TWI826863B - The design method of public-key system in qap-based homomorphic encryption - Google Patents
The design method of public-key system in qap-based homomorphic encryption Download PDFInfo
- Publication number
- TWI826863B TWI826863B TW110142063A TW110142063A TWI826863B TW I826863 B TWI826863 B TW I826863B TW 110142063 A TW110142063 A TW 110142063A TW 110142063 A TW110142063 A TW 110142063A TW I826863 B TWI826863 B TW I826863B
- Authority
- TW
- Taiwan
- Prior art keywords
- key
- operator
- bit
- encryption
- homomorphic encryption
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 40
- 238000013461 design Methods 0.000 title abstract description 7
- 238000004364 calculation method Methods 0.000 claims abstract description 50
- 238000005192 partition Methods 0.000 claims abstract description 9
- 101001056699 Homo sapiens Intersectin-2 Proteins 0.000 claims description 8
- 101000654583 Homo sapiens Splicing factor, suppressor of white-apricot homolog Proteins 0.000 claims description 8
- 102100025505 Intersectin-2 Human genes 0.000 claims description 8
- 208000011580 syndromic disease Diseases 0.000 claims description 3
- 238000012937 correction Methods 0.000 claims description 2
- 230000000717 retained effect Effects 0.000 claims description 2
- 239000002096 quantum dot Substances 0.000 abstract description 6
- 238000007429 general method Methods 0.000 abstract description 3
- 230000002441 reversible effect Effects 0.000 abstract 2
- 230000001419 dependent effect Effects 0.000 abstract 1
- 238000005457 optimization Methods 0.000 abstract 1
- 239000011159 matrix material Substances 0.000 description 6
- 238000010586 diagram Methods 0.000 description 3
- 239000000654 additive Substances 0.000 description 2
- 230000000996 additive effect Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 238000012827 research and development Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000012552 review Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
- Complex Calculations (AREA)
Abstract
一種QAP型式同態加密中的公鑰系統設計的方法,主要係利用商代數分割QAP(Quotient Algebra Partition,簡稱QAP)的代數結構上,透過QAP型式量子容錯計算(QAP-based Fault Tolerance Quantum Computation)的通用方法,當進行加密過程前,先利用QAP(Quotient Algebra Partition)架構,進行同態加密HE(Homomorphic Encryption,簡稱HE)計算時,需選擇一個量子編碼(quantum code)使該量子編碼(quantum code)為一個商代數分割QAP(Quotient Algebra Partition)的代數結構,於此結構上建構加密所需編碼算子(encoding)以及產生巨量的隨機(random)可修正之錯誤(correctable error),在適當的位元置換算子(qubit permutation)的裝飾下,可產生加密資料所需要的公鑰(public key)、解密所需的私鑰(private key),以及執行HE(Homomorphic Encryption)計算所需要的運算子。而在執行過程中的加密(Encryption)、計算(Computation)以及解密(Decryption),皆由有限數量的基本閘(elementary gate)所組成的電路(circuit)完成;而該基本閘(basic gate)包括spinor、CNOT、Toffoli gate、SWAP、Controlled SWAP、Multi-Control Gate。由於每一個基本閘都是可於目前傳統電腦或未來量子電腦上實現的可逆閘(invertible gate),計算結果為精確(Exact)而非近似解;並能自然地達成所謂完全同態加密(fully HE);可逆閘的特性提供了單向函數(one-way function)的 設計而有效地遮蔽(blind)計算過程,使得執行運算的雲端機器與駭客也無法偷取計算型態;而該基本可逆閘龐大的排列組合方式,還可依問題將計算進一步最佳化者(problem-dependent optimization)。 A method of designing a public key system in QAP-type homomorphic encryption, which mainly uses the algebraic structure of QAP (Quotient Algebra Partition, QAP) divided by quotient algebra, through QAP-based Fault Tolerance Quantum Computation. The general method is to use the QAP (Quotient Algebra Partition) architecture to perform homomorphic encryption HE (Homomorphic Encryption, HE) calculations before performing the encryption process. You need to select A quantum code makes the quantum code an algebraic structure of QAP (Quotient Algebra Partition). On this structure, the encoding operator (encoding) required for encryption is constructed and a huge amount of randomness is generated. A (random) correctable error, decorated with appropriate bit permutation operators (qubit permutation), can generate the public key required to encrypt data and the private key required to decrypt it. key), and the operators required to perform HE (Homomorphic Encryption) calculations. The encryption, computation and decryption during the execution process are all completed by a circuit composed of a limited number of elementary gates; and the basic gate includes spinor, CNOT, Toffoli gate, SWAP, Controlled SWAP, Multi-Control Gate. Since each basic gate is an invertible gate that can be implemented on current traditional computers or future quantum computers, the calculation result is an exact (Exact) rather than an approximate solution; and can naturally achieve the so-called fully homomorphic encryption (fully homomorphic encryption). HE); the characteristics of the reversible gate provide a one-way function design to effectively blind the calculation process, so that the cloud machines and hackers performing the calculation cannot steal the calculation type; and this basic The huge array and combination of reversible gates can further optimize the calculation according to the problem (problem-dependent optimization).
Description
本發明係關於一種QAP型式同態加密中的公鑰系統設計的方法,尤指一種資料接收者(data receiver)與資料傳送者(data sender)可在彼此不須交流(communication)的情況下完成所謂的同態加密(Homomorphic Encryption,簡稱HE),即利用商代數分割QAP(Quotient Algebra Partition)的代數結構,經由QAP型式量子容錯計算(QAP-based Fault Tolerance Quantum Computation)的通用方法,對敏感資料進行加密(encryption),並直接對加密資料進行處理,再經解密(decryption)獲致處理結果,而完成所謂同態加密(Homomorphic Encryption)的流程。當進行加密過程前,先利用QAP(Quotient Algebra Partition)架構,進行同態加密HE(Homomorphic Encryption,簡稱HE)計算時,先選擇了一個量子編碼(quantum code)後,明文(plaintext)就會被編碼成長度較長並且具有受可修正錯誤(correctable error)汙染的密文(ciphertext)之特徵;運算(arithmetic operation)則同時被編碼以及利用單向函數(one-way function)概念建構成完全遮蔽(Blind)的運算子,而該運算子具有可修正密文上的錯誤之特徵。而所有操作過程皆由希爾伯特空間(Hilbert space)中經精巧設計的可逆閘(invertible gate)完成,計算結果為精確(Exact)而非近似解,可避免不必要的計算支出,並能透過量子演算法設計的概念,可依問題來進行優化計算 (Problem-Dependent Optimized Computation),實為一獨特、創新且具經濟效益之發明。 The present invention relates to a method of designing a public key system in QAP type homomorphic encryption, in particular to a method in which a data receiver and a data sender can be completed without communicating with each other. The so-called Homomorphic Encryption (HE) uses the algebraic structure of Quotient Algebra Partition (QAP) to encrypt sensitive data through the general method of QAP-based Fault Tolerance Quantum Computation. Perform encryption, directly process the encrypted data, and then obtain the processing result through decryption to complete the so-called homomorphic encryption process. Before performing the encryption process, the QAP (Quotient Algebra Partition) architecture is first used to perform homomorphic encryption HE (Homomorphic Encryption, HE) calculations. After a quantum code is first selected, the plaintext will be encoded into a ciphertext that is longer and has the characteristics of a ciphertext contaminated by correctable errors; the arithmetic operation is At the same time, it is encoded and constructed using the concept of one-way function to form a completely blind operator, and this operator has the characteristics of being able to correct errors in the ciphertext. All operation processes are completed by the exquisitely designed invertible gate in Hilbert space. The calculation result is an exact (Exact) rather than an approximate solution, which can avoid unnecessary calculation expenditure and can be solved through The concept of quantum algorithm design can perform Problem-Dependent Optimized Computation (Problem-Dependent Optimized Computation), which is actually a unique, innovative and cost-effective invention.
按,科技的進步,產業的發展,由其是數位時代的來臨,任何在網路下之明文,均希望在傳送的過程中可以絕對達到保密狀態之外,更希望在解密的過程中也可達到全程保密,然現行同態加密HE(Homomorphic Encryption,簡稱HE),採取於lattice-based後量子密碼上實現同態加密HE(Homomorphic Encryption)計算,執行運算過程中加密資料會產生一定比例的雜訊(noise),須於每次運算後進行降低雜訊的影響,以免計算結果誤差過大。也就是說,這過程相當於以逼近方式求得近似解(approximated solutions),並且為了減噪須付出極為昂貴的計算代價(overhead),這代表目前同態加密HE(Homomorphic Encryption)的實現方式相當具侷限性,且在執行同態加密HE(Homomorphic Encryption)計算所使用的演算法與運算子,均會於計算過程中洩露出來。所以如何在解密的結果是精確而非近似,並可在解密的過程中也可達到全程保密,具有避免不必要的計算支出,並可依問題不同,進行優化計算(Problem-Dependent Optimized Computation)設計,以獲致最低資源耗費,則是研發人員或業界極欲朝向的方向。 According to the advancement of science and technology, the development of industry, and the advent of the digital age, any plain text on the Internet is expected to be absolutely confidential during the transmission process. It is also hoped that it can be decrypted during the process. To achieve full confidentiality, the current homomorphic encryption HE (Homomorphic Encryption, referred to as HE) is based on lattice-based post-quantum cryptography to implement homomorphic encryption HE (Homomorphic Encryption) calculations. During the execution of the operation, the encrypted data will generate a certain proportion of noise. Noise must be reduced after each calculation to avoid excessive errors in calculation results. In other words, this process is equivalent to obtaining approximate solutions (approximated solutions) by approximation, and an extremely expensive computational cost (overhead) is required to reduce noise. This means that the current implementation of homomorphic encryption HE (Homomorphic Encryption) is quite It has limitations, and the algorithms and operators used in performing homomorphic encryption HE (Homomorphic Encryption) calculations will be leaked during the calculation process. Therefore, how can the decryption result be accurate rather than approximate, and the whole process of decryption can be kept confidential? This can avoid unnecessary calculation expenses, and carry out optimized calculation (Problem-Dependent Optimized Computation) design according to different problems. , in order to obtain the lowest resource consumption, is the direction that R&D personnel or the industry are eager to move towards.
有鑑於此,本案發明人遂依其多年從事相關領域之研發經驗,針對前述之需求進行深入探討,並依前述需求積極尋求解決之道,歷經長時間的努力研究與多次測試,終於完成本發 明,是以解決習用之缺點並增進其所未有的進步性與實用性。 In view of this, the inventor of this case conducted in-depth discussions on the above-mentioned needs based on his many years of research and development experience in related fields, and actively sought solutions based on the above-mentioned needs. After a long period of hard research and multiple tests, he finally completed this project. send It is clear that it solves the shortcomings of conventional use and enhances its unprecedented progress and practicality.
緣此,本發明之主要目的在於,係在提供一種「QAP型式同態加密中的公鑰系統設計的方法」,主要係利用QAP(Quotient Algebra Partition)架構,當要進行同態加密HE(Homomorphic Encryption)計算時,選擇了一個量子編碼(quantum code)後,即,則明文(plaintext)就會被編碼成長度較長,並且具有受可修正錯誤(correctable error)汙染的密文(ciphertext)之特徵;運算(arithmetic operation),則會被編碼成完全遮蔽(Blind)的運算子狀態,而該運算子具有可修正密文上的錯誤之特徵,進而使計算過程中之加密(Encryption)、計算(Computation)以及解密(Decryption)均可達到遮蔽計算過程,還可達成對資料處理的全程保密,且結果為精確(Exact)而非近似解,可避免不必要的計算支出者。 Therefore, the main purpose of the present invention is to provide a "public key system design method in QAP type homomorphic encryption", which mainly uses the QAP (Quotient Algebra Partition) architecture. When homomorphic encryption HE (Homomorphic) is to be performed Encryption) calculation, after selecting a quantum code (quantum code), that is, the plaintext (plaintext) will be encoded into a longer length and has a ciphertext (ciphertext) contaminated by correctable errors. Characteristics; the arithmetic operation will be encoded into a completely blind operator state, and this operator has the characteristics of being able to correct errors in the ciphertext, thereby enabling encryption and calculation in the calculation process. (Computation) and decryption (Decryption) can both mask the calculation process, and can also achieve confidentiality of the entire data processing process, and the result is an exact (Exact) rather than an approximate solution, which can avoid unnecessary calculation expenses.
本發明之次要目的在於,係在提供一種「QAP型式同態加密中的公鑰系統設計的方法」,使得本案計算結果為精確(Exact)而非近似解之方法,係利用希爾伯特空間(Hilbert space)中經精巧設計的可逆閘(invertible gate)來進行計算,而該可逆閘(invertible gate)包括spinor、SWAP、CNOT、Toffoli gate、Controlled SWAP、Multi-Control Gate者。 The secondary purpose of the present invention is to provide a "method for designing a public key system in QAP-type homomorphic encryption" so that the calculation result of this case is an exact (Exact) rather than an approximate solution. This method uses Hilbert Calculation is performed using a well-designed invertible gate in Hilbert space, which includes spinor, SWAP, CNOT, Toffoli gate, Controlled SWAP, and Multi-Control Gate.
本發明之又要目的在於,係在提供一種「QAP型式同態加密中的公鑰系統設計的方法」,所執行運算(arithmetic operation)則同時被編碼以及利用單向函數(one-way function)概念建構成完全遮蔽(Blind)的運算子,而該運算子具有可修正密文上的錯誤之特徵。 Another important object of the present invention is to provide a "method for designing a public key system in QAP-type homomorphic encryption", in which the arithmetic operation is simultaneously encoded and uses a one-way function. The concept is constructed as a completely blind operator, and this operator has the characteristics of being able to correct errors in the ciphertext.
本發明之再要目的在於,係在提供一種「QAP型式同 態加密中的公鑰系統設計的方法」,致使利用本發明之方法的同時還具有可依問題不同進行優化計算(Problem-Dependent Optimized Computation)設計,獲致最低資源耗費之特點。 Another important object of the present invention is to provide a "QAP type and "A method for designing a public key system in static encryption", so that when using the method of the present invention, it also has the characteristics of performing an optimized calculation (Problem-Dependent Optimized Computation) design according to different problems, and obtaining the lowest resource consumption.
1:| x 〉明文(plaintext) 1:| x 〉plaintext
2:(V Q en ,) 2:( VQ en , )
3: 3:
4:U en |ψ en 〉 4: U en | ψ en 〉
5: 5:
6:資料接收者(Alice) 6: Data recipient (Alice)
7:資料提供者(Bob) 7:Information provider (Bob)
8:Key pub 8:Key pub
9:Key priv 9:Key private
10:cloud 10:cloud
11:Spinor 11: Spinor
12:CNOT 12:CNOT
13:Toffoli gate 13:Toffoli gate
14:SWAP 14:SWAP
15:CSWAP(Controlled SWAP) 15:CSWAP(Controlled SWAP)
16:Multi-Control gate 16:Multi-Control gate
第1圖:係本發明之操作流程示意圖。 Figure 1: is a schematic diagram of the operation flow of the present invention.
第2圖:係本發明實際操作於加密、計算以及解密之作動流程圖。 Figure 2 is a flow chart of the actual operation of encryption, calculation and decryption of the present invention.
第3圖:係本發明演算法所使用之基本閘之示意圖。 Figure 3: is a schematic diagram of the basic gate used by the algorithm of the present invention.
為期使對於本發明之目的、功效以及構造特徵能有更詳細明確的瞭解,茲舉出如下述之較佳實施例並配合圖式說明如後。 In order to have a more detailed and clear understanding of the purpose, effect and structural features of the present invention, the following preferred embodiments are enumerated and described below with reference to the drawings.
首先請參閱第1圖所示,本發明係為一種QAP型式同態加密中的公鑰系統設計的方法,主要係利用商代數分割QAP(Quotient Algebra Partition)的代數結構,透過QAP型式量子容錯計算(QAP-based Fault Tolerance Quantum Computation)的通用方法,當進行加密(Encryption)、計算(Computation)以及解密(Decryption)前,先利用QAP(Quotient Algebra Partition)架構,進行同態加密HE(Homomorphic Encryption,簡稱HE),計算時,可以先選擇了一個量子計算中的k量子位元態(k-qubit state),即| x 〉(1),亦即於此密碼系統中以k位元二進位字串(binary string)表示,並代表為明文(plaintext),此明文表示成加法群(additive group)中的一個元素,也可視為維度(dimension)等於2 k 的向量(vector);例如,k=3位元明文 | x 〉=|100〉為加法群中的一個元素,視為維度等於23的一個向量。 First of all, please refer to Figure 1. The present invention is a method of designing a public key system in QAP type homomorphic encryption. It mainly uses quotient algebra to divide the algebraic structure of QAP (Quotient Algebra Partition), and calculates QAP quantum fault tolerance through QAP type quantum fault tolerance. The general method of (QAP-based Fault Tolerance Quantum Computation), before performing encryption (Encryption), calculation (Computation) and decryption (Decryption), first use the QAP (Quotient Algebra Partition) architecture to perform homomorphic encryption HE (Homomorphic Encryption, (referred to as HE), when calculating, you can first select a k -qubit state ( k -qubit state) in quantum computing, that is, | Represented by a binary string and represented as plaintext, this plaintext is represented by an additive group. An element in can also be regarded as a vector with a dimension equal to 2 k ; for example, k =3-bit plaintext | x 〉=|100〉 is an additive group An element in is regarded as a vector with dimensions equal to 2 3 .
當要進行加密(Encryption)過程,而要獲得較長編碼之密文(ciphertext)即符號|ψ en 〉時,由於加密程序中又再分為鑰匙生成(key generation)與編碼(encoding)之步驟,而鑰匙生成Key Generation的步驟會產生加密資料所需要的公鑰(public key)Key pub 與解密所需的私鑰(private key)Key priv ,在此密碼系統中的公鑰(public key)可寫成式子,即k量子位元態(k-qubit state),即| x 〉(1)為明文(plaintext),經由加密資料所需要的公鑰(public key)式子計算,即可得到密文(ciphertext)即符號|ψ en 〉,而密碼系統中的公鑰(public key)式子(),其中Q en 代表編碼算子(encoding)、V為位元置換算子(qubit permutation),皆可表示為2 n ×2 n 的矩陣(matrix)或以基本閘(basic gates)組成(請配合參閱第3圖所示);為錯誤算子的隨機產生器(random error generator),可從指數級(exponential)數量的選擇中任意產生一個錯誤算子,此錯誤算子為一個自旋算子(spinor),亦可表示成2 n ×2 n 的矩陣或以基本閘組成。 When the encryption process is to be carried out and a longer encoded ciphertext, that is, the symbol | ψ en 〉 is to be obtained, the encryption procedure is further divided into key generation and encoding steps. , and the key generation step will generate the public key (public key) Key pub required for encrypting the data and the private key (private key) Key priv required for decryption. The public key (public key) in this cryptosystem can written as The formula is the k -qubit state, that is, | (ciphertext) is the symbol | ψ en 〉, and the public key (public key) formula in the cryptosystem ( ), where Q en represents the encoding operator (encoding) and V represents the qubit permutation operator (qubit permutation), both of which can be expressed as a 2 n × 2 n matrix (matrix) or composed of basic gates (please Please refer to Figure 3 for details); It is a random error generator that can generate an error operator arbitrarily from an exponential number of choices. , this error operator is a spin operator, which can also be expressed as a 2 n × 2 n matrix or composed of basic gates.
所以當加密過程而得到符號式子(3)時,則該向量|ψ en 〉符號,即是代表經過加密後的密文(ciphertext),而為三個算子的相乘,n位元字串|0〉| x 〉等於n-k位元的全零字串(zero string)|0〉以及k位元字串| x 〉的直積(tensor product);例如,n=5,k=3,| x 〉=111,。 So when the encryption process is performed, the symbolic formula is obtained (3), then the vector | ψ en 〉 symbol represents the encrypted ciphertext, and is the multiplication of three operators, n -bit string | 0 〉 | x 〉 is equal to the tensor product of n - k -bit zero string | 0 〉 and k -bit string | =111, .
當要接著進行計算(Computation)過程時,利用執行同態加密HE(Homomorphic Encryption)計算的算子U en ,並作用於經過加密後的密 文(ciphertext)|ψ en 〉符號,再給定一個計算算子M,由於U en 為執行同態加密HE(Homomorphic Encryption)計算的算子,為k位元算子M(表示為2 k ×2 k 矩陣或以基本閘組成)的編碼算子,可表示成2 n ×2 n 的矩陣或以基本閘組成;U en |ψ en 〉表示算子U en 作用於密文|ψ en 〉上,結果仍為一個n位元字串,進而得到U en |ψ en 〉(4)之符號式子。 When proceeding with the calculation process, the operator U en that performs homomorphic encryption HE (Homomorphic Encryption) calculation is used, and acts on the encrypted ciphertext (ciphertext) | ψ en 〉 symbol, and then gives a Calculation operator M, since U en is an operator that performs homomorphic encryption HE (Homomorphic Encryption) calculations and is the encoding operator of k -bit operator M (expressed as a 2 k × 2 k matrix or composed of basic gates), It can be expressed as a 2 n _ _ _ _ en | ψ en 〉(4) symbolic formula.
最後,當要接著進行解密(Decryption)過程時,即U en |ψ en 〉(4)之符號式子進行解密(Decryption),而在解密(Decryption)時則由一開始於加密過程中之鑰匙生成Key Generation的步驟所產生之解密所需的私鑰Key priv =A† P †進行解碼,如下式所示,,|λ〉為n-k位元的徵狀態(syndrome state),其它部份為最後結果M| x 〉,此時A† P †代表此密碼系統的私鑰(private key),由算子A†與P †相乘所得(此二算子各別可表示成2 n ×2 n 的矩陣或以基本閘組成),|λ〉為n-k位元字串,M| x 〉為k位元字串(代表未加密的原始計算)。 Finally, when the decryption process is to be continued, that is, the symbolic formula of U en | ψ en 〉(4) is used to decrypt (Decryption), and when decrypting (Decryption), the key from the beginning of the encryption process is used. The private key required for decryption generated by the Key Generation step is Key priv =A P for decoding, as shown in the following formula: , | λ 〉 is the syndrome state of n - k bits, and the other parts are the final result M | A is obtained by multiplying P (these two operators can each be expressed as a 2 n × 2 n matrix or composed of basic gates), | λ 〉 is an n - k bit string, M | x 〉 is k Bit string (representing the unencrypted raw computation).
請參閱第2圖所示,係為本發明實際應用於操作加密(Encryption)、計算(Computation)以及解密(Decryption)之作動流程圖,其步驟如下:步驟1:加密(Encryption),先由資料接收者(Alice)(6),選擇一個量子編碼[n,k,C](結構上為一個QAP;n>k),於加密(Encryption)程序中,又再分為鑰匙生成(key generation)與編碼(encoding)二個程序。而在鑰匙生成(key generation)的程序中,則會產生加密資料所需要的公鑰(public key)Key pub (8)(如第2圖中之①流程)與解密所需的私鑰(private key)Key priv (9),其中該公鑰(public key)(8)提供修飾編碼算子(modified encoding)VQ en 以及隨機產生的修飾錯誤算子(modified error) ,可寫成式子為並傳送至資料提供者(Bob)(7)(如第2圖中之②流程),Q en 為n位元編碼算子(encoding),V為n位元置換算子(permutation),為錯誤算子生成器(error generator),而私鑰(private key)Key priv (9)可寫成式子為Key priv =A† P †,它為兩個n位元算子A†與P †的相乘,用於解密程序;此時加密資料所需要的公鑰(public key)Key pub (8)可發佈於公開空間供任何人索取以進行明文(plaintext)加密,解密所需的私鑰(private key)Key priv (9)則由資料接收者(Alice)(6)保留用於計算後的密文(ciphertext)的解密。而在編碼(encoding)的程序中,資料提供者(Bob)(7)提供明文(plaintext)| x 〉,進行同態加密HE(Homomorphic Encryption)的計算,先利用空白態|0〉與| x 〉組合成n位元量子態|0〉| x 〉,再根據公鑰Key pub 中錯誤算子生成器所隨機產生的錯誤算子,資料提供者(Bob)(7)將|0〉| x 〉編碼成n位元密文,亦即當資料提供者(Bob)(7)欲加密長度為k量子位元(k-qubit)敏感資料(明文(plaintext))| x 〉,先利用長度為n-k量子位元的空白態(blank state)|0〉,將明文| x 〉寫成長度為n的表示式|0〉| x 〉(依然是明文)。接著由公鑰提供修飾編碼算子(modified encoding)VQ en 以及隨機產生的修飾錯誤算子(modified error),並經由算式得到編碼量子態(encoded state)|ψ en 〉(密文)。此時資料提供者(Bob)(7)會將密文|ψ en 〉傳送cloud(計算資源提供者)(如第2圖中之③流程)。 Please refer to Figure 2, which is a flow chart of the present invention actually applied in operating encryption, computation and decryption. The steps are as follows: Step 1: Encryption, first by data The receiver (Alice) (6) selects a quantum code [ n , k , C] (structurally a QAP; n > k ), which is further divided into key generation in the encryption program. and encoding (encoding) two procedures. In the key generation program, the public key Key pub (8) required to encrypt the data (such as the ① process in Figure 2) and the private key required for decryption will be generated. key)Key priv (9), where the public key (8) provides a modified encoding operator (modified encoding) VQ en and a randomly generated modified error operator (modified error) , which can be written as And sent to the data provider (Bob) (7) (as shown in the ② process in Figure 2), Q en is the n -bit encoding operator (encoding), V is the n- bit permutation operator (permutation), is the error generator (error generator), and the private key Key priv (9) can be written as Key priv =A P , which is two n -bit operators A and P The multiplication is used for the decryption program; at this time, the public key Key pub (8) required to encrypt the data can be published in the public space for anyone to request for plaintext encryption, and the private key required for decryption The (private key)Key priv (9) is retained by the data recipient (Alice) (6) for decryption of the calculated ciphertext. In the encoding program , the data provider (Bob) (7) provides plaintext ( plaintext ) | 〉Combined into n- bit quantum state | 0 〉 | x 〉, and then based on the error operator generator in the public key Key pub Randomly generated error operator , the data provider (Bob) (7) will | 0 〉 | x 〉encoded into n- bit ciphertext , that is , when the data provider (Bob) (7) wants to encrypt sensitive data ( plaintext ) | State (blank state) | 0 〉, write the plaintext | x 〉 as an expression of length n | 0 〉 | x 〉 (still plain text). Then the public key provides the modified encoding operator (modified encoding) VQ en and the randomly generated modified error operator (modified error) , and through the formula Obtain the encoded quantum state (encoded state) | ψ en 〉 (ciphertext). At this time, the data provider (Bob) (7) will send the ciphertext | ψ en 〉 to the cloud (computing resource provider) (as shown in the ③ process in Figure 2).
步驟2:計算(Computation),給定任意k位元計算算子M,輸出可於加密態|ψ en 〉上執行的。先將k位元算子M表示成n位元算子,此表示為n-k位元單位算子與k位元算子M的直積 (tensor product)。此時資料接收者(Alice)(6)產生同態加密HE(Homomorphic Encryption)計算算子U en 的指示,其形式如下: Step 2: Computation. Given any k -bit calculation operator M , the output can be performed on the encrypted state | ψ en 〉. First, express the k -bit operator M as an n- bit operator , which is expressed as the direct product (tensor product) of the n - k -bit unit operator and the k -bit operator M. At this time, the data receiver (Alice) (6) generates instructions for the homomorphic encryption HE (Homomorphic Encryption) calculation operator U en , which has the following form:
接著資料接收者(Alice)(6)將編碼後的計算指示(instruction)U en 提供予雲端cloud(10)(如第2圖中之④流程),再由雲端cloud(10)接收計算指示,並執行計算U en |ψ en 〉。 Then the data receiver (Alice) (6) provides the encoded calculation instruction (instruction) U en to the cloud (10) (as shown in the ④ process in Figure 2), and then the cloud (10) receives the calculation instruction. And perform the calculation U en | ψ en 〉.
步驟3:解密(Decryption),先由雲端cloud(10)執行同態加密HE(Homomorphic Encryption)計算U en |ψ en 〉,並將此加密的計算結果傳送至資料接收者(Alice)(6)(如第2圖中之⑤流程),接著由資料接收者(Alice)(6)以私鑰Key priv =A† P †進行解碼,如下式所示,;|λ〉為n-k位元的徵狀態(syndrome state)。接著將此加密的計算結果傳送至資料接收者(Alice)(6),接著由資料接收者(Alice)(6)以私鑰Key priv 進行解密Key priv U en |ψ en 〉而得到最後答案(M| x 〉)。 Step 3: Decryption, first the cloud (10) performs homomorphic encryption HE (Homomorphic Encryption) calculation U en | ψ en 〉, and transmits the encrypted calculation result to the data recipient (Alice) (6) (Such as the ⑤ process in Figure 2), then the data receiver (Alice) (6) uses the private key Key priv =A † P † to decode, as shown in the following formula, ; | λ 〉 is the syndrome state of n - k bits. Then the encrypted calculation result is sent to the data receiver (Alice) (6), and then the data receiver (Alice) (6) uses the private key Key priv to decrypt Key priv U en | ψ en 〉 to obtain the final answer ( M | x 〉).
請參閱第3圖所示,係為本發明演算法所使用之基本閘之示意圖,其中該Spinor(11):n位元自旋算子(spinor) 由n個單位元自旋算子的張量積(tensor product)所組成,ζ,α且ε j ,a j Z 2,每個單位元自旋算子,1 j n,可表示成2×2的矩陣;單位元自旋算子可將單位元字串(single-bit string)b j 轉成b j ♁a j ,其中♁代表邏輯XOR運算(也就是,0♁0=0=1♁1,0♁1=1=1♁0)。 Please refer to Figure 3, which is a schematic diagram of the basic gate used in the algorithm of the present invention, in which the Spinor (11): n -bit spin operator (spinor) It is composed of the tensor product of n unit spin operators, ζ,α And ε j , a j Z 2 , each unit element spin operator ,1 j n , can be expressed as a 2×2 matrix; unit element spin operator The single-bit string b j can be converted into b j ♁ a j , where ♁ represents the logical XOR operation (that is, 0♁0=0=1♁1,0♁1=1=1♁ 0).
CNOT(12):為二位元邏輯閘運算;給定一個二位元字串a i a j ,其中a i 為控制位元(control bit)而a j 為目標位元(target bit),CNOT於a i a j 上的計算為a i 不變,a j 轉變成a j ♁a i 。 CNOT(12): It is a two-bit logic gate operation; given a two-bit string a i a j , where a i is the control bit (control bit) and a j is the target bit (target bit), CNOT The calculation on a i a j is that a i remains unchanged, and a j is transformed into a j ♁ a i .
Toffoli gate(13):為三位元邏輯閘運算;給定一個三位元字串a i a j a l ,其中a i 與a j 為控制位元而a l 為目標位元,Toffoli gate於a i a j a l 上的計算為a i 與a j 不變,a l 轉變成a l ♁(a i ∧a j ),其中∧代表邏輯AND運算。 Toffoli gate(13): It is a three-digit logic gate operation; given a three-digit string a i a j a l , where a i and a j are the control bits and a l is the target bit, Toffoli gate is The calculation on a i a j a l is that a i and a j remain unchanged, and a l is transformed into a l ♁( a i ∧ a j ), where ∧ represents the logical AND operation.
SWAP(14):為二位元邏輯閘運算;給定一個二位元字串a i a j ,SWAP閘將位元a i 與a j 位置對調,產生字串a j a i 。 SWAP(14): It is a two-bit logic gate operation; given a two-bit string a i a j , the SWAP gate swaps the positions of bits a i and a j to generate the string a j a i .
CSWAP(Controlled SWAP)(15):為三位元邏輯閘運算;給定一個三位元字串a i a j a l ,其中a i 為控制位元而a j 與a l 為目標位元,CSWAP於a i a j a l 上的計算為a i 不變,a j 轉變成(a j ∧)♁(a j ∧a i ),a l 轉變成(a l ∧)♁(a l ∧a i ),其中為原位元a i 的否定(negation;,)。 CSWAP (Controlled SWAP)(15): It is a three-digit logic gate operation; given a three-digit string a i a j a l , where a i is the control bit and a j and a l are the target bits, The calculation of CSWAP on a i a j a l is that a i remains unchanged, and a j is transformed into ( a j ∧ )♁( a j ∧ a i ), a l transforms into ( a l ∧ )♁( a l ∧ a i ), where is the negation of the original element a i ; , ).
Multi-Control gate(16):為n位元邏輯閘運算;給定一個n位元字串a 1 a 2…a p a p+1…a n ,在一個multi-control p-gate的作用之下,若前p個位元a 1=a 2=…=a p =1,則後面n-p個位元則受自旋算子作用;反之,則此n位元字串保持不變。 Multi-Control gate(16): It is an n -bit logic gate operation; given an n- bit string a 1 a 2 … a p a p +1 … a n , in a multi-control p -gate Under the action of _ _ _ _ _ function; otherwise, the n- bit string remains unchanged.
綜上所陳,本發明QAP型式同態加密中的公鑰系統設計的方法,乃係本案發明人精心運用腦力設計而成,其不僅在加密過程中可使資料接收者(data receiver)與資料傳送者(data sender)可在彼此不須交流(communication)的情況下完成所謂的同態加密(Homomorphic Encryption)之獨特性,又可達到全程保密,同時並可依問題不同,進行優化計算(Problem-Dependent Optimized Computation)設計,以獲致最低資源耗費,實符合專利法發明專利要件,爰依法提出申請,懇請 鈞局審查委員明鑑,准予專利,實為感禱。 To sum up, the method of designing the public key system in the QAP homomorphic encryption of the present invention is carefully designed by the inventor of this case. It not only enables the data receiver to communicate with the data during the encryption process The sender (data sender) can complete the uniqueness of the so-called homomorphic encryption without communicating with each other, and can achieve full confidentiality. At the same time, it can perform optimized calculations (Problem) according to different problems. -Dependent Optimized Computation) design to obtain the lowest resource consumption, which is indeed in line with the invention patent requirements of the Patent Law. I have submitted the application in accordance with the law. I sincerely hope that the review committee of the Jun Bureau will understand and grant the patent. It is really a prayer.
唯,以上所述,僅述本發明之較佳實施例而已,非因此即拘限本發明之專利範圍,故舉凡應用本發明說明書及申請範圍所為之等效結構變化,均同理皆包含於本發明之範圍內,合予陳明。 However, the above description only describes the preferred embodiments of the present invention, and does not limit the patent scope of the present invention. Therefore, all equivalent structural changes made by applying the specification and application scope of the present invention are all included in the same. Within the scope of the present invention, it is clearly stated.
1:| x 〉明文(plaintext) 1:| x 〉plaintext
2:(V Q en ,) 2:( VQ en , )
3: 3:
4:U en |ψ en 〉 4: U en | ψ en 〉
5: 5:
Claims (1)
Priority Applications (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW110142063A TWI826863B (en) | 2021-11-11 | 2021-11-11 | The design method of public-key system in qap-based homomorphic encryption |
US17/547,571 US11706016B2 (en) | 2021-10-22 | 2021-12-10 | Method of constructing a public-key system in QAP-based homomorphic encryption |
GB2118126.8A GB2612142C (en) | 2021-10-22 | 2021-12-15 | A method of constructing a public-key system in qap-based homomorphic encryption |
EP21214811.8A EP4170964B8 (en) | 2021-10-22 | 2021-12-15 | A method of constructing a public-key system in qap-based homomorphic encryption |
JP2021215529A JP7257494B1 (en) | 2021-10-22 | 2021-12-16 | Design method of public key system in QAP type homomorphic encryption |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW110142063A TWI826863B (en) | 2021-11-11 | 2021-11-11 | The design method of public-key system in qap-based homomorphic encryption |
Publications (2)
Publication Number | Publication Date |
---|---|
TW202320507A TW202320507A (en) | 2023-05-16 |
TWI826863B true TWI826863B (en) | 2023-12-21 |
Family
ID=87379092
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW110142063A TWI826863B (en) | 2021-10-22 | 2021-11-11 | The design method of public-key system in qap-based homomorphic encryption |
Country Status (1)
Country | Link |
---|---|
TW (1) | TWI826863B (en) |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108683669A (en) * | 2018-05-19 | 2018-10-19 | 深圳市图灵奇点智能科技有限公司 | Data verification method and multi-party computations system |
-
2021
- 2021-11-11 TW TW110142063A patent/TWI826863B/en active
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108683669A (en) * | 2018-05-19 | 2018-10-19 | 深圳市图灵奇点智能科技有限公司 | Data verification method and multi-party computations system |
Also Published As
Publication number | Publication date |
---|---|
TW202320507A (en) | 2023-05-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3676986A1 (en) | Single node multi-party encryption | |
CN103516512A (en) | Encryption and decryption method and encryption and decryption device based on AES (advanced encryption standard) algorithm | |
Jawed et al. | XECryptoGA: a metaheuristic algorithm-based block cipher to enhance the security goals | |
CN109327304A (en) | The lightweight homomorphic cryptography method of secret protection is realized in a kind of cloud computing | |
Zou et al. | Hybrid encryption algorithm based on AES and RSA in file encryption | |
JP7257495B1 (en) | Design method of semi-public key system in QAP-type homomorphic encryption | |
Perepechaenko et al. | Quantum encryption of superposition states with quantum permutation pad in IBM quantum computers | |
JP7248120B2 (en) | CRYPTOGRAPHIC SYSTEM, KEY GENERATOR, ENCRYPTER, DECODER, AND PROGRAM | |
Guru et al. | AES and RSA-based Hybrid Algorithms for Message Encryption & Decryption | |
TWI826863B (en) | The design method of public-key system in qap-based homomorphic encryption | |
JP7257494B1 (en) | Design method of public key system in QAP type homomorphic encryption | |
Singh et al. | Study & analysis of cryptography algorithms: RSA, AES, DES, T-DES, blowfish | |
Dharani et al. | Research on homomorphic encryption for arithmetic of approximate numbers | |
CN114422130B (en) | Quantum encryption method based on quantum power function confusion | |
CN106973061B (en) | AES outgoing file encryption method based on reversible logic circuit | |
CN114244496B (en) | SM4 encryption and decryption algorithm parallelization realization method based on tower domain optimization S box | |
CN115811398A (en) | Dynamic S-box-based block cipher algorithm, device, system and storage medium | |
TWI807479B (en) | The design method of semi-public-key system in qap-based homomorphic encryption | |
Zhigang et al. | Review of how to construct a fully homomorphic encryption scheme | |
Wang et al. | Research on full homomorphic encryption algorithm for integer in cloud environment | |
Rodas et al. | O2MD²: A New Post-Quantum Cryptosystem With One-to-Many Distributed Key Management Based on Prime Modulo Double Encapsulation | |
WO2021131667A1 (en) | Secret calculation device, secret calculation method, and program | |
Ouyang et al. | Achieving Message‐Encapsulated Leveled FHE for IoT Privacy Protection | |
JP2010164897A (en) | System, method and program for converting encrypted numeric value into binary | |
Al-Kareem et al. | Modify Twofish Algorithm to Lightweight using Present Techniques for Data Protection |