[go: up one dir, main page]

CN117857008B - Data processing method of torus fully homomorphic encryption algorithm based on integer bootstrapping - Google Patents

Data processing method of torus fully homomorphic encryption algorithm based on integer bootstrapping Download PDF

Info

Publication number
CN117857008B
CN117857008B CN202311686527.XA CN202311686527A CN117857008B CN 117857008 B CN117857008 B CN 117857008B CN 202311686527 A CN202311686527 A CN 202311686527A CN 117857008 B CN117857008 B CN 117857008B
Authority
CN
China
Prior art keywords
ciphertext
algorithm
key
bootstrap
integer
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202311686527.XA
Other languages
Chinese (zh)
Other versions
CN117857008A (en
Inventor
蒋琳
黄熠
方俊彬
万俊平
陈宇月
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Harbin Institute Of Technology shenzhen Shenzhen Institute Of Science And Technology Innovation Harbin Institute Of Technology
Jinan University
Original Assignee
Harbin Institute Of Technology shenzhen Shenzhen Institute Of Science And Technology Innovation Harbin Institute Of Technology
Jinan University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Harbin Institute Of Technology shenzhen Shenzhen Institute Of Science And Technology Innovation Harbin Institute Of Technology, Jinan University filed Critical Harbin Institute Of Technology shenzhen Shenzhen Institute Of Science And Technology Innovation Harbin Institute Of Technology
Priority to CN202311686527.XA priority Critical patent/CN117857008B/en
Publication of CN117857008A publication Critical patent/CN117857008A/en
Application granted granted Critical
Publication of CN117857008B publication Critical patent/CN117857008B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/008Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Complex Calculations (AREA)

Abstract

本发明公开了一种基于整数自举的环面全同态加密算法的数据处理方法,方法为:客户端根据安全参数调用密钥生成算法生成自身密钥、自举密钥和转换密钥,并将自举密钥和转换密钥发送给云端服务器,自身密钥本地保存;客户端调用加密算法使用自身密钥对明文数据进行加密操作得到密文传输给云端服务器;云端服务器根据客户端提供的评估函数、自举密钥及转换密钥对密文执行评估算法得到密文状态下的评估结果发回客户端;客户端根据自身密钥调用解密算法对密文状态下的评估结果进行解密操作获得明文数据的评估结果。本发明重新设计自举算法实现支持整数级数据的自举算法,大大提高了计算效率;同时支持整数级数据的非线性函数运算,减少了方案复杂度。

The present invention discloses a data processing method of a torus fully homomorphic encryption algorithm based on integer bootstrapping, the method being: the client calls a key generation algorithm according to security parameters to generate its own key, bootstrap key and conversion key, and sends the bootstrap key and conversion key to a cloud server, and the own key is stored locally; the client calls an encryption algorithm to use its own key to perform encryption operations on plaintext data to obtain ciphertext and transmit it to the cloud server; the cloud server performs an evaluation algorithm on the ciphertext according to the evaluation function, bootstrap key and conversion key provided by the client to obtain an evaluation result in the ciphertext state and sends it back to the client; the client calls a decryption algorithm according to its own key to perform a decryption operation on the evaluation result in the ciphertext state to obtain the evaluation result of the plaintext data. The present invention redesigns the bootstrap algorithm to implement a bootstrap algorithm that supports integer-level data, greatly improving the computational efficiency; at the same time, it supports nonlinear function operations on integer-level data, reducing the complexity of the scheme.

