云环境下基于多密钥全同态加密的定向解密协议设计

doi:10.3969/j.issn.1671-1122.2020.06.002

信息网络安全 ›› 2020, Vol. 20 ›› Issue (6): 10-16.doi: 10.3969/j.issn.1671-1122.2020.06.002

云环境下基于多密钥全同态加密的定向解密协议设计

李宁波¹^,², 周昊楠¹^,², 车小亮¹^,²(), 杨晓元¹^,²

1.网络与信息安全武警部队重点实验室,西安 710086
2.武警工程大学,西安 710086

收稿日期:2019-11-15 出版日期:2020-06-10 发布日期:2020-10-21
通讯作者: 车小亮 E-mail:372726936@qq.com
作者简介:李宁波（1992—）,男,河南,博士研究生,主要研究方向为多密钥全同态加密|周昊楠（1992—）,男,黑龙江,硕士研究生,主要研究方向为基于格的全同态加密|车小亮（1987—）,男,安徽,博士研究生,主要研究方向为全同态加密|杨晓元（1959—）,男,陕西,教授,硕士,主要研究方向为信息安全
基金资助:
国家重点研发计划(2017YFB0802000);国家自然科学基金(U1636114);陕西省自然科学基金(2018JM6028)

Design of Directional Decryption Protocol Based on Multi-key Fully Homomorphic Encryption in Cloud Environment

LI Ningbo¹^,², ZHOU Haonan¹^,², CHE Xiaoliang¹^,²(), YANG Xiaoyuan¹^,²

1. Key Laboratory of Network & Information Security under the People’s Armed Police, Xi’an 710086, China
2. Engineering University of People's Armed Police, Xi’an 710086, China

Received:2019-11-15 Online:2020-06-10 Published:2020-10-21
Contact: CHE Xiaoliang E-mail:372726936@qq.com

摘要/Abstract

摘要：

如何在不泄露个人隐私的前提下,对多用户的隐私数据进行分析处理,是当前云环境下迫切需要解决的问题。多密钥全同态加密（Multi-key Fully Homomorphic Encryption,MKFHE）支持对不同用户（密钥）的密文数据进行分析处理,处理后的结果可由所有参与计算的用户联合解密,是实现云环境下多用户数据间安全分析与隐私保护的有力工具。当前主流的MKFHE在联合解密的过程中,通常需要利用安全多方计算中的相关技术,如OT（不经意传输）协议等,来保证广播过程的安全,从而使得解密过程较为复杂。与此同时,解密结果不具备可控性,即对于合法用户而言最终解密的场景并不适用。为了解决这一问题,文章设计实现了基于GSW型MKFHE的定向解密协议,协议底层的全同态加密方案基于误差学习问题（Learning with Errors,LWE）,其安全性可以规约到标准模型下理想格的困难问题。该协议能够允许任意合法用户来执行最终的解密过程,相较于GSW型MKFHE方案MW16的解密过程,该解密协议增强了数据拥有者对于密文结果的可控性,且不需要使用安全多方计算中的相关技术,降低了解密过程的交互次数和复杂性,提高了解密过程效率,具有良好的应用前景。

关键词: 多密钥全同态加密, 隐私保护, 定向解密

Abstract:

How to analyze and process the privacy data of multiple users in the cloud environment without leaking personal privacy is an urgent problem to be solved. Multi-key fully homomorphic encryption (MKFHE) supports computations on encrypted data under different public keys (users), and the result ciphertext can be jointly decrypted by all involved users, which can be used to realize secure data process and privacy protection between different users in cloud environment. During the process of joint decryption, current MKFHE schemes usually need relevant techniques in secure multi-party computing (MPC), such as oblivious transfer (OT) protocol, to ensure the security of the ciphertexts broadcast process, thus making the decryption process complicated. Beyond that, the final decryption result is not controllable, which is not suitable for the scenario that we need the specified legitimate users to get the final result. In order to solve this problem, this paper designs a directional decryption protocol based on MKFHE,and protocol’s security is based on LWE (learning with errors) problem, which can be reduced to the worst-case hardness of problems on ideal lattices. Comparing to the decrypting process in MKFHE scheme MW16, the directional decryption protocol in this paper allows any legitimate user to perform the final decryption process, thus enhance the controllability of decryption result for the data owner. Moreover, the relevant techniques of MPC are not needed in our protocol, which reduces the complexity of the decryption process, and is promising for future applications.

Key words: multi-key fully homomorphic encryption, privacy protection, directional decryption

中图分类号:

TP309

李宁波, 周昊楠, 车小亮, 杨晓元. 云环境下基于多密钥全同态加密的定向解密协议设计[J]. 信息网络安全, 2020, 20(6): 10-16.

LI Ningbo, ZHOU Haonan, CHE Xiaoliang, YANG Xiaoyuan. Design of Directional Decryption Protocol Based on Multi-key Fully Homomorphic Encryption in Cloud Environment[J]. Netinfo Security, 2020, 20(6): 10-16.

图/表 1

参考文献 17

[1]	RISTENPART T, TROMER E, SHACHAM H, et al. Hey, You, Get off of My Cloud: Exploring Information Leakage in Third-Party Compute Clouds [C]//ACM. ACM Conference on Computer and Communications Security, November 9-13, 2009. Chicago, IL, USA. NY: ACM, 2009: 199-212.
[2]	FENG Dengguo, ZHANG Min, ZHANG Yan. Study on Cloud Computing Security[J]. Journal of Software, 2011,22(1):71-83.
	冯登国, 张敏, 张妍, 等. 云计算安全研究[J]. 软件学报, 2011,22(1):71-83.
[3]	TANG Dianhua, ZHU Shixiong, WANG Lin, et al. Fully Homomorphic Encryption Scheme from RLWE[J]. Journal on Communications, 2014,1(1):173-182.
	汤殿华, 祝世雄, 王林, 等. 基于RLWE的全同态加密方案[J]. 通信学报, 2014,1(1):173-182.
[4]	RIVEST R L, ADLEMAN L, DERTOUZOS M L. On Data Banks and Privacy Homomorphisms[J]. Foundations of Secure Computation, 1978,4(11):169-180.
[5]	ZHOU Tanping. The Construction and Application of Fully Homomorphic Encryption[D]. Xi’an: Engineering University of People's Armed Police, 2018.
	周潭平. 全同态加密的构造与应用[D]. 西安:武警工程大学, 2018.
[6]	CHEN Zhigang. Research and Design of Fully Homomorphic Encryption Based on Lattice[D]. Nanjing: Nanjing University of Aeronautics and Astronautics, 2015.
	陈智罡. 基于格的全同态加密研究与设计[D]. 南京:南京航空航天大学, 2015.
[7]	LIU Mingjie, WANG An. Fully Homomorphic Encryption and Its Application[J]. Journal of Computer Research and Development, 2014,51(12):2593-2603.
	刘明洁, 王安. 全同态加密研究动态及其应用概述[J]. 计算机研究与发展, 2014,51(12):2593-2603.
[8]	MICCIANCIO D. A First Glimpse of Cryptography's Holy Grail[J]. Communications of the ACM, 2010,53(3):96.
[9]	GENTRY C. Fully Homomorphic Encryption Using Ideal Lattices [C]//ACM. Proceedings of the 41th Annual ACM Symposium on Theory of Computing—STOC 2009, May 31-June 2, 2009. Bethesda, MD, USA. NY: ACM, 2009: 169-178.
[10]	LÓPEZ-ALT A, TROMER E, VAIKUNTANATHAN V. On-the-fly Multiparty Computation on the Cloud via Multikey Fully Homomorphic Encryption [C]//ACM. Proceedings of the forty-fourth annual ACM symposium on Theory of computing, May 19-22, 2012. New York, NY, USA. Berlin Heidelberg: Springer, 2012: 1219-1234.
[11]	CLEAR M and MCGOLDRICK C. Multi-identity and Multi-key Leveled FHE from Learning with Errors [C]//Springer. Advances in Cryptology-CRYPTO 2015, August 16-20, 2015, Santa Barbara, CA, USA. Berlin Heidelberg: Springer, 2015: 630-656.
[12]	MUKHERJEE P, WICHS D. Two Round Multiparty Computation via Multi-key FHE [C]//ACM. Advances in Cryptology-EUROCRYPT 2016, May 8-12, 2016, Vienna, Austria. Berlin Heidelberg: Springer, 2016: 735-763.
[13]	PEIKERT C, SHIEHIAN S. Multi-key FHE from Lwe, Revisited [C]//Springer. Theory of Cryptography-14th International Conference, TCC 2016, October 31-November 3, 2016, Beijing, China. Berlin Heidelberg: Springer, 2016: 217-238.
[14]	BRAKERSKI Z, PERLMAN R. Lattice-Based Fully Dynamic Multi-Key FHE with Short Ciphertexts [C]//Springer. Advances in Cryptology—CRYPTO 2016. August 14-18, 2016, Santa Barbara, CA, USA, Berlin Heidelberg: Springer, 2016: 190-213.
[15]	LIPMAA H. An Oblivious Transfer Protocol with Log-Squared Communication [C]//Springer. International Conference on Information Security(ISC 2005), September 20-23, 2005. Singapore. Berlin, Heidelberg: Springer, 2005: 314-328.
[16]	GENTRY C, SAHAI A, WATERS B. Homomorphic Encryption from Learning with Errors: Conceptually-Simpler, Asymptotically-Faster, Attribute-Based [C]//Springer. Advances in Cryptology-CRYPTO 2013, August 18-22, Santa Barbara, California, USA. Berlin Heidelberg: Springer, 2013: 75-92.
[17]	BRAKERSKI Z. Fully Homomorphic Encryption without Modulus Switching from Classical GapSVP [C]//Springer. Advances in Cryptology—CRYPTO 2012, August 19-23, 2012, California, USA, Berlin Heidelberg: Springer, 2012: 868-886.

	密文结果可控性	解密过程的复杂性	交互次数
MW16 解密协议	不具备	需要利用安全多方计算技术,较为复杂	多次交互
本文定向解密协议	具备	无需安全多方计算技术,解密简单	仅需一次

云环境下基于多密钥全同态加密的定向解密协议设计

Design of Directional Decryption Protocol Based on Multi-key Fully Homomorphic Encryption in Cloud Environment

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 1

参考文献 17

相关文章 15

编辑推荐

Metrics

本文评价

[1]	汪金苗, 谢永恒, 王国威, 李易庭. 基于属性基加密的区块链隐私保护与访问控制方法[J]. 信息网络安全, 2020, 20(9): 47-51.
[2]	张佳程, 彭佳, 王雷. 大数据环境下的本地差分隐私图信息收集方法[J]. 信息网络安全, 2020, 20(6): 44-56.
[3]	唐春明, 林旭慧. 隐私保护集合交集计算协议[J]. 信息网络安全, 2020, 20(1): 9-15.
[4]	汪金苗, 王国威, 王梅, 朱瑞瑾. 面向雾计算的隐私保护与访问控制方法[J]. 信息网络安全, 2019, 19(9): 41-45.
[5]	郝文江, 林云. 互联网企业社会责任现状与启示研究[J]. 信息网络安全, 2019, 19(9): 130-133.
[6]	周权, 许舒美, 杨宁滨. 一种基于ABGS的智能电网隐私保护方案[J]. 信息网络安全, 2019, 19(7): 25-30.
[7]	李怡霖, 闫峥, 谢皓萌. 车载自组织网络的隐私保护综述[J]. 信息网络安全, 2019, 19(4): 63-72.
[8]	傅彦铭, 李振铎. 基于拉普拉斯机制的差分隐私保护k-means++聚类算法研究[J]. 信息网络安全, 2019, 19(2): 43-52.
[9]	赵志岩, 吴剑, 康凯. 一种兼顾业务数据安全的隐私保护世系发布方法[J]. 信息网络安全, 2019, 19(12): 29-37.
[10]	胡荣磊, 何艳琼, 曾萍, 范晓红. 一种大数据环境下医疗隐私保护方案设计与实现[J]. 信息网络安全, 2018, 18(9): 48-54.
[11]	李佩丽, 徐海霞, 马添军, 穆永恒. 区块链技术在网络互助中的应用及用户隐私保护[J]. 信息网络安全, 2018, 18(9): 60-65.
[12]	马蓉, 陈秀华, 刘慧, 熊金波. 移动群智感知中用户隐私度量与隐私保护研究[J]. 信息网络安全, 2018, 18(8): 64-72.
[13]	赖成喆, 王文娟. 面向车队的安全且具备隐私保护的移动性管理框架[J]. 信息网络安全, 2018, 18(7): 36-46.
[14]	王乐, 杨哲荣, 刘容京, 王祥. 基于属性加密算法的可穿戴设备系统隐私保护方法研究[J]. 信息网络安全, 2018, 18(6): 77-84.
[15]	张磊, 王斌, 于莉莉. 基于马尔可夫预测的连续查询隐私保护方法[J]. 信息网络安全, 2018, 18(5): 12-12.