WO2021109756A1 - Proxy anonymous communication method based on homomorphic encryption scheme - Google Patents

Proxy anonymous communication method based on homomorphic encryption scheme Download PDF

Info

Publication number
WO2021109756A1
WO2021109756A1 PCT/CN2020/124396 CN2020124396W WO2021109756A1 WO 2021109756 A1 WO2021109756 A1 WO 2021109756A1 CN 2020124396 W CN2020124396 W CN 2020124396W WO 2021109756 A1 WO2021109756 A1 WO 2021109756A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
ciphertext data
ciphertext
server
decryption
Prior art date
Application number
PCT/CN2020/124396
Other languages
French (fr)
Chinese (zh)
Inventor
米波
龙萍
黄大荣
韦天成
李阳
吴冰清
Original Assignee
重庆交通大学
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 重庆交通大学 filed Critical 重庆交通大学
Publication of WO2021109756A1 publication Critical patent/WO2021109756A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0421Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/008Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords

Definitions

  • the invention relates to the field of communication security, in particular to a proxy anonymous communication method based on a homomorphic encryption scheme.
  • the dynamic location data of the vehicle network is collected, distributed and processed, and the location data information is shared by wireless communication to realize the realization of vehicles and vehicles, vehicles and roads, and vehicles and people.
  • the information exchange between the car and other infrastructures connects the car to the city network.
  • the location data shared by vehicles is vulnerable to malicious attacks by attackers. This gives the vehicle seat belts that share location data in the Internet of Vehicles. Here comes the challenge.
  • VANET vehicular Ad-hoc Network
  • cloud computing In recent years, with the rapid development of vehicular Ad-hoc Network (VANET) and cloud computing, more and more mobile application services for Internet of Vehicles users have emerged. These mobile application services are often provided by different servers. If a vehicle wants to obtain services from these servers, it must provide vehicle-related registration information to different servers. However, in the process of transmitting vehicle data, it is easy to suffer malicious attacks from the attacker's false information.
  • VANET vehicular Ad-hoc Network
  • False information malicious attack is a typical attack in the security of the vehicle ad hoc network. It is mainly an active attack method realized by the attacker by taking advantage of the characteristics of sharing open channels between nodes in VENET.
  • the malicious attack of false information once the attacker captures and cracks the frequency band where the shared channel is located, the attacker can pretend to be a normal driving vehicle node and spread false messages to the vehicle network or tamper with, delay forwarding, and discard the location that needs to be forwarded after receiving it.
  • Data information has a very serious impact on road traffic and the personal safety and property of vehicle owners.
  • an anonymous communication network technology was created, the purpose of which is to ensure that the private data of all anonymous communication network participants are protected, the network addresses and network behaviors of all participants are fully anonymized, and all participants except data in the network are protected. Except for the individual's personal knowledge of his own network behavior, other third parties cannot obtain the identity and location of the participants of the network behavior.
  • the main idea of implementing an anonymous communication mechanism is that the user transmits the data in plaintext to the forwarding server, and the forwarding server anonymizes the data information received to the sender, and then transmits the anonymized data (that is, ciphertext data) to the receiver. Party to ensure the confidentiality of transmitted data.
  • the problem with this solution is to anonymize the transmitted data by relying on the forwarding server.
  • the main disadvantage On the one hand, considering that the forwarding server is reliable, the number of forwarding servers is a key factor. When the number of forwarding servers is small (only one or two), the efficiency of data transmission is reliable and Efficient, but the security of forwarding data in the channel is not guaranteed.
  • the technical problem to be solved by the present invention is: how to realize the safe and confidential transmission of anonymous data.
  • the present invention adopts the following technical solutions:
  • a proxy anonymous communication method based on a homomorphic encryption scheme including:
  • the sender performs original encryption on the target data to obtain ciphertext data c 1 ;
  • the sending end sends the ciphertext data c 1 to the server;
  • the server homomorphically encrypts the ciphertext data c 1 to obtain the ciphertext data c 2 ;
  • the server sends the ciphertext data c 2 to the receiving end;
  • the receiving end decrypts the ciphertext data c 2 to obtain the ciphertext data c 1 .
  • step S1 includes:
  • step S3 includes:
  • S301 The server receives the ciphertext data c 1 and sends feedback information to the sending end;
  • step S5 includes:
  • the correct decryption feedback information is sent to the server, otherwise, the incorrect decryption information is sent to the server.
  • this method allows the receiver to receive the encrypted ciphertext data c 1 after decryption, so that the user (sender) prepares to send the data plaintext M to the forwarding server for transmission.
  • the reliability of the transmission process The accuracy is higher.
  • This solution uses the computational difficulty based on approximate-GCD, similar to the difficulty of decomposing an integer into prime numbers. It is easy to verify the factors of the divisor, but it is difficult to solve all the factors related to the divisor p in polynomial time. NP-difficult problem. Based on this, this solution can effectively ensure that the plaintext data information is not easy to crack, thereby ensuring the reliability of the plaintext information.
  • the plaintext of the data to be forwarded is transmitted to the forwarding server, an encryption operation is performed first, so that the plaintext M of the data to be forwarded becomes the ciphertext data c 1 to be forwarded, and then the ciphertext data c 1 is passed through The channel is transmitted to the forwarding server.
  • the forwarding server can only perform a homomorphic (evaluation) encryption operation on the ciphertext data c 1 to obtain the ciphertext data c 2 . Therefore, the plaintext M of the transmission data to be forwarded by the user (sender) can be well protected, effectively ensuring the confidentiality of the plaintext of the transmission data to be forwarded, and achieving reliable and safe maintenance of the privacy of the plaintext of the data.
  • the compactness of the ciphertext basically requires that the size of the ciphertext data (that is, the number of bits of the ciphertext) does not increase with the increase in the complexity of the calculation function (evaluation function).
  • the key generation function KeyGen (1 ⁇ , 1 ⁇ ) used in this scheme does not rely on the function parameter ⁇ to encrypt the ciphertext.
  • the key generation function KeyGen(1 ⁇ , 1 ⁇ ) is determined according to the security performance index ⁇ , it has nothing to do with the function parameter ⁇ in the key generation function.
  • malware network attackers need to analyze the previously intercepted ciphertext data c 2 to find out the statistical rules. For example, the corresponding relationship between the cipher text c 2 and the cipher text c 1 is then tested for a forwarded data that has never appeared before (that is, the cipher text data c 2 ). The challenger and the attacker experiment to determine whether they can get a consistent ciphertext c 1 , if the ciphertext c 1 meets the consistency, the attacker can successfully crack, and then the security of the plaintext of the data to be forwarded transmitted to the receiver will be No guarantee; vice versa.
  • this method is implemented by using a homomorphic encryption scheme
  • the user first performs an encryption operation on the data plaintext M to be forwarded and transmitted to make it become fresh ciphertext data c 1 , and then converts the fresh ciphertext data c 1 It is forwarded to the forwarding server, and the forwarding server uses the evaluation function to evaluate and encrypt the fresh ciphertext data c 1 (that is, homomorphic encryption), and then obtain the evaluated ciphertext data c 2 .
  • the evaluation ciphertext data c 2 obtained after the data plaintext M is encrypted twice has a high security strength.
  • the malicious attacker cannot analyze any valuable law about the plaintext M of the data to be forwarded and transmitted (even if the length of the plaintext data is not known) in the polynomial time of the intercepted ciphertext data c 2, that is, this scheme has Resist ciphertext attacks, that is, it can ensure that the evaluation ciphertext data received by the receiver can better protect the confidentiality of the data plaintext M.
  • the security strength is very high, and the difficulty of the encryption function used to evaluate the encryption is equivalent to an approximate-GCD-based NP-difficult problem.
  • the attacker knows the data pair of the fresh ciphertext data c 1 and the evaluated ciphertext data c 1 , but wants to compare the ciphertext data c 1 and the evaluation ciphertext data c obtained by homomorphic encryption during the evaluation process. 1 For matching and correspondence in polynomial time, the probability is negligible. Because the evaluation ciphertext data c 1 is semantically safe, it is very difficult to perform a correct match in polynomial time. Based on this, this solution can resist such attacks and realize the confidentiality of data plaintext.
  • Resist the selected ciphertext attack that is, the attacker can select a certain number of ciphertexts, and try to decrypt the obtained plain-ciphertext pairs by matching them.
  • the receiver receives the ciphertext data c 1 , which is obtained by encrypting the plaintext M of the transmission data to be forwarded twice
  • the attacker wants to perform statistical analysis on the fresh ciphertext data c 1 and the evaluated ciphertext data c 1 to find out which According to the law, try to decrypt the message that only knows the ciphertext data c 2 to find its corresponding ciphertext data c 1 , and further decrypt it to obtain the data plaintext M. Both of these two steps are difficult, and this difficulty is based on the NP-difficult problem of approximate-GCD.
  • Resist selected plaintext attacks that is, the attacker can select a certain number of plaintexts and try to crack through the collected plain-ciphertext matching.
  • the encryption operation used for evaluation is based on a homomorphic encryption scheme.
  • the homomorphic function is used to encrypt the evaluation ciphertext data c. 2 , and forward it to the receiver.
  • a malicious attacker tries to obtain a pair of ciphertext data c 1 and ciphertext data c 2 , and realizes the probability of successful cracking through statistical analysis, which is negligible in polynomial time. Therefore, the program can resist such attacks.
  • This scheme has the compactness of the ciphertext, so that the size of the ciphertext does not increase with the complexity of the calculation function. Compared with the existing data encryption scheme, this scheme has undergone two encryption processing, and further optimized processing on the ciphertext space twice. Therefore, both the size of the fresh ciphertext data and the expansion of the estimated ciphertext data size (extension refers to the ratio of the size of the ciphertext data to the size of the underlying plaintext) are very small in this solution.
  • FIG. 1 is a flowchart of a specific implementation manner of a proxy anonymous communication method based on a homomorphic encryption scheme disclosed by the present invention.
  • the present invention discloses a proxy anonymous communication method based on a homomorphic encryption scheme, including:
  • the sender performs original encryption on the target data to obtain ciphertext data c 1 ;
  • the sending end sends the ciphertext data c 1 to the server;
  • the server homomorphically encrypts the ciphertext data c 1 to obtain the ciphertext data c 2 ;
  • the server sends the ciphertext data c 2 to the receiving end;
  • the receiving end decrypts the ciphertext data c 2 to obtain the ciphertext data c 1 .
  • the advantage of this is that the sender can send its own encrypted plaintext data (ie ciphertext data c 1 ) to the receiver without exposing the content of the plaintext data and the receiver can perform on the basis of the ciphertext data c 1 Calculation.
  • the present invention allows the receiver to receive the encrypted ciphertext data c 1 after decryption, so that the user (sender) prepares to send the data plaintext M for transmission to the forwarding server during transmission.
  • This solution uses the computational difficulty based on approximate-GCD, similar to the difficulty of decomposing an integer into prime numbers. It is easy to verify the factors of the divisor, but it is difficult to solve all the factors related to the divisor p in polynomial time. NP-difficult problem. Based on this, this solution can effectively ensure that the plaintext data information is not easy to crack, thereby ensuring the reliability of the plaintext information.
  • step S1 includes:
  • the sender sets the number of digits of the encrypted ciphertext data c 1 according to the degree of confidentiality of the transmitted data.
  • the bit length can be customized. Considering the security, the actual median is more than 20 digits. Generally, the higher the confidentiality, the more digits of the encrypted ciphertext of the forwarding server, and the larger the amount of calculation. If the number of bits is too long, the communication volume will increase, and at the same time , the computing resource overhead of forwarding the encrypted ciphertext data c 1 of the forwarding server will increase, but the confidentiality of the plaintext data is high.
  • the key generation function is a public function between the sender, the forwarding server, and the receiver. After the sending end and the receiving end have negotiated to determine the value of the function parameter ⁇ , the key generation function can be called to generate the decryption key, so there is no need to transmit the decryption key to the forwarding server and the receiving end. The sender only needs to transmit the ciphertext data to the forwarding server.
  • the probability of the plaintext of the data to be forwarded being maliciously attacked is very high.
  • the data plaintext of is no longer the original plaintext of data to be forwarded, but the "modified" plaintext of data to be forwarded.
  • the encryption key is a key factor. The determination of the key is to generate the encryption key K and the decryption key k according to the security performance index ⁇ (depending on the length of the plaintext data, the data length of the ciphertext, etc.) through the key generation function.
  • step S3 includes:
  • S301 The server receives the ciphertext data c 1 and sends feedback information to the sending end;
  • the ciphertext data c 1 to be transmitted and forwarded is transmitted to the forwarding server through the channel, and then after the forwarding server receives the ciphertext data c 1 , it uses the evaluation function to homomorphically encrypt the received ciphertext data c 1 to obtain the ciphertext data c 2 .
  • step S5 includes:
  • the correct decryption feedback information is sent to the server; otherwise, the incorrect decryption information is sent to the server.
  • the judgment condition for correct decryption is: if the received ciphertext is incorrect, the decryption will fail directly. The reason is that the receiving end uses the decryption key generated by the key generation function to decrypt the received ciphertext data c 2. If it cannot be decrypted correctly, it means that the ciphertext is incorrect. Because the encryption method of the forwarding server encrypts the ciphertext data c 1 is encryption on the basis of the ciphertext, the technology used is the homomorphic encryption function, which is a one-way difficult function, in simple terms, it is encrypted data The execution is fast, but the decryption operation cannot be achieved without the corresponding decryption key.
  • the forwarding server transmits the ciphertext data c 2 encrypted by the evaluation function to the receiving user through the channel.
  • the receiver uses the decryption key generated by the key generation function to decrypt the received ciphertext data c 2. If the ciphertext data c 2 is not maliciously tampered with by the attacker, the receiver user can decrypt normally, otherwise The decryption operation cannot be performed. Since the plaintext of the data to be forwarded and transmitted is encrypted using an encryption function to obtain the ciphertext data c 1 , and the ciphertext data c 2 is obtained by re-encrypting the ciphertext data c 1 using the evaluation function of the forwarding server.
  • the ciphertext data received by the receiver must be required to be complete.
  • the integrity of the ciphertext data c 2 can be verified by whether the receiver can achieve decryption.
  • the process of verifying messages is simplified, and the implementation of this solution is operability.
  • the present invention uses a homomorphic encryption scheme to encrypt the data plaintext twice, which effectively guarantees the confidentiality of the data plaintext M; when transmitting data, the forwarding server is used for the transmission path. Obfuscation to realize the concealment of the real recipient of the data; by judging whether the real recipient can use the decryption key to decrypt the ciphertext c 2 , the integrity of the data is checked, which effectively improves the efficiency of data integrity verification.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

Disclosed in the present invention is a proxy anonymous communication method based on a homomorphic encryption scheme. Said method comprises: S1, a sending end performing original encryption on target data to obtain ciphertext data c1; S2, the sending end sending the ciphertext c1 to a server; S3, the server performing homomorphic encryption on the ciphertext data c1 to obtain ciphertext data c2; S4, the server sending the ciphertext data c2 to a receiving end; and S5, the receiving end decrypting the ciphertext data c2 to obtain the ciphertext data c1. Said method is mainly used for reliable and complete transmission of privacy data (mainly for position data) of participating vehicles in the Internet of Vehicles, and achieves the safe operation of vehicles in the Internet of Vehicles is achieved by improving the security and confidentiality of the position data of the participating vehicles in the Internet of Vehicles, having certain economic benefits and engineering practicability.

Description

一种基于同态加密方案的代理型匿名通信方法Proxy anonymous communication method based on homomorphic encryption scheme 技术领域Technical field
本发明涉及通信安全领域,具体涉及一种基于同态加密方案的代理型匿名通信方法。The invention relates to the field of communication security, in particular to a proxy anonymous communication method based on a homomorphic encryption scheme.
背景技术Background technique
随着车联网在智慧城市交通领域中的具体应用,通过收集、分发和处理车辆网络动态的位置数据,并利用无线通信的方式共享位置数据信息,实现车与车、车与路、车与人、车与其他基础设施之间的信息交互,使汽车与城市网络相互连接。然而,由于无线通信与车联网应用的高可靠性和高安全性之间存在着矛盾,使得车辆共享的位置数据容易受到攻击者的恶意攻击,这就给车联网中共享位置数据的车辆安全带来了挑战。With the specific application of the Internet of Vehicles in the field of smart city transportation, the dynamic location data of the vehicle network is collected, distributed and processed, and the location data information is shared by wireless communication to realize the realization of vehicles and vehicles, vehicles and roads, and vehicles and people. , The information exchange between the car and other infrastructures connects the car to the city network. However, due to the contradiction between the high reliability and high security of wireless communication and Internet of Vehicles applications, the location data shared by vehicles is vulnerable to malicious attacks by attackers. This gives the vehicle seat belts that share location data in the Internet of Vehicles. Here comes the challenge.
近年来,随着车载自组织网络(Vehicular Ad-hoc Network,VANET)和云计算的迅速发展,越来越多面向车联网用户的移动应用服务应运而生。这些移动应用服务往往由不同的服务器提供,车辆想要从这些服务器中获得服务,则必须向不同的服务器提供车辆相关的注册信息。然而,在传输车辆数据过程中,容易遭受到攻击者虚假信息的恶意攻击。In recent years, with the rapid development of vehicular Ad-hoc Network (VANET) and cloud computing, more and more mobile application services for Internet of Vehicles users have emerged. These mobile application services are often provided by different servers. If a vehicle wants to obtain services from these servers, it must provide vehicle-related registration information to different servers. However, in the process of transmitting vehicle data, it is easy to suffer malicious attacks from the attacker's false information.
虚假信息恶意攻击是车载自组织网安全中面临的一种典型攻击,主要是攻击者通过借助VENET中节点之间共享开放信道的特点而实现的一种主动攻击方式。在虚假信息的恶意攻击中,攻击者一旦捕获并破解出共享信道所在的频段,就可以冒充正常行驶的车辆节点,向车载网络中散布虚假消息或篡改、延迟转发和丢弃接收后需要转发的位置数据信息,对道路交通和车主的人身安全及财产造成非常严重的影响。False information malicious attack is a typical attack in the security of the vehicle ad hoc network. It is mainly an active attack method realized by the attacker by taking advantage of the characteristics of sharing open channels between nodes in VENET. In the malicious attack of false information, once the attacker captures and cracks the frequency band where the shared channel is located, the attacker can pretend to be a normal driving vehicle node and spread false messages to the vehicle network or tamper with, delay forwarding, and discard the location that needs to be forwarded after receiving it. Data information has a very serious impact on road traffic and the personal safety and property of vehicle owners.
目前,数据加密技术已经成为了保障人们生活和工作的一个重要的组成部分。现代信息以计算机为载体,以安全技术为依托,利用通信网络对位置数据进行传输。随着近几年的各个领域中网络数据安全事件的增多,数据的安全性得到了人们越来越多的关注。数据安全其中重要的一部分就是保证各领域中所有网络参与者自身信息的隐匿性,也就是保障网络参与者在共享网络上私人数据得到充分的保护和隐藏,一方面不仅要保护自己的网络地址不被泄露,另一方面还需要确保自己的网络行为不希望被第三方(攻击者)知道。由此,产生了匿名通信网络技术,其目的就是使所有匿名通信网络参与者的私人数据都得到保障,所有参与者的网络地址和网络行为都得到充分的匿名,并且保障网络中所有除数据参与者个人知晓自己的网络行为以外,其他的第三方都无法获得网络行为的参与者的身份和位置。At present, data encryption technology has become an important part of ensuring people's lives and work. Modern information uses computers as the carrier, relying on security technology, and uses communication networks to transmit location data. With the increase in network data security incidents in various fields in recent years, data security has attracted more and more attention. An important part of data security is to ensure the concealment of all network participants’ own information in various fields, that is, to ensure that the private data of network participants on the shared network is fully protected and concealed. On the one hand, it is necessary not only to protect their own network addresses. Being leaked, on the other hand, you also need to ensure that your network behavior does not want to be known by a third party (attacker). As a result, an anonymous communication network technology was created, the purpose of which is to ensure that the private data of all anonymous communication network participants are protected, the network addresses and network behaviors of all participants are fully anonymized, and all participants except data in the network are protected. Except for the individual's personal knowledge of his own network behavior, other third parties cannot obtain the identity and location of the participants of the network behavior.
目前,实现匿名通信机制的主要思想是用户将数据明文传输给转发服务器,由转发服务器对接收到发送端的数据信息进行匿名化,再将匿名化后的数据(也就是密文数据)传 输给接收方,来保障传输数据的保密性。但是这种方案,存在的问题是通过依赖转发服务器来对传输数据进行匿名化。最主要的缺点:一方面,考虑转发服务器是可靠的,则转发服务器的数量是一个关键因素,当转发服务器数量较少时(只有一台或两台的情况),数据传输的效率是可靠并且高效的,但是在信道中转发数据的安全性却得不到保障,一旦其中出现一些客观原因,如系统故障、误操作等,抑或者是存在恶意攻击者对转发服务器进行攻击,使密文数据遭到中间人攻击等,严重影响数据的保密性和可用性;当转发服务器的数量较多时(三台及其以上),在信道中转发数据的安全性可以得到保证,但是由于最终生成的密文是转发服务器多次转发得到的,但会降低整个网络系统传输数据的快速性和高效性;另一方面,考虑转发服务器是不可靠的,也就是说,当车主将自己的隐私信息发送给转发服务器的时候,安全性就已经得不到保证了,后面接收者接收到的数据信息的可靠性就更低。At present, the main idea of implementing an anonymous communication mechanism is that the user transmits the data in plaintext to the forwarding server, and the forwarding server anonymizes the data information received to the sender, and then transmits the anonymized data (that is, ciphertext data) to the receiver. Party to ensure the confidentiality of transmitted data. However, the problem with this solution is to anonymize the transmitted data by relying on the forwarding server. The main disadvantage: On the one hand, considering that the forwarding server is reliable, the number of forwarding servers is a key factor. When the number of forwarding servers is small (only one or two), the efficiency of data transmission is reliable and Efficient, but the security of forwarding data in the channel is not guaranteed. Once there are some objective reasons, such as system failure, misoperation, etc., or there is a malicious attacker attacking the forwarding server to make the ciphertext data Man-in-the-middle attacks, etc., seriously affect the confidentiality and availability of data; when the number of forwarding servers is large (three or more), the security of forwarding data in the channel can be guaranteed, but the resulting ciphertext is The forwarding server forwards it many times, but it will reduce the speed and efficiency of the entire network system to transmit data; on the other hand, consider that the forwarding server is unreliable, that is, when the car owner sends his own private information to the forwarding server At that time, the security is no longer guaranteed, and the reliability of the data information received by the later receivers is even lower.
因此,如何实现匿名数据安全保密的传输成为了本领域技术人员急需解决的问题。Therefore, how to realize the safe and confidential transmission of anonymous data has become an urgent problem for those skilled in the art.
发明内容Summary of the invention
针对现有技术存在的上述不足,本发明要解决的技术问题是:如何实现匿名数据安全保密的传输。In view of the above-mentioned shortcomings in the prior art, the technical problem to be solved by the present invention is: how to realize the safe and confidential transmission of anonymous data.
为解决上述技术问题,本发明采用了如下的技术方案:To solve the above technical problems, the present invention adopts the following technical solutions:
一种基于同态加密方案的代理型匿名通信方法,包括:A proxy anonymous communication method based on a homomorphic encryption scheme, including:
S1、发送端将目标数据进行原始加密得到密文数据c 1S1. The sender performs original encryption on the target data to obtain ciphertext data c 1 ;
S2、发送端将密文数据c 1发送至服务器; S2. The sending end sends the ciphertext data c 1 to the server;
S3、服务器将密文数据c 1进行同态加密得到密文数据c 2S3. The server homomorphically encrypts the ciphertext data c 1 to obtain the ciphertext data c 2 ;
S4、服务器将密文数据c 2发送至接收端; S4. The server sends the ciphertext data c 2 to the receiving end;
S5、接收端对密文数据c 2进行解密得到密文数据c 1S5. The receiving end decrypts the ciphertext data c 2 to obtain the ciphertext data c 1 .
优选地,步骤S1包括:Preferably, step S1 includes:
S101、发送端获取目标数据M,M=(m 1,m 2,…,m t)∈{0,1} t,t表示目标数据利用二进制进行转化后的字符串的位数; S101. The sending end obtains target data M, M=(m 1 ,m 2 ,...,m t )∈{0,1} t , where t represents the number of bits of the character string converted by binary of the target data;
S102、基于目标数据重要程度分配对应的安全性能指标λ,设置功能参数τ;S102. Assign a corresponding safety performance index λ based on the importance of the target data, and set a function parameter τ;
S103、基于钥生成函数KeyGen(1 λ,1 τ); S103. Based on the key generation function KeyGen(1 λ , 1 τ );
S104、生成加密密钥K和解密秘钥k;S104. Generate an encryption key K and a decryption key k;
S105、基于加密密钥K及单向加密函数Encrypt(K,M)=c 1将目标数据进行原始加密得到密文数据c 1S105: Perform original encryption on the target data based on the encryption key K and the one-way encryption function Encrypt(K, M)=c 1 to obtain ciphertext data c 1 .
优选地,步骤S3包括:Preferably, step S3 includes:
S301、服务器接收密文数据c 1并发送反馈信息至发送端; S301: The server receives the ciphertext data c 1 and sends feedback information to the sending end;
S302、服务器基于评估函数Evaluate(K,∏,c 1)=c 2将密文数据c 1进行同态加密得到密文数据c 2,∏表示评估函数的二进制电路。 S302, the homomorphic encryption server based on the evaluation function Evaluate (K, Π, c 1 ) = c 2 c 1 to the ciphertext data to obtain the ciphertext data c 2, Π represents the binary circuit evaluation function.
优选地,步骤S5包括:Preferably, step S5 includes:
S501、基于解密秘钥k及解密函数Decrypt(k,c 2)=c 1进行解密得到密文数据c 1S501: Perform decryption based on the decryption key k and the decryption function Decrypt(k, c 2 )=c 1 to obtain ciphertext data c 1 .
优选地,当解密得到密文数据c 1后,发送正确解密反馈信息至服务器,否则,发送错误解密信息至服务器。 Preferably, after the ciphertext data c 1 is obtained by decryption, the correct decryption feedback information is sent to the server, otherwise, the incorrect decryption information is sent to the server.
优选地,对于任意M=(m 1,m 2,…,m t)∈{0,1} t Preferably, for any M=(m 1 ,m 2 ,...,m t )∈{0,1} t
Pr[Decrypt(k,c 1):(K,k)←KeyGen(1 λ,1 τ),c 1←Encrypt(K,M)]=1; Pr[Decrypt(k,c 1 ): (K,k)←KeyGen(1 λ ,1 τ ),c 1 ←Encrypt(K,M)]=1;
对于每一二进制电路∏,∏∈c τ,c τ表示以功能参数τ为二叉树的最大深度,组成的所有可能的计算组合构成的二叉树的集合;
Figure PCTCN2020124396-appb-000001
For each binary circuit ∏, ∏∈c τ , c τ represents the set of binary trees composed of all possible calculation combinations with the function parameter τ as the maximum depth of the binary tree;
Figure PCTCN2020124396-appb-000001
综上所述,与先有技术相比,本发明的技术效果包括:In summary, compared with the prior art, the technical effects of the present invention include:
1.隐私数据传输可靠性精度高1. High reliability and accuracy of private data transmission
相比其他方法,此方法让接收方解密后接收到的是数据明文加密后的密文数据c 1,使得用户(发送端)准备发给转发服务器传输的数据明文M在传输过程中的可靠性精度更高。本方案是利用基于近似-GCD的计算困难性,类似对一个整数进行素数分解的困难性,验证除数的因子是容易的,但是要求解所有有关除数p的因子却是一个在多项式时间内难以解决的NP-困难问题。基于此,本方案可以有效的保证明文数据信息不容易破解,进而保障明文信息的可靠性。 Compared with other methods, this method allows the receiver to receive the encrypted ciphertext data c 1 after decryption, so that the user (sender) prepares to send the data plaintext M to the forwarding server for transmission. The reliability of the transmission process The accuracy is higher. This solution uses the computational difficulty based on approximate-GCD, similar to the difficulty of decomposing an integer into prime numbers. It is easy to verify the factors of the divisor, but it is difficult to solve all the factors related to the divisor p in polynomial time. NP-difficult problem. Based on this, this solution can effectively ensure that the plaintext data information is not easy to crack, thereby ensuring the reliability of the plaintext information.
2.维护数据明文的隐私2. Maintain the privacy of plaintext data
由于待转发传输的数据明文在传输给转发服务器之前,先进行了一次加密操作,使得待转发传输数据明文M变成了待转发传输的密文数据c 1,然后再将密文数据c 1通过信道传输给转发服务器。在这个过程中,就算转发服务器是不可信的,但是转发服务器也只能对密文数据c 1进行同态(评估)加密操作得到密文数据c 2。因此,用户(发送方)的待转发传输数据明文M可以得到很好的保护,有效地保证待转发传输数据明文的保密性,实现可靠、安全地维护数据明文的隐私。 Since the plaintext of the data to be forwarded is transmitted to the forwarding server, an encryption operation is performed first, so that the plaintext M of the data to be forwarded becomes the ciphertext data c 1 to be forwarded, and then the ciphertext data c 1 is passed through The channel is transmitted to the forwarding server. In this process, even if the forwarding server is untrustworthy, the forwarding server can only perform a homomorphic (evaluation) encryption operation on the ciphertext data c 1 to obtain the ciphertext data c 2 . Therefore, the plaintext M of the transmission data to be forwarded by the user (sender) can be well protected, effectively ensuring the confidentiality of the plaintext of the transmission data to be forwarded, and achieving reliable and safe maintenance of the privacy of the plaintext of the data.
3.密文紧凑性强3. The ciphertext is compact
密文的紧凑性基本上要求密文数据的大小(即密文的位数)不随计算函数(评估函数)复杂度的增加而增加。本方案中采用的密钥生成函数KeyGen(1 λ,1 τ)加密得到的密文不依赖于功能参数τ。其中,由于密钥生成函数KeyGen(1 λ,1 τ)根据安全性能指标λ来确定的,与密钥生成函数中的功能参数τ无关。这意味着即使允许加密方案的某些参数(比如加密密钥大小)依赖于功能参数τ,被评估函数加密得到的密文数据c 2的大小也是不会随着τ的增长而增长。相比于其他方法,本方案很好的限制了密文数据的大小,为在云上存储大量密文数据提供了先决条件,也为密文空间的高效利用做铺垫。 The compactness of the ciphertext basically requires that the size of the ciphertext data (that is, the number of bits of the ciphertext) does not increase with the increase in the complexity of the calculation function (evaluation function). The key generation function KeyGen (1 λ , 1 τ ) used in this scheme does not rely on the function parameter τ to encrypt the ciphertext. Among them, since the key generation function KeyGen(1 λ , 1 τ ) is determined according to the security performance index λ, it has nothing to do with the function parameter τ in the key generation function. This means that even if certain parameters of the encryption scheme (such as encryption key size) are allowed to depend on the functional parameter τ, the size of the ciphertext data c 2 encrypted by the evaluation function will not increase with the increase of τ. Compared with other methods, this scheme limits the size of ciphertext data well, provides a prerequisite for storing a large amount of ciphertext data on the cloud, and also pave the way for the efficient use of ciphertext space.
4.攻击抵抗力强4. Strong attack resistance
①抵御唯密文攻击,即攻击者仅知道多个密文数据c 2来对车联网系统进行攻击破解。 ① Resist ciphertext-only attacks, that is, the attacker only knows multiple ciphertext data c 2 to attack and crack the Internet of Vehicles system.
针对这种攻击方式,恶意网络攻击者需要对先前所截获的密文数据c 2进行分析,找出其中的统计规律。如密文c 2与密文c 1之间的对应关系,然后再试探一个之前从未出现过的转发数据(即密文数据c 2)。通过挑战者和攻击者实验判断其是否能够得到一致的密文c 1,如果密文c 1满足一致性,即攻击者可以成功破解,进而传输给接收者的待转发传输数据明文的安全性就得不到保证;反之亦然。 In response to this attack method, malicious network attackers need to analyze the previously intercepted ciphertext data c 2 to find out the statistical rules. For example, the corresponding relationship between the cipher text c 2 and the cipher text c 1 is then tested for a forwarded data that has never appeared before (that is, the cipher text data c 2 ). The challenger and the attacker experiment to determine whether they can get a consistent ciphertext c 1 , if the ciphertext c 1 meets the consistency, the attacker can successfully crack, and then the security of the plaintext of the data to be forwarded transmitted to the receiver will be No guarantee; vice versa.
基于此,由于本方法通过运用同态加密方案来实现,其中,用户首先对待转发传输的数据明文M先进行加密操作使其变成新鲜密文数据c 1后,再将新鲜密文数据c 1转发给转发服务器,转发服务器利用评估函数对新鲜密文数据c 1进行评估加密(即同态加密)操作,进而得到评估密文数据c 2。此外,由于两次加密的加密函数都是具有NP-困难性的单向函数,进而数据明文M经过两次加密后所得到的评估密文数据c 2的安全强度很高。至此,恶意攻击者对所截获的密文数据c 2在多项式时间内分析不出有关待转发传输的数据明文M任何有价值的规律(哪怕是明文数据的长度也不知晓),即本方案具有抵抗密文攻击,即可以很好地保证接收方接收到的评估密文数据能够较好对数据明文M的保密性。 Based on this, because this method is implemented by using a homomorphic encryption scheme, the user first performs an encryption operation on the data plaintext M to be forwarded and transmitted to make it become fresh ciphertext data c 1 , and then converts the fresh ciphertext data c 1 It is forwarded to the forwarding server, and the forwarding server uses the evaluation function to evaluate and encrypt the fresh ciphertext data c 1 (that is, homomorphic encryption), and then obtain the evaluated ciphertext data c 2 . In addition, since the encryption functions of the two encryptions are all one-way functions with NP-difficulty, the evaluation ciphertext data c 2 obtained after the data plaintext M is encrypted twice has a high security strength. At this point, the malicious attacker cannot analyze any valuable law about the plaintext M of the data to be forwarded and transmitted (even if the length of the plaintext data is not known) in the polynomial time of the intercepted ciphertext data c 2, that is, this scheme has Resist ciphertext attacks, that is, it can ensure that the evaluation ciphertext data received by the receiver can better protect the confidentiality of the data plaintext M.
②抵御已知明文攻击,即攻击者知道多个明文及其对应的密文对,来对加密函数进行破解。这种攻击方式也是不可行的,原因与之前的密文攻击方式类似。② Defend against known plaintext attacks, that is, the attacker knows multiple plaintexts and their corresponding ciphertext pairs to crack the encryption function. This type of attack is also not feasible, and the reason is similar to the previous ciphertext attack.
由于接收方接收到的评估密文数据c 2是待传输转发数据明文M经过两次加密得到的,安全强度很高,并且用于评估加密的加密函数困难性等价于一个基于近似-GCD的NP-困难问题。其中,即使攻击者知道新鲜密文数据c 1和评估密文数据c 1的数据对,但是想要对一个只知道密文数据c 1与进行评估过程利用同态加密得到的评估密文数据c 1在多项式时间内 进行匹配对应,概率是可忽略的。因为评估密文数据c 1具有语义安全,因此在多项式时间内想要进行正确地匹配,是十分困难的。基于此,本方案能够抵御这种攻击,实现数据明文的保密性。 Since the evaluation ciphertext data c 2 received by the receiver is obtained by encrypting the plaintext M of the data to be transmitted and forwarded twice, the security strength is very high, and the difficulty of the encryption function used to evaluate the encryption is equivalent to an approximate-GCD-based NP-difficult problem. Among them, even if the attacker knows the data pair of the fresh ciphertext data c 1 and the evaluated ciphertext data c 1 , but wants to compare the ciphertext data c 1 and the evaluation ciphertext data c obtained by homomorphic encryption during the evaluation process. 1 For matching and correspondence in polynomial time, the probability is negligible. Because the evaluation ciphertext data c 1 is semantically safe, it is very difficult to perform a correct match in polynomial time. Based on this, this solution can resist such attacks and realize the confidentiality of data plaintext.
③抵御选择密文攻击,即攻击者可以通过选择一定数量的密文,并试图通过收集得到的明-密文对,匹配来进行破解。③ Resist the selected ciphertext attack, that is, the attacker can select a certain number of ciphertexts, and try to decrypt the obtained plain-ciphertext pairs by matching them.
由于接收方接收到密文数据c 1,是待转发传输数据明文M经过两次加密得到的,因此攻击者想要对新鲜密文数据c 1、评估密文数据c 1进行统计分析找出其中的规律,试图对只知道密文数据c 2的消息进行解密找到其对应的密文数据c 1,并进一步解密得到数据明文M。这两步操作都具有困难性,且这个困难性是基于近似-GCD的NP-困难问题。从计算复杂度角度来说,是大于多项式时间算法的,也就是说在计算机计算能力有限的条件下,实现一次成功解密计算是需要消耗很长的计算时间(十年甚至更长的时间)。总之,该方案能够抵御这种攻击。 Since the receiver receives the ciphertext data c 1 , which is obtained by encrypting the plaintext M of the transmission data to be forwarded twice, the attacker wants to perform statistical analysis on the fresh ciphertext data c 1 and the evaluated ciphertext data c 1 to find out which According to the law, try to decrypt the message that only knows the ciphertext data c 2 to find its corresponding ciphertext data c 1 , and further decrypt it to obtain the data plaintext M. Both of these two steps are difficult, and this difficulty is based on the NP-difficult problem of approximate-GCD. From the perspective of computational complexity, it is greater than the polynomial time algorithm, which means that under the condition of limited computer computing power, it takes a long time to complete a successful decryption calculation (ten years or even longer). In short, the program can resist this kind of attack.
④抵御选择明文攻击,即攻击者可以通过选择一定数量的明文,并试图通过收集得到的明-密文对匹配来进行破解。④ Resist selected plaintext attacks, that is, the attacker can select a certain number of plaintexts and try to crack through the collected plain-ciphertext matching.
其中,用于评估加密操作是基于同态加密方案进行的,在对待转发传输的数据明文M进行加密后得到的新鲜密文数据c 1后,再利用同态函数进行加密得到评估密文数据c 2,并将其转发传输给接收方。在这种情况下恶意攻击者试图对获取的密文数据c 1和密文数据c 2对,通过统计分析实现成功破解的概率,在多项式时间内是可忽略的。因此,该方案能够抵御这种攻击。 Among them, the encryption operation used for evaluation is based on a homomorphic encryption scheme. After the fresh ciphertext data c 1 obtained after the data plaintext M to be forwarded and transmitted is encrypted, the homomorphic function is used to encrypt the evaluation ciphertext data c. 2 , and forward it to the receiver. In this case, a malicious attacker tries to obtain a pair of ciphertext data c 1 and ciphertext data c 2 , and realizes the probability of successful cracking through statistical analysis, which is negligible in polynomial time. Therefore, the program can resist such attacks.
5.密文空间上更高效5. More efficient in ciphertext space
本方案具有密文紧凑性,使得密文的大小不随计算函数的复杂性而增长。相比于现有的数据加密方案,本方案由于经过了两次加密处理,进而在密文空间上进行了两次优化处理。因此,本方案的不管是新鲜密文数据大小还是评估密文数据大小的扩展(扩展指的是密文数据大小与底层明文大小之比)都很小。This scheme has the compactness of the ciphertext, so that the size of the ciphertext does not increase with the complexity of the calculation function. Compared with the existing data encryption scheme, this scheme has undergone two encryption processing, and further optimized processing on the ciphertext space twice. Therefore, both the size of the fresh ciphertext data and the expansion of the estimated ciphertext data size (extension refers to the ratio of the size of the ciphertext data to the size of the underlying plaintext) are very small in this solution.
附图说明Description of the drawings
图1为本发明公开的本发明公开了一种基于同态加密方案的代理型匿名通信方法的一种具体实施方式的流程图。FIG. 1 is a flowchart of a specific implementation manner of a proxy anonymous communication method based on a homomorphic encryption scheme disclosed by the present invention.
具体实施方式Detailed ways
为了使本发明的目的、技术方案和优点更加清楚,下面将结合附图对本发明作进一步的详细描述说明。In order to make the objectives, technical solutions and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings.
如图1所示,本发明公开了一种基于同态加密方案的代理型匿名通信方法,包括:As shown in Figure 1, the present invention discloses a proxy anonymous communication method based on a homomorphic encryption scheme, including:
S1、发送端将目标数据进行原始加密得到密文数据c 1S1. The sender performs original encryption on the target data to obtain ciphertext data c 1 ;
S2、发送端将密文数据c 1发送至服务器; S2. The sending end sends the ciphertext data c 1 to the server;
S3、服务器将密文数据c 1进行同态加密得到密文数据c 2S3. The server homomorphically encrypts the ciphertext data c 1 to obtain the ciphertext data c 2 ;
S4、服务器将密文数据c 2发送至接收端; S4. The server sends the ciphertext data c 2 to the receiving end;
S5、接收端对密文数据c 2进行解密得到密文数据c 1S5. The receiving end decrypts the ciphertext data c 2 to obtain the ciphertext data c 1 .
在本发明中,只需要接收端解密得到密文数据c 1即可,不需要将密文数据c 1解密为明文。 In the present invention, only the receiving end decrypts ciphertext data c 1, you do not need to decrypt the ciphertext data c 1 plaintext.
这样做的优点在于,发送端可以将自己加密后的明文数据(即密文数据c 1)发送给接收端,不会暴露明文数据的内容并且接收端能够在密文数据c 1的基础上进行计算。 The advantage of this is that the sender can send its own encrypted plaintext data (ie ciphertext data c 1 ) to the receiver without exposing the content of the plaintext data and the receiver can perform on the basis of the ciphertext data c 1 Calculation.
与先有技术相比,本发明让接收方解密后接收到的是数据明文加密后的密文数据c 1,使得用户(发送端)准备发给转发服务器传输的数据明文M在传输过程中的可靠性精度更高。本方案是利用基于近似-GCD的计算困难性,类似对一个整数进行素数分解的困难性,验证除数的因子是容易的,但是要求解所有有关除数p的因子却是一个在多项式时间内难以解决的NP-困难问题。基于此,本方案可以有效的保证明文数据信息不容易破解,进而保障明文信息的可靠性。 Compared with the prior art, the present invention allows the receiver to receive the encrypted ciphertext data c 1 after decryption, so that the user (sender) prepares to send the data plaintext M for transmission to the forwarding server during transmission. Higher reliability and accuracy. This solution uses the computational difficulty based on approximate-GCD, similar to the difficulty of decomposing an integer into prime numbers. It is easy to verify the factors of the divisor, but it is difficult to solve all the factors related to the divisor p in polynomial time. NP-difficult problem. Based on this, this solution can effectively ensure that the plaintext data information is not easy to crack, thereby ensuring the reliability of the plaintext information.
具体实施时,步骤S1包括:During specific implementation, step S1 includes:
S101、发送端获取目标数据M,M=(m 1,m 2,…,m t)∈{0,1} t,t表示目标数据利用二进制进行转化后的字符串的位数; S101. The sending end obtains target data M, M=(m 1 ,m 2 ,...,m t )∈{0,1} t , where t represents the number of bits of the character string converted by binary of the target data;
通过用户(发送端)的身份权限采集有关车主的基本信息(包括车主的身份、电话、驾驶习惯等私人信息),车辆的基本信息(车型、发动机型号,油箱的油量等属性私有信息),并通过传感器采集车辆的速度、位置数据等隐私数据信息。Collect basic information about the car owner (including private information such as the owner's identity, phone number, driving habits, etc.) and basic information of the vehicle (model, engine model, fuel volume in the fuel tank, and other private information) through the user's (sender) identity authority. And collect private data information such as the speed and position data of the vehicle through the sensor.
S102、基于目标数据重要程度分配对应的安全性能指标λ,设置功能参数τ;S102. Assign a corresponding safety performance index λ based on the importance of the target data, and set a function parameter τ;
根据所要传输数据的重要程度分配安全性能指标。Assign security performance indicators according to the importance of the data to be transmitted.
发送端根据传输数据的机密程度,设置加密得到的密文数据c 1的位数,位长可自定义,考虑安全性,实际中位数大于20位即可。一般地,机密性越高,转发服务器加密密文的位数越多,计算量大。位数太长,会导致通信量增大,同时转发服务器加密密文数据c 1的计算资源开销增加,但是明文数据的保密性高。 The sender sets the number of digits of the encrypted ciphertext data c 1 according to the degree of confidentiality of the transmitted data. The bit length can be customized. Considering the security, the actual median is more than 20 digits. Generally, the higher the confidentiality, the more digits of the encrypted ciphertext of the forwarding server, and the larger the amount of calculation. If the number of bits is too long, the communication volume will increase, and at the same time , the computing resource overhead of forwarding the encrypted ciphertext data c 1 of the forwarding server will increase, but the confidentiality of the plaintext data is high.
S103、基于钥生成函数KeyGen(1 λ,1 τ); S103. Based on the key generation function KeyGen(1 λ , 1 τ );
S104、生成加密密钥K和解密秘钥k;S104. Generate an encryption key K and a decryption key k;
密钥生成函数是发送端、转发服务器、接收端三者之间的一个公开函数。在发送端、接收端两者协商确定出功能参数τ的值后,可调用密钥生成函数生成解密密钥,因此不需要传解密密钥给转发服务器和接收端。发送端只需要将密文数据传到转发服务器,即可。The key generation function is a public function between the sender, the forwarding server, and the receiver. After the sending end and the receiving end have negotiated to determine the value of the function parameter τ, the key generation function can be called to generate the decryption key, so there is no need to transmit the decryption key to the forwarding server and the receiving end. The sender only needs to transmit the ciphertext data to the forwarding server.
S105、基于加密密钥K及单向加密函数Encrypt(K,M)=c 1将目标数据进行原始加密得到密文数据c 1S105: Perform original encryption on the target data based on the encryption key K and the one-way encryption function Encrypt(K, M)=c 1 to obtain ciphertext data c 1 .
如果用户(发送端)将待转发的数据明文直接传输给转发服务器,待转发的数据明文遭到恶意攻击的概率是很大的,为了保证待转发传输数据明文在传输给转发服务器之前,待转发的数据明文已经不再是最初的待转发传输数据明文,而是经过“修饰”的待转发传输数据明文。为了实现待转发传输数据明文的加密处理,其中加密密钥就是一个关键性因素。密钥的确定是通过密钥生成函数根据安全性能指标λ(依赖于明文数据的长度、密文的数据长度等)来生成加密密钥K和解密密钥k。If the user (sender) directly transmits the plaintext of the data to be forwarded to the forwarding server, the probability of the plaintext of the data to be forwarded being maliciously attacked is very high. In order to ensure that the plaintext of the data to be forwarded is transmitted to the forwarding server before being forwarded The data plaintext of is no longer the original plaintext of data to be forwarded, but the "modified" plaintext of data to be forwarded. In order to realize the encryption processing of the plaintext of the data to be forwarded, the encryption key is a key factor. The determination of the key is to generate the encryption key K and the decryption key k according to the security performance index λ (depending on the length of the plaintext data, the data length of the ciphertext, etc.) through the key generation function.
具体实施时,步骤S3包括:During specific implementation, step S3 includes:
S301、服务器接收密文数据c 1并发送反馈信息至发送端; S301: The server receives the ciphertext data c 1 and sends feedback information to the sending end;
S302、服务器基于评估函数Evaluate(K,∏,c 1)=c 2将密文数据c 1进行同态加密得到密文数据c 2,∏表示评估函数的二进制电路。 S302, the homomorphic encryption server based on the evaluation function Evaluate (K, Π, c 1 ) = c 2 c 1 to the ciphertext data to obtain the ciphertext data c 2, Π represents the binary circuit evaluation function.
将待传输转发的密文数据c 1通过信道传输给转发服务器,然后转发服务器接收到密文数据c 1后,利用评估函数对接收到的密文数据c 1进行同态加密,得到密文数据c 2。此时,用户(发送方)的待转发传输的数据明文M的安全性就已经很高了(有两层加密函数保护),并且密文数据c 2的大小(密文数据c 2的位数)也是非常紧凑的,密文数据c 2的存储空间得到高效利用。 The ciphertext data c 1 to be transmitted and forwarded is transmitted to the forwarding server through the channel, and then after the forwarding server receives the ciphertext data c 1 , it uses the evaluation function to homomorphically encrypt the received ciphertext data c 1 to obtain the ciphertext data c 2 . In this case, the user (sender) to be forwarded to the security of data transmission plaintext M on the already high (there are two encryption function is protected), and the size of the ciphertext data c 2 (the number of bits of the ciphertext data c 2 ) Is also very compact, and the storage space of the ciphertext data c 2 is efficiently used.
具体实施时,步骤S5包括:During specific implementation, step S5 includes:
S501、基于解密秘钥k及解密函数Decrypt(k,c 2)=c 1进行解密得到密文数据c 1S501: Perform decryption based on the decryption key k and the decryption function Decrypt(k, c 2 )=c 1 to obtain ciphertext data c 1 .
具体实施时,当解密得到密文数据c 1后,发送正确解密反馈信息至服务器,否则,发送错误解密信息至服务器。 In specific implementation, after the ciphertext data c 1 is obtained by decryption, the correct decryption feedback information is sent to the server; otherwise, the incorrect decryption information is sent to the server.
能否正确解密的判断条件是:接收到的密文不对,会直接解密失败。原由是,接收端利用密钥生成函数生成的解密密钥解密接收到的密文数据c 2,若是不能正确解密,即代表 密文不对。因为转发服务器加密密文数据c 1的加密方式是在密文的基础上进行的加密,利用的技术是同态加密函数,这是一个具有单向性的困难函数,简单来说,就是加密数据执行快,但在没有对应解密密钥的情况下,解密操作是无法实现的。 The judgment condition for correct decryption is: if the received ciphertext is incorrect, the decryption will fail directly. The reason is that the receiving end uses the decryption key generated by the key generation function to decrypt the received ciphertext data c 2. If it cannot be decrypted correctly, it means that the ciphertext is incorrect. Because the encryption method of the forwarding server encrypts the ciphertext data c 1 is encryption on the basis of the ciphertext, the technology used is the homomorphic encryption function, which is a one-way difficult function, in simple terms, it is encrypted data The execution is fast, but the decryption operation cannot be achieved without the corresponding decryption key.
转发服务器将通过评估函数加密后的密文数据c 2,通过信道传输给接收方用户。接收方利用密钥生成函数生成的解密密钥对接收到的密文数据c 2进行解密操作,如果密文数据c 2未受到攻击者的恶意篡改,那么接收方用户就可以正常进行解密,否则不能进行解密操作。由于待转发传输的数据明文是利用加密函数进行加密得到密文数据c 1,而密文数据c 2是利用转发服务器的评估函数对密文数据c 1进行再次加密得到的。因此,想要正确地解密出待传输转发的数据明文M,则必须要求接收方接收到的密文数据是完整的。此时,可以通过接收方能否实现解密来验证密文数据c 2的完整性。简化了验证消息的过程,本方案实现是具有可操作性的。 The forwarding server transmits the ciphertext data c 2 encrypted by the evaluation function to the receiving user through the channel. The receiver uses the decryption key generated by the key generation function to decrypt the received ciphertext data c 2. If the ciphertext data c 2 is not maliciously tampered with by the attacker, the receiver user can decrypt normally, otherwise The decryption operation cannot be performed. Since the plaintext of the data to be forwarded and transmitted is encrypted using an encryption function to obtain the ciphertext data c 1 , and the ciphertext data c 2 is obtained by re-encrypting the ciphertext data c 1 using the evaluation function of the forwarding server. Therefore, in order to correctly decrypt the plaintext M of the data to be transmitted and forwarded, the ciphertext data received by the receiver must be required to be complete. At this time, the integrity of the ciphertext data c 2 can be verified by whether the receiver can achieve decryption. The process of verifying messages is simplified, and the implementation of this solution is operability.
具体实施时,对于任意M=(m 1,m 2,…,m t)∈{0,1} t In specific implementation, for any M=(m 1 ,m 2 ,...,m t )∈{0,1} t
Pr[Decrypt(k,c 1):(K,k)←KeyGen(1 λ,1 τ),c 1←Encrypt(K,M)]=1; Pr[Decrypt(k,c 1 ): (K,k)←KeyGen(1 λ ,1 τ ),c 1 ←Encrypt(K,M)]=1;
对于每一二进制电路∏,∏∈c τ,c τ表示以功能参数τ为二叉树的最大深度,组成的所有可能的计算组合构成的二叉树的集合; For each binary circuit ∏, ∏∈c τ , c τ represents the set of binary trees composed of all possible calculation combinations with the function parameter τ as the maximum depth of the binary tree;
Figure PCTCN2020124396-appb-000002
Figure PCTCN2020124396-appb-000002
对于本发明中使用的同态加密方案,还需要考虑其正确性和语义安全。如果这两个条件同时成立,则该方案是安全、可靠的,具有较好的可操作性。For the homomorphic encryption scheme used in the present invention, it is also necessary to consider its correctness and semantic security. If these two conditions are met at the same time, the scheme is safe, reliable, and has good operability.
同态加密方案的语义安全:只保证密文数据不能进行区分。简单来说,恶意攻击者收到密文数据时,无法判断到底是由0加密得到的还是由1加密得到的。比较形式化的表述为:The semantic security of the homomorphic encryption scheme: only ciphertext data can not be distinguished. Simply put, when a malicious attacker receives ciphertext data, it is impossible to determine whether it is obtained by 0 encryption or 1 encryption. The more formalized expression is:
同态加密方案ε=(KeyGen,Encrypt,Evaluate,Decrypt)对于攻击者A,A在方案中的优势概率为
Figure PCTCN2020124396-appb-000003
Homomorphic encryption scheme ε = (KeyGen, Encrypt, Evaluate, Decrypt) For attacker A, the probability of A's advantage in the scheme is
Figure PCTCN2020124396-appb-000003
从上式可以看出,容易知道数据被攻击者攻击的优势概率是可忽略的,从而该方案ε在语义上是安全的。It can be seen from the above formula that it is easy to know that the advantage probability of data being attacked by an attacker is negligible, so the scheme ε is semantically safe.
综上所述,本发明与现有技术相比,利用同态加密方案,对数据明文进行两次加密, 有效地保障了数据明文M的保密性;在传输数据时,利用转发服务器进行传输路径混淆,以实现数据真实接收者的隐匿性;通过判断真实接收者能否利用解密密钥解密密文c 2,进行数据的完整性检验,有效地提高了数据完整性验证的效率。 In summary, compared with the prior art, the present invention uses a homomorphic encryption scheme to encrypt the data plaintext twice, which effectively guarantees the confidentiality of the data plaintext M; when transmitting data, the forwarding server is used for the transmission path. Obfuscation to realize the concealment of the real recipient of the data; by judging whether the real recipient can use the decryption key to decrypt the ciphertext c 2 , the integrity of the data is checked, which effectively improves the efficiency of data integrity verification.
最后说明的是,以上实施例仅用以说明本发明的技术方案而非限制,尽管通过参照本发明的优选实施例已经对本发明进行了描述,但本领域的普通技术人员应当理解,可以在形式上和细节上对其作出各种各样的改变,而不偏离所附权利要求书所限定的本发明的精神和范围。Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of the present invention and not to limit it. Although the present invention has been described with reference to the preferred embodiments of the present invention, those of ordinary skill in the art should understand that the Various changes are made to the above and details without departing from the spirit and scope of the present invention defined by the appended claims.

Claims (6)

  1. 一种基于同态加密方案的代理型匿名通信方法,其特征在于,包括:A proxy anonymous communication method based on a homomorphic encryption scheme, which is characterized in that it includes:
    S1、发送端将目标数据进行原始加密得到密文数据c 1S1. The sender performs original encryption on the target data to obtain ciphertext data c 1 ;
    S2、发送端将密文数据c 1发送至服务器; S2. The sending end sends the ciphertext data c 1 to the server;
    S3、服务器将密文数据c 1进行同态加密得到密文数据c 2S3. The server homomorphically encrypts the ciphertext data c 1 to obtain the ciphertext data c 2 ;
    S4、服务器将密文数据c 2发送至接收端; S4. The server sends the ciphertext data c 2 to the receiving end;
    S5、接收端对密文数据c 2进行解密得到密文数据c 1S5. The receiving end decrypts the ciphertext data c 2 to obtain the ciphertext data c 1 .
  2. 如权利要求1所述的基于同态加密方案的代理型匿名通信方法,其特征在于,步骤S1包括:The proxy anonymous communication method based on a homomorphic encryption scheme according to claim 1, wherein step S1 comprises:
    S101、发送端获取目标数据M,M=(m 1,m 2,…,m t)∈{0,1} t,t表示目标数据利用二进制进行转化后的字符串的位数; S101. The sending end obtains target data M, M=(m 1 ,m 2 ,...,m t )∈{0,1} t , where t represents the number of bits of the character string converted by binary of the target data;
    S102、基于目标数据重要程度分配对应的安全性能指标λ,设置功能参数τ;S102. Assign a corresponding safety performance index λ based on the importance of the target data, and set a function parameter τ;
    S103、基于密钥生成函数KeyGen(1 λ,1 τ); S103. Based on the key generation function KeyGen(1 λ , 1 τ );
    S104、生成加密密钥K和解密秘钥k;S104. Generate an encryption key K and a decryption key k;
    S105、基于加密密钥K及单向加密函数Encrypt(K,M)=c 1将目标数据进行原始加密得到密文数据c 1S105: Perform original encryption on the target data based on the encryption key K and the one-way encryption function Encrypt(K, M)=c 1 to obtain ciphertext data c 1 .
  3. 如权利要求2所述的基于同态加密方案的代理型匿名通信方法,其特征在于,步骤S3包括:The proxy anonymous communication method based on a homomorphic encryption scheme according to claim 2, wherein step S3 comprises:
    S301、服务器接收密文数据c 1并发送反馈信息至发送端; S301: The server receives the ciphertext data c 1 and sends feedback information to the sending end;
    S302、服务器基于评估函数Evaluate(K,∏,c 1)=c 2将密文数据c 1进行同态加密得到密文数据c 2,∏表示评估函数的二进制电路。 S302, the homomorphic encryption server based on the evaluation function Evaluate (K, Π, c 1 ) = c 2 c 1 to the ciphertext data to obtain the ciphertext data c 2, Π represents the binary circuit evaluation function.
  4. 如权利要求3所述的基于同态加密方案的代理型匿名通信方法,其特征在于,步骤S5包括:The proxy anonymous communication method based on a homomorphic encryption scheme according to claim 3, wherein step S5 comprises:
    S501、基于解密秘钥k及解密函数Decrypt(k,c 2)=c 1进行解密得到密文数据c 1S501: Perform decryption based on the decryption key k and the decryption function Decrypt(k, c 2 )=c 1 to obtain ciphertext data c 1 .
  5. 如权利要求4所述的基于同态加密方案的代理型匿名通信方法,其特征在于,当解密得到密文数据c 1后,发送正确解密反馈信息至服务器,否则,发送错误解密信息至服务器。 The proxy anonymous communication method based on a homomorphic encryption scheme according to claim 4, characterized in that after the ciphertext data c 1 is obtained by decryption, correct decryption feedback information is sent to the server, otherwise, error decryption information is sent to the server.
  6. 如权利要求1-5任一项所述的基于同态加密方案的代理型匿名通信方法,其特征在于,The proxy anonymous communication method based on a homomorphic encryption scheme according to any one of claims 1 to 5, characterized in that,
    对于任意M=(m 1,m 2,…,m t)∈{0,1} t For any M=(m 1 ,m 2 ,…,m t )∈{0,1} t
    Pr[Decrypt(k,c 1):(K,k)←KeyGen(1 λ,1 τ),c 1←Encrypt(K,M)]=1; Pr[Decrypt(k,c 1 ): (K,k)←KeyGen(1 λ ,1 τ ),c 1 ←Encrypt(K,M)]=1;
    对于每一二进制电路∏,∏∈c τ,c τ表示以功能参数τ为二叉树的最大深度,组成的所有可能的计算组合构成的二叉树的集合。 For each binary circuit ∏, ∏∈c τ , c τ represents the set of binary trees composed of all possible calculation combinations with the function parameter τ as the maximum depth of the binary tree.
    Figure PCTCN2020124396-appb-100001
    Figure PCTCN2020124396-appb-100001
PCT/CN2020/124396 2019-12-03 2020-10-28 Proxy anonymous communication method based on homomorphic encryption scheme WO2021109756A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201911222790.7A CN110891066B (en) 2019-12-03 2019-12-03 Proxy anonymous communication method based on homomorphic encryption scheme
CN201911222790.7 2019-12-03

Publications (1)

Publication Number Publication Date
WO2021109756A1 true WO2021109756A1 (en) 2021-06-10

Family

ID=69750212

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/124396 WO2021109756A1 (en) 2019-12-03 2020-10-28 Proxy anonymous communication method based on homomorphic encryption scheme

Country Status (2)

Country Link
CN (1) CN110891066B (en)
WO (1) WO2021109756A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113746863A (en) * 2021-09-14 2021-12-03 福韵数据服务有限公司 Data collection anti-tracking method in information investigation
CN113852955A (en) * 2021-09-23 2021-12-28 北京邮电大学 Method for secure data transmission and legal node authentication in wireless sensing network
CN116743461A (en) * 2023-06-15 2023-09-12 上海银满仓数字科技有限公司 Commodity data encryption method and device based on time stamp
CN117574435A (en) * 2024-01-12 2024-02-20 云阵(杭州)互联网技术有限公司 Multi-keyword trace query method, device and system based on homomorphic encryption

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110891066B (en) * 2019-12-03 2022-03-01 重庆交通大学 Proxy anonymous communication method based on homomorphic encryption scheme
CN111817843A (en) * 2020-07-27 2020-10-23 山东体育学院 Program code encryption method and system based on homomorphic encryption algorithm
US11902424B2 (en) * 2020-11-20 2024-02-13 International Business Machines Corporation Secure re-encryption of homomorphically encrypted data
CN112685760A (en) * 2021-01-08 2021-04-20 浙江泰科数联信息技术有限公司 Financial data privacy processing and sharing method capable of authorizing on block chain
CN114785421B (en) * 2022-04-24 2024-04-26 矩阵时光数字科技有限公司 IM offline message processing method based on quantum encryption
CN115102776A (en) * 2022-07-04 2022-09-23 北京创安恒宇科技有限公司 Data security communication system based on Internet of things

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106533650A (en) * 2016-11-17 2017-03-22 浙江工商大学 Cloud-oriented interactive privacy protection method and system
CN107294698A (en) * 2017-07-25 2017-10-24 西安电子科技大学 The full homomorphic cryptography method that single ciphertext homomorphism is calculated
US20180351734A1 (en) * 2015-05-05 2018-12-06 Quantumctek Co., Ltd Cloud storage method and system
CN110516464A (en) * 2019-09-02 2019-11-29 深圳市网心科技有限公司 Data guard method and relevant device based on neural computing
CN110891066A (en) * 2019-12-03 2020-03-17 重庆交通大学 Proxy anonymous communication method based on homomorphic encryption scheme

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104408177B (en) * 2014-12-15 2017-08-25 西安电子科技大学 Cipher text retrieval method based on cloud document system
CN104580205B (en) * 2015-01-05 2018-05-18 南京邮电大学 Fixation ciphertext length proxy re-encryption system and method based on CP-ABE in a kind of cloud computing
CN104780179B (en) * 2015-05-07 2017-10-24 浙江工商大学 A kind of key policy attribute encryption method of hiding attribute
CN106452765A (en) * 2016-12-16 2017-02-22 中国科学院深圳先进技术研究院 Hardware Trojan defense method and device based on fully homomorphic encryption algorithm
US10778424B2 (en) * 2017-02-27 2020-09-15 Cord3 Innovation Inc. Symmetric cryptographic method and system and applications thereof
CN107154845B (en) * 2017-04-11 2020-08-11 中国人民武装警察部队工程大学 BGN type ciphertext decryption outsourcing scheme based on attributes
CN108183791B (en) * 2017-12-11 2020-06-26 北京航空航天大学 Intelligent terminal data security processing method and system applied to cloud environment
CN109962778A (en) * 2019-03-21 2019-07-02 西北工业大学 Multi-party homomorphic cryptography method based on integer

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180351734A1 (en) * 2015-05-05 2018-12-06 Quantumctek Co., Ltd Cloud storage method and system
CN106533650A (en) * 2016-11-17 2017-03-22 浙江工商大学 Cloud-oriented interactive privacy protection method and system
CN107294698A (en) * 2017-07-25 2017-10-24 西安电子科技大学 The full homomorphic cryptography method that single ciphertext homomorphism is calculated
CN110516464A (en) * 2019-09-02 2019-11-29 深圳市网心科技有限公司 Data guard method and relevant device based on neural computing
CN110891066A (en) * 2019-12-03 2020-03-17 重庆交通大学 Proxy anonymous communication method based on homomorphic encryption scheme

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
HUANG, LIU-SHENG ET AL.: "Preserving Privacy in Big Data: A Survey from the Cryptographic Perspective", JOURNAL OF SOFTWARE, vol. 26, no. 4, 2 February 2015 (2015-02-02), pages 945 - 959, XP055819213 *

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113746863A (en) * 2021-09-14 2021-12-03 福韵数据服务有限公司 Data collection anti-tracking method in information investigation
CN113852955A (en) * 2021-09-23 2021-12-28 北京邮电大学 Method for secure data transmission and legal node authentication in wireless sensing network
CN113852955B (en) * 2021-09-23 2024-04-05 北京邮电大学 Method for secure data transmission and legal node authentication in wireless sensing network
CN116743461A (en) * 2023-06-15 2023-09-12 上海银满仓数字科技有限公司 Commodity data encryption method and device based on time stamp
CN116743461B (en) * 2023-06-15 2023-12-22 上海银满仓数字科技有限公司 Commodity data encryption method and device based on time stamp
CN117574435A (en) * 2024-01-12 2024-02-20 云阵(杭州)互联网技术有限公司 Multi-keyword trace query method, device and system based on homomorphic encryption
CN117574435B (en) * 2024-01-12 2024-04-23 云阵(杭州)互联网技术有限公司 Multi-keyword trace query method, device and system based on homomorphic encryption

Also Published As

Publication number Publication date
CN110891066A (en) 2020-03-17
CN110891066B (en) 2022-03-01

Similar Documents

Publication Publication Date Title
WO2021109756A1 (en) Proxy anonymous communication method based on homomorphic encryption scheme
Hafiz A pattern language for developing privacy enhancing technologies
Tian et al. A survey of key technologies for constructing network covert channel
CN102780698A (en) User terminal safety communication method in platform of Internet of Things
Chen et al. Blockchain meets covert communication: A survey
Saxena et al. Efficient signature scheme for delivering authentic control commands in the smart grid
Zhang et al. A Novel Privacy‐Preserving Authentication Protocol Using Bilinear Pairings for the VANET Environment
Diovu et al. Enhancing the security of a cloud‐based smart grid AMI network by leveraging on the features of quantum key distribution
Olakanmi et al. A certificateless keyword searchable encryption scheme in multi‐user setting for fog‐enhanced Industrial Internet of Things
CN106603539B (en) Anti-desynchronization lightweight RFID bidirectional authentication method based on time factor
CN110572392A (en) Identity authentication method based on HyperLegger network
AlJabri et al. [Retracted] A Comprehensive Review of Lightweight Authenticated Encryption for IoT Devices
Ghali et al. (The futility of) data privacy in content-centric networking
Chatzigeorgiou et al. A communication gateway architecture for ensuring privacy and confidentiality in incident reporting
Barenghi et al. Snake: An end-to-end encrypted online social network
Wu et al. Efficient authentication for Internet of Things devices in information management systems
Kita et al. Producer anonymity based on onion routing in named data networking
Ma et al. Edge computing assisted an efficient privacy protection layered data aggregation scheme for IIoT
Ren et al. Toward efficient and secure deep packet inspection for outsourced middlebox
Peng et al. On the security of fully homomorphic encryption for data privacy in Internet of Things
Schulz et al. d 2 Deleting Diaspora: Practical attacks for profile discovery and deletion
KR102400260B1 (en) In-vehicle communication system based on edge computing using attribute-based access control and method thereof
CN115150076A (en) Encryption system and method based on quantum random number
Fu et al. A covert data transport protocol
Zhang et al. Towards Time‐Sensitive and Verifiable Data Aggregation for Mobile Crowdsensing

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20895338

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20895338

Country of ref document: EP

Kind code of ref document: A1