CN113114461A - N-time public key compression method for integer homomorphic encryption - Google Patents
N-time public key compression method for integer homomorphic encryption Download PDFInfo
- Publication number
- CN113114461A CN113114461A CN202110336750.6A CN202110336750A CN113114461A CN 113114461 A CN113114461 A CN 113114461A CN 202110336750 A CN202110336750 A CN 202110336750A CN 113114461 A CN113114461 A CN 113114461A
- Authority
- CN
- China
- Prior art keywords
- public key
- integer
- encryption
- homomorphic encryption
- beta
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 29
- 230000006835 compression Effects 0.000 title claims abstract description 26
- 238000007906 compression Methods 0.000 title claims abstract description 26
- 239000013598 vector Substances 0.000 claims abstract description 14
- 230000008569 process Effects 0.000 claims description 5
- 230000000750 progressive effect Effects 0.000 claims description 4
- 238000004364 calculation method Methods 0.000 abstract description 5
- DHHFDKNIEVKVKS-FMOSSLLZSA-N Betanin Chemical group O[C@@H]1[C@@H](O)[C@H](O)[C@@H](CO)O[C@H]1OC(C(=C1)O)=CC(C[C@H]2C([O-])=O)=C1[N+]2=C\C=C\1C=C(C(O)=O)N[C@H](C(O)=O)C/1 DHHFDKNIEVKVKS-FMOSSLLZSA-N 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 239000001654 beetroot red Substances 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/008—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3006—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
- H04L9/3033—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters details relating to pseudo-prime or prime number generation, e.g. primality test
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Theoretical Computer Science (AREA)
- Complex Calculations (AREA)
Abstract
The invention provides an n-time public key compression method for integer homomorphic encryption, which expands the generation of a public key in an integer homomorphic encryption scheme to an n-time form, and reduces the number of integer elements of a stored public key. The invention generates the public key required by encryption by calculating the public key integer element in the public key vector pk, namely the actually stored public key integer element is not used in encryption but the public key used in real encryption is obtained by calculation, thus reducing the number of the public key integer elements during storage and realizing the compression of the size of the public key. Public key passing calculation in encryption
Description
Technical Field
The invention relates to an n-time public key compression method, in particular to an n-time public key compression method suitable for integer homomorphic encryption.
Background
The document "Coron J S, Mandal A, Naccache D, et al. Fully homomorphic encryption over the integrators with short public key [ C]//Proc of the 31stInternational Conference on Advances in cryptography. Berlin Springer,2011:487- "504" discloses a method for optimizing warpingThe public key compression technical scheme of the digital homomorphic encryption public key size. The scheme provides a public key compression scheme aiming at the problems of overlarge size and low efficiency of the existing full homomorphic encryption scheme on the integer, the scheme changes the integer element of the public key from a linear form to a quadratic form, and the length of the public key is compressed to the length of the public key through proper parameter selectionWherein λ is a safety parameter, λ ═ 2kAnd k is a positive integer. The scheme compresses the public key length of the integer homomorphic encryption scheme, but the compression degree is limited, and the public key size is compressed toStill too large, therefore, the operation efficiency is not greatly improved, and it is still difficult to be applied in practice.
Disclosure of Invention
In order to solve the problem of low scheme operation efficiency caused by overlarge size of a public key of an integer homomorphic encryption scheme, the invention provides an n-time public key compression method of integer homomorphic encryption.
The technical solution of the present invention is described below:
the n-time public key compression method for integer homomorphic encryption comprises the following steps:
step 1: generating a private key p and an encryption modulus x0:
Generating a private key p: p is a randomly generated large prime number of length eta bits, p is in the range of [2 ]η-1,2η);
Generating an encryption modulus x0:x0=q0P, whereinIs an integer ring, gamma denotes the public key integer element xiBit length of (c), symbol "←"The meaning of (A) is: the expression "a ← B" denotes the random selection of an element a from the set B;
step 2: generating other public key elements x in a public key vectori,b:
For 1 ≦ i ≦ β, 1 ≦ b ≦ n, generating integer xi,b:
xi,b=ri,b+pqi,b
Where n, beta represent the public key integer element xi,bThe number of the (c) is,ri,bis random noise interference;
xi,band the encryption modulus x generated in step 10Together, the public key pk:
pk=(x0,x1,1,…,x1,n,x2,1,…,x2,n,x3,1…x3,n,…,xβ,1,…,xβ,n)
and step 3: and (3) encryption process:
Wherein 1 is less than or equal to i1,i2,…,inBeta is not more than beta, tau and beta satisfy tau ═ betan;
where m is the plaintext to be encrypted, the encryption is performed in bits, and r is the noise interference.
Further, random noise interferenceWhere ρ is a noise parameter representing random noise interference ri,bThe bit length of (c).
Further, in the random coefficient vector b, i is more than or equal to 11,i2,…,inNot more than beta andα represents the bit length of an integer in the random coefficient vector b, and α · βnAnd gamma + omega (log lambda) to make the residual hash lemma satisfy the constraint condition of approximate greatest common divisor problem.
Further, the noise interference r is larger than (-2)ρ′,2ρ′) ρ 'is a second noise parameter representing the bit length of the noise disturbance r, and ρ' ≧ α + n ρ + ω (log λ), where ω (-) represents the asymptotically tight lower bound.
Further, q is0Is not prime factor included and is less thanFor resisting prime number traversal attacks; where λ represents a security parameter of a homomorphic encryption scheme, λ ═ 2kAnd k is a positive integer.
Further, the bit length eta of the private key p is larger than or equal to rho theta (lambda log)2Lambda), supporting enough circuits of deep homomorphic operation to satisfy the operation of the 'compression decryption circuit'; where Θ (·) represents the progressive tight bound; and eta is more than or equal to npp + alpha +2+ nlog beta, so as to ensure the correct decryption of the ciphertext.
Further, the noise parameter ρ ═ ω (log λ) prevents brute force estimation of public key random integers.
Further, the public key integer element xiThe bit length gamma of ≧ omega (eta)2log λ) to a lattice-based multi-angle attack on the approximate greatest common divisor problem.
Furthermore, the invention also provides an encryption device, wherein the device adopts integer homomorphic encryption and adopts a public key compression method for n times in the integer homomorphic encryption.
Advantageous effects
The invention has the beneficial effects that: the invention expands the generation of the public key in the integer homomorphic encryption scheme to a form of n times, thereby reducing the number of integer elements of the stored public key. The public key required by encryption is generated through calculation of the integer element of the public key in the public key vector pk, namely the actually stored integer element of the public key is not used during encryption, but the public key used during real encryption is obtained through calculation, so that the number of the integer elements of the public key is reduced during storage, and the compression of the size of the public key is realized. Public key passing calculation in encryptionWhen the public key pk is stored, n beta public key elements are used for replacing original tau public key integer elements, so that the purpose of reducing the number of the public key integer elements is achieved, and the size of the public key is reduced. Reference "Coron J S, Mandal A, Naccache D, et al. Fully homomorphic encryption over the integrators with short public key [ C]//Proc of the 31stIn International Conference on Advances in cryptography. Berlin, Springer,2011, 487-Making it more suitable for use in cloud computing applications.
Additional aspects and advantages of the invention will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the invention.
Detailed Description
In the following, a detailed description is given of an n-time public key compression method applicable to integer homomorphic encryption, and first we define symbols and parameters that may be used in the method, unless otherwise specified, the algorithm in the method is based on binary operation, and the logarithmic operation is also based on a base-2 logarithmic operation.
For a real number x, the number x,andrespectively, for a real number z and an integer p, qp(z) denotes the quotient of z divided by p, rp(z) represents the remainder of z divided by p. If f (λ) ═ O (g (λ) log)kg (λ)), f (λ), and g (λ) are functions with respect to λ, O (-) represents a function progression, k ∈ N, N is a set of natural numbers, thenProgressive symbolsRepresenting an infinite number of orders.
λ represents a security parameter of the homomorphic encryption scheme, λ ═ 2kK is a positive integer;
gamma denotes the public key integer element xiI is more than or equal to 0 and less than or equal to tau;
τ denotes a public key integer element xiτ is a positive integer;
n, beta represent the public key integer element xi,bI is more than or equal to 1 and less than or equal to beta, b is more than or equal to 1 and less than or equal to n;
η represents the bit length of the private key p;
ρ represents a noise parameter representing the random noise interference r when generating the integer element of the public keyi,bThe bit length of (d);
ρ' is a second noise parameter indicating the bit length of the random noise interference r used by the encryption process;
alpha represents the bit length of an integer in a random coefficient vector b used for increasing the randomness of a public key in the encryption process;
wherein, λ, γ, τ, n β, η, ρ, ρ', α are all positive integers.
In the prior art, the public key vector pk is (x)0,x1…,xτ) Of the form public key integer element x stored in a public key vectoriI is more than or equal to 1 and less than or equal to tau, and tau is obtained, the public key integer elements are generated by using n-order form, and the public key integer elements are xi,bI is more than or equal to 1 and less than or equal to beta, b is more than or equal to 1 and less than or equal to n, and only n beta integers x are storedi,bCan generate tau public key integersAs a public key.
The integer homomorphic encryption method provided by the invention is established on the problem of non-interference approximate maximum common divisor, the problem of non-interference approximate maximum common divisor is called non-interference approximate maximum common divisor hypothesis, and can be expressed as p, p is E [2 ]η-1,2η) P is a large prime number with the length of eta bits generated randomly, and x is calculated0=q0P, wherein Is an integer ring, q0Is not prime factor included and is less thanIs an integer of (1). For two specified integers p and q0Giving a distribution
In formula (1), q ← [0, q)0),From distributionIn the randomly drawn polynomial samples and x0By these sample sums x0Solving for the large prime p of η bits is extremely difficult and computationally infeasible.
In order to ensure the security of the n-time public key compression method for integer homomorphic encryption, the following restrictions are made on the parameters:
ρ ═ ω (log λ), ω (-) denotes a non-progressive tight lower bound in order to prevent brute force estimation of public key random integers;
η≥ρ·Θ(λlog2λ), in order to support enough circuit depth homomorphic operations to satisfy the operation on the "compression decryption circuit", Θ (·) represents a progressive tight bound;
γ≥ω(η2log λ), dealing with lattice-based multi-angle attacks that approximate the greatest common divisor problem;
α·βngamma + omega (log lambda) or more, in order to make the remaining hash lemma satisfy the constraint condition of the approximate greatest common divisor problem;
eta is not less than npp + alpha +2+ nlog beta, in order to ensure the correct decryption of the ciphertext;
ρ' ≧ α + n ρ + ω (log λ) as a condition satisfied by the second noise parameter.
Based on the above setting, the following four specific processes of key generation, encryption, ciphertext operation and decryption are given:
1. and (3) key generation:
generating a private key firstly: p is a large prime number with length of eta bits generated randomly, and p belongs to [2 ]η-1,2η)。
The public key pk is then generated: generating an encryption modulus x0Calculating x0=q0P, whereinInteger ring, q0Is not prime factor included and is less thanInteger of (1), pair q0The limitation of (2) is to be able to resist prime traversal attacks. Wherein "←" means: the expression "a ← B" denotes an element a randomly selected from the set B.
For 1 ≦ i ≦ β, 1 ≦ b ≦ n, generating integer xi,b:
xi,b=ri,b+pqi,b (2)
WhereinRandom noise interferencexi,bAnd a previously generated encryption modulus x0Together forming a public key, public key pk is then expressed as:
pk=(x0,x1,1,…,x1,n,x2,1,…,x2,n,x3,1…x3,n,…,xβ,1,…,xβ,n) (3)
from equation (3), it can be seen that the public key pk is different from the encryption modulus x0Other public key elements than xi,bI is more than or equal to 1 and less than or equal to beta, b is more than or equal to 1 and less than or equal to n, and the number of integer elements of the public key is n beta + 1.
2. Encryption:
m is a plaintext to be encrypted, the plaintext is encrypted according to bits, and the plaintext space is m E {0, 1 }.
By xi,bI is more than or equal to 1 and less than or equal to beta, b is more than or equal to 1 and less than or equal to n, and calculating tau public key integers
In the formula (4), i is more than or equal to 11,i2,…,inBeta, tau and beta are less than or equal toFoot tau ═ betanIn this scheme, n is log λ.
Generating random coefficient vectorsWherein 1 is less than or equal to i1,i2,…,inNot more than beta andτ=βnnoise interference r ∈ (-2)ρ′,2ρ′)。
And (4) calculating a ciphertext c:
in the formula (5), for all i is more than or equal to 1 and less than or equal to beta, b is more than or equal to 1 and less than or equal to n, x0=q0·p,q0Is not prime factor included and is less thanThe number of the integer (c) of (d),p is a randomly generated large prime number of length eta bits, p is in the range of [2 ]η-1,2η)。
3. And (3) ciphertext operation:
given a circuit C (binary circuit) with t input bits and t ciphertexts Ci(1. ltoreq. i.ltoreq.t) t is a positive integer, ciAll addition and multiplication operations are performed on integers by all addition and multiplication gate circuits of circuit C and the final integer C' is returned as the result.
4. And (3) decryption:
outputting the decrypted plaintext m:
m=(c′mod p)mod 2 (6)
in the formula (5), c' is a ciphertext obtained by ciphertext operation, p is a private key and is a large prime number with the length of eta bit generated in the key generation stage, and p belongs to [2 ]η-1,2η). The final plaintext operation results are as follows:
although embodiments of the present invention have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present invention, and that variations, modifications, substitutions and alterations can be made in the above embodiments by those of ordinary skill in the art without departing from the principle and spirit of the present invention.
Claims (9)
1. An n-time public key compression method for integer homomorphic encryption, characterized in that: the method comprises the following steps:
step 1: generating a private key p and an encryption modulus x0:
Generating a private key p: p is a randomly generated large prime number of length eta bits, p is in the range of [2 ]η-1,2η);
Generating an encryption modulus x0:x0=q0P, wherein Is an integer ring, gamma denotes the public key integer element xiThe symbol "←" means: the expression "a ← B" denotes the random selection of an element a from the set B;
step 2: generating other public key elements x in a public key vectori,b:
For 1 ≦ i ≦ β, 1 ≦ b ≦ n, generating integer xi,b:
xi,b=ri,b+pqi,b
Where n, beta represent the public key integer element xi,bThe number of the (c) is,ri,bis random noise interference;
xi,band the encryption modulus x generated in step 10Together, the public key pk:
pk=(x0,x1,1,...,x1,n,x2,1,...,x2,n,x3,1...x3,n,...,xβ,1,...,xβ,n)
and step 3: and (3) encryption process:
Wherein 1 is less than or equal to i1,i2,...,inBeta is not more than beta, tau and beta satisfy tau ═ betan;
where m is the plaintext to be encrypted, the encryption is performed in bits, and r is the noise interference.
3. A method of n-time public key compression for integer homomorphic encryption according to claim 1 or 2, characterized by: in the random coefficient vector b, i is more than or equal to 11,i2,...,inNot more than beta andα represents the bit length of an integer in the random coefficient vector b, and α · βn≥γ+ω(logλ)。
4. A method of n-time public key compression for integer homomorphic encryption according to claim 3, characterized in that: noise interference r epsilon (-2)ρ′,2ρ′) ρ 'is a second noise parameter representing the bit length of the noise disturbance r, and ρ' ≧ α + n ρ + ω (log λ), where ω (-) represents the asymptotically tight lower bound.
6. The n-time public key compression method for integer homomorphic encryption according to claim 5, wherein: the bit length eta of the private key p is larger than or equal to rho theta (lambda log)2λ), where Θ (·) represents the progressive tight bound and η ≧ npρ + α +2+ nlog β.
7. The n-time public key compression method for integer homomorphic encryption according to claim 6, wherein: the noise parameter ρ ═ ω (log λ) to prevent brute force estimation of public key random integers.
8. The n-time public key compression method for integer homomorphic encryption according to claim 7, wherein: public key integer element xiThe bit length gamma of ≧ omega (eta)2logλ)。
9. An encryption apparatus, characterized in that: the apparatus employs integer homomorphic encryption, and the n-time public key compression method of claim 1 is employed in the integer homomorphic encryption.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110336750.6A CN113114461B (en) | 2021-03-29 | 2021-03-29 | N-time public key compression method for integer homomorphic encryption |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110336750.6A CN113114461B (en) | 2021-03-29 | 2021-03-29 | N-time public key compression method for integer homomorphic encryption |
Publications (2)
Publication Number | Publication Date |
---|---|
CN113114461A true CN113114461A (en) | 2021-07-13 |
CN113114461B CN113114461B (en) | 2022-11-18 |
Family
ID=76712578
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110336750.6A Expired - Fee Related CN113114461B (en) | 2021-03-29 | 2021-03-29 | N-time public key compression method for integer homomorphic encryption |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113114461B (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103916248A (en) * | 2014-04-10 | 2014-07-09 | 东南大学 | Fully homomorphic encryption public key space compression method |
CN104283669A (en) * | 2014-08-25 | 2015-01-14 | 东南大学 | Heavy encryption depth optimization method in fully homomorphic encryption |
US20150180659A1 (en) * | 2013-12-23 | 2015-06-25 | Electronics And Telecommunications Research Institute | Apparatus and method for giving the compressed encryption functionality to integer-based homomorphic encryption schemes |
CN111585743A (en) * | 2020-04-28 | 2020-08-25 | 西安电子科技大学 | Homomorphic encryption public key compression method for many-to-one on integer |
-
2021
- 2021-03-29 CN CN202110336750.6A patent/CN113114461B/en not_active Expired - Fee Related
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20150180659A1 (en) * | 2013-12-23 | 2015-06-25 | Electronics And Telecommunications Research Institute | Apparatus and method for giving the compressed encryption functionality to integer-based homomorphic encryption schemes |
CN103916248A (en) * | 2014-04-10 | 2014-07-09 | 东南大学 | Fully homomorphic encryption public key space compression method |
CN104283669A (en) * | 2014-08-25 | 2015-01-14 | 东南大学 | Heavy encryption depth optimization method in fully homomorphic encryption |
CN111585743A (en) * | 2020-04-28 | 2020-08-25 | 西安电子科技大学 | Homomorphic encryption public key compression method for many-to-one on integer |
Non-Patent Citations (2)
Title |
---|
JEAN-SEBASTIEN CORON: "Fully homomorphic encryption over the integers with shorter public keys", 《P.ROGAWAY(ED.):CRYPTO 2011,LNCS 6841》 * |
庞辽军: "一个单方加密-多方解密的公钥加密方案", 《计算机学报》 * |
Also Published As
Publication number | Publication date |
---|---|
CN113114461B (en) | 2022-11-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US5231668A (en) | Digital signature algorithm | |
Scharinger | Fast encryption of image data using chaotic Kolmogorov flows | |
US8184803B2 (en) | Hash functions using elliptic curve cryptography | |
CN109412786B (en) | Integer cipher text arithmetic operation method based on homomorphic encryption | |
JP5690465B2 (en) | Custom Static Diffie-Hellman Group | |
US20100020964A1 (en) | Key generation method using quadratic-hyperbolic curve group | |
CN112446052B (en) | Aggregated signature method and system suitable for secret-related information system | |
US8331558B2 (en) | Method of cipher block chaining using elliptic curve cryptography | |
Mehibel et al. | A new enhancement of elliptic curve digital signature algorithm | |
WO2009115824A1 (en) | Encryption method | |
CN110798313B (en) | Secret dynamic sharing-based collaborative generation method and system for number containing secret | |
Jasra et al. | Image encryption using logistic-cosine-sine chaos map and elliptic curve cryptography | |
CN113114461B (en) | N-time public key compression method for integer homomorphic encryption | |
CN116094716A (en) | Text encryption and decryption method, system and equipment based on elliptic curve cryptography | |
US20130058483A1 (en) | Public key cryptosystem and technique | |
WO2002091664A1 (en) | Ring-based signature scheme | |
Wang et al. | Signature schemes based on two hard problems simultaneously | |
Matyas et al. | Reversible data mixing procedure for efficient public-key encryption | |
JP2018092010A (en) | Encryption device and encryption method, encryption program, key generation device, key generation method, and key generation program | |
Soleymani et al. | A binary grouping approach for image encryption based on elliptic curves over prime group field | |
WO2003013052A1 (en) | Cryptosystems based on non-commutatity | |
You et al. | Secure two-party computation approach for ntruencrypt | |
CN117527223B (en) | Distributed decryption method and system for quantum-password-resistant grid | |
Xu | The advance of digital signature with quantum computing | |
Irawadi | Discrete Logarithmic Improvement for ElGamal Cryptosystem Using Matrix Concepts |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20221118 |
|
CF01 | Termination of patent right due to non-payment of annual fee |