[go: up one dir, main page]

CN106921491A - A kind of safely and efficiently outsourcing calculates method and system - Google Patents

A kind of safely and efficiently outsourcing calculates method and system Download PDF

Info

Publication number
CN106921491A
CN106921491A CN201710086781.4A CN201710086781A CN106921491A CN 106921491 A CN106921491 A CN 106921491A CN 201710086781 A CN201710086781 A CN 201710086781A CN 106921491 A CN106921491 A CN 106921491A
Authority
CN
China
Prior art keywords
client
server
function
private key
servers
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710086781.4A
Other languages
Chinese (zh)
Other versions
CN106921491B (en
Inventor
李佩丽
徐海霞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Institute of Information Engineering of CAS
Original Assignee
Institute of Information Engineering of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Institute of Information Engineering of CAS filed Critical Institute of Information Engineering of CAS
Priority to CN201710086781.4A priority Critical patent/CN106921491B/en
Publication of CN106921491A publication Critical patent/CN106921491A/en
Application granted granted Critical
Publication of CN106921491B publication Critical patent/CN106921491B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer And Data Communications (AREA)

Abstract

本发明涉及一种安全高效的外包计算实现方法和系统。该方法包括:1)客户端利用功能加密方案产生两个独立的公私钥对;2)客户端将两个公私钥对中的私钥和与外包计算函数相关的函数分别发送给两个服务器;3)两个服务器分别产生函数对应的解密密钥,并将结果发送给对方;4)客户端利用两个公私钥对中的公钥对消息和随机数加密,并分别将密文发送给两个服务器;5)两个服务器分别采用解密密钥对密文进行解密,并返回计算结果给客户端;6)客户端验证两个服务器返回的计算结果,验证通过则得到外包计算函数的值,否则拒绝。本发明能够提高外包计算协议的整体高效性,降低客户计算量的同时降低了服务器的计算量,并可以检测出谁是恶意的服务器。

The invention relates to a safe and efficient outsourcing computing realization method and system. The method includes: 1) the client uses a functional encryption scheme to generate two independent public-private key pairs; 2) the client sends the private key in the two public-private key pairs and the functions related to outsourcing calculation functions to two servers respectively; 3) The two servers respectively generate the decryption key corresponding to the function and send the result to the other party; 4) The client uses the public key of the two public-private key pairs to encrypt the message and the random number, and sends the ciphertext to the two 5) The two servers respectively use the decryption key to decrypt the ciphertext and return the calculation results to the client; 6) The client verifies the calculation results returned by the two servers, and if the verification passes, the value of the outsourced calculation function is obtained. Otherwise decline. The invention can improve the overall efficiency of the outsourcing calculation protocol, reduce the calculation amount of the client and the server at the same time, and can detect who is a malicious server.

Description

一种安全高效的外包计算实现方法和系统A Safe and Efficient Outsourcing Computing Realization Method and System

技术领域technical field

本发明属于信息安全技术领域,涉及外包计算协议的设计方案,具体为基于功能加密方案的安全外包计算实现方法和系统,能够保证协议执行的安全性和整体高效性。The invention belongs to the technical field of information security, and relates to a design scheme of an outsourcing computing protocol, specifically a method and system for implementing a secure outsourcing computing based on a functional encryption scheme, which can ensure the safety and overall efficiency of protocol execution.

背景技术Background technique

随着云计算的发展,外包计算得到越来越广泛的应用。外包计算是指计算能力弱的客户将其计算任务交给外部服务器让其帮忙完成计算,服务器完成计算后将计算结果返回给客户。外包计算协议的设计需要满足三个主要特性:正确性、安全性、高效性。正确性是指服务器诚实的执行协议所得到的结果,返回给客户之后一定能够通过验证;安全性是指若服务器返回了错误的计算结果,客户端会验证失败并拒绝接受;高效性是指客户端的计算量要远小于直接计算函数的计算量,否则就失去了外包计算的意义。除此之外,还需要考虑客户数据的保密性,因为在一些场景下客户可能不希望服务器知道自己的外包数据。With the development of cloud computing, outsourced computing has been more and more widely used. Outsourced computing means that customers with weak computing capabilities hand over their computing tasks to an external server to help them complete the calculation, and the server returns the calculation result to the customer after completing the calculation. The design of an outsourced computing protocol needs to meet three main characteristics: correctness, security, and efficiency. Correctness refers to the result obtained by the server honestly executing the protocol, which must be verified after being returned to the client; security refers to that if the server returns an incorrect calculation result, the client will fail the verification and refuse to accept it; efficiency refers to the client The calculation amount of the end is much smaller than the calculation amount of the direct calculation function, otherwise the meaning of outsourcing calculation will be lost. In addition, the confidentiality of customer data also needs to be considered, because in some scenarios customers may not want the server to know their outsourced data.

外包计算场景下,因为服务器不一定是诚实的,因此客户需要验证服务器返回结果的正确性(或称可靠性)。交互的证明可以用来帮助服务器向客户证明计算结果的正确性。基于概率可验证证明的论证系统的提出可以用来实现高效的外包计算方案。Micali在所著的论文“CS proofs”中利用随机预言机模型提出了非交互的外包计算方案。Goldwasser S,Lin H,Rubinstein A在所著论文“Delegation of Computation withoutRejection Problem from Designated Verifier CS-Proofs”中针对任意多项式时间可计算的函数设计了非交互的证明系统,用其所设计的外包计算方案满足客户端计算的高效性。不过上述工作均关注服务器返回结果的可靠性,没有考虑客户外包数据的保密性。后续又有不少工作对外包计算展开研究。In the outsourced computing scenario, because the server is not necessarily honest, the client needs to verify the correctness (or reliability) of the results returned by the server. Proof of interaction can be used to help the server prove the correctness of the calculation result to the client. The proposed proof system based on probabilistically verifiable proofs can be used to realize efficient outsourcing computing schemes. In his paper "CS proofs", Micali proposes a non-interactive outsourced computing scheme using a random oracle model. In the paper "Delegation of Computation withoutRejection Problem from Designated Verifier CS-Proofs" written by Goldwasser S, Lin H, and Rubinstein A, a non-interactive proof system was designed for any polynomial time computable function, and the outsourcing calculation scheme designed by it was Satisfy the high efficiency of client computing. However, the above works all focus on the reliability of the results returned by the server, without considering the confidentiality of the customer's outsourced data. In the follow-up, a lot of work has been carried out to study outsourced computing.

外包计算可以分为对具体函数的外包计算和对一般函数的外包计算。针对具体函数,因为函数结构特点明确,比较容易设计出高效安全的外包计算协议,这方面已有不少优秀成果。一直以来,设计一般函数的满足保密性的外包计算协议是一项困难的工作。直到2009年Gentry全同态加密方案的提出在理论上解决了满足保密性的一般函数外包计算协议的存在性问题。Outsourcing computing can be divided into outsourcing computing for specific functions and outsourcing computing for general functions. For specific functions, because the function structure features are clear, it is relatively easy to design an efficient and safe outsourcing computing protocol. There have been many excellent results in this regard. Designing confidentiality-satisfied outsourced computation protocols for general functions has been a difficult task. Until 2009, the proposal of the Gentry fully homomorphic encryption scheme theoretically solved the existence problem of a general function outsourcing computing protocol that satisfies confidentiality.

在Gennaro R,Gentry C和Parno B所著的论文“Non-interactive verifiablecomputing:Outsourcing computation to untrusted workers”中,作者利用全同态加密方案和Yao的错乱电路(Garbled circuit)实现了针对一般函数的外包计算协议。通过全同态加密解决了错乱电路在外包计算中不能重复利用的问题。协议分为离线阶段和在线阶段:在离线阶段,客户进行预处理计算,并将算得的一部分消息公开传送给服务器;在线阶段,客户将外包数据的编码发送给服务器,服务器进行运算后返回运算结果,最后客户对结果进行验证和恢复。在其方案中,客户的外包数据、函数和运算结果对服务器都是保密的,客户可以利用错乱电路中的标签来验证服务器返回结果的可靠性。通过多次运行在线阶段,客户的运算效率在平均意义下是高效的。随后,在Chung K M,Kalai Y和Vadhan S所著的论文“Improved Delegation of Computation Using Fully Homomorphic Encryption”中,作者利用全同态加密方案,根据密文的不可区分性设计了新的针对一般函数的外包计算协议。相比Gennaro等人的工作,Chung等人的方案也分为离线阶段和在线阶段,不过在离线阶段客户不需要向服务器发送任何数据。同样的,客户的计算也是在平均意义下才算高效。In the paper "Non-interactive verifiablecomputing: Outsourcing computation to untrusted workers" by Gennaro R, Gentry C and Parno B, the authors use the fully homomorphic encryption scheme and Yao's Garbled circuit to realize the outsourcing of general functions Computing protocol. Fully homomorphic encryption solves the problem that disordered circuits cannot be reused in outsourced computing. The protocol is divided into an offline stage and an online stage: in the offline stage, the client performs preprocessing calculations, and publicly transmits a part of the calculated information to the server; in the online stage, the client sends the code of the outsourced data to the server, and the server returns the operation result after performing the operation , and finally the client verifies and restores the result. In its solution, the client's outsourced data, functions and calculation results are kept secret from the server, and the client can use the labels in the disordered circuit to verify the reliability of the server's return results. By running the online stage multiple times, the customer's computing efficiency is efficient in the average sense. Subsequently, in the paper "Improved Delegation of Computation Using Fully Homomorphic Encryption" written by Chung K M, Kalai Y and Vadhan S, the authors used a fully homomorphic encryption scheme to design a new algorithm for general functions based on the indistinguishability of ciphertexts. Outsourced Computing Protocol. Compared with the work of Gennaro et al., the scheme of Chung et al. is also divided into offline phase and online phase, but in the offline phase, the client does not need to send any data to the server. Similarly, the client's calculations are only efficient in the average sense.

鉴于上述两种方案的预处理都需要较大计算量,且全同态加密目前实现效率并不高,Ananth P和Chandran N等人在论文“Achieving Privacy in Verifiable Computationwith Multiple Servers–Without FHE and without Pre-processing”中研究不需要预处理和全同态加密的外包计算协议,通过使用多个服务器(n>=2)来协同完成客户的计算任务。其基本思想是,将Gennaro等人工作中的预处理运算(产生错乱电路的运算)也交给服务器去做,最后一个服务器负责完成函数计算。他们的方法减轻了客户的计算量,不过每次执行外包计算时服务器都需要重新产生错乱电路。这是因为错乱电路不能够直接重复使用,否则会破坏外包协议的可靠性和保密性。重复产生错乱电路增加了服务器端的计算代价,反过来增加了客户的开销成本。In view of the fact that the preprocessing of the above two schemes requires a large amount of calculation, and the current implementation efficiency of fully homomorphic encryption is not high, Ananth P and Chandran N et al. wrote in the paper "Achieving Privacy in Verifiable Computation with Multiple Servers–Without FHE and without Pre -processing" studies the outsourced computing protocol that does not require preprocessing and fully homomorphic encryption, and uses multiple servers (n>=2) to collaboratively complete the client's computing tasks. The basic idea is to assign the pre-processing operations (operations that generate disordered circuits) in the work of Gennaro et al. to the server, and the last server is responsible for completing the function calculation. Their approach offloads the client's calculations, but the server needs to regenerate the messy circuit each time the outsourced calculation is performed. This is because garbled circuits cannot be reused directly, which would destroy the reliability and confidentiality of the outsourcing agreement. Repetitively generating garbled circuits increases the computational cost on the server side, which in turn increases overhead costs on the client side.

从目前的研究工作来看,针对一般函数的外包计算现在面临的主要问题仍是效率问题。Judging from the current research work, the main problem facing outsourcing computing for general functions is still the problem of efficiency.

发明内容Contents of the invention

已有的针对一般函数的安全外包计算协议,要么客户端计算量在平均意义下才高效,要么服务器计算效率不高(在每次执行协议时都需要产生错乱电路)。为了提高外包计算协议的整体高效性,本发明设计了基于功能加密方案的外包计算协议,在降低客户计算量的同时,降低了服务器的计算量。Existing security outsourcing computing protocols for general functions, either the client computing amount is efficient in the average sense, or the server computing efficiency is not high (necessary to generate a disordered circuit every time the protocol is executed). In order to improve the overall efficiency of the outsourced calculation protocol, the present invention designs an outsourced calculation protocol based on a functional encryption scheme, which reduces the calculation amount of the server while reducing the calculation amount of the client.

为实现上述目的,本发明采取如下技术方案:To achieve the above object, the present invention takes the following technical solutions:

一种安全高效的外包计算实现方法,其步骤包括:A safe and efficient method for implementing outsourced computing, the steps of which include:

1)客户端利用功能加密方案产生两个独立的公私钥对;1) The client uses the functional encryption scheme to generate two independent public-private key pairs;

2)客户端将两个公私钥对中的私钥和与外包计算函数相关的函数分别发送给两个服务器;2) The client sends the private key in the two public-private key pairs and the functions related to the outsourced calculation function to the two servers respectively;

3)两个服务器分别产生函数对应的解密密钥,并将结果发送给对方;3) The two servers respectively generate the decryption key corresponding to the function, and send the result to the other party;

4)客户端利用两个公私钥对中的公钥对消息和随机数加密,并分别将密文发送给两个服务器;4) The client uses the public key in the two public-private key pairs to encrypt the message and the random number, and sends the ciphertext to the two servers respectively;

5)两个服务器分别采用解密密钥对密文进行解密,并返回计算结果给客户端;5) The two servers respectively use the decryption key to decrypt the ciphertext, and return the calculation result to the client;

6)客户端验证两个服务器返回的计算结果,验证通过则得到外包计算函数的值,否则拒绝。6) The client verifies the calculation results returned by the two servers. If the verification is passed, the value of the outsourced calculation function is obtained, otherwise it is rejected.

具体来说,本发明的外包计算协议中,有一个客户(或称客户端,用D表示)和两个服务器(S1,S2),外包计算函数为f,输入为x。假设至少有一个服务器是半诚实的(本发明所述“半诚实”是指参与方诚实地执行协议,可以记录中间结果并推导有用的信息,但不能修改中间结果)。协议执行过程如下:Specifically, in the outsourcing computing protocol of the present invention, there is a client (or client, represented by D) and two servers (S 1 , S 2 ), the outsourcing computing function is f, and the input is x. It is assumed that at least one server is semi-honest ("semi-honest" in the present invention means that the participants implement the agreement honestly, can record intermediate results and derive useful information, but cannot modify the intermediate results). The protocol execution process is as follows:

1)客户利用功能加密方案产生两个独立的公私钥对(MPK1,MSK1),(MPK2,MSK2),定义与函数f相关的函数g:函数g的输入为三元组(x,s1,s2),若f(x)=0,则函数g输出s1,若f(x)=1,则输出s2,否则中止;1) The customer uses the functional encryption scheme to generate two independent public-private key pairs (MPK 1 , MSK 1 ), (MPK 2 , MSK 2 ), and defines a function g related to the function f: the input of the function g is a triplet (x ,s 1 ,s 2 ), if f(x)=0, then function g outputs s 1 , if f(x)=1, then outputs s 2 , otherwise stop;

2)客户将MSK1和函数g发送给第一个服务器S12) The client sends MSK 1 and function g to the first server S 1 ;

3)客户将MSK2和函数g发送给第二个服务器S23) The client sends MSK 2 and function g to the second server S 2 ;

4)服务器S1用功能加密方案的密钥产生算法产生对应于函数g的解密密钥SK1g;将SK1g发送给服务器S24) The server S 1 uses the key generation algorithm of the functional encryption scheme to generate the decryption key SK 1g corresponding to the function g; send the SK 1g to the server S 2 ;

5)服务器S2用功能加密方案的密钥产生算法产生对应于函数g的解密密钥SK2g,将SK2g发送给服务器S15) The server S 2 uses the key generation algorithm of the functional encryption scheme to generate the decryption key SK 2g corresponding to the function g, and sends the SK 2g to the server S 1 ;

6)客户输入为x,选择随机数r1,r2,r3,r46) Customer input is x, select random numbers r 1 , r 2 , r 3 , r 4 ;

7)客户用功能加密方案的公钥MPK1加密(x,r1,r2),得到密文C1,将其发送给服务器S27) The client encrypts (x,r 1 ,r 2 ) with the public key MPK 1 of the functional encryption scheme, obtains the ciphertext C 1 , and sends it to the server S 2 ;

8)客户用功能加密方案的公钥MPK2加密(x,r3,r4),得到密文C2,将其发送给服务器S18) The client encrypts (x, r 3 , r 4 ) with the public key MPK 2 of the functional encryption scheme, obtains the ciphertext C 2 , and sends it to the server S 1 ;

9)服务器S2用私钥SK1g解密C1,得到结果z1,并将z1返回给客户;9) The server S 2 decrypts C 1 with the private key SK 1g , obtains the result z 1 , and returns z 1 to the client;

10)服务器S1用私钥SK2g解密C2,得到结果z2,并将z2返回给客户;10) The server S 1 decrypts C 2 with the private key SK 2g , obtains the result z 2 , and returns z 2 to the client;

11)客户验证两个服务器返回的值,若两个服务器的返回值都通过随机数验证且对应的函数值相等,则客户接受,得到f(x),否则客户拒绝。11) The client verifies the values returned by the two servers. If the returned values of the two servers pass the random number verification and the corresponding function values are equal, the client accepts and obtains f(x), otherwise the client rejects.

一种安全高效的外包计算实现系统,包括客户端和两个服务器;所述客户端利用功能加密方案产生两个独立的公私钥对,将两个公私钥对中的私钥和与外包计算函数相关的函数分别发送给所述两个服务器;所述两个服务器分别产生函数对应的解密密钥,并将结果发送给对方;所述客户端利用两个公私钥对中的公钥对消息和随机数加密,并分别将密文发送给所述两个服务器;所述两个服务器分别采用解密密钥对密文进行解密,并返回计算结果给客户;所述客户端验证两个服务器返回的计算结果,验证通过则得到外包计算函数的值,否则拒绝。A safe and efficient system for implementing outsourced computing, including a client and two servers; the client uses a functional encryption scheme to generate two independent public-private key pairs, and combines the sum of the private keys in the two public-private key pairs with the outsourced computing function Related functions are sent to the two servers respectively; the two servers respectively generate the decryption keys corresponding to the functions, and send the result to the other party; the client uses the public key pair message and the Encrypt the random number, and send the ciphertext to the two servers respectively; the two servers respectively use the decryption key to decrypt the ciphertext, and return the calculation result to the client; the client verifies the ciphertext returned by the two servers The calculation result, if the verification is passed, the value of the outsourced calculation function will be obtained, otherwise it will be rejected.

本发明与现有技术相比,客户端的计算量只包含主密钥产生、密文生成和简单的对比验证,与外包函数f无关;服务器端在第一次执行协议时产生对应于函数g的解密密钥,后续不需要再重新产生解密密钥,只需进行函数运算即可(高效性)。通过使用功能加密,客户的数据x对两个服务器(S1,S2)都是保密的(保密性)。在加密输入x时,通过引入两个保密的随机数,使得最后服务器返回的结果可以被客户验证(结果可靠性)。因此本发明提供了一种整体高效安全的外包计算协议设计方法。Compared with the prior art, the calculation of the present invention only includes master key generation, ciphertext generation and simple comparison and verification, and has nothing to do with the outsourced function f; the server generates the corresponding function g when executing the protocol for the first time For the decryption key, there is no need to regenerate the decryption key in the future, and only need to perform function operations (high efficiency). By using functional encryption, the client's data x is kept secret (confidentiality) from both servers (S 1 , S 2 ). When encrypting the input x, by introducing two confidential random numbers, the result returned by the server can be verified by the client (result reliability). Therefore, the present invention provides an overall efficient and safe outsourcing computing protocol design method.

附图说明Description of drawings

图1是本发明的协议初始预备阶段示意图。协议运行初始阶段,客户将产生的两个主私钥和函数分别发送给两个服务器(假设信道为秘密信道),两个服务器分别产生函数对应的解密密钥,并将结果发送给另一个服务器。Fig. 1 is a schematic diagram of the initial preparation stage of the protocol of the present invention. In the initial stage of the protocol operation, the client sends the two generated master private keys and functions to two servers (assuming the channel is a secret channel), and the two servers respectively generate the decryption keys corresponding to the functions and send the results to the other server .

图2是本发明的外包计算协议执行阶段示意图。协议计算执行阶段,客户用两个不同的公钥对消息和随机数加密,分别发送给两个服务器。服务器做完运算后,返回计算结果给客户。客户验证结果,验证通过则得到函数值,否则拒绝。Fig. 2 is a schematic diagram of the execution phase of the outsourced computing protocol of the present invention. During the execution phase of the protocol calculation, the client encrypts the message and the random number with two different public keys, and sends them to the two servers respectively. After the server completes the calculation, it returns the calculation result to the client. The client verifies the result. If the verification is passed, the function value is obtained, otherwise it is rejected.

图3是本发明的外包计算的替代协议的预备阶段示意图。Figure 3 is a schematic diagram of the preliminary stages of the alternative protocol for outsourced computing of the present invention.

图4是本发明的外包计算协议的替代协议的验证操作示意图。Fig. 4 is a schematic diagram of verification operation of an alternative protocol of the outsourced computing protocol of the present invention.

具体实施方式detailed description

为使本发明的上述目的、特征和优点能够更加明显易懂,下面通过具体实施例和附图,对本发明做进一步说明。In order to make the above objects, features and advantages of the present invention more obvious and understandable, the present invention will be further described below through specific embodiments and accompanying drawings.

功能加密方案是一种细粒度的加密方案,解密者利用解密密钥可以获得明文对应的函数值,但不知道其他有关明文的信息。这一特性可以很好的应用在外包计算当中,因为客户希望服务器完成计算,但不希望泄漏外包数据x的值。The functional encryption scheme is a fine-grained encryption scheme. The decryptor can use the decryption key to obtain the function value corresponding to the plaintext, but does not know other information about the plaintext. This feature can be well applied in outsourced computing, because the client wants the server to complete the calculation, but does not want to leak the value of the outsourced data x.

功能加密是指解密方有消息x的密文C和函数f对应的解密密钥SKf,只能解密得到消息的函数值f(x),但不能知道其他有关x的信息。功能加密算法的定义如下:Functional encryption means that the decryption party has the ciphertext C of the message x and the decryption key SK f corresponding to the function f, and can only decrypt the function value f(x) of the message, but cannot know other information about x. The functional encryption algorithm is defined as follows:

功能加密算法FE={Setup,KeyGen,Enc,Dec}Functional encryption algorithm FE={Setup,KeyGen,Enc,Dec}

Setup(1k):算法输入安全参数k,输出一对公私钥(MPK,MSK).Setup(1 k ): The algorithm inputs security parameter k and outputs a pair of public and private keys (MPK, MSK).

KeyGen(MSK,f):算法输入主私钥MSK和函数f,输出相应的密钥SKf.KeyGen(MSK,f): The algorithm inputs the master private key MSK and function f, and outputs the corresponding key SK f .

Enc(MPK,x):加密算法输入公钥MPK和消息x,输出密文c.Enc(MPK,x): The encryption algorithm inputs public key MPK and message x, and outputs ciphertext c.

Dec(SKf,c):解密算法输入密钥SKf和密文c,输出f(x).Dec(SK f ,c): The decryption algorithm inputs key SK f and ciphertext c, and outputs f(x).

一个直接的想法是,客户用主私钥产生对应于函数f的私钥SKf,然后将x的密文和SKf发送给服务器,让服务器去做解密运算,之后把f(x)返回给客户。不过这个协议中,客户产生私钥SKf的计算量和计算函数f的计算量相当,因此客户的效率并不高。A direct idea is that the client uses the master private key to generate the private key SK f corresponding to the function f, then sends the ciphertext of x and SK f to the server, asks the server to do the decryption operation, and then returns f(x) to client. However, in this protocol, the amount of calculation required by the client to generate the private key SK f is equivalent to the amount of calculation used to calculate the function f, so the efficiency of the client is not high.

为了降低客户的计算量,我们考虑将计算SKf的任务交给一个服务器,然后让另一个服务器完成外包计算任务。我们假设至少有一个服务器是半诚实的,为了保证计算结果的可靠性,我们让两个服务器都参与计算。具体思想是构造新的函数g,输入为外包数据x和两个随机数s1,s2,若f(x)=0,则输出s1,若f(x)=1,则输出s2。通过这种方法来抵抗服务器的恶意行为。In order to reduce the calculation amount of the client, we consider assigning the task of calculating SK f to one server, and then let another server complete the outsourcing calculation task. We assume that at least one server is semi-honest, and in order to ensure the reliability of the calculation results, we let both servers participate in the calculation. The specific idea is to construct a new function g, the input is outsourcing data x and two random numbers s 1 , s 2 , if f(x)=0, then output s 1 , if f(x)=1, then output s 2 . This method is used to resist malicious behavior of the server.

协议中,客户记为D,两个服务器分别记为(S1,S2),外包计算函数为f,外包数据为x。客户需要将计算f(x)的任务外包给两个服务器。假设协议中至少有一个服务器是半诚实的。In the protocol, the client is marked as D, the two servers are marked as (S 1 , S 2 ), the outsourced calculation function is f, and the outsourced data is x. The client needs to outsource the task of computing f(x) to two servers. Assume at least one server in the protocol is half-honest.

协议执行的预备阶段如图1所示,协议执行阶段如图2所示,具体过程如下:The preparatory stage of protocol execution is shown in Figure 1, and the protocol execution stage is shown in Figure 2. The specific process is as follows:

1)客户执行两次功能加密方案的Setup算法,输出两对公私钥对(MPK1,MSK1),(MPK2,MSK2)。定义与函数f相关的函数g:函数g的输入为三元组(x,r1,r2),若f(x)=0,函数g输出r1,若f(x)=1,函数g输出r21) The client executes the Setup algorithm of the functional encryption scheme twice, and outputs two public-private key pairs (MPK 1 , MSK 1 ), (MPK 2 , MSK 2 ). Define the function g related to the function f: the input of the function g is triplet (x,r 1 ,r 2 ), if f(x)=0, the function g outputs r 1 , if f(x)=1, the function g outputs r 2 .

2)客户将MSK1和函数g发送给第一个服务器S1。这里我们假设信道为秘密信道,在公开信道上,客户可以用服务器S1的公钥加密消息(MSK1,g)后发送给S12) The client sends MSK 1 and function g to the first server S 1 . Here we assume that the channel is a secret channel. On the public channel, the client can use the public key of the server S 1 to encrypt the message (MSK 1 ,g) and send it to S 1 .

3)客户将MSK2和函数g发送给第二个服务器S23) The client sends MSK 2 and function g to the second server S 2 ;

4)服务器S1运行功能加密方案的密钥产生算法KeyGen,输入(MSK1,g),输出对应于函数g的解密密钥SK1g。服务器S1将SK1g发送给服务器S24) The server S 1 runs the key generation algorithm KeyGen of the functional encryption scheme, inputs (MSK 1 ,g), and outputs the decryption key SK 1g corresponding to the function g. Server S 1 sends SK 1g to server S 2 ;

5)服务器S2运行功能加密方案的密钥产生算法KeyGen,输入(MSK2,g),输出对应于函数g的解密密钥SK2g。服务器S2将SK2g发送给服务器S15) The server S 2 runs the key generation algorithm KeyGen of the functional encryption scheme, inputs (MSK 2 ,g), and outputs the decryption key SK 2g corresponding to the function g. Server S 2 sends SK 2g to server S 1 ;

6)客户选择四个随机数r1,r2,r3,r46) The customer selects four random numbers r 1 , r 2 , r 3 , r 4 ;

7)客户用功能加密方案的公钥MPK1加密(x,r1,r2),得到密文C1,将C1发送给服务器S27) The client encrypts (x, r 1 , r 2 ) with the public key MPK 1 of the functional encryption scheme, obtains the ciphertext C 1 , and sends C 1 to the server S 2 ;

8)客户用功能加密方案的公钥MPK2加密(x,r3,r4),得到密文C2,将C2发送给服务器S18) The client encrypts (x, r 3 , r 4 ) with the public key MPK 2 of the functional encryption scheme, obtains the ciphertext C 2 , and sends C 2 to the server S 1 ;

9)服务器S2用私钥SK1g解密C1,得到结果z1,并将z1返回给客户;9) The server S 2 decrypts C 1 with the private key SK 1g , obtains the result z 1 , and returns z 1 to the client;

10)服务器S1用私钥SK2g解密C2,得到结果z2,并将z2返回给客户;10) The server S 1 decrypts C 2 with the private key SK 2g , obtains the result z 2 , and returns z 2 to the client;

11)客户验证两个服务器返回的值:验证z1是否与r1或r2相等,z2是否与r3或r4相等,若z1=r1且z2=r3,则客户输出f(x)=0,若z1=r2且z2=r4,则客户输出f(x)=1,否则客户拒绝。11) The client verifies the values returned by the two servers: verify whether z 1 is equal to r 1 or r 2 , whether z 2 is equal to r 3 or r 4 , if z 1 = r 1 and z 2 = r 3 , then the client outputs f(x)=0, if z 1 =r 2 and z 2 =r 4 , the client outputs f(x)=1, otherwise the client rejects.

本发明利用功能加密方案,采用两个服务器的外包计算模型,实现了外包数据的保密,且极大的降低了客户的计算量(客户计算量和函数f无关)。因为功能加密算法的解密密钥可以重复使用,因此服务器只需产生一次有关函数f的解密密钥,后续只需进行解密运算即可。另外,为了实现计算结果的正确性,本发明在输入部分引入两个保密的随机数,实现客户对服务器返回结果的验证。因此本发明设计的外包计算协议满足保密性、安全性和整体高效性。The present invention utilizes the functional encryption scheme and the outsourcing calculation model of two servers to realize the secrecy of the outsourcing data and greatly reduce the calculation amount of the client (the calculation amount of the client has nothing to do with the function f). Because the decryption key of the functional encryption algorithm can be reused, the server only needs to generate the decryption key of the function f once, and then only needs to perform decryption operations. In addition, in order to realize the correctness of the calculation result, the present invention introduces two confidential random numbers into the input part to realize the client's verification of the result returned by the server. Therefore, the outsourced computing protocol designed by the present invention satisfies confidentiality, security and overall high efficiency.

下面表1是本发明与现有技术的计算量对比。与现有技术相比,本发明在保证客户计算量较低的前提下,减少了服务器的计算量,实现了整体高效安全的外包计算协议。Table 1 below shows the calculation amount comparison between the present invention and the prior art. Compared with the prior art, the present invention reduces the calculation amount of the server on the premise of ensuring that the calculation amount of the client is low, and realizes an overall efficient and safe outsourcing calculation protocol.

表1.本发明与现有技术的计算量对比Table 1. Comparison of calculation amount between the present invention and prior art

工作Work 客户计算量Client calculation 服务器计算量server calculation Gennaro等人[GGP10]Gennaro et al. [GGP10] 与f相关,平均意义下高效It is related to f, and it is efficient in the average sense 计算函数fCalculation function f Chung等人[CKV10]Chung et al. [CKV10] 与f相关,平均意义下高效It is related to f, and it is efficient in the average sense 计算2k个函数fCompute 2k functions f 与f无关nothing to do with f 计算错乱电路和函数fComputationally messed up circuits and functions f 本发明this invention 与f无关nothing to do with f 平均意义下:计算函数fIn the average sense: the calculation function f

本发明提供了安全的外包计算方法,客户可以通过对比操作验证返回结果正确与否。在此基础上,如果客户希望知道哪一个服务器是恶意的。可以采取如下替代协议。替代协议的预备阶段如图3所示,协议执行计算过程仍如图2所示,另外在最后添加了进一步的验证操作,如图4所示。替代协议的具体过程如下:The invention provides a safe outsourcing calculation method, and the customer can verify whether the returned result is correct or not through a comparison operation. On this basis, if the client wants to know which server is malicious. Alternative protocols can be adopted as follows. The preparatory stage of the alternative protocol is shown in Figure 3, and the calculation process of the protocol execution is still shown in Figure 2, and further verification operations are added at the end, as shown in Figure 4. The specific process of the replacement agreement is as follows:

1)客户执行两次功能加密方案的Setup算法,输出两对公私钥对(MPK1,MSK1),(MPK2,MSK2)。定义与函数f相关的函数g:函数g的输入为三元组(x,r1,r2),若f(x)=0,函数g输出r1,若f(x)=1,函数g输出r21) The client executes the Setup algorithm of the functional encryption scheme twice, and outputs two public-private key pairs (MPK 1 , MSK 1 ), (MPK 2 , MSK 2 ). Define the function g related to the function f: the input of the function g is triplet (x,r 1 ,r 2 ), if f(x)=0, the function g outputs r 1 , if f(x)=1, the function g outputs r 2 .

2)客户将MSK1和函数g发送给第一个服务器S1。这里我们假设信道为秘密信道,在公开信道上,客户可以用服务器S1的公钥加密消息(MSK1,g)后发送给S12) The client sends MSK 1 and function g to the first server S 1 . Here we assume that the channel is a secret channel. On the public channel, the client can use the public key of the server S 1 to encrypt the message (MSK 1 ,g) and send it to S 1 .

3)客户将MSK2和函数g发送给第二个服务器S23) The client sends MSK 2 and function g to the second server S 2 ;

4)服务器S1运行功能加密方案的密钥产生算法KeyGen,输入(MSK1,g),输出对应于函数g的解密密钥SK1g。服务器S1将SK1g发送给服务器S24) The server S 1 runs the key generation algorithm KeyGen of the functional encryption scheme, inputs (MSK 1 ,g), and outputs the decryption key SK 1g corresponding to the function g. Server S 1 sends SK 1g to server S 2 ;

5)服务器S2运行功能加密方案的密钥产生算法KeyGen,输入(MSK2,g),输出对应于函数g的解密密钥SK2g。服务器S2将SK2g发送给服务器S15) The server S 2 runs the key generation algorithm KeyGen of the functional encryption scheme, inputs (MSK 2 ,g), and outputs the decryption key SK 2g corresponding to the function g. Server S 2 sends SK 2g to server S 1 ;

6)服务器S1计算哈希函数H(SK1g),H(SK2g),将它们发送给客户;6) Server S 1 calculates hash functions H(SK 1g ), H(SK 2g ), and sends them to the client;

7)服务器S2计算哈希函数H(SK1g),H(SK2g),将它们发送给客户;7) The server S 2 calculates the hash functions H(SK 1g ), H(SK 2g ), and sends them to the client;

8)客户验证两个服务器返回的哈希值是否对应相等,若相等,则继续,否则中止;8) The client verifies whether the hash values returned by the two servers are correspondingly equal, if they are equal, continue, otherwise abort;

9)客户选择四个随机数r1,r2,r3,r49) The customer selects four random numbers r 1 , r 2 , r 3 , r 4 ;

10)客户用功能加密方案的公钥MPK1加密(x,r1,r2),得到密文C1,将C1发送给服务器S210) The client encrypts (x, r 1 , r 2 ) with the public key MPK 1 of the functional encryption scheme, obtains the ciphertext C 1 , and sends C 1 to the server S 2 ;

11)客户用功能加密方案的公钥MPK2加密(x,r3,r4),得到密文C2,将C2发送给服务器S111) The client encrypts (x, r 3 , r 4 ) with the public key MPK 2 of the functional encryption scheme, obtains the ciphertext C 2 , and sends C 2 to the server S 1 ;

12)服务器S2用私钥SK1g解密C1,得到结果z1,并将z1返回给客户;12) The server S 2 decrypts C 1 with the private key SK 1g , obtains the result z 1 , and returns z 1 to the client;

13)服务器S1用私钥SK2g解密C2,得到结果z2,并将z2返回给客户;13) The server S 1 decrypts C 2 with the private key SK 2g , obtains the result z 2 , and returns z 2 to the client;

14)客户验证两个服务器返回的值:验证z1是否与r1或r2相等,z2是否与r3或r4相等,若z1=r1且z2=r3,则客户输出f(x)=0,若z1=r2且z2=r4,则客户输出f(x)=1,否则继续执行15);14) The client verifies the values returned by the two servers: verify whether z 1 is equal to r 1 or r 2 , whether z 2 is equal to r 3 or r 4 , if z 1 = r 1 and z 2 = r 3 , then the client outputs f(x)=0, if z 1 =r 2 and z 2 =r 4 , the client outputs f(x)=1, otherwise proceed to step 15);

15)客户采用Goldwasser等人在文章“Delegation of Computation withoutRejection Problem from Designated Verifier CS-Proofs”中的证明系统(记为L),运行L的set-up算法产生函数KeyGen(MSK1,·)所对应的公私钥(pp1,sp1),产生函数KeyGen(MSK2,·)所对应的公私钥(pp2,sp2)。将pp1发送给服务器S1,将pp2发送给S215) The customer adopts the proof system (denoted as L) in the article "Delegation of Computation without Rejection Problem from Designated Verifier CS-Proofs" by Goldwasser et al., and runs the set-up algorithm of L to generate the function KeyGen(MSK 1 , ) corresponding to public-private key (pp 1 ,sp 1 ) of the function KeyGen(MSK 2 ,·) corresponding to the public-private key (pp 2 ,sp 2 ). Send pp 1 to server S 1 , and send pp 2 to S 2 ;

16)服务器S1执行证明系统L中的证明者算法,产生证明π1,发送(SK1g1)给客户,同样的服务器S2产生证明π2,发送(SK2g2)给客户。16) The server S 1 executes the certifier algorithm in the certification system L, generates a certificate π 1 , and sends (SK 1g1 ) to the client, and the same server S 2 generates a certificate π 2 , and sends (SK 2g2 ) to client.

17)客户计算H(SK1g)和H(SK2g),验证是否和步骤6)、7)中收到的哈希值对应相等,若存在不等,则判定相应的服务器为恶意,终止,否则继续。客户运行证明系统L的验证者算法,用收到的消息和私钥sp1,sp2分别验证证明π1和π2是否成立,若πi(i∈{1,2})验证失败,则对应的服务器Si为恶意,终止,否则继续。客户判断哪个服务器返回的zi(i∈{1,2})在步骤14)中判等失败,即zi和客户所选的随机数不存在相等关系,则相应的服务器为恶意,终止。17) The client calculates H(SK 1g ) and H(SK 2g ), and verifies whether it is equal to the hash value received in steps 6) and 7). If there is an inequity, then determine that the corresponding server is malicious and terminate. Otherwise continue. The client runs the verifier algorithm of the proof system L, uses the received message and the private key sp 1 , sp 2 to verify whether the proof π 1 and π 2 are valid, if the verification of π i (i∈{1,2}) fails, then If the corresponding server S i is malicious, terminate, otherwise continue. The client judges which server returns z i (i∈{1,2}) and fails in step 14), that is, z i does not have an equal relationship with the random number selected by the client, then the corresponding server is malicious and terminates.

其中πi是服务器Si向客户证明其返回的SKig是诚实产生的。证明系统L中验证者(在这里是客户)的计算复杂度与函数KeyGen(MSKi,·)的计算复杂度的对数相关。因为功能加密方案中算法KeyGen(MSKi,·)的计算复杂度和函数f的计算复杂度相当。因此此替代方案中,客户的计算量与函数f对数log(|f|)相关,相比Gennaro等人和Chung等人的工作,此方案仍是高效的。此替代方案可以帮助客户在验证失败后,获知谁是恶意的服务器。另外我们约定,在步骤14)后,若有服务器拒绝执行步骤16)而提前选择中止,则判定此服务器为恶意。Where π i is the server S i proves to the client that the returned SK ig is honestly generated. Prove that the computational complexity of the verifier (here the client) in the system L is related to the logarithm of the computational complexity of the function KeyGen(MSK i ,·). Because the computational complexity of the algorithm KeyGen(MSK i ,·) in the functional encryption scheme is equivalent to that of the function f. Therefore, in this alternative scheme, the calculation amount of the client is related to the function f logarithm log(|f|). Compared with the works of Gennaro et al. and Chung et al., this scheme is still efficient. This alternative can help customers know who is a malicious server after authentication fails. In addition, we agree that after step 14), if any server refuses to execute step 16) and chooses to abort in advance, it is determined that the server is malicious.

本发明的拓展实施方式:将功能加密方案替换为多输入的功能加密方案,适用于多客户的外包计算场景。多输入的功能加密方案是单输入功能加密方案的扩展。在多输入功能加密方案中,解密密钥SKf所对应的函数f为n元函数,密钥SKf的输入为n个密文。给定n个消息(x1,x2,…,xn)的密文,记为(c1,c2,…,cn),和解密密钥SKf,解密者可以解密得到f(x1,x2,…,xn)的值。而多客户的外包计算是指n个客户(n>=2)有各自的输入xi,想要将计算f(x1,x2,…,xn)的任务外包给外部服务器。通过将本发明中的功能加密方案替换为多输入的功能加密,可以较直接的设计出多个客户将计算任务外包给两个服务器的外包计算方案。An expanded implementation of the present invention: replace the functional encryption scheme with a multi-input functional encryption scheme, which is suitable for outsourcing computing scenarios with multiple clients. Multi-input functional encryption schemes are extensions of single-input functional encryption schemes. In the multi-input functional encryption scheme, the function f corresponding to the decryption key SK f is an n-ary function, and the input of the key SK f is n ciphertexts. Given the ciphertext of n messages (x 1 , x 2 ,…,x n ), denoted as (c 1 ,c 2 ,…,c n ), and the decryption key SK f , the decryptor can decrypt to obtain f( x 1 ,x 2 ,…,x n ). The multi-client outsourced computing means that n clients (n>=2) have their own input xi and want to outsource the task of computing f(x 1 ,x 2 ,…,x n ) to an external server. By replacing the functional encryption scheme in the present invention with multi-input functional encryption, an outsourcing calculation scheme in which multiple clients outsource calculation tasks to two servers can be designed more directly.

以上实施例仅用以说明本发明的技术方案而非对其进行限制,本领域的普通技术人员可以对本发明的技术方案进行修改或者等同替换,而不脱离本发明的精神和范围,本发明的保护范围应以权利要求书所述为准。The above embodiments are only used to illustrate the technical solution of the present invention and not to limit it. Those of ordinary skill in the art can modify or equivalently replace the technical solution of the present invention without departing from the spirit and scope of the present invention. The scope of protection should be determined by the claims.

Claims (10)

1. safely and efficiently outsourcing calculates implementation method to one kind, it is characterised in that comprise the following steps:
1) client produces two independent public private key pairs using function encipherment scheme;
2) function that client calculates functional dependence by the private key in two public private key pairs and with outsourcing is sent respectively to two clothes Business device;
3) two servers produce the corresponding decruption key of function respectively, and send result to other side;
4) ciphertext and is sent to two by client respectively using the public key in two public private key pairs to message and random number encryption Server;
5) two servers are respectively adopted decruption key and ciphertext are decrypted, and return to result of calculation to client;
6) result of calculation that two servers of client validation are returned, is verified, and obtains the value that outsourcing calculates function, otherwise Refusal.
2. the method for claim 1, it is characterised in that it is S to set two servers1And S2, it is f that outsourcing calculates function, defeated It is x to enter;Assuming that at least one server is half honesty;Realize that the specific steps that outsourcing is calculated include:
1) client produces two independent public private key pair (MPK using function encipherment scheme1,MSK1),(MPK2,MSK2), definition And function f related function g:The input of function g is triple (x, s1,s2), if f (x)=0, function g outputs s1If, f (x) =1, then export s2, otherwise stop;
2) client is by MSK1First server S is sent to function g1
3) client is by MSK2Second server S is sent to function g2
4) server S1The decruption key SK corresponding to function g is produced with the encryption key generating algorithms of function encipherment scheme1g;By SK1g It is sent to server S2
5) server S2The decruption key SK corresponding to function g is produced with the encryption key generating algorithms of function encipherment scheme2g, by SK2g It is sent to server S1
6) client input is x, selection random number r1,r2,r3,r4
7) the client public key MPK of function encipherment scheme1Encryption (x, r1,r2), obtain ciphertext C1, send it to server S2
8) the client public key MPK of function encipherment scheme2Encryption (x, r3,r4), obtain ciphertext C2, send it to server S1
9) server S2Use private key SK1gDecryption C1, obtain result z1, and by z1Return to client;
10) server S1Use private key SK2gDecryption C2, obtain result z2, and by z2Return to client;
11) values that two servers of client validation are returned, if two return values of server are all by random number verification and right The functional value answered is equal, then client receives, and obtains f (x), otherwise client refusal.
3. method as claimed in claim 2, it is characterised in that step 11) in, client validation z1Whether with r1Or r2It is equal, z2Whether with r3Or r4It is equal;If z1=r1And z2=r3, then client export f (x)=0;If z1=r2And z2=r4, then client Output f (x)=1;Otherwise client refuses.
4. method as claimed in claim 2, it is characterised in that use following methods to judge which server is malice:
A) in step 5) after, following steps are performed, then perform step 6):
A1) server S1Calculate hash function H (SK1g), H (SK2g), send them to client;
A2) server S2Calculate hash function H (SK1g), H (SK2g), send them to client;
A3) cryptographic Hash that two servers of client validation are returned whether correspondent equal, if equal, continue, otherwise stop;
B) in step 11) in, if client validation fails, perform following steps:
B1) the set-up algorithms of client operation proof system L produce function KeyGen (MSK1) corresponding to public and private key (pp1,sp1), produce function KeyGen (MSK2) corresponding to public and private key (pp2,sp2);By pp1It is sent to server S1, will pp2It is sent to S2
B2) server S1The certifier's algorithm in proof system L is performed, producing proves π1, send (SK1g1) give client;Clothes Business device S2Producing proves π2, send (SK2g2) give client;
B3) client calculates H (SK1g) and H (SK2g), verify whether with the cryptographic Hash correspondent equal received in step a), if in the presence of , then judge that corresponding server is malice, terminate, otherwise continue;Verifier's algorithm of client's operation proof system L, uses The message and private key sp for receiving1,sp2Separately verify proof π1And π2Whether set up, if πi(i ∈ { 1,2 }) authentication failed, then correspond to Server SiIt is malice, terminates, otherwise continues;Client judges the z which server is returnedi(i ∈ { 1,2 }) are in step 14) in The failure, i.e. z such as sentenceiDo not exist relation of equality with the random number selected by client, then corresponding server is malice, is terminated.
5. method as claimed in claim 4, it is characterised in that in step 11) after, if there is server to refuse to perform step B2 select to stop) and in advance, then judge that this server is malice.
6. the method for claim 1, it is characterised in that the channel between client and server is hidden passageway;If Channel between client and server is overt channel, then client is using being then forwarded to clothes after the public key encryption message of server Business device.
7. the method as described in any claim in claim 1 to 6, it is characterised in that replace with function encipherment scheme The function encipherment scheme of multi input, it is adaptable to which the outsourcing of many clients calculates scene.
8. safely and efficiently system is realized in outsourcing calculating to one kind, it is characterised in that including client and two servers;The visitor Family end produces two independent public private key pairs using function encipherment scheme, is calculated by the private key in two public private key pairs and with outsourcing The function of functional dependence is sent respectively to described two servers;Described two servers produce the corresponding decryption of function close respectively Key, and send result to other side;The client utilizes the public key in two public private key pairs to message and random number encryption, and Ciphertext is sent to described two servers respectively;Described two servers are respectively adopted decruption key and ciphertext are decrypted, And result of calculation is returned to client;The result of calculation that two servers of the client validation are returned, is verified, and obtains outer Bag calculates the value of function, otherwise refuses.
9. system as claimed in claim 8, it is characterised in that the channel between client and server is hidden passageway.
10. system as claimed in claim 8, it is characterised in that the channel between client and server is overt channel, visitor Family end after the public key encryption message of server using being then forwarded to server.
CN201710086781.4A 2017-02-17 2017-02-17 Safe and efficient outsourcing calculation implementation method and system Expired - Fee Related CN106921491B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710086781.4A CN106921491B (en) 2017-02-17 2017-02-17 Safe and efficient outsourcing calculation implementation method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710086781.4A CN106921491B (en) 2017-02-17 2017-02-17 Safe and efficient outsourcing calculation implementation method and system

Publications (2)

Publication Number Publication Date
CN106921491A true CN106921491A (en) 2017-07-04
CN106921491B CN106921491B (en) 2020-02-11

Family

ID=59454571

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710086781.4A Expired - Fee Related CN106921491B (en) 2017-02-17 2017-02-17 Safe and efficient outsourcing calculation implementation method and system

Country Status (1)

Country Link
CN (1) CN106921491B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108809623A (en) * 2018-07-10 2018-11-13 矩阵元技术(深圳)有限公司 Multi-party computations method, apparatus and system
CN109032792A (en) * 2018-07-10 2018-12-18 矩阵元技术(深圳)有限公司 Outsourcing calculation method and system
CN112468284A (en) * 2020-11-26 2021-03-09 东北大学 A method of safety outsourcing based on SHE
CN114257374A (en) * 2021-12-20 2022-03-29 山东大学 Verifiable security outsourcing calculation method and system for identification cryptosystem
US12015703B2 (en) 2018-01-11 2024-06-18 Samsung Electronics Co., Ltd. Electronic device for user authentication, server, and control method therefor

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7979711B2 (en) * 2007-08-08 2011-07-12 International Business Machines Corporation System and method for privacy preserving query verification
CN103281377A (en) * 2013-05-31 2013-09-04 北京鹏宇成软件技术有限公司 Cryptograph data storage and searching method for cloud
CN103414690A (en) * 2013-07-15 2013-11-27 北京航空航天大学 Publicly-verifiable cloud data possession checking method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7979711B2 (en) * 2007-08-08 2011-07-12 International Business Machines Corporation System and method for privacy preserving query verification
CN103281377A (en) * 2013-05-31 2013-09-04 北京鹏宇成软件技术有限公司 Cryptograph data storage and searching method for cloud
CN103414690A (en) * 2013-07-15 2013-11-27 北京航空航天大学 Publicly-verifiable cloud data possession checking method

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
LI P等: "《Multi-client Outsourced Computation》", 《INFORMATION SECURITY AND CRYPTOLOGY》 *
LI P等: "《Multi-input Functional Encryption and Its Application in Outsourcing Computation》", 《INFORMATION AND COMMUNICATION SECRITY》 *
任艳丽等: "《隐私保护的可验证多元多项式外包计算方案》", 《通信学报》 *

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US12015703B2 (en) 2018-01-11 2024-06-18 Samsung Electronics Co., Ltd. Electronic device for user authentication, server, and control method therefor
CN108809623A (en) * 2018-07-10 2018-11-13 矩阵元技术(深圳)有限公司 Multi-party computations method, apparatus and system
CN109032792A (en) * 2018-07-10 2018-12-18 矩阵元技术(深圳)有限公司 Outsourcing calculation method and system
CN108809623B (en) * 2018-07-10 2020-09-25 矩阵元技术(深圳)有限公司 Secure multiparty computing method, device and system
CN112468284A (en) * 2020-11-26 2021-03-09 东北大学 A method of safety outsourcing based on SHE
CN114257374A (en) * 2021-12-20 2022-03-29 山东大学 Verifiable security outsourcing calculation method and system for identification cryptosystem
CN114257374B (en) * 2021-12-20 2023-08-15 山东大学 A verifiably secure outsourcing computing method and system for identification cryptosystem

Also Published As

Publication number Publication date
CN106921491B (en) 2020-02-11

Similar Documents

Publication Publication Date Title
Chase et al. On signatures of knowledge
Wang et al. Security analysis of a single sign-on mechanism for distributed computer networks
Jiang et al. Two-factor authentication protocol using physical unclonable function for IoV
CN107342859B (en) Anonymous authentication method and application thereof
CN106533699B (en) An Identity-Based Blind Signature Method on the Lower Lattice of the Standard Model
US20210152370A1 (en) Digital signature method, device, and system
CN106921491B (en) Safe and efficient outsourcing calculation implementation method and system
CN113271209B (en) A custodial public key encryption system and method based on non-interactive zero-knowledge proof
CN113132104B (en) A proactive and secure two-party generation method for ECDSA digital signatures
CN107248909A (en) It is a kind of based on SM2 algorithms without Credential-Security endorsement method
CN111447065B (en) An active and secure two-party generation method of SM2 digital signature
CN109543434A (en) Block chain information encryption method, decryption method, storage method and device
CN103988466A (en) Group encryption method and device
CN107294696A (en) For the full homomorphism method for distributing key of Leveled
CN111817846A (en) Lightweight key negotiation communication protocol
CN115459975A (en) Certificate-free access authentication method for industrial edge equipment based on Chebyshev polynomial
CN111245615B (en) An Identity-Based Digital Signature Password Reverse Firewall Method
Chain et al. Enhancement authentication protocol using zero‐knowledge proofs and chaotic maps
Bindel et al. Hybrid key encapsulation mechanisms and authenticated key exchange
US12316734B2 (en) Key generation and PACE protocol with protection against side channel attacks spying out a nonce
De Lacerda Filho et al. Improving data security, privacy, and interoperability for the IEEE biometric open protocol standard
Wen et al. Intersection-policy private mutual authentication from authorized private set intersection
KR20240136961A (en) Emergency recovery transaction of funds in cryptocurrency wallet
Pakniat et al. Cryptanalysis of a certificateless aggregate signature scheme
CN116318964A (en) Verifiable lightweight searchable encryption method in cloud-edge environment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20200211

Termination date: 20220217

CF01 Termination of patent right due to non-payment of annual fee