基于SEAL的虹膜特征密文认证系统

doi:10.3969/j.issn.1671-1122.2018.12.003

信息网络安全 ›› 2018, Vol. 18 ›› Issue (12): 15-22.doi: 10.3969/j.issn.1671-1122.2018.12.003

基于SEAL的虹膜特征密文认证系统

宋新霞^1,², 马佳敏², 陈智罡^1,²(), 陈克非³

1.中国科学院信息工程研究所信息安全国家重点实验室,北京 100093
2.浙江万里学院,浙江宁波 315100
3.杭州师范大学理学院,浙江杭州 311121

收稿日期:2018-08-15 出版日期:2018-12-20 发布日期:2020-05-11
作者简介:
作者简介:宋新霞（1973—）,女,陕西,副教授,硕士,主要研究方向为代数密码;马佳敏（1994—）,男,江苏,硕士研究生,主要研究方向为全同态加密与区块链;陈智罡（1972—）,男,四川,教授,博士研究生,主要研究方向为全同态加密、格公钥密码学;陈克非（1959—）,男,四川,教授,博士,主要研究方向为密码理论与应用。
基金资助:
国家重点研发计划[2017YFB0802000];浙江省自然科学基金 [LY17F020002];宁波市自然科学基金[2017A610120, 2018A610159];浙江省科技厅公益性技术科研项目[2017C33079, LGG18F020001];信息安全国家重点实验室开放课题[2017-MS-18]

Iris Ciphertext Authentication System Based on SEAL

Xinxia SONG^1,², Jiamin MA², Zhigang CHEN^1,²(), Kefei CHEN³

1. State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China
2. Zhejiang Wanli University, Ningbo Zhejiang 315100, China
3. Department of Mathematics, Hangzhou Normal University, Hangzhou Zhejiang 311121, China

Received:2018-08-15 Online:2018-12-20 Published:2020-05-11

摘要/Abstract

摘要：

随着生物识别技术的应用和推广,生物特征对身份认证的影响愈加显著。为了保证用户的隐私,生物特征不能以明文形式进行存储或操作。针对此问题,文章对现有的生物特征认证系统的方案、性能做了分析和总结,采用FV方案构建并设计了一个基于全同态加密的虹膜特征密文认证系统。实现部分借助了微软的SEAL（Simple Encrypted Arithmetic Library）库。整个系统可在不对虹膜特征模板解密的情况下完成虹膜认证,且数据库中保存的是虹膜特征模板的同态密文,所以无需担心虹膜特征模板的泄露。同时该系统无需可信中心进行验证,直接通过一次性MAC认证方法在服务器端完成认证。测试表明,当系统采用海明距离比对算法等计算电路深度不高的虹膜算法时,有着不错的性能,基本满足了真实应用场景的需求。

关键词: 生物特征, 全同态加密, SEAL, 虹膜认证, 一次性MAC认证

Abstract:

With the application and promotion of biometric technology, biometrics has become more and more important to identity authentication. In order to ensure the privacy of the user, the biometrics cannot be stored or manipulated in clear text. Aiming at this problem, this paper analyzes and summarizes the scheme and performance of the existing biometric authentication system, and proposes to construct and design an iris-like ciphertext authentication system based on full homomorphic encryption using FV scheme. SEAL (Simple Encrypted Arithmetic Library) library. The entire system can complete iris authentication without decrypting the iris feature template, and the database stores the homomorphic ciphertext of the iris feature template, so there is no need to worry about the leakage of the iris feature template. At the same time, the system does not require a trusted center for authentication, and the authentication is completed on the server side directly through the one-time MAC authentication method. Tests have shown that when the system adopts an iris algorithm with a low depth of calculation circuit such as the Hamming distance comparison algorithm, it has good performance, which basically meets the requirements of real application scenarios.

Key words: biometrics, fully homomorphic encryption, SEAL, iris authentication, one-time MAC authentication

中图分类号:

TP309

宋新霞, 马佳敏, 陈智罡, 陈克非. 基于SEAL的虹膜特征密文认证系统[J]. 信息网络安全, 2018, 18(12): 15-22.

Xinxia SONG, Jiamin MA, Zhigang CHEN, Kefei CHEN. Iris Ciphertext Authentication System Based on SEAL[J]. Netinfo Security, 2018, 18(12): 15-22.

图/表 10

图1

图2

图3

图4

图5

图6

表1

表2

表3

表4

参考文献 20

[1]	BELGUECHI R, CHERRIER E, ALIMI V, et al.An Overview on Privacy Preserving Biometrics[M]. Recent Application in Biometrics. Croatia: InTech, 2014.
[2]	RATHA N K,CONNELL J H, BOLLE R M.Enhancing Security and Privacy in Biometrics-based Authentication Systems[J]. Ibm Systems Journal, 2001, 40(3): 614-634.
[3]	JUELS A, SUDAN M.A Fuzzy Vault Scheme[J]. Designs Codes & Cryptography, 2006, 38(2): 237-257.
[4]	WATTENBERG M, WATTENBERG M.A Fuzzy Commitment Scheme[C] //ACM. The 6th ACM Conference on Computer and Communications Security, November 1-4,1999, Singapore. New York: ACM, 1999: 28-36.
[5]	BLANTON M, GASTI P.Secure and Efficient Protocols for Iris and Fierprint Identiﬁcation[C] // LNCS.Proc. of the 16thESORICS, September 12-14, 2011, Leuven, Belgium. Berlin: Springer, 2011: 190-209.
[6]	DAMGARD I, GEISLER M, KROIGARD M.Homomorphic Encryption and Secure Comparison[J]. Journal of Applied Cryptography, 2008, 1(1): 22-31.
[7]	KULKARNI R, NAMBOODIRI A.Secure Hamming Distance Based Biometric Authentication[C] // IEEE.International Conference on Biometrics, June 4-7, 2013, Madrid, Spain. New York: IEEE, 2013: 1-6.
[8]	GENTRY, CRAIG.Fully Homomorphic Encryption Using Ideal Lattices[J]. Stoc, 2009 , 9(4) :169-178.
[9]	KARABAT C, KIRAZ M, ERDOGAN H,et al.THRIVE: Threshold Homomorphic Encryption Based Secure and Privacy Preserving Biometric Veriﬁcation System[J]. Eurasip Journal on Advances in Signal Processing, 2015, 2015(1): 1-18.
[10]	SHA-3 Standard: Permutation-based Hash and Extendable-output Functions[S]. Gaithersburg: NIST, 2015.
[11]	FAN J， VERCAUTEREN F. Somewhat Practical Fully Homomorphic Encryption [EB/OL]. .
[12]	CHEN H， LAINE K， PLAYER R. Simple Encrypted Arithmetic Library - SEAL v2.1 [EB/OL]. , 2017-5-18.
[13]	BRAKERSKI Z, GENTRY C, HALEVI S.Packed Ciphertexts in LWE-Based Homomorphic Encryption[M]. Public-Key Cryptography - PKC 2013. Berlin: Springer Berlin Heidelberg, 2013.
[14]	SMART N P, VERCAUTEREN F.Fully Homomorphic SIMD Operations[J]. Designs, Codes and Cryptography, 2014, 71(1): 57-81.
[15]	DENG Jing, XU Chunxiang, YANG Haomiao.A Secure Computation Scheme of Inner Product Based on Fully Homomorphic Encryption[J].Journal of University of Electronic Science and Technology of China, 2016, 45(5): 808-811.
	邓江,许春香,杨浩淼. 一种全同态加密的安全内积计算方案[J]. 电子科技大学学报,2016,45(5):808-811.
[16]	THAVALENGAL S,BIGIOI P, CORCORAN P.Iris Authentication in Handheld Devices - Considerations for Constraint-free Acquisition[J]. IEEE Transactions on Consumer Electronics, 2015, 61(2): 245-253.
[17]	C. A. of Science-Institute of Automation. CASIA Iris Database [EB/OL]. .
[18]	MASEK L, KOVESI P. MATLAB Source Code for A Biometric Identiﬁcation System Based on Iris Patterns [EB/OL]. .
[19]	TIAN Qichuan, LIU Zhengguang.Survey of Iris Recognition[J]. Application Research of Computers, 2008, 25(5): 1295-1300.
	田启川,刘正光. 虹膜识别综述[J]. 计算机应用研究,2008,25(5):1295-1300.
[20]	ALBRECHT M R.On Dual Lattice Attacks Against Small-secret LWE and Parameter Choices in HElib and SEAL[C] // IACR. International Conference on the Theory and Applications of Cryptographic Techniques, April 30 - May 4, 2017, Paris, France. Berlin: Springer, 2017: 103-129.
	(2)

分段	n	log₂q最小值
16	128	64
8	256	65
4	512	65
2	1024	67
1	2048	68

安全等级/位	n	(log₂q)_max
80	1024	47.5
80	2048	95.4
80	4096	192
80	8192	392.1
80	16384	799.6

操作	测试1	测试2	测试3
虹膜模板打包	13.3	12.3	12.2
加密虹膜模板	105.5	107.2	104.5
总计	1047.2	985.4	1000.8

操作	测试1	测试2	测试3
一次平方	275.7	292.1	285.4
一次减法	2.8	3.0	2.9
ct_T = ct_d× r₀ + r₁	194.3	202.7	188.9
解密(ct_d, ct_T)	245.1	273.5	231.6
总计	2446.5	2544.8	2439.1

基于SEAL的虹膜特征密文认证系统

Iris Ciphertext Authentication System Based on SEAL

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 10

参考文献 20

相关文章 13

编辑推荐

Metrics

本文评价

[1]	张富友, 王琼霄, 宋利. 基于生物特征识别的统一身份认证系统研究[J]. 信息网络安全, 2019, 19(9): 86-90.
[2]	亢保元, 颉明明, 司林. 基于生物识别技术的多云服务器认证方案研究[J]. 信息网络安全, 2019, 19(6): 45-52.
[3]	刘文超, 潘峰, 杨晓元, 周潭平. 基于GPU的全同态加密软件库调试与分析[J]. 信息网络安全, 2019, 19(6): 76-83.
[4]	游林, 梁家豪. 基于同态加密与生物特征的安全身份认证研究[J]. 信息网络安全, 2018, 0(4): 1-8.
[5]	王嵘冰, 李雅囡, 徐红艳, 冯勇. 适合云服务环境的实数全同态加密方案[J]. 信息网络安全, 2018, 18(11): 49-56.
[6]	李增鹏, 马春光, 张磊, 张雯雯. 两类基于容错学习的多比特格公钥加密方案[J]. 信息网络安全, 2017, 17(10): 1-7.
[7]	李增鹏, 邹岩, 张磊, 马春光. 一种基于全同态加密的智能电网数据交换隐私保护方案[J]. 信息网络安全, 2016, 16(3): 1-7.
[8]	王志刚, 马春光, 史晓倩. 基于Binary LWE的全同态加密方案研究[J]. 信息网络安全, 2015, 15(7): 41-50.
[9]	吕海峰, 丁勇, 代洪艳, 李新国. LWE上的全同态加密方案研究[J]. 信息网络安全, 2015, 15(1): 32-38.
[10]	王毓娜, 吕秋云. 基于生物识别的网络身份认证新方案[J]. 信息网络安全, 2014, 14(8): 1-5.
[11]	. 可计算密文加密体制研究[J]. , 2014, 14(5): 78-.
[12]	吴旭东. 云计算数据安全研究[J]. , 2011, 11(9): 0-0.
[13]	张芙蓉. 结合生物特征识别技术的音频水印算法研究[J]. , 2011, 11(8): 0-0.