CN114866221A - Improved addition homomorphic encryption method supporting floating point operation - Google Patents

Improved addition homomorphic encryption method supporting floating point operation Download PDF

Info

Publication number
CN114866221A
CN114866221A CN202210638770.3A CN202210638770A CN114866221A CN 114866221 A CN114866221 A CN 114866221A CN 202210638770 A CN202210638770 A CN 202210638770A CN 114866221 A CN114866221 A CN 114866221A
Authority
CN
China
Prior art keywords
paillier
ciphertext
floating point
plaintext
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210638770.3A
Other languages
Chinese (zh)
Inventor
汤寒林
彭长根
万云飞
许德权
徐旭彬
李绍龙
丁红发
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guizhou Chinadatapay Network Technology Co ltd
Guizhou University
Original Assignee
Guizhou Chinadatapay Network Technology Co ltd
Guizhou University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guizhou Chinadatapay Network Technology Co ltd, Guizhou University filed Critical Guizhou Chinadatapay Network Technology Co ltd
Priority to CN202210638770.3A priority Critical patent/CN114866221A/en
Publication of CN114866221A publication Critical patent/CN114866221A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/008Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to an improved addition homomorphic encryption method supporting floating point operation, which comprises the following steps: SA, generating a secret key PaiOpt key ={pk Paillier ,pk Paillier ,g,a,L K ,M K The generation steps specifically include: SA-1, generating public key pk by using Paillier algorithm Paillier And the private key sk Paillier (ii) a SA-2, randomly taking floating point numbers g and a as the encrypted base number of the plaintext m; SA-3, randomly taking two positive integers L K And M K (ii) a SB, encrypting a plaintext m to obtain a ciphertext c, wherein the ciphertext c is EncNum (L) V ,R V ) SD, L for said ciphertext c V And R V The item is decrypted to obtain the plaintext m. The encryption method of the application preserves the addition homomorphism of the original Paillier scheme to integers,meanwhile, homomorphic addition calculation of floating point numbers is supported; in the encryption process, random disturbance parameters are added, and the original Paillier algorithm is used for controlling access to the disturbance parameters, so that the safety is improved; and modulo operation is not used, so that any addition operation is supported, and the usability is improved.

Description

Improved addition homomorphic encryption method supporting floating point operation
Technical Field
The application relates to the technical field of computers, in particular to an improved addition homomorphic encryption method supporting floating point operation.
Background
With the wide application of cloud computing, especially the processing of a large amount of data on a cloud platform, how to safely and effectively protect privacy and security of a user becomes a hotspot in the field of current cryptography research. If the data is stored in a clear text form, the face data may be exposed to a cloud service provider, and a series of security problems are brought to the confidential data of the user.
To solve this problem, homomorphic encryption schemes have been developed. Homomorphic encryption is a cryptographic technique based on the theory of computational complexity of mathematical problems. The homomorphic encrypted data is processed to produce an output, which is decrypted in the same manner as the unencrypted original data. The homomorphic encryption has the advantages that a user can still analyze and retrieve specific encrypted data under the condition of data encryption, the data processing efficiency is improved, and the data security transmission is ensured.
According to the supported calculation types and the supported degree, the homomorphic encryption can be divided into the following three types:
1) semi-Homomorphic Encryption (PHE): only one of addition or multiplication is supported. Among them, what supports only addition operation is Addition Homomorphic Encryption (AHE);
2) partial Homomorphic Encryption (Somewhat Homomorphic Encryption, swe): the method can simultaneously support addition and multiplication operations, but the number of supported calculations is limited;
3) fully Homomorphic Encryption (FHE): any number of addition and multiplication operations are supported.
Due to the defects of the general safety calculation method and the fact that functions can be completed only by using one HE operation (such as addition) in certain specific scenes, PHE is largely used in the privacy calculation field, and has shadows in the schemes of a plurality of open source libraries (such as FATE) and a large amount of academic top meetings (such as S & P, NDSS). The PHE has the characteristics of high efficiency and supporting infinite addition or multiplication, becomes an important basic component of privacy calculation, and can assist in completing various privacy calculation functions.
At present, the commonly used semi-homomorphic encryption algorithms mainly adopt RSA algorithm, Elgamal algorithm and the like supporting multiplication homomorphism, Paillier algorithm, Benaloh algorithm and the like supporting addition homomorphy. Among the additive homomorphism algorithms, the Paillier encryption algorithm [ P.Paillier, "Public-Key cryptography Based on Composite knowledge Classes", 1999] is the one with the best overall performance. The algorithm is the first addition homomorphic encryption cryptosystem based on the judgment of the composition residue problem, is proposed by a student Paillier in 1999, is based on the judgment of the composition residue problem in security, and is a widely used public key encryption algorithm. The method comprises the following specific steps:
1) and (3) generation of a public key and a private key: randomly taking large prime numbers p and q, and enabling [ n ═ pq and lambda (n) ═ lcm (p-1, q-1)]Lcm () is the least common multiple of two parameters. And defines the function l (n) ═ n-1)/n. Selecting random numbers
Figure BDA0003681580050000021
And satisfies the condition of mu ═ L (g) λ modn 2 )) -1 . Are present. At this time, the public key is (n, g) and the private key is (λ, μ).
2) And (3) encryption process: for plaintext m, m ∈ Z N Selecting a random number r<n, the encryption process is that c is g m r n (modn 2 )。
3) And (3) decryption process: for the ciphertext c, the decryption process is
Figure BDA0003681580050000022
However, the performance of the conventional Paillier algorithm is still good when processing a small range of integers, floating point type data with higher occurrence frequency in an actual application scene is not supported, and the Paillier algorithm is based on modular operation and only supports limited times of addition operation, so that the modular space and the integer space are not in a one-to-one mapping relationship.
Therefore, in order to satisfy the requirement of higher-frequency floating-point number encryption in practical application scenarios, it is important to demand a semi-homomorphic addition encryption scheme supporting floating-point number encryption and unlimited number of addition operations.
Disclosure of Invention
The present invention is directed to overcoming the above-mentioned disadvantages of the prior art and providing an improved addition homomorphic encryption method supporting floating point arithmetic that supports floating point number encryption and unlimited number of addition operations.
In order to achieve the above object, the present invention has the following configurations:
the invention comprises an improved addition homomorphic encryption method supporting floating point operation, which comprises the following steps:
SA, generating a secret key PaiOpt key ={pk Paillier ,pk Paillier ,g,a,L K ,M K The generation steps specifically include:
SA-1, generating public key pk using Paillier algorithm Paillier And the private key sk Paillier
SA-2, randomly taking floating point numbers g and a as the encrypted base number of the plaintext m;
SA-3, randomly taking two positive integers L K And M K
SB, encrypting a plaintext m to obtain a ciphertext c, wherein the ciphertext c is EncNum (L) V ,R V ) The encryption step specifically comprises:
SB-1, generating a random disturbance parameter k, wherein k is a bounded positive integer and is in a range of (L) K ,M K );
SB-2, obtaining public key pk Paillier Using the public key pk Paillier Encrypting the random disturbance parameter k to obtain L V =Enc Paillier (k);
SB-3, obtaining random floating point numbers g and a random disturbance parameter k to obtain R V =g m×a+k
And the SD decrypts the ciphertext c to obtain a plaintext m, and the decryption step specifically comprises the following steps:
SD-1, using said private key sk Paillier For the L V Item decryption is carried out to obtain a random disturbance parameter k;
SD-2, using the random floating point number g, a and the random disturbance parameter k to R of the ciphertext c V The item is decrypted to obtain m.
In the preferred improved addition homomorphic encryption method supporting floating point operation, the plaintext m and the ciphertext c are respectively a plaintext set and a ciphertext set, a plurality of plaintexts are encrypted through the step SB, and the plaintext m is encrypted 1 To m t Encrypted as ciphertext c 1 To c t
The encryption method also comprises a step SC of encrypting the ciphertext c 1 And c 2 C is obtained by addition or subtraction 3 Or c 4
In the preferred improved addition homomorphic encryption method supporting floating-point operation, the step SC is specifically included in the addition operation,
SC-1, utilizing homomorphism of Paillier encryption scheme to encrypt L in ciphertext V The terms are added, and the formula is: enc Paillier (k 1 )+Enc Paillier (k 2 )=Enc Paillier (k 1 +k 2 );
SC-2, R in ciphertext V The terms are multiplied by the formula:
Figure BDA0003681580050000031
SC-3, to obtain ciphertext c 3 Cryptograph
Figure BDA0003681580050000032
In a preferred modified addition homomorphic encryption method supporting floating-point operations, said step SC is a subtraction operation specifically comprising,
SC-1, utilizing homomorphism of Paillier encryption scheme to encrypt L in ciphertext V The term is subtracted, the formula is: enc Paillier (k 1 )-Enc Paillier (k 2 )=Enc Paillier (k 1 -k 2 );
SC-2, R in ciphertext V The term divides by the formula:
Figure BDA0003681580050000033
SC-3, to obtain ciphertext c 4 Cryptograph
Figure BDA0003681580050000034
In the preferred improved addition homomorphic encryption method supporting floating point operation, said L K And M K Need to satisfy M K =(p+1)×L K P, where p is a positive integer greater than 2, L K Taking an integer in excess of 100.
In the preferred improved addition homomorphic encryption method supporting floating point operation, the value of p is larger than 10.
The application also includes a decryption method for generating a ciphertext using the above encryption method, comprising the steps of,
SD, decrypting the ciphertext c to obtain a plaintext m, DecNum (c), specifically comprising the steps of,
SD-1, obtaining private key sk Paillier Using the private key sk Paillier For L in the ciphertext c V Decrypting the item to obtain a disturbance parameter k, k ═ Dec Paillier (L V );
SD-2, floating point numbers g and a are obtained, and the perturbation parameter k is substituted into a formula m-log g (g ((m×a+k)-k)/a ) And obtaining a plaintext m.
In a preferred decryption method, when the encryption method is an addition operation, the step SD is specifically,
SD1, decrypting the ciphertext c 3 The method specifically comprises the following steps of,
SD1-1, obtaining private key sk Paillier Using the private key sk Paillier For ciphertext c 3 L in (1) V Decrypting the item to obtain a disturbance parameter k 1 And k 2 ,k 1 +k 2 =Dec Paillier (L V )==Dec Paillier (k 1 +k 2 );
SD1-2, floating point numbers g and a are obtained, and the perturbation parameter k is used 1 +k 2 For decrypting c 3 R in (1) V Term, get m 1 +m 2
Figure BDA0003681580050000041
In a preferred decryption method, when the encryption method is a subtraction operation, said step SD is specifically,
SD2, decrypting the ciphertext c 4 The method specifically comprises the following steps of,
SD2-1, obtaining private key sk Paillier Using the private key sk Paillier For ciphertext c 4 L in (1) V Decrypting the item to obtain a disturbance parameter k 1 And k 2 ,k 1 -k 2 =Dec Paillier (L V )==Dec Paillier (k 1 -k 2 );
SD2-2, floating point numbers g and a are obtained, and the perturbation parameter k is used 1 -k 2 For decrypting c 4 R in (1) V Term, get m 1 -m 2
Figure BDA0003681580050000042
In a preferred decryption method, comprising a key generation module, an encryption module and a decryption module,
the key generation module is used for generating a key PaiOpt key ={pk Paillier ,pk Paillier ,g,a,L K ,M K The generating step specifically comprises: generation of public key pk using Paillier algorithm Paillier And the private key sk Paillier (ii) a Randomly taking floating point numbers g and a as the encrypted base numbers of the plaintext m; randomly taking two positive integers L K And M K
The encryption module is used for encrypting a plaintext m to obtain a ciphertext c, wherein the ciphertext c is EncNum (L) V ,R V ) The encryption step specifically comprises: generating a random disturbance parameter k, wherein k is a bounded positive integer and the range is (L) K ,M K ) (ii) a Obtaining a public key pk Paillier Using the public key pk Paillier Encrypting the random disturbance parameter k to obtain L V =Enc Paillier (k) (ii) a Obtaining random floating point numbers g and a random disturbance parameter k to obtain R V =g m×a+k
The decryption module is used for decrypting the ciphertext c to obtain a plaintext m, wherein m is DecNum (c), and the decryption module specifically comprises the step of obtaining a private key sk Paillier Using the private key sk Paillier For L in the ciphertext c V Decrypting the item to obtain a disturbance parameter k, k being Dec Paillier (L V ) (ii) a Obtaining floating point numbers g and a, and substituting the perturbation parameter k into a formula m-log g (g ((m×a+k)-k)/a ) And obtaining a plaintext m.
The present application also includes a computer storage medium having computer readable instructions stored thereon that are executable by a processor to implement the above-described encryption method.
The application provides an improved addition homomorphic encryption method supporting floating point operation, which comprises the following steps: SA, generating a secret key PaiOpt key ={pk Paillier ,pk Paillier ,g,a,L K ,M K The generation steps specifically include: SA-1, generating public key pk using Paillier algorithm Paillier And the private key sk Paillier (ii) a SA-2, randomly taking floating point numbers g and a as the encrypted base number of the plaintext m; SA-3, randomTaking two positive integers L K And M K (ii) a SB, encrypting a plaintext m to obtain a ciphertext c, wherein the ciphertext c is EncNum (L) V ,R V ) SD, L for said ciphertext c V And R V item And decrypting to obtain the plaintext m. The encryption method of the application keeps the addition homomorphism of the original Paillier scheme to the integer, and simultaneously supports homomorphic addition calculation to the floating point number; in the encryption process, random disturbance parameters are added, and the original Paillier algorithm is used for controlling access to the disturbance parameters, so that the safety is improved; and modular operation is not used, so that any addition operation is supported, and the usability is improved.
Drawings
FIG. 1 is a schematic diagram of the steps of a preferred encryption method of the present invention;
fig. 2 is a schematic diagram of a preferred encryption system of the present invention.
Detailed Description
The technical solutions in the embodiments of the present disclosure will be clearly and completely described below with reference to the accompanying drawings, and it is to be understood that the described embodiments are only some embodiments of the present disclosure, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the disclosed embodiments without making any creative effort, also belong to the protection scope of the present invention.
The invention comprises an improved addition homomorphic encryption method supporting floating point operation, which comprises the following steps:
SA, generating a secret key PaiOpt key ={pk Paillier ,sk Paillier ,g,a,L K ,M K The generation steps specifically include:
SA-1, generating public key pk using Paillier algorithm Paillier And the private key sk Paillier
SA-2, randomly taking floating point numbers g and a as the encrypted base number of the plaintext m;
SA-3, randomly taking two positive integers L K And M K
SB, encrypting a plaintext m to obtain a ciphertext c, wherein the ciphertext c is EncNum(L V ,R V ) The encryption step specifically comprises:
SB-1, generating a random disturbance parameter k, wherein k is a bounded positive integer and is in a range of (L) K ,M K );
SB-2, obtaining public key pk Paillier Using the public key pk Paillier Encrypting the random disturbance parameter k to obtain L V =Enc Paillier (k);
SB-3, obtaining random floating point numbers g and a random disturbance parameter k to obtain R V =g m×a+k
And the SD decrypts the ciphertext c to obtain a plaintext m, and the decryption step specifically comprises the following steps:
SD-1, using said private key sk Paillier For the L V Item decryption is carried out to obtain a random disturbance parameter k;
SD-2, using the random floating point number g, a and the random disturbance parameter k to R of the ciphertext c V The item is decrypted to obtain m.
In the preferred improved addition homomorphic encryption method supporting floating-point operation, two positive integers L are randomly taken K And M K As the value range of the random disturbance parameter k, where M K Greater than L K Said L is K And M K Need to satisfy M K =(p+1)× L K P, where p is a positive integer greater than 2, L K Taking integers in excess of 100. In a preferred embodiment, the value of p is greater than 10, and the larger the value of p is, the higher the security is.
The encryption algorithm of the application reserves the public key pk in the Paillier algorithm Paillier And the private key sk Paillier Compared with the key in the original Paillier algorithm, the generation mode of the method only comprises the public key pk Paillier And the private key sk Paillier (ii) a The encryption algorithm of the application is additionally provided with a random disturbance parameter k and randomly taking floating point numbers g and a for the encryption algorithm.
The encryption operation of the original Paillier algorithm is to obtain a ciphertext through modular operation, so that the plaintext and the ciphertext can only be integers. Floating point numbers cannot be encrypted. Book (I)The applied technical scheme does not use modular operation, and a public key pk is obtained by a Paillier algorithm Paillier And the private key sk Paillier On the basis of (2) performing cryptographic calculations that may be directed to floating point numbers.
The specific encryption method is to design the cryptograph c as a binary group, where c is EncNum (L) V ,R V ) Is composed of L V And R V Two, preferably, wherein L V The generation method is that the Paillier encryption algorithm is used, and a public key pk is assumed Paillier Is (n, b)
The generation mode of the public key and the private key is as follows: randomly taking large prime numbers p and q, making n ═ pq and λ (n) ═ lcm (p-1, q-1)]Lcm () is the least common multiple of two parameters. And defines the function l (n) ═ n-1)/n. Selecting random numbers
Figure BDA0003681580050000061
And satisfies the condition of mu ═ L (b) λ modn 2 )) -1 . Are present. At this time, the public key is (n, b) and the private key is (λ, μ). And generating a random disturbance parameter k, wherein k is a bounded positive integer and the range is (L) K ,M K );
The encryption process is that for plaintext m, ciphertext L v =b m k n (modn 2 ) To obtain the ciphertext L of the integer V An item.
The encryption method of the application also comprises R V Item, the R V The method is different from the Paillier algorithm in the prior art, floating point numbers can be encrypted, and the specific method is to obtain random floating point numbers g and a in a secret key and a random disturbance parameter k to obtain R V =g m×a+k . R in the doublet V The floating point number can be encrypted by the computing mode without adopting modular operation, and the encrypted result also retains the floating point number.
The decryption method of the application passes the private key sk Paillier For L in the ciphertext c V Decrypting the item to obtain a disturbance parameter k ═ Dec Paillier (LV) which may directly use the decryption method of the Paillier algorithm. Then floating point numbers g and a in the key are obtained, and then the calculated perturbation parameter k is substituted into a formula logarithm formula to obtainThe plaintext data m.
Preferably, the homomorphic encryption method of the present application includes the steps of,
SA, generating a system key PaiOpt key ={pk Paillier ,sk Paillier ,g,a,L K ,M K };
SB and SC, set m in plaintext as m 1 ,m 2 ,……m t As input, using the secret key PaiOpt key Encrypting the plaintext to obtain a ciphertext set c ═ { c ═ c 1 .c 2 ……c t };
SD, based on the obtained cipher text set c ═ { c ═ c 1 .c 2 ……c t }; using the secret key PaiOpt key And decrypting the data to obtain the plaintext data.
It should be understood that the subscripts of the plaintext m and the ciphertext c described in the specification and the claims of the present application are only used for illustration and convenience of description, and are not used as a limitation and specific reference to the number of the plaintext and the ciphertext. Any number of plaintext and ciphertext produced by the technical scheme of the application belong to the protection scope of the application.
In the preferred improved addition homomorphic encryption method supporting floating-point operation, a plurality of plaintexts m are encrypted through the step SB, and the plaintexts m are encrypted 1 And m 2 Encrypted as ciphertext c 1 And c 2
The addition or subtraction in the encryption algorithm may be performed by a different entity than the plaintext encryption and key generation entity. The party performing addition or subtraction in the encryption algorithm is called a homomorphic operator, and the party performing plaintext encryption and key generation is called a requesting party. And the homomorphic operation party performs addition operation on the encrypted ciphertext c to obtain operated ciphertext data, transmits the operated ciphertext data back to the demand party, decrypts the operated ciphertext data by the demand party, and obtains the operated plaintext data based on the characteristic of homomorphic operation. In the technical scheme of the application, the homomorphic arithmetic party can only receive the ciphertext data, and the original plaintext data and the secret key are both reserved in the demand party, so that the safety degree is high.
The encryption method further comprises the step ofSC, for the ciphertext c 1 And c 2 C is obtained by addition or subtraction 3 Or c 4
In the preferred improved addition homomorphic encryption method supporting floating-point operation, the step SC is specifically included in the addition operation,
SC-1, utilizing homomorphism of Paillier encryption scheme to encrypt L in ciphertext V The terms are added, and the formula is: enc Paillier (k 1 )+Enc Paillier (k 2 )=Enc Paillier (k 1 +k 2 );
SC-2, R in ciphertext V The terms are multiplied by the formula:
Figure BDA0003681580050000071
SC-3, to obtain ciphertext c 3 Cryptograph
Figure BDA0003681580050000072
The addition operation of the present application is respectively on L V And R V Performing operation on L in the ciphertext V The term being the operation of directly adding two terms, R in ciphertext V The term multiplication is converted into addition of exponentials, and the computer performs addition operation. Get the corresponding doublet c 3
Compared with the Paillier algorithm in the prior art, the addition homomorphism property of the Paillier algorithm is directed at L V The terms are modulo multiplied. And the application also increases R V Homomorphic operation of the terms.
In other preferred improved addition homomorphic encryption methods that support floating-point operations, a subtraction operation on the ciphertext is also included, including in particular,
SC-1, utilizing homomorphism of Paillier encryption scheme to encrypt L in ciphertext V The term is subtracted, the formula is: enc Paillier (k 1 )-Enc Paillier (k 2 )=Enc Paillier (k 1 -k 2 );
SC-2, R in ciphertext V The term divides by the formula:
Figure BDA0003681580050000073
SC-3, to obtain ciphertext c 4 Cryptograph
Figure BDA0003681580050000074
The application also includes a decryption method for generating a ciphertext by applying the encryption method, which is characterized by comprising a step of SD, decrypting the ciphertext c to obtain a plaintext m, wherein m is DecNum (c), and the method specifically comprises the steps of,
SD-1, obtaining private key sk Paillier Using the private key sk Paillier For L in the ciphertext c V Decrypting the item to obtain a random disturbance parameter k, k being Dec Paillier (L V );
SD-2, floating point numbers g and a are obtained, and the random disturbance parameter k is substituted into a formula m-log g (g ((m×a+k)-k)/a ) And obtaining a plaintext m.
Optionally, the application uses the Paillier algorithm to pair L V Decrypting the item to obtain a random disturbance parameter k, and obtaining floating point numbers g and a and the calculated random disturbance parameter k to R V And decrypting the item, specifically obtaining a plaintext m through logarithm operation.
In a preferred decryption method, when the encryption method is an addition operation, the step SD is specifically,
SD1, decrypting the ciphertext c 3 The method specifically comprises the following steps of,
SD1-1, obtaining private key sk Paillier Using the private key sk Paillier For ciphertext c 3 L in (1) V Decrypting the item to obtain a disturbance parameter k 1 And k 2 ,k 1 +k 2 =Dec Paillier (L V )==Dec Paillier (k 1 +k 2 );
SD1-2, floating point numbers g and a are obtained, and the perturbation parameter k is used 1 +k 2 For decrypting c 3 R in (1) V Term, get m 1 +m 2
Figure BDA0003681580050000081
In another preferred decryption method, when the encryption method is a subtraction operation, the step SD is specifically,
SD2, decrypting the ciphertext c 4 The method specifically comprises the following steps of,
SD2-1, obtaining private key sk Paillier Using the private key sk Paillier For ciphertext c 4 L in (1) V Decrypting the item to obtain a disturbance parameter k 1 And k 2 ,k 1 -k 2 =Dec Paillier (L V )==Dec Paillier (k 1 -k 2 );
SD2-2, floating point numbers g and a are obtained, and the perturbation parameter k is used 1 -k 2 For decrypting c 4 R in (1) V Term, get m 1 -m 2
Figure BDA0003681580050000082
By the above decryption step, the plaintext after operation can be obtained from the ciphertext after operation, for example, c after operation 3 And c 4 (c 3 And c 4 From c 1 And c 2 Obtained by operation), m is obtained 1 +m 2 And m 1 -m 2
It should be understood that the present application is an encryption algorithm based on Paillier algorithm optimization, and therefore, the Paillier algorithm is taken as the prior art of the present application, and the technical solutions thereof can be directly applied to the present application and combined with the technical solutions of the present application.
The above encryption algorithm is executed, and the following table shows the specific execution result of the method.
Experimental conditions as shown in table 1, specific experiments were performed using GNU high-precision arithmetic operation library (GMP);
CPU AMD R7 5800H
memory device 16G
Number of threads 1
Operating system Windows 10
Calculating security parameters 128bits
TABLE 1 Experimental conditions
The scheme is used for respectively carrying out encryption, decryption and addition and subtraction operation tests on the small integer, the large integer, the small floating point number and the large floating point number, and the test results are shown in the table 2:
Figure BDA0003681580050000083
Figure BDA0003681580050000091
table 2 Performance of the Paillier optimization scheme on different types of data in operation
The experimental results of table 2 are integrated, and the method not only supports homomorphic encryption of integers, but also can directly encrypt and homomorphic calculate floating point numbers, and does not need to map the floating point numbers into the integers by other means and then calculate the integers, so that the operation efficiency is improved; because modular exponentiation is not employed, the present invention supports any number of addition operations. Therefore, the invention has substantial technical characteristics and remarkable technical progress.
In a preferred decryption method, comprising a key generation module, an encryption module and a decryption module,
the key generation module is used for generating a key PaiOpt key ={pk Paillier ,pk Paillier ,g,a,L K ,M K The generating step specifically comprises: generation of public key pk using Paillier algorithm Paillier And the private key sk Paillier (ii) a Randomly taking floating point numbers g and a as the encrypted base numbers of the plaintext m; randomly taking two positive integers L K And M K
The encryption module is used for encrypting a plaintext m to obtain a ciphertext c, wherein the ciphertext c is EncNum (L) V ,R V ) The encryption step specifically comprises: generating a random disturbance parameter k, wherein k is a bounded positive integer and the range is (L) K ,M K ) (ii) a Obtaining a public key pk Paillier Using the public key pk Paillier Encrypting the random disturbance parameter k to obtain LV-Enc Paillier (k) (ii) a Acquiring random floating point numbers g and a random disturbance parameter k to obtain RV (g) m×a+k
The decryption module is configured to decrypt the ciphertext c to obtain a plaintext m, m being decnum (c), and specifically includes a step of obtaining a private key sk Paillier Using the private key sk Paillier For L in the ciphertext c V Decrypting the item to obtain a disturbance parameter k, k ═ Dec Paillier (L V ) (ii) a Obtaining floating point numbers g and a, and substituting the perturbation parameter k into a formula m-log g (g ((m×a+k)-k)/a ) And obtaining a plaintext m.
The third party performs homomorphic addition and subtraction operation, wherein the addition operation specifically comprises the step of utilizing homomorphism of the Paillier encryption scheme to carry out the L operation on the ciphertext V The terms are added, and the formula is: enc Paillier (k 1 )+Enc Paillier (k 2 )=Enc Paillier (k 1 +k 2 ) (ii) a R in ciphertext V The terms are multiplied by the formula:
Figure BDA0003681580050000101
obtain the ciphertext c 3 Cryptograph
Figure BDA0003681580050000102
Similarly, the third party can also be used for subtraction, and the technical scheme is the same as that described above. And the third party end sends the operated result to the decryption end.
And the decryption module in the decryption end decrypts the calculated ciphertext according to the decryption method.
The present application also includes a computer storage medium having computer readable instructions stored thereon that are executable by a processor to implement the above-described encryption method.
As used in this application and the appended claims, the terms "comprises" and "comprising" generally indicate that the steps and elements so identified are not to be considered in an exclusive list, and that the method or apparatus may include other steps or elements.
The components, relative arrangements, functions, and numerical values set forth in these embodiments do not limit the scope of the present invention unless specifically stated otherwise. Also, it will be apparent that the dimensions of the various parts shown in the drawings are not drawn to scale in practice for ease of description. Techniques, methods and apparatus that are known to those of ordinary skill in the relevant art have not been described in detail for the time being, but are intended to be part of the specification as appropriate. In all examples shown and discussed herein, any particular value should be construed as exemplary only and not as a limitation. Thus, other examples of step-wise embodiments may have a different order of precedence.
The foregoing is illustrative of the present invention and is not to be construed as limiting thereof. Although a few exemplary embodiments of the present invention have been described, those skilled in the art will readily appreciate that many modifications are possible in the exemplary embodiments without materially departing from the novel teachings and advantages of this invention. Accordingly, all such modifications are intended to be included within the scope of this invention as defined in the claims. It is to be understood that the foregoing is illustrative of the present invention and is not to be construed as limited to the specific embodiments disclosed, and that modifications to the disclosed embodiments, as well as other embodiments, are intended to be included within the scope of the appended claims. The invention is defined by the claims and their equivalents.

Claims (10)

1. An improved addition homomorphic encryption method supporting floating point operations, comprising the steps of:
SA, generating a secret key PaiOpt key ={pk Paillier ,pk Paillier ,g,a,L K ,M K The generation steps specifically include:
SA-1, generating public key pk using Paillier algorithm Paillier And the private key sk Paillier
SA-2, randomly taking floating point numbers g and a as the encrypted base number of the plaintext m;
SA-3, randomly taking two positive integers L K And M K
SB, encrypting a plaintext m to obtain a ciphertext c, wherein the ciphertext c is EncNum (L) V ,R V ) The encryption step specifically comprises:
SB-1, generating a random disturbance parameter k, wherein k is a bounded positive integer and is in a range of (L) K ,M K );
SB-2, obtaining public key pk Paillier Using the public key pk Paillier Encrypting the random disturbance parameter k to obtain L V =Enc Paillier (k);
SB-3, obtaining random floating point numbers g and a random disturbance parameter k to obtain R V =g m×a+k
And the SD decrypts the ciphertext c to obtain a plaintext m, and the decryption step specifically comprises the following steps:
SD-1, using said private key sk Paillier For the L V Item decryption is carried out to obtain a random disturbance parameter k;
SD-2, using said random floating point number g, a and said random disturbance parameter k to said cipher textR of c V The item is decrypted to obtain m.
2. The improved addition homomorphic encryption method for supporting floating point operations as claimed in claim 1, wherein said plaintext m and said ciphertext c are respectively a plaintext set and a ciphertext set, said step SB encrypts a plurality of plaintext m, and said plaintext m 1 To m t Encrypted as ciphertext c 1 To c t
The encryption method also comprises a step SC of adding or subtracting the ciphertext set.
3. The improved addition homomorphic encryption method in support of floating point operations as claimed in claim 2, wherein said step SC is an addition operation comprising,
SC-1, utilizing homomorphism of Paillier encryption scheme to encrypt L in ciphertext V The terms are added, and the formula is: enc Paillier (k 1 )+Enc Paillier (k 2 )=Enc Paillier (k 1 +k 2 );
SC-2, R in ciphertext V The terms are multiplied by the formula:
Figure FDA0003681580040000011
SC-3, to obtain a ciphertext c 3 Cryptograph
Figure FDA0003681580040000012
4. The improved addition homomorphic encryption method in support of floating point operations as claimed in claim 2, wherein said step SC is a subtraction operation comprising,
SC-1, utilizing homomorphism of Paillier encryption scheme to encrypt L in ciphertext V The term is subtracted, the formula is: enc Paillier (k 1 )-Enc Paillier (k 2 )=Enc Paillier (k 1 -k 2 );
SC-2, cipher textR in (1) V The term divides by the formula:
Figure FDA0003681580040000021
SC-3, to obtain ciphertext c 4 Cryptograph
Figure FDA0003681580040000022
5. The improved addition homomorphic encryption method for supporting floating point operations as claimed in claim 1, wherein said L K And M K Need to satisfy M K =(p+1)×L K P, where p is a positive integer greater than 2, L K Taking integers in excess of 100.
6. The improved addition homomorphic encryption method of claim 5 in which said value of p is greater than 10.
7. The improved addition homomorphic encryption method supporting floating point operations as claimed in claim 1, wherein said step SD specifically decrypts said ciphertext c to obtain plaintext m, m ═ DecNum (c), specifically includes the steps of,
SD-1, obtaining private key sk Paillier Using the private key sk Paillier For L in the ciphertext c V Decrypting the item to obtain a disturbance parameter k, k being Dec Paillier (L V );
SD-2, floating point numbers g and a are obtained, and the perturbation parameter k is substituted into a formula m-log g (g ((m×a+k)-k)/a ) And obtaining a plaintext m.
8. The improved addition homomorphic encryption method in support of floating point operations as claimed in claim 2, wherein, when the encryption method is an addition operation, the decryption algorithm is specifically,
the SD1, decrypting the ciphertext after the addition, specifically includes the steps of,
SD1-1, obtained fromGet private key sk Paillier Using the private key sk Paillier For L in ciphertext V Decrypting the item to obtain a disturbance parameter k 1 And k 2 ,k 1 +k 2 =Dec Paillier (L V )==Dec Paillier (k 1 +k 2 );
SD1-2, floating point numbers g and a are obtained, and the perturbation parameter k is used 1 +k 2 For decrypting R in ciphertext V Term, get m 1 +m 2
Figure FDA0003681580040000023
9. The improved addition homomorphic encryption method supporting floating point operations as claimed in claim 2, wherein when the encryption method is a subtraction operation, the decryption algorithm is specifically,
the SD2, decrypting the ciphertext after the subtraction, specifically includes the steps,
SD2-1, obtaining private key sk Paillier Using the private key sk Paillier For L in ciphertext V Decrypting the item to obtain a disturbance parameter k 1 And k 2 ,k 1 -k 2 =Dec Paillier (L V )==Dec Paillier (k 1 -k 2 );
SD2-2, floating point numbers g and a are obtained, and the perturbation parameter k is used 1 -k 2 For decrypting R in ciphertext V Term, get m 1 -m 2
Figure 1
10. An improved addition homomorphic encryption system supporting floating point operation is characterized by comprising a key generation module, an encryption module and a decryption module,
the key generation module is used for generating a key PaiOpt key ={pk Paillier ,pk Paillier ,g,a,L K ,M K The generation step ofThe method comprises the following steps: generating public key pk using Paillier algorithm Paillier And the private key sk Paillier (ii) a Randomly taking floating point numbers g and a as the encrypted base numbers of the plaintext m; randomly taking two positive integers L K And M K
The encryption module is used for encrypting a plaintext m to obtain a ciphertext c, wherein the ciphertext c is EncNum (L) V ,R V ) The encryption step specifically comprises: generating a random disturbance parameter k, wherein k is a bounded positive integer and the range is (L) K ,M K ) (ii) a Obtaining a public key pk Paillier Using the public key pk Paillier Encrypting the random disturbance parameter k to obtain L V =Enc Paillier (k) (ii) a Obtaining random floating point numbers g and a random disturbance parameter k to obtain R V =g m×a+k
The decryption module is used for decrypting the ciphertext c to obtain a plaintext m, wherein m is DecNum (c), and the decryption module specifically comprises the step of obtaining a private key sk Paillier Using the private key sk Paillier For L in the ciphertext c V Decrypting the item to obtain a disturbance parameter k, k being Dec Paillier (L V ) (ii) a Obtaining floating point numbers g and a, and substituting the perturbation parameter k into a formula m-log g (g ((m×a+k)-k)/a ) And obtaining a plaintext m.
CN202210638770.3A 2022-06-07 2022-06-07 Improved addition homomorphic encryption method supporting floating point operation Pending CN114866221A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210638770.3A CN114866221A (en) 2022-06-07 2022-06-07 Improved addition homomorphic encryption method supporting floating point operation

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210638770.3A CN114866221A (en) 2022-06-07 2022-06-07 Improved addition homomorphic encryption method supporting floating point operation

Publications (1)

Publication Number Publication Date
CN114866221A true CN114866221A (en) 2022-08-05

Family

ID=82624416

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210638770.3A Pending CN114866221A (en) 2022-06-07 2022-06-07 Improved addition homomorphic encryption method supporting floating point operation

Country Status (1)

Country Link
CN (1) CN114866221A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116090017A (en) * 2023-04-12 2023-05-09 东南大学 Paillier-based federal learning data privacy protection method
CN117234457A (en) * 2023-11-10 2023-12-15 蓝象智联(杭州)科技有限公司 Data subtraction operation method for privacy calculation
CN117527192A (en) * 2024-01-08 2024-02-06 蓝象智联(杭州)科技有限公司 Paillier decryption method based on GPU

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116090017A (en) * 2023-04-12 2023-05-09 东南大学 Paillier-based federal learning data privacy protection method
CN117234457A (en) * 2023-11-10 2023-12-15 蓝象智联(杭州)科技有限公司 Data subtraction operation method for privacy calculation
CN117234457B (en) * 2023-11-10 2024-01-26 蓝象智联(杭州)科技有限公司 Data subtraction operation method for privacy calculation
CN117527192A (en) * 2024-01-08 2024-02-06 蓝象智联(杭州)科技有限公司 Paillier decryption method based on GPU
CN117527192B (en) * 2024-01-08 2024-04-05 蓝象智联(杭州)科技有限公司 Paillier decryption method based on GPU

Similar Documents

Publication Publication Date Title
KR102251697B1 (en) Encryption apparatus, method for encryption and computer-readable recording medium
JP6697506B2 (en) System and method for fast public key encryption with an associated private key portion
EP1710952B1 (en) Cryptographic Applications of the Cartier Pairing
CN114866221A (en) Improved addition homomorphic encryption method supporting floating point operation
KR20160131798A (en) Method and system for additive homomorphic encryption scheme with error detection functionality
US11804960B2 (en) Distributed symmetric encryption
Wu Fully homomorphic encryption: Cryptography's holy grail
KR20150043062A (en) Computation Method of encrypted data using Homomorphic Encryption and Public Key Encryption and Server using the same
CN113254985B (en) Data encryption method, data processing method, data decryption method and electronic equipment
Saho et al. Survey on asymmetric cryptographic algorithms in embedded systems
Ryu et al. A Study on Partially Homomorphic Encryption
EP2395698A1 (en) Implicit certificate generation in the case of weak pseudo-random number generators
CN115065456A (en) Improved homomorphic multiplication encryption method supporting floating-point operation
Gaidhani et al. A SURVEY REPORT ON TECHNIQUES FOR DATA CONFIDENTIALITY IN CLOUD COMPUTING USING HOMOMORPHIC ENCRYPTION.
Srinivas et al. Encryption and decryption using elliptic curves for public key cryptosystems
WO2022054130A1 (en) Cryptosystem, method, and program
Sulaiman et al. Extensive analysis on images encryption using hybrid elliptic curve cryptosystem and hill cipher
Munjal et al. Analysing RSA and PAILLIER homomorphic Property for security in Cloud
JP2005084568A (en) Security method, security device and security program
Roy A homomorphism based zero knowledge proof of authentication for chinese remainder theorem based secret sharing
JP2019029751A (en) Encryption processing apparatus, encryption communication system, encryption processing method, and encryption processing program
Matthias et al. A Secure Model on Cloud using a Modified Rivest, Shamir and Adleman Algorithm along with Gray Codes
Yakubu et al. An improved RSA image encryption algorithm using 1-D logistic map
US11743039B2 (en) System and method for data encryption using key derivation
WO2024004116A1 (en) Key issuance device, information processing system, method, and computer-readable medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination