CN117692126A - Paillier homomorphic encryption method and system based on low-complexity modular multiplication algorithm - Google Patents
Paillier homomorphic encryption method and system based on low-complexity modular multiplication algorithm Download PDFInfo
- Publication number
- CN117692126A CN117692126A CN202311717181.5A CN202311717181A CN117692126A CN 117692126 A CN117692126 A CN 117692126A CN 202311717181 A CN202311717181 A CN 202311717181A CN 117692126 A CN117692126 A CN 117692126A
- Authority
- CN
- China
- Prior art keywords
- algorithm
- multiplication
- complexity
- homomorphic encryption
- 512bit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004422 calculation algorithm Methods 0.000 title claims abstract description 130
- 238000000034 method Methods 0.000 title claims abstract description 31
- 238000004364 calculation method Methods 0.000 claims description 16
- 238000012545 processing Methods 0.000 claims description 16
- 238000004590 computer program Methods 0.000 claims description 8
- 238000010586 diagram Methods 0.000 description 4
- 238000009825 accumulation Methods 0.000 description 1
- 239000000654 additive Substances 0.000 description 1
- 230000000996 additive effect Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 125000004122 cyclic group Chemical group 0.000 description 1
- 238000000354 decomposition reaction Methods 0.000 description 1
- 230000007423 decrease Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Abstract
A Paillier homomorphic encryption method and system based on a low-complexity modular multiplication algorithm relates to the technical field of hardware information security password encryption, and is provided for solving the problems of complex operation of the modular multiplication algorithm and long operation period of large-bit wide modular multiplication of the traditional encryption system, and the technical key points are as follows: the method comprises a Karatuba multiplication algorithm with an input of 512bit operand of 64bit and a full-word modular multiplication algorithm with an input of 2048bit operand of 512 bit. The Karatuba multiplication algorithm with an input of 512bit and an operand of 64bit is used for reducing the required multiplication times, and is suitable for reducing the complexity of large bit width multiplication in an encryption algorithm. The full-word modular multiplication algorithm with 2048bit operand being 512bit is used for decomposing large bit width multiplication operation into small bit width multiplication operation, and hardware complexity is reduced. The invention can ensure that the complexity of the modular multiplication algorithm is lower in the realization process of the homomorphic encryption Paillier algorithm, and the efficiency is improved.
Description
Technical Field
The invention relates to the technical field of hardware information security password encryption, in particular to a Paillier homomorphic encryption method and system based on a low-complexity modular multiplication algorithm.
Background
Along with the rapid development of network technology and the large-scale popularization of intelligent terminals, the information security problem is also gradually paid attention to, the network security is mainly information security, the cryptography is a core research problem in the field of information security, homomorphic encryption is an encryption algorithm based on a public key cryptosystem, an encryption result can be obtained by calculating ciphertext, and the result is consistent with the result of plaintext calculation after decryption. Therefore, the operations such as the retrieval and comparison of the ciphertext can be solved under the condition of data confidentiality. Homomorphic encryption algorithms are divided into homomorphic encryption algorithms and partial homomorphic encryption algorithms, but the existing homomorphic encryption algorithms are generally low in efficiency and difficult to be practically applied in order to ensure data security. The partial homomorphic encryption algorithm is early in appearance, has high encryption and decryption speed, and is widely applied to message transmission and digital signature. The partial homomorphic encryption scheme refers to a scheme having a single addition homomorphism or multiplication homomorphism, such as an RSA algorithm, an Elgamal algorithm, a Paillier algorithm, and the like. The additive homomorphism property of Paillier homomorphic encryption is widely applied to applications such as secret security computation, encryption database, machine learning of encrypted data and the like. There is a great deal of competition where only ciphertext addition calculations are required.
The homomorphic encryption Paillier algorithm is used for ensuring encryption security, a key with large bit width is often selected, the key with large bit width directly causes great increase in operation complexity, and the modular multiplication algorithm is a core part of an encryption system, so that the operation complexity of large bit width modular multiplication is reduced, the operation period of large bit width modular multiplication is shortened, and the key for breaking the bottleneck of the encryption system is often a crucial step. The use of the basic modular multiplication algorithm can cause excessive multiplication times and high operation complexity, or excessively large multiplier area and greatly increase hardware complexity.
The existing encryption system does not provide a solution for reducing the operation complexity of the modular multiplication algorithm and the operation period of the large-bit-width modular multiplication. Therefore, it is necessary to design a low-complexity modular multiplication algorithm to reduce the problem of increased operation complexity caused by the large bit-width key.
Disclosure of Invention
The invention provides a Paillier homomorphic encryption method and system based on a low-complexity modular multiplication algorithm, which are used for solving the problems of complex operation of large-bit-width modular multiplication and long operation period of large-bit-width modular multiplication of the existing encryption system.
In order to achieve the purpose, the large integer multiplication which needs 64 small bit width multiplication operations is reduced to 27 times by optimizing the large integer multiplication and utilizing a Karatuba algorithm, so that the multiplication operation times needed by modular multiplication are reduced; the improved Karatuba algorithm is provided, and the modular multiplication algorithm is improved by using the Karatuba algorithm, so that the low-complexity homomorphic encryption Paillier operation is finally realized.
The technical scheme adopted by the invention for solving the technical problems is as follows:
the invention provides a Paillier homomorphic encryption method based on a low-complexity modular multiplication algorithm, which is applied to a hardware architecture of the low-complexity modular multiplication algorithm of the homomorphic encryption Paillier, and comprises a Karatuba multiplication algorithm with an input of 512bit operand of 64 bits and a full word KA-F with an input of 2048bit operand of 512 bits p Modular multiplication algorithm.
The Karatuba multiplication algorithm with the input of 512bit operand of 64bit is used for reducing the required multiplication times, and is suitable for reducing the complexity of large bit width multiplication in an encryption algorithm. The input is full-word KA-F with 2048bit operand being 512bit p The modular multiplication algorithm is used for decomposing large bit width multiplication operation into small bit width multiplication operation, and hardware complexity is reduced.
Further, the low-complexity modular multiplication algorithm is characterized in that the input is a Karatuba multiplication algorithm with a 512bit operand of 64 bits;
the Karatsuba algorithm multiplies the complexity of the operation from O (k 2 ) Is reduced toTwo multipliers A and B of 512 bits are decomposed into a0 a1 of 256 bits and a 0B 1 of 256 bits respectively by using a layer of Karatuba algorithm, when multiplication operation of A and B is carried out, the a0 a1 is needed to be multiplied by the B0B 1, so that 4 times of multiplication operation of 256 bits are needed, the 4 times of multiplication operation can be reduced to 3 times by using the layer of Karatuba algorithm, then the obtained 3 times of multiplication are respectively decomposed into half of original position width, the operation is repeated for 2 times, and the 512-bit multiplier with an operand of 64 bits, which is decomposed by the three times of Karatuba algorithm, is obtained. This reduces the number of multiplication operations required for an implemented 512-bit multiplier from 64 times to 27 times, greatly reducing the computational complexity. The obtained 512-bit multiplier result realized by using 64-bit operands is arranged, each 64 bits of the final result of A.sub.B can be formed by uncorrelated multiplication and addition, the data dependency relationship between high bits and low bits is reduced, so that parallelism can be realized during internal multiplication and addition calculation, and the calculation speed is increased.
Further, the low-complexity modular multiplication algorithm is characterized in that the input is a 2048-bit operand which is a 512-bit full word KA-F p A modular multiplication algorithm;
the original full-word modular multiplication algorithm is to calculate two large-number multiplications first, then process the two large-number multiplications through a reduction algorithm, and reduce the whole result to the range of the modulus. And full words KA-F p The modular multiplication algorithm is to decompose an input 2048bit operand according to a 512bit word length to obtain a word number of 4, the algorithm is provided with an inner loop and an outer loop, the 512bit word length is scanned, the inner loop and the outer loop carry out 512bit multiplication 512bit operation each time, the operation is completed by using a 512bit Karatsulba multiplication algorithm module, and the whole word KA-F is obtained p The modular multiplication algorithm needs 12 iterations and 972 multiplications, reduces the computational complexity, and multiplies the multiplier by 2048 bitsThe method reduces the complexity of hardware by reducing the frequency of the method to 64 bits.
Compared with the prior art, at least the following beneficial effects are realized: the invention provides a low-complexity modular multiplication algorithm applied to homomorphic encryption Paillier and a hardware architecture thereof, which can ensure that the complexity of the modular multiplication algorithm is lower in the realization process of the homomorphic encryption Paillier algorithm and improve the efficiency. Only 972 times of multiplication operations are needed to complete one 2048bit modular multiplication operation, and compared with the traditional multiplication times needed by full-word Montgomery modular multiplication with the input of 2048bit and the operand of 64bit, the number of times of multiplication is reduced by about 54 percent, and the calculation complexity is reduced.
A Paillier homomorphic encryption system based on a low-complexity modular multiplication algorithm comprises program modules corresponding to the steps of the technical scheme, and the steps in the Paillier homomorphic encryption method based on the low-complexity modular multiplication algorithm are executed during operation.
A computer readable storage medium storing a computer program configured to implement the steps of a Paillier homomorphic encryption method based on a low complexity modular multiplication algorithm described above when invoked by a processor.
A Paillier homomorphic encryption processor is realized by a Paillier homomorphic encryption system based on a low-complexity modular multiplication algorithm.
Further, the Paillier homomorphic encryption processor comprises: a top controller, a global memory system, and a plurality of ciphertext processing elements having a bit-serial reconfigurable data stream; the top controller is used for controlling the data flow inside the chip and the calculation of the ciphertext processing element; a global memory system for storing input and output data required for internal computation of the chip; the ciphertext processing element is used for calculating and processing the modulo operation required by the ciphertext; the top controller controls the global memory system to interact data with the plurality of ciphertext processing elements via the bus.
Further, each ciphertext processing element includes a weight buffer, an input buffer, an output buffer, a lookup table unit for bit-serial processing of portions and entries, a Montgomery unit, and an extended Euclidean unit; the weight buffer is used for storing the weight multiplied by the ciphertext; the input buffer is used for storing the calculation ciphertext; the output buffer is used for storing the calculation result; look-up table unit for parts and entries of bit serial processing: the intermediate settlement result is used for storing the ciphertext; the Montgomery unit performing Montgomery modular exponentiation for the Paillier algorithm organized as modular exponentiation and modular exponentiation; the extended euclidean unit is configured to use an extended euclidean algorithm for modulo inversion operation.
The Paillier homomorphic encryption processor can be used to speed up on-chip.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required in the description of the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort to a person of ordinary skill in the art.
FIG. 1 is a block diagram of a Karatuba multiplication algorithm of the present invention with an input of 512bit and an input of 64 bit.
FIG. 2 is a diagram of KA-F according to the present invention p Modular multiplication algorithm structure diagram.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to fig. 1-2 of the implementation of the present invention. These embodiments are merely for explaining the technical principle of the invention, and are not intended to limit the scope of the invention.
The invention provides a Paillier homomorphic encryption method based on a low-complexity modular multiplication algorithm, wherein the homomorphic encryption Paillier method adopts the low-complexity modular multiplication algorithm and a hardware architecture thereof: comprises a Karatuba multiplication algorithm with an input of 512bit and an operand of 64bit, and full-word KA-F with an input of 2048bit and an operand of 512bit p Modular multiplication algorithm.
The Karatuba multiplication algorithm with the input of 512bit operand of 64bit is improved aiming at large integer multiplication generated by a large bit width key of homomorphic encryption Paillier algorithm, so that the number of times of multiplication is reduced, the multiplication bit width is reduced, and the calculation complexity is reduced.
Preferably, the Karatsuba multiplication algorithm with an input of 512bit operand of 64bit is characterized in that a and B with a bit width of 512 bits are split into 2 parts of 256-bit sub-operands and multiplied, namely:
A=A 1 *2 256 +A 0
B=B 1 *2 256 +B 0
A*B=A 1 *B 1 *2 512 +A 0 *B 0 +((A 0 +A 1 )(B 0 +B 1 )-A 1 *B 1 -A 0 *B 0 )*2 256
it can be seen that the Karatsuba multiplication algorithm will (a 1 *2 256 +A 0 )(B 1 *2 256 +B 0 ) The number of multiplications required decreases from 4 to 3, A respectively 1 *B 1 、A 0 *B 0 、(A 0 +A 1 )(B 0 +B 1 )。
And then A is added into 0 、A 1 、B 0 、B 1 Split into 2 parts of 128-bit sub-operands, and bring them into the above formula, such as:
A 1 =A 11 *2 128 +A 10
B 1 =B 11 *2 128 +B 10
A 1 *B 1 =A 11 *B 11 *2 256 +A 10 *B 10
+((A 10 +A 11 )(B 10 +B 11 )-A 11 *B 11 -A 10 *B 10 )*2 128
it can be seen that when split into 128-bit sub-operands, the number of multiplications required is 9.
Similarly, A is 10 、A 11 、B 10 、B 11 Respectively split into 2 parts of 64-bit sub-operands, and carry the sub-operands into the realization of 64-bit operands512-bit Karatsuba multiplication algorithm, such as:
A 11 =a 1 *2 64 +a 0
B 11 =b 1 *2 64 +b 0
A 11 *B 11 =a 1 *b 1 *2 128 +a 0 *b 0
+((a 0 +a 1 )(b 0 +b 1 )-a 1 *b 1 -a 0 *b 0 )*2 64
it can be seen that when split into 64-bit sub-operands, the number of multiplications required is 27.
Multiply-add operations corresponding to different weights in the arrangement, e.g., ((a) 0 +a 1 )(b 0 +b 1 )-a 1 *b 1 -a 0 *b 0 )*2 64
Let t 01 =(a 0 +a 1 )(b 0 +b 1 )-a 1 *b 1 -a 0 *b 0 ,
2 64*i The previous multiply-add operation is denoted k i I.e. k 1 *2 64 =t 01 *2 64 That is t 01 =k i
The result c=k of a×b 14 *2 64*14 …+k 1 *2 64 +k 0
The Karatuba multiplication algorithm with the input of 512bit and the operand of 64bit is as follows:
the algorithm can take the computational complexity of large integer multiplications from O (k 2 ) Is reduced toWhen the input is a 512-bit operand, the algorithm may reduce the 64 multiplier to 64-bit multiplication to 27 64-bit to 67-bit multiplication.
Please refer to fig. 1: referring to fig. 1, the structure of the kartsuba multiplication algorithm with an input 512bit operand of 64bit is provided, wherein a_r0, a_r1, a_r2, a_r3, b_r0, b_r1, b_r2, b_r3 are 64-bit registers for registering the split result of the input 512-bit multiplier A, B, and in the first cycle, 8 64-bit registers register the lower 256 bits of A, B, namely 0 to 63 bits of a_r0 register a, 64 bits to 127 bits of a_r1 register a, and so on. In the second cycle, operand A, B is shifted right by 64 bits, with a_r0 registering 64 to 127 bits of A, a_r1 registering 128 to 191 bits of A, and so on. Up to the 4 th cycle, the 8 64-bit registers register A, B with the upper 256 bits, i.e., 256 bits to 319 bits of a_r0 register a, 320 bits to 383 bits of a_r1 register a, 384 bits to 447 bits of a_r2 register a, 448 bits to 511 bits of a_r3 register a, respectively. The first 4 cycles are used to calculate the (a) required in steps 1-5 of the 512bit karatsuba multiplication algorithm 0 +a 1 )、(a 0 +a 2 )、(a 2 +a 3 )、(a 1 +a 3 )、(a 0 +a 4 ) The lower order operations are combined in a register set, and the lower order addition in steps 12-16 later can reuse the result, increase reusability, and reduce register area.
The MUX1 and the MUX2 are 4-choice 2 multiplexers, which sub-operands are controlled by a control end to select for multiplication and addition operation, the MUX3 is a 5-choice 2 multiplexer, the output end is connected with an adder-subtractor, the input ends are respectively connected with the MUX1 sub-operand selector, the MUX2 sub-operand selector and a register group, so that the result selected by the sub-operands and the intermediate result registered by multiplication or addition operation can be subjected to addition and subtraction operation continuously.
The MUX4 is a 4-select 2 multiplexer, the output end of which is connected with the multiplier, and the input end of which is respectively connected with the sub-operand selector and the adder-subtractor so that the result of the sub-operand selection or the output result of the adder-subtractor can be multiplied.
The MUX5 is a 3-to-1 multiplexer, the output end is connected with the register group, the input end is connected with the multiplier and the adder, and the output results of the multiplication and the addition are stored in the register group under the control of the control end.
The input is 2048bit operand512bit full word KA-F p The modular multiplication algorithm is used for decomposing large bit width multiplication operation into small bit width multiplication operation, and hardware complexity is reduced.
Preferably, the input is a full-word modular multiplication algorithm KA-F with 2048bit operand being 512bit p The input 2048-bit multiplier X, Y is divided into 4 parts of 512-bit sub-operands, which are respectively marked as x 3 ,x 2 ,x 1 ,x 0 、y 3 ,y 2 ,y 1 ,y 0 Wherein x is 0 From bit 0 to bit 511 of X, X 1 512 th to 1023 rd bits of X, X 2 1024 th to 1535 th bits of X, X 3 1536 th to 2047 th bits of X, y 0 From bit 0 to bit 511 of Y, Y 1 512 th to 1023 rd bits of Y, Y 2 1024 th to 1535 th bits of Y, Y 3 1536 th to 2047 th bits of Y.
The algorithm has an inner layer circulation and an outer layer circulation, scans the length of a 512bit word, performs 512bit multiplication operation on the inner layer circulation and the outer layer circulation each time, reduces a multiplier with a multiplier number of 2048bit to 512bit, reduces hardware complexity, and completes the operation by using a 512bit Karatsulba multiplication algorithm module. Each time a 512bit by 512bit operation is completed, 27 multiplications are required, KA-F p The modular multiplication algorithm requires 12 iterations, wherein the outer loop has 4 iterations with 3 multiplications each time, the inner loop has 12 iterations with 2 multiplications each time, 972 multiplications are required, and compared with the traditional multiplication times required by full word Montgomery modular multiplication with 2048bit operand 64bit, the number of times is reduced by about 54%, and the computational complexity is reduced.
The input is KA-F with 2048bit operand being 512bit p The modular multiplication algorithm is as follows:
where s is the number of parts of the input operand decomposition, s=4, n is a 2048bit modulus, and is decomposed into 4 parts of 512bit sub-operands, as is the multiplier X, Y, denoted n 3 ,n 2 ,n 1 ,n 0 。n′[0]Is-n 0 The modulus of w is inverted and is obtained by pre-calculation. w is 2 512 512 is the bit width size of the child operand. The algorithm has an inner layer circulation and an outer layer circulation: steps 2-6, 13-16 are outer layer cycles and steps 8-12 are inner layer cycles.
Step 2-6: sequentially taking 512 bits of Y, i.e. Y i With the lower 512 bits of X, i.e. X 0 Inputting to 512bit Karatuba multiplication algorithm to obtain multiplication result ka_m, and combining ka_m with low 512 bits t [0] of intermediate result t]Adding to obtain sum S and carry R0, and adding the obtained sum S to the input operand n' 0]And inputting the result into a 512bit Karatuba multiplication algorithm to obtain a parameter m. m and the lowest bit N of modulus N 0 Inputting the result into 512bit Karatuba multiplication algorithm, storing the multiplication result into ka_m, adding ka_m and S, storing the obtained sum into S, and storing the carry into R1.
Step 8-12: taking 512 bits of Y at a time, i.e. Y i 512 bits with X, i.e. X j Inputting to 512bit Karatuba multiplication algorithm to obtain multiplication result ka_m, and accumulating last cycle result t [ j ]]And carrying R0, and finishing accumulation operation to obtain a new sum S and carry R0. Then parameter m and 512 bits N of modulus N j Inputting into 512bit Karatuba multiplication algorithm to obtain multiplication result ka_m, accumulating sum S and last cyclic carry R1 of step 9 to obtain new sum S and carry R1, and storing S into intermediate result t [ j-1 ]]Is a kind of medium.
Step 13-16: and adding the carry R0 and R1 of the last steps 9 and 11 of the inner loop to obtain a new sum S and a carry R0, adding the sum S and the highest 512b it t [ S ] of the intermediate result t to obtain a new sum S and a carry R1, storing S into t [ S-1], and adding the two carry R0 and R1 into t [ S ].
Please refer to fig. 2: as shown in FIG. 2, the present application provides KA-F p Modular multiplication algorithm structure diagram.
MUX1, MUX2 and MUX3 are all 4-to-1 multiplexers, and the operands are selected to be input into a Karatuba multiplication algorithm under the action of a controller to carry out multiplication operation. The MUX4 is a 6-choice 2 multiplexer, the output end is connected with the Karatuba multiplication algorithm module, the input end is connected with the outputs of the MUX1, the MUX2 and the MUX3, namely the sub-operands of 3 input operands are connected with the input operand n' 0 and the output end of the Karatuba multiplication algorithm module, the obtained output result and other operands are continuously subjected to multiplication operation and are connected with the output end of the adder, and the output result of the adder and other operands are subjected to multiplication operation. And meanwhile, the output end of the adder is connected with Result to output the modular multiplication Result.
Through repeated verification, the Paillier homomorphic encryption method and system based on the low-complexity modular multiplication algorithm provided by the invention truly solve the problems of complex operation and long operation period of large-bit-width modular multiplication of the traditional encryption system modular multiplication algorithm, and compared under the same condition, the operation speed of the method is greatly improved by at least 20%, and the operation period of large-bit-width modular multiplication is greatly shortened.
The Paillier homomorphic encryption method (algorithm) based on the low-complexity modular multiplication algorithm is a technical kernel of the bottom layer of the invention, and various products can be derived based on the algorithm.
The method (algorithm) provided by the invention utilizes a program language to develop a Paillier homomorphic encryption system based on a low-complexity modular multiplication algorithm, the system is provided with a program module corresponding to the steps of the technical scheme, and the steps in the Paillier homomorphic encryption method based on the low-complexity modular multiplication algorithm are executed during operation.
A computer program of a developed system (software) is stored on a computer readable storage medium, said computer program being configured to implement the steps of a Paillier homomorphic encryption method based on a low complexity modular multiplication algorithm as described above when called by a processor. I.e. the invention is embodied on a carrier as a computer program product.
The Paillier homomorphic encryption processor provided by the invention is used as a terminal product applied to the Paillier homomorphic encryption method based on the low-complexity modular multiplication algorithm.
Various implementations of the systems and techniques described here can be realized in digital electronic circuitry, integrated circuitry, application specific ASIC (application specific integrated circuit), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs, the one or more computer programs may be executed and/or interpreted on a programmable system including at least one programmable processor, which may be a special purpose or general-purpose programmable processor, that may receive data and instructions from, and transmit data and instructions to, a storage system, at least one input device, and at least one output device.
The computing programs (also referred to as programs, software applications, or code) in the present invention include machine instructions for a programmable processor, and can be implemented in a high-level procedural and/or object-oriented programming language, and/or in assembly/machine language. As used herein, the terms "machine-readable medium" and "computer-readable medium" refer to any computer program product, apparatus, and/or device (e.g., magnetic discs, optical disks, memory, programmable Logic Devices (PLDs)) used to provide machine instructions and/or data to a programmable processor, including a machine-readable medium that receives machine instructions as a machine-readable signal. The term "machine-readable signal" refers to any signal used to provide machine instructions and/or data to a programmable processor.
In summary, the present invention is only the preferred embodiments, but the scope of the invention is not limited thereto, and any person skilled in the art should be able to apply equally to the present invention, and all changes and modifications made according to the technical solution and the inventive concept thereof are included in the scope of the present invention.
Claims (9)
1. A Paillier homomorphic encryption method based on a low-complexity modular multiplication algorithm is characterized in that the low-complexity modular multiplication algorithm adopted by the Paillier homomorphic encryption method comprises a Karatuba multiplication algorithm with an input of 512bit operand of 64 bits and a full word KA-F with an input of 2048bit operand of 512 bits p A modular multiplication algorithm;
the Karatuba multiplication algorithm with the input of 512bit operand of 64bit is used for reducing the required multiplication times, and is suitable for reducing the complexity of large bit width multiplication in the encryption algorithm;
the input is full-word KA-F with 2048bit operand being 512bit p The modular multiplication algorithm is used for decomposing large bit width multiplication operation into small bit width multiplication operation, and hardware complexity is reduced.
2. The method of Paillier homomorphic encryption based on low complexity modular multiplication algorithm according to claim 1, wherein the multiplier of 512bit operands uses a Karatsuba multiplication algorithm with input of 512bit operands of 64 bits:
the Karatsuba algorithm multiplies the complexity of the operation from O (k 2 ) Reduced to O (k) log23 ) Decomposing two multipliers A and B of 512 bits into a0 a1 of 256 bits and B0B 1 of 256 bits respectively by using a layer of Karatuba algorithm, and multiplying a0 a1 by B0B 1 respectively when carrying out multiplication operation of A and B, so that 4 times of multiplication of 256 bits are needed, 4 times of multiplication operation can be reduced to 3 times by using the layer of Karatuba algorithm, then the obtained 3 times of multiplication are respectively decomposed into half of original position width, and repeating the operation for 2 times to obtain a 512-bit multiplier with an operand of 64 bits which is decomposed by using the three times of Karatuba algorithm; the number of multiplication operations required by the realized 512-bit multiplier is reduced from 64 times to 27 times, so that the calculation complexity is greatly reduced; the obtained 512-bit multiplier result realized by using 64-bit operands is arranged, and each 64 bits of the final result of A.times.B is formed by uncorrelated multiplication and addition, so that the data dependency relationship between high bits and low bits is reduced, and the parallelism can be realized during internal multiplication and addition calculation, and the calculation speed is increased.
3. The method for Paillier homomorphic encryption based on low-complexity modular multiplication algorithm according to claim 1, wherein the input is full-word KA-F with 2048bit operand being 512bit p Modular multiplication algorithm:
the original full-word modular multiplication algorithm firstly calculates two large-number multiplications, and then processes the two large-number multiplications through a reduction algorithm, so that the whole result is reduced to be within the range of the modulus; and full words KA-F p The modular multiplication algorithm is to decompose an input 2048bit operand according to a 512bit word length to obtain a word number of 4, the algorithm is provided with an inner loop and an outer loop, the 512bit word length is scanned, the inner loop and the outer loop carry out 512bit multiplication 512bit operation each time, the operation is completed by using a 512bit Karatsulba multiplication algorithm module, and the whole word KA-F is obtained p The modular multiplication algorithm requires 12 iterations, 972 multiplications, for reducing the computational complexity, and reduces the 2048bit multiplier to 64 bits for reducing the hardware complexity.
4. A Paillier homomorphic encryption system based on a low-complexity modular multiplication algorithm is characterized in that: the system having program modules corresponding to the steps of any of the preceding claims 1-3, the steps of a Paillier homomorphic encryption method based on a low complexity modular multiplication algorithm being performed at run-time.
5. A computer-readable storage medium, characterized by: the computer readable storage medium stores a computer program configured to implement the steps of a Paillier homomorphic encryption method based on a low complexity modular multiplication algorithm as claimed in any one of claims 1 to 3 when invoked by a processor.
6. A Paillier homomorphic encryption processor, characterized by: the Paillier homomorphic encryption processor is realized by a Paillier homomorphic encryption system based on a low-complexity modular multiplication algorithm.
7. The Paillier homomorphic encryption processor of claim 6, wherein: comprising the following steps: a top controller, a global memory system, and a plurality of ciphertext processing elements having a bit-serial reconfigurable data stream; the top controller is used for controlling the data flow inside the chip and the calculation of the ciphertext processing element; a global memory system for storing input and output data required for internal computation of the chip; the ciphertext processing element is used for calculating and processing the modulo operation required by the ciphertext; the top controller controls the global memory system to interact data with the plurality of ciphertext processing elements via the bus.
8. The Paillier homomorphic encryption processor of claim 7, wherein: each ciphertext processing element comprises a weight buffer, an input buffer, an output buffer, a lookup table unit for bit serial processing of parts and items, a Montgomery unit and an extended Euclidean unit; the weight buffer is used for storing the weight multiplied by the ciphertext; the input buffer is used for storing the calculation ciphertext; the output buffer is used for storing the calculation result; look-up table unit for parts and entries of bit serial processing: the intermediate settlement result is used for storing the ciphertext; the Montgomery unit performing Montgomery modular exponentiation for the Paillier algorithm organized as modular exponentiation and modular exponentiation; the extended euclidean unit is configured to use an extended euclidean algorithm for modulo inversion operation.
9. The Paillier homomorphic encryption processor of claim 8, wherein the Paillier homomorphic encryption processor is configured to accelerate on-chip.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311717181.5A CN117692126A (en) | 2023-12-14 | 2023-12-14 | Paillier homomorphic encryption method and system based on low-complexity modular multiplication algorithm |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311717181.5A CN117692126A (en) | 2023-12-14 | 2023-12-14 | Paillier homomorphic encryption method and system based on low-complexity modular multiplication algorithm |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117692126A true CN117692126A (en) | 2024-03-12 |
Family
ID=90128109
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311717181.5A Pending CN117692126A (en) | 2023-12-14 | 2023-12-14 | Paillier homomorphic encryption method and system based on low-complexity modular multiplication algorithm |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117692126A (en) |
-
2023
- 2023-12-14 CN CN202311717181.5A patent/CN117692126A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11416638B2 (en) | Configurable lattice cryptography processor for the quantum-secure internet of things and related techniques | |
| Wang et al. | FPGA implementation of a large-number multiplier for fully homomorphic encryption | |
| JPH09274560A (en) | Power remainder operation circuit, power remainder operation system and operation method for power remainder operation | |
| CN115344237B (en) | Data processing method combining Karatsuba and Montgomery modular multiplication | |
| CN103761068A (en) | Optimized Montgomery modular multiplication method, optimized modular square method and optimized modular multiplication hardware | |
| Liu et al. | Efficient software implementation of ring-LWE encryption on IoT processors | |
| CN114297571A (en) | Polynomial multiplication hardware implementation system suitable for lattice cipher algorithm | |
| CN114895870B (en) | Efficient reconfigurable SM2 dot multiplication method and system based on FPGA | |
| CN114095149B (en) | Information encryption method, device, equipment and storage medium | |
| CN109933304B (en) | Rapid Montgomery modular multiplier operation optimization method suitable for national secret sm2p256v1 algorithm | |
| CN109144472B (en) | Scalar multiplication of binary extended field elliptic curve and implementation circuit thereof | |
| Farzam et al. | Implementation of supersingular isogeny-based Diffie-Hellman and key encapsulation using an efficient scheduling | |
| CN101304312B (en) | Ciphering unit being suitable for compacting instruction set processor | |
| US11546161B2 (en) | Zero knowledge proof hardware accelerator and the method thereof | |
| Lee et al. | Area-efficient subquadratic space-complexity digit-serial multiplier for type-II optimal normal basis of $ GF (2^{m}) $ using symmetric TMVP and block recombination techniques | |
| CN109284085B (en) | High-speed modular multiplication and modular exponentiation operation method and device based on FPGA | |
| Liu et al. | Efficient digit-serial KA-based multiplier over binary extension fields using block recombination approach | |
| Hani et al. | FPGA implementation of RSA public-key cryptographic coprocessor | |
| CN117692126A (en) | Paillier homomorphic encryption method and system based on low-complexity modular multiplication algorithm | |
| WO2023141934A1 (en) | Efficient masking of secure data in ladder-type cryptographic computations | |
| Wang et al. | A novel fast modular multiplier architecture for 8,192-bit RSA cryposystem | |
| KR100297110B1 (en) | Modular multiplier | |
| Nedjah et al. | Four hardware implementations for the m-ary modular exponentiation | |
| Mirzaee et al. | Design and Implementation of an ASIP-Based Crypto Processor for IDEA and SAFER K-64. | |
| CN114706557B (en) | ASIC chip and implementation method and device of Montgomery modular multiplication |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |