CN115842617A - Security homomorphic calculation method supporting batch processing, storage device and equipment - Google Patents
Security homomorphic calculation method supporting batch processing, storage device and equipment Download PDFInfo
- Publication number
- CN115842617A CN115842617A CN202211216652.XA CN202211216652A CN115842617A CN 115842617 A CN115842617 A CN 115842617A CN 202211216652 A CN202211216652 A CN 202211216652A CN 115842617 A CN115842617 A CN 115842617A
- Authority
- CN
- China
- Prior art keywords
- ciphertext
- cloud server
- private key
- key
- alice
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a security homomorphic computing method supporting batch processing, a storage device and equipment, and relates to the technical field of information security. The invention comprises a key platform and two cloud servers ALICE and BOB of a non-collusion double-server architecture, and provides a safe multiplication protocol and a safe comparison protocol supporting batch processing. The method comprises the steps of splitting a private key through a key platform and distributing the private key to a cloud server, conducting random number blinding on the ciphertext by the cloud server ALICE under the condition that the ciphertext cannot be decrypted through a part of the private key, then selecting a safe computing protocol and a cloud server BOB according to tasks to conduct a series of safe homomorphic computations, and processing a returned result to obtain a final result. The invention solves the problems of high calculation cost and high communication overhead of the existing safe homomorphic calculation and ciphertext privacy leakage caused by a single secret key.
Description
Technical Field
The invention relates to the technical field of information security, in particular to a security homomorphic computing method supporting batch processing, a storage device and equipment.
Background
The invention is improved based on a Paillier algorithm, provides a set of batch secure computation protocols, which comprise a secure multiplication protocol SMUL, a secure comparison protocol SMCP, a batch secure multiplication protocol BatchSMUL and a batch partial decryption protocol BatchPDec, and is used for solving the problems of high computation cost and high communication overhead of the conventional secure homomorphic computation and ciphertext privacy leakage caused by a single key.
Disclosure of Invention
Aiming at the problems in the prior art, the invention provides a security homomorphic computing method supporting batch processing, a storage device and equipment based on the improvement of a Paillier algorithm.
The technical scheme of the invention is realized as follows:
a secure homomorphic computing method supporting batch processing comprises a key platform, a cloud server ALICE and a cloud server BOB, wherein the key platform uses a Paillier cryptosystem;
the cloud server ALICE and the cloud server BOB are in a non-collusion double-server architecture;
the key platform is used for distributing public and private keys to the cloud server ALICE and the cloud server BOB;
the Paillier cryptosystem comprises an encryption algorithm, a partial decryption algorithm and a threshold decryption algorithm;
the secure homomorphic computing method further comprises a secure multiplication protocol SMUL, a batch secure multiplication protocol BatchSMUL, a secure comparison protocol SCMP and a batch partial decryption protocol BatchPDec;
the secure multiplication protocol SMUL is
I.e. by means of the ciphertext->
Gets the ciphertext corresponding to the plaintext xy>
The batch processing secure multiplication protocol BatchSMUL is an extension of the secure multiplication protocol SMUL and is used for realizing batch multiplication operation and transmission of encrypted data;
the secure comparison protocol SCMP is
Namely, the comparison of the plaintext x and y is realized in the ciphertext state;
the batch processing part decryption protocol BatchPDec is an extension of the secure comparison protocol SCMP and is used for realizing batch comparison and transmission of data in a ciphertext state.
Preferably, the encryption algorithm of the Paillier cryptosystem is Enc (pk, m) = (1 + mN) · r N mod N 2 Wherein m is a plaintext to be encrypted, and r is a random positive integer smaller than N.
Preferably, the partial decryption algorithm of the Paillier cryptosystem is
Wherein λ is i Is a partial key, is asserted>
Is the ciphertext of plaintext m.
Preferably, the threshold decryption algorithm of the Paillier cryptosystem is TDec (M) 1 ,M 2 )=L(M 1 ·M 2 mod N 2 ) Wherein M is 1 、M 2 The same cipher text respectively uses the secret key lambda 1 、λ 2 The result of the partial decryption of (a),
preferably, the specific implementation steps of the secure multiplication protocol SMUL are as follows:
s1-1, initializing a key platform to generate a public and private key (pk, sk), wherein a public key pk = (g, N), N = pq, g = N +1, and p and q are strong prime numbers; private key sk = (λ, μ), where λ = lcm (p-1, q-1), μ = λ -1 mod N; the private key sk is divided into two parts (λ) 1 ,λ 2 ) Wherein the partial private key λ 1 Is an integer in the interval (0, λ μ), the partial private key λ 2 =λμ-λ 1 (ii) a Then the key set (pk, lambda) is combined 1 ) And (pk, λ) 2 ) Respectively sending the data to a cloud server ALICE and a cloud server BOB;
s1-2, cloud server ALICE utilizes random number and Paillier homomorphic calculation method to carry out ciphertext pair
And &>
Performing additive blinding treatment, combining the blinded ciphertexts X and Y into a cipher text C, and using partial private key lambda 1 Partially decrypting the ciphertext C to obtain the ciphertext C 1 Then, the ciphertext pair is combined<C,C 1 >Sending to the cloud server BOB, namely: />
C=X L ·Y、C 1 =PDec(λ 1 C), wherein r 1 、r 2 Is a random number, and r 1 、r 2 ∈{0,1} σ σ is a safety parameter; l is a constant and satisfies L ≧ 2 σ+2 ;
S1-3, using part lambda by the BOB of the cloud server 2 Partially decrypting the ciphertext C to obtain the ciphertext C 2 Decrypting ciphertext pairs using a threshold decryption algorithm<C 1 ,C 2 >Obtain the plaintext (x + r) 1 )·(y+r 2 ) Obtained after encryption
Sending to a cloud server ALICE, wherein the computing process comprises the following steps: c 2 =PDec(λ 2 ,C)、L·(x+r 1 )+y+r 2 =TDec(C 1 ,C 2 )、
y+r 2 =(L·(x+r 1 )+y+r 2 )mod L;
S1-4, the cloud server ALICE is obtained through Paillier homomorphic calculation
According to the Pailiier algorithm that ciphertext multiplication is equal to plaintext addition, the calculation process is as follows: device for selecting or keeping>
Preferably, the batch secure multiplication protocol BatchSMUL is implemented by the following steps:
s2-1, initializing a key platform to generate a public and private key (pk, sk), wherein a public key pk = (g, N), N = pq, g = N +1, and p and q are strong prime numbers; private key sk = (λ, μ), where λ = lcm (p-1, q-1), μ = λ -1 mod N; the private key sk is divided into two parts (λ) 1 ,λ 2 ) Wherein part of the private key lambda 1 Is an integer in the interval (0, λ μ), the partial private key λ 2 =λμ-λ 1 (ii) a Then the key set (pk, lambda) is combined 1 ) And (pk, λ) 2 ) Respectively sending the data to a cloud server ALICE and a cloud server BOB;
s2-2, cloud server ALICE has delta cipher text pairs
And each ciphertext pair is/is judged by utilizing a random number and Paillier homomorphic calculation method>
Performing additive blinding treatment, and then generating the blinded ciphertext X i 、Y i Are combined into ciphertext c i To obtain a ciphertext group { c 1 ,···,c δ And aggregating the ciphertext groups into a single ciphertext C through product operation, and using a part of private keys lambda 1 Partial decryption is carried out on the ciphertext C to obtain C 1 Then, the ciphertext pair is combined<C,C 1 >Sending the data to a cloud server BOB, wherein the computing process is as follows:
S2-3, using part lambda by BOB of cloud server 2 Partially decrypting the ciphertext C to obtain the ciphertext C 2 Decrypting the ciphertext pair using a threshold decryption algorithm<C 1 ,C 2 >Obtaining the plaintext (x) corresponding to each ciphertext pair in the step 2-2 i +r i,1 )·(y i +r i,2 ) Obtained after encryption
Sending the data to the cloud server in batches
ALICE; the calculation process comprises the following steps:
(ii) a Wherein, M, M i Is an intermediate value generated in the calculation process, and is not specifically defined;
s2-4, the cloud server ALICE receives each ciphertext
Is homomorphically calculated by Paillier to get->
The calculation flow is that>
Preferably, the secure comparison protocol SCMP is implemented as follows:
s3-1, initializing a key platform to generate a public and private key (pk, sk), wherein a public key pk = (g, N), N = pq, g = N +1, and p and q are strong prime numbers; private key sk = (λ, μ), where λ = lcm (p-1, q-1), μ = λ -1 mod N; the private key sk is divided into two parts (λ) 1 ,λ 2 ) Wherein the partial private key λ 1 Is an integer in the interval (0, λ μ), the partial private key λ 2 =λμ-λ 1 (ii) a Then the key set (pk, lambda) is combined 1 ) And (pk, λ) 2 ) Respectively sending the data to a cloud server ALICE and a cloud server BOB;
s3-2, cloud server ALICE possesses cipher text
And &>
Merging two ciphertexts participating in comparison into a cipher text D, and using a partial private key lambda 1 Partially decrypting the ciphertext D to obtain the ciphertext D 1 Then, the ciphertext pair is combined<D,D 1 >Sending to a cloud server BOB, wherein the computing process is as follows: />
D 1 =PDec(λ 1 D); wherein L is a constant and satisfies->
Is a safety parameter;
s3-3, using partial private key lambda by BOB of cloud server 2 Decrypting the ciphertext D to obtain the ciphertext D 2 And then using threshold decryption algorithm to make cipher text pair<D 1 ,D 2 >And (3) decrypting to obtain a plaintext d, and calculating according to d = L · x + y to obtain a plaintext x and a plaintext y, namely:
the cloud server BOB compares the plaintext x and y and returns the comparison result to the cloud server ALICE:
if x ≧ y, return 1, i.e.
/>
If x < y, return to 0, i.e.
Preferably, the batch processing part decryption protocol BatchPDec is implemented by the following steps:
s4-1, initializing a key platform to generate a public and private key (pk, sk), wherein a public key pk = (g, N), N = pq, g = N +1, and p and q are strong prime numbers; private key sk = (λ, μ), where λ = lcm (p-1, q-1), μ = λ -1 mod N; the private key sk is divided into two parts (λ) 1 ,λ 2 ) Wherein the partial private key λ 1 Is an integer in the interval (0, λ μ), the partial private key λ 2 =λμ-λ 1 (ii) a Then, the key group (pk, lambda) is combined 1 ) And (pk, λ) 2 ) Respectively sending the data to a cloud server ALICE and a cloud server BOB;
s4-2, cloud server ALICE has ciphertext string
Aggregating into a single ciphertext D by product operation, and using partial private key lambda 1 Partial decryption is performed on the ciphertext to obtain D 1 Then, the ciphertext pair is combined<D,D 1 >Sending the data to a cloud server BOB, wherein the computing process is as follows: />
D 1 =PDec(λ 1 D), wherein L is a constant and satisfies
Is a safety parameter; />
i is a positive integer and i is e [1, delta ]];
S4-3, the server BOB uses the part lambda 2 Partial decryption is carried out on the ciphertext D to obtain D 2 Decrypting the ciphertext pair using a threshold decryption algorithm<D 1 ,D 2 >Obtain a plaintext d according to
The calculation may obtain a plaintext solution { x } 1 ,x 2 ,...,x δ };
And the cloud server BOB compares the civilization solutions in batches and returns the comparison result to the cloud server ALICE.
The invention also provides a storage device, wherein a plurality of instructions are stored in the storage device, and the instructions are suitable for loading and executing the safe homomorphic calculation method supporting batch processing in a processor.
The invention also provides the intelligent terminal equipment which comprises a storage device used for storing a plurality of instructions and a processor used for executing the instructions, wherein the instructions are suitable for being loaded by the processor and executing the safe homomorphic calculation method supporting batch processing.
Compared with the prior art, the invention has the following beneficial effects:
the batch secure computing protocol greatly reduces the computing cost and also reduces the communication overhead. The batch processing mechanism provides a secure multiplication protocol SMUL, a secure comparison protocol SMCP, a batch secure multiplication protocol BatchSMUL and a batch partial decryption protocol BatchPDec, and solves the problems that the existing secure homomorphic calculation is high in calculation cost and communication overhead, and ciphertext privacy is leaked due to a single secret key.
Drawings
FIG. 1 is a block diagram of a secure homomorphic computing method supporting batch processing according to the present invention;
FIG. 2 is a flow chart of a secure multiplication protocol SMUL calculation provided by the present invention;
FIG. 3 is a SCMP calculation flow diagram of the security comparison protocol provided by the present invention;
FIG. 4 is a flowchart of the batch secure multiplication protocol BatchSMUL calculation provided by the present invention;
FIG. 5 is a flowchart illustrating the batch partial decryption protocol BatchPDec calculation according to the present invention;
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more clearly apparent, the technical solutions in the embodiments of the present invention will be described below clearly and completely with reference to the accompanying drawings in the embodiments of the present invention. All other embodiments, which can be obtained by a person skilled in the art without inventive step based on the embodiments of the present invention, are within the scope of protection of the present invention.
As shown in fig. 1-5, the present invention discloses a secure homomorphic computing method supporting batch processing, including a key platform, a cloud server ALICE and a cloud server BOB, wherein the key platform uses a Paillier cryptographic system, and the cloud server ALICE and the cloud server BOB are in an collusion-free dual-server architecture;
the Paillier cryptosystem comprises an encryption algorithm, a partial decryption algorithm and a threshold decryption algorithm;
the method comprises a secure multiplication protocol SMUL, a batch processing secure multiplication protocol BatchSMUL, a secure comparison protocol SCMP and a batch processing part decryption protocol BatchPDec;
the secure multiplication protocol SMUL is
I.e. by means of the ciphertext->
Gets the ciphertext corresponding to the plaintext xy>
The batch processing secure multiplication protocol BatchSMUL is an extension of the secure multiplication protocol SMUL and is used for realizing batch multiplication operation and transmission of encrypted data;
the secure comparison protocol SCMP is
Namely, the plaintext x and y are compared in a ciphertext state;
the batch processing part decryption protocol BatchPDec is an extension of the secure comparison protocol SCMP and is used for realizing batch comparison and transmission of data in a ciphertext state.
In this embodiment, the specific implementation steps of the secure multiplication protocol SMUL are as follows:
s1-1, initializing a key platform to generate a public and private key (pk, sk), wherein the public key pk = (625358, 625357), the private key sk = (623776, 467930), and dividing the private key sk into two parts (lambda) 1 =1023,λ 2 = 291883502657); then the key set (pk, lambda) is combined 1 ) And (pk, λ) 2 ) Respectively sending the data to a cloud server ALICE and a cloud server BOB;
s1-2, for convenience of description, is merely a calculation
For example. Cloud server ALICE generates random number r 1 =2、r 2 =3, and the ciphertext is judged and judged by using a random number and a Paillier homomorphic calculation method>
And &>
Performing additive blinding treatment to obtain->
Then combining the blinded ciphertexts X and Y into a cipher text C, and using a part of private key lambda 1 Partial decryption of the ciphertext to obtain C 1 Namely: c = X L ·Y=232648397326,C 1 =PDec(λ 1 C) =307279279137, where L =16 is a constant; then the ciphertext pair is combined<C,C 1 The BOB is sent to the cloud server BOB;
s1-3, using part lambda by the BOB of the cloud server 2 Partial decryption is carried out on the ciphertext C to obtain C 2 Decrypting the ciphertext pair with a threshold decryption algorithm 1 ,C 2 Obtain plaintext (x + r) 1 )·(y+r 2 ) Namely:
C 2 =PDec(λ 2 ,C)=63970437012、TDec(C 1 ,C 2 )=L·(x+r 1 )+y+r 2 =54.0、
s1-4, the cloud server ALICE is obtained through Paillier homomorphic calculation
The calculation flow is that>
In this embodiment, the batch secure multiplication protocol BatchSMUL is implemented by the following steps:
s2-1, initializing a key platform to generate a public and private key (pk, sk), and generating a public key
pk = (3336361620, 33361619), private key sk = (28273272, 1796828982), and private key sk is divided into two parts (λ 1 =6840480051545755,λ 2 43961754494023349); then the key set (pk, lambda) is combined 1 ) And (pk, λ) 2 ) Respectively sending the data to a cloud server ALICE and a cloud server BOB;
s2-2, cloud server ALICE has 3 cipher text pairs
Wherein
L =5, constant; the cloud server ALICE carries out additive blinding calculation on the ciphertext pairs respectively to obtain a ciphertext group { c 1 ,c 2 ,c 2 And i.e.:
wherein r is 1,1 =1,r 1,2 =5,r 2,1 =6,r 2,2 =1,r 3,1 =3,r 3,2 =6;
Cloud server ALICE sets of ciphertext { c 1 ,c 2 ,c 2 The data are aggregated into a single ciphertext C by product operation, and a partial private key lambda is used 1 Partial decryption of the ciphertext to obtain C 1 Namely:
s2-3, using part lambda by BOB of cloud server 2 Partial decryption is carried out on the ciphertext C to obtain C 2 =PDec(λ 2 C) = 40242924431236628, according to threshold decryption algorithm TDec (C) 1 ,C 2 ) Decryption yields M = L 2δ-1 ·(x δ +r δ,1 )+L 2δ-2 ·(y δ +r δ,2 )+···+L·(x 1 +r 1,1 )+y 1 +r 1,2 =1055.0, and then calculating M to obtain the plaintext (x) corresponding to each ciphertext pair in the step 2-2 i +r i,1 )·(y i +r i,2 ) Namely:
the cloud server BOB will each plaintext (x) i +r i,1 )·(y i +r i,2 ) And (3) encrypting to obtain:
and then obtained after encryption
Sending the data to a cloud server ALICE in batch;
s2-4, ciphertext obtained by cloud server ALICE batch computation
Get>
Namely:
then according to
The calculation yields the result for each ciphertext pair, namely: />
In this embodiment, the secure comparison protocol SCMP is implemented as follows:
s3-1, initializing a key platform to generate a public and private key (pk, sk), wherein the public key pk = (33824, 33823), the private key sk = (16724, 13439), and dividing the private key sk into two parts (lambda) 1 =4446772,λ 2 = 220307064); then the key set (pk, lambda) is combined 1 ) And (pk, λ) 2 ) Respectively sending the data to a cloud server ALICE and a cloud server BOB;
s3-2, cloud server ALICE owns the ciphertext
And &>
Wherein x 1 =1,x 2 =2, the two ciphertexts involved in the comparison are combined into a cipher text D and a partial private key λ is used 1 Partially decrypting the ciphertext D to obtain the ciphertext D 1 Then, the ciphertext pair < D, D 1 And (4) sending to a cloud server BOB, wherein the computing process is as follows: />
D 1 =PDec(λ 1 D); wherein L' is a constant and satisfies->
Is a safety parameter; combining the two into ciphertext D and using the partial private key lambda 1 Partial decryption is carried out on the ciphertext D to obtain D 1 Namely:
D 1 ←PDec(λ 1 d) = 430818735518813224405965966988338398781, wherein L' =16 is a constant; then the ciphertext pair is combined<D,D1>Sending the information to a cloud server BOB;
s3-3, using partial private key lambda by BOB of cloud server 2 Decrypting the ciphertext D to obtain D 2 ←PDec(λ 2 D) = 112010058998673455442458355721105359889, and the ciphertext pair < D > is decrypted by using a threshold decryption algorithm 1 ,D 2 Clear text d is obtained by decryption according to d = L'. X 1 +x 2 Calculated to obtain plaintext x 1 And x 2 Namely:
because of x 1 <x 2 Therefore, it is
In this embodiment, the batch partial decryption protocol BatchPDec is implemented as follows:
s4-1, key platform initialization generates public and private keys (pk, sk), pk = (2859859895226518918534005093390946028, 285985982283226518918534005034005093390946027), private key sk = (28598598952283651888418884662964780367016656,
1005445141579507086915730827732744), the private key sk is divided into two parts
(λ 1 =10197916202518483743,
λ 2 = 28754322372554379413704268862701863629158480447580735042840283326100321); then the key set (pk, lambda) is combined 1 ) And (pk, λ) 2 ) Respectively sending the data to a cloud server ALICE and a cloud server BOB;
s4-2, cloud server ALICE has ciphertext string
Wherein x 1 =3,x 2 =4,x 3 =5, aggregating into a single ciphertext D by product operation, and using a partial private key λ 1 Partial decryption is performed on the ciphertext to obtain D 1 Then, the ciphertext pair < D, D 1 >Sending the data to a cloud server BOB, wherein the computing process is as follows:
3158231057363952948769、
D 1 =PDec(λ 1 ,D)=59968078017448507551343825768675310363192001081892742437331148699438333014621,
wherein L' =2^128,i is a positive integer and i ∈ [1,3];
s4-3, the server BOB uses the part lambda 2 Partial decryption is carried out on the ciphertext D to obtain D 2 =PDec(λ 2 D) = 454306622673451705811493746105993748502617039439009048619595680507056253, decrypting the ciphertext pair with a threshold decryption algorithm<D 1 ,D 2 >The plaintext d =1.544690519 is obtained8877369e +38, according to
The calculation may obtain a plaintext solution { x } 1 ,x 2 ,x 3 I.e. that
x 1 ←d mod L′=3,
And after the cloud server BOB compares the civilization solutions in batches, the comparison result is returned to the cloud server ALICE.
Variations and modifications to the above-described embodiments may occur to those skilled in the art, which fall within the scope and spirit of the above description. Therefore, the present invention is not limited to the specific embodiments disclosed and described above, and some modifications and variations of the present invention should fall within the scope of the claims of the invention. Furthermore, although specific terms are employed herein, they are used in a generic and descriptive sense only and not for purposes of limitation.
Claims (10)
1. A secure homomorphic computing method supporting batch processing comprises a key platform, a cloud server ALICE and a cloud server BOB, wherein the key platform uses a Paillier cryptosystem,
the cloud server ALICE and the cloud server BOB are in a non-collusion double-server architecture;
the key platform is used for distributing public and private keys to the cloud server ALICE and the cloud server BOB;
the Paillier cryptosystem comprises an encryption algorithm, a partial decryption algorithm and a threshold decryption algorithm;
the secure homomorphic computing method further comprises a secure multiplication protocol SMUL, a batch secure multiplication protocol BatchSMUL, a secure comparison protocol SCMP and a batch partial decryption protocol BatchPDec;
the secure multiplication protocol SMUL is
I.e. by pairing ciphertext
A series of calculation of (2) obtains a ciphertext corresponding to the plaintext xy
The batch processing secure multiplication protocol BatchSMUL is an extension of the secure multiplication protocol SMUL and is used for realizing batch multiplication operation and transmission of encrypted data;
the secure comparison protocol SCMP is
Namely, the comparison of the plaintext x and y is realized in the ciphertext state;
the batch processing part decryption protocol BatchPDec is an extension of the secure comparison protocol SCMP and is used for realizing batch comparison and transmission of data in a ciphertext state.
2. The batch processing-supporting safe homomorphic computing method according to claim 1, wherein the encryption algorithm of the Paillier cryptosystem is Enc (pk, m) = (1 + mN) · r N mod N 2 Wherein m is a plaintext to be encrypted, and r is a random positive integer smaller than N.
3. The batch-processing-supported secure homomorphic computing method according to claim 2, wherein the partial decryption algorithm of the Paillier cryptosystem is
Wherein λ is i In the form of a partial key, the key is,
is the ciphertext of the plaintext m.
4. The batch-processing-supported secure homomorphic computing method according to claim 3, wherein the threshold decryption algorithm of the Paillier cryptosystem is TDec (M ™) 1 ,M 2 )=L(M 1 .M 2 mod N 2 ) Wherein M is 1 、M 2 Is that the same ciphertext respectively uses the secret key lambda 1 、λ 2 The result of the partial decryption of (a),
5. the batch processing-supporting secure homomorphic computing method according to claim 4, wherein the secure multiplication protocol SMUL is implemented by the following steps:
s1-1, initializing a key platform to generate a public and private key (pk, sk), wherein a public key pk = (g, N), N = pq, g = N +1, and p and q are strong prime numbers; private key sk = (λ, μ), where λ = lcm (p-1, q-1), = λ -1 mod N; the private key sk is divided into two parts (λ) 1 ,λ 2 ) Wherein the partial private key λ 1 Is an integer in the interval (0, λ μ), the partial private key λ 2 =λμ-λ 1 (ii) a Then the key set (pk, lambda) is combined 1 ) And (pk, λ) 2 ) Respectively sending the data to a cloud server ALICE and a cloud server BOB;
s1-2, cloud server ALICE utilizes random number and Paillier homomorphic calculation method to carry out ciphertext pair
And
performing additive blinding treatment, and performing after-blinding treatmentThe ciphertexts X and Y are combined into a cipher text C, and a part of private key lambda is used 1 Partially decrypting the ciphertext C to obtain the ciphertext C 1 Then, the ciphertext pair is combined<C,C 1 >Sending to the cloud server BOB, that is:
C=X L ·Y、C 1 =PDec(λ 1 c), wherein r 1 、r 2 Is a random number, and r 1 、r 2 ∈{0,1} σ σ is a safety parameter; l is a constant and satisfies L ≧ 2 σ+2 ;
S1-3, using partial private key lambda by BOB of cloud server 2 Partially decrypting the ciphertext C to obtain the ciphertext C 2 Decrypting the ciphertext pair using a threshold decryption algorithm<C 1 ,C 2 >Obtain the plaintext (x + r) 1 )·(y+r 2 ) Obtained after encryption
Sending to a cloud server ALICE, wherein the computing process comprises the following steps: c 2 =PDec(λ 2 ,C)、L·(x+r 1 )+y+r 2 =TDec(C 1 ,C 2 )、
y+r 2 =(L·(x+r 1 )+y+r 2 )mod L;
S1-4, the cloud server ALICE is obtained through Paillier homomorphic calculation
The calculation flow is as follows:
6. the batch-processing-supported secure homomorphic computing method according to claim 4, wherein the batch-processing secure multiplication protocol BatchSMUL is implemented by the following steps:
s2-1, initializing a key platform to generate a public and private key (pk, sk), wherein a public key pk = (g, N), N = pq, g = N +1, and p and q are strong prime numbers; private key sk = (λ, μ), where λ = lcm (p-1, q-1), μ = λ -1 mod N; the private key sk is divided into two parts (λ) 1 ,λ 2 ) Wherein the partial private key λ 1 Is an integer in the interval (0, λ μ), the partial private key λ 2 =λμ-λ 1 (ii) a Then the key set (pk, lambda) is combined 1 ) And (pk, λ) 2 ) Respectively sending the data to a cloud server ALICE and a cloud server BOB;
s2-2, cloud server ALICE has delta cipher text pairs
And each ciphertext pair is calculated by utilizing a random number and a Paillier homomorphic calculation method
Performing additive blinding treatment, and then generating the blinded ciphertext X i 、Y i Are combined into a ciphertext c i To obtain a ciphertext set { c 1 ,…,c δ And aggregating the ciphertext groups into a single ciphertext C through product operation, and using a part of private keys lambda 1 Partially decrypting the ciphertext C to obtain the ciphertext C 1 Then, the ciphertext pair is combined<C,C 1 >Sending the data to a cloud server BOB, wherein the computing process is as follows:
C 1 =PDec(λ 1 c), wherein r i,1 、r i,2 Is a random number, and r i,l 、r i,2 ∈{0,1} σ σ is a safety parameter; l is a constant and satisfies L ≧ 2 σ+2 ;
x i ,y i ∈[0,2 l ) I is a positive integer and i is e [1, delta ]];
S2-3, using partial private key lambda by BOB of cloud server 2 Partially decrypting the ciphertext C to obtain the ciphertext C 2 Decrypting the ciphertext pair using a threshold decryption algorithm<C 1 ,C 2 >Obtaining the plaintext (x) corresponding to each ciphertext pair in the step 2-2 i +r i,1 )·(y i +r i,2 ) Obtained after encryption
Sending the data to a cloud server ALICE in batch; the calculation process comprises the following steps:
s2-4, the cloud server ALICE receives each ciphertext
Obtained by Paillier homomorphic calculation
The calculation flow is as follows:
7. the secure homomorphic computing method supporting batch processing according to claim 4, wherein the secure comparison protocol SCMP is implemented by the following steps:
s3-1, initializing and generating public key platformSecret key (pk, sk), public key pk = (g, N), where N = pq, g = N +1 and p, q are strong prime numbers; private key sk = (λ, μ), where λ = lcm (p-1, q-1), μ = λ -1 mod N; the private key sk is divided into two parts (λ) 1 ,λ 2 ) Wherein the partial private key λ 1 Is an integer in the interval (0, λ μ), the partial private key λ 2 =λμ-λ 1 (ii) a Then the key set (pk, lambda) is combined 1 ) And (pk, λ) 2 ) Respectively sending the data to a cloud server ALICE and a cloud server BOB;
s3-2, cloud server ALICE possesses cipher text
And
merging two ciphertexts participating in comparison into a cipher text D, and using a partial private key lambda 1 Partially decrypting the ciphertext D to obtain the ciphertext D 1 Then, the ciphertext pair is combined<D,D 1 >Sending the data to a cloud server BOB, wherein the computing process is as follows:
D 1 =PDec(λ 1 d); wherein L is a constant and satisfies L ≧ 2 2l+2 (ii) a l is a safety parameter;
s3-3, using partial private key lambda by BOB of cloud server 2 Decrypting the ciphertext D to obtain the ciphertext D 2 And then uses threshold value decryption algorithm to make cipher text pair<D 1 ,D 2 >And (3) decrypting to obtain a plaintext d, and calculating according to d = L · x + y to obtain a plaintext x and a plaintext y, namely:
the cloud server BOB compares the plaintext x and y and returns the comparison result to the cloud server ALICE:
if x ≧ y, return 1, i.e.
If x < y, return to 0, i.e.
8. The secure homomorphic computing method supporting batch processing according to claim 4, wherein the batch processing partial decryption protocol BatchPDec is implemented by the following steps:
s4-1, initializing a key platform to generate a public and private key (pk, sk), wherein the public key pk = (g, N), N = pq, g = N +1, and p and q are strong prime numbers; private key sk = (λ, μ), where λ = lcm (p-1, q-1), μ = λ -1 mod N; the private key sk is divided into two parts (λ) 1 ,λ 2 ) Wherein part of the private key lambda 1 Is an integer in the interval (0, λ μ), the partial private key λ 2 =λμ-λ 1 (ii) a Then, the key group (pk, lambda) is combined 1 ) And (pk, λ) 2 ) Respectively sending the data to a cloud server ALICE and a cloud server BOB;
s4-2, cloud server ALICE has ciphertext string
By product operation, to form a single ciphertext D, and using part of the private key lambda 1 Partially decrypting the ciphertext to obtain ciphertext D 1 Then, the ciphertext pair is combined<D,D 1 >Sending the data to a cloud server BOB, wherein the computing process is as follows:
D 1 =PDec(λ 1 d), wherein L is a constant and satisfies L ≧ 2 l+2 L is a safety parameter;
i is a positive integer and i is e [1, delta ]];
S4-3, the server BOB uses the part lambda 2 Partial decryption is carried out on the ciphertext D to obtain D 2 Decrypting the ciphertext pair using a threshold decryption algorithm<D 1 ,D 2 >Obtain a plaintext d according to
The calculation may obtain a plaintext solution { x } 1 ,x 2 ,...,x δ };
And the cloud server BOB compares the civilization solutions in batches and returns the comparison result to the cloud server ALICE.
9. A storage device having a plurality of instructions stored therein, wherein the instructions are adapted to load and execute a secure homomorphic batch processing-capable computing method according to any of claims 1-8 on a processor.
10. An intelligent terminal device comprising a storage device for storing a plurality of instructions and a processor for executing the instructions, wherein the instructions are adapted to be loaded by the processor and to perform a batch-enabled secure homomorphic calculation method according to any of claims 1-8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211216652.XA CN115842617A (en) | 2022-09-30 | 2022-09-30 | Security homomorphic calculation method supporting batch processing, storage device and equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211216652.XA CN115842617A (en) | 2022-09-30 | 2022-09-30 | Security homomorphic calculation method supporting batch processing, storage device and equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115842617A true CN115842617A (en) | 2023-03-24 |
Family
ID=85574118
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211216652.XA Pending CN115842617A (en) | 2022-09-30 | 2022-09-30 | Security homomorphic calculation method supporting batch processing, storage device and equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115842617A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116719502A (en) * | 2023-08-11 | 2023-09-08 | 蓝象智联(杭州)科技有限公司 | Data subtraction operation method based on privacy protection |
| CN117234457A (en) * | 2023-11-10 | 2023-12-15 | 蓝象智联(杭州)科技有限公司 | Data subtraction operation method for privacy calculation |
-
2022
- 2022-09-30 CN CN202211216652.XA patent/CN115842617A/en active Pending
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116719502A (en) * | 2023-08-11 | 2023-09-08 | 蓝象智联(杭州)科技有限公司 | Data subtraction operation method based on privacy protection |
| CN116719502B (en) * | 2023-08-11 | 2023-10-20 | 蓝象智联(杭州)科技有限公司 | Data subtraction operation method based on privacy protection |
| CN117234457A (en) * | 2023-11-10 | 2023-12-15 | 蓝象智联(杭州)科技有限公司 | Data subtraction operation method for privacy calculation |
| CN117234457B (en) * | 2023-11-10 | 2024-01-26 | 蓝象智联(杭州)科技有限公司 | Data subtraction operation method for privacy calculation |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Orobosade et al. | Cloud application security using hybrid encryption | |
| CN115842617A (en) | Security homomorphic calculation method supporting batch processing, storage device and equipment | |
| WO2009026771A1 (en) | The method for negotiating the key, encrypting and decrypting the information, signing and authenticating the information | |
| CN111416715B (en) | Quantum secret communication identity authentication system and method based on secret sharing | |
| CN110851845B (en) | Full homomorphic data encapsulation method for lightweight single-user multi-data | |
| CN102811125A (en) | Certificateless multi-receiver signcryption method with multivariate-based cryptosystem | |
| CN111639345B (en) | Method and system for secure multi-party cloud computing based on homomorphic encryption | |
| Sidik et al. | Improving one-time pad algorithm on Shamir’s three-pass protocol scheme by using RSA and ElGamal algorithms | |
| Gao et al. | Efficient certificateless anonymous multi-receiver encryption scheme without bilinear parings | |
| CN117527223B (en) | Distributed decryption method and system for quantum-password-resistant grid | |
| CN113132104A (en) | Active and safe ECDSA (electronic signature SA) digital signature two-party generation method | |
| CN110798313B (en) | Secret dynamic sharing-based collaborative generation method and system for number containing secret | |
| CN111092720A (en) | Certificate-based encryption method capable of resisting leakage of master key and decryption key | |
| Hassan et al. | An authorized equality test on identity‐based cryptosystem for mobile social networking applications | |
| WO2022172041A1 (en) | Asymmetric cryptographic schemes | |
| Gomathisankaran et al. | HORNS: A semi-perfectly secret homomorphic encryption system | |
| Bhatia et al. | Elliptic Curve Layered: A Secure Polyalphabetic Vignere Cryptographic Algorithm for Textual Data | |
| Yakubu et al. | Advanced Secure method for data transmission in MANET using RSA algorithm | |
| CN110838914B (en) | Method for establishing and using dynamic key system | |
| Jia et al. | Cryptanalysis of cryptosystems based on general linear group | |
| Li et al. | Identity-Based Hybrid Format-Preserving Encryption Scheme | |
| CN111756539B (en) | Identification encryption and decryption method capable of being repeated and random | |
| Yadav et al. | Secure approach for encrypting data | |
| Nasiraee et al. | DoS-Resistant Attribute-Based Encryption in Mobile Cloud Computing with Revocation | |
| CN115134120B (en) | Encryption method combining ECC with OPT |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |