CN113114461B - N-time public key compression method for integer homomorphic encryption - Google Patents
N-time public key compression method for integer homomorphic encryption Download PDFInfo
- Publication number
- CN113114461B CN113114461B CN202110336750.6A CN202110336750A CN113114461B CN 113114461 B CN113114461 B CN 113114461B CN 202110336750 A CN202110336750 A CN 202110336750A CN 113114461 B CN113114461 B CN 113114461B
- Authority
- CN
- China
- Prior art keywords
- public key
- integer
- encryption
- homomorphic encryption
- beta
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000000034 method Methods 0.000 title claims abstract description 28
- 230000006835 compression Effects 0.000 title claims abstract description 26
- 238000007906 compression Methods 0.000 title claims abstract description 26
- 239000013598 vector Substances 0.000 claims abstract description 14
- 230000008569 process Effects 0.000 claims description 5
- 230000000750 progressive effect Effects 0.000 claims description 5
- 238000004364 calculation method Methods 0.000 abstract description 5
- 230000004075 alteration Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/008—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3006—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
- H04L9/3033—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters details relating to pseudo-prime or prime number generation, e.g. primality test
Abstract
The invention provides an n-time public key compression method for integer homomorphic encryption, which expands the generation of a public key in an integer homomorphic encryption scheme to an n-time form, and reduces the number of integer elements of a stored public key. The invention generates the public key required by encryption by calculating the public key integer element in the public key vector pk, namely the actually stored public key integer element is not used in encryption but the public key used in real encryption is obtained by calculation, thus reducing the number of the public key integer elements during storage and realizing the compression of the size of the public key. Public key passing calculation in encryption
Description
Technical Field
The invention relates to an n-time public key compression method, in particular to an n-time public key compression method suitable for integer homomorphic encryption.
Background
The document "Coron J S, mandal A, naccache D, et al. Fully homomorphic encryption over the interpeneters with short public key [ C]//Proc of the 31 st International Conference on Advances in cryptography. Berlin: springer,2011, 487-504 "discloses a public key compression technical scheme for optimizing the size of an integer homomorphic encryption public key. The scheme provides a public key compression scheme aiming at the problems of overlarge size and low efficiency of the existing full homomorphic encryption scheme on the integer, the scheme changes the integer element of the public key from a linear form to a quadratic form, and the length of the public key is compressed to the length of the public key through proper parameter selectionWherein λ is a safety parameter, λ =2 k And k is a positive integer. The scheme compresses the public key length of the integer homomorphic encryption scheme, but the compression degree is limited, and the public key size is compressed toStill too large, therefore, the operation efficiency is not greatly improved, and the application in practice is still difficult。
Disclosure of Invention
In order to solve the problem of low scheme operation efficiency caused by overlarge size of a public key of an integer homomorphic encryption scheme, the invention provides an n-time public key compression method of integer homomorphic encryption.
The technical solution of the present invention is described below:
the n-time public key compression method for integer homomorphic encryption comprises the following steps of:
step 1: generating a private key p and an encryption modulus x 0 :
Generating a private key p: p is a randomly generated large prime number of length eta bits, p is in the range of [2 ] η-1 ,2 η );
Generating an encryption modulus x 0 :x 0 =q 0 P, whereinIs an integer ring, gamma denotes the public key integer element x i The symbol "←" means: the expression "a ← B" denotes the random selection of an element a from the set B;
step 2: generating other public key elements x in a public key vector i,b :
For 1 ≦ i ≦ β,1 ≦ b ≦ n, generating integer x i,b :
x i,b =r i,b +pq i,b
Where n, beta represent the public key integer element x i,b The number of the (c) is greater than the total number of the (c),r i,b is random noise interference;
x i,b and the encryption modulus x generated in step 1 0 Together, the public key pk:
pk=(x 0 ,x 1,1 ,…,x 1,n ,x 2,1, …,x 2,n ,x 3,1 …x 3,n ,…,x β,1 ,…,x β,n )
and step 3: and (3) encryption process:
Wherein 1 is less than or equal to i 1 ,i 2 ,…,i n Beta is less than or equal to, tau and beta satisfy tau = beta n ;
where m is the plaintext to be encrypted, the encryption is performed in bits, and r is the noise interference.
Further, random noise interferenceWhere ρ is a noise parameter representing random noise interference r i,b The bit length of (c).
Further, in the random coefficient vector b, i is more than or equal to 1 1 ,i 2 ,…,i n Not more than beta andα represents the bit length of an integer in the random coefficient vector b, and α · β n And gamma + omega (log lambda) to make the residual hash lemma satisfy the constraint condition of approximate greatest common divisor problem.
Further, the noise interference r is larger than (-2) ρ′ ,2 ρ′ ) ρ 'is a second noise parameter representing the bit length of the noise disturbance r, and ρ' ≧ α + n ρ + ω (log λ), where ω (-) represents the asymptotically tight lower bound.
Further, q is 0 Is not prime factor included and is less thanFor resisting prime number traversal attacks; where λ represents a security parameter of the homomorphic encryption scheme, λ =2 k And k is a positive integer.
Further, the bit length eta of the private key p is larger than or equal to rho theta (lambda log) 2 λ), supporting enough circuits deep homomorphic operation to satisfy the operation of the 'compression decryption circuit'; where Θ (·) represents the progressive tight bound; and eta is greater than or equal to n rho + alpha +2+ nlog beta to ensure correct decryption of the ciphertext.
Further, the noise parameter ρ = ω (log λ) to prevent brute force estimation of public key random integers.
Further, the public key integer element x i The bit length gamma of ≧ omega (eta) 2 log λ) to a lattice-based multi-angle attack on the approximate greatest common divisor problem.
Furthermore, the invention also provides an encryption device, wherein the device adopts integer homomorphic encryption and adopts a public key compression method for n times in the integer homomorphic encryption.
Advantageous effects
The invention has the beneficial effects that: the invention expands the generation of the public key in the encryption scheme based on the integer homomorphism to a form of n times, thereby reducing the number of the integer elements of the stored public key. The public key required by encryption is generated through calculation of the integer element of the public key in the public key vector pk, namely the actually stored integer element of the public key is not used during encryption, but the public key used during real encryption is obtained through calculation, so that the number of the integer elements of the public key is reduced during storage, and the compression of the size of the public key is realized. Public key passing calculation in encryptionWhen the public key pk is stored, n beta public key elements are used for replacing original tau public key integer elements, so that the purpose of reducing the number of the public key integer elements is achieved, and the size of the public key is reduced. Reference "Coron J S, mandal A, naccache D, et al. Fully homomorphic encryption over the integrators with short public key [ C]//Proc of the 31 st Springer,2011 487-504", the public key is generated in a quadratic form, the generation of the public key is expanded to a n-th-power form, the number of integer elements of the stored public key is reduced, the size of the public key in an integer homomorphic encryption scheme is compressed, and the size of the public key is compressed into a size of the public keyMaking it more suitable for use in cloud computing applications.
Additional aspects and advantages of the invention will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the invention.
Detailed Description
In the following, a detailed description is given of an n-time public key compression method applied to integer homomorphic encryption, where we first define symbols and parameters that may be used in the method, and unless otherwise specified, the algorithm in the method is based on binary operation, and the logarithmic operation is also based on base-2 logarithmic operation.
For a real number x, the number x,andrespectively representing the rounding-down, rounding-up and rounding-up of a real number x, for a real number z and an integer p, q p (z) denotes the quotient of z divided by p, r p (z) represents the remainder of z divided by p. If f (λ) = O (g (λ) log) k g (λ)), f (λ) and g (λ) are both functions on λ, O (-) represents a functional series, k ∈ N, N is a set of natural numbers,thenProgressive symbolsRepresenting an infinite number of orders.
λ denotes the security parameter of the homomorphic encryption scheme, λ =2 k K is a positive integer;
gamma denotes the public key integer element x i I is more than or equal to 0 and less than or equal to tau;
τ denotes a public key integer element x i τ is a positive integer;
n, beta represent the public key integer element x i,b I is more than or equal to 1 and less than or equal to beta, b is more than or equal to 1 and less than or equal to n;
η represents the bit length of private key p;
ρ represents a noise parameter representing the random noise interference r when generating the integer element of the public key i,b The bit length of (d);
ρ' is a second noise parameter indicating the bit length of the random noise interference r used by the encryption process;
alpha represents the bit length of an integer in a random coefficient vector b used for increasing the randomness of a public key in the encryption process;
wherein, λ, γ, τ, n β, η, ρ, ρ', α are all positive integers.
In the prior art, the public key vector pk is (x) 0 ,x 1 …,x τ ) Of the form public key integer element x stored in a public key vector i I is more than or equal to 1 and less than or equal to tau, and tau is obtained, the public key integer elements are generated by using n-order form, and the public key integer elements are x i,b I is more than or equal to 1 and less than or equal to beta, b is more than or equal to 1 and less than or equal to n, and only n beta integers x are stored i,b Can generate tau public key integersAs a public key.
The integer homomorphic encryption method provided by the invention is established on the problem of interference-free approximate maximum common divisorThe common divisor problem, also called the non-interfering approximate maximum common divisor hypothesis, can be expressed as p, p ∈ [2 ] for p η-1, 2 η ) P is a large prime number with the length of eta bit randomly generated, and x is calculated 0 =q 0 P of wherein Is an integer ring, q 0 Is not prime factor included and is less thanIs an integer of (2). For two specified integers p and q 0 Giving a distribution
In formula (1), q ← [0, q) 0 ),From distributionIn the randomly drawn polynomial samples and x 0 By these sample sums x 0 Solving for large prime numbers p of η bits is extremely difficult and computationally infeasible.
In order to ensure the security of the n-time public key compression method for integer homomorphic encryption, the following restrictions are made on the parameters:
ρ = ω (log λ), ω (-) representing a non-progressive tight lower bound in order to prevent brute force estimation of public key random integers;
η≥ρ·Θ(λlog 2 λ), in order to support enough circuit depth homomorphic operations to satisfy the operation on the "compression decryption circuit", Θ (·) represents a progressive tight bound;
γ≥ω(η 2 log λ), dealing with lattice-based multi-angle attacks that approximate the greatest common divisor problem;
α·β n gamma + omega (log lambda) or more, in order to make the remaining hash lemma satisfy the constraint condition of the approximate greatest common divisor problem;
eta is greater than or equal to n rho + alpha +2+ nlog beta, in order to ensure correct decryption of the ciphertext;
ρ' ≧ α + n ρ + ω (log λ) as a condition satisfied by the second noise parameter.
Based on the above setting, the following four specific processes of key generation, encryption, ciphertext operation and decryption are given:
1. and (3) key generation:
generating a private key firstly: sk = p, p is a large prime number with length of η bits randomly generated, p ∈ [2 ] η-1 ,2 η )。
The public key pk is then generated: generating an encryption modulus x 0 Calculating x 0 =q 0 P of whereinInteger ring, q 0 Is not prime factor included and is less thanIs an integer of (b), to q 0 The limitation of (2) is to be able to resist prime traversal attacks. Wherein "←" means: the expression "a ← B" denotes an element a randomly selected from the set B.
For 1 ≦ i ≦ β,1 ≦ b ≦ n, generating integer x i,b :
x i,b =r i,b +pq i,b (2)
WhereinRandom noise interferencex i,b And a previously generated encryption modulus x 0 Are formed togetherPublic key, then public key pk is expressed as:
pk=(x 0 ,x 1,1 ,…,x 1,n ,x 2,1, …,x 2,n ,x 3,1 …x 3,n ,…,x β,1 ,…,x β,n ) (3)
from equation (3), it can be seen that the public key pk is in addition to the encryption modulus x 0 Other public key elements than x i,b I is more than or equal to 1 and less than or equal to beta, b is more than or equal to 1 and less than or equal to n, and the number of integer elements of the public key is n beta + 1.
2. Encryption:
m is a plaintext to be encrypted, the plaintext is encrypted according to bits, and the plaintext space is m E {0,1}.
By x i,b I is more than or equal to 1 and less than or equal to beta, b is more than or equal to 1 and less than or equal to n, and calculating tau public key integers
I is more than or equal to 1 in the formula (4) 1 ,i 2 ,…,i n Beta is less than or equal to beta, tau and beta satisfy tau = beta n In the scheme, n = log lambda is taken.
Generating random coefficient vectorsWherein 1 is less than or equal to i 1 ,i 2 ,…,i n Not more than beta andτ=β n noise interference r ∈ (-2) ρ′ ,2 ρ′ )。
And (4) calculating a ciphertext c:
in the formula (5), i is more than or equal to 1 and less than or equal to beta, i is more than or equal to 1b≤n,x 0 =q 0 ·p,q 0 Is not prime factor included and is less thanThe number of the integer (c) of (d),p is a randomly generated large prime number of length eta bits, p is in the range of [2 ] η-1 ,2 η )。
3. Ciphertext operation:
given a circuit C (binary circuit) with t input bits and t ciphertexts C i (1. Ltoreq. I. Ltoreq.t) t is a positive integer, c i All addition and multiplication operations are performed on integers by all addition and multiplication gate circuits of circuit C and the final integer C' is returned as a result.
4. And (3) decryption:
outputting the decrypted plaintext m:
m=(c′mod p)mod 2 (6)
in the formula (5), c' is a ciphertext obtained by ciphertext operation, p is a private key and is a large prime number with the length of eta bit generated in the key generation stage, and p belongs to [2 ] η-1 ,2 η ). The final plaintext results are as follows:
although embodiments of the present invention have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present invention, and that variations, modifications, substitutions and alterations can be made in the above embodiments by those of ordinary skill in the art without departing from the principle and spirit of the present invention.
Claims (9)
1. A method of n-time public key compression for integer homomorphic encryption, characterized by: the method comprises the following steps:
step 1: generating privacyKey p and encryption modulus x 0 :
Generating a private key p: p is a randomly generated large prime number of length eta bits, p belongs to [2 ] η-1 ,2 η );
Generating an encryption modulus x 0 :x 0 =q 0 P, wherein Is an integer ring, gamma denotes the public key integer element x i The symbol "←" means: the expression "a ← B" denotes the random selection of an element a from the set B;
step 2: generating other public key elements x in a public key vector i,b :
For 1. Ltoreq. I.ltoreq.beta.1. Ltoreq. B.ltoreq.n, the integer x is generated i,b :
x i, b=r i,b +pq i,b
Where n, beta represent the public key integer element x i,b The number of the (c) is,r i,b is random noise interference;
x i,b and the encryption modulus x generated in step 1 0 Together, the public key pk:
pk=(x 0 ,x 1,1 ,...,x 1,n ,x 2,1 ,...,x 2,n ,x 3,1 ...x 3,n ,...,x β,1 ,...,x β,n )
and step 3: and (3) encryption process:
Wherein 1 is less than or equal to i 1 ,i 2 ,...,i n Beta is less than or equal to, tau and beta satisfy tau = beta n ;
where m is the plaintext to be encrypted, the encryption is performed in bits, and r is the noise interference.
3. A method of n-time public key compression for integer homomorphic encryption according to claim 1 or 2, characterized by: in the random coefficient vector b, i is more than or equal to 1 1 ,i 2 ,...,i n Not more than beta andα represents the bit length of an integer in the random coefficient vector b, and α · β n ≥γ+ω(logλ)。
4. A method of n-time public key compression for integer homomorphic encryption according to claim 3, characterized in that: noise interference r epsilon (-2) ρ′ ,2 ρ′ ) And ρ' is a second noise parameter representing the bit length of the noise disturbance rAnd ρ' ≧ α + n ρ + ω (log λ), where ω (-) represents the non-progressive tight lower bound.
6. The n-time public key compression method for integer homomorphic encryption according to claim 5, characterized in that: bit length eta of private key p is larger than or equal to rho theta (lambda log) 2 λ), where Θ (·) represents the progressive tight bound and η ≧ n ρ + α +2+ nlog β.
7. The n-time public key compression method for integer homomorphic encryption according to claim 6, wherein: the noise parameter ρ = ω (log λ) to prevent brute force estimation of public key random integers.
8. The n-time public key compression method for integer homomorphic encryption according to claim 7, characterized in that: public key integer element x i The bit length gamma of ≧ omega (eta) 2 logλ)。
9. An encryption apparatus, characterized in that: the device adopts integer homomorphic encryption, and adopts the n-time public key compression method of claim 1 in the integer homomorphic encryption.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110336750.6A CN113114461B (en) | 2021-03-29 | 2021-03-29 | N-time public key compression method for integer homomorphic encryption |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110336750.6A CN113114461B (en) | 2021-03-29 | 2021-03-29 | N-time public key compression method for integer homomorphic encryption |
Publications (2)
Publication Number | Publication Date |
---|---|
CN113114461A CN113114461A (en) | 2021-07-13 |
CN113114461B true CN113114461B (en) | 2022-11-18 |
Family
ID=76712578
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110336750.6A Expired - Fee Related CN113114461B (en) | 2021-03-29 | 2021-03-29 | N-time public key compression method for integer homomorphic encryption |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113114461B (en) |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103916248A (en) * | 2014-04-10 | 2014-07-09 | 东南大学 | Fully homomorphic encryption public key space compression method |
CN111585743A (en) * | 2020-04-28 | 2020-08-25 | 西安电子科技大学 | Homomorphic encryption public key compression method for many-to-one on integer |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR102019159B1 (en) * | 2013-12-23 | 2019-09-09 | 한국전자통신연구원 | Apparatus and methdo for giving the compressed encryption functionality to integer-based homomorphic encryption schemes |
CN104283669B (en) * | 2014-08-25 | 2017-07-18 | 东南大学 | Re-encryption depth optimization method in full homomorphic cryptography |
-
2021
- 2021-03-29 CN CN202110336750.6A patent/CN113114461B/en not_active Expired - Fee Related
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103916248A (en) * | 2014-04-10 | 2014-07-09 | 东南大学 | Fully homomorphic encryption public key space compression method |
CN111585743A (en) * | 2020-04-28 | 2020-08-25 | 西安电子科技大学 | Homomorphic encryption public key compression method for many-to-one on integer |
Non-Patent Citations (1)
Title |
---|
Fully homomorphic encryption over the integers with shorter public keys;Jean-sebastien coron;《P.Rogaway(Ed.):CRYPTO 2011,LNCS 6841》;20110818;正文第4-7页 * |
Also Published As
Publication number | Publication date |
---|---|
CN113114461A (en) | 2021-07-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Brakerski et al. | Circular and Leakage Resilient Public-Key Encryption under Subgroup Indistinguishability: (or: Quadratic Residuosity Strikes Back) | |
US5231668A (en) | Digital signature algorithm | |
US8184803B2 (en) | Hash functions using elliptic curve cryptography | |
US8189775B2 (en) | Method of performing cipher block chaining using elliptic polynomial cryptography | |
US6697488B1 (en) | Practical non-malleable public-key cryptosystem | |
JP5690465B2 (en) | Custom Static Diffie-Hellman Group | |
US20100020964A1 (en) | Key generation method using quadratic-hyperbolic curve group | |
CN112446052B (en) | Aggregated signature method and system suitable for secret-related information system | |
US8705740B2 (en) | Elliptic curve-based message authentication code system and method | |
US20110200186A1 (en) | Method of cipher block chaining using elliptic curve cryptography | |
CN110545179A (en) | R-LWE-based NTRU encryption method and security proving method thereof | |
Harjito et al. | Comparative Analysis of RSA and NTRU Algorithms and Implementation in the Cloud | |
WO2009115824A1 (en) | Encryption method | |
Heninger | RSA, DH, and DSA in the Wild | |
CN110798313B (en) | Secret dynamic sharing-based collaborative generation method and system for number containing secret | |
CN113114461B (en) | N-time public key compression method for integer homomorphic encryption | |
CN116094716A (en) | Text encryption and decryption method, system and equipment based on elliptic curve cryptography | |
US20130058483A1 (en) | Public key cryptosystem and technique | |
US20080019508A1 (en) | Public key cryptographic methods and systems with rebalancing | |
JP2018092010A (en) | Encryption device and encryption method, encryption program, key generation device, key generation method, and key generation program | |
Kuryazov | Optimal asymmetric data encryption algorithm | |
Ariffin et al. | AA β public key cryptosystem-A comparative analysis against RSA and ECC | |
You et al. | Secure two-party computation approach for ntruencrypt | |
Irawadi | Discrete Logarithmic Improvement for ElGamal Cryptosystem Using Matrix Concepts | |
Xu | The advance of digital signature with quantum computing |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20221118 |