Description

Data processing method of torus full homomorphic encryption algorithm based on integer bootstrapping
Technical Field
The invention belongs to the technical field of data security and data processing, and particularly relates to a data processing method of a torus full homomorphic encryption algorithm based on integer bootstrapping.
Background
The idea of homomorphic encryption can be traced back to 1978 at the earliest, which means that homomorphic operation is performed on homomorphic encrypted data to obtain an output, and the output is decrypted, and the result is the same as the output result obtained by processing unencrypted original data by the same method. This process can be simply understood as homomorphic encryption can operate under ciphertext, and this property makes homomorphic encryption very suitable for privacy protection in cloud computing mode. The homomorphic encryption is applied to the cloud computing mode, the data processing right and the data ownership can be separated, the client side has the data ownership, and the cloud server has the data processing right. The client encrypts the local privacy data and then uploads the encrypted privacy data to the cloud server, the cloud server can perform large-scale operation on the ciphertext, the ciphertext operation result is sent back to the client, the client can obtain the operated result after decryption, and therefore the client can utilize the calculation power of the cloud server while preventing the privacy data from being revealed.
The homomorphic encryption refers to an encryption scheme capable of carrying out addition homomorphic encryption and multiplication homomorphic encryption, and the torus homomorphic encryption is the most commonly used and fastest homomorphic encryption scheme at present, which expands the message space to the torus and can carry out gate operation on the homomorphic data of the Boolean type. But there are also corresponding drawbacks: on one hand, the toroidal homomorphic encryption scheme only supports homomorphic operation on the Boolean type data of the bit level, so that the integer data needs to be encoded into a plurality of bits for bit-by-bit operation, and bootstrap algorithm needs to be carried out for each operation, which is very time-consuming; on the other hand, in order to ensure security, the torus full homomorphic encryption scheme prevents decryption by malicious adversaries, so probability noise is introduced during encryption, and noise is increased sharply in an evaluation function, so that decryption failure is caused.
In the prior art, researchers propose a boolean-level torus isohomomorphic encryption scheme, which is an isomorphic encryption scheme based on torus, and performs gate operation on boolean data, and can perform bootstrap while performing gate operation; although the scheme can realize nonlinear operations such as ReLU, max and the like through gate operation, only Boolean data can be supported, and bit-by-bit homomorphic operation is carried out on an integer data to be encoded into a bit string, so that the efficiency is low; in addition, when nonlinear operations such as ReLU and Max are realized through gate operation, a circuit with a complex structure is needed to realize, and the calculation efficiency is low. The other Cheon-Kim-Kim-Song scheme (CKKS scheme for short) is an isomorphic encryption scheme capable of homomorphic approximation calculation, supports floating point addition and multiplication homomorphic operation aiming at real numbers or complex numbers, and obtains an approximation value as a calculation result; although CKKS schemes can support integer data operations, for nonlinear operations such as ReLU and Max, homomorphic approximate calculation needs to be performed by constructing linear polynomials, and in order to ensure the accuracy after approximation, high-order polynomials often need to be constructed, so that the calculation cost is greatly increased.
Disclosure of Invention
Aiming at the problems of low efficiency, high calculation cost and the like of the existing torus homomorphic encryption scheme, the invention provides a data processing method of a torus homomorphic encryption algorithm based on integer bootstrapping, which expands the support data type from Boolean level to integer level, realizes the high-efficiency bootstrapping algorithm for the integer level data, reduces the complexity of the method, simplifies the operation process and greatly improves the calculation efficiency.
In order to achieve the above purpose, the present invention adopts the following technical scheme:
in one aspect, a data processing method of a torus homomorphic encryption algorithm based on integer bootstrapping is provided, wherein the torus homomorphic encryption algorithm of the integer bootstrapping comprises a key generation algorithm, an encryption algorithm, an evaluation algorithm and a decryption algorithm; the plaintext space of the integer bootstrapping torus full homomorphic encryption algorithm is The accuracy of the data is determined by the data,Is a natural number set; the ciphertext space isA. b is two components of the ciphertext, n represents the dimension of a,Torus of real numbers between 0 and 1;
The data processing method comprises the following steps:
The client calls a key generation algorithm KeyGen (1 λ) according to the security parameters, generates a self key sk, a bootstrap key bk and a conversion key ks, and sends the bootstrap key bk and the conversion key ks to the cloud server, and the self key sk is stored locally; the dimensions of the self key sk, the bootstrap key bk and the conversion key ks are all n;
The client calls an encryption algorithm Enc (m, sk) and uses a self secret key sk to encrypt plaintext data m E { B, & gt, B-1} to obtain ciphertext c and transmit the ciphertext c to the cloud server; the plaintext data comprises Boolean-level plaintext data and integer-level plaintext data;
The cloud server executes an evaluation algorithm Eval (c, bk, ks, f) on the ciphertext c according to an evaluation function f, a bootstrap key bk and a conversion key ks provided by the client, and an evaluation result c' in the ciphertext state is obtained and sent back to the client; the evaluation algorithm comprises an integer bootstrapping algorithm and a key conversion algorithm; the evaluation function f provided by the client comprises a nonlinear evaluation function and a linear evaluation function; and the client calls a decryption algorithm Dec (c ', sk) according to the self secret key sk to decrypt the evaluation result c' in the ciphertext state, so as to obtain an evaluation result of plaintext data.
As a preferable technical solution, the encryption operation specifically includes:
Taking a random noise e and a random mask from a gaussian distribution Returning ciphertext c= (a, b) satisfying b=sk·a+m/2b+e;
The decryption operation is specifically as follows:
obtaining 2Be+f (m) through 2B (B-sk.a), and obtaining corresponding plaintext f (m) through up-and-down rounding and decryption, namely
As an optimal technical scheme, the evaluation algorithm Eval (c, bk, ks, f) firstly transmits a large-noise ciphertext c of plaintext data m, a bootstrap key bk, a dimension parameter N and an evaluation function f into an integer bootstrap algorithm to obtain a small-noise ciphertext c'; and then, executing a conversion algorithm on the small-noise ciphertext c 'according to the conversion key, and converting the key of the small-noise ciphertext c' into sk.
As a preferable technical solution, the specific implementation of the integer bootstrapping algorithm is as follows:
Initializing a polynomial testv=μ01X-12X-2+…+μN-1X-(N-1)=μ0N-1X-μN-2X2-…-μ1XN-1∈TN[X],N in a 2N space as a polynomial dimension parameter according to an evaluation function f; { μ 0,…,μN-1 } is the coefficient set of the initialization polynomial, satisfying μ j×i =f (i), j= {0, …, N/B }, i= {0, …, B-1};
Taking the 2N space as 2N grooves which are connected end to end and dividing the 2N grooves into 2B parts;
Placing all slots in k into f (k), and placing all slots in k+b into-f (k), wherein k= {0, B-1}, f (k) is the output of the evaluation function f when the input is k, due to the non-negativity of the polynomial;
And (5) plaintext rotation: logically leftwards shifting the polynomial coefficient, shifting b bits to obtain a polynomial ACC after plaintext rotation, wherein the plaintext rotation formula is as follows: acc= (0, testv) ·x b;
Ciphertext rotation: performing ciphertext rotation by using an outer product operation according to the polynomial ACC after plaintext rotation and the bootstrap key bk to obtain a polynomial ACC1 after ciphertext rotation; the input of the outer product operation is two ciphertexts C m1、Cm2, and the output is a ciphertexts C m1×m2; the ciphertext rotation formula is: Wherein h is ciphertext of 1; a i is the ith component in ciphertext a; Representing shifting the polynomial logic by-a i bits, i.e., shifting the logic right by a i bits; bk i is the ith component of the bootstrap key bk; is the outer product; the ciphertext is rotated repeatedly for n times, after each rotation, a polynomial ACC1 is assigned to the polynomial ACC, and n is the dimension of a and a bootstrap key bk in the ciphertext;
and extracting constant term coefficients of the polynomial ACC1 after the ciphertext rotation, and outputting the extracted constant term coefficient ciphertext.
As a preferable technical scheme, the evaluation algorithm realizes a plurality of basic nonlinear operation algorithms on an integer bootstrap algorithm; the basic nonlinear operation algorithm comprises a Sign operation algorithm, a Iden operation algorithm, a EqalConst operation algorithm and a MultBin operation algorithm;
The input of the Sign operation algorithm is a large-noise ciphertext Cm in,Cmin which represents a ciphertext of a plaintext m in, m in epsilon-B, & gt, B-1, and the output is a small-noise ciphertext Cm out, so that m out = -1 when m in epsilon-B+1, & gt, -1} is satisfied, m out =0 when m in epsilon-B, 0} is satisfied, and m out=1;mout when m in epsilon-1, & gt, B-1 is the plaintext of the small-noise ciphertext Cm out;
The input of Iden operation algorithm is a large noise ciphertext Cm in, and the output is a small noise ciphertext Cm out, so that m out=min is satisfied;
The input of the EqalConst operation algorithm is a large-noise ciphertext Cm 1 and a plaintext m 2,m1、m2∈{-B,...,B-1},m2 which are generated by the cloud server, and the output is a small-noise ciphertext Cm out, so that m out = -B when m 1=m2 is met, otherwise, m out =0;
The input of MultBin operation algorithm is a large noise ciphertext Cm int and Cm bin,mint epsilon-B, the term "B-1" represents plaintext data of a large noise ciphertext Cm int, m bin epsilon-B, 0} represents plaintext data of a large noise ciphertext Cm bin, and the output is a small noise ciphertext Cm out, so that m out=mint when m bin epsilon-B is satisfied, otherwise m out =0.
As an preferable technical scheme, the Sign operation algorithm specifically comprises the following implementation processes:
Designing a nonlinear evaluation function f sign (x), f sign (x) =1 when x∈ {1,., B-1} and f sign (x) =0 when x=0;
The large-noise ciphertext Cm in and the nonlinear evaluation function f sign (x) are transmitted into an integer bootstrap algorithm and output as a small-noise ciphertext Cm out;
the Iden operation algorithm comprises the following specific implementation processes:
Designing a nonlinear evaluation function f iden (x), f iden (x) =x when x e { -B,..b-1 };
The large-noise ciphertext Cm in and the nonlinear evaluation function f iden (x) are transmitted into an integer bootstrap algorithm and output as a small-noise ciphertext Cm out;
The EqalConst operation algorithm comprises the following specific implementation processes:
Designing a nonlinear evaluation function f eqal (x), when x=0, f eqal (x) = -B, otherwise f eqal (x) =0;
Generating a ciphertext (0, m 2/2B) for m 2, and obtaining ciphertext C tmp=Cm1-(0,m2/2B);
the ciphertext C tmp and the nonlinear evaluation function f eqal (x) are transmitted into an integer bootstrap algorithm, and a small-noise ciphertext Cm out is output;
The MultBin operation algorithm comprises the following specific implementation processes:
Designing a nonlinear evaluation function f half (x), wherein f half (x) =x/2 when x is even, otherwise f half (x) = - (x+1)/2- (B-1)/2;
Generating ciphertext C tmp1=Cmint+Cmbin + (0, -B/2B); inputting the ciphertext C tmp1 into a Iden operation algorithm to output ciphertext C tmp2;
Generating ciphertext C tmp3=Cmint+Ctmp2; ciphertext C tmp3 and nonlinear evaluation function f half (x) are input into an integer bootstrapping algorithm and output as a small noise ciphertext Cm out.
As a preferable technical solution, the nonlinear evaluation function includes a Sign operation function, iden operation function, eqalConst operation function, multBin operation function, reLU operation function, and Max operation function; the Sign operation function, iden operation function, eqalConst operation function and MultBin operation function are directly realized by calling the corresponding basic nonlinear operation algorithm;
the ReLU operation function and the Max operation function are realized by combining basic nonlinear operation algorithms;
the input of the ReLU operation function is a large noise ciphertext Cm in,min e { -B, & gt, B-1}, the output is a small noise ciphertext Cm out, satisfying m out=frelu(min), m out=min when m in >0, otherwise m out = 0; the specific implementation process of the ReLU operation function is as follows:
invoking a Sign operation algorithm and a Iden operation algorithm to respectively execute operation on the ciphertext Cm in to obtain a ciphertext C tmp1 and a ciphertext C tmp2;
Executing EqalConst operation algorithm on ciphertext C tmp1 and plaintext data 1 to obtain ciphertext C tmp3;
Inputting the ciphertext C tmp2 and C tmp3 into a MultBin operation algorithm, and outputting a small-noise ciphertext Cm out;
The input of the Max operation function is a large noise ciphertext pair (Cm x,Cmy),(mx,my) epsilon-B, & gt, B-1, and the output is a small noise ciphertext Cm out, m out=fmax(mx,my is satisfied), m out=mx is m x≥my, otherwise m out=my; the specific implementation process of the Max operation function is as follows:
Generating ciphertext C tmp1=Cmx-Cmy, generating ciphertext C (-m y) for Cm y;
Executing a Sign operation algorithm on the ciphertext C tmp1 to obtain a ciphertext C tmp2;
Inputting the ciphertext C tmp2 and the plaintext data 1 into a EqalConst operation algorithm to perform operation to obtain ciphertext C tmp3;
inputting the ciphertext C tmp2 and the plaintext data-1 into a EqalConst operation algorithm for operation to obtain ciphertext C tmp4;
Performing Iden operation algorithm on the ciphertext Cm x and the ciphertext C (-m y) to obtain a ciphertext C tmp5 and a ciphertext C tmp6;
Invoking MultBin an operation algorithm to operate on the ciphertext C tmp3 and the ciphertext C tmp5 to obtain a ciphertext C tmp7; invoking MultBin an operation algorithm to operate on the ciphertext C tmp4 and the ciphertext C tmp6 to obtain a ciphertext C tmp8;
ciphertext C tmp7 is added to ciphertext C tmp8 to yield a low noise ciphertext Cm out.
On the other hand, a data processing system based on the whole-number bootstrapping ring surface full homomorphic encryption algorithm is provided, and the data processing system is applied to the whole-number bootstrapping ring surface full homomorphic encryption algorithm based data processing method, and comprises a key generation module, an encryption transmission module, an evaluation execution module and a decryption transmission module;
the key generation module is used for calling a key generation algorithm Key Gen (1 λ) according to the security parameters by the client, generating a self key sk, a bootstrap key bk and a conversion key ks, sending the bootstrap key bk and the conversion key ks to the cloud server, and locally storing the self key sk; the dimensions of the self key sk, the bootstrap key bk and the conversion key ks are all n;
The encryption transmission module is used for a client to call an encryption algorithm Enc (m, sk) and uses a self secret key sk to encrypt plaintext data m epsilon-B, the first place, B-1, and ciphertext c is obtained and transmitted to the cloud server; the plaintext data comprises Boolean-level plaintext data and integer-level plaintext data;
the evaluation execution module is used for executing an evaluation algorithm Eval (c, bk, ks, f) on the ciphertext c according to an evaluation function f, a bootstrap key bk and a conversion key ks provided by the client to obtain an evaluation result c 'in the ciphertext state and sending the evaluation result c' back to the client; the evaluation algorithm comprises an integer bootstrapping algorithm and a key conversion algorithm; the evaluation function f provided by the client comprises a nonlinear evaluation function and a linear evaluation function;
The decryption transmission module is used for the client to call a decryption algorithm Dec (c ', sk) according to the self secret key sk to decrypt the evaluation result c' under the ciphertext state, and the evaluation result of the plaintext data is obtained.
A further aspect provides an electronic device, comprising:
At least one processor; and a memory communicatively coupled to the at least one processor; wherein,
The memory stores computer program instructions executable by the at least one processor to enable the at least one processor to perform the data processing method of the integer bootstrapping-based torus homomorphic encryption algorithm described above.
In yet another aspect, a computer readable storage medium is provided, in which a program is stored, where the program, when executed by a processor, implements the data processing method of the torus homomorphic encryption algorithm based on integer bootstrapping.
Compared with the prior art, the invention has the following advantages and beneficial effects:
1. The full homomorphic encryption algorithm based on integer bootstrapping provided by the invention directly supports integer-level data, and is simple in operation: the nonlinear function ReLU function and the comparison function Max function supporting integer data designed by the invention use integer bootstrap instead of the bootstrap algorithm only supporting Boolean data in the prior art. Therefore, in the operation process of the ReLU function and the Max function, the operation process is simplified, and the calculation time is reduced.
2. The computational complexity is independent of the data accuracy: the nonlinear function ReLU function and the comparison function Max function supporting the integer data designed by the invention do not need to encode the integer data in the operation process, and do not need to carry out bit-by-bit operation on the data, namely the calculation complexity does not depend on the precision of the data any more, and the calculation complexity is independent of the precision of the data, thereby improving the calculation efficiency.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings required for the description of the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments of the present application, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flowchart of a data processing method of a torus full homomorphic encryption algorithm based on integer bootstrapping in an embodiment of the present invention.
Fig. 2 is a torus schematic diagram of a conventional torus isomorphic encryption scheme according to an embodiment of the present invention.
Fig. 3 is a noise diagram of the conventional torus isomorphic encryption scheme according to an embodiment of the present invention.
Fig. 4 is an operation schematic diagram of an integer bootstrap algorithm in an embodiment of the present invention.
FIG. 5 is a block diagram of a data processing system of a torus full homomorphic encryption algorithm based on integer bootstrapping in an embodiment of the present invention.
Fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the invention.
Detailed Description
In order to enable those skilled in the art to better understand the present application, the following description will make clear and complete descriptions of the technical solutions according to the embodiments of the present application with reference to the accompanying drawings. It will be apparent that the described embodiments are only some, but not all, embodiments of the application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
Reference in the specification to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment may be included in at least one embodiment of the application. The appearances of such phrases in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. Those of skill in the art will explicitly and implicitly appreciate that the described embodiments of the application may be combined with other embodiments.
The technology mentioned in the present application is first described for explanation, wherein:
homomorphic encryption: an encryption method is provided, which satisfies the requirement that homomorphic operation is performed on homomorphic encrypted data to obtain an output, and the output is decrypted, and the result is the same as the output result obtained by processing unencrypted original data by the same method.
Full homomorphic encryption: the encryption method can simultaneously meet the requirements of addition homomorphic encryption and multiplication homomorphic encryption.
Bootstrapping: the key of the full homomorphic encryption method is the most time-consuming algorithm, so that the noise of the ciphertext can be reduced in the ciphertext state, and the ciphertext after noise reduction and the ciphertext before noise reduction can be decrypted, and the decryption result is the same.
Toroidal isomorphic encryption: the full homomorphic encryption method based on the torus performs gate operation on Boolean data, can perform bootstrap while performing gate operation, and is the fastest full homomorphic encryption method at present.
Plaintext space, ciphertext space: the value range of the plaintext and the value range of the ciphertext.
As shown in fig. 1, the embodiment provides a data processing method of a torus full homomorphic encryption algorithm based on integer bootstrapping, which includes the following steps:
The client calls a key generation algorithm KeyGen (1 λ) according to the security parameters, generates a self key sk, a bootstrap key bk and a conversion key ks, and sends the bootstrap key bk and the conversion key ks to the cloud server, and the self key sk is stored locally; the dimensionalities of the self secret key sk, the bootstrap secret key bk and the conversion secret key ks are all n;
the client calls an encryption algorithm Enc (m, sk) and uses a self secret key sk to encrypt plaintext data m E { B, & gt, B-1} to obtain ciphertext c and transmit the ciphertext c to the cloud server; the plaintext data comprises boolean-level plaintext data and integer-level plaintext data;
The cloud server executes an evaluation algorithm Eval (c, bk, ks, f) on the ciphertext c according to an evaluation function f, a bootstrap key bk and a conversion key ks provided by the client, and an evaluation result c' in the ciphertext state is obtained and sent back to the client; the evaluation algorithm comprises an integer bootstrap algorithm and a key conversion algorithm; the evaluation function f provided by the client comprises a nonlinear evaluation function and a linear evaluation function;
And the client calls a decryption algorithm Dec (c ', sk) according to the self secret key sk to decrypt the evaluation result c' in the ciphertext state, so as to obtain an evaluation result of plaintext data.
In the prior art, the fully homomorphic encryption is only performed on the Boolean data, but the fully homomorphic encryption of the integer-level plaintext data is realized by expanding the support data type from the Boolean level to the integer level, so that the Boolean data will not be described in detail in the application. In this embodiment, taking integer-level plaintext data 6 as an example for illustration, firstly, a client calls a key generation algorithm to obtain a self key sk, a bootstrap key bk and a conversion key ks; and then the client encrypts the integer-level plaintext data 6, generates ciphertext thereof and sends the ciphertext to the cloud server. And the cloud server executes an evaluation algorithm on the ciphertext of the 6 according to the evaluation function f, the bootstrap key bk and the conversion key ks, and sends an evaluation result of the ciphertext form back to the client. The client decrypts the ciphertext evaluation result according to the self secret key sk, and the result f (6) of the plaintext data 6 after evaluation can be obtained.
In the prior art, torus full homomorphic encryption is the most commonly used and fastest homomorphic encryption scheme at present; the torus full homomorphic encryption expands the message space to the torus, and can homomorphic gate the Boolean type data. Torus refers to any real number between 0 and 1, symbolized byAnd (3) representing. FIG. 2 shows ciphertext in torus homomorphic encryption, ciphertext represented by 1/8 as 1, and ciphertext represented by-1/8 as 0. In the toroidal isomorphic encryption scheme, the plaintext space isCiphertext space isN represents the dimension. It is noted that, since the existing torus homomorphic encryption scheme only supports homomorphic operation on bit-level boolean data, it is necessary to encode multiple bits for integer-level plaintext data, and operate bit-by-bit. In the operation process, in order to ensure the security, the decryption by malicious adversaries is prevented, so that the secret contains probabilistic noise. Just as noise is contained, the ciphertext of 1 shown in fig. 2 is not a distinct value, but a segment. And since noise is introduced in the encryption step, the noise increases sharply in the evaluation function, resulting in decryption failure. FIG. 3 illustrates the noise problem of a torus homomorphic encryption scheme, wherein the left hand side of FIG. 3 is a circuit diagram of a plaintext evaluation function, with the numbers in the diamond representing plaintext; the right side of fig. 3 is a circuit diagram of an evaluation function under ciphertext, a circle represents ciphertext after plaintext encryption, and the degree of ambiguity of numbers in the circle represents the noise level. Assuming that the plaintext can be seen through the ciphertext, namely the plaintext can be seen clearly from the beginning in the right graph, because the noise is very small at the beginning, but the ciphertext noise is increased and the plaintext in the circle becomes more blurred after each circuit operation; after a certain number of circuit calculations, the plaintext of the last several circles becomes very blurred, and the plaintext inside cannot be distinguished, i.e. the original plaintext cannot be recovered when decrypting the ciphertext, so that decryption failure is caused. In order to solve the noise problem, the existing torus homomorphic encryption scheme introduces a bootstrap algorithm in an evaluation function for reducing ciphertext noise; however, the homomorphic gate operation is only carried out on the Boolean data, and a complex and high-order polynomial is required to be constructed when nonlinear operation is carried out, so that the calculation cost is greatly increased, and the calculation efficiency is reduced.
Based on the problems, the invention designs a torus full homomorphic encryption algorithm supporting integer bootstrapping, the plaintext space is The accuracy of the data is determined by the data,Is a natural number set; the ciphertext space isA. b is two components of the ciphertext, n represents the dimension of a,Torus of real numbers between 0 and 1. The torus homomorphic encryption algorithm of the integer bootstrapping comprises a key generation algorithm, an encryption algorithm, an evaluation algorithm and a decryption algorithm, wherein:
Key generation algorithm KeyGen (1 λ): the security parameter λ is input, and a self Key sk, a bootstrap Key bk (Bootstrapping Key), and a conversion Key ks (Key-SWITCHING KEY) are generated.
Encryption algorithm Enc (m, sk): and inputting plaintext data m and a self secret key sk, and encrypting to obtain ciphertext c. Specifically, the operation of the encryption algorithm is specifically: taking a random noise e and a random mask from a gaussian distributionReturning ciphertext c= (a, b) satisfying b=sk·a+m/2b+e.
Decryption algorithm Dec (c', sk): inputting an evaluation result c 'and a self secret key sk of plaintext data m in a ciphertext state after an evaluation algorithm, and outputting a plaintext f (m) of the evaluation result c'; the decryption algorithm specifically comprises the following operations: obtaining 2Be+f (m) through 2B (B-sk.a), and obtaining corresponding plaintext f (m) through up-and-down rounding and decryption, namely
Evaluation algorithm Eval (c, bk, ks, f): and inputting a ciphertext c, a bootstrap key bk, a conversion key ks and an evaluation function f, and outputting an evaluation result c 'of the ciphertext c, wherein the ciphertext c is the ciphertext of the plaintext data m, and the ciphertext c' is the ciphertext of the ciphertext c evaluated by an evaluation algorithm.
Further, after the ciphertext is transmitted to the cloud server, an evaluation algorithm Eval (c, bk, ks, f) is executed: firstly, a large-noise ciphertext c of plaintext data m, a bootstrap key bk, a dimension parameter N and an evaluation function f are transmitted into an integer bootstrap algorithm to obtain a small-noise ciphertext c'; and then, executing a conversion algorithm on the small-noise ciphertext c 'according to the conversion key, and converting the key of the small-noise ciphertext c' into sk.
In the present invention, the evaluation algorithm includes two sub-algorithms: the integer bootstrapping algorithm and the key conversion algorithm are the core of the torus full homomorphic encryption algorithm supporting the integer bootstrapping.
The specific implementation process of the integer bootstrapping algorithm designed in the invention is as follows:
Initializing a polynomial testv=μ01X-12X-2+…+μN-1X-(N-1)=μ0N-1X-μN-2X2-…-μ1XN-1∈TN[X],N in a space of 2N as a polynomial dimension parameter according to an evaluation function f; { μ 0,…,μN-1 } is the coefficient set of the initialization polynomial, satisfying μ j×i =f (i), j= {0, …, N/B }, i= {0, …, B-1};
When operating a polynomial of dimension N in a 2N space, the 2N space can be understood as 2N end-to-end slots, which can be divided into 2B shares due to plaintext m e { -B.
Placing all slots in k into f (k), and placing all slots in k+b into-f (k), wherein k= {0, B-1}, f (k) is the output of the evaluation function f when the input is k, due to the non-negativity of the polynomial; as shown in fig. 4, when b=5, 2N slots are divided into 2×5 parts, i.e., k=0, 1,2,3,4; all slots in part 0 were then placed in f (0), -all slots in part 4 were placed in f (4), -all slots in part 0+5 were placed in-f (0), -all slots in part 4+5 were placed in-f (4).
And (5) plaintext rotation: the polynomial coefficient is logically shifted left and b bits are shifted, at the moment, the coefficient of the polynomial is ciphertext, the polynomial ACC after plaintext rotation is obtained, and the plaintext rotation formula is: acc= (0, testv) ·x b;
Ciphertext rotation: performing ciphertext rotation by using an outer product operation according to the polynomial ACC after plaintext rotation and the bootstrap key bk to obtain a polynomial ACC1 after ciphertext rotation; the input of the outer product operation is two ciphertexts C m1、Cm2, and the output is a ciphertext C m1×m2; the ciphertext rotation formula is: Wherein h is ciphertext of 1; a i is the ith component in ciphertext a; Representing shifting the polynomial logic by-a i bits, i.e., shifting the logic right by a i bits; bk i is the ith component of the bootstrap key bk; Is the outer product; the ciphertext rotation is repeated n times, after each rotation, a polynomial ACC1 is assigned to the polynomial ACC, when the ciphertext rotation is executed next time, the updated polynomial ACC continues to operate on the right side of the equation, and n is the dimension of a and a bootstrap key bk in the ciphertext;
and extracting constant term coefficients of the polynomial ACC1 after the ciphertext rotation, and outputting the extracted constant term coefficient ciphertext.
When the input of the integer bootstrap algorithm is the ciphertext of the integer type data, the plaintext rotation and ciphertext rotation steps ensure that the polynomial constant term after rotation is f (m), and the ciphertext in the polynomial coefficient is the ciphertext with small noise, so that the output ciphertext is the ciphertext with the ciphertext f (m) with small noise, namely the integer bootstrap algorithm can synchronously complete the evaluation function f on the ciphertext of the integer-level plaintext data in the ciphertext state while reducing the ciphertext noise.
Furthermore, the evaluation algorithm in the application realizes a linear operation algorithm and a plurality of basic nonlinear operation algorithms on the basis of an integer bootstrap algorithm. The linear operation algorithm in the application is consistent with the linear operation algorithm in the bootstrap algorithm which only supports Boolean data in the prior art, so that the description is omitted. The application focuses on nonlinear operation algorithms, including Sign operation algorithm, iden operation algorithm, eqalConst operation algorithm and MultBin operation algorithm, wherein:
1) Sign operation algorithm:
The Sign arithmetic algorithm has an input of a large noise ciphertext Cm in,Cmin representing a ciphertext of m in, m in e { -B,..2, B-1}, and an output of a small noise ciphertext Cm out, satisfying m out = -1 when m in e { -b+1,., -1} and m out = 0 when m in e { -B,0} and m out=1;mout being the plaintext of the small noise ciphertext Cm out when m in e { 1..2, B-1 }.
The specific implementation process of the Sign operation algorithm is as follows:
Designing a nonlinear evaluation function f sign (x), f sign (x) =1 when x∈ {1,., B-1} and f sign (x) =0 when x=0;
The large-noise ciphertext Cm in and the nonlinear evaluation function f sign (x) are transmitted into an integer bootstrap algorithm and output as a small-noise ciphertext Cm out;
2) Iden arithmetic algorithm:
The input of Iden operation algorithm is a large noise ciphertext Cm in, and the output is a small noise ciphertext Cm out, so that m out=min is satisfied;
The concrete implementation process of Iden operation algorithm is as follows:
Designing a nonlinear evaluation function f iden (x), f iden (x) =x when x e { -B,..b-1 };
The large-noise ciphertext Cm in and the nonlinear evaluation function f iden (x) are transmitted into an integer bootstrap algorithm and output as a small-noise ciphertext Cm out;
3) EqalConst arithmetic algorithm:
The input of EqalConst operation algorithm is a large-noise ciphertext Cm 1 and plaintext m 2,m1、m2∈{-B,...,B-1},m2 generated by the cloud server, and the output is a small-noise ciphertext Cm out, so that m out = -B when m 1=m2 is met, otherwise, m out =0;
The concrete implementation process of EqalConst operation algorithm is as follows:
Designing a nonlinear evaluation function f eqal (x), when x=0, f eqal (x) = -B, otherwise f eqal (x) =0;
Generating a ciphertext (0, m 2/2B) for m 2, and obtaining ciphertext C tmp=Cm1-(0,m2/2B);
the ciphertext C tmp and the nonlinear evaluation function f eqal (x) are transmitted into an integer bootstrap algorithm, and a small-noise ciphertext Cm out is output;
4) MultBin arithmetic algorithm:
The input of MultBin operation algorithm is a large noise ciphertext Cm int and Cm bin,mint epsilon-B, & gt, B-1} represents plaintext data of a large noise ciphertext Cm int, m bin epsilon-B, 0} is plaintext data of a large noise ciphertext Cm bin, and the output is a small noise ciphertext Cm out, so that m out=mint when m bin epsilon-B is satisfied, otherwise m out =0;
The concrete implementation process of MultBin operation algorithm is as follows:
Designing a nonlinear evaluation function f half (x), wherein f half (x) =x/2 when x is even, otherwise f half (x) = - (x+1)/2- (B-1)/2;
Generating ciphertext C tmp1=Cmint+Cmbin + (0, -B/2B); inputting the ciphertext C tmp1 into a Iden operation algorithm to output ciphertext C tmp2;
Generating ciphertext C tmp3=Cmint+Ctmp2; ciphertext C tmp3 and nonlinear evaluation function f half (x) are input into an integer bootstrapping algorithm and output as a small noise ciphertext Cm out.
Further, the evaluation function f provided by the client includes a linear evaluation function and a nonlinear evaluation function; the linear evaluation function comprises an addition and subtraction function, a multiplication and division function, an inversion function and the like; the method is the same as the implementation method in the prior art; the application aims at nonlinear evaluation functions of integer-level data, comprising a Sign operation function, a Iden operation function, a EqalConst operation function, a MultBin operation function, a ReLU operation function and a Max operation function; the Sign operation function, iden operation function, eqalConst operation function and MultBin operation function are directly realized by calling the corresponding basic nonlinear operation algorithm; the ReLU operation function and the Max operation function are realized by combining basic nonlinear operation algorithms, and specifically:
1) ReLU operation function:
The input of the ReLU operation function f relu (x) is a large noise ciphertext Cm in,min e { -B,., B-1}, the output is a small noise ciphertext Cm out, satisfying m out=frelu(min), m out=min when m in >0, otherwise m out = 0;
the specific implementation process of the ReLU operation function is as follows:
invoking a Sign operation algorithm and a Iden operation algorithm to respectively execute operation on the ciphertext Cm in to obtain a ciphertext C tmp1 and a ciphertext C tmp2;
Executing EqalConst operation algorithm on ciphertext C tmp1 and plaintext data 1 to obtain ciphertext C tmp3;
Inputting the ciphertext C tmp2 and C tmp3 into a MultBin operation algorithm, and outputting a small-noise ciphertext Cm out;
The correctness of the lower ReLU operation function is simply analyzed, when m in is more than 0, C tmp1 is 1 ciphertext, C tmp2 is m in ciphertext, and C tmp3 is B ciphertext; then, a MultBin operation algorithm is performed on C tmp3 and C tmp2, and the obtained ciphertext C tmp3 is the ciphertext of m in, which satisfies the definition of f relu (x). And the same applies when m in is less than or equal to 0.
2) Max operation function:
The input of the Max operation function is a large noise ciphertext pair (Cm x,Cmy),(mx,my) epsilon-B, & gt, B-1, and the output is a small noise ciphertext Cm out, m out=fmax(mx,my is satisfied), m out=mx is m x≥my, otherwise m out=my;
the specific implementation process of the Max operation function is as follows:
Generating ciphertext C tmp1=Cmx-Cmy, generating ciphertext C (-m y) for Cm y;
Executing a Sign operation algorithm on the ciphertext C tmp1 to obtain a ciphertext C tmp2;
Inputting the ciphertext C tmp2 and the plaintext data 1 into a EqalConst operation algorithm to perform operation to obtain ciphertext C tmp3;
inputting the ciphertext C tmp2 and the plaintext data-1 into a EqalConst operation algorithm for operation to obtain ciphertext C tmp4;
Performing Iden operation algorithm on the ciphertext Cm x and the ciphertext C (-m y) to obtain a ciphertext C tmp5 and a ciphertext C tmp6;
Invoking MultBin an operation algorithm to operate on the ciphertext C tmp3 and the ciphertext C tmp5 to obtain a ciphertext C tmp7; invoking MultBin an operation algorithm to operate on the ciphertext C tmp4 and the ciphertext C tmp6 to obtain a ciphertext C tmp8;
ciphertext C tmp7 is added to ciphertext C tmp8 to yield a low noise ciphertext Cm out.
The correctness of the Max operation function is briefly analyzed below, when m x>my, C tmp1 is the positive ciphertext, C tmp2 is the ciphertext of 1, C tmp3 is the ciphertext of B, ciphertext of C tmp4 being 0, ciphertext of C tmp5 being m x, ciphertext of C tmp6 being-m y; Then, performing MultBin operation algorithm on C tmp3 and C tmp5 to obtain ciphertext C tmp7 as ciphertext of m x; MultBin operation algorithm is carried out on the C tmp4 and the C tmp6, and the obtained ciphertext C tmp8 is a ciphertext of 0; Finally, C tmp7 and C tmp8 are added to obtain a ciphertext with Cm out of m x, which satisfies the definition of f max. m x≤my is the same.
In summary, the torus full homomorphic encryption algorithm supporting integer bootstrapping provided by the invention realizes the bootstrapping algorithm supporting the integer level data by expanding the Boolean level data to the integer level data and redesigning the bootstrapping algorithm, thereby greatly improving the calculation efficiency. Meanwhile, the nonlinear function of the integer-level data is supported to operate, so that the complexity of the scheme is reduced.
It should be noted that, for the sake of simplicity of description, the foregoing method embodiments are all expressed as a series of combinations of actions, but it should be understood by those skilled in the art that the present invention is not limited by the order of actions described, as some steps may be performed in other order or simultaneously in accordance with the present invention.
Based on the same thought as the data processing method of the torus full homomorphic encryption algorithm based on integer bootstrapping in the embodiment, the invention also provides a data processing system of the torus full homomorphic encryption algorithm based on integer bootstrapping, and the system can be used for executing the data processing method of the torus full homomorphic encryption algorithm based on integer bootstrapping. For ease of illustration, only those portions of an embodiment of the invention that are relevant to an embodiment of the invention are shown in a schematic diagram of an embodiment of a data processing system based on an integer bootstrapping torus homomorphic encryption algorithm, and those skilled in the art will appreciate that the illustrated structure does not constitute a limitation of the apparatus, and may include more or fewer components than illustrated, or may combine certain components, or a different arrangement of components.
As shown in FIG. 5, another embodiment of the present invention provides a data processing system 500 of a torus full homomorphic encryption algorithm based on integer bootstrapping, which comprises a key generating module 501, an encryption transmission module 502, an evaluation execution module 503 and a decryption transmission module 504;
The key generation module 501 is configured to invoke a key generation algorithm KeyGen (1 λ) according to a security parameter by a client, generate a self-key sk, a bootstrap key bk and a conversion key ks, send the bootstrap key bk and the conversion key ks to a cloud server, and store the self-key sk locally; the dimensionalities of the self secret key sk, the bootstrap secret key bk and the conversion secret key ks are all n;
The encryption transmission module 502 is used for the client to call an encryption algorithm Enc (m, sk) and use the self secret key sk to encrypt the plaintext data m epsilon-B, & gt, B-1, so as to obtain a ciphertext c and transmit the ciphertext c to the cloud server; the plaintext data comprises boolean-level plaintext data and integer-level plaintext data;
The evaluation execution module 503 is configured to execute an evaluation algorithm Eval (c, bk, ks, f) on the ciphertext c according to the evaluation function f, the bootstrap key bk, and the conversion key ks provided by the client, so as to obtain an evaluation result c 'in the ciphertext state, and send the evaluation result c' back to the client; the evaluation algorithm comprises an integer bootstrap algorithm and a key conversion algorithm; the evaluation function f provided by the client comprises a nonlinear evaluation function and a linear evaluation function;
The decryption transmission module 504 is configured to invoke a decryption algorithm Dec (c ', sk) according to the self-key sk, and perform a decryption operation on the evaluation result c' in the ciphertext state, so as to obtain an evaluation result of plaintext data.
It should be noted that, the data processing system based on the whole-number bootstrapping torus full homomorphic encryption algorithm of the present invention corresponds to the data processing method based on the whole-number bootstrapping torus full homomorphic encryption algorithm of the present invention one by one, and technical features and beneficial effects described in the embodiments of the data processing method based on the whole-number bootstrapping torus full homomorphic encryption algorithm are applicable to the embodiments of the data processing system based on the whole-number bootstrapping torus full homomorphic encryption algorithm, and specific content can be seen from the description in the embodiments of the method of the present invention, which is not repeated here, and is stated here.
In addition, in the implementation manner of the data processing system based on the whole-number bootstrapping torus full homomorphic encryption algorithm of the embodiment, the logic division of each program module is only illustrative, and in practical application, the above-mentioned function allocation may be performed by different program modules according to requirements, for example, in view of configuration requirements of corresponding hardware or convenience of implementation of software, that is, the internal structure of the data processing system based on the whole-number bootstrapping torus full homomorphic encryption algorithm is divided into different program modules, so as to complete all or part of the functions described above.
As shown in fig. 6, in one embodiment, an electronic device is provided that implements a data processing method of an integer bootstrapping-based torus full homomorphic encryption algorithm, where the electronic device 600 may include a first processor 601, a first memory 602, and a bus, and may further include a computer program stored in the first memory 602 and executable on the first processor 601, such as the data processing program 603 of the integer bootstrapping-based torus full homomorphic encryption algorithm.
The first memory 602 includes at least one type of readable storage medium, which includes flash memory, a mobile hard disk, a multimedia card, a card memory (e.g., SD or DX memory, etc.), a magnetic memory, a magnetic disk, an optical disk, etc. The first memory 602 may in some embodiments be an internal storage unit of the electronic device 600, such as a mobile hard disk of the electronic device 600. The first memory 602 may also be an external storage device of the electronic device 600 in other embodiments, such as a plug-in mobile hard disk, a smart memory card (SMART MEDIA CARD, SMC), a secure digital (SecureDigital, SD) card, a flash memory card (FLASH CARD), etc. that are provided on the electronic device 600. Further, the first memory 602 may also include both an internal storage unit and an external storage device of the electronic device 600. The first memory 602 may be used to store not only application software installed in the electronic device 600 and various data, such as code of the data processing program 603 of the torus homomorphic encryption algorithm based on integer bootstrapping, but also temporarily store data that has been output or is to be output.
The first processor 601 may be formed of an integrated circuit in some embodiments, for example, a single packaged integrated circuit, or may be formed of multiple integrated circuits packaged with the same function or different functions, including one or more central processing units (Central Processing unit, CPU), microprocessors, digital processing chips, graphics processors, and combinations of various control chips. The first processor 601 is a Control Unit (Control Unit) of the electronic device, connects various components of the entire electronic device using various interfaces and lines, executes or executes programs or modules (e.g., a data processing program based on an integer bootstrapping torus homomorphic encryption algorithm, etc.) stored in the first memory 602, and invokes data stored in the first memory 602 to perform various functions of the electronic device 600 and process the data.
Fig. 6 illustrates only an electronic device having components, and it will be appreciated by those skilled in the art that the configuration illustrated in fig. 6 is not limiting of the electronic device 600 and may include fewer or more components than illustrated, or may combine certain components, or a different arrangement of components.
The data processing program 603 of the torus full homomorphic encryption algorithm based on integer bootstrapping stored in the first memory 602 of the electronic device 600 is a combination of a plurality of instructions, which when executed in the first processor 601, can implement:
The client calls a key generation algorithm KeyGen (1 λ) according to the security parameters, generates a self key sk, a bootstrap key bk and a conversion key ks, and sends the bootstrap key bk and the conversion key ks to the cloud server, and the self key sk is stored locally; the dimensionalities of the self secret key sk, the bootstrap secret key bk and the conversion secret key ks are all n;
the client calls an encryption algorithm Enc (m, sk) and uses a self secret key sk to encrypt plaintext data m E { B, & gt, B-1} to obtain ciphertext c and transmit the ciphertext c to the cloud server; the plaintext data comprises boolean-level plaintext data and integer-level plaintext data;
The cloud server executes an evaluation algorithm Eval (c, bk, ks, f) on the ciphertext c according to an evaluation function f, a bootstrap key bk and a conversion key ks provided by the client, and an evaluation result c' in the ciphertext state is obtained and sent back to the client; the evaluation algorithm comprises an integer bootstrap algorithm and a key conversion algorithm; the evaluation function f provided by the client comprises a nonlinear evaluation function and a linear evaluation function;
And the client calls a decryption algorithm Dec (c ', sk) according to the self secret key sk to decrypt the evaluation result c' in the ciphertext state, so as to obtain an evaluation result of plaintext data.
Further, the modules/units integrated with the electronic device 600 may be stored in a non-volatile computer readable storage medium if implemented in the form of software functional units and sold or used as a stand-alone product. The computer readable medium may include: any entity or device capable of carrying the computer program code, a recording medium, a U disk, a removable hard disk, a magnetic disk, an optical disk, a computer Memory, a Read-Only Memory (ROM).
Those skilled in the art will appreciate that all or part of the processes in the methods of the above embodiments may be implemented by a computer program for instructing relevant hardware, where the program may be stored in a non-volatile computer readable storage medium, and where the program, when executed, may include processes in the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in embodiments provided herein may include non-volatile and/or volatile memory.
The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
The above examples are preferred embodiments of the present invention, but the embodiments of the present invention are not limited to the above examples, and any other changes, modifications, substitutions, combinations, and simplifications that do not depart from the spirit and principle of the present invention should be made in the equivalent manner, and the embodiments are included in the protection scope of the present invention.

Claims (7)

1.基于整数自举的环面全同态加密算法的数据处理方法,所述整数自举的环面全同态加密算法包括密钥生成算法、加密算法、评估算法及解密算法,其特征在于,所述整数自举的环面全同态加密算法的明文空间为为数据精度,为自然数集合;其密文空间为a、b为密文的两个组成部分,n表示a的维度,为0到1之间的实数构成的环面;1. A data processing method based on an integer-bootstrapped torus fully homomorphic encryption algorithm, wherein the integer-bootstrapped torus fully homomorphic encryption algorithm comprises a key generation algorithm, an encryption algorithm, an evaluation algorithm, and a decryption algorithm, wherein the plaintext space of the integer-bootstrapped torus fully homomorphic encryption algorithm is is the data accuracy, is a set of natural numbers; its ciphertext space is a and b are two components of the ciphertext, n represents the dimension of a, is a torus consisting of real numbers between 0 and 1; 所述数据处理方法包括下述步骤:The data processing method comprises the following steps: 客户端根据安全参数调用密钥生成算法KeyGen(1λ),生成自身密钥sk、自举密钥bk和转换密钥ks,并将自举密钥bk和转换密钥ks发送给云端服务器,自身密钥sk本地保存;所述自身密钥sk、自举密钥bk和转换密钥ks的维度均为n;The client calls the key generation algorithm KeyGen(1 λ ) according to the security parameters to generate its own key sk, bootstrap key bk and conversion key ks, and sends the bootstrap key bk and conversion key ks to the cloud server, and saves its own key sk locally; the dimensions of the own key sk, bootstrap key bk and conversion key ks are all n; 客户端调用加密算法Enc(m,sk)使用自身密钥sk对明文数据m∈{-B,...,B-1}进行加密操作,得到密文c传输给云端服务器;所述明文数据包括布尔级明文数据和整数级明文数据;The client calls the encryption algorithm Enc(m,sk) and uses its own key sk to perform an encryption operation on the plaintext data m∈{-B,...,B-1}, and obtains the ciphertext c and transmits it to the cloud server; the plaintext data includes Boolean-level plaintext data and integer-level plaintext data; 云端服务器根据客户端提供的评估函数f、自举密钥bk及转换密钥ks对密文c执行评估算法Eval(c,bk,ks,f),得到密文状态下的评估结果c'发回客户端;所述评估算法包括整数自举算法和密钥转换算法;所述客户端提供的评估函数f包括非线性评估函数和线性评估函数;The cloud server executes the evaluation algorithm Eval(c,bk,ks,f) on the ciphertext c according to the evaluation function f, the bootstrap key bk and the conversion key ks provided by the client, obtains the evaluation result c' in the ciphertext state and sends it back to the client; the evaluation algorithm includes an integer bootstrap algorithm and a key conversion algorithm; the evaluation function f provided by the client includes a nonlinear evaluation function and a linear evaluation function; 客户端根据自身密钥sk调用解密算法Dec(c',sk)对密文状态下的评估结果c'进行解密操作,获得明文数据的评估结果;The client calls the decryption algorithm Dec(c',sk) based on its own key sk to decrypt the evaluation result c' in the ciphertext state and obtain the evaluation result of the plaintext data; 所述评估算法Eval(c,bk,ks,f)首先将明文数据m的大噪声密文c、自举密钥bk、维度参数N和评估函数f传入整数自举算法中,得到小噪声密文c';再根据转换密钥对小噪声密文c'执行转换算法,将小噪声密文c'的密钥转换为sk;The evaluation algorithm Eval(c,bk,ks,f) firstly passes the large noise ciphertext c of the plaintext data m, the bootstrap key bk, the dimension parameter N and the evaluation function f into the integer bootstrap algorithm to obtain the small noise ciphertext c'; then executes the conversion algorithm on the small noise ciphertext c' according to the conversion key, and converts the key of the small noise ciphertext c' into sk; 所述整数自举算法的具体实现为:The specific implementation of the integer bootstrap algorithm is: 根据评估函数f,在2N空间中初始化多项式testv=μ01X-12X-2+…+μN-1X-(N-1)=μ0N-1X-μN-2X2-…-μ1XN-1∈TN[X],N为多项式维度参数;{μ0,…,μN-1}为初始化多项式的系数集合,满足μj×i=f(i),j={0,…,N/B},i={0,…,B-1};According to the evaluation function f, initialize the polynomial testv = μ 0 + μ 1 X -1 + μ 2 X -2 + … + μ N-1 X -(N-1) = μ 0 - μ N-1 X - μ N-2 X 2 - … - μ 1 X N-1TN [X] in the 2N space, where N is the polynomial dimension parameter; {μ 0 , …, μ N-1 } is the coefficient set of the initialization polynomial, satisfying μ j×i = f(i), j = {0, …, N/B}, i = {0, …, B-1}; 将2N空间作为2N个首尾相接的槽并将2N个槽划分为2B份;Treat the 2N space as 2N slots connected end to end and divide the 2N slots into 2B parts; 将第k份中的所有槽放入f(k),由于多项式的非负性,第k+B份中的所有槽都放入-f(k),k={0,B-1},f(k)为评估函数f在输入为k时的输出;Put all slots in the kth part into f(k). Due to the non-negativity of the polynomial, put all slots in the k+Bth part into -f(k), k = {0, B-1}, f(k) is the output of the evaluation function f when the input is k; 明文旋转:将多项式系数进行逻辑左移,移动b位,得到明文旋转后的多项式ACC,明文旋转公式为:ACC=(0,testv)·XbPlaintext rotation: Logically shift the polynomial coefficients left by b bits to obtain the plaintext rotated polynomial ACC. The plaintext rotation formula is: ACC = (0, testv) · X b ; 密文旋转:根据明文旋转后的多项式ACC、自举密钥bk,利用外积操作进行密文旋转,得到密文旋转后的多项式ACC1;所述外积操作的输入为两个密文Cm1、Cm2,输出为密文Cm1×m2;密文旋转公式为:其中,h为1的密文;ai为密文a中的第i个分量;表示将多项式逻辑移动-ai位,即逻辑右移ai位;bki为自举密钥bk的第i个分量;为外积;所述密文旋转重复n次,每次旋转后将多项式ACC1赋值给多项式ACC,n为密文中a和自举密钥bk的维度;Ciphertext rotation: According to the polynomial ACC after plaintext rotation and the bootstrap key bk, the ciphertext is rotated using the outer product operation to obtain the polynomial ACC1 after ciphertext rotation; the input of the outer product operation is two ciphertexts C m1 and C m2 , and the output is the ciphertext C m1×m2 ; the ciphertext rotation formula is: Where h is the ciphertext of 1; a i is the i-th component in the ciphertext a; It means to logically shift the polynomial by -a i bits, i.e., logically shift it right by a i bits; bk i is the i-th component of the bootstrap key bk; is the outer product; the ciphertext rotation is repeated n times, and after each rotation, the polynomial ACC1 is assigned to the polynomial ACC, where n is the dimension of a and the bootstrap key bk in the ciphertext; 提取密文旋转后的多项式ACC1的常数项系数,将提取的常数项系数密文输出;Extract the constant term coefficients of the polynomial ACC1 after the ciphertext rotation, and output the extracted constant term coefficients ciphertext; 所述评估算法在整数自举算法上实现多个基础非线性运算算法;所述基础非线性运算算法包括Sign运算算法、Iden运算算法、EqalConst运算算法及MultBin运算算法;The evaluation algorithm implements multiple basic nonlinear operation algorithms on the integer bootstrap algorithm; the basic nonlinear operation algorithms include the Sign operation algorithm, the Iden operation algorithm, the EqalConst operation algorithm and the MultBin operation algorithm; 所述Sign运算算法的输入为一个大噪声密文Cmin,Cmin表示是明文min的密文,min∈{-B,...,B-1},输出为一个小噪声密文Cmout,满足当min∈{-B+1,...,-1}时mout=-1,当min∈{-B,0}时mout=0,当min∈{1,...,B-1}时mout=1;mout为小噪声密文Cmout的明文;The input of the Sign operation algorithm is a large noise ciphertext Cm in , Cm in represents the ciphertext of the plaintext min , min ∈{-B,...,B-1}, and the output is a small noise ciphertext Cm out , satisfying that when min {-B+1,...,-1}, m out =-1, when min {-B,0}, m out =0, when min ∈{1,...,B-1}, m out =1; m out is the plaintext of the small noise ciphertext Cm out ; 所述Iden运算算法的输入为一个大噪声密文Cmin,输出为一个小噪声密文Cmout,满足mout=minThe input of the Iden operation algorithm is a large noise ciphertext Cm in , and the output is a small noise ciphertext Cm out , satisfying m out =m in ; 所述EqalConst运算算法的输入为一个大噪声密文Cm1和明文m2,m1、m2∈{-B,...,B-1},m2为云端服务器自身生成,输出为一个小噪声密文Cmout,满足当m1=m2时mout=-B,否则mout=0;The input of the EqalConst algorithm is a large noise ciphertext Cm 1 and a plaintext m 2 , m 1 , m 2 ∈{-B,...,B-1}, m 2 is generated by the cloud server itself, and the output is a small noise ciphertext Cm out , satisfying that when m 1 =m 2 , m out =-B, otherwise m out =0; 所述MultBin运算算法的输入为一个大噪声密文Cmint和Cmbin,mint∈{-B,...,B-1}表示为大噪声密文Cmint的明文数据,mbin∈{-B,0}为大噪声密文Cmbin的明文数据,输出为一个小噪声密文Cmout,满足当mbin=-B时mout=mint,否则mout=0。The input of the MultBin operation algorithm is a large noise ciphertext Cm int and Cm bin , mint ∈{-B,...,B-1} represents the plaintext data of the large noise ciphertext Cm int , m bin ∈{-B,0} is the plaintext data of the large noise ciphertext Cm bin , and the output is a small noise ciphertext Cm out , satisfying that when m bin =-B, m outmint , otherwise m out =0. 2.根据权利要求1所述的基于整数自举的环面全同态加密算法的数据处理方法,其特征在于,所述加密操作具体为:2. According to the data processing method of the torus fully homomorphic encryption algorithm based on integer bootstrapping according to claim 1, it is characterized in that the encryption operation is specifically: 从高斯分布中取一个随机的噪声e和一个随机掩码返回密文c=(a,b),满足b=sk·a+m/2B+e;Take a random noise e and a random mask from a Gaussian distribution Return the ciphertext c = (a, b), satisfying b = sk·a+m/2B+e; 所述解密操作具体为:The decryption operation is specifically as follows: 通过2B(b-sk·a)得到2Be+f(m),再通过上下取整解密得到对应明文f(m),即 Through 2B(b-sk·a), we get 2Be+f(m), and then decrypt it by rounding up and down to get the corresponding plaintext f(m), that is, 3.根据权利要求1所述的基于整数自举的环面全同态加密算法的数据处理方法,其特征在于,所述Sign运算算法具体实现过程为:3. According to the data processing method of the torus fully homomorphic encryption algorithm based on integer bootstrapping according to claim 1, it is characterized in that the specific implementation process of the Sign operation algorithm is: 设计非线性评估函数fsign(x),当x∈{1,...,B-1}时fsign(x)=1,当x=0时fsign(x)=0;Design a nonlinear evaluation function f sign (x), where f sign (x) = 1 when x∈{1,...,B-1} and f sign (x) = 0 when x=0; 将大噪声密文Cmin和非线性评估函数fsign(x)传入整数自举算法中,输出为一个小噪声密文CmoutThe large noise ciphertext Cm in and the nonlinear evaluation function f sign (x) are passed into the integer bootstrap algorithm, and the output is a small noise ciphertext Cm out ; 所述Iden运算算法具体实现过程为:The specific implementation process of the Iden operation algorithm is as follows: 设计非线性评估函数fiden(x),当x∈{-B,...,B-1}时fiden(x)=x;Design a nonlinear evaluation function fiden (x), when x∈{-B,...,B-1}, fiden (x)=x; 将大噪声密文Cmin和非线性评估函数fiden(x)传入整数自举算法中,输出为一个小噪声密文CmoutThe large noise ciphertext Cm in and the nonlinear evaluation function fiden (x) are passed into the integer bootstrap algorithm, and the output is a small noise ciphertext Cm out ; 所述EqalConst运算算法具体实现过程为:The specific implementation process of the EqalConst operation algorithm is as follows: 设计非线性评估函数feqal(x),当x=0时feqal(x)=-B,否则feqal(x)=0;Design a nonlinear evaluation function f eqal (x), when x = 0, f eqal (x) = -B, otherwise f eqal (x) = 0; 对m2生成一个密文(0,m2/2B),并获得密文Ctmp=Cm1-(0,m2/2B);Generate a ciphertext (0, m 2 /2B) for m 2 , and obtain the ciphertext C tmp = Cm 1 - (0, m 2 /2B); 将密文Ctmp和非线性评估函数feqal(x)传入整数自举算法中,输出一个小噪声密文CmoutPass the ciphertext C tmp and the nonlinear evaluation function f eqal (x) into the integer bootstrap algorithm, and output a small noise ciphertext Cm out ; 所述MultBin运算算法具体实现过程为:The specific implementation process of the MultBin operation algorithm is as follows: 设计非线性评估函数fhalf(x),当x为偶数时fhalf(x)=x/2,否则fhalf(x)=-(x+1)/2-(B-1)/2;Design a nonlinear evaluation function f half (x), when x is an even number, f half (x) = x/2, otherwise f half (x) = -(x+1)/2-(B-1)/2; 生成密文Ctmp1=Cmint+Cmbin+(0,-B/2B);将密文Ctmp1输入Iden运算算法输出密文Ctmp2Generate ciphertext C tmp1 = Cmint + Cmbin + (0, -B/2B); input ciphertext C tmp1 into Iden operation algorithm to output ciphertext C tmp2 ; 生成密文Ctmp3=Cmint+Ctmp2;将密文Ctmp3和非线性评估函数fhalf(x)传入整数自举算法中,输出为一个小噪声密文CmoutGenerate a ciphertext C tmp3 = Cmint + Ctmp2 ; pass the ciphertext C tmp3 and the nonlinear evaluation function fhalf (x) into the integer bootstrap algorithm, and output a small noise ciphertext Cmout . 4.根据权利要求1所述的基于整数自举的环面全同态加密算法的数据处理方法,其特征在于,所述非线性评估函数包括Sign运算函数、Iden运算函数、EqalConst运算函数、MultBin运算函数、ReLU运算函数和Max运算函数;其中,Sign运算函数、Iden运算函数、EqalConst运算函数及MultBin运算函数通过调用对应的基础非线性运算算法直接实现;4. The data processing method of the torus fully homomorphic encryption algorithm based on integer bootstrapping according to claim 1, characterized in that the nonlinear evaluation function includes a Sign operation function, an Iden operation function, an EqalConst operation function, a MultBin operation function, a ReLU operation function and a Max operation function; wherein the Sign operation function, the Iden operation function, the EqalConst operation function and the MultBin operation function are directly implemented by calling the corresponding basic nonlinear operation algorithm; 所述ReLU运算函数和Max运算函数则通过基础非线性运算算法结合实现;The ReLU operation function and the Max operation function are implemented by combining the basic nonlinear operation algorithm; 所述ReLU运算函数的输入为一个大噪声密文Cmin,min∈{-B,...,B-1},输出为一个小噪声密文Cmout,满足mout=frelu(min),当min>0时mout=min,否则mout=0;ReLU运算函数具体实现过程为:The input of the ReLU operation function is a large noise ciphertext Cm in , min ∈ {-B, ..., B-1}, and the output is a small noise ciphertext Cm out , satisfying m out = f relu (m in ), when m in > 0, m out = m in , otherwise m out = 0; the specific implementation process of the ReLU operation function is: 调用Sign运算算法和Iden运算算法分别对密文Cmin执行运算,得到密文Ctmp1和密文Ctmp2Call the Sign operation algorithm and the Iden operation algorithm to perform operations on the ciphertext Cmin respectively to obtain the ciphertext Ctmp1 and the ciphertext Ctmp2 ; 对密文Ctmp1和明文数据1执行EqalConst运算算法得到密文Ctmp3Execute the EqalConst operation algorithm on the ciphertext C tmp1 and the plaintext data 1 to obtain the ciphertext C tmp3 ; 将密文Ctmp2和Ctmp3输入MultBin运算算法,输出一个小噪声密文CmoutInput the ciphertexts C tmp2 and C tmp3 into the MultBin algorithm, and output a small noise ciphertext Cm out ; 所述Max运算函数的输入为一个大噪声密文对(Cmx,Cmy),(mx,my)∈{-B,...,B-1},输出为一个小噪声密文Cmout,满足mout=fmax(mx,my),当mx≥my时mout=mx,否则mout=my;Max运算函数具体实现过程为:The input of the Max operation function is a large noise ciphertext pair (Cm x ,Cm y ), (m x , my )∈{-B,...,B-1}, and the output is a small noise ciphertext Cm out , satisfying m out =f max (m x , my ), when m x ≥my , m out =m x , otherwise m out = my ; the specific implementation process of the Max operation function is: 生成密文Ctmp1=Cmx-Cmy,对Cmy生成密文C(-my);Generate ciphertext C tmp1 =Cm x -Cm y , and generate ciphertext C(-m y ) for Cm y ; 对密文Ctmp1执行Sign运算算法得到密文Ctmp2Execute the Sign operation algorithm on the ciphertext C tmp1 to obtain the ciphertext C tmp2 ; 将密文Ctmp2和明文数据1输入EqalConst运算算法进行运算得到密文Ctmp3Input the ciphertext C tmp2 and the plaintext data 1 into the EqalConst algorithm to obtain the ciphertext C tmp3 ; 将密文Ctmp2和明文数据-1输入EqalConst运算算法进行运算得到密文Ctmp4Input the ciphertext C tmp2 and the plaintext data -1 into the EqalConst algorithm to obtain the ciphertext C tmp4 ; 对密文Cmx和C(-my)分别执行Iden运算算法得到密文Ctmp5和密文Ctmp6Execute the Iden operation algorithm on the ciphertexts Cm x and C(-m y ) respectively to obtain the ciphertexts C tmp5 and C tmp6 ; 调用MultBin运算算法对密文Ctmp3和Ctmp5进行运算得到密文Ctmp7;调用MultBin运算算法对密文Ctmp4和Ctmp6进行运算得到密文Ctmp8Call the MultBin algorithm to calculate the ciphertexts C tmp3 and C tmp5 to obtain the ciphertext C tmp7 ; call the MultBin algorithm to calculate the ciphertexts C tmp4 and C tmp6 to obtain the ciphertext C tmp8 ; 将密文Ctmp7与密文Ctmp8相加得到一个小噪声密文CmoutThe ciphertext C tmp7 and the ciphertext C tmp8 are added together to obtain a small noise ciphertext Cm out . 5.基于整数自举的环面全同态加密算法的数据处理系统,其特征在于,应用于权利要求1所述的基于整数自举的环面全同态加密算法的数据处理方法,所述系统包括密钥生成模块、加密传输模块、评估执行模块及解密传输模块;5. A data processing system for a torus fully homomorphic encryption algorithm based on integer bootstrapping, characterized in that the system is applied to the data processing method for a torus fully homomorphic encryption algorithm based on integer bootstrapping as described in claim 1, and the system includes a key generation module, an encryption transmission module, an evaluation execution module, and a decryption transmission module; 所述密钥生成模块用于客户端根据安全参数调用密钥生成算法KeyGen(1λ),生成自身密钥sk、自举密钥bk和转换密钥ks,并将自举密钥bk和转换密钥ks发送给云端服务器,自身密钥sk本地保存;所述自身密钥sk、自举密钥bk和转换密钥ks的维度均为n;The key generation module is used for the client to call the key generation algorithm KeyGen(1 λ ) according to the security parameters, generate its own key sk, bootstrap key bk and conversion key ks, and send the bootstrap key bk and conversion key ks to the cloud server, and the own key sk is stored locally; the dimensions of the own key sk, bootstrap key bk and conversion key ks are all n; 所述加密传输模块用于客户端调用加密算法Enc(m,sk)使用自身密钥sk对明文数据m∈{-B,...,B-1}进行加密操作,得到密文c传输给云端服务器;所述明文数据包括布尔级明文数据和整数级明文数据;The encryption transmission module is used for the client to call the encryption algorithm Enc(m,sk) and use its own key sk to perform encryption operation on the plaintext data m∈{-B,...,B-1}, and obtain the ciphertext c and transmit it to the cloud server; the plaintext data includes Boolean plaintext data and integer plaintext data; 所述评估执行模块用于云端服务器根据客户端提供的评估函数f、自举密钥bk及转换密钥ks对密文c执行评估算法Eval(c,bk,ks,f),得到密文状态下的评估结果c'发回客户端;所述评估算法包括整数自举算法和密钥转换算法;所述客户端提供的评估函数f包括非线性评估函数和线性评估函数;The evaluation execution module is used for the cloud server to execute the evaluation algorithm Eval(c,bk,ks,f) on the ciphertext c according to the evaluation function f, the bootstrap key bk and the conversion key ks provided by the client, and obtain the evaluation result c' in the ciphertext state and send it back to the client; the evaluation algorithm includes an integer bootstrap algorithm and a key conversion algorithm; the evaluation function f provided by the client includes a nonlinear evaluation function and a linear evaluation function; 所述解密传输模块用于客户端根据自身密钥sk调用解密算法Dec(c',sk)对密文状态下的评估结果c'进行解密操作,获得明文数据的评估结果;The decryption transmission module is used for the client to call the decryption algorithm Dec(c',sk) according to its own key sk to decrypt the evaluation result c' in the ciphertext state to obtain the evaluation result of the plaintext data; 所述评估算法Eval(c,bk,ks,f)首先将明文数据m的大噪声密文c、自举密钥bk、维度参数N和评估函数f传入整数自举算法中,得到小噪声密文c';再根据转换密钥对小噪声密文c'执行转换算法,将小噪声密文c'的密钥转换为sk;The evaluation algorithm Eval(c,bk,ks,f) firstly passes the large noise ciphertext c of the plaintext data m, the bootstrap key bk, the dimension parameter N and the evaluation function f into the integer bootstrap algorithm to obtain the small noise ciphertext c'; then executes the conversion algorithm on the small noise ciphertext c' according to the conversion key, and converts the key of the small noise ciphertext c' into sk; 所述整数自举算法的具体实现为:The specific implementation of the integer bootstrap algorithm is: 根据评估函数f,在2N空间中初始化多项式testv=μ01X-12X-2+…+μN-1X-(N-1)=μ0N-1X-μN-2X2-…-μ1XN-1∈TN[X],N为多项式维度参数;{μ0,…,μN-1}为初始化多项式的系数集合,满足μj×i=f(i),j={0,…,N/B},i={0,…,B-1};According to the evaluation function f, initialize the polynomial testv = μ 0 + μ 1 X -1 + μ 2 X -2 + … + μ N-1 X -(N-1) = μ 0 - μ N-1 X - μ N-2 X 2 - … - μ 1 X N-1TN [X] in the 2N space, where N is the polynomial dimension parameter; {μ 0 , …, μ N-1 } is the coefficient set of the initialization polynomial, satisfying μ j×i = f(i), j = {0, …, N/B}, i = {0, …, B-1}; 将2N空间作为2N个首尾相接的槽并将2N个槽划分为2B份;Treat the 2N space as 2N slots connected end to end and divide the 2N slots into 2B parts; 将第k份中的所有槽放入f(k),由于多项式的非负性,第k+B份中的所有槽都放入-f(k),k={0,B-1},f(k)为评估函数f在输入为k时的输出;Put all slots in the kth part into f(k). Due to the non-negativity of the polynomial, put all slots in the k+Bth part into -f(k), k = {0, B-1}, f(k) is the output of the evaluation function f when the input is k; 明文旋转:将多项式系数进行逻辑左移,移动b位,得到明文旋转后的多项式ACC,明文旋转公式为:ACC=(0,testv)·XbPlaintext rotation: Logically shift the polynomial coefficients left by b positions to obtain the plaintext rotated polynomial ACC. The plaintext rotation formula is: ACC = (0, testv) · X b ; 密文旋转:根据明文旋转后的多项式ACC、自举密钥bk,利用外积操作进行密文旋转,得到密文旋转后的多项式ACC1;所述外积操作的输入为两个密文Cm1、Cm2,输出为密文Cm1×m2;密文旋转公式为:其中,h为1的密文;ai为密文a中的第i个分量;表示将多项式逻辑移动-ai位,即逻辑右移ai位;bki为自举密钥bk的第i个分量;为外积;所述密文旋转重复n次,每次旋转后将多项式ACC1赋值给多项式ACC,n为密文中a和自举密钥bk的维度;Ciphertext rotation: According to the polynomial ACC after plaintext rotation and the bootstrap key bk, the ciphertext is rotated using the outer product operation to obtain the polynomial ACC1 after ciphertext rotation; the input of the outer product operation is two ciphertexts C m1 and C m2 , and the output is the ciphertext C m1×m2 ; the ciphertext rotation formula is: Where h is the ciphertext of 1; a i is the i-th component in the ciphertext a; It means to logically shift the polynomial by -a i bits, i.e., logically shift it right by a i bits; bk i is the i-th component of the bootstrap key bk; is the outer product; the ciphertext rotation is repeated n times, and after each rotation, the polynomial ACC1 is assigned to the polynomial ACC, where n is the dimension of a and the bootstrap key bk in the ciphertext; 提取密文旋转后的多项式ACC1的常数项系数,将提取的常数项系数密文输出;Extract the constant term coefficients of the polynomial ACC1 after the ciphertext rotation, and output the extracted constant term coefficients ciphertext; 所述评估算法在整数自举算法上实现多个基础非线性运算算法;所述基础非线性运算算法包括Sign运算算法、Iden运算算法、EqalConst运算算法及MultBin运算算法;The evaluation algorithm implements multiple basic nonlinear operation algorithms on the integer bootstrap algorithm; the basic nonlinear operation algorithms include the Sign operation algorithm, the Iden operation algorithm, the EqalConst operation algorithm and the MultBin operation algorithm; 所述Sign运算算法的输入为一个大噪声密文Cmin,Cmin表示是明文min的密文,min∈{-B,...,B-1},输出为一个小噪声密文Cmout,满足当min∈{-B+1,...,-1}时mout=-1,当min∈{-B,0}时mout=0,当min∈{1,...,B-1}时mout=1;mout为小噪声密文Cmout的明文;The input of the Sign operation algorithm is a large noise ciphertext Cm in , Cm in represents the ciphertext of the plaintext min , min ∈{-B,...,B-1}, and the output is a small noise ciphertext Cm out , satisfying that when min {-B+1,...,-1}, m out =-1, when min {-B,0}, m out =0, when min ∈{1,...,B-1}, m out =1; m out is the plaintext of the small noise ciphertext Cm out ; 所述Iden运算算法的输入为一个大噪声密文Cmin,输出为一个小噪声密文Cmout,满足mout=minThe input of the Iden operation algorithm is a large noise ciphertext Cm in , and the output is a small noise ciphertext Cm out , satisfying m out =m in ; 所述EqalConst运算算法的输入为一个大噪声密文Cm1和明文m2,m1、m2∈{-B,...,B-1},m2为云端服务器自身生成,输出为一个小噪声密文Cmout,满足当m1=m2时mout=-B,否则mout=0;The input of the EqalConst algorithm is a large noise ciphertext Cm 1 and a plaintext m 2 , m 1 , m 2 ∈{-B,...,B-1}, m 2 is generated by the cloud server itself, and the output is a small noise ciphertext Cm out , satisfying that when m 1 =m 2 , m out =-B, otherwise m out =0; 所述MultBin运算算法的输入为一个大噪声密文Cmint和Cmbin,mint∈{-B,...,B-1}表示为大噪声密文Cmint的明文数据,mbin∈{-B,0}为大噪声密文Cmbin的明文数据,输出为一个小噪声密文Cmout,满足当mbin=-B时mout=mint,否则mout=0。The input of the MultBin operation algorithm is a large noise ciphertext Cm int and Cm bin , mint ∈{-B,...,B-1} represents the plaintext data of the large noise ciphertext Cm int , m bin ∈{-B,0} is the plaintext data of the large noise ciphertext Cm bin , and the output is a small noise ciphertext Cm out , satisfying that when m bin =-B, m outmint , otherwise m out =0. 6.一种电子设备,其特征在于,所述电子设备包括:6. An electronic device, characterized in that the electronic device comprises: 至少一个处理器;以及,与所述至少一个处理器通信连接的存储器;其中,at least one processor; and a memory in communication with the at least one processor; wherein, 所述存储器存储有可被所述至少一个处理器执行的计算机程序指令,所述计算机程序指令被所述至少一个处理器执行,以使所述至少一个处理器能够执行如权利要求1-4中任一项所述的基于整数自举的环面全同态加密算法的数据处理方法。The memory stores computer program instructions that can be executed by the at least one processor, and the computer program instructions are executed by the at least one processor so that the at least one processor can execute the data processing method of the torus fully homomorphic encryption algorithm based on integer bootstrapping as described in any one of claims 1-4. 7.一种计算机可读存储介质,存储有程序,其特征在于,所述程序被处理器执行时,实现权利要求1-4任一项所述的基于整数自举的环面全同态加密算法的数据处理方法。7. A computer-readable storage medium storing a program, characterized in that when the program is executed by a processor, it implements the data processing method of the integer-bootstrapping torus fully homomorphic encryption algorithm described in any one of claims 1 to 4.
CN202311686527.XA 2023-12-11 2023-12-11 Data processing method of torus fully homomorphic encryption algorithm based on integer bootstrapping Active CN117857008B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311686527.XA CN117857008B (en) 2023-12-11 2023-12-11 Data processing method of torus fully homomorphic encryption algorithm based on integer bootstrapping

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311686527.XA CN117857008B (en) 2023-12-11 2023-12-11 Data processing method of torus fully homomorphic encryption algorithm based on integer bootstrapping

Publications (2)

Publication Number Publication Date
CN117857008A CN117857008A (en) 2024-04-09
CN117857008B true CN117857008B (en) 2024-11-19

Family

ID=90538866

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311686527.XA Active CN117857008B (en) 2023-12-11 2023-12-11 Data processing method of torus fully homomorphic encryption algorithm based on integer bootstrapping

Country Status (1)

Country Link
CN (1) CN117857008B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN118118155B (en) * 2024-04-29 2024-08-02 浪潮电子信息产业股份有限公司 Homomorphic encryption method, system, device, equipment, medium and product of data
CN119203069A (en) * 2024-08-30 2024-12-27 支付宝(杭州)信息技术有限公司 Method and device for compiling a plaintext processing program into a ciphertext processing program
CN119094106B (en) * 2024-11-11 2025-01-24 深圳市纽创信安科技开发有限公司 BFV isomorphic encryption bootstrapping method, device, equipment and storage medium

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP7146724B2 (en) * 2019-11-22 2022-10-04 Kddi株式会社 Secure computing device, secure computing method and secure computing program
EP4099609A1 (en) * 2021-06-04 2022-12-07 Zama SAS Computational network conversion for fully homomorphic evaluation
CN114553394B (en) * 2022-04-22 2022-08-16 哈尔滨工业大学(深圳)(哈尔滨工业大学深圳科技创新研究院) Complementary code arithmetic unit and arithmetic method based on multi-key fully homomorphic scheme

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
《Integer-Wise Functional Bootstrapping on TFHE: Applications in Secure Integer Arithmetics》;Hiroki Okada等;《Secure Protocols for Future Technologies》;20210726;第2节 *

Also Published As

Publication number Publication date
CN117857008A (en) 2024-04-09

Similar Documents

Publication Publication Date Title
US11283608B2 (en) Executing a cryptographic operation
CN117857008B (en) Data processing method of torus fully homomorphic encryption algorithm based on integer bootstrapping
US11265163B2 (en) Method and processing device for performing a lattice-based cryptographic operation
CN111492616B (en) Configurable device for lattice-based cryptography
JP6964688B2 (en) Devices and methods for performing approximation operations on ciphertext
Souyah et al. An image encryption scheme combining chaos-memory cellular automata and weighted histogram
CN111492615B (en) Encryption device with updatable shared matrix
JP7019730B2 (en) Key exchange device and method
US11728988B2 (en) Elliptic curve isogeny based key agreement protocol
CN102187615B (en) Method, network for generating encryption key
CN100583739C (en) Cryptographic apparatus, cryptographic method, and storage medium thereof
CN110169010B (en) Homomorphic arithmetic device, encryption system, and computer-readable storage medium
CN107864033B (en) Bootstrap type symmetrical fully homomorphic encryption method
CN113922944B (en) Quantum homomorphic encryption and decryption method based on multi-value single quantum state
Usama et al. Chaos-based simultaneous compression and encryption for Hadoop
CN114499845A (en) Multi-party secure computing method, device and system
CN105933101A (en) A Fully Homomorphic Encