CN115378570A - Fully homomorphic encryption method with short ciphertext - Google Patents
Fully homomorphic encryption method with short ciphertext Download PDFInfo
- Publication number
- CN115378570A CN115378570A CN202210746577.1A CN202210746577A CN115378570A CN 115378570 A CN115378570 A CN 115378570A CN 202210746577 A CN202210746577 A CN 202210746577A CN 115378570 A CN115378570 A CN 115378570A
- Authority
- CN
- China
- Prior art keywords
- ciphertext
- key
- scheme
- algorithm
- homomorphic encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 37
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 19
- 238000000354 decomposition reaction Methods 0.000 claims description 6
- 101100457838 Caenorhabditis elegans mod-1 gene Proteins 0.000 claims description 3
- 101150110972 ME1 gene Proteins 0.000 claims description 3
- 230000001131 transforming effect Effects 0.000 claims description 3
- 230000008569 process Effects 0.000 abstract description 22
- 238000004364 calculation method Methods 0.000 abstract description 8
- HPTJABJPZMULFH-UHFFFAOYSA-N 12-[(Cyclohexylcarbamoyl)amino]dodecanoic acid Chemical compound OC(=O)CCCCCCCCCCCNC(=O)NC1CCCCC1 HPTJABJPZMULFH-UHFFFAOYSA-N 0.000 abstract description 2
- 239000011159 matrix material Substances 0.000 abstract description 2
- 238000012946 outsourcing Methods 0.000 abstract 1
- 239000010410 layer Substances 0.000 description 12
- 230000006870 function Effects 0.000 description 9
- 238000007792 addition Methods 0.000 description 3
- 238000005457 optimization Methods 0.000 description 3
- 238000006243 chemical reaction Methods 0.000 description 2
- 230000009467 reduction Effects 0.000 description 2
- 230000009466 transformation Effects 0.000 description 2
- 238000009825 accumulation Methods 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 239000002355 dual-layer Substances 0.000 description 1
- 238000007620 mathematical function Methods 0.000 description 1
- 238000012856 packing Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/008—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Complex Calculations (AREA)
Abstract
The invention belongs to the field of information security, and particularly relates to a fully homomorphic encryption method with a short ciphertext, which comprises the following steps of: 1. a key generation algorithm for generating a public key, a private key and a calculation key; 2. an encryption algorithm, which encrypts plaintext data by using a public key; 3. cipher text calculation, namely performing cipher state processing on the cipher text by using a calculation key; 4. and the decryption algorithm is used for decrypting the ciphertext to obtain plaintext data. Homomorphic encryption plays an important role in the fields of outsourcing calculation and privacy calculation. According to the scheme, the round function is applied to the encryption process, so that the scale of a ciphertext is effectively reduced; and the full homomorphic encryption scheme with the short ciphertext is realized based on the cuFHE software library by utilizing the characteristic that the GPU supports large-scale matrix operation. In the scheme, the running time of a single gate circuit (including a bootstrap process) on the CUDA platform is not more than 1 millisecond, compared with the classic CGGI17 scheme, the cipher text scale of the algorithm is reduced by 62%, and the practicability is high.
Description
Technical Field
The invention relates to the technical field of encryption, in particular to a fully homomorphic encryption method with a short ciphertext.
Background
Cryptographic researchers believe that "public key encryption opens up a new direction for cryptography, and practical fully homomorphic encryption schemes will spawn new distributed computing models". After 13 years of development, the efficiency of fully homomorphic encryption has been greatly improved, and even gradually approaches to practical application. In 1995, benaloh proposed a first homomorphic public key cryptography scheme that can perform an addition or multiplication homomorphic operation, and such scheme is also called Semi-homomorphic encryption (Semi-homomorphic encryption). In 2005, boneh et al proposed the first Homomorphic Encryption Scheme (SHE) that supports Homomorphic addition and multiplication and can run a lower order polynomial circuit. In 2009, gentry constructed the first Fully Homomorphic Encryption scheme (FHE) supporting any number of additions and any number of multiplications based on the ideal lattice difficulty problem and sparse subsets and problems. In 2011, brakerski and vaikunnataathan constructed BV11b solution using LWE hypothesis, introduced re-linearization and dimension reduction modeling techniques. In 2012, brakerski, gentry and vaikuntataathan et al optimize the model reduction technique based on the BV11b scheme to reduce the noise increase from exponential increase to linear increase, and construct a BGV12 scheme, which is a more efficient class of homomorphic encryption schemes at present. Halevi and Shoup then implemented the BGV12 scheme and corresponding ciphertext packing technique and optimization technique in GHS12b using the C + + language and the NTL mathematical function library, which is called hellib. In 2018, halevi and Shoup re-write the Helib code, and optimize the linear transformation used in the bootstrap process and other processes. The new algorithm is 30-75 times faster than the original HElib algorithm, and the scale of the calculated key is reduced by 33% -50%.
The speed of the bootstrap process affects the speed of the fully homomorphic encryption scheme, and the construction and optimization of the bootstrap process are a hot and difficult problem in fully homomorphic encryption research. In CRYPTO'2014, alperin and Peikert created the first two-layer fully homomorphic scheme AP14, i.e., a specially designed outer layer scheme is utilized to run the decryption circuit of the original scheme (inner layer scheme). The advantages of the two-layer fully homomorphic encryption scheme are: different outer layer schemes can be designed according to the characteristics of the decryption circuit of the inner layer scheme, so that the decryption circuit of the inner layer scheme can be operated efficiently, and the noise of the bootstrap process of the scheme is smaller than BV 14. However, as shown in fig. 1, compared to the conventional bootstrapping process, the bootstrapping process in the dual-layer homomorphic encryption scheme needs to be added with a third step of ciphertext transformation, that is, the outer layer ciphertext after the decryption circuit is run needs to be transformed into the inner layer ciphertext. The existence of this conversion step greatly limits the form of the outer ciphertext. In EUROCRYPT'2015, ducas and Micciancio construct a more efficient two-layer fully homomorphic scheme FHEW. In ASIACRYPT '2016, chillott et al construct a high-efficiency double-layer homomorphic scheme TFHE with bootstrap operation time less than 0.1 second and bootstrap key reduced from 1 Gbyte to 23 Mbytes in a structure of T = (0, 1). In ASIACRYPT'2017, chillott et al further optimize the accumulation process in the TFHE scheme, so that the calculation time of the bootstrap process is reduced to 13 milliseconds.
Currently, efficient fully homomorphic encryption schemes include the BGV type and the TFHE type. The BGV scheme and the optimization scheme thereof are typical high-efficiency hierarchical fully homomorphic schemes, the homomorphic computation circuit depth is related to safety parameters, and the suitable scene is multi-bit parallel computation. The TFHE scheme is efficient and homomorphic, and the more suitable scenario of the scheme is serial operation and logic operation. Pure homomorphic encryption can efficiently construct any logic circuit (operation) and does not need to preset the number of multiplication operations. The defect is that the clear ciphertext expansion of the scheme is large and reaches 16032, so that the practical problem which needs to be solved urgently is how to reduce the ciphertext scale under the condition that the scheme efficiency is not influenced, and therefore the communication traffic in the actual operation process is reduced.
Disclosure of Invention
The invention aims to provide a fully homomorphic encryption method with short ciphertext to solve the problems in the background art.
In order to achieve the purpose, the invention provides the following technical scheme:
the fully homomorphic encryption method with the short ciphertext comprises the following steps of:
the method comprises the following steps: initialization Setup (1) l ): inputting a security parameter l, defining LWE dimension n, key distribution c, gaussian distribution related parameter alpha and decomposition base B ks Decomposition order d ks ,
Outputting the system parameter pp LWE =(n,c,α,B ks ,d ks );
Step two: key generation KeyGen (pp) LWE ): randomly selecting LWE secret key s ← c n GSW key s ∈ B N [X] k . Generating a bootstrap key s, transforming the key KS s′→s,γ,t ={k i,j,v Therein of
Step three: encryption algorithm Enc (m, s): inputting a plaintext m e {0,1}, uniformly selecting a' ← T for the private key s n E ← c, calculate b' = -<a′,s>+ m/4+ e (mod 1), output ciphertext (b, a) = round p,q (b′,a′)∈Z 2N n+1 (ii) a Round function as used herein:
in an actual algorithm, p/q =4N, round functions can be expressed as
Step four: decryption algorithm Dec (c, s): inputting a ciphertext c and a private key s, and outputting m ', so that b + < a, s >. Apprxeq.m'/4 (mod 2N);
step five: homomorphic NAND gate HomNAND (c) 1 ,c 2 ): input mu 1 Corresponding ciphertext c 1 ,μ 1 Corresponding ciphertext c 2 Output NAND (mu) 1 ,μ 2 ) For is toThe corresponding ciphertext c.
Preferably, after the ciphertext output by the encryption algorithm is encrypted, the round function needs to be operated, so that the scale of the ciphertext is reduced
Compared with the prior art, the invention has the following beneficial effects:
the invention constructs a TFHE type fully homomorphic encryption scheme with short ciphertext through the scheme. By applying the round function to the encryption process, the scale of the ciphertext is effectively reduced; and the full homomorphic encryption scheme with the short ciphertext is realized based on the cuFHE software library by utilizing the characteristic that the GPU supports large-scale matrix operation. The experimental results show that: according to the scheme, the running time of a single gate circuit (including a bootstrap process) on the CUDA platform does not exceed 1 millisecond, and compared with the CGGI17 scheme, the cipher text scale of the algorithm is reduced by 62%.
Drawings
Fig. 1 shows a bootstrap process in a two-layer fully homomorphic encryption scheme.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments.
Referring to fig. 1, in one embodiment, a fully homomorphic encryption method with short ciphertext includes the following operations:
initialization Setup (1) l ): inputting a security parameter l, defining LWE dimension n, key distribution c, gaussian distribution related parameter alpha and decomposition base B ks Decomposition order d ks ,
Output system parameter pp LWE =(n,c,α,B ks ,d ks )。
Key generation KeyGen (pp) LWE ): randomly selecting LWE secret key s ← c n GSW key s ∈ B N [X] k . Generating a bootstrap key s, transforming the key KS s′→s,γ,t ={k i,j,v Therein of
Encryption algorithm Enc (m, s): inputting a plaintext m e {0,1}, uniformly selecting a' ← T for the private key s n E ← c, calculate b' = -<a′,s>+ m/4+ e (mod 1), output ciphertext (b, a) = round p,q (b′,a′)∈Z 2N n+1 . Round function as used herein:
in a practical algorithm, the p/q =4N round function taken herein can also be expressed as
Decryption algorithm Dec (c, s): ciphertext c is input, private key s, m 'is output such that b + < a, s > ≈ m'/4 (mod 2N).
Homomorphic NAND gate (including bootstrap process) HomNAND (c) 1 ,c 2 ): inputting mu 1 Corresponding ciphertext c 1 ,μ 1 Corresponding ciphertext c 2 Output NAND (mu) 1 ,μ 2 ) The corresponding ciphertext c.
Algorithm 1: homomorphic NAND Process (HomNAND):
the test items are: the homomorphic gate circuit calculates time, encryption time, decryption time and the like, so that two groups of 896-bit data are encrypted, and the homomorphic basic gate circuit NAND (including a bootstrap process) is operated. The experimental result shows that the scheme ciphertext expansion rate is reduced from 16032 to 6012, the single-bit encryption average time is 0.0711633 milliseconds, the decryption average time is 0.0008012 milliseconds, the average time of a basic gate circuit (including a bootstrap process) is 0.785347 milliseconds, and the scheme comparison experimental data are shown in the following table. Therefore, the scheme effectively reduces the scale of the ciphertext under the condition that other performances are close;
the embodiment discloses a fully homomorphic encryption method with short ciphertext, wherein the idea of the scheme is as follows: in the CGGI17 scheme, a single-bit ciphertext c is 32-bit data in 501 dimensions (plaintext expansion ratio is 16032), and the ciphertext is directly operated during homomorphic calculation. However, when the scheme is used for carrying out the bootstrap process on the ciphertext, the component c [ i ] of the ciphertext needs to be processed]Conversion to ring Z [ X ]]/X N X in +1 c[i] . For the calculation on the ring to be more efficient, the ring is usually taken to be Z [ X ]]/X 1024 +1. This results in 32 bits of ciphertext components and Z [ X ]]/X N X in +1 i The index creates a conflict. The solution of the CGGI17 scheme is to run a round function on the ciphertext before the bootstrap process, and reduce the ciphertext c of 501 dimension 32 bits to 501 dimension 11 bits, that is, most of redundant information of the ciphertext is discarded before the core step of the bootstrap process is run. The redundant information is discarded when the ciphertext is generated, namely the round function is operated in the ciphertext generation process, and analysis shows that the scale of the ciphertext can be effectively reduced by reasonably setting the round function, the noise is reduced to an acceptable range, and the scheme efficiency is further improved.
The above description is only for the specific embodiments of the present disclosure, but the scope of the present disclosure is not limited thereto, and any person skilled in the art can easily think of the changes or substitutions within the technical scope of the present disclosure, and shall cover the scope of the present disclosure. Therefore, the protection scope of the present disclosure shall be subject to the protection scope of the claims.
Claims (2)
1. The fully homomorphic encryption method with the short ciphertext is characterized by comprising the following steps of:
the method comprises the following steps: initialization Setup (1) l ): inputting a security parameter l, defining an LWE dimension n, a key distribution c, a Gaussian distribution related parameter alpha and a decomposition base B ks Decomposition order d ks ,
Outputting the system parameter pp LWE =(n,c,α,B ks ,d ks );
Step two: key generation KeyGen (pp) LWE ): randomly selecting LWE secret key s ← c n GSW key s ∈ B N [X] k . Generating a bootstrap key s, transforming the key KS s′→s,γ,t ={k i,j,v Therein of
Step three: encryption algorithm Enc (m, s): inputting a plaintext m e {0,1}, uniformly selecting a' ← T for the private key s n E ← c, calculate b' = -<a′,s>+ m/4+ e (mod 1), output ciphertext (b, a) = round p,q (b′,a′)∈Z 2N n+1 (ii) a Round function used:
in the practical algorithm, taking p/q =4N, round function can also be expressed as
Step four: decryption algorithm Dec (c, s): inputting a ciphertext c, a private key s, and outputting m ', so that b + < a, s > -is approximately equal to m'/4 (mod 2N);
step five: homomorphic NAND gate HomNAND (c) 1 ,c 2 ): inputting mu 1 Corresponding ciphertext c 1 ,μ 1 Corresponding ciphertext c 2 Output NAND (mu) 1 ,μ 2 ) The corresponding ciphertext c.
2. The fully homomorphic encryption method for short ciphertext according to claim 1, wherein: after the ciphertext output by the encryption algorithm is encrypted, a round function needs to be operated, so that the scale of the ciphertext is reduced.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210746577.1A CN115378570A (en) | 2022-06-28 | 2022-06-28 | Fully homomorphic encryption method with short ciphertext |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210746577.1A CN115378570A (en) | 2022-06-28 | 2022-06-28 | Fully homomorphic encryption method with short ciphertext |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115378570A true CN115378570A (en) | 2022-11-22 |
Family
ID=84061339
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210746577.1A Pending CN115378570A (en) | 2022-06-28 | 2022-06-28 | Fully homomorphic encryption method with short ciphertext |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115378570A (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105447361A (en) * | 2014-08-27 | 2016-03-30 | 华为技术有限公司 | Encryption and similarity measurement method, terminal and server |
| CN108809619A (en) * | 2017-04-27 | 2018-11-13 | 郑珂威 | Precision controlling and cumulative errors removing method for complete homomorphic cryptography |
| CN108964869A (en) * | 2018-06-08 | 2018-12-07 | 浙江捷尚人工智能研究发展有限公司 | The short full homomorphic cryptography method and system of key |
| JP2021083038A (en) * | 2019-11-22 | 2021-05-27 | Kddi株式会社 | Secret arithmetic unit, secret arithmetic method, and secret arithmetic program |
-
2022
- 2022-06-28 CN CN202210746577.1A patent/CN115378570A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105447361A (en) * | 2014-08-27 | 2016-03-30 | 华为技术有限公司 | Encryption and similarity measurement method, terminal and server |
| CN108809619A (en) * | 2017-04-27 | 2018-11-13 | 郑珂威 | Precision controlling and cumulative errors removing method for complete homomorphic cryptography |
| CN108964869A (en) * | 2018-06-08 | 2018-12-07 | 浙江捷尚人工智能研究发展有限公司 | The short full homomorphic cryptography method and system of key |
| JP2021083038A (en) * | 2019-11-22 | 2021-05-27 | Kddi株式会社 | Secret arithmetic unit, secret arithmetic method, and secret arithmetic program |
Non-Patent Citations (1)
| Title |
|---|
| DONG CHEN: "Construction of a Fully Homomorphic Encryption Scheme with Shorter Ciphertext and Its Implementation on the CUDA Platform", THE 11TH INTERNATIONAL CONFERENCE ON EMERGING INTERNET, DATA & WEB TECHNOLOGIES (EIDWT-2023), 12 February 2023 (2023-02-12) * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109936435B (en) | NTRU type multi-key fully homomorphic encryption method with fast homomorphic operation process | |
| Brakerski et al. | (Leveled) fully homomorphic encryption without bootstrapping | |
| CN113297606B (en) | Color quantum image encryption and decryption method based on multiple chaos and DNA operation | |
| CN107864033B (en) | Bootstrap type symmetrical fully homomorphic encryption method | |
| CN103516512A (en) | Encryption and decryption method and encryption and decryption device based on AES (advanced encryption standard) algorithm | |
| CN107359979A (en) | Symmetrical full homomorphic cryptography method based on Representation theorem | |
| CN109327304A (en) | The lightweight homomorphic cryptography method of secret protection is realized in a kind of cloud computing | |
| CN106788963A (en) | A kind of full homomorphic cryptography method of identity-based on improved lattice | |
| CN105162590A (en) | Parallel homomorphic data encryption method in cloud computation environment | |
| CN112543091A (en) | Multi-key fully homomorphic encryption method with fixed ciphertext length | |
| CN113904768A (en) | Online and offline decryption method based on SM9 key encapsulation mechanism | |
| CN113014570A (en) | Communication data encryption and decryption method based on convolutional neural network | |
| Xin et al. | A multi-layer parallel hardware architecture for homomorphic computation in machine learning | |
| Behera et al. | Design of novel hardware architecture for fully homomorphic encryption algorithms in fpga for real-time data in cloud computing | |
| Chen et al. | A public key compression scheme for fully homomorphic encryption based on quadratic parameters with correction | |
| CN111526000B (en) | Parallel part homomorphic encryption method and system based on confusion model projection | |
| CN112580071A (en) | Data processing method and device | |
| Gentry et al. | How to compress (reusable) garbled circuits | |
| CN115378570A (en) | Fully homomorphic encryption method with short ciphertext | |
| JP7257494B1 (en) | Design method of public key system in QAP type homomorphic encryption | |
| Babenko et al. | Euclidean division method for the homomorphic scheme ckks | |
| CN108494556A (en) | A kind of method of efficient RSA Algorithm encrypting metadata file | |
| CN113420314A (en) | Fully homomorphic encryption algorithm suitable for high-speed operation | |
| KR101076747B1 (en) | Method and apparatus for random accessible encryption and decryption by using a hierarchical tree structure of stream cipher module | |
| Zhao et al. | Generalized bootstrapping technique based on block equality test algorithm |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |