[go: up one dir, main page]

CN108418810A - Secret sharing method based on Hadamard matrix - Google Patents

Secret sharing method based on Hadamard matrix Download PDF

Info

Publication number
CN108418810A
CN108418810A CN201810129424.6A CN201810129424A CN108418810A CN 108418810 A CN108418810 A CN 108418810A CN 201810129424 A CN201810129424 A CN 201810129424A CN 108418810 A CN108418810 A CN 108418810A
Authority
CN
China
Prior art keywords
secret
matrix
secret sharing
hadamard
administrator
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810129424.6A
Other languages
Chinese (zh)
Inventor
王怀习
束妮娜
王晨
马涛
李永祥
黄郡
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
National University of Defense Technology
Original Assignee
National University of Defense Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by National University of Defense Technology filed Critical National University of Defense Technology
Priority to CN201810129424.6A priority Critical patent/CN108418810A/en
Publication of CN108418810A publication Critical patent/CN108418810A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/28Restricting access to network management systems or functions, e.g. using authorisation function to access network configuration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/065Network architectures or network communication protocols for network security for supporting key management in a packet data network for group communications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to the technical field of information hiding, in particular to a secret sharing method based on a Hadamard matrix, which comprises the following steps: s1, generating key parameters, generating a Hadamard matrix H with a specified dimension by an administrator according to the key parameters, and constructing a block association matrix U according to the Hadamard matrix H; s2, the administrator generates corresponding secret sharing for each member according to the block association matrix U; and S3, reconstructing the secret S by the member according to the secret sharing value and the group association matrix U. The invention is suitable for secret sharing and privacy protection of multi-party members in a distributed computing environment, and the secret sharing method based on the Hadamard matrix is simple and effective. An administrator can generate a Hadamard matrix with a designated dimension according to the secret space and the user scale, then a group association matrix is generated, secret sharing and secret reconstruction are finally achieved, calculation and storage efficiency is high, and the method has a wide application prospect.

Description

一种基于Hadamard矩阵的秘密分享方法A Secret Sharing Method Based on Hadamard Matrix

技术领域technical field

本发明涉及一种信息隐藏技术领域,特别是涉及一种基于Hadamard矩阵的秘密分享方案并证明其安全性。The invention relates to the technical field of information hiding, in particular to a Hadamard matrix-based secret sharing scheme and its safety proof.

背景技术Background technique

随着网络技术和计算模式的不断演进发展,以云计算为代表的分布式计算在信息技术中具有无可替代的重要作用,成为一种基础性的计算技术。分布式计算技术需要解决不可信的多方成员之间在协同计算时的信息共享公用与信息隐私保护问题,秘密分享方案解决了分布式计算环境下的信息共享与隐私保护问题。秘密分享方案是一种基础的协议,最初由Shamir和Blakley独立提出用以解决密钥分配,也可以应用于一般信息的共享与隐私保护。秘密分享的基本思想为保护信息的隐私性,其初始应用场景为:管理员具有某个核心信息系统的密钥同时担心密钥丢失,因此管理员将该密钥对多个成员共享,但是每个成员都无法单独获得密钥。秘密分享方案不仅可以解决单个成员不诚实问题,也可以解决单个秘密分享丢失损坏密钥自身的安全性。因此,密钥在一组成员之间共享。秘密分享方案在密码学与分布式计算中具有举足轻重的作用,例如多方安全计算、阈值密码学、访问控制、基于属性的加密机制、基于属性的签名机制、通用健忘传输协议、图像隐藏与数字水印等。With the continuous evolution and development of network technology and computing models, distributed computing represented by cloud computing plays an irreplaceable important role in information technology and has become a basic computing technology. Distributed computing technology needs to solve the problems of information sharing and information privacy protection among untrustworthy multi-party members during collaborative computing. The secret sharing scheme solves the problems of information sharing and privacy protection in a distributed computing environment. The secret sharing scheme is a basic protocol, originally proposed by Shamir and Blakley independently to solve key distribution, and can also be applied to general information sharing and privacy protection. The basic idea of secret sharing is to protect the privacy of information. Its initial application scenario is: the administrator has the key of a core information system and is worried about the loss of the key, so the administrator shares the key with multiple members, but every No member can obtain the key individually. The secret sharing scheme can not only solve the problem of dishonesty of a single member, but also solve the problem of the loss of a single secret sharing and damage the security of the key itself. Therefore, keys are shared among members of a group. Secret sharing schemes play a pivotal role in cryptography and distributed computing, such as multi-party secure computing, threshold cryptography, access control, attribute-based encryption mechanism, attribute-based signature mechanism, general forgetful transmission protocol, image hiding and digital watermarking Wait.

管理员具有密钥s,向n个成员P1,P2,…,Pn分发分享值s1,s2,…,sn。记密钥恢复的阈值为r并且r>2。当成员数目大于等于阈值r时,这组成员能够非常容易地恢复密钥s;否则,各成员无法获取密钥s。图1描述了r>2时的秘密分享方案。当然,秘密分享方案的可恢复性可以由多种更泛化的表示形式,如单调函数,访问结构。The administrator has the key s, and distributes shared values s 1 , s 2 , ..., s n to n members P 1 , P 2 , ..., P n . Note that the threshold for key recovery is r and r>2. When the number of members is greater than or equal to the threshold r, this group of members can easily recover the key s; otherwise, each member cannot obtain the key s. Figure 1 depicts the secret sharing scheme when r>2. Of course, the recoverability of secret sharing schemes can be represented by many more generalized forms, such as monotonic functions and access structures.

目前,工业与学术界给出了多种秘密分享方案,根据秘密分享方案的原理,可以分为基于Lagrange插值多项式的秘密分享方案,基于有限域上线性空间理论的秘密分享方案和基于模运算的秘密分享方案等。Shamir最早提出了(r,n)-型阈值秘密分享方案(A.Shamir,How to share a secret,Commun.ACM,vol.22,no.11,pp.612–613,1979.),该方案利用至少r个秘密分享值重构密钥s需要Lagrange插值多项式进行复杂的计算。Blakley提出了一种基于线性空间理论的秘密分享方案(G.R.Blakley,Safeguardingcryptographic keys,in Proc.AFIPS 1979National Computer Conference.AFIPS,1979,pp.313–317.),该方案在重构密钥s时需要计算线性子空间的交集,交集中的元素一般不唯一,这为密钥重构带来了干扰。Asmuth-Bloom提出了一种基于模运算的秘密分享方案(C.Asmuth and J.Bloom,A modular approach to key safeguarding,IEEETrans.Information Theory,vol.29,no.2,pp.208–210,1983.),该方案在秘密分享阶段计算效率高,但是密钥重构计算和秘密分享存储带来了庞大的计算存储代价。At present, the industry and academia have given a variety of secret sharing schemes. According to the principle of secret sharing schemes, they can be divided into secret sharing schemes based on Lagrange interpolation polynomials, secret sharing schemes based on linear space theory on finite fields, and modular operation-based secret sharing schemes. Secret sharing scheme, etc. Shamir first proposed the (r,n)-type threshold secret sharing scheme (A.Shamir, How to share a secret, Commun.ACM, vol.22, no.11, pp.612–613, 1979.), the scheme Reconstructing the key s using at least r shared secret values requires Lagrange interpolation polynomials to perform complex calculations. Blakley proposed a secret sharing scheme based on linear space theory (G.R.Blakley, Safeguarding cryptographic keys, in Proc.AFIPS 1979National Computer Conference.AFIPS,1979,pp.313–317.), which requires Computing the intersection of linear subspaces, the elements in the intersection are generally not unique, which brings interference to key reconstruction. Asmuth-Bloom proposed a secret sharing scheme based on modular operations (C.Asmuth and J.Bloom, A modular approach to key safeguarding, IEEETrans.Information Theory, vol.29, no.2, pp.208–210, 1983 .), the scheme has high computational efficiency in the secret sharing stage, but the key reconstruction calculation and secret sharing storage bring huge calculation and storage costs.

发明内容Contents of the invention

本发明的目标是建立一种计算与存储复杂度较低的秘密分享方案。基于Hadamard矩阵的秘密分享方案根据秘密空间和成员个数生成指定维数的Hadamard矩阵H,从Hadamard矩阵计算相应的区组关联矩阵U,利用区组关联矩阵U的行向量为每个成员分发秘密分享值;密钥重构阶段,根据区组矩阵和成员的秘密分享值重构秘密s。该方案可以广泛应用于计算存储设备,特别适用于轻量级计算存储设备,诸如智能终端与物联网中的传感器。The object of the present invention is to establish a secret sharing scheme with low computation and storage complexity. The secret sharing scheme based on Hadamard matrix generates a Hadamard matrix H of specified dimension according to the secret space and the number of members, calculates the corresponding block correlation matrix U from the Hadamard matrix, and uses the row vector of the block correlation matrix U to distribute secrets to each member Shared value; in the key reconstruction stage, the secret s is reconstructed according to the block matrix and the member's secret shared value. This solution can be widely used in computing and storage devices, especially for lightweight computing and storage devices, such as smart terminals and sensors in the Internet of Things.

本发明是通过以下技术方案实现的:The present invention is achieved through the following technical solutions:

一种基于Hadamard矩阵的秘密分享方法,包括以下步骤:A method for sharing secrets based on Hadamard matrix, comprising the following steps:

S1、生成密钥参数,管理员根据密钥参数生成指定维数的Hadamard矩阵H,再根据Hadamard矩阵H构造区组关联矩阵U;S1, generating key parameters, the administrator generates a Hadamard matrix H of specified dimensions according to the key parameters, and then constructs a block association matrix U according to the Hadamard matrix H;

S2、管理员根据区组关联矩阵U为每个成员生成相应的秘密分享;S2. The administrator generates a corresponding secret share for each member according to the block association matrix U;

S3、成员根据秘密分享值和区组关联矩阵U重构秘密s。S3. The member reconstructs the secret s according to the secret sharing value and the block association matrix U.

优选地,所述密钥参数包括成员个数、秘密值规模。Preferably, the key parameters include the number of members and the scale of secret values.

优选地,S1具体包括以下步骤:Preferably, S1 specifically includes the following steps:

S11、管理员根据秘密空间规模q和成员人数n确定秘密参数n′S11. The administrator determines the secret parameter n′ according to the size of the secret space q and the number of members n

S12、管理员将秘密s∈Fq转化为二进制形式 S12. The administrator converts the secret s∈F q into binary form

S13、构造n′阶Hadamard矩阵Hn′S13, construct n' order Hadamard matrix H n' ;

S14、计算n′-1阶区组关联矩阵U;S14. Calculating the n'-1 order block correlation matrix U;

其中,sj代表秘密s的第j个比特的值,取值为0或1,秘密s的取值范围Fq={0,1,2,…,q-1}为有限域,q为素数。Among them, s j represents the value of the jth bit of the secret s, which takes the value of 0 or 1, and the value range of the secret s F q ={0,1,2,…,q-1} is a finite field, and q is Prime number.

更进一步地,S11所述n′根据以下方式确定:Furthermore, n' described in S11 is determined in the following manner:

更进一步地,S14所述矩阵U的生成方式包括以下步骤:Further, the generating method of the matrix U in S14 includes the following steps:

S141、根据n′阶Hadamard矩阵Hn′,计算矩阵 S141. Calculate the matrix according to the Hadamard matrix H n' of order n'

S142、将矩阵去除首行首列的元素即生成n′-1阶区组关联矩阵U;S142, the matrix Remove the elements of the first row and the first column to generate n′-1 order block association matrix U;

其中Jn′是n′阶全1矩阵,n′=4m,m是正整数。Wherein J n' is a matrix of all 1s of order n', n'=4m, and m is a positive integer.

优选地,所述Hadamard矩阵的构造方法为递归构造或Paley构造。Preferably, the construction method of the Hadamard matrix is recursive construction or Paley construction.

优选地,S2所述的秘密分享包括以下步骤:Preferably, the secret sharing described in S2 includes the following steps:

S21、管理员将区组矩阵U的第i个行向量Ui,设Ui=(ui,1,ui,2,…,ui,n′-1),生成秘密分享值 S21. The administrator takes the ith row vector U i of the block matrix U, and sets U i =(u i,1 ,u i,2 ,…,u i,n′-1 ) to generate a secret sharing value

S22、当ui,j=1时,管理员将密钥s的第j个比特发送给成员Pi作为向量的第j个元素,即si,j=sj;当ui,j=0时,管理员随机地选取si,j∈{0,1}作为向量的第j个元素。S22. When u i,j =1, the administrator sends the jth bit of the key s to the member P i as a vector The jth element of s i,j =s j ; when u i,j =0, the administrator randomly selects s i,j ∈{0,1} as the vector The jth element of .

优选地,S3所述的秘密重构包括以下步骤:Preferably, the secret reconstruction described in S3 includes the following steps:

S31、希望重构秘密s的各成员Pi提交各自的区组向量Ui私钥和秘密分享向量 S31. Each member P i who wishes to reconstruct the secret s submits their own block vector U i private key and secret sharing vector

S32、各成员贡献其私钥对应的密钥比特;S32. Each member contributes key bits corresponding to its private key;

S33、当时,成员组即可重构出秘密s;S33. When , the member group can reconstruct the secret s;

其中w为希望重构秘密的成员个数。Where w is the number of members who want to reconstruct the secret.

本发明的有益效果在于:The beneficial effects of the present invention are:

本发明适用于分布式计算环境下多方成员的秘密共享与隐私保护,基于Hadamard矩阵的秘密分享方法简单有效。管理员可以根据秘密空间和用户规模生成指定维数的Hadamard矩阵,而后生成区组关联矩阵,最终实现秘密分享与秘密重构,计算与存储效率较高,具有广阔的应用前景。The invention is suitable for secret sharing and privacy protection of multi-party members in a distributed computing environment, and the secret sharing method based on Hadamard matrix is simple and effective. Administrators can generate a Hadamard matrix of specified dimensions according to the secret space and user scale, and then generate a block association matrix, and finally realize secret sharing and secret reconstruction. The calculation and storage efficiency is high, and it has broad application prospects.

附图说明Description of drawings

图1为秘密分享和秘密重构原理图。Figure 1 is a schematic diagram of secret sharing and secret reconstruction.

图2为本发明基于Hadamard矩阵的秘密分享方法流程图。Fig. 2 is a flowchart of the Hadamard matrix-based secret sharing method of the present invention.

图3为本发明基于Hadamard矩阵的秘密分享阶段示例图。Fig. 3 is an example diagram of the secret sharing stage based on Hadamard matrix in the present invention.

图4为本发明基于Hadamard矩阵的秘密重构阶段示例图。Fig. 4 is an example diagram of the secret reconstruction stage based on Hadamard matrix in the present invention.

具体实施方式Detailed ways

为更好理解本发明,下面结合实施例及附图对本发明作进一步描述,以下实施例仅是对本发明进行说明而非对其加以限定。In order to better understand the present invention, the present invention will be further described below in conjunction with the examples and accompanying drawings, and the following examples are only to illustrate the present invention rather than limit it.

目前,现有的秘密分享方案具有秘密分享和秘密重构的计算或存储复杂性较高。如何构造计算存储复杂度较低的秘密分享方案成为重要的研究内容。基于Hadamard矩阵的秘密分享方案以Hadamard矩阵为基础,构造区组关联矩阵,根据区组关联矩阵实现秘密分享和秘密重构。基于Hadamard矩阵的秘密分享方案构造方法简洁,计算与存储复杂度较低,能够广泛地应用于轻量级计算存储设备。Currently, existing secret sharing schemes have high computational or storage complexity for secret sharing and secret reconstruction. How to construct a secret sharing scheme with low computational and storage complexity has become an important research content. The secret sharing scheme based on Hadamard matrix is based on Hadamard matrix, constructs block correlation matrix, realizes secret sharing and secret reconstruction according to block correlation matrix. The secret sharing scheme based on Hadamard matrix has a simple construction method, low computation and storage complexity, and can be widely used in lightweight computing and storage devices.

在基于Hadamard矩阵的秘密分享方案中,密钥拥有者先将秘密s∈Fq转化为二进制形式并生成n′阶Hadamard矩阵Hn’,其中 n为成员个数,q指定秘密规模,sj取值为0或1,为正整数。密钥拥有者根据秘密空间规模和成员人数确定秘密参数n′;在秘密分享阶段,管理员构造n′阶Hadamard矩阵Hn′,从而计算出n′-1阶区组矩阵U,依照n′-1阶区组矩阵分发秘密分享值;在秘密重构阶段,各成员基于区组矩阵U重构秘密s。如图2所示,具体步骤如下:In the secret sharing scheme based on Hadamard matrix, the key owner first converts the secret s∈F q into binary form And generate n′order Hadamard matrix H n' , where n is the number of members, q specifies the secret scale, s j takes the value of 0 or 1, is a positive integer. The key owner determines the secret parameter n′ according to the size of the secret space and the number of members; in the secret sharing stage, the administrator constructs the n′-order Hadamard matrix H n′ to calculate the n′-1-order block group matrix U, according to n′ -1-order block matrix distributes the secret sharing value; in the secret reconstruction stage, each member reconstructs the secret s based on the block matrix U. As shown in Figure 2, the specific steps are as follows:

(1)参数生成阶段(1) Parameter generation stage

给定秘密s∈[0,q-1]和成员P1,P2,…,Pn-1,计算管理员生成n′阶的Hadamard矩阵Hn′,然后计算n′-1阶的区组矩阵U,将区组矩阵U的第i个行向量Ui发送给成员Pi作为其私钥。此处,参数n和s应比较均衡,也就是说, Given a secret s∈[0,q-1] and members P 1 ,P 2 ,…,P n-1 , compute The administrator generates Hadamard matrix H n' of order n ' , then calculates block matrix U of order n'-1, and sends the ith row vector U i of block matrix U to member Pi as its private key. Here, the parameters n and s should be relatively balanced, that is,

给定n′阶Hadamard矩阵Hn′,计算矩阵并去除其首行首列元素生成的n′-1阶区组矩阵U,其中Jn′是n′阶全1矩阵,n′=4m,m是正整数。记Ui为区组矩阵U的第i行向量,有|Ui|=2m-1和|Ui∩Uj|=m-1。Given n′order Hadamard matrix H n′ , calculate the matrix And remove the n'-1 order block matrix U generated by its first row and first column elements, where J n' is an n' order full 1 matrix, n'=4m, and m is a positive integer. Denote U i as the i-th row vector of block matrix U, and there are |U i |=2m-1 and |U i ∩U j |=m-1.

Hadamard矩阵的构造常由递归构造或Paley构造两种方法(Ron M.Roth,Introduction to coding theory.Cambridge University Press 2006,ISBN978-0-521-84504-5,pp.I-XI,1-566.)。称n阶矩阵H为Hadamard矩阵,如果HHT=nI,其中HT为矩阵H的转置矩阵,n是矩阵的维数,I是单位矩阵。可以证明:Hadamard矩阵H的维数n的取值为1,2或4的倍数。Hadamard矩阵的维数具有严格的限制。在实际应用中,只关注于维数大于2的Hadamard矩阵。此时,维数n>2满足n≡0(mod 4),也就是说,存在正整数m使得n=4m。The construction of Hadamard matrix is usually constructed by recursive construction or Paley construction (Ron M. Roth, Introduction to coding theory. Cambridge University Press 2006, ISBN978-0-521-84504-5, pp.I-XI, 1-566. ). The matrix H of order n is called Hadamard matrix, if HH T =nI, where H T is the transpose matrix of matrix H, n is the dimension of the matrix, and I is the identity matrix. It can be proved that the dimension n of Hadamard matrix H is a multiple of 1, 2 or 4. The dimensions of Hadamard matrices have strict restrictions. In practical applications, we only focus on Hadamard matrices with dimensions greater than 2. At this time, the dimension n>2 satisfies n≡0(mod 4), that is, there exists a positive integer m such that n=4m.

递归构造方法可以构造维数为2的幂次的Hadamard矩阵:易于验证是2阶Hadamard矩阵;与此同时,如果Hn是n阶Hadamard矩阵,那么是2n阶Hadamard矩阵。因此,以2阶Hadamard矩阵为基础可以构造2的任意幂次阶的Hadamard矩阵。为了构造简单起见,参数生成过程中的Hadamard矩阵的维数n′可以选取2的幂次,由此递归构造就可解决Hadamard矩阵的构造。The recursive construction method can construct a Hadamard matrix whose dimension is a power of 2: easy to verify is a Hadamard matrix of order 2; at the same time, if H n is a Hadamard matrix of order n, then is a Hadamard matrix of order 2n. Therefore, Hadamard matrices of any power of 2 can be constructed on the basis of Hadamard matrices of order 2. For the sake of simple construction, the dimension n' of the Hadamard matrix in the parameter generation process can be selected as a power of 2, so the recursive construction can solve the construction of the Hadamard matrix.

Paley构造给出了一种更通用的Hadamard矩阵构造方法:该方法基于有限域上的二次剩余问题,其中有限域元素个数与1之和是4的倍数。The Paley construction gives a more general Hadamard matrix construction method: this method is based on the quadratic residue problem over finite fields, where the sum of the number of finite field elements and 1 is a multiple of 4.

(2)秘密分享阶段(2) Secret sharing stage

管理员依据区组矩阵U向成员Pi分发秘密分享值。管理员将区组矩阵U的第i个行向量Ui,设Ui=(ui,1,ui,2,…,ui,n′-1),生成秘密分享值如下:The administrator distributes secret sharing values to members Pi according to the block matrix U. The administrator takes the i-th row vector U i of the block matrix U, and sets U i =(u i,1 ,u i,2 ,…,u i,n′-1 ) to generate a secret sharing value as follows:

当ui,j=1时,管理员将密钥s的第j个比特发送给成员Pi作为向量的第j个元素,即si,j=sjWhen u i,j = 1, the administrator sends the jth bit of key s to member P i as a vector The jth element of , that is, s i,j = s j ;

当ui,j=0时,管理员随机地选取si,j∈{0,1}作为向量的第j个元素。When u i,j =0, the administrator randomly selects si ,j ∈{0,1} as the vector The jth element of .

图3给出了基于Hadamard矩阵H的秘密分享过程。在秘密分享阶段,成员Pi给定私钥Ui=(0,1,0,0,1,1,0),管理员将秘密比特s2,s3,s6发送给成员Pi,其他的比特位λi随机赋值0或1。Figure 3 shows the secret sharing process based on Hadamard matrix H. In the secret sharing phase, the member Pi gives the private key U i = (0,1,0,0,1,1,0), the administrator sends the secret bits s 2 , s 3 , s 6 to the member Pi , The other bits λ i are randomly assigned 0 or 1.

(3)秘密重构阶段(3) Secret reconstruction stage

当一组成员希望重构秘密s时,各成员提交各自的区组向量私钥和秘密分享向量重构算法计算密钥s′。假设成员个数为w,各成员能够唯一地恢复出密钥s当且仅当 as a group member When it is desired to reconstruct the secret s, each member submits its own block vector private key and secret sharing vector The reconstruction algorithm computes the key s'. Assuming that the number of members is w, each member can uniquely recover the key s if and only if

图4给出了基于Hadamard矩阵H的秘密重构过程。秘密重构时,根据成员的私钥恢复成员私钥比特为1的对应的秘密比特,图4恢复秘密比特s2,s3,s6。当一组成员联合重构密钥时,每个成员可以贡献其私钥对应的密钥比特,成员组能够重构密钥当且仅当在此秘密分享机制中,阈值r≤2m+1,其中n′=4m。也就是说,任意大于等于2m+1个成员一定能够成功地重构密钥s;当时,其中E[·]代表随机变量的期望值。也就是说,当任意u个成员均能够在期望意义下重构整个密钥s。Figure 4 shows the secret reconstruction process based on Hadamard matrix H. When the secret is reconstructed, the corresponding secret bits whose private key bit is 1 are recovered according to the member's private key, as shown in Figure 4, the secret bits s 2 , s 3 , and s 6 are recovered. When a group of members jointly reconstructs the key, each member can contribute the key bits corresponding to its private key, and the member group can reconstruct the key if and only if In this secret sharing mechanism, the threshold r≤2m+1, where n'=4m. That is to say, any member greater than or equal to 2m+1 must be able to successfully reconstruct the key s; when hour, Where E[·] represents the expected value of the random variable. That is, when Any u members can reconstruct the entire key s in the desired sense.

本发明适用于分布式计算环境下多方成员的秘密共享与隐私保护,基于Hadamard矩阵的秘密分享方法简单有效。管理员可以根据秘密空间和用户规模生成指定维数的Hadamard矩阵,而后生成区组关联矩阵,最终实现秘密分享与秘密重构,计算与存储效率较高,具有广阔的应用前景。The invention is suitable for secret sharing and privacy protection of multi-party members in a distributed computing environment, and the secret sharing method based on Hadamard matrix is simple and effective. Administrators can generate a Hadamard matrix of specified dimensions according to the secret space and user scale, and then generate a block association matrix, and finally realize secret sharing and secret reconstruction. The calculation and storage efficiency is high, and it has broad application prospects.

以上所述实施方式仅仅是对本发明的优选实施方式进行描述,并非对本发明的范围进行限定,在不脱离本发明设计精神的前提下,本领域普通技术人员对本发明的技术方案作出的各种变形和改进,均应落入本发明的权利要求书确定的保护范围内。The above-mentioned embodiments are only descriptions of the preferred embodiments of the present invention, and are not intended to limit the scope of the present invention. Without departing from the design spirit of the present invention, those skilled in the art may make various modifications to the technical solutions of the present invention. and improvements, all should fall within the scope of protection determined by the claims of the present invention.

Claims (8)

1. a kind of secret sharing method based on Hadamard matrixes, which is characterized in that include the following steps:
S1, key parameter being generated, administrator generates the Hadamard matrix Hs for specifying dimension according to key parameter, further according to Hadamard matrix Hs construct district's groups incidence matrix U;
S2, administrator are that each member generates corresponding secret sharing according to district's groups incidence matrix U;
S3, member are according to Secret Shares and district's groups incidence matrix U reconstruct secrets s.
2. a kind of secret sharing method based on Hadamard matrixes according to claim 1, it is characterised in that:It is described close Key parameter includes membership, secret value scale.
3. a kind of secret sharing method based on Hadamard matrixes according to claim 1, which is characterized in that S1 is specific Include the following steps:
S11, administrator determine secret parameter n ' according to secret Space Scale q and number of members n
S12, administrator are by secret s ∈ FqIt is converted into binary form
S13, construction n ' rank Hadamard matrix Hsn′
S14, -1 rank district's groups incidence matrix U of n ' are calculated;
Wherein, sjThe value of j-th of bit of secret s is represented, value is 0 or 1, the value range F of secret sq=0,1,2 ..., q- 1 } it is finite field, q is prime number.
4. a kind of secret sharing method based on Hadamard matrixes according to claim 3, which is characterized in that S11 institutes N ' is stated to be determined according to following manner:
5. a kind of secret sharing method based on Hadamard matrixes according to claim 3, which is characterized in that S14 institutes The generating mode for stating matrix U includes the following steps:
S141, according to n ' rank Hadamard matrix Hsn′, calculating matrix
S142, by matrixRemove i.e. -1 rank district's groups incidence matrix U of generation n ' of first element of first trip;
Wherein Jn′It is n ' rank all 1's matrixes, n '=4m, m are positive integers.
6. a kind of secret sharing method based on Hadamard matrixes according to claim 1, it is characterised in that:It is described The building method of Hadamard matrixes is that recurrence Construction or Paley are constructed.
7. a kind of secret sharing method based on Hadamard matrixes according to claim 1, which is characterized in that described in S2 Secret sharing include the following steps:
S21, administrator are by i-th of row vector U of district's groups matrix UiIf Ui=(ui,1,ui,2,…,ui,n′-1), generate secret sharing Value
S22, work as ui,jWhen=1, j-th of bit of key s is sent to member P by administratoriAs vectorJ-th of element, That is si,j=sj;Work as ui,jWhen=0, administrator randomly chooses si,j∈ { 0,1 } is as vectorJ-th of element.
8. a kind of secret sharing method based on Hadamard matrixes according to claim 1, which is characterized in that described in S3 Secret reconstruct include the following steps:
S31, wish to reconstruct each member P of secret siSubmit respective district's groups vector UiPrivate key and secret sharing vector
S32, each member contribute the corresponding key bit of its private key;
S33, whenWhen, member's group can reconstruct secret s;
Wherein w is to wish to reconstruct secret membership.
CN201810129424.6A 2018-02-08 2018-02-08 Secret sharing method based on Hadamard matrix Pending CN108418810A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810129424.6A CN108418810A (en) 2018-02-08 2018-02-08 Secret sharing method based on Hadamard matrix

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810129424.6A CN108418810A (en) 2018-02-08 2018-02-08 Secret sharing method based on Hadamard matrix

Publications (1)

Publication Number Publication Date
CN108418810A true CN108418810A (en) 2018-08-17

Family

ID=63128008

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810129424.6A Pending CN108418810A (en) 2018-02-08 2018-02-08 Secret sharing method based on Hadamard matrix

Country Status (1)

Country Link
CN (1) CN108418810A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110546642A (en) * 2018-10-17 2019-12-06 阿里巴巴集团控股有限公司 secure multi-party computing without using trusted initializer
CN111147244A (en) * 2019-12-30 2020-05-12 深圳前海微众银行股份有限公司 Multi-party secret sharing method, device and readable storage medium
WO2020233137A1 (en) * 2019-05-23 2020-11-26 创新先进技术有限公司 Method and apparatus for determining value of loss function, and electronic device
US10956597B2 (en) 2019-05-23 2021-03-23 Advanced New Technologies Co., Ltd. Loss function value determination method and device and electronic equipment
CN113434886A (en) * 2021-07-01 2021-09-24 支付宝(杭州)信息技术有限公司 Method and device for jointly generating data tuples for security calculation
CN114630319A (en) * 2022-03-16 2022-06-14 黄文孝 Power transmission and transformation monitoring data safety management system and method for smart power grid

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102142957A (en) * 2010-09-17 2011-08-03 华为技术有限公司 Data encryption method and device, and communication facility with data encryption function
US20110228938A1 (en) * 2010-03-16 2011-09-22 Telcordia Technologies, Inc. Multi-bit cryptographically secure encryptor for m-ary spectral phase encoder optical code division multiple access
CN103871017A (en) * 2014-03-25 2014-06-18 北京工业大学 Novel image encryption method based on quantum hash function
CN107113169A (en) * 2015-01-09 2017-08-29 巴黎矿业电信学院 Come from the communication with permanent security that short term security encrypts quantum communications
CN107317676A (en) * 2017-04-26 2017-11-03 中南大学 Method for distributing key based on quantum figure state

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110228938A1 (en) * 2010-03-16 2011-09-22 Telcordia Technologies, Inc. Multi-bit cryptographically secure encryptor for m-ary spectral phase encoder optical code division multiple access
CN102142957A (en) * 2010-09-17 2011-08-03 华为技术有限公司 Data encryption method and device, and communication facility with data encryption function
CN103871017A (en) * 2014-03-25 2014-06-18 北京工业大学 Novel image encryption method based on quantum hash function
CN107113169A (en) * 2015-01-09 2017-08-29 巴黎矿业电信学院 Come from the communication with permanent security that short term security encrypts quantum communications
CN107317676A (en) * 2017-04-26 2017-11-03 中南大学 Method for distributing key based on quantum figure state

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
HUAIXI WANG: "A Secret Sharing Scheme from Hadamard Matrix", 《2017 IEEE 17TH INTERNATIONAL CONFERENCE ON COMMUNICATION TECHNOLOGY》 *

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110546642A (en) * 2018-10-17 2019-12-06 阿里巴巴集团控股有限公司 secure multi-party computing without using trusted initializer
WO2020233137A1 (en) * 2019-05-23 2020-11-26 创新先进技术有限公司 Method and apparatus for determining value of loss function, and electronic device
US10956597B2 (en) 2019-05-23 2021-03-23 Advanced New Technologies Co., Ltd. Loss function value determination method and device and electronic equipment
CN111147244A (en) * 2019-12-30 2020-05-12 深圳前海微众银行股份有限公司 Multi-party secret sharing method, device and readable storage medium
CN111147244B (en) * 2019-12-30 2021-07-09 深圳前海微众银行股份有限公司 Multi-party secret sharing method, device and readable storage medium
CN113434886A (en) * 2021-07-01 2021-09-24 支付宝(杭州)信息技术有限公司 Method and device for jointly generating data tuples for security calculation
CN113434886B (en) * 2021-07-01 2022-05-17 支付宝(杭州)信息技术有限公司 Method and device for jointly generating data tuples for secure computation
CN114630319A (en) * 2022-03-16 2022-06-14 黄文孝 Power transmission and transformation monitoring data safety management system and method for smart power grid

Similar Documents

Publication Publication Date Title
CN108418810A (en) Secret sharing method based on Hadamard matrix
Norouzi et al. An image encryption algorithm based on DNA sequence operations and cellular neural network
CN110008717A (en) Support the decision tree classification service system and method for secret protection
CN110557245A (en) Method and system for fault-tolerant and secure multi-party computation in SPDZ
CN108880782B (en) A secret calculation method of the minimum value under a cloud computing platform
CN117440103B (en) Privacy data processing method and system based on homomorphic encryption and space optimization
Cui et al. An efficient attribute-based multi-keyword search scheme in encrypted keyword generation
CN109962769A (en) Data security deduplication method based on threshold blind signature
Rahimi et al. Multi-party proof generation in qap-based zk-snarks
CN118984216B (en) Medical data secure sharing method based on-grid updatable agent re-encryption
CN105025021A (en) An Attribute-Based Encryption Method for Access Strategies in Principal Disjunctive Normal Form on Lattice
CN107425972B (en) Graded encryption method based on identity
Khajouei-Nejad et al. Reducing the computational complexity of fuzzy identity-based encryption from lattice
CN115865302B (en) A privacy-preserving multi-matrix multiplication method
Xu et al. Cryptanalysis of countermeasures against multiple transmission attacks on NTRU
Wu et al. Identity-based threshold proxy re-encryption scheme from lattices and its applications
Gorbenko et al. Analysis of asymmetric NTRU prime IIT Ukraine encryption algorithm with regards to known attacks
CN112087306B (en) A method for establishing identity identification protocol for quantum computing security
CN113343258A (en) Attribute-based agent re-encryption method applicable to lattice-based ciphertext strategy shared by body test result cloud
Yan et al. Application of random elements in ISS
CN114244567A (en) CP-ABE method for supporting circuit structure in cloud environment
Yu et al. Toward Efficient Secure Threat Information Analysis in Cyber‐Physical Systems
Bezzateev et al. Continuous Authentication in a UAVs Swarm
Wang et al. Privacy-Preserving Publicly Verifiable Outsourced Distributed Computation Scheme for Matrix Multiplication
TWI783804B (en) Shares generation system based on linear integer secret sharing and method thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20180817