Efficient data blinding mode
1. An efficient data blinding method, comprising the steps of:
first, public parameter generation:
for a security parameter lambda input by a system, large prime numbers p, q and s with three lambda bits are randomly selected, then a public parameter T is pqs, and a secret key is: (p, q);
secondly, encrypting the plaintext m;
two random numbers r are randomly selected before encryption1,r2;
The plaintext m is encrypted as follows:
C1=mp+r1NmodT;
C2=mq+r2NmodT;
the ciphertext is: c ═ C1,C2) Where N ═ pq, mod is the remainder function;
Thirdly, decrypting the ciphertext C:
when decryption is required, the following operations are performed by using the key (p, q):
①:Cp=C1modp=mmodp;
②:Cq=C2modq=mmodq;
and (3) carrying out inversion calculation on p and q:
③:q-1q=1modp;
④:p-1p=1modq;
the congruence equation (r), (r) and (d) are simultaneously established by using the Chinese remainder theorem, and can be obtained by solving the following steps:
m=q-qqmp+p-1pmqmodN;
mp=mmodp;
mq=mmodq。
Background
A fully homomorphic encryption algorithm refers to an encryption method that has a fully homomorphic nature. The ciphertext generated by the algorithm supports mathematical operation, and the result of the operation based on the ciphertext is the same as the result of the operation based on the plaintext after the result of the operation based on the ciphertext is decrypted. This scheme is part of a fully homomorphic encryption algorithm. The homomorphic encryption is started late, 2009 Gentry provides an ideal lattice-based homomorphic encryption technology, the scheme is theoretically complete, but the scheme is very difficult to implement, the execution efficiency is very low, and the implementation value is not high. Later, Brakerski proposed an LWE-based all homomorphic scheme in 2011, which constructed an all homomorphic scheme without using bootstrap technology, with a very obvious progress. Later, he further proposed a more excellent performance fully homomorphic encryption scheme in 2014. However, this scheme is still inefficient compared to the operation efficiency based on plaintext. Halvei et al in 2010 proposed a practical scheme based on BGN cryptography, whose security is based on the ring-LWE problem, supporting arbitrary number of additions and multiplication. The method supports a larger message space and is a practical scheme, but the practical value of the method is still limited due to the property that only one multiplication operation can be calculated.
The classical fully homomorphic encryption algorithm mainly has the following problems:
1. the efficiency is low: traditional homomorphic encryption is based on a lattice cipher design, has a large number of matrix operations, and is bit-by-bit encrypted. This results in a high complexity of the execution time of the algorithm, which is difficult to be applied in practical engineering.
2. And (3) ciphertext expansion: the ciphertext produced by the homomorphic encryption is a plurality of large matrices, while the plaintext input is bits. Therefore, fully homomorphic encryption can expand the storage space occupied by data by thousands of times. The storage efficiency is seriously lowered.
In order to solve the above problem, we propose an efficient data blinding method.
Disclosure of Invention
The invention aims to provide an efficient data blinding mode, support the addition and multiplication mixed operation under a ciphertext, realize efficient encryption and efficient operation, reduce the storage space occupied by the ciphertext data and improve the storage efficiency.
In order to achieve the purpose, the invention provides the following technical scheme: an efficient data blinding method comprises the following steps:
first, public parameter generation:
for a security parameter lambda input by a system, large prime numbers p, q and s with three lambda bits are randomly selected, then a public parameter T is pqs, and a secret key is: (p, q);
secondly, encrypting the plaintext m;
two random numbers r are randomly selected before encryption1,r2;
The plaintext m is encrypted as follows:
C1=mp+r1NmodT;
C2=mq+r2NmodT;
the ciphertext is: c ═ C1,C2) Wherein, N ═ pq, mod is a remainder function;
thirdly, decrypting the ciphertext C:
when decryption is required, the following operations are performed by using the key (p, q):
①:Cp=C1modp=mmodp;
②:Cq=C2modq=mmodq;
and (3) carrying out inversion calculation on p and q:
③:q-1q=1modp;
④:p-1p=1modq;
the congruence equation (r), (r) and (d) are simultaneously established by using the Chinese remainder theorem, and can be obtained by solving the following steps:
m=q-qqmp+p-1pmqmodN;
mp=mmodp;
mq=mmodq。
compared with the prior art, the invention has the following beneficial effects:
the method can be combined with other cryptography technologies to form a fully homomorphic encryption scheme, on one hand, high-efficiency encryption and high-efficiency operation can be realized, on the other hand, the ciphertext expansion can be theoretically controlled within 1.5 times from the perspective of ciphertext expansion, and in addition multiplication hybrid operation is supported.
Drawings
FIG. 1 is a conceptual diagram of homomorphic encryption;
Detailed Description
The technical solutions of the present invention will be described clearly and completely with reference to the following embodiments of the present invention, and it should be understood that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, the present invention provides a technical solution: an efficient data blinding method comprises the following steps: the first step, generating public parameters and a secret key; secondly, encrypting the plaintext m according to a specific formula to obtain a ciphertext C; thirdly, the cipher text C is decrypted by substituting the key into a specific formula to obtain m and mp、mq。
In the first step of this embodiment, the method for generating the public parameter and the secret key is as follows:
for a security parameter lambda input by a system, large prime numbers p, q and s with three lambda bits are randomly selected, then a public parameter T is pqs, and a secret key is: (p, q);
in the second step of the present embodiment, the method of encrypting the plaintext m is as follows;
first, two random numbers r are randomly selected before encryption1,r2;
The plaintext m is then encrypted according to the following formula:
C1=mp+r1NmodT;
C2=mq+r2NmodT;
the resulting ciphertext is: c ═ C1,C2) Wherein, N ═ pq, mod is a remainder function;
in the third step of the present embodiment, when decrypting the ciphertext C, the following calculation is performed using the key (p, q):
①:Cp=C1modp=mmodp;
②:Cq=C2modq=mmodq;
and (3) carrying out inversion calculation on p and q:
③:q-1q=1modp;
④:p-1p=1modq;
the congruence equation (r), (r) and (d) are simultaneously established by using the Chinese remainder theorem, and can be obtained by solving the following steps:
m=q-qqmp+p-1pmqmodN;
mp=mmodp;
mq=mmodq。
the working principle is as follows: the method can be combined with other cryptography technologies to form a fully homomorphic encryption scheme, so that the expansion of the ciphertext can be controlled within 1.5 times, the storage space occupied by ciphertext data is reduced, and the addition-multiplication hybrid operation under the ciphertext can be supported, and high-efficiency encryption and high-efficiency operation can be realized.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
