CN114553408A - Galois-ring-based threshold linear encryption and decryption method for RS codes - Google Patents

Galois-ring-based threshold linear encryption and decryption method for RS codes Download PDF

Info

Publication number
CN114553408A
CN114553408A CN202210165966.5A CN202210165966A CN114553408A CN 114553408 A CN114553408 A CN 114553408A CN 202210165966 A CN202210165966 A CN 202210165966A CN 114553408 A CN114553408 A CN 114553408A
Authority
CN
China
Prior art keywords
galois
code
ring
data
polynomial
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210165966.5A
Other languages
Chinese (zh)
Other versions
CN114553408B (en
Inventor
陈博涵
邢朝平
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Jiaotong University
Original Assignee
Shanghai Jiaotong University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Jiaotong University filed Critical Shanghai Jiaotong University
Priority to CN202210165966.5A priority Critical patent/CN114553408B/en
Publication of CN114553408A publication Critical patent/CN114553408A/en
Application granted granted Critical
Publication of CN114553408B publication Critical patent/CN114553408B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • H04L9/3026Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters details relating to polynomials generation, e.g. generation of irreducible polynomials

Abstract

A Galois ring-based RS code threshold linear encryption and decryption method is characterized in that Galois rings are initialized and selected, data preparation is carried out on RS code generation, then a user is judged to carry out interactive calculation, and local direct calculation is carried out when addition exists only, otherwise, duplicate secret sharing is obtained for calculation. The invention designs the threshold linear secret sharing method based on the RS code by introducing the linear secret sharing method (LSSS) and the Reed-Solomon (RS) code, gives play to the advantages of LSSS secret information protection and RS code polynomial information transmission, and has high-efficiency information transmission efficiency and safety. The invention is applied to the communication between users on the MPC, and the addition and multiplication of the users during the data exchange are realized through the coding protocol.

Description

Galois-ring-based threshold linear encryption and decryption method for RS codes
Technical Field
The invention relates to a technology in the field of information security, in particular to a Galois-ring-based RS code threshold linear encryption and decryption method.
Background
Multi-party secure computing (MPC) refers to how many parties securely compute the same agreed function without a trusted third party. The technology can safely carry out the communication among users on the premise of protecting the private data of the users. Suppose there are n participants P1,P2,…,PnEach participant PiAre all provided withA private data xi. Participants need to guarantee their private data xiCalculating f (x) without leakage1,x2,…,xn). Two properties need to be met in MPC: privacy, each participant does not know the private data of other participants except the private data of the participant; correctness, the result of the function calculation is unique and correct.
Most of the existing MPC-based cryptographic and coding protocols are
Figure BDA0003513489090000011
And
Figure BDA0003513489090000012
performed over these two large domains, in a ring
Figure BDA0003513489090000013
The applications of (3) are lacking.
Disclosure of Invention
Aiming at the defects in the prior art, the invention provides a Galois-ring-based RS code threshold linear encryption and decryption method, which designs a RS code-based threshold linear secret sharing method by introducing a linear secret sharing method (LSSS) and a Reed-Solomon (RS) code, gives play to the advantages of LSSS secret information protection and RS code polynomial information transmission, and has high-efficiency information transmission efficiency and safety. The invention is applied to the communication between users on the MPC, and the addition and multiplication of the users during the data exchange are realized through the coding protocol.
The invention is realized by the following technical method:
the invention relates to a Galois-ring-based RS code threshold linear encryption and decryption method, which comprises the following steps:
step 1, initializing and selecting a Galois ring, which specifically comprises the following steps:
1.1 choosing prime number p and exponent s to construct a ring
Figure BDA0003513489090000014
And domain
Figure BDA0003513489090000015
1.2 selecting the highest degree of the polynomial r to construct the polynomial h (Y) -a0+a1Y+···+arYr
Figure BDA0003513489090000016
Figure BDA0003513489090000017
Wherein a isr=βr1, other aiBelong to the set {0,1, …, psData in-1, βiData belonging to the set {0,1, …, p-1}, i.e. a polynomial with the first highest degree of the term r; the total coefficient modulus p of h (Y) is used to obtain new polynomial h' (Y) ═ beta01Y+···+βrYr
Figure BDA0003513489090000018
h' (Y) is the first, irreducible, primitive polynomial with the highest degree r.
The polynomial h' (Y) satisfies the property of primitive polynomial, namely
Figure BDA0003513489090000019
And for any prime number pi|pr-1 has
Figure BDA0003513489090000021
Then h' (Y) is of order pr-1。
1.3 h' (Y) satisfies
Figure BDA0003513489090000022
Let h (Y) ═ h' (Y), then
Figure BDA0003513489090000023
Is the first primitive polynomial with the highest degree of r and the order of pr-1. For h (Y), there is a class of roots
Figure BDA0003513489090000024
Satisfy the requirements of
Figure BDA0003513489090000025
Then
Figure BDA0003513489090000026
Is the upper level of Galois ring as pr-1 non-zero element.
1.4 construction of Galois Ring
Figure BDA0003513489090000027
Figure BDA0003513489090000028
And collections
Figure BDA0003513489090000029
The elements in the set T are all on Galois rings.
Step 2, preparing data for the generation of RS codes, which specifically comprises the following steps:
2.1 randomly selecting n +1 different elements from the set T to form a set
Figure BDA00035134890900000210
Wherein n is less than or equal to pr-1. Randomly selecting any two elements in the set T to subtract, and performing n +1 times in total to obtain
Figure BDA00035134890900000211
Figure BDA00035134890900000212
Each element in v is a unit element on a Galois ring.
The elements in the set T can form a unit element set [ mu ]01p+···+μs-1ps-1,μi∈T,μ0≠0}
2.2 randomly generating an integer k satisfying 0. ltoreq. k. ltoreq.n-1, randomly generating a polynomial f (x) epsilon GR (p) from the Galois rings,r)[x]<kThen the RS code for f (x) can be expressed as (v)0f(α0),v1f(α1),…,vnf(αn) Namely the RS code is expressed as
Figure BDA00035134890900000213
Step 3, judging that the user carries out interactive calculation, and locally and directly calculating when only addition exists, otherwise, obtaining double secret sharing for calculation, specifically comprising the following steps:
3.1 there are n users in total, select RS code with length n +1
Figure BDA00035134890900000214
Above, codeword information (x, x) is obtained1,x2,…,xn) And (y, y)1,y2,…,yn) Where x and y are secret data, xiAnd yiIs the holding data of each user i, will (x)1,…,xn) And (y)1,…,yn) Are respectively marked as [ x]tAnd [ y]t
3.2 when only addition calculation of x and y is needed, user i only needs to add own held data xiAnd yiCalculating locally to obtain xi+yiAs long as t +1 users share own data xi+yiThen all users can have t +1 [ x + y ]]tX + y is reconstructed therefrom.
3.3 when x and y multiplication needs to be performed, the user first needs to obtain a duplicate secret share ([ z ] secret]t,[z]2t). Selecting the RS code of t +1 users in n +1
Figure BDA00035134890900000215
And
Figure BDA00035134890900000216
respectively generate code words (c)i,[ci]t) And (c)i,[ci]2t) Then the secret data z is c0+...+ctIt is clear that this data is not revealed to the user. [ z ] is]t=([c0]t,…,[ct]t)=(z,z1,z2,…,zn) And [ z ]]2t=([c0]2t,…,[ct]2t)=(z,z1`,z2`,…,zn' z) constitute a double secret share ([ z ]]t,[z]2t)。
3.4 local calculation per user i (x)iyi)`=xi*yiAnd ei`=(xiyi)`-ziThen as long as 2t +1 users share own data eiAll users can have 2t +1 e]2tE, thereby reconstructing e.
3.5 randomly generating a set of codewords (e, [ e ] from e]t) To disclose, each user locally calculates t +1 xiyi=ei+ziI.e. by t +1 [ xy ]]tThereby reconstructing xy.
Technical effects
The invention is in the ring
Figure BDA0003513489090000031
Run on, by applying to the present multi-party secure computing domain and in-domain
Figure BDA0003513489090000032
And
Figure BDA0003513489090000033
the method can be applied to practical application, and the integrity of the MPC on data application in an application scene is perfectly improved.
Drawings
FIG. 1 is a flow chart of an embodiment.
Detailed Description
As shown in fig. 1, the present embodiment relates to a threshold linear encryption and decryption method for RS codes based on Galois loops, which includes the following steps:
step 1) negotiation generation of relevant parameters of the Galois ring and the RS code specifically comprises:
1.1) elementThe number p is 2, the exponent s is a random integer with any bit, the highest item number r is a random integer with any bit, and the participating users n are pr-1, when RS code
Figure BDA0003513489090000034
The highest degree of polynomial on the selected Galois ring is 2 t-n-2-pr-3, then RS code
Figure BDA0003513489090000035
The polynomial maximum degree on the selected Galois ring is t ═ pr-3)/2。
1.2) generating the highest term by prFirst polynomial of-1
Figure BDA0003513489090000036
In that
Figure BDA0003513489090000037
Is factorized to obtain
Figure BDA0003513489090000038
For irreducible polynomials in which the highest degree of term r is satisfied, a test is performed which must satisfy p for any prime numberi|pr-1 has
Figure BDA0003513489090000039
The selected polynomial factor is the first irreducible primitive polynomial of the highest degree r with the order pr-1, let the polynomial factor be
Figure BDA00035134890900000310
H (Y) above. h (Y) existence of a type of root
Figure BDA00035134890900000311
Satisfy the requirement of
Figure BDA00035134890900000312
Then
Figure BDA00035134890900000313
Can represent the upper level of Galois ring as pr-1 non-zero element.
1.3) constructing a Galois loop of
Figure BDA00035134890900000314
Figure BDA00035134890900000315
Construct collections in sequence
Figure BDA00035134890900000316
In total prElements, each element on a Galois ring; construction set
Figure BDA00035134890900000317
In all, prAn element of which
Figure BDA00035134890900000318
Others
Figure BDA00035134890900000319
Are random non-zero elements in the set T. The set T and the set α are equal, except that the order of the data is not necessarily the same; structure assembly
Figure BDA00035134890900000320
Figure BDA00035134890900000321
In all, prAn element, each element
Figure BDA00035134890900000322
The RS code can be reconstructed, and the condition that the element in v is a unit element on a Galois ring is also met; structure of the device
Figure BDA00035134890900000323
Figure BDA00035134890900000324
Wherein the set α and the set v areAll users fixed, f (x) e GR [ x ∈ f]<kIt is randomly generated and f (x) takes the highest term order as k-1.
When data on a Galois ring is required, only one needs to be randomly generated
Figure BDA00035134890900000325
Element of (2), its module
Figure BDA00035134890900000326
The latter elements are all on Galois loops, which provides for the subsequent generation of polynomials on Galois loops.
Step 2) when the addition operation of x and y is required, a third party is set to select the RS code with the length of n +1
Figure BDA0003513489090000041
Obtaining codeword information (x, x)1,x2,…,xn) And (y, y)1,y2,…,yn) Where x and y are unpublished data, xiAnd yiDistributed to each user i, which computes x locallyi+yiSelecting fixed t +1 honest users to disclose own data xi+yiThen all users can pass t +1 x + y]tTo reconstruct x + y.
The reconstruction means that: for RS codes
Figure BDA0003513489090000042
Code word of (x + y, [ x + y ]]t) There is a Galois loop polynomial q (x) with the highest degree of t, i.e. t +1 coefficients to be solved, which can be solved by lagrange interpolation or matrix operations to obtain q (x), then x + y-v0q(α0)。
Step 3) when x and y multiplication operations are to be performed, then a duplicate secret share ([ z ] is generated]t,[z]2t): selecting t +1 users from n users, and randomly selecting Galois ring polynomial d by each participanti(x) And li(x) Wherein d isi(x) Highest of (2)The highest term degree of the term is t, li(x) Is 2t, and di(x) And li(x) Are equal in the lowest order coefficient. Generating a codeword from two polynomials (c)i,[ci]t) And (c)i,[ci]2t) Will ([ c)i]t,[ci]2t) Publicly, all users calculate [ z ]]t=([c0]t,…,[ct]t)=(z,z1,z2,…,zn) And [ z ]]2t=([c0]2t,…,[ct]2t)=(z,z1`,z2`,…,zn"so) to ensure that z does not leak.
Step 4) after obtaining the double secret sharing, each user i locally calculates (x)iyi)`=xi*yiAnd ei`=(xiyi)`-ziThen, 2t +1 honest users are selected to share own data ei ', so that all users can share own data ei' through 2t +1 [ e ]]2tTo reconstruct e.
Step 5) when the third party obtains the common e, randomly generating a group of code words (e, [ e ]]t) Will be [ e ]]tDisclosed is a method for producing a high-purity (high-purity) olefin polymer. Locally compute t +1 x per useriyi=ei+ziThen all users can have t +1 [ xy ]]tThereby reconstructing xy.
Through specific practical experiments, the polynomial is expressed in the form of vector, such as 1+ Y4Is represented as [ 11001]。
The experimental parameters obtained by negotiation are as follows: the prime number p is 2, the index s is 3, the degree r is 4, the number of users n is 15, the primitive polynomial h (y) is [ 11001 ], and when 2t is 13, t is 6.
Set T ═ 0 ([0 ]],[1],[0 1],[0 0 1],[0 0 0 1],[7 7],[0 7 7],[0 0 7 7],[1 1 0 7],[1 2 1],[0 1 2 1],[7 7 1 2],[6 5 7 1],[7 5 5 7],[1 0 5 5],[3 4 0 5]) 16 in total about
Figure BDA0003513489090000043
A polynomial of (c).
Set α ═ ([0 ]],[7 7],[7 7 1 2],[6 5 7 1],[7 5 5 7],[3 4 0 5],[0 7 7],[1 0 5 5],[0 1],[0 0 7 7],[0 1 2 1],[0 0 0 1],[1 1 0 7],[1 2 1],[0 0 1],[1]) 16 in total about
Figure BDA0003513489090000044
A polynomial of (c).
Set v ═ ([ 1]],[1],[1],[1],[1],[1],[1],[1],[1],[1],[1],[1],[1],[1],[1],[1]) 16 in total about
Figure BDA0003513489090000045
A polynomial of (c).
When the user wants to perform a simple multiplication such as 2 x 3, a duplicate secret share ([ z ] is generated]t,[z]2t)。
[z]t=([3 6 4 1],[1 6 0 2],[4 0 0 6],[0 7 7 6],[1 4 3 2],[6 2 5 4],[7 4 0 7],[1 2 2 6],[1 6 2 2],[4 5 1 1],[0 6 2 4],[7 2 7 2],[6 4],[5 7 6 5],[5 3 7 6])。
[z]2t=([1 1 2 1],[1 6 6 2],[6 4 2 4],[7 7 3 5],[3 6 0 7],[7 0 3 1],[5 2 6 1],[7 1 4 4],[1 2 1 2],[6 3 6 3],[6 6 6 5],[7 0 0 6],[5 0 7 3],[2 5 4 1],[1 7 2 5])。
From length 16 RS code
Figure BDA0003513489090000051
Last acquisition codeword information (x ═ 2, x)1,x2,…,xn) And (y ═ 3, y)1,y2,…,yn). Wherein user i holds xiAnd yi
(x=2,x1,x2,…,xn)=([2],[0 2 5 7],[6 7 6 7],[4 2 4 4],[0 7 2 4],[0 1 0 5],[7 0 5 6],[2 4 6 3],[5 6 0 1],[3 3 5 4],[4 1 6 1],[5 3 7 3],[4 5 0 6],[2 4 1 5],[0 7 7 5],[4 2 2 3])。
(y=3,y1,y2,…,yn)=([3],[2 2 1 3],[3 2 0 2],[6 1],[2 0 6 5],[3 2 2 5],[2 7 6 5],[6 2 4 2],[1 6 7 6],[6 5 3 6],[5 3 1 6],[5 6 7 1],[7 3 7 1],[1 7 1],[2 4 0 6],[0 4 1])。
User i proceeds with (x)iyi)`=xi*yiThe operation of (1) is [ xy]2t=([7 5 3 5],[6 1 6 7],[4 4 2 4],[1 5 6 6],[1 2 7],[6 4 1 4],[6 6 6 4],[3 3 2 3],[5 2 4 4],[5 5 2 2],[3 3 1],[5 6 3 3],[6 1 2],[2 6 2],[2 7 1 2]) These data are private to the respective users.
User i does ei`=(xiyi)`-ziThe operation of the word' is then [ e ]]2t=([6 4 1 4],[5 3 0 5],[6],[2 6 3 1],[6 4 7 1],[7 4 6 3],[1 4 0 3],[4 2 6 7],[4 0 3 2],[7 2 4 7],[5 5 3 3],[6 6 3 5],[1 1 3 5],[0 1 6 7],[1 0 7 5]) These data are private to the respective users.
Select 14 users to disclose their ei", then the code word (e, [ e ] can be calculated]2t) The polynomial q (x) on the corresponding Galois ring has the highest degree of 13.
q(x)=[[1 6 4 4][3 6 6][7 7 1 2][7 0 2 2][6 7 1 6][3 0 3 3][7 7 6][7 1 1 1][7 3 7 6][2 7 2 2][7 3 5 3][3 7 5 6][6 7 1 1][7 3 3 1]]。
The user can calculate e-v0q(α0)=[1 6 4 4]And then randomly generating a codeword (e, [ e ]]t)。
(e,[e]t)=([1 6 4 4],[0 7 6 4],[4 1 4],[2 4 4 3],[3 3 3 1],[1 1 3 6],[0 5 7],[4 5 5 2],[3 7 4 5],[5 5 7 7],[0 0 2 7],[7 7 4 2],[4 5 6],[2 5 2 1],[2 4 6 4],[0 3 3 6])。
At this time, each user has [ e ]]tAnd [ z ]]tThen [ xy ] can be calculated by itself]t
[xy]t=([3 5 2 5],[5 7 4 2],[6 4 4 1],[3 2 2 7],[2 5 6],[6 7 4 4],[3 1 5 1],[4 1 6 3],[6 3 1 1],[4 5 3],[7 5 6 6],[3 7 5 2],[0 1 2 1],[7 3 4 1],[5 6 2 4])。
Finally, each user self-reconstructs [ xy ]]tX y 6 is obtained.
Galois loop based Reed-Solomon code length on MPC is up to 2rAnd the secret sharing size is log | GR | ═ rs, where s is fixed. When rs is a fixed value, the number of participants is also fixed. Therefore, thisThe invention hopes that the s and r corresponding to the encoding based on the Galois loop are fixed and the code length is as long as possible. The invention supplements the current situation of insufficient application of MPC in the loop field.
The foregoing embodiments may be modified in many different ways by those skilled in the art without departing from the spirit and scope of the invention, which is defined by the appended claims and all changes that come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein.

Claims (5)

1. A Galois ring-based RS code threshold linear encryption and decryption method is characterized in that Galois rings are initialized and selected, data preparation is carried out on RS code generation, a user is judged to carry out interactive calculation, local direct calculation is carried out when addition exists only, and otherwise double secret sharing is obtained for calculation.
2. The Galois loop-based RS code threshold linear encryption and decryption method as claimed in claim 1, wherein said initializing and selecting Galois loop specifically includes:
1.1 choosing prime number p and exponent s to construct a ring
Figure FDA0003513489080000011
And domain
Figure FDA0003513489080000012
1.2 selecting the highest degree of the polynomial r to construct the polynomial h (Y) -a0+a1Y+…+arYr
Figure FDA0003513489080000013
Wherein a isr=βr1, other aiBelong to the set {0,1, …, psData in-1, βiData belonging to the set {0,1, …, p-1}, i.e. a polynomial with the first highest degree of the term r; the total coefficient modulus p of h (Y) is used to obtain new polynomial h' (Y) ═ beta01Y+…+βrYr
Figure FDA0003513489080000014
h' (Y) is the first irreducible primitive polynomial with the highest degree r;
1.3 h' (Y) satisfies
Figure FDA0003513489080000015
Let h (Y) ═ h' (Y), then
Figure FDA0003513489080000016
Is the first primitive polynomial with the highest degree of r and the order of pr-1; for h (Y), there is a class of roots
Figure FDA0003513489080000017
Satisfy the requirement of
Figure FDA0003513489080000018
Then
Figure FDA0003513489080000019
Is the upper level of Galois ring as pr-a non-zero element of 1;
1.4 construction of Galois Ring
Figure FDA00035134890800000110
Figure FDA00035134890800000111
And collections
Figure FDA00035134890800000112
The elements in the set T are all on Galois rings.
3. The method for threshold linear encryption and decryption of Galois ring based RS code according to claim 2 is characterized in that said polynomial h' (Y) satisfies the primitive polynomial property
Figure FDA00035134890800000113
And for any prime number pi|pr-1 has
Figure FDA00035134890800000114
Figure FDA00035134890800000115
Then h' (Y) is of order pr-1; the elements in the set T can form a unit element set [ mu ]01p+…+μs- 1ps-1,μi∈T,μ0≠0}。
4. The Galois-ring-based RS code threshold linear encryption/decryption method as claimed in claim 1, wherein the data preparation for RS code generation specifically includes:
2.1 randomly selecting n +1 different elements from the set T to form a set
Figure FDA00035134890800000116
Wherein n is less than or equal to pr-1; randomly selecting any two elements in the set T to subtract, and performing n +1 times in total to obtain
Figure FDA00035134890800000117
Figure FDA00035134890800000118
Each element in v is a unit element on a Galois ring;
2.2 randomly generating an integer k satisfying 0. ltoreq. k. ltoreq.n-1, randomly generating a polynomial f (x) epsilon GR (p) from the Galois rings,r)[x]<kThen the RS code for f (x) can be expressed as (v)0f(α0),v1f(α1),…,vnf(αn) Namely the RS code is expressed as
Figure FDA00035134890800000119
Figure FDA0003513489080000021
5. The Galois-ring-based RS code threshold linear encryption and decryption method as claimed in claim 1, wherein said judging user performs interactive computation specifically includes:
3.1 there are n users in total, select RS code with length n +1
Figure FDA0003513489080000022
Above, codeword information (x, x) is obtained1,x2,…,xn) And (y, y)1,y2,…,yn) Where x and y are secret data, xiAnd yiIs the holding data of each user i, will (x)1,…,xn) And (y)1,…,yn) Are respectively marked as [ x ]]tAnd [ y]t
3.2 when only addition calculation of x and y is needed, user i only needs to add own held data xiAnd yiCalculating locally to obtain xi+yiAs long as t +1 users share own data xi+yiThen all users can have t +1 [ x + y ]]tThereby reconstructing x + y;
3.3 when it is desired to multiply x and y, the user first needs to obtain a duplicate secret share ([ z)]t,[z]2t) (ii) a Selecting the RS code of t +1 users in n +1
Figure FDA0003513489080000023
And
Figure FDA0003513489080000024
respectively generate code words (c)i,[ci]t) And (c)i,[ci]2t) Then the secret data z is c0+...+ctObviously the numberThe information can not be leaked to the user; [ z ] is]t=([c0]t,…,[ct]t)=(z,z1,z2,…,zn) And [ z ]]2t=([c0]2t,…,[ct]2t)=(z,z1`,z2`,…,zn' z) constitute a double secret share ([ z ]]t,[z]2t);
3.4 local calculation (x) per user iiyi)`=xi*yiAnd ei`=(xiyi)`-zi' then, as long as 2t +1 users share the own data eiAll users can have 2t +1 e]2tE, thereby reconstructing e;
3.5 randomly generating a set of codewords (e, [ e ] from e]t) To disclose, each user locally calculates t +1 xiyi=ei+ziI.e. by t +1 [ xy ]]tThereby reconstructing xy.
CN202210165966.5A 2022-02-21 2022-02-21 Galois ring-based threshold linear encryption and decryption method for RS code Active CN114553408B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210165966.5A CN114553408B (en) 2022-02-21 2022-02-21 Galois ring-based threshold linear encryption and decryption method for RS code

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210165966.5A CN114553408B (en) 2022-02-21 2022-02-21 Galois ring-based threshold linear encryption and decryption method for RS code

Publications (2)

Publication Number Publication Date
CN114553408A true CN114553408A (en) 2022-05-27
CN114553408B CN114553408B (en) 2023-11-03

Family

ID=81678345

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210165966.5A Active CN114553408B (en) 2022-02-21 2022-02-21 Galois ring-based threshold linear encryption and decryption method for RS code

Country Status (1)

Country Link
CN (1) CN114553408B (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103401568A (en) * 2013-08-14 2013-11-20 山东大学 RS code coding parameter blind identification method based on Galois field Fourier transform
WO2016015105A1 (en) * 2014-08-01 2016-02-04 National Ict Australia Limited Generating shares of secret data
CN105743646A (en) * 2016-02-03 2016-07-06 四川长虹电器股份有限公司 Encryption method and system based on identity
CN106788978A (en) * 2016-12-30 2017-05-31 桂林电子科技大学 Argument decomposes limit door mask new method
CN106941407A (en) * 2017-05-10 2017-07-11 成都课迪科技有限公司 A kind of method and apparatus of platform data dynamic encryption
CN110505226A (en) * 2019-08-22 2019-11-26 北部湾大学 Transmission information ciphering method and device based on formal matrices on Galois ring
CN113438070A (en) * 2021-05-25 2021-09-24 中国科学院计算技术研究所 Block chain key recovery method and system based on CAPSS
CN113591102A (en) * 2021-06-25 2021-11-02 中山大学 Lattice-based distributed threshold addition homomorphic encryption method

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103401568A (en) * 2013-08-14 2013-11-20 山东大学 RS code coding parameter blind identification method based on Galois field Fourier transform
WO2016015105A1 (en) * 2014-08-01 2016-02-04 National Ict Australia Limited Generating shares of secret data
CN105743646A (en) * 2016-02-03 2016-07-06 四川长虹电器股份有限公司 Encryption method and system based on identity
CN106788978A (en) * 2016-12-30 2017-05-31 桂林电子科技大学 Argument decomposes limit door mask new method
CN106941407A (en) * 2017-05-10 2017-07-11 成都课迪科技有限公司 A kind of method and apparatus of platform data dynamic encryption
CN110505226A (en) * 2019-08-22 2019-11-26 北部湾大学 Transmission information ciphering method and device based on formal matrices on Galois ring
CN113438070A (en) * 2021-05-25 2021-09-24 中国科学院计算技术研究所 Block chain key recovery method and system based on CAPSS
CN113591102A (en) * 2021-06-25 2021-11-02 中山大学 Lattice-based distributed threshold addition homomorphic encryption method

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
MARK ABSPOEL: "Asymptotically Good Multiplicative LSSS over Galois Rings and Applications to MPC over Z/pkZ", SPRINGER *
RONALD CRAMER: "Asymptotically-Good Arithmetic Secret Sharing over Z/p Z with Strong Multiplication and Its Applications to Efficient MPC", SPRINGER *
ZIYAO LIU: "MPC-enabled privacy-preserving neural network training against malicious attack", ACM *

Also Published As

Publication number Publication date
CN114553408B (en) 2023-11-03

Similar Documents

Publication Publication Date Title
EP2003546B1 (en) Closed galois field combination
US8520854B2 (en) Sharing a secret using polynomials over polynomials
US8345861B2 (en) Sharing a secret using polynomial division over GF(Q)
US7995765B2 (en) Sharing a secret using hyperplanes over GF(q)
CN110299987B (en) Mega-rich-root problem solving method based on homomorphic encryption
Pei et al. Perfect Gaussian integer sequences of arbitrary length
KR20110004474A (en) A closed galois field cryptographic system
Xinmei Digital signature scheme based on error-correcting codes
KR20050034184A (en) Weighted secret sharing and recovering method
RU2459276C1 (en) Method for coding of m message represented as multidigit binary number
Elleuch et al. A public-key cryptosystem from interleaved Goppa codes
Baldi et al. Security of generalised Reed–Solomon code‐based cryptosystems
CN110460442B (en) Grid-based key encapsulation method
CN114553408A (en) Galois-ring-based threshold linear encryption and decryption method for RS codes
Lee et al. Ciphertext-only attack on linear feedback shift register-based Esmaeili-Gulliver cryptosystem
Kim et al. PALOMA: binary separable Goppa-based KEM
Shooshtari et al. Provably secure strong designated verifier signature scheme based on coding theory
KR20040053209A (en) Public key cryptographic method based on braid groups
CN115843360A (en) Symmetric encryption and decryption method based on exponential complexity
Detchart et al. Polynomial ring transforms for efficient XOR-based erasure coding
US20100046740A1 (en) Embedding a secret in a larger polynomial
Al-Doori et al. Securing IoT Networks with NTRU Cryptosystem: A Practical Approach on ARM-based Devices for Edge and Fog Layer Integration.
CN116033086B (en) Reversible neural network-based image hiding method
RU2774103C1 (en) Method for forming encryption/decryption key
Gorbenko et al. Algorithms of asymmetric encryption and encapsulation of keys of post-quantum period of 5-7 stability stability levels and their applications

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant