CN117394983A - Lightweight homomorphic encryption method for implementing symmetric encryption and asymmetric encryption - Google Patents

Lightweight homomorphic encryption method for implementing symmetric encryption and asymmetric encryption Download PDF

Info

Publication number
CN117394983A
CN117394983A CN202311540559.9A CN202311540559A CN117394983A CN 117394983 A CN117394983 A CN 117394983A CN 202311540559 A CN202311540559 A CN 202311540559A CN 117394983 A CN117394983 A CN 117394983A
Authority
CN
China
Prior art keywords
data
homomorphic
private key
encryption
public
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311540559.9A
Other languages
Chinese (zh)
Inventor
张松年
郑艳冬
朱辉
王枫为
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xidian University
Original Assignee
Xidian University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xidian University filed Critical Xidian University
Priority to CN202311540559.9A priority Critical patent/CN117394983A/en
Publication of CN117394983A publication Critical patent/CN117394983A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/008Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Complex Calculations (AREA)

Abstract

The invention discloses a lightweight homomorphic encryption method for realizing symmetric encryption and asymmetric encryption. The method comprises the following steps: determining a private key and a first public parameter according to the private key parameter, wherein the private key parameter, the private key and the first public parameter are integers; symmetrically encrypting the plaintext data according to the private key and the first public parameter through the first encryption model to obtain ciphertext data corresponding to the plaintext data, or asymmetrically encrypting the plaintext data through the second encryption model based on the public key and the first public parameter to obtain ciphertext data; homomorphic operation is carried out on the data to be operated to obtain homomorphic encryption data. According to the method provided by the invention, mixed homomorphic operation can be realized; the homomorphic operation can be directly carried out on the ciphertext data, so that the homomorphic operation efficiency can be realized; because the invention only relates to the operation on the integer, the calculation cost can be reduced, thereby realizing efficient and lightweight encryption, homomorphic operation and decryption.

Description

Lightweight homomorphic encryption method for implementing symmetric encryption and asymmetric encryption
Technical Field
The invention belongs to the technical field of data encryption, and particularly relates to a lightweight homomorphic encryption method for realizing symmetric encryption and asymmetric encryption.
Background
With public importance of personal privacy and protection of private data by legislation at home and abroad, data security and privacy protection have become key research topics for promoting digital economy and health development. In particular, the advent and popularity of cloud computing has led to a trend for data owners to outsource private data to cloud servers to reduce local storage and computing costs. Since cloud servers are typically operated by third parties, data encryption techniques are introduced to protect data confidentiality, i.e., the data owner will encrypt private data and then outsource ciphertext data to the cloud server. However, the ciphertext data is sufficiently randomized, and data analysis and value mining are difficult to perform based on the ciphertext, so that the availability of the data is greatly reduced by the introduction of encryption technology. The homomorphic encryption scheme well solves the dilemma of data confidentiality and data availability, so that data can be operated in a secret state, and further data analysis and data mining based on ciphertext are realized.
In 2009, gentry first proposed a homomorphic encryption scheme based on ideal lattice in his doctor paper, and pulled open the prologue of homomorphic encryption research. In the early stage, homomorphic encryption based on ideal lattice construction has serious performance problems, and the public key thereof needs 2 hours to construct. Later, researchers have successively introduced BGV (braker ski-Gentry-vaikuntan), GSW (Gentry-Sahai-Waters), and CKKS (Cheon-Kim-Song) equivalent encryption schemes, but these schemes cannot be truly applied to real scenes, especially those with strict requirements on data computation speed, due to performance problems based on complex operations.
In addition to the homomorphic construction scheme based on LWE (Learning with Errors) or RLWE (Ring-Learning with Errors), a lightweight homomorphic encryption scheme based on modulus operation is proposed, wherein a 'homomorphic encryption algorithm based on modulo-like operation' (application publication number: CN 108111295A) only describes encryption and decryption algorithms of the constructed homomorphic scheme, and homomorphic operation, including addition homomorphic and multiplication homomorphic algorithms, is not described, so that the rationality and efficiency of the homomorphic operation are not clear; the patent (application publication number: CN 109327304A) only supports the addition homomorphism, but not the multiplication homomorphism; an 'isotactic encryption algorithm suitable for high-speed operation' patent (application publication number: CN 113420314A) can support addition and multiplication homomorphism, but two ciphertexts are respectively used for the addition homomorphism and the multiplication homomorphism, and cannot support complex operation such as simultaneous addition and multiplication operation; the 'full homomorphic encryption processing method based on modulo operation' patent (application publication number: CN 106452723A) breaks down data into corresponding bins and then encrypts the data using modulo operation. Because the method needs to split data, for example, when an integer is split into binary, the number of ciphertext and homomorphic operation times are multiplied, so that the efficiency is low. Moreover, the multiplication homomorphism of the method is based on matrix operation, so that the calculation cost is greatly increased.
Therefore, the current homomorphic encryption method is low in efficiency, difficult to use in a production environment, high in calculation cost, and incapable of realizing mixed operation by only supporting a certain homomorphic operation, and the encryption method cannot simultaneously support symmetric encryption and asymmetric encryption.
Disclosure of Invention
The embodiment of the invention provides a lightweight homomorphic encryption method for realizing symmetric encryption and asymmetric encryption, which can solve the problems that the current homomorphic encryption method has high calculation cost and low processing efficiency and can not support symmetric encryption and asymmetric encryption at the same time.
In a first aspect, an embodiment of the present invention provides a lightweight homomorphic encryption method for implementing symmetric encryption and asymmetric encryption, where the method includes:
determining a private key and a first public parameter according to the private key parameter, wherein the private key parameter, the private key and the first public parameter are integers;
symmetrically encrypting the plaintext data through a first encryption model based on the private key and the first public parameter to obtain ciphertext data corresponding to the plaintext data;
or based on the public key and the first public parameter, asymmetrically encrypting the plaintext data through a second encryption model to obtain ciphertext data;
homomorphic operation is carried out on data to be operated to obtain homomorphic encryption data, wherein the data to be operated comprises one or more of the following: ciphertext data, plaintext data and homomorphic encryption data obtained before homomorphic calculation is carried out, homomorphic calculation comprises addition calculation and/or multiplication calculation, homomorphic decryption data can be obtained by decrypting the homomorphic encryption data, and the homomorphic decryption data is a result obtained by carrying out homomorphic calculation on plaintext data corresponding to data to be calculated.
According to the method provided by the invention, the plaintext data is encrypted through the first encryption model or the second encryption model to obtain the ciphertext data, and the homomorphic encrypted data can be decrypted to obtain the corresponding plaintext data after homomorphic operation is executed, so that mixed homomorphic operation is realized; the homomorphic operation can be directly carried out on the ciphertext data and the plaintext data without the need of realizing the homomorphic operation through a complex operation process, so that the homomorphic operation can be realized with high efficiency; because the invention only relates to multiplication, addition and modular operation on integers, compared with matrix, data splitting and other operations in other schemes, the invention can reduce the calculation cost, thereby realizing efficient and lightweight encryption, homomorphic operation and decryption.
In a possible implementation manner of the first aspect, the first encryption model may satisfy the following formula:
E(m)=s·(r·L+m)(1+r′·p)mod N
wherein m is ciphertext data, E (m) is plaintext data, r is a first random number, r' is a second random number, s is a first private key, L is a second private key, p is a third private key, N is a first public parameter, and mod is a modulo operation.
In one possible implementation manner of the first aspect, the private key parameters may include: first length parameter k 0 And a second length parameter k L . One bit length can be randomly selected as a first length parameter k 0 Obtaining a first integer; randomly selecting a bit length as a first length parameter k 0 Obtaining a third private key; determining a product of the first integer and the third private key as a first public parameter; random arrangementAnd selecting an integer to obtain a first private key.
Illustratively, the bit length of the first private key is the same as the first public parameter, and the first private key is less than the first public parameter.
In a possible implementation manner of the first aspect, plaintext data may be input to a first encryption model to symmetrically encrypt the plaintext data to obtain ciphertext data.
In a possible implementation manner of the first aspect, the public key may include a first public key, a second public key, and a third public key. Two 0 s can be respectively input into a first encryption model to obtain a first public key and a second public key; inputting 1 into the first encryption model to obtain a third public key.
In a possible implementation manner of the first aspect, the second encryption model may satisfy the following formula:
E(m)=(m·E(1)+r 1 ·E(0) 1 +r 2 ·E(0) 2 )mod N
wherein m is plaintext data, E (m) is ciphertext data, E (0) 1 E (0) is the first public key 2 E (1) is the third public key, N is the first public parameter, r 1 And r 2 Two random numbers.
In a possible implementation manner of the first aspect, the private key and the homomorphic encrypted data may also be sent to the receiving end, so that the receiving end decrypts the homomorphic encrypted data according to the private key and the first public parameter by using the first decryption model, and obtains homomorphic decrypted data.
Illustratively, the first decryption model satisfies the following formula:
m′=(((s d ) -1 ·E(m)mod N)mod p)mod L
wherein m is homomorphic decryption data, E (m) is homomorphic encryption data, r is a first random number, r' is a second random number, s is a first private key, L is a second private key, p is a third private key,n is a first public parameter,(s) d ) -1 Is s d D is the exponent of the first private key.
In a possible implementation manner of the first aspect, if the homomorphic operation includes an addition operation, the exponent of the first private key of the homomorphic encrypted data is a maximum value of exponents of the first private keys of all addition items; if homomorphic operation only comprises multiplication operation, the index of the first private key of homomorphic encryption data is the sum of the indexes of the first private keys of all multiplied data to be operated.
According to the method provided by the invention, the plaintext data is encrypted through the first encryption model or the second encryption model to obtain the ciphertext data, and the homomorphic encrypted data can be decrypted to obtain the corresponding plaintext data after homomorphic operation is executed, so that mixed homomorphic operation is realized; the homomorphic operation can be directly carried out on the ciphertext data and the plaintext data without the need of realizing the homomorphic operation through a complex operation process, so that the homomorphic operation can be realized with high efficiency; because the invention only relates to multiplication, addition and modular operation on integers, compared with matrix, data splitting and other operations in other schemes, the invention can reduce the calculation cost, thereby realizing efficient and lightweight encryption, homomorphic operation and decryption. Further, only one additional inverse operation is required at decryption. Because the first private key is fixed, a decryptor can calculate the relevant inverse element of the first private key in advance, which is equivalent to only involving one multiplication and 3 modulo operations, thereby simplifying the operation process and improving the high efficiency of data processing. Meanwhile, the method provided by the invention can realize symmetric encryption and asymmetric encryption, and can enlarge application scenes.
In a second aspect, embodiments of the present invention provide a lightweight homomorphic encryption device for implementing symmetric encryption and asymmetric encryption, the device comprising a processing unit; the processing unit is used for:
determining a private key and a first public parameter according to the private key parameter, wherein the private key parameter, the private key and the first public parameter are integers;
symmetrically encrypting the plaintext data through a first encryption model based on the private key and the first public parameter to obtain ciphertext data corresponding to the plaintext data;
or based on the public key and the first public parameter, asymmetrically encrypting the plaintext data through a second encryption model to obtain ciphertext data;
homomorphic operation is carried out on data to be operated to obtain homomorphic encryption data, wherein the data to be operated comprises one or more of the following: ciphertext data, plaintext data and homomorphic encryption data obtained before homomorphic calculation is carried out, homomorphic calculation comprises addition calculation and/or multiplication calculation, homomorphic decryption data can be obtained by decrypting the homomorphic encryption data, and the homomorphic decryption data is a result obtained by carrying out homomorphic calculation on plaintext data corresponding to data to be calculated.
In a possible implementation manner of the second aspect, the first encryption model may satisfy the following formula:
E(m)=s·(r·L+m)(1+r′·p)mod N
Wherein m is plaintext data, E (m) is ciphertext data, r is a first random number, r' is a second random number, s is a first private key, L is a second private key, p is a third private key, N is a first public parameter, and mod is a modulo operation.
In one possible implementation manner of the second aspect, the private key parameter may include: first length parameter k 0 And a second length parameter k L . The processing unit may be configured to randomly select a bit length as the first length parameter k 0 Obtaining a first integer; randomly selecting a bit length as a first length parameter k 0 Obtaining a third private key; determining a product of the first integer and the third private key as a first public parameter; and randomly selecting an integer to obtain a first private key.
Illustratively, the bit length of the first private key is the same as the first public parameter, and the first private key is less than the first public parameter.
In a possible implementation manner of the second aspect, the public key may include a first public key, a second public key, and a third public key, and the processing unit may be further configured to input two 0 s to the first encryption model respectively, to obtain the first public key and the second public key; inputting 1 into the first encryption model to obtain a third public key.
In a possible implementation manner of the second aspect, the second encryption model may satisfy the following formula:
E(m)=(m·E(1)+r 1 ·E(0) 1 +r 2 ·E(0) 2 )mod N
wherein m is plaintext data, E (m) is ciphertext data, E (0) 1 E (0) is the first public key 2 E (1) is the third public key, N is the first public parameter, r 1 And r 2 Two random numbers.
In a possible implementation manner of the second aspect, the apparatus may further include a transmitting unit. The sending unit may be configured to send the private key and the homomorphic encrypted data to the receiving end, so that the receiving end decrypts the homomorphic encrypted data according to the private key and the first public parameter through the first decryption model, and obtains homomorphic decrypted data.
Illustratively, the first decryption model satisfies the following formula:
m′=(((s d ) -1 ·E(m)mod N)mod p)mod L
wherein m is homomorphic decrypted data, E (m) is homomorphic encrypted data, r is a first random number, r' is a second random number, s is a first private key, L is a second private key, p is a third private key, N is a first public parameter,(s) d ) -1 Is s d D is the exponent of the first private key.
In a possible implementation manner of the second aspect, if the homomorphic operation includes an addition operation, the exponent of the first private key of the homomorphic encrypted data is a maximum value of exponents of the first private keys of all addition items; if homomorphic operation only comprises multiplication operation, the index of the first private key of homomorphic encryption data is the sum of the indexes of the first private keys of all multiplied data to be operated.
In a third aspect, an embodiment of the present invention provides an electronic device, including a processor and a memory, where the memory is configured to store a computer program; the processor may be adapted to execute a computer program (instructions) stored in a memory to implement the method of the first aspect described above.
In a fourth aspect, embodiments of the present invention provide a computer readable storage medium storing a computer program which, when executed, performs a method as in the first aspect.
It will be appreciated that the advantages of the second to fourth aspects may be found in the relevant description of the first aspect and are not repeated here.
Compared with the prior art, the embodiment of the invention has the beneficial effects that: according to the method provided by the invention, the plaintext data is encrypted through the first encryption model or the second encryption model to obtain the ciphertext data, and the homomorphic encrypted data can be decrypted to obtain the corresponding plaintext data after homomorphic operation is executed, so that mixed homomorphic operation is realized; the homomorphic operation can be directly carried out on the ciphertext data and the plaintext data without the need of realizing the homomorphic operation through a complex operation process, so that the homomorphic operation can be realized with high efficiency; because the invention only relates to multiplication, addition and modular operation on integers, compared with matrix, data splitting and other operations in other schemes, the invention can reduce the calculation cost, thereby realizing efficient and lightweight encryption, homomorphic operation and decryption.
Drawings
FIG. 1 is a schematic flow chart of a lightweight homomorphic encryption method for implementing symmetric encryption and asymmetric encryption according to an embodiment of the invention;
FIG. 2 is a schematic flow chart of a lightweight homomorphic encryption method for implementing symmetric encryption and asymmetric encryption according to an embodiment of the invention;
FIG. 3 is a schematic flow chart of a lightweight homomorphic encryption method for implementing symmetric encryption and asymmetric encryption according to an embodiment of the invention;
FIG. 4 is a schematic diagram of a lightweight homomorphic encryption device for implementing symmetric encryption and asymmetric encryption according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to specific examples, but embodiments of the present invention are not limited thereto.
The lightweight encryption method provided by the embodiment of the invention can be applied to electronic equipment such as a mobile terminal, a personal notebook computer, an supercomputer and the like, and the embodiment of the invention does not limit the specific type of the electronic equipment.
Fig. 1 shows a schematic flow chart of a lightweight homomorphic encryption method for implementing symmetric encryption and asymmetric encryption according to an embodiment of the invention. The method 100 can be applied to the electronic device to realize symmetric encryption of plaintext data. By way of example and not limitation, the method 100 may include steps S101-S103. The steps are described below.
S101, determining a private key and a first public parameter according to the private key parameter.
Illustratively, the private key sk may include a first private key, a second private key, and a third private key, i.e., sk= (s, L, p).
Illustratively, the first public parameter, the private key, and the private key parameter are integers.
In one possible implementation, the private key parameter { k } from the user may be obtained prior to determining the private key 0 ,k L ,k r ,k M }。
Illustratively, the private key parameters satisfy: k (k) M <k L =k r <k 0
The private key parameters may include, for example, a first length parameter k 0 And a second length parameter k L There is also a third length parameter k r Fourth length parameter k M
Exemplary, third Length parameter k r May be used to determine a first random number and a second random number in a first encryption model.
Illustratively, the fourth length parameter is not used to determine the private key, but is used to define a range of lengths for the plaintext data. For exampleI.e. the bit length of the plaintext data in the plaintext space M is atBefore.
In one possible implementation, a bit length may be randomly selected as the first length parameter k 0 Obtaining a first integer q; then randomly selecting a bit length as the first length parameter k 0 And obtaining a third private key. The product of the first integer q and the third private key p is determined as the first public parameter N, i.e. n=p·q. Then randomly selecting an integer with the same bit length as the first public parameter to obtain a first private key, and randomly selecting a bit length as a second length parameter k L And obtaining a second private key.
Illustratively, the bit length of the first private key is the same as the first public parameter, and the first private key is less than the first public parameter.
Alternatively, the first length parameter k may be 0 Third length parameter k r The plaintext space M and the first public parameter N constitute a public parameter set pp= { k 0 ,k r M, N }, to public. The disclosure of the public parameters does not affect the confidentiality of the plaintext data and the ciphertext data.
S102, based on the private key and the first public parameter, the plaintext data is symmetrically encrypted through a first encryption model to obtain ciphertext data corresponding to the plaintext data.
By way of example, plaintext data may be symmetrically encrypted according to a private key and a first public parameter by a first encryption model to obtain ciphertext data corresponding to the plaintext data. At this time, the input of the first encryption model is plaintext data and private key sk belonging to plaintext space, and the output of the first encryption model is ciphertext data.
Illustratively, the first encryption model may satisfy the following formula:
E(m)=s·(r·L+m)(1+r′•p)mod N
wherein m is plaintext data, E (m) is ciphertext data, r is a first random number, r' is a second random number, s is a first private key, L is a second private key, p is a third private key, N is a first public parameter, and mod is a modulo operation.
By way of example only, and not by way of limitation,i.e. the first random number is a randomly selected bit length of the third length parameter k r And each bit is either 0 or 1.
By way of example only, and not by way of limitation,that is, the second random number may be a randomly selected bit length of the first length parameter k 0 And each bit is either 0 or 1.
In one example, a symmetric encryption algorithm may be formally defined as: (E (m), d) =symmetric encryption (m, sk). Where m is plaintext data in symmetric encryption, sk is a private key, E (m) is ciphertext data in symmetric encryption, and d is an exponent of the first private key.
Illustratively, the exponent of the first private key of the ciphertext data is 1.
S103, homomorphic operation is carried out on the data to be operated to obtain homomorphic encryption data.
For example, homomorphic operations may include addition operations and/or multiplication operations. The ciphertext data and homomorphic encryption data obtained by the method can be directly subjected to addition operation and/or multiplication operation, so that the calculation flow can be simplified and the calculation amount can be reduced. Unlike the current homomorphic encryption method, the homomorphic operation effect is achieved by a series of operations with high calculation cost on ciphertext data and homomorphic encryption data.
By way of example, the data to be operated on may include one or more of the following: ciphertext data, plaintext data, homomorphic encryption data obtained before the homomorphic operation is performed.
Illustratively, decrypting homomorphic encrypted data can result in homomorphic decrypted data.
The homomorphic decryption data is an example of a result obtained by homomorphic operation of plaintext data corresponding to data to be operated.
For example, the plaintext data is encrypted by the above steps to obtain ciphertext data E (m 1 ) And E (m) 2 ) The data to be operated on may include ciphertext data E (m 1 ) And E (m) 2 ). The following homomorphic operation is performed on the data to be operated on: e (m) 1 )+E(m 2 ) To obtain homomorphic encrypted data E (m 1 )+E(m 2 ). Then decrypting the homomorphic encrypted data to obtain m 1 +m 2 I.e. the result of homomorphic operation on the plaintext data corresponding to the two ciphertext data included in the data to be operated.
For example, the data to be operated on may include plaintext data m 1 And ciphertext data E (m 2 ) For plaintext data m 1 And ciphertext data E (m 2 ) The following homomorphic operation is performed: m is m 1 +E(m 2 ) Obtaining homomorphic encryption data m 1 +E(m 2 ). Then decryption of homomorphic encrypted data may result in: m is m 1 +m 2 I.e. ciphertext data E (m 2 ) Corresponding plaintext data m 2 And plaintext data m 1 And executing the homomorphic operation result.
For example, for ciphertext data E (m 1 ) And E (m) 2 ) The following homomorphic operation is performed: e (m) 1 )×E(m 2 ) And (3) obtaining homomorphic encrypted data: e (m) 1 )×E(m 2 ). Decryption of homomorphic encrypted data can obtain m 1 ×m 2 I.e. ciphertext data E (m 1 ) And E (m) 2 ) Corresponding plaintext data m 1 And m 2 And executing the homomorphic operation result.
For example, for ciphertext data E (m 1 ) And plaintext data m 2 The following homomorphic operation is performed: e (m) 1 )×m 2 And (3) obtaining homomorphic encrypted data: e (m) 1 )×m 2 . Then decrypting the homomorphic encrypted data to obtain m 1 ×m 2 I.e. ciphertext data E (m 1 ) Corresponding plaintext data m 1 And plaintext data m 2 And executing the homomorphic operation result.
For example, ciphertext data E (m 1 ) And plaintext data m 2 The following homomorphic operation is performed: e (m) 1 )×m 2 +E(m 1 )+m 2 And (3) obtaining homomorphic encrypted data: e (m) 1 )×m 2 +E(m 1 )+m 2 . Then decrypting the homomorphic encrypted data to obtain m 1 ×m 2 +m 1 +m 2 I.e. ciphertext data E (m 1 ) Corresponding plaintext data m 1 And plaintext data m 2 And executing the homomorphic operation result.
For example, the data to be operated on may include the last homomorphic encrypted data E (m 3 ) And plaintext data m 2 Ciphertext data E (m 2 ) Can encrypt data E (m 3 )=E(m 1 )×m 2 And plaintext data m 2 Ciphertext data E (m 2 ) The following homomorphic operation is performed: e (m) 3 )+E(m 2 )+E(m 3 )×m 2 ×E(m 2 ) Homomorphic encryption data of the homomorphic operation are obtained: e (m) 3 )+E(m 2 )+E(m 3 )×m 2 ×E(m 2 ) Decrypting it can result in: m is m 1 ×m 2 +m 2 +(m 1 ×m 2 )×m 2 ×m 2 I.e. the last homomorphic encrypted data E (m 3 ) Corresponding plaintext data m 1 +m 2 Ciphertext data E (m 2 ) Corresponding plaintext data m 2 And plaintext data m 2 And executing the result of the homomorphic operation.
In some embodiments, homomorphic encrypted data obtained after homomorphic operation is performed can also be expressed as: (E (m), d). Wherein E (m) is the index of the first private key in homomorphic encrypted data d obtained after homomorphic operation.
In one possible implementation, the exponent of the first private key in homomorphic encrypted data may be the maximum of the exponents of the first private keys of all the summation items in homomorphic operation.
For example, if E (m 1 )、E(m 2 ) Homomorphic encryption data obtained for previous homomorphic operation, E (m 3 )、E(m 4 ) For plain text data m 3 、m 4 Corresponding ciphertext data. This homomorphic encryption data E (m 5 )=E(m 1 )×E(m 2 )+E(m 1 )×E(m 3 )+E(m 4 )×E(m 3 ). Wherein the sum term is E (m 1 )×E(m 2 )、E(m 1 )×E(m 3 )、E(m 4 )×E(m 3 ). Then E (m) 5 ) The exponent of the first private key in the three summation items is the maximum of the exponents of the first private key in the three summation items.
In one example, if a sum term includes M encrypted data multiplications, the exponent of the first private key of the sum term is the sum of exponents of the first private keys of the M encrypted data.
Illustratively, m=2, 3 … ….
Illustratively, the encrypted data includes ciphertext data and/or homomorphic encrypted data.
For example, the first sum term E (m 1 )×E(m 2 ),E(m 1 )、E(m 2 ) Homomorphic encryption data obtained by the previous homomorphic operation are respectively provided with the indexes of the corresponding first private keys of d 1 、d 2 The first private key of the first addition item has an exponent d 1 +d 2 . As in the example above, the second sum term E (m 1 )×E(m 3 ),E(m 3 ) For plain text data m 3 Corresponding ciphertext data, the exponent of the first private key of the second addition term should be d 1 +1. Similarly, the third addition term E (m 4 )×E(m 3 ) The exponent of the first private key of (2) should be 1+1=2.
Specifically, when homomorphic operation is performed on data to be operated, if the indexes of the first private keys of each addition item are not equal, the addition item with smaller indexes needs to be multiplied by encrypted data obtained according to the plaintext data 1, so that the index of the first private key is the same as the maximum value in the addition item. This ensures that the correct homomorphic decrypted data can be obtained by decrypting the homomorphic encrypted data.
For example, the exponents of the first private keys of the three summation items in the above example are respectively: d, d 1 +d 2 、d 1 +1, 2. If: d, d 1 +d 2 >d 1 +1>2, a second sum term E (m 1 )×E(m 3 ) Multiplying the encrypted data (E (1), |d 1 +d 2 -(d 1 +1)|)=(E(1),|d 2 -1|), i.e. the encrypted data is obtained from E (1) alone, the first private key of which has an exponent of |d 2 -1|, E (1) is homomorphic encryption data obtained by encrypting 1. Similarly, a third addition term E (m 4 )×E(m 3 ) Multiplying the encrypted data (E (1), |d 1 +d 2 -2|)。
Specifically, plaintext, such as m, multiplied by encrypted data 4 ×E(m 3 ) M in (b) 4 Should be greater than 0.
In another example, if the encrypted data and the unencrypted data are multiplied in a sum term, then the exponent of the first private key of the sum term is the exponent of the first private key of the encrypted data. Such as the multiplication of ciphertext data and plaintext data: m is m 4 ×E(m 3 ) The exponent of the first private key of the addition is then compared with ciphertext data E (m 3 ) The indices of (2) are the same and are all 1.
In another possible implementation, if the homomorphic operation includes only multiplication, the exponent of the first private key of the homomorphic encrypted data is the sum of exponents of all first private keys of all multiplied data to be operated on. For example, homomorphically encrypted data is E (m 1 )×E(m 2 ),E(m 1 )、E(m 2 ) Homomorphic encryption data obtained by the previous homomorphic operation are respectively provided with the indexes of the corresponding first private keys of d 1 、d 2 The index of the first private key of the homomorphic encryption data is d 1 +d 2
Optionally, the method 100 may further comprise step S104.
S104, the private key and the homomorphic encryption data are sent to the receiving end, so that the receiving end decrypts the homomorphic encryption data according to the private key and the first public parameters through the first decryption model, and homomorphic decryption data are obtained.
For example, the private key may be sent to the receiving end first, and then the ciphertext data may be sent to the receiving end. The receiving end may obtain the first public parameter from the public parameter set.
In one possible implementation manner, the receiving end may decrypt the homomorphic encrypted data after operation according to the private key and the first public parameter through the first decryption model to obtain homomorphic decrypted data.
Illustratively, the first decryption model may satisfy the following formula:
m′=(((s d ) -1 ·E(m)mod N)mod p)mod L
wherein m is homomorphic decryption data; e (m) is homomorphic encryption data; r is a first random number; r' is a second random number; s is a first private key; l is a second private key; p is a third private key; n is a first public parameter; (s) d ) -1 Finger s d The inverse of modulo N, i.e. if s d T.ident.1 mod N, then(s) d ) -1 =t; d is the exponent of the first private key.
Alternatively, the(s) may be calculated before decrypting the homomorphic encrypted data d ) -1 Is a value of (2).
In one example, the decryption algorithm may be formalized as: m=decrypt (E (m), sk, d). m is homomorphic decryption data, and E (m) is homomorphic encryption data.
For example, if k M =40,k L =k r =160,k 0 =1024. Randomly selected first integer q= 994905341785064462920005882315351516419551986966244770242896169994171437159333286362906371126846383682126611644074445005286496370823357751840738888525664974125580642271870945850351329695250757430751706836280838702473290576651394413301274286720 115439265541319653757800397796537596371208361821559776706440501080709912171941107759894049525049859024259006405528506561100672160885546938019323785213239172195547101447161290942927500056670659335613452991821717771646743150237655188200410743972426167338398629405387862125871426359216115847009789881689437254153 0895234559239997275517722690145634680065693171427242439420151, third private key p= 115439265541319653757800397796537596371208361821559776706440501080709912171941107759894049525049859024259006405528506561100672160885546938019323785213239172195547101447161290942927500056670659335613452991821717771646743150237655188200410743972426167338398629405387862125871426359216115847009789881689437254153, first public parameter n= 11485114193880344471398239227527167647873644739772264823044255831061182143031897869368691697689158133667617082443545077922405968234728058896997790232696085407908915261083954095266610327492424412261927516197807963708710801833086955005149408953641784581734366456654025481352978249687357653775956738133321990382284416106664061641072001639487962362585497093920880150580403977043631827598095794889364258615467208802052003343314970544938286084188624523380802961422070827265369333157146071226864302429701773405971702025009081514514995807968166543940441289035513761257801698479921629196969664568571638370330746489350936637103, first private key s= 6226907178367561248827819354954551112287344378375389475722374425011140232420846714022943495312442443325693354401825647055831821663525752742684954976344410481634041754193825909368950198412536464716794106596025189952480104012989823233949669143572151245029389623700536948237189339080377721036251281985713679868500729297755353565754988057913709196046239871931539548808137078594147518599329088118669999434010195779894160748719724429620337790751502303603164578103971329341870320420870178987613382137798428822124562320373495578667177861201739018743721833693723435535434884846444245215794808522871332241322296180662950831824, second private key l= 892434469067675148245171634513651817435191081727. When for plaintext data m 1 The first random number r= 927978528954781293962251860977433169094604838579 and the second random number r' = 230862040493136204580537545264622152539873201034121873940400549021001 used for symmetric encryption74410855487896760281322324614106722601807501522639256837456083986935179153333350694899878387716262747362284736410382178321092040499069754211206691284584371163034682003777754321778102073673889512996291486347835655667292793609845866366105669. Ciphertext data E (m 1 ) = 4352343804947838242624878736542399133859543970381262613913946632154150185672366299746558255171753688311726477582833226064845175425540620833176389771195611577222527421521896880119807112020199509483250266689612826435643053550509241104290638631184808354293665503597083759811634606615428143121098199598157676511602121667874828510726347715690061204099032838821660404473814242987478618548777516043951266502833690213428171686021370916927874234504482919961213851274586776799516257497978223735519123652271516974590646744838843976815971345480361902651593743085880630723357017409314632796510429322072909785804679143052866658892. For plaintext data m 2 The first random number r= 1048383464640037082867639666117153363574998924841 and the second random number r' = 156274875133136052529815266215582831383283579995259785509885990580814529268562890548456744447556464626161346576866432113597375088685142189149291639853241776948343225245364825513939043611738212367114019389383646999073052305378043172648600438321889244282749976388598970314828030904482743423617899393403430730512 used for symmetric encryption. Ciphertext data E (m 2 )=10330004593711563694922730187261838511704201812920089000595072214706227371691761852820125349293088877044181391706860126903726482501582606850218228901100245924539960478186393007568281958656969916733295628328508949998412738157557965660251436121893233192084548419703180651428391090338911747976918394875403993936777676898257480569639569817610165340227381380163824238072759738814356417409370905151738942678882277495731512558717853909717098247232710932212062536749327421737641365661013445682205247285999603320965404114562509396615732403153812282257491066765079972670662782485218878415793095472933881807287611835706566643083。
For example, for ciphertext data E (m 1 ) And E (m) 2 ) The homomorphic encryption data E (m) is obtained by addition homomorphic operation 3 ),E(m 3 )=E(m 1 )+E(m 2 ) mod n= 3197234204779057466149369696277069997690101043529086791464763015799195414332230283197991906775684431688290786846148275046165689692395168786396828439599772093853572638624335792421478743184745013954618378820313812725344989874980251759392665799436256964643847466646238929887047447266982237322059856340239680066095382459468247439293915893812264181740917125064604491966170004758203208360052626306325950566248758907107680901424254281706686397548569328792473426601843371271788290001845598190860068508569346889584348834392271858916707940666007640968643520815446842136218101414611882015333860226435153222761544489408496664872. Since the addition homomorphic operation does not include multiplication before encrypting data, d=1,(s) d ) -1 =s -1 = 086226236005178222853888198913834895059424724322577273068345284063104801840867526660425086822948243857633599285791948404746984965946281958868644301357622260395184056443786519169905373685945962688192310840450892790770230878385143931678918456610475418991074614347785420768269890608743374766755805769993207118850071080455466294896209414547078249251295849359482410956541222225735340211756119477390025580007792335754090278872085915295798328911406550389917622574365735053439099387861057698344119115601702789620129029352130723960867038205788720558312601965897449128987289210883896305046708460454168901567618810519491152751. The parameters are carried into the first encryption model to obtain homomorphic decryption data m 3 =8=m 1 +m 2
For example, for ciphertext data E (m 1 ) And E (m) 2 ) Multiplication homomorphic operation is carried out to obtain homomorphic encryption data E (m 4 ),E(m 4 )=E(m 1 )·E(m 2 )mod N=9203488197280567937802629166090826733063391957800133706010810802884374997461887477835316181245181591472058704382835053092406411884753433188160800598130988147749377609898279126067288722981524731240152285798536586275326417965734596389702245143461831164478133587448277293991128817049278497592619840188875516716248307301073892559164263857678294230285991324722148476179471989364879941160245678997792580401190007827557792714738535495566811379157931058588870905901945553762272397282119883209717216378922897188050095900564509499244190499773138638601031170607512416404248156776370211356819784263715834217908808776933703691790. The multiplication homomorphic operation includes 2 multiplication operations of ciphertext data and ciphertext data, so d=1+1=2. Calculating(s) d ) -1 =(s 2 ) -1 = 963200749047415233135568887150080044954333464671953808617106602999070386547719392843123260876043139633745533730770191671596709449995478579878081447389726909317329838578604126636050658925607646384279730349873852374268513638512884272619996635636186376701214253935025957955194021664609119100206090176797838829810014064067869291654330497920151606948970487691390686977381526696006589445372265196565130094319486703346059879439329772743356426455840893142745546195186490094578107429331765862334338051264503231364636414933276658297632134897133661193226967701016846818838456678049329738804206380566950901020027870687115761302 and substituting the above parameters into the first decryption model to obtain homomorphic decryption parameters m 4 =15=m 1 ·m 2
In another possible implementation manner, step S103 may not be executed, and homomorphic operation may be performed on the data to be operated. The ciphertext data can be directly sent to the receiving end, and the receiving end can directly decrypt the ciphertext data according to the first decryption model to obtain plaintext data. Where d=1.
According to the method provided by the invention, the plaintext data is encrypted through the first encryption model or the second encryption model to obtain the ciphertext data, and the homomorphic encrypted data can be decrypted to obtain the corresponding plaintext data after homomorphic operation is executed, so that mixed homomorphic operation is realized; the homomorphic operation can be directly carried out on the ciphertext data and the plaintext data without the need of realizing the homomorphic operation through a complex operation process, so that the homomorphic operation can be realized with high efficiency; because the invention only relates to multiplication, addition and modular operation on integers, compared with matrix, data splitting and other operations in other schemes, the invention can reduce the calculation cost, thereby realizing efficient and lightweight encryption, homomorphic operation and decryption. Further, only one additional inverse operation is required at decryption. Because the first private key is fixed, a decryptor can calculate the relevant inverse element of the first private key in advance, which is equivalent to only involving one multiplication and 3 modulo operations, thereby simplifying the operation process and improving the high efficiency of data processing.
Fig. 2 is a schematic flow chart of another lightweight homomorphic encryption method provided by an embodiment of the invention. By way of example and not limitation, the method 200 may include steps S201-S203. The steps are described below.
S201, determining a private key and a first public parameter according to the private key parameter.
S202, based on the public key and the first public parameter, performing asymmetric encryption on the plaintext data through a second encryption model to obtain ciphertext data corresponding to the plaintext data.
In one possible implementation, the public key may be first determined based on the first encryption model, the private key, and the first public parameter. And then, carrying out asymmetric encryption on the plaintext data according to the public key and the first public parameter through a second encryption model to obtain ciphertext data corresponding to the plaintext data.
Exemplary public keys may include a first public key, a second public key, and a third public key.
In one example, two 0 s and one 1 s may be respectively input to the first encryption model to obtain a first public key E (0) 1 Second public key E (0) 2 And a third public key E (1).
Illustratively, the second encryption model may satisfy the following formula:
E(m)=(m·E(1)+r 1 ·E(0) 1 +r 2 ·E(0) 2 )mod N
wherein m is MingThe text data, E (m), is ciphertext data, E (0) 1 E (0) is the first public key 2 E (1) is the third public key, N is the first public parameter, r 1 And r 2 Two random numbers.
Exemplary, r 1 And r 2 All belong toI.e. r 1 And r 2 Two bits of length which can be selected randomly are the fifth length parameter k r And each bit is either 0 or 1.
In one example, an asymmetric encryption algorithm may be formally defined as: (E (m), d) =asymmetric encryption (m, pk). Where m is plaintext data in asymmetric encryption, pk is public key, E (m) is ciphertext data in asymmetric encryption, and d is an exponent of the first private key.
Similarly, the exponent of the first private key that obtains ciphertext data by asymmetric encryption is also 1.
S203, homomorphic operation is carried out on the data to be operated to obtain homomorphic encryption data.
Optionally, the method 200 may further comprise step S204.
S204, the private key and the homomorphic encryption data are sent to the receiving end, so that the receiving end decrypts the homomorphic encryption data according to the private key and the first public parameters through the first decryption model, and homomorphic decryption data are obtained.
Step S201 and steps S203-S204 of the method 200 are the same as steps S101 and S103-S104 of the method 100, and refer to the relevant content of steps S101 and S103-S104 of the method 100, which are not described herein.
According to the method provided by the invention, the plaintext data is encrypted through the first encryption model or the second encryption model to obtain the ciphertext data, and the homomorphic encrypted data can be decrypted to obtain the corresponding plaintext data after homomorphic operation is executed, so that mixed homomorphic operation is realized; the homomorphic operation can be directly carried out on the ciphertext data and the plaintext data without the need of realizing the homomorphic operation through a complex operation process, so that the homomorphic operation can be realized with high efficiency; because the invention only relates to multiplication, addition and modular operation on integers, compared with matrix, data splitting and other operations in other schemes, the invention can reduce the calculation cost, thereby realizing efficient and lightweight encryption, homomorphic operation and decryption. Further, only one additional inverse operation is required at decryption. Because the first private key is fixed, a decryptor can calculate the relevant inverse element of the first private key in advance, which is equivalent to only involving one multiplication and 3 modulo operations, thereby simplifying the operation process and improving the high efficiency of data processing.
Fig. 3 is a schematic flow chart of a lightweight homomorphic encryption method according to an embodiment of the invention. By way of example and not limitation, the method 300 may include steps S301-S304. The steps are described below.
S301, determining a private key and a first public parameter according to the private key parameter.
Step S301 of the method 300 is the same as step S101 of the method 100, and please refer to the related content of step S101 of the method 100, which is not described herein.
S302, carrying out symmetric encryption or asymmetric encryption on the plaintext data to obtain ciphertext data corresponding to the plaintext data.
In one example, ciphertext data corresponding to plaintext data may be obtained by symmetrically encrypting the plaintext data according to a private key and a first public parameter via a first encryption model.
For example, the content related to the symmetric encryption of the plaintext data according to the first encryption model is the same as the step S102 in the method 100, and specific reference may be made to the related description of the step S102 in the method 100, which is not repeated here.
In another example, the plaintext data may be asymmetrically encrypted to obtain ciphertext data corresponding to the plaintext data according to the public key and the first public parameter via a second encryption model.
For example, the content related to symmetric encryption of plaintext data according to the first encryption model is the same as step S202 in the method 200, and specific reference may be made to the description related to step S202 in the method 200, which is not repeated herein.
S303, homomorphic operation is carried out on the data to be operated to obtain homomorphic encryption data.
S304, the private key and the homomorphic encryption data are sent to the receiving end, so that the receiving end decrypts the homomorphic encryption data according to the private key and the first public parameters through the first decryption model, and homomorphic decryption data are obtained.
Steps S303-S304 of the method 300 are the same as steps S103-S104 of the method 100, and refer to the relevant content of steps S103-S104 of the method 100, which is not described herein.
According to the method provided by the invention, the plaintext data is encrypted through the first encryption model or the second encryption model to obtain the ciphertext data, and the homomorphic encrypted data can be decrypted to obtain the corresponding plaintext data after homomorphic operation is executed, so that mixed homomorphic operation is realized; the homomorphic operation can be directly carried out on the ciphertext data and the plaintext data without the need of realizing the homomorphic operation through a complex operation process, so that the homomorphic operation can be realized with high efficiency; because the invention only relates to multiplication, addition and modular operation on integers, compared with matrix, data splitting and other operations in other schemes, the invention can reduce the calculation cost, thereby realizing efficient and lightweight encryption, homomorphic operation and decryption. Further, only one additional inverse operation is required at decryption. Because the first private key is fixed, a decryptor can calculate the relevant inverse element of the first private key in advance, which is equivalent to only involving one multiplication and 3 modulo operations, thereby simplifying the operation process and improving the high efficiency of data processing. Meanwhile, the method provided by the invention can realize symmetric encryption and asymmetric encryption, and can enlarge application scenes.
Fig. 4 is a schematic structural diagram of a lightweight homomorphic encryption device according to an embodiment of the invention. By way of example, and not limitation, apparatus 400 may include a processing unit 410.
The processing unit 410 may be configured to:
determining a private key and a first public parameter according to the private key parameter;
symmetrically encrypting the plaintext data through a first encryption model based on the private key and the first public parameter to obtain ciphertext data corresponding to the plaintext data;
or based on the public key and the first public parameter, asymmetrically encrypting the plaintext data through a second encryption model to obtain ciphertext data;
homomorphic operation is carried out on the data to be operated to obtain homomorphic encryption data.
Illustratively, the private key parameter, the private key, and the first public parameter are integers.
Illustratively, the data to be operated on includes one or more of the following: ciphertext data, plaintext data, homomorphic encryption data obtained before the homomorphic calculation is performed.
Illustratively, homomorphic operations include addition operations and/or multiplication operations.
Illustratively, decrypting homomorphic encrypted data can result in homomorphic decrypted data.
The homomorphic decryption data is an example of a result obtained by homomorphic operation of plaintext data corresponding to data to be operated.
In one possible implementation, the first encryption model may satisfy the following formula:
E(m)=s·(r·L+m)(1+r′·p)mod N
wherein m is plaintext data, E (m) is ciphertext data, r is a first random number, r' is a second random number, s is a first private key, L is a second private key, p is a third private key, N is a first public parameter, and mod is a modulo operation.
In one possible implementation, the private key parameters may include: first length parameter k 0 And a second length parameter k L . The processing unit may be configured to randomly select a bit length as the first length parameter k 0 Obtaining a first integer; randomly selecting a bit length as a first length parameter k 0 Obtaining a third private key; determining a product of the first integer and the third private key as a first public parameter; and randomly selecting an integer to obtain a first private key.
Illustratively, the bit length of the first private key is the same as the first public parameter, and the first private key is less than the first public parameter.
In one possible implementation, the public key may include a first public key, a second public key, and a third public key, and the processing unit may be further configured to input two 0 s to the first encryption model, respectively, to obtain the first public key and the second public key; inputting 1 into the first encryption model to obtain a third public key. .
In one possible implementation, the second encryption model may satisfy the following formula:
E(m)=(m·E(1)+r 1 ·E(0) 1 +r 2 ·E(0) 2 )mod N
wherein m is plaintext data, E (m) is ciphertext data, E (0) 1 E (0) is the first public key 2 E (1) is the third public key, N is the first public parameter, r 1 And r 2 Two random numbers.
In one possible implementation, the apparatus 400 may further include a transmitting unit 420. The sending unit may be configured to send the private key and the homomorphic encrypted data to the receiving end, so that the receiving end decrypts the homomorphic encrypted data according to the private key and the first public parameter through the first decryption model, and obtains homomorphic decrypted data.
Illustratively, the first decryption model satisfies the following formula:
m′=(((s d ) -1 ·E(m)mod N)mod p)mod L
wherein m is homomorphic decrypted data, E (m) is homomorphic encrypted data, r is a first random number, r' is a second random number, s is a first private key, L is a second private key, p is a third private key, N is a first public parameter,(s) d ) -1 Is s d D is the exponent of the first private key.
In one possible implementation, if the homomorphic operation includes an addition operation, the exponent of the first private key of the homomorphic encrypted data is the maximum of the exponents of the first private keys of all addition items; if homomorphic operation only comprises multiplication operation, the index of the first private key of homomorphic encryption data is the sum of the indexes of the first private keys of all multiplied data to be operated.
According to the method provided by the invention, the plaintext data is encrypted through the first encryption model or the second encryption model to obtain the ciphertext data, and the homomorphic encrypted data can be decrypted to obtain the corresponding plaintext data after homomorphic operation is executed, so that mixed homomorphic operation is realized; the homomorphic operation can be directly carried out on the ciphertext data and the plaintext data without the need of realizing the homomorphic operation through a complex operation process, so that the homomorphic operation can be realized with high efficiency; because the invention only relates to multiplication, addition and modular operation on integers, compared with matrix, data splitting and other operations in other schemes, the invention can reduce the calculation cost, thereby realizing efficient and lightweight encryption, homomorphic operation and decryption. Further, only one additional inverse operation is required at decryption. Because the first private key is fixed, a decryptor can calculate the relevant inverse element of the first private key in advance, which is equivalent to only involving one multiplication and 3 modulo operations, thereby simplifying the operation process and improving the high efficiency of data processing. Meanwhile, the method provided by the invention can realize symmetric encryption and asymmetric encryption, and can enlarge application scenes.
Fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present invention. The electronic device 500 as shown in fig. 5 may include: at least one processor 510 (only one processor is shown in fig. 5), a memory 520, and a computer program 530 stored in the memory 520 and executable on the at least one processor 510, the processor 510 implementing the steps in any of the various method embodiments described above when executing the computer program 530.
The electronic device 500 may be a processing device such as a robot, which can implement the method described above, and the embodiment of the present invention does not limit the specific type of the electronic device.
It will be appreciated by those skilled in the art that fig. 5 is merely an example of an electronic device 500 and is not meant to be limiting and that more or fewer components than shown may be included or certain components may be combined or different components. For example, the electronic device 500 may also include an input-output interface.
The processor 510 may be a central processing unit (Central Processing Unit, CPU), the processor 510 may also be other general purpose processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASTC), field programmable gate arrays (Filed Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic device discrete hardware components, or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory 520 may be an internal storage unit, such as a hard disk or memory, in some embodiments. The memory 520 may also be an external storage device, such as a plug-in hard disk, a smart memory Card (Smart Memory Card, SMC), a Secure Digital (SD) Card, a Flash Card (Flash Card), etc. in other embodiments. Further, the memory 520 may also include both internal storage units and external storage devices. The memory 520 is used to store an operating system, application programs, boot Loader (Boot Loader), data, and other programs, such as program code of the computer program. The memory 520 may also be used to temporarily store data that has been output or is to be output.
It should be understood that the sequence number of each step in the foregoing embodiment does not mean that the execution sequence of each process should be determined by the function and the internal logic, and should not limit the implementation process of the embodiment of the present invention.
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-described division of the functional units and modules is illustrated, and in practical application, the above-described functional distribution may be performed by different functional units and modules according to needs, i.e. the internal structure of the apparatus is divided into different functional units or modules to perform all or part of the above-described functions. The functional units and modules in the embodiment may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit, where the integrated units may be implemented in a form of hardware or a form of a software functional unit. In addition, the specific names of the functional units and modules are only for distinguishing from each other, and are not used for limiting the protection scope of the present invention. The specific working process of the units and modules in the above system may refer to the corresponding process in the foregoing method embodiment, which is not described herein again.
Embodiments of the present invention also provide a computer readable storage medium storing a computer program which, when executed by a processor, implements steps for implementing the various method embodiments described above.
Embodiments of the present invention provide a computer program product which, when run on an electronic device, causes the electronic device to perform steps that may be carried out in the various method embodiments described above.
The integrated units, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer readable storage medium. Based on such understanding, the present invention may implement all or part of the flow of the method of the above embodiments, and may be implemented by a computer program to instruct related hardware, where the computer program may be stored in a computer readable storage medium, and when the computer program is executed by a processor, the computer program may implement the steps of each of the method embodiments described above. Wherein the computer program comprises computer program code which may be in source code form, object code form, executable file or some intermediate form etc. The computer readable medium may include at least: any entity or device capable of carrying computer program code to a photographing device/terminal apparatus, recording medium, computer Memory, read-Only Memory (ROM), random access Memory (RAM, random Access Memory), electrical carrier signals, telecommunications signals, and software distribution media. Such as a U-disk, removable hard disk, magnetic or optical disk, etc. In some jurisdictions, computer readable media may not be electrical carrier signals and telecommunications signals in accordance with legislation and patent practice.
In the foregoing embodiments, the descriptions of the embodiments are emphasized, and in part, not described or illustrated in any particular embodiment, reference is made to the related descriptions of other embodiments.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
Embodiments of the present invention also provide a computer readable storage medium storing a computer program which, when executed by a processor, performs the steps of the respective method embodiments described above.
In the foregoing embodiments, the descriptions of the embodiments are focused on, and the details or descriptions of some embodiments may be found in the related descriptions of other embodiments.

Claims (10)

1. A lightweight homomorphic encryption method for implementing symmetric encryption and asymmetric encryption, the method comprising:
determining a private key and a first public parameter according to the private key parameter, wherein the private key parameter, the private key and the first public parameter are integers;
symmetrically encrypting plaintext data through a first encryption model based on the private key and the first public parameter to obtain ciphertext data corresponding to the plaintext data;
or based on the public key and the first public parameter, asymmetrically encrypting the plaintext data through a second encryption model to obtain the ciphertext data;
homomorphic operation is carried out on data to be operated to obtain homomorphic encryption data, wherein the data to be operated comprises one or more of the following: the homomorphic encryption data are obtained before homomorphic calculation is carried out, the homomorphic encryption data are obtained after the ciphertext data, the plaintext data are obtained before homomorphic calculation is carried out, the homomorphic operation comprises addition operation and/or multiplication operation, the homomorphic encryption data are decrypted, homomorphic decryption data can be obtained, and the homomorphic decryption data are results obtained by carrying out homomorphic calculation on the plaintext data corresponding to the data to be calculated.
2. The method of claim 1, wherein the private key comprises a first private key, a second private key, and a third private key;
the first encryption model satisfies the following formula:
E(m)=s·(r·L+m)(1+r′·p)mod N
wherein m is the plaintext data, E (m) is the ciphertext data, r is a first random number, r' is a second random number, s is the first private key, L is the second private key, p is the third private key, N is a first public parameter, and mod is a modulo operation.
3. The method of claim 2, wherein the private key parameters comprise: first length parameter k 0 And a second length parameter k L
Wherein, determining the private key and the first public parameter according to the private key parameter includes:
randomly selecting a bit length as the first length parameter k 0 Obtaining a first integer;
randomly selecting a bit length as the first length parameter k 0 Obtaining the third private key;
determining a product of the first integer and the third private key as the first public parameter;
randomly selecting an integer to obtain the first private key, wherein the bit length of the first private key is the same as the first public parameter, and the first private key is smaller than the first public parameter;
Randomly selecting a bit length as the second length parameter k L And obtaining the second private key.
4. The method of claim 1, wherein the public key comprises: a first public key, a second public key, and a third public key;
the first public key and the second public key are obtained by respectively inputting two 0 s into the first encryption model;
the third public key is obtained by inputting 1 to the first encryption model.
5. The method of claim 4, wherein the second encryption model satisfies the following formula:
E(m)=(m·E(1)+r 1 ·E(0) 1 +r 2 ·E(0) 2 )mod N
wherein m is the plaintext data, E (m) is the ciphertext data, E (0) 1 E (0) for said first public key 2 E (1) is the third public key, N is the first public parameter, r 1 And r 2 Two random numbers.
6. The method according to any one of claims 1-5, further comprising:
the private key and the homomorphic encryption data are sent to a receiving end, so that the receiving end decrypts the homomorphic encryption data through a first decryption model according to the private key and the first public parameters to obtain homomorphic decryption data;
Wherein the first decryption model satisfies the following formula:
m′=(((s d ) -1 ·E(m)mod N)mod p)mod L
wherein m is the homomorphic decrypted data, E (m) is the homomorphic encrypted data, s is the first private key, L is the second private key, p is the third private key, N is the first public parameter,(s) d ) -1 Is s d D is the exponent of the first private key of the homomorphic encryption data.
7. The method of claim 6, wherein if the homomorphic operation comprises an addition operation, the exponent of the first private key of the homomorphic encrypted data is the maximum of the exponents of the first private keys of all addition items;
if the homomorphic operation only comprises multiplication operation, the exponent of the first private key of the homomorphic encryption data is the sum of exponents of the first private keys of all multiplied data to be operated.
8. A lightweight homomorphic encryption device for implementing symmetric encryption and asymmetric encryption, the device comprising a processing unit configured to:
determining a private key and a first public parameter according to the private key parameter, wherein the private key parameter, the private key and the first public parameter are integers;
symmetrically encrypting plaintext data through a first encryption model based on the private key and the first public parameter to obtain ciphertext data corresponding to the plaintext data;
Or based on the public key and the first public parameter, asymmetrically encrypting the plaintext data through a second encryption model to obtain the ciphertext data;
homomorphic operation is carried out on data to be operated to obtain homomorphic encryption data, wherein the data to be operated comprises one or more of the following: the homomorphic encryption data are obtained before homomorphic calculation is carried out, the homomorphic encryption data are obtained after the ciphertext data, the plaintext data are obtained before homomorphic calculation is carried out, the homomorphic operation comprises addition operation and/or multiplication operation, the homomorphic encryption data are decrypted, homomorphic decryption data can be obtained, and the homomorphic decryption data are results obtained by carrying out homomorphic calculation on the plaintext data corresponding to the data to be calculated.
9. An electronic device comprising a memory, a processor and a computer program stored in the memory, characterized in that the processor implements the method according to any of claims 1-8 when executing the computer program.
10. A computer readable storage medium storing a computer program, which when executed by a processor implements the method according to any one of claims 1-7.
CN202311540559.9A 2023-11-17 2023-11-17 Lightweight homomorphic encryption method for implementing symmetric encryption and asymmetric encryption Pending CN117394983A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311540559.9A CN117394983A (en) 2023-11-17 2023-11-17 Lightweight homomorphic encryption method for implementing symmetric encryption and asymmetric encryption

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311540559.9A CN117394983A (en) 2023-11-17 2023-11-17 Lightweight homomorphic encryption method for implementing symmetric encryption and asymmetric encryption

Publications (1)

Publication Number Publication Date
CN117394983A true CN117394983A (en) 2024-01-12

Family

ID=89439228

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311540559.9A Pending CN117394983A (en) 2023-11-17 2023-11-17 Lightweight homomorphic encryption method for implementing symmetric encryption and asymmetric encryption

Country Status (1)

Country Link
CN (1) CN117394983A (en)

Similar Documents

Publication Publication Date Title
CN108629027B (en) User database reconstruction method, device, equipment and medium based on block chain
Aslett et al. A review of homomorphic encryption and software tools for encrypted statistical machine learning
CN110348231A (en) Realize the data homomorphism encryption and decryption method and device of secret protection
KR101657062B1 (en) White-box implementation
US20120269340A1 (en) Hierarchical encryption/decryption device and method thereof
US8681975B2 (en) Encryption method and apparatus using composition of ciphers
Iyer et al. A novel idea on multimedia encryption using hybrid crypto approach
CN100585670C (en) Computer system and method for safely adding multiple integers
AU2004218638A1 (en) Use of isogenies for design of cryptosystems
WO2024077948A1 (en) Private query method, apparatus and system, and storage medium
CN102204158A (en) Low latency block cipher
WO2014007296A1 (en) Order-preserving encryption system, encryption device, decryption device, encryption method, decryption method, and programs thereof
Ramalingam et al. Chaos triggered image encryption-a reconfigurable security solution
WO2021129470A1 (en) Polynomial-based system and method for fully homomorphic encryption of binary data
US20080192924A1 (en) Data encryption without padding
Pashakolaee et al. Hyper-chaotic Feeded GA (HFGA): a reversible optimization technique for robust and sensitive image encryption
Biswas et al. A DNA cryptographic technique based on dynamic DNA encoding and asymmetric cryptosystem
US8553878B2 (en) Data transformation system using cyclic groups
CN111555880A (en) Data collision method and device, storage medium and electronic equipment
Wang et al. A new hybrid image encryption algorithm based on Gray code transformation and snake-like diffusion
Singh et al. Improvement of image transmission using chaotic system and elliptic curve cryptography
CN117857008A (en) Data processing method of torus full homomorphic encryption algorithm based on integer bootstrapping
CN109495478B (en) Block chain-based distributed secure communication method and system
Bootle et al. Cryptanalysis of compact-LWE
Liu et al. Optimization of AES and RSA algorithm and its mixed encryption system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination