encryption service provider and the receiver.
The specific process of generating the data encryption key in the step (two) is as follows:
a) The system initializes a plaintext space size N 0 And will bePlaintext space is set as
Figure BDA00028315775600000412
b) Each data owner i randomly selects four large prime numbers p i ,q i ,s i ,v i Wherein: | p i |=|q i |=|s i |=|v i L = λ, such that p i q i =N i ≥N 0 Let T i =p i q i s i ,Y i =p i q i s i v i The temporary public key of sender i is pbk i =Y i The temporary private key is pvk i =(p i ,q i ,s i ,v i ,T i
c) The cryptographic service provider randomly selects four large prime numbers p, q, s, v, where: p | = | q | = | s | = | v | = λ, so that pq = N ≧ N 0 Let T = pqs, Y = pqsv, let the temporary public key provided by the cryptographic service be pbk = T, and the temporary private key be pvk = (p, q, s, v, N, T).
The specific process of adding the sealed data in the step (III) is as follows:
a) Data owner i generates n i A plaintext data m i,i′ (i=1,2,…,n S ;i′=1,2,…,n i ) Each of
Figure BDA0002831577560000041
Are all in the clear space. For each plaintext, m is calculated i,i′,p =m i,i′ mod p,m i,i′,q =m i,i′ mod q。
b) Data owner i calculation
Figure BDA0002831577560000042
So that
Figure BDA0002831577560000043
Randomly selecting a random prime number r i ∈{0,1} And n is i Individual blinding factor r i,i′ ∈{0,1} . And respectively using public keys of the server and the cryptographic service provider to perform one-way trap door replacement calculation according to the following formula 1:
Figure BDA0002831577560000044
for each piece of data m i,i′ The one-way trapdoor replacement calculation is performed according to the following formula 2:
Figure BDA0002831577560000045
c) Data owner i uses a cryptographic hash function H 0 Calculated according to the following formulas 3 to 4:
Figure BDA0002831577560000046
Figure BDA0002831577560000047
the data owner i will then
Figure BDA0002831577560000048
And sending the information to the cloud server.
The specific process of performing any polynomial calculation on the ciphertext by the data in the step (four) is as follows:
a) Let the polynomial of the outsourcing calculation be
Figure BDA0002831577560000049
Wherein
Figure BDA00028315775600000410
Degree of the polynomial is deg F =max(e 1 ,e 2 ,…,e n )。
b) Cloud server receives
Figure BDA00028315775600000411
Then, using one-way trapdoor inverse permutation calculation
Figure BDA0002831577560000051
And checking and calculating
Figure BDA0002831577560000052
If not, the cloud server terminates the protocol, and if so, the cloud server sends C i,i′ ,C i,csp ,C′ i,csp To a cryptographic service provider.
c) The cryptographic service provider receives C i,i′ ,C i,csp ,C′ i,csp Then, the inverse permutation calculation of the one-way trap door is used firstly
Figure BDA0002831577560000053
And verify
Figure BDA0002831577560000054
Whether or not this is true. If not, the cryptographic service provider stops the agreement, if so, the cryptographic service provider selects a random number r i,csp ∈{0,1} And each ciphertext is re-encrypted according to the following formulas 5 to 7:
C′ i,i′ =C i,i′ mod N i =r i m i,i′ mod N i , (5);
C′ i,i′,q =C′ i,i′ mod q,C′ i,i′,p =C′ i,i′ mod p, (6);
Figure BDA0002831577560000055
wherein: p is a radical of formula -1 p≡1mod q,q -1 q≡1mod p。
The cryptographic service provider then performs the calculation of the cryptographic hash function according to equation 8 below:
Figure BDA0002831577560000056
finally, the cryptographic service provider sends C CsP =({C″ i,i′ (i=1,2,…,n S ,i′=1,2,…,n i )},C′ rec,csp ) To the cloud server.
d) Server receives C CSP Then, a priori calculate
Figure BDA0002831577560000057
If not, terminating the protocol, if not, then the server randomly selects a prime number r belonging to {0,1} And calculate
Figure BDA0002831577560000058
C″ i,i′,SER =rC″ i,i′,ser
Memory polynomial
Figure BDA0002831577560000059
One of them is
Figure BDA00028315775600000510
Computing
Figure BDA00028315775600000511
And will be
Figure BDA00028315775600000512
To a cryptographic service provider.
e) Reception by the cryptographic service provider
Figure BDA00028315775600000513
Then, checking
Figure BDA00028315775600000514
If the answer is not true, the protocol is terminated, and if true, the following equations 9 to 11 are calculated:
Figure BDA00028315775600000515
Figure BDA00028315775600000516
Figure BDA0002831577560000061
and will be
Figure BDA0002831577560000062
And sending the data to the cloud server.
f) Last cloud server computing
Figure BDA0002831577560000063
Then will be
Figure BDA0002831577560000064
Figure BDA0002831577560000065
And sending the data to a receiving party.
The decryption algorithm involved in the step (five) comprises the following specific processes:
a) The receiving party receives C F And then, performing inverse replacement calculation of the one-way trap door according to the following formula 12:
Figure BDA0002831577560000066
then checking
Figure BDA0002831577560000067
If the answer is not true, the protocol is terminated, and if the answer is true, the protocol is calculated according to the following formula 13:
Figure BDA0002831577560000068
the mathematical theory involved in the invention is as follows:
1. hash function
The Hash function maps the variable-length message into a fixed-length Hash value or message digest, and the Hash algorithm has many ways, and currently, methods commonly used include MD2, MD4, MD5, and secure Hash algorithm (SHA-1). For a Hash function (a string composed of 0 and 1) in which both input and output are bit strings, the length of the bit string x is denoted as | x |, and the bit strings x and y are denoted as x | | y. Let compression: {0,1} m+t →{0,1} m Is a compression function (where t ≧ 1). An iterative Hash function h is constructed based on the compression function compress:
Figure BDA0002831577560000069
the evaluation of the iterative Hash function h consists essentially of the following three steps.
1) Pretreatment: given an input bit string x, where | x | ≧ m + t +1, a string y is constructed with a published algorithm such that | y | ≡ 0 (mod t). Is noted as y = y 1 ||y 2 ||…||y r Wherein for 1. Ltoreq. I. Ltoreq. R, there is y i |=t。
2) And (3) treatment: let IV be a public initial value bit string of length m. Then calculate: z is a radical of 0 ←IV,
z 1 ←compress(z 0 ||y 1 ),
z 2 ←compress(z 1 ||y 2 ),
Figure BDA00028315775600000610
z r ←compress(z r-1 ||y r ),
3) And (3) output conversion: let g: {0,1} m →{0,1} l Is a public function. Defining a hash function h (x) = g (z) r )。
2. Public key encryption scheme
The public key encryption scheme consists of a key generation algorithm, an encryption algorithm and a decryption algorithm.
The key generation algorithm: input of safety parameters 1 n Outputting a pair of public and private keys (pk, sk), wherein pk is the public key and sk is the private key;
and (3) encryption algorithm: inputting public key pk, message m, and outputting cipher text c ← Enc pk (m);
And (3) decryption algorithm: inputting a private key sk and a ciphertext c, and outputting m = Dec sk (c)。
Correctness requirements for public key cryptographic algorithms, except for negligible probability, for the algorithm Gen (1) generated by the key n ) The obtained public and private keys (pk, sk) have Dec sk (Enc pk (m)) = m holds.
3. Theorem of Chinese remainder
By setting m 1 ,m 2 ,…,m k Is a positive integer of two-two reciprocity, then for any integer b 1 ,b 2 ,…,b k First congruence equation set
Figure BDA0002831577560000071
Must have a solution and all solutions form a modulus m 1 ,m 2 ,…,m k A congruence class of (c).
Compared with the prior art, the invention has the following advantages:
1) Safety is as follows: in the security outsourcing computation realized by public key full homomorphic encryption, input privacy and computation result privacy only can achieve the security of adaptively selecting plaintext (CPA security), in the method for encapsulating lightweight multi-user multiple data full homomorphic data under a dual-server model provided by the invention, the input privacy can achieve the security of adaptively selecting ciphertext (CCA 2 security) for an unauthorized receiver under the condition that a cloud server and a password service provider are not conspired by the input privacy, wherein the CCA2 security is higher than the CPA security.
2) The efficiency achieved: the computation complexity of an outsourcing computation protocol realized by utilizing the public key full homomorphic encryption in the local resource-limited user is O (n), wherein n is the number of input data; in the method for encapsulating the lightweight multi-user multi-data fully homomorphic data under the dual-server model, only two times of random one-way trapdoor replacement (the algorithm complexity of the method is equivalent to that of one-time public key encryption) are needed to calculate the encrypted random number as the symmetric key, and then the symmetric fully homomorphic mapping with the key is used for encrypting and encapsulating the input data. Since the algorithm complexity of symmetric encryption is 3 to 5 orders of magnitude faster than public key encryption, the computational complexity of this part is negligible. Therefore, in the light-weight multi-user multi-data fully homomorphic data encapsulation method under the dual-server model, the calculation complexity is increased to O (1), namely, the method is independent of the number n of input data.
3) High availability: most of international existing safety outsourcing computing protocols are usually only suitable for single-user multi-data scenes, and the outsourcing computing scheme realized by the method supports arbitrary multivariate polynomial function outsourcing computing under multi-user multi-data scenes, and has higher availability. In the light-weight multi-user multi-data fully homomorphic data packaging method under the double-server model, the one-way trapdoor replacement can be instantiated by various specific public key encryption algorithms according to the security requirements under different network application scenes, such as RSA encryption, identity-based encryption, attribute-based encryption, proxy re-encryption and the like, and the method is more flexible.
Drawings
FIG. 1 is a system diagram of the architecture of the present invention;
FIG. 2 is a schematic flow chart of the present invention.
Detailed Description
The present invention is further illustrated by the following specific examples.
Example 1
Referring to fig. 1, in the present invention, a public parameter and a key are generated by a system (trusted third party), a plurality of data owners encrypt and encapsulate a plurality of messages with their respective keys and send the messages to a cloud server, the cloud server and a cryptographic service provider perform multivariate polynomial calculation on encrypted data in a ciphertext domain, and a receiver decrypts a calculation result. The method is realized based on two times of arbitrary one-way trapdoor replacement, can be flexibly applied to different network scenes, meets the requirements of correctness, high efficiency and privacy, and can achieve the safety of adaptively selecting the ciphertext (CCA 2 safety) in the aspects of the safety of input privacy and the privacy of a calculation result.
Referring to fig. 2, the specific implementation process of the present invention is as follows:
the method comprises the following steps: system (trusted third party) initialization
a) Input 1 λ Wherein λ is a safety parameter, and λ =512 is taken;
b) System (trusted third party) running probabilistic polynomial time algorithm
Figure BDA0002831577560000081
Output a set of {0,1} Function (f, f) of -1 ) Three pairs of public and private keys (pk) f,ser ,sk f,ser ),(pk f,csp ,sk f,csp ) And (pk) f,rec ,sk f,rec ) Two hash functions H 0 ,H 1 The mapping range is {0,1} * →{0,1} The common parameter thus generated is PPR = (pk) f,ser ,pk f,csp ,pk f,rec ,H 0 ,H 1 ) The secret parameter is SK = (SK) f,ser ,sk f,csp ,sk f,rec ) The secret parameters are respectively kept by the cloud server, the encryption service provider and the receiver. In a specific implementation, we use RSA as a single trap gate to generate three pairs of RSA keys.
For the cloud server, two 1024-bit large prime numbers are selected:
p f,ser =122182835497602646970435161652673859489388648119023022721640022253004097852738500457923107218337120884509714428573065515141617542509728502027111707207772238846505714021188709219013288021835624583947890928789406604357074680786482122540676609811492233762394550112870985911335964387656100770874761812431557859229;
q f,ser =146816290651568552463520893108450661851266711447975232562124137261274811464154583402940643941562833744801896250653909610028020274741135187141746077452251712450380256984468264435119556062306391941855485115558267743235453032634555141091710215468523927326037675740069924200773724586876543458902282339357446443627;
calculating n = p × q;
n f,ser =p f,ser *qf ,ser =17938430689048817783440483309661157377611271517276081186433284542789174731557582611259003711414243221597425843307613681734792534345750155812092072667611985373839179706273895437237500391305542495510527791335918969395574735004498810988762474474749672056035044626846420678977515288543196203598867011282401629515353005267333293837859090007000682677471036803597974218003173440948153567004587369657294962557458595352199094485110690809949352266016441796445592958345822941530806698695982156405413833836632510516812455998770673231429438285097455647006836641835720099487008083386857949676688581497406968185344050755687550183583;
selecting prime e, e f,ser =65537;
Calculating d such that d = e -1 modφ(n);
Figure BDA0002831577560000091
Figure BDA0002831577560000092
sk f,ser =(d f,ser );
For the cryptographic service provider, two large prime numbers of 1024 bits are chosen:
p f,csp =171264298779685239581536383180723040790941972865837421833280255944444153148729296493618345344066877975943815976882912906424025161637173989978784510791287962170210136940863753413333979268721465734734727934038588562311440958965856676847252156164875649028288078043757416277300587487665932208269895339670227784711;
q f,csp =109336909022555504734614917909130513387802617738328881676890937082092219514999911192112761544724354250572905019730363639830348101504338027912854752296186274739149027658427888565710485783132159768633993884335081922779501508005538010700046336028483359124689907883946961736611137810280727910939072333861721942823;
calculate n = p × q
n f,csp =p f,csp *q f,csp =18725509054486208790765335936945421318033565874923140747577739921387460916236243836844882857172586276882181436048833971572221094727101420454201914250920064619273961646000001424241628801090561699422963689989036078741903476469576492870235837171931035145046742165517648692705339881575712364212656884574525937786071664285060895679363266406185520450612120717900049822299075036527869461337360148137121550988958548415300835802409131292910777685991736865757186316854697332077766922531523221899419657349853560738187230707398513314640121629901232771587290162180357845361437596886206430740419320525542120083482691535118295579153;
Selecting prime e, e f,csp =65537;
Calculating d such that d = e -1 modφ(n);
Figure BDA0002831577560000101
pk f,csp =(n f,csp ,e f,csp );
sk f,csp =(d f,csp );
For the receiver, two large prime numbers of 1024 bits are selected:
p f,rec =176065764957007503583966108739314752193663118671660394808180098009955848417674886957762663447393897714688476985470769701772382869599004267780000452707842076819793910051796644977218627532010666208522069782125483130757011868520349888360636521921928583489112098792161216386316538481862099707241130190930651137763;
q f,rec =90504743214929193654191021476685689885363668274292847353277599597011846975692383696753972603241163282734339697759655473831217420297100683121139413605209428299006953523285522412994860150965644180993960673895220244156169155637659811002160220966588071407538067527931303716476691586713623328746547036632477973161;
calculating n = p × q;
n f,rec =p f,rec *q f,rec =15934786846374043053256376656706969642068690495453919368453605660206275312654453663238196608887170179315207706497579873626198660903689639612381907074017597110645657778603059697983885458871380130465748605951521563915204779189533326377277331280267503279387202777546830874283192676895400318041381228002610897032020047823080824648144176865694083370960290284918028733336735866039187543504448748304704586420807625186760399934405163758244225267530930399622073459694165257655893856523686506826922836596766580407382893246948816247794632300380518257894381931996452462139952986479681090273089909524371721965738496390320827578843;
selecting prime e, e f,rec =65537;
Calculating d such that d = e -1 modφ(n);
Figure BDA0002831577560000111
pk f,rec =(n f,rec ,e f,rec );
sk f,rec =(d f,rec )。
Step two: key generation
a) The system initializes a plaintext space size N 0 And sets the plaintext space to
Figure BDA0002831577560000112
N 0 =28088143026658587954712639591696820848925374214980814442303043904573965801716266964654049619179401927733997388196270615119407163486954878100290689787567717583286649727433785530465428140745089513995269455229327911758489754184204487843008227417543978659709595782535221609741288137733012722023080856295020317631;
b) Randomly selecting four large prime numbers p by each data owner i i ,q i ,s i ,v i Wherein: | p i |=|q i |=|s i |=|v i L = λ, such that p i q i =N i ≥N 0 Let T i =p i q i s i ,Y i =p i q i s i v i The temporary public key of the sender i is recorded as pbk i =Y i The temporary private key is pvk i =(p i ,q i ,s i ,v i ,T i );
In this case, two data owners are selected, and the temporary public and private key generation process of the data owner 1 is as follows:
p 1 =11099536553499459898516049664967251737499063278333702052526991495067871775158295400297965317872050972378517828382705877058120311419742640666521555853492287;
q 1 =9194893298935351728001588829826916490207244335204463850316984841070975758431400808385102430015197346835233732300753968907123798485465759923860423879054241;
s 1 =12523019225077159287665906501626625103372331350880922929412298034043122455436294962985303319555044204546295963708780504060524940438378805229367988307438721;
v 1 =6767971895215293416530261319164008397382046068199056757012828419896434116188025383664064519279775548395390373582083066016327007292819258747816994235713121
N 1 =p 1 *q 1 =102059054277060172962817504747727369883587818222266646567301027482286244943030092211006884037726549622090735766816625016291741146840404474589721278772201914240903227909711289968085070869942933247170290831519335424838985522945181752534106065281851263082425062791328579871453748497657844971183685988170548139167;
T 1 =p 1 *q 1 *s 1 =1278087498804817826423062873317185294068879832960594051055643032880510657744981233255654914705383015028835270648826989744568416469427553326711911100246839837571557774807511193319257054128477035914349050556668312544360214412041310721976950357375543471478430447817410913926406520843010766082271435580101017878170638887904539065539091980714580392940769717121516571625337950667141012121828521798168162954061554772732546003562697279562741510467859241653235770432485407;
Y 1 =p 1 q 1 s 1 v 1 =8650060271537016964068583416660242464531533239621167526395677474909527688711401072041199168083557353749329630742390037452061450827508326945524450400923789796957929046630618752147337789773206798251955926675655757760921284741625576429797138764619331720267586586625293591711249828416776999094653835002535212205672651264098300528753297583060560526184413758440962805200774375714760651940448089533985091969196309071897466722967942593769107611456245990165099930983152557329820741431998046808315295092564995560948345922844796630638123706990256420651866753328295916604730029912396393699984321461201230440726209087213070925247
the temporary public key is pbk 1 =Y 1 The temporary private key is pvk 1 =(p 1 ,q 1 ,s 1 ,v 1 ,N 1 ,T 1 )。
The temporary public and private key generation process of the data owner 2 is as follows:
p 2 =8775962283543411198995238036523693737439740017930452128349615981039060599032137369762819115501558204860395734335512819933983359398838922342356845708403007;
q 2 =9146114780791983977404804189280723014572807755285331117170206537297914463118065116924547238746024261565592206787584244901184534886810869226132400671740147;
s 2 =13271609844297503119508230267825779083590169723107634547770144167240356182765975408764931409721973430950936714510586541856789627653203365506967923519474283;
v 2 =12390016500853115282354559043564379585405211339927293724511586461124517020901941891929738510167097711433577194071653536644088787214005182052904437384069089
N 2 =p 2 *q 2 =80265958357189365453623126506342115341135104954224145472901895742770573568726128569542681967544649778296130863750261387522675548273566714621420996429082163677816446481237349381804112039626311171335617926341744364939789514137996106466187797039789048473686186973201094068276459082193739930327002745755057422029;
T 2 =p 2 *q 2 *s 2 =1065258483095247823727999753016878258489102446421468969069520777571161589712138229262223588531897878753521614013421870543056354160300966494680680617686710810075865073772632131706954411223313988792276510821645860570011539835423774241389872579454639311191112719550344308804426388103972611135095251786543324242301466436779405854934861422010823131099102676451713163076947547703620315680317075843396822793823039551102056691792781145727877246396162466916323699343180207;
Y 2 =p 2 q 2 s 2 v 2 =13198570183223879899165400060789738089029681411868570121726878480884112650156382686188272534981302156304691303562024558791209756251172695534124174073516179487854365529258077955972333493272857858545708139535426364635942917432950061738931581465217090306224202549897505375193511804070825704081545497022021408055624302721620809964137777096088747922311264036130608105107650188615854223624051724111804132630632505886464106046902531081164475743239659606976067420785827291327677052023270278434183908307818801195863781199356540643125457332228335162765720672502335510142267547826584501841730497831352845885975076723579465321423
the temporary public key is pbk 2 =Y 2 The temporary private key is pvk 2 =(p 2 ,q 2 ,s 2 ,v 2 ,N 2 ,T 2 )。
c) The cryptographic service provider randomly selects four large prime numbers p, q, s, v, where: p | = | q | = | s | = | v | = λ, so that pq = N ≧ N 0 Let T = pqs, Y = pqsv, let the temporary public key provided by the cryptographic service be pbk = T, and the temporary private key be pvk = (p, q, s, v, N, T).
<xnotran> p =9289878302888150863914474498352928928332946842718512265330071523962939394301183687826264082118605614104565178122739647960472448270630557638408684081139779; </xnotran>
q=11276303102752040299608605406369939227606782460316296329157916705440909732416336143075396034239743030665777693333756451283233966888929612941121810819376393;
s=8033578914450776359144513070467450583461683897451899910512683768881747936804393843640139615347977007267759127407926921867535340071401840614743825758184669;
v=8062392842760160262881400557885474161887347722891043184191219727057034846286535621504105828196362034976236033907942065363002222983867974021422598267763739
N=p*q=104755483531046514008034256347388900510568924962205210108849231090832971743964674149131338896507804138196813369424919499252763468989856664064944344436220038493668256834106315218176358074298776473387626262726449377602467923291067377555798762746749167577239629206596787489803730048534699734109497760821445837147;
T=p*q*s=841561443668110834754697775999612292872396503988360828903550362558139097427356043611464411680141880501966705340066846131060975525972321671049200628605500504232371606243880192813182935565259581552245885688713529982739023526413393202213319199422610209896649226533813429460241226368798952257299582158151333548709564491525132958755795035352823649768204753067531930026727363929906633019551551860911020673553095527222772534882631193029294449144475982722947413726099343;
Y=p*q*s*v=6784998960172684586038522274228741238863552198293828679760140371378157381067796258368314467827198008648970158960863245294295625338762269642078576627343166609133313260970133201165282713405493796375616457983809535362657878544965800272464411499673637703592906143236037164335354563349227220734484057064583263628055939932376649100187844153269621161787147935163226110266239598746550032420914155661771669587401084699223155745647346377668597171469273077536686854429088429299412640021626579834918520787590034255903021676499360636430404427598041586091106860197379877720909079603672474784102286376185669130790932833395967123477
The temporary public key is pbk = Y and the temporary private key is pvk = (p, q, s, v, N, T).
Step three: data encryption
In the implementation process, taking two data owners, respectively owning 2 and 3 pieces of data as an example,
the final calculation function:
Figure BDA0002831577560000151
a) The data owner 1 generates 5 plaintext data [9257,5405], and for each plaintext,
calculate m i,i′,p =m i,i′ mod p,m i,i′,q =m i,i′ mod q。
Data owner 2 generates 3 plaintext data [11307,10059,7846]For each plaintext, m is calculated i,i′,p =m i,i′ mod p,m i,i′,q =m i,i′ mod q。
b) Data owner i calculation
Figure BDA0002831577560000152
So that
Figure BDA0002831577560000153
Figure BDA0002831577560000161
Figure BDA0002831577560000162
Figure BDA0002831577560000163
Figure BDA0002831577560000164
Randomly selecting a random prime number r i ∈{0,1} And n is i Individual blinding factor r i,i′ ∈{0,1} . Respectively using public keys of a cloud server and a password service provider to perform one-way trapdoor replacement calculation:
r 1 =10646712892003829280515525854885442975862032001197737276656751403889793851636729131988380395793657982324877634941217066383853168796866630443818455890520812;
r 2 =10138025061207181251439247067150137728718992384059309657994107207359954080306747499565315177793547388665823918656598855434814809990022138456868348221475787;
for each piece of data m i,i′ And calculating:
Figure BDA0002831577560000165
r 1,1 =7077631767042737356738007505374172908050556169030432541486442660568435390953865488011119593363043500423889486743238224765115995966298482031363372492484567;
c 1,1 =879423495763146660829798584478009990867674601906808062658652333569150834483335708953145773196399916052705664710267512604566618384081942054276349495379082416414851597911719999417784024143900461599342019058114220175500422108017208924743745618370363343406158884391184379017681922893487700320767125084205949599629529597978641709825333927036134139986227245928747629144124558533087312972544181981883191544477727808662204352402432425694107638669925640387559793072444516487372673376005570989533611080143823683602255157479488314407471516666990336017789553000501936953326109906876649792120573088212628108660942359722605427772;
r 1,2 =10420594737448884811854359901331444820470089359751094764828040243487402364623099108357333067243775264762569813219150570255765277714206657649031598997816543;
c 1,2 =452626364395707491021539027033505127084334120857762759336578864554577022280056928911064157500854275296203168932512864417833319187863038305341271991587570476539157800116879152674486863892137578469365651614641984766981225407569041253665240143267016336212055469694584131827363699835471563211831209213672458012555490482965603529241814852407308814646181995745272472108009032300004668385687983804534385948896589439822593076438992454112095919038133628253105221034133030081521817417935975379827625974072937567033323111338087451535411932615836188553994835432170004991506966542590326462103290948041905230394402685441398226362;
r 2,1 =8619582333843958381555705734914791903349729883070277300983252623741877523519164701326946897747179211556369940593198831328329191490017669580072234897271717;
c 2,1 =6126572384885936914351288890552001756632642292653207707166226797425295860238056514447142682128124564243545171987693188185491333165954865728799691592606457727548057377296013066316917202805098778639457676918638976529876686336937241849533955252270112503309463325993494597059935348416157193578335307051304156656830839307051240692331619721703742109692369219397006217300629865232655151725976118976301367638197024717788436093945917158017979712434243670168018941303743147330325559797474186835930273555915497396565379283861554292019132598035433301500725213650414233193447839902063789972535212760102845271213271938412298982245;
r 2,2 =12848951224986499687902404755603111375003720922592487082743268974604487532732839839067193979259361995908522522555431561064063804224397414901569022211335947;
c 2,2 =3136972520666224351613546002342173072644700644936610096478018214777348888640707064519518306979096624770154463357054848093569300926794446367469331853170395042502291865307430470893174911029801813797110182850675446798909243510787772082354099031360272745048641644036615644910780356955622822551742652652355365544465038077526077801044212081701944517940339549876038968788480518887555323659101844202170280296215319196576671272487237590607558838889221983217486821268541385615907453374651990309281274150453792543002363548852681278940331750146718790515605291907463981270608447260867292224446142447322395930364528225801154669678;
r 2,3 =11813683428747356202487153045715296895755015845916125616491414991695831471186832693920934766036268867170135365225715867180717646307391823463942468462491203;
c 2,3 =5959701343940758153685213203106343847354924954778343395575647226544629488064785723022950221812564086638183654694629131482824044424728658417653275433134152225514408377726476238946872131116785203970496790671655837361461590158693078066319265900558746869234327839112985530333413371844688017886495922626034821942789089397264417335564083091783848154843190591957446991705433746176116819568096294682265465707627696946870078357657335195292273640711928148352856570880604765579976962107084184733801711565533761105901283618922205481637873241367222220499088185717000704078187720300996569995649522917911424050155311923331899786892;
Figure BDA0002831577560000181
C 1,ser =2372195018499060927411796564302843526593375770254110157700502310480484882527281732276199991501929596994723755226692585344339136348154789857137495209913970964396202102620246942147680848736993644111171574008822037120392831717920767992832963913351780176696942298248980187597243434120901534357709891171011145536868678663191874210085375580530336169712020894121369598508925974089619004264606754664918906264793088434930343730032497664815938646481528639976520876633936942462346179902647418067132988973782835040179516712541232293930001805668589808041780337955540616134084939316860468726913620729362105810828942120153699759659
C 2,ser =15462323538336414078739904585896083231088892735156595344225599073194036848742270093359924186873259870165165555183580960096718216497995435994311483650311843722971343019500846567527638778752250273944714260255599883817092073348532764621542063048610962966940793167464307694285851820871806739115651945705861322002209775133621370254955924874596402734815453580604671018992230349763293449466418505696792763323116525517784646326679624248024593859204785296367115409840388989952203119098857467037760023641279290837170061117134183659647490744611296402902903646250614065972737165004293654392143790119731101875706776161766978888656
C 1,csp =16842263567780748495101104107306655608455568496160993468674640748278562510742171933208058186918125153561784770165578476142047339731707132121419431249702754575854239761662506722834049335164066698623130733033812042732448820652218523043937820773284041762977994393476392078792026241268475861383988522289631412747859140083241802712387618434584215478350812001124857536146886039425885216199030529807414190104913841270498189770964329122669446161602351654101875238995885867071376270857841052918362195338654247342347314712072812972975953847951496362687213664606295938128942175001220776150085794706233684648307012920588203924021
C 2,csp =8726007791087960710451256930992326176971838195766559392533748652268808860154264581322771158948196053589828027831977517755459189928791593988161599072347051010981543635096735304973469372716025845183337717096336033443557857630681290719028503327156169408949409122710288225839929952314713264416563603990785315603258360952512032955526444993904604313479446356104520842044858258006278404692585332203540974884397109104443826151533289035092743226041099236178223401401782399999963320097274111762857018329012022556232547760195079288340448382963954361401207318754833035013280131178578963655841617164721572749161215123916755384626
c) Data owner i uses a cryptographic hash function H 0 And (3) calculating:
Figure BDA0002831577560000194
Figure BDA0002831577560000195
C′ i,ser =0468726913620729362105810828942120153699759659;
C′ i,csp =8573655841617164721572749161215123916755384626;
the data owner i will then
Figure BDA0002831577560000191
And sending the data to the cloud server.
Step four: outsourcing of data computing
Cloud server receives
Figure BDA0002831577560000192
Then, using one-way trapdoor inverse permutation calculation
Figure BDA0002831577560000193
r i =10646712892003829280515525854885442975862032001197737276656751403889793851636729131988380395793657982324877634941217066383853168796866630443818455890520812;
Then calculated to give C' i,ser =0468726913620729362105810828942120153699759659;
The cloud server passes the verification and sends C i,i′ ,C i,csp ,C′ i,csp To a cryptographic service provider.
The cryptographic service provider receives C i,i′ ,C i,csp ,C′ i,csp Then, the inverse permutation calculation of the one-way trap door is firstly used:
Figure BDA0002831577560000201
Figure BDA0002831577560000202
N i <xnotran> =102059054277060172962817504747727369883587818222266646567301027482286244943030092211006884037726549622090735766816625016291741146840404474589721278772201914240903227909711289968085070869942933247170290831519335424838985522945181752534106065281851263082425062791328579871453748497657844971183685988170548139167; </xnotran> Authentication
Figure BDA0002831577560000203
Figure BDA0002831577560000204
This is true. The cryptographic service provider selects a random number:
r i,csp =4644670264372612513551956026182336370622993766671396264914130557307203876651255940466168615851785698309322226109480474204911568555196223796776401435290912;
and re-encrypting each ciphertext:
C′ i,i′ =C i,i′ mod N i =r i m i,i′ mod N i ,
C′ i,i′,q =C′ i,i′ mod q,C′ i,i′,p =C′ i,i′ mod p,
Figure BDA0002831577560000205
wherein p is -1 p≡1mod q,q -1 q≡1mod p。
c′ 1,1 =99012988245644473033857380649103137734753936603545679474924795306679570811315398402158061790180725826689843540888655451541315232102474410786500501075678725907883627102493707068224614908600042976779284455555694257746265500251981431638703330376425932405160613354730230199660698345710289976096944430371437249132;
c′ 1,1,q =9126740475323640325852091455498347479177522472206963638123559063160078629081823420810773198584369315728984013568269544644424700378617282951959238830710759;
c′ 1,1,p =3578990704873225128548092655029143716438666524188291852982441006160425293070907422282781513161286241989024496335976337254852674502582089248875288118307955;
c″ 1,1 =1069064672760692832732501460985861770466446563968473488194194752026254888694450099483982030266664312662329441123239704924145274684765378636757752542514271197562565121795238390469414830741837294277763649019685254902136154620507013568561883291556104230633088295725331225522092001987842472339866275186154400850923424946138762395150896008765893382236275598005032864039416874699813391820776074239096637186349133516210586928094980532072691285906090234325157998184659386398364729917450473652125762399843130273645050038774082814375034645898857050521287696997583913039805797760245216288568232168346885875331795314576006604006;
c′ 1,2 =35373955255387402147591282253793164980296328039384653488654706457386091669205323452546959182799738120275992054247907799616937765466726106708437260926744428647648467322558448474924079315092154813962517471414658069419049889996567566658882855481499575018199130010011161888869028937803758483731332715349074263802;
c′ 1,2,q =3443298406163950839696609461706106079833702529404178502142019061265164568675331507353786606053847853139489029250099609732145657098994200390194219008358453;
c′ 1,2,p =2325242018054715551971600491324216044975268883906251459180297997809449414554195631385486601434545938034579351277464156484302059364357344967479545396265897;
c″ 1,2 =594951280982868508860287282456754130083577615984792850349408828332814748710962997284694112523172689044927406892645370853747224701723707183730641451725891770318046433332598229626126492414762266799114330634149013079257542604291602710136395263220153936959416047748324460751261651093132335741700481290395800194476330046531944902052258317468195841777042946769919312328408067373019281787779548599839921916109993177232113440324458493198338007570775732810922487527715135850872248426673510619240121762719345984335102496552471559220306720398807967968367295595671951216333848848102329939426271072239663898780377526732177405735;
c′ 1,3 =27962672981310285554705473879832164761055950639884023166740493267329166223875566948792055255330985920287431862851363413218209466049084893857767443532182996282716510269442528296187600023037880837455306998719686277608491863948112129594394894886768405070551482198223769703339381428460628100513320516368894004741;
c′ 1,3,q =8381403286699895262520564722813668870273031250221493967937866615985551324333483092835087336905912893170402492411715775341490488677103454741075080779600415;
c′ 1,3,p =5405330369569297392164786230480200501344207363559932982221110478152542013020569373313868823306838842531379047000768747610712683354086086811007568742502464;
c″ 1,3 =5630644743681323743469407404665119821900300545909072446417725068794015462308472359220318933221775810878744332788070250129583336210524426275809891028303561485059152474300030100902575071679239836694554682905374004596127542006734078833465315966855307215821375734005126213715288383337201505908868237501013018064791475736452363501274376662659517172662301140632209140878920850453778598075737285225867308214754950766126596934048908033253620345567275767051947536367344855452060021758646554069776059715559269863595476275794295544939572899161814013198467533277762804915068080418561296428540612884620731807919413382956921549418;
c′ 2,1 =69507926157512260135230644956492319478599667940565699837408944524536070836705331485198969681407642474096934452033035339724508961824795091673282896292203499665563341789987144692337278327724699589679961659794381676965512803662235412844895609858691045145626461870241222760688494476735710499300543523512363128289;
c′ 2,1,q =538120908132915408524259904628078378522237275229379429741744922177876520131192561802475739697384831096598191227610528376989811507011459083414754753881465;
c′ 2,1,p =2124444927527445451581899294081578841112025017343631863196824365701660791462351293142311931563129081743751880650089103670825507640228179614643324648903466;
c″ 2,1 =2453582992626680856145935567896939853106822815921294097779356128687768820494283300710137417872967111687099141094299334132681420862657116621158422218011534325037371375923290550205510569523494759494361401545239509446085830247320167341808528904374129018553799899000038039174444941284366554368440090553284689347000170160203743103782302786392957733280976530818026901745919762004395908121293037896695281028160268143737282859998734347765336743535231304095876659703821694797368964409472252393679992217777000774922403081089667786425369914223921811251609065084605072527078119221641470785318655015412505824676712142766915314086;
c′ 2,2 =73748407340119280059674392133433289912968617632862111933519531137277349449023042211580624495060397094832580008008213085466643674645683241087015342380191539774269810554418039384995519917077558711935403041073040473452918237240762881731682890891565108962341684239975910325128576251409908853609012010565587114936;
c′ 2,2,q =168789613685972750904755293185793938205002801730049256195922766155783061970928689782460045242941491646053231719991690631527805399965921613044992912569662;
c′ 2,2,p =4861026624949152574350829199441697249882478016616055733498787258386210710910658766747602117000359893561227879937332071194153826999419017666139256849761726;
c″ 2,2 =6324694815720361140229012940586813234741463667054026318778537021923484820841007090288612567967118357351037657624147076701988834941508984601915906757994465031771581109620797034227315386501821483960496100959758484796633056194916455725595271730647708048778916791620481191729270101790207199674161690584226037748773303767210837304887797820994105273693102438062125190287303159709066878168800907438236938342983048673325920829355961809675795050086019488578890261053082700022184976952058216020063194830396522525073699580465640955159536178046123472159910281564763730088673557490894467824418720468421159872747394076090440945902;
The cryptographic service provider then uses a cryptographic hash function to compute:
Figure BDA0002831577560000231
Figure BDA0002831577560000232
finally, the cryptographic service provider sends C CsP =({C″ i,i′ (i=1,2,…,n S ,i′=1,2,…,n i )},C′ rec,csp ) To the cloud server.
Cloud server receives C CSP Then, a priori calculate
Figure BDA0002831577560000233
Figure BDA0002831577560000234
If yes, the cloud server randomly generates a prime number r epsilon {0,1}
r=11878026336293554905333519624429340715515873170118700190707927333589167324001983810392766289874817422932065670432888891800952956989607955932713513775788367666390562201932938381891085660960696448840501720631565264131437227298233503184634553401948413076680324158339942863389400590297214548923516362829331868028;
And calculates:
Figure BDA0002831577560000241
Figure BDA0002831577560000242
C″ i,i′,SER =rC″ i,i′,ser =18725509054486208790765335936945421318033565874923140747577739921387460916236243836844882857172586276882181436048833971572221094727101420454201914250920064619273961646000001424241628801090561699422963689989036078741903476469576492870235837171931035145046742165517648692705339881575712364212656884574525937785791063077258654935047115105095666896433376127295883518788903843501333088673630940451390444100167316188784114805795854746656404422850224847865547053767223095168407757932231579920375192297999935234818508889024842829549179162929838084039991669986998837208459610958502052726507595227595459964273723861586345851620;
memory polynomial
Figure BDA0002831577560000243
One of them is
Figure BDA0002831577560000244
Computing
Figure BDA0002831577560000245
Figure BDA0002831577560000246
Figure BDA0002831577560000251
Figure BDA0002831577560000252
And will be
Figure BDA0002831577560000253
To a cryptographic service provider. Cryptographic service provider receipt
Figure BDA0002831577560000254
Then, checking
Figure BDA0002831577560000255
Figure BDA0002831577560000256
And (3) if true, calculating:
Figure BDA0002831577560000257
Figure BDA0002831577560000258
Figure BDA0002831577560000259
and will be
Figure BDA00028315775600002510
Sending to a cloud server, and finally computing by the cloud server
Figure BDA00028315775600002511
Figure BDA00028315775600002512
Figure BDA0002831577560000261
Figure BDA0002831577560000262
Then will be
Figure BDA0002831577560000263
And sending the data to a receiving party.
Step five: data decryption
a) The receiving party receives C F After that, the air conditioner is started to work,first use unidirectional trapdoor inverse permutation
Figure BDA0002831577560000264
Figure BDA0002831577560000265
Figure BDA0002831577560000266
Then, checking:
Figure BDA0002831577560000267
Figure BDA0002831577560000268
Figure BDA0002831577560000269
all are true, continue to calculate:
Figure BDA00028315775600002610
and after checking calculation, the calculation result is consistent with the calculation result on the plaintext, and the scheme is verified to be correct. The above example describes only performing a multivariate polynomial outsourcing computation on 5 pieces of data for 2 data owners. Through the embodiment, the method supports ciphertext outsourcing computation of any number of users and any number of data on any multivariate polynomial.
The invention is further described and not intended to be limited to the details shown, since equivalent implementations of the invention are within the scope and range of equivalents of the claims. The present invention is not limited to the above embodiments, and variations and advantages that can be realized by those skilled in the art are included in the present invention without departing from the spirit and scope of the inventive concept, and the scope of the present invention is defined by the appended claims.

Claims (5)

1. A lightweight multi-user multi-data all-homomorphic data encryption packaging method is characterized in that an outsourcing calculation method of one-way trapdoor replacement and a Hash function and a homomorphic configuration of multi-user multi-keys are adopted, so that privacy protection of multiple users and each user with multiple input data and independent encryption keys is realized, and outsourcing calculation and decryption specifically comprise the following steps:
system initialization
Under the given safety parameters, the system respectively sends public and private keys of a pair of one-way trapdoor replacement and inverse replacement and three pairs of trapdoor replacement generated by the trapdoor replacement generator to a cloud server, a password service provider and a receiver to generate two hash functions, and discloses three public keys and two hash functions, wherein the three private keys are respectively stored by the cloud server, the password service provider and the receiver;
(II) Key Generation
Each data holder generating a set of keys for encrypting input data; the cryptographic service provider generates a set of keys for re-encryption;
(III) data encryption
A data holder encrypts and encapsulates all input data held by the data holder by using a key of the data holder, encrypts the key of the data under public keys of a cloud server and a password service provider respectively by using one-way trapdoor replacement, and then selects a random number to blindly encrypt the data; meanwhile, a hash function is used for abstracting all ciphertext input data, and an input data encryption result is sent to a cloud server;
(IV) data outsourcing computation
The cloud server performs various outsourcing function calculations of addition, multiplication and formation on data on a ciphertext domain by using ciphertext input data sent by all data holders and a password service provider together, and sends a ciphertext calculation result to a receiving party, wherein the specific operation steps of the data outsourcing calculation are as follows:
a) Let the polynomial of the outsourcing computation be:
Figure FDA0003815155150000011
the order of the polynomial is: deg F =max(e 1 ,e 2 ,…,e n ) Wherein:
Figure FDA0003815155150000012
n S indicating the number of senders; n is a radical of an alkyl radical i (i=1,…,n S ) Indicating the amount of input data held by sender i;
b) Cloud server receiving
Figure FDA0003815155150000021
Then, using one-way trapdoor inverse permutation calculation
Figure FDA0003815155150000022
And checking and calculating
Figure FDA0003815155150000023
If yes, the cloud server sends C i,i′ ,C i,csp ,C′ i,csp Sending the information to a password service provider, otherwise, terminating the protocol by the cloud server;
c) The cryptographic service provider will receive C i,i′ ,C i,csp ,C′ i,csp Then, using one-way trapdoor inverse permutation calculation
Figure FDA0003815155150000024
And verify
Figure FDA0003815155150000025
If it is not, the cryptographic service provider stops the agreement, if it is, the cryptographic service provider selects a random number r i,csp ∈{0,1} And each cipher text is re-encrypted according to the following formulas 5 to 7:
C′ i,i′ =C i,i′ mod N i =r i m i,i′ mod N i , (5);
C′ i,i′,q =C′ i,i′ mod q,C′ i,i′,p =C′ i,i′ mod p, (6);
Figure FDA0003815155150000026
wherein: p is a radical of -1 p≡1 mod q,q -1 q≡1 mod p;
d) The cryptographic service provider performs the calculation of the cryptographic hash function according to the following equation 8:
Figure FDA0003815155150000027
and mix C CSP =({C″ i,i' (i=1,2,…,n S ,i'=1,2,…,n i )},C' rec,csp ) Sending the calculation result to the cloud server:
e) Server receives C CSP Post-inspection
Figure FDA0003815155150000028
If not, terminating the protocol, if not, then the server randomly selects a prime number r belonging to {0,1} And calculate
Figure FDA00038151551500000215
C″ i,i′,SER =rC″ i,i′,ser Wherein: λ is a safety parameter;
memory polynomial
Figure FDA0003815155150000029
One of them is
Figure FDA00038151551500000210
Computing
Figure FDA00038151551500000211
And will be
Figure FDA00038151551500000212
Sending to a cryptographic service provider;
f) Cryptographic service provider receipt
Figure FDA00038151551500000213
Then, checking
Figure FDA00038151551500000214
If the answer is not true, the protocol is terminated, and if true, the following equations 9 to 11 are calculated:
Figure FDA0003815155150000031
Figure FDA0003815155150000032
Figure FDA0003815155150000033
and will be
Figure FDA0003815155150000034
Sending the data to a cloud server;
g) Cloud server computing
Figure FDA0003815155150000035
And then will
Figure FDA0003815155150000036
Sending the data to a receiver;
(V) data decryption
And the receiver decrypts the data encryption key by using the private key replaced by the one-way trapdoor, and decrypts the outsourcing calculation result on the ciphertext to obtain a plaintext calculation result.
2. The method for encrypting and encapsulating lightweight multi-user multiple data in fully homogeneous state according to claim 1, wherein the specific operation steps of the system initialization are as follows:
a) Input 1 λ Wherein: λ is a safety parameter;
b) Probability polynomial time algorithm operated under given safety parameter of system
Figure FDA0003815155150000037
Output a set of {0,1} Function (f, f) of -1 ) Three pairs of public and private keys (pk) f,ser ,sk f,ser ),(pk f,csp ,sk f,csp ) And (pk) f,rec ,sk f,rec ) And two hash functions H 0 ,H 1 The generated common parameters are: PPR = (pk) f,ser ,pk f,csp ,pk f,rec ,H 0 ,H 1 ) (ii) a The secret parameters are: SK = (SK) f,ser ,sk f,csp ,sk f,rec ) The secret parameters are respectively kept by the cloud server, the encryption service provider and the receiver; the hash function H 0 ,H 1 Has a mapping range of {0,1} * →{0,1} In which H 0 ,H 1 Represents the mapping range as 0,1 * →{0,1} The hash function of (1); PPR = (pk) f,ser ,pk f,csp ,pk f,rec ,H 0 ,H 1 ) Indicating the published parameters.
3. The method for encrypting and encapsulating lightweight multi-user multiple data in fully homogeneous state according to claim 1, wherein the key generation specifically comprises the following steps:
a) The system initializes a plaintext space size N 0 And sets the plaintext space to
Figure FDA0003815155150000038
b) Each sender i randomly selectsTaking four large prime numbers p i ,q i ,s i ,v i Wherein: | p i |=|q i |=|s i |=|v i L = λ, such that p i q i =N i ≥N 0 Let T i =p i q i s i ,Y i =p i q i s i v i The temporary public key of the sender i is recorded as pbk i =Y i The temporary private key is pvk i =(p i ,q i ,s i ,v i ,T i );
c) The cryptographic service provider randomly selects four large prime numbers p, q, s, v, where: p | = | q | = | s | = | v | = λ, so that pq = N ≧ N 0 Let T = pqs, Y = pqsv, let pbk = T be the temporary public key provided by the cryptographic service, and let pvk = (p, q, s, v, N, T) be the temporary private key, where p is i ,q i ,s i ,v i Representing four large prime numbers selected by each sender i; pbk i =Y i =p i q i s i v i A temporary public key representing the sender i; pvk i =(p i ,q i ,s i ,v i ,T i ) A temporary private key representing sender i; p, q, s, v represents that the cryptographic service provider CSP randomly selects four large prime numbers; pbk = Y = pqs denotes the temporary public key of the cryptographic service provider CSP; pvk = (p, q, s, v, N, T) represents the temporary private key of the cryptographic service provider CSP.
4. The method for encrypting and encapsulating the fully homomorphic data of the lightweight multi-user multi-data according to claim 1, wherein the specific operation steps of the data encryption and encapsulation are as follows:
a) Sender i generates n i A plaintext data m i,i′ (i=1,2,…,n S ;i′=1,2,…,n i ) Each of
Figure FDA0003815155150000041
All in the plaintext space, for each plaintext, m is calculated i,i′,p =m i,i′ mod p,m i,i′,q =m i,i′ mod q;
b) Sender i calculation
Figure FDA0003815155150000042
So that
Figure FDA0003815155150000043
Randomly selecting a prime number r i ∈{0,1} And n is i A blinding factor r i,i′ ∈{0,1} Respectively using public keys of a server and a password service provider to perform one-way trap door replacement calculation according to the following formula 1:
Figure FDA0003815155150000044
for each piece of data m i,i′ The one-way trapdoor replacement calculation is carried out according to the following formula 2:
Figure FDA0003815155150000045
c) Sender i uses a cryptographic hash function H 0 And (3) performing one-way trap door replacement calculation according to the following formulas 3 to 4:
Figure FDA0003815155150000046
Figure FDA0003815155150000047
d) The sender i will
Figure FDA0003815155150000051
Sent to the cloud server, where H 0 Represents a mapping range of {0,1} * →{0,1} The hash function of (1).
5. The method for encrypting and encapsulating lightweight multi-user multiple data in fully homogeneous state according to claim 1, wherein the data decryption comprises the following specific operation steps:
a) The receiving party receives C F And then performing the inverse displacement calculation of the one-way trap door according to the following formula 12:
Figure FDA0003815155150000052
then checking
Figure FDA0003815155150000053
If the answer is not true, the protocol is terminated, and if the answer is true, the protocol is calculated according to the following formula 13:
Figure FDA0003815155150000054
CN202011448937.7A 2020-12-11 2020-12-11 Lightweight multi-user multi-data all-homomorphic data encryption packaging method Active CN112737764B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011448937.7A CN112737764B (en) 2020-12-11 2020-12-11 Lightweight multi-user multi-data all-homomorphic data encryption packaging method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011448937.7A CN112737764B (en) 2020-12-11 2020-12-11 Lightweight multi-user multi-data all-homomorphic data encryption packaging method

Publications (2)

Publication Number Publication Date
CN112737764A CN112737764A (en) 2021-04-30
CN112737764B true CN112737764B (en) 2023-02-03

Family

ID=75599588

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011448937.7A Active CN112737764B (en) 2020-12-11 2020-12-11 Lightweight multi-user multi-data all-homomorphic data encryption packaging method

Country Status (1)

Country Link
CN (1) CN112737764B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113783682B (en) * 2021-08-25 2023-09-29 华东师范大学 Packaging-supporting threshold full homomorphic data packaging method
CN114499822B (en) * 2021-12-27 2024-05-14 上海海洋大学 Efficient outsourcing aggregation and appointed acquisition method for multi-source data
CN115442134B (en) * 2022-09-02 2024-05-07 暨南大学 Multi-key multiparty security calculation method based on homomorphic bidirectional proxy re-encryption
CN117640066B (en) * 2024-01-26 2024-04-05 北京隐算科技有限公司 Multi-user joint encryption and decryption method based on homomorphic encryption

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105721485A (en) * 2016-03-04 2016-06-29 安徽大学 Secure nearest neighbor query method for multiple data owners in outsourcing cloud environment
WO2016141860A1 (en) * 2015-03-09 2016-09-15 Jintai Ding Hybrid fully homomorphic encryption (f.h.e.) systems
CN109936435A (en) * 2019-01-24 2019-06-25 中国人民武装警察部队工程大学 With the quick full homomorphic cryptography method of homomorphism calculating process NTRU type multi-key cipher
CN109936530A (en) * 2017-12-16 2019-06-25 河南师范大学 Secret key sharing method based on cloud outsourcing and access control system thereof
CN110176983A (en) * 2019-05-22 2019-08-27 西安电子科技大学 Privacy protection association rule mining based on full homomorphic cryptography
CN110851845A (en) * 2019-10-18 2020-02-28 华东师范大学 Light-weight single-user multi-data all-homomorphic data packaging method
CN111698078A (en) * 2020-06-13 2020-09-22 中国人民解放军国防科技大学 Cloud outsourcing data privacy protection frequent item mining method based on double cloud models

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120002811A1 (en) * 2010-06-30 2012-01-05 The University Of Bristol Secure outsourced computation
CN108200063B (en) * 2017-12-29 2020-01-03 华中科技大学 Searchable public key encryption method, system and server adopting same

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016141860A1 (en) * 2015-03-09 2016-09-15 Jintai Ding Hybrid fully homomorphic encryption (f.h.e.) systems
CN105721485A (en) * 2016-03-04 2016-06-29 安徽大学 Secure nearest neighbor query method for multiple data owners in outsourcing cloud environment
CN109936530A (en) * 2017-12-16 2019-06-25 河南师范大学 Secret key sharing method based on cloud outsourcing and access control system thereof
CN109936435A (en) * 2019-01-24 2019-06-25 中国人民武装警察部队工程大学 With the quick full homomorphic cryptography method of homomorphism calculating process NTRU type multi-key cipher
CN110176983A (en) * 2019-05-22 2019-08-27 西安电子科技大学 Privacy protection association rule mining based on full homomorphic cryptography
CN110851845A (en) * 2019-10-18 2020-02-28 华东师范大学 Light-weight single-user multi-data all-homomorphic data packaging method
CN111698078A (en) * 2020-06-13 2020-09-22 中国人民解放军国防科技大学 Cloud outsourcing data privacy protection frequent item mining method based on double cloud models

Also Published As

Publication number Publication date
CN112737764A (en) 2021-04-30

Similar Documents

Publication Publication Date Title
CN112737764B (en) Lightweight multi-user multi-data all-homomorphic data encryption packaging method
CN104168108B (en) It is a kind of to reveal the traceable attribute base mixed encryption method of key
Das Secure cloud computing algorithm using homomorphic encryption and multi-party computation
WO2018104412A1 (en) Method of rsa signature or decryption protected using a homomorphic encryption
JP2016036166A (en) System and method for designing secure client-server communication protocols based on certificateless public key infrastructure
CN110851845B (en) Full homomorphic data encapsulation method for lightweight single-user multi-data
CN115549891B (en) Homomorphic encryption method, homomorphic decryption method, homomorphic calculation method and equipment
Agarwal et al. A survey on cloud computing security issues and cryptographic techniques
CN114095170A (en) Data processing method, device, system and computer readable storage medium
Khatarkar et al. A survey and performance analysis of various RSA based encryption techniques
CN106850584B (en) Anonymous authentication method facing client/server network
Kumar et al. Privacy preserving data sharing in cloud using EAE technique
CN115336224A (en) Adaptive attack-resistant distributed symmetric encryption
CN114362912A (en) Identification password generation method based on distributed key center, electronic device and medium
Mateescu et al. A hybrid approach of system security for small and medium enterprises: Combining different cryptography techniques
CN115865313A (en) Lightweight privacy protection longitudinal federal learning model parameter aggregation method
Gobi et al. A comparative study on the performance and the security of RSA and ECC algorithm
Chavan et al. Data transmission using RSA algorithm
CN114070550B (en) Information processing method, device, equipment and storage medium
KR102304831B1 (en) Encryption systems and method using permutaion group based cryptographic techniques
Basu et al. Secured hierarchical secret sharing using ECC based signcryption
CN113783682B (en) Packaging-supporting threshold full homomorphic data packaging method
Prabu et al. Ultra secure secret communication by crypto stegano techniques for defence applications
Nguyen et al. Developing Secure Messaging Software using Post-Quantum Cryptography
Jain Enhancing security in Tokenization using NGE for storage as a service

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant