JPWO2021229157A5 - Cryptographic methods, systems, and services for evaluating real-valued functions on encrypted data - Google Patents

Cryptographic methods, systems, and services for evaluating real-valued functions on encrypted data Download PDF

Info

Publication number
JPWO2021229157A5
JPWO2021229157A5 JP2022569135A JP2022569135A JPWO2021229157A5 JP WO2021229157 A5 JPWO2021229157 A5 JP WO2021229157A5 JP 2022569135 A JP2022569135 A JP 2022569135A JP 2022569135 A JP2022569135 A JP 2022569135A JP WO2021229157 A5 JPWO2021229157 A5 JP WO2021229157A5
Authority
JP
Japan
Prior art keywords
function
encode
encryption
homomorphic
ciphertext
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
JP2022569135A
Other languages
Japanese (ja)
Other versions
JP2023525159A (en
Publication date
Priority claimed from FR2004772A external-priority patent/FR3110311B1/en
Application filed filed Critical
Publication of JP2023525159A publication Critical patent/JP2023525159A/en
Publication of JPWO2021229157A5 publication Critical patent/JPWO2021229157A5/en
Pending legal-status Critical Current

Links

Claims (15)

定義域Dで任意の精度を有し、像Iで実数値を有する実数値変数xの単変数関数fの近似準同型評価を行うように特別にプログラムされた少なくとも1つの情報処理システムによってデジタル形式で実行される暗号方法であって、入力としてxのエンコーディングの暗号文、E(encode(x))を取り、f(x)の近似値のエンコーディングの暗号文、y≒f(x)であるE’(encode’(y))を返し、EとE’は準同型暗号化アルゴリズムであり、それらの平文のそれぞれのネイティブ空間はMとM’であり、
- 評価される関数fの入力における変数の表現の実際の精度を定量化する整数N≧1、
- 領域Dの要素を入力として取り、それにMの要素を関連付けるエンコーディング関数encode、
- 像Iの要素を入力として取り、それにM’の要素を関連付けるエンコーディング関数encode’、
- Mの要素を入力として取り、それに整数で表されるインデックスを関連付ける離散化関数discretise、
- その平文のネイティブ空間Mが少なくともNのカーディナリティを有する、暗号化アルゴリズムEを有する準同型暗号化方式、
- 整数を入力として取り、Mの要素を返すエンコーディング関数encode
によりパラメータ化され、
その結果、エンコーディングencodeとそれに続く離散化discretiseによる領域Dの像、
Figure 2021229157000001
 は、S={0,…,N-1}から選択された最大N個のインデックスの集合であり、
- a.前記単変数関数fに対応する表を事前計算するステップであって、
○領域Dを、その和集合がDを構成するN個の選択された部分区間R,…,RN-1に分解すること、
○S={0,…,N-1}内の各インデックスiに対して、部分区間Rの代表的なx(i)を決定し、値y(i)=f(x(i))を計算すること、
○0≦i≦N-1に対して、T[i]=y(i)であるN個の成分T[0],…,T[N-1]で構成される表Tを返すことである、ステップ、
- b.表の準同型評価のステップであって、
○x∈Rの場合、集合S={0,…,N-1}内のインデックス
Figure 2021229157000002
 を期待値として有する整数
Figure 2021229157000003
 に対して、暗号文E(encode(x))を暗号文
Figure 2021229157000004
 に変換すること、
○暗号文
Figure 2021229157000005
 と表Tに基づいて、期待値として
Figure 2021229157000006
 を有する要素
Figure 2021229157000007
 に対して、暗号文
Figure 2021229157000008
 を取得すること、

Figure 2021229157000009
 を返すことである、ステップ
および、準同型暗号化アルゴリズムEが、トーラス
Figure 2021229157000010
 に適用されるLWE型の暗号化アルゴリズムで与えられ、平文ネイティブ空間として
Figure 2021229157000011
 を有することを特徴とする、暗号方法。 in digital form by at least one information processing system specifically programmed to perform an approximate homomorphic evaluation of a univariate function f of a real-valued variable x with arbitrary precision in the domain D and with real values in the image I. A cryptographic method that takes as input a ciphertext of the encoding of x, E(encode(x)), and a ciphertext of the encoding of an approximate value of f(x), y≈f(x). returns E'(encode'(y)), where E and E' are homomorphic encryption algorithms, the respective native spaces of their plaintexts are M and M',
- an integer N≧1, which quantifies the actual precision of the representation of the variable at the input of the function f being evaluated;
- an encoding function encode that takes as input an element of region D and associates with it an element of M;
- an encoding function encode' which takes as input an element of image I and associates with it an element of M';
- a discretize function that takes as input an element of M and associates with it an index represented by an integer;
- a homomorphic encryption scheme with an encryption algorithm EH , whose plaintext native space MH has a cardinality of at least N;
- an encoding function encode H that takes an integer as input and returns the elements of M H
parameterized by
As a result, the image of area D by encoding encode and subsequent discretize,
Figure 2021229157000001
 is a set of at most N indices selected from S={0,...,N-1},
-a. precomputing a table corresponding to the univariate function f,
○ Decomposing the region D into N selected subintervals R 0 ,...,R N-1 whose union constitutes D;
○For each index i in S={0,...,N-1}, determine the representative x(i) of subinterval R i , and calculate the value y(i)=f(x(i)) to calculate,
○For 0≦i≦N-1, by returning a table T consisting of N components T[0], ..., T[N-1] where T[i] = y(i). There is a step,
- b. A step of homomorphic evaluation of a table,
○If x∈R i , index in set S={0,...,N-1}
Figure 2021229157000002
 an integer with expected value
Figure 2021229157000003
 , let the ciphertext E(encode(x)) be the ciphertext
Figure 2021229157000004
 to convert into
○Ciphertext
Figure 2021229157000005
 and Table T, as the expected value
Figure 2021229157000006
 element with
Figure 2021229157000007
 For, the ciphertext
Figure 2021229157000008
 to obtain,

Figure 2021229157000009
 The step and homomorphic encryption algorithm E which is to return the torus
Figure 2021229157000010
 given by the LWE-type encryption algorithm applied to the plaintext native space.
Figure 2021229157000011
 An encryption method characterized by having the following. - 評価される関数fの定義域が、実数区間D=[xmin,xmax)で与えられ、
- 領域DをカバーするN個の区間R(0≦i≦N-1に対して)が、半開部分区間
Figure 2021229157000012
 であり、規則的な方法でDを分割することを特徴とする、請求項1に記載の暗号方法。 - The domain of the function f to be evaluated is given by the real number interval D = [x min , x max ),
- N intervals R i (for 0≦i≦N-1) covering region D are half-open subintervals
Figure 2021229157000012
 The cryptographic method according to claim 1, characterized in that D is divided in a regular manner. 集合Sが、整数M≧Nに対する加法群
Figure 2021229157000013
 の部分集合であることを特徴とする、請求項1に記載の暗号方法。 The set S is an additive group for integers M≧N
Figure 2021229157000013
 The cryptographic method according to claim 1, characterized in that it is a subset of .
Figure 2021229157000014
 が、Xで表される単位のM乗の原始根の累乗として乗算的に表され、
Figure 2021229157000015
 の要素iに要素Xが関連付けられるようにし、単位のM乗根のすべて{1,X,…,XM-1}が、(X-1)を法とする乗算について
Figure 2021229157000016
 と同形の群を形成することを特徴とする、請求項3に記載の暗号方法。 group
Figure 2021229157000014
 is expressed multiplicatively as a power of the primitive root of the unit represented by X to the M power,
Figure 2021229157000015
 For the multiplication modulo (X M -1 ) , all the Mth roots of the unit { 1,
Figure 2021229157000016
 4. The cryptographic method according to claim 3, wherein the cryptographic method forms a group isomorphic as . 整数M≧Nによってパラメータ化され、
- エンコーディング関数encodeがトーラスの部分区間
Figure 2021229157000017
 に含まれるその像を有し、
- 離散化関数discretiseが、トーラスの要素tをMを法とする積M×tの丸められた整数に適用し、M×tは
Figure 2021229157000018
 で計算され、数学的な形式で:
Figure 2021229157000019
 ,
Figure 2021229157000020
 であることを特徴とする、請求項1から4のいずれか一項または複数項に記載の暗号方法。 parameterized by an integer M≧N,
- The encoding function encode is a subinterval of a torus
Figure 2021229157000017
 having its image contained in
- The discretization function discretise applies the torus element t to the rounded integer of the product M×t modulo M, where M×t is
Figure 2021229157000018
 Calculated in mathematical form:
Figure 2021229157000019
 ,
Figure 2021229157000020
 An encryption method according to any one or more of claims 1 to 4, characterized in that: 関数fの定義域が実数区間D=[xmin,xmax)であるとき、エンコーディング関数encodeは、
Figure 2021229157000021

Figure 2021229157000022
 であることを特徴とする、請求項5に記載の暗号方法。 When the domain of the function f is the real number interval D = [x min , x max ), the encoding function encode is
Figure 2021229157000021

Figure 2021229157000022
 The encryption method according to claim 5, characterized in that: 準同型暗号化アルゴリズムEがLWE型暗号化アルゴリズムであり、エンコーディング関数encodeが恒等関数であることを特徴とする、請求項1から4のいずれか一項に記載の暗号方法。 5. Encryption method according to claim 1, characterized in that the homomorphic encryption algorithm EH is an LWE encryption algorithm and the encoding function encode H is an identity function. 偶数の整数Mによってパラメータ化され、準同型暗号化アルゴリズムEがRLWE型の暗号化アルゴリズムであり、エンコーディング関数encodeが、
Figure 2021229157000023
 の任意の多項式pに対して、関数
Figure 2021229157000024

Figure 2021229157000025
 であることを特徴とする、請求項1から4のいずれか一項に記載の暗号方法。 parameterized by an even integer M, the homomorphic encryption algorithm E H is an encryption algorithm of the RLWE type, and the encoding function encode H is
Figure 2021229157000023
 For any polynomial p, the function
Figure 2021229157000024

Figure 2021229157000025
 The encryption method according to any one of claims 1 to 4, characterized in that: 2Nに等しい偶数Mによってパラメータ化され、トーラス上のLWE型暗号文
Figure 2021229157000026
 が、
Figure 2021229157000027

Figure 2021229157000028
 を用い、T’[j]=encode’(T[j]),0≦j≦N-1である多項式
Figure 2021229157000029
 に近づくRLWE暗号文から抽出されることを特徴とする、請求項7または8に記載の暗号方法。 LWE type ciphertext on the torus, parameterized by an even number M equal to 2N
Figure 2021229157000026
 but,
Figure 2021229157000027
 of
Figure 2021229157000028
 , and the polynomial T'[j]=encode'(T[j]), 0≦j≦N-1
Figure 2021229157000029
 The encryption method according to claim 7 or 8, wherein the encryption method is extracted from an RLWE ciphertext that approaches . 関数fの像が実数区間I=[ymin,ymax)であるとき、
- 準同型暗号化アルゴリズムE’が、トーラス
Figure 2021229157000030
 に適用されるLWE型の暗号化アルゴリズムによって与えられ、平文のネイティブ空間として
Figure 2021229157000031
 を有し、
- エンコーディング関数encode’が
Figure 2021229157000032

Figure 2021229157000033
 であることを特徴とする、請求項1から4のいずれか一項に記載の暗号方法。 When the image of the function f is in the real number interval I = [y min , y max ),
- The homomorphic encryption algorithm E' is a torus
Figure 2021229157000030
 given by the LWE-type encryption algorithm applied to the plaintext native space.
Figure 2021229157000031
 has
- The encoding function encode' is
Figure 2021229157000032

Figure 2021229157000033
 The encryption method according to any one of claims 1 to 4, characterized in that: 前記近似準同型評価を受ける少なくとも1つの単変数関数は、以下の先行ステップ、
- a.前記多変数関数のそれぞれを、単変数実数値関数の合成と総和からなる単変数関数のネットワークに変換することである事前計算ステップ、
- b.事前計算された単変数関数の前記ネットワークにおいて、3つの型:
- 同じ引数に適用される同じ単変数関数、
- 同じ引数に適用される異なる単変数関数、
- 非ゼロの加算定数だけ異なる引数に適用される同じ単変数関数
のうちの1つの冗長性を識別し、その全部または一部を選択することである事前選択ステップ、
- c.事前計算された単変数関数のネットワークのそれぞれの準同型評価のステップであって、これらの単変数関数のすべてまたは1つ以上の一部が再利用される場合、事前選択ステップで選択された冗長性が共有された方法で評価される、準同型評価のステップ
を実装することにより、少なくとも1つの多変数関数の先行処理から導出されることを特徴とする、請求項1から10のいずれか一項に記載の暗号方法。 The at least one univariate function subjected to said approximate homomorphic evaluation comprises the following preceding steps:
-a. a pre-computation step consisting of converting each of said multivariable functions into a network of univariable functions consisting of compositions and summations of univariate real-valued functions;
- b. In said network of precomputed univariate functions, there are three types:
- the same univariable function applied to the same arguments,
- different univariate functions applied to the same argument,
- the same univariable function applied to arguments that differ by a nonzero additive constant
a pre-selection step, which is identifying the redundancy of one of the and selecting all or part of it ;
- c. In the step of homomorphic evaluation of each network of precomputed univariable functions, if all or part of one or more of these univariable functions are to be reused, the preselection step 11. The method according to claim 1, characterized in that the method is derived from a prior processing of at least one multivariable function by implementing a step of homomorphic evaluation, in which the redundancy of the multivariate function is evaluated in a shared manner. The encryption method described in paragraph (1). 入力暗号化データが、前記準同型暗号化アルゴリズムEの暗号化の暗号文の形式で設定されるように、前の再暗号化ステップから導出されることを特徴とする、請求項1から10のいずれか一項に記載の暗号方法。 11. The method according to claim 1, wherein the input encrypted data is derived from a previous re-encryption step in such a way that the input encrypted data is set in the form of a ciphertext encrypted by the homomorphic encryption algorithm E. The encryption method described in any one of the paragraphs. 請求項1から請求項12のいずれか一項または複数項に記載の準同型評価暗号方法を実装するようにプログラムされていることを特徴とする、情報処理システム。 An information processing system, characterized in that it is programmed to implement the homomorphic evaluation encryption method according to any one or more of claims 1 to 12. 請求項13に記載の情報処理システムにロードされて実装されることを意図した、コンピュータプログラム。 A computer program intended to be loaded and implemented on the information processing system according to claim 13. タスクが、データ所有者と、デジタル処理サービスプロバイダとして機能する1つ以上の第三者との間で共有される、請求項1から14のいずれか一項または複数項に記載の暗号方法を実装した、クラウドコンピューティング型リモートサービス。 Implementing a cryptographic method according to any one or more of claims 1 to 14, wherein the task is shared between a data owner and one or more third parties acting as digital processing service providers. A cloud computing remote service.
JP2022569135A 2020-05-14 2021-05-14 Cryptographic methods, systems, and services for evaluating univariate or multivariate real-valued functions on encrypted data Pending JP2023525159A (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
FR2004772 2020-05-14
FR2004772A FR3110311B1 (en) 2020-05-14 2020-05-14 evaluation of real-valued functions on encrypted data
PCT/FR2021/000050 WO2021229157A1 (en) 2020-05-14 2021-05-14 Cryptographic method, systems and services for assessing univariate or multivariate true value functions on encrypted data

Publications (2)

Publication Number Publication Date
JP2023525159A JP2023525159A (en) 2023-06-14
JPWO2021229157A5 true JPWO2021229157A5 (en) 2024-03-25

Family

ID=74347116

Family Applications (2)

Application Number Title Priority Date Filing Date
JP2022569135A Pending JP2023525159A (en) 2020-05-14 2021-05-14 Cryptographic methods, systems, and services for evaluating univariate or multivariate real-valued functions on encrypted data
JP2022569449A Pending JP2023526313A (en) 2020-05-14 2021-05-14 Cryptographic methods, systems, and services for evaluating real-valued functions of encrypted data

Family Applications After (1)

Application Number Title Priority Date Filing Date
JP2022569449A Pending JP2023526313A (en) 2020-05-14 2021-05-14 Cryptographic methods, systems, and services for evaluating real-valued functions of encrypted data

Country Status (9)

Country Link
US (2) US20230291540A1 (en)
EP (2) EP4150853A1 (en)
JP (2) JP2023525159A (en)
KR (2) KR20230011985A (en)
CN (2) CN116134782A (en)
CA (1) CA3183278A1 (en)
FR (1) FR3110311B1 (en)
IL (2) IL298173A (en)
WO (2) WO2021229156A1 (en)

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8630422B2 (en) 2009-11-10 2014-01-14 International Business Machines Corporation Fully homomorphic encryption method based on a bootstrappable encryption scheme, computer program and apparatus
US11087223B2 (en) * 2018-07-11 2021-08-10 International Business Machines Corporation Learning and inferring insights from encrypted data

Similar Documents

Publication Publication Date Title
US11843687B2 (en) Systems, devices, and processes for homomorphic encryption
JP5957918B2 (en) Method and apparatus for tree-based classification using encryption techniques
Chen et al. Homomorphic lower digits removal and improved FHE bootstrapping
Liu et al. Efficient and privacy-preserving outsourced calculation of rational numbers
CN1171682A (en) Data encrypting method and equipment
Caminata et al. Solving multivariate polynomial systems and an invariant from commutative algebra
Aguilar Melchor et al. A comparison of the homomorphic encryption libraries HElib, SEAL and FV-NFLlib
CN108718231A (en) A kind of full homomorphic cryptography method, apparatus and computer readable storage medium
CN115276947A (en) Privacy data processing method, device, system and storage medium
CN108282328A (en) A kind of ciphertext statistical method based on homomorphic cryptography
Sokouti et al. Genetic-based random key generator (GRKG): a new method for generating more-random keys for one-time pad cryptosystem
Carlton et al. Threshold properties of prime power subgroups with application to secure integer comparisons
Vidhya et al. A novel dynamic chaotic image encryption using butterfly network topology based diffusion and decision based permutation
JPWO2021229157A5 (en) Cryptographic methods, systems, and services for evaluating real-valued functions on encrypted data
Gopalakrishnan et al. IMAGE ENCRYPTION IN BLOCK-WISE WITH MULTIPLE CHAOTIC MAPS FOR PERMUTATION AND DIFFUSION.
US20210194669A1 (en) Cryptographic processing method, associated electronic device and computer program
CN115525817A (en) Aggregation query method, system, electronic device and computer storage medium
JPWO2021229156A5 (en) Cryptographic methods, systems, and services for evaluating univariate or multivariate real-valued functions on encrypted data
Babenko et al. Experimental evaluation of homomorphic comparison methods
Bugeaud et al. ‐PARTS OF TERMS OF INTEGER LINEAR RECURRENCE SEQUENCES
US20240039693A1 (en) Encryption processing device, encryption processing method, and encryption processing program
WO2022185391A1 (en) Random number generation system, random number generation device, random number generation method, and program
Avramenko et al. Cryptosystem based on a key function of a real variable
US11552794B2 (en) Deterministic random blinding
Krendelev et al. Secure database using order-preserving encryption scheme based on arithmetic coding and noise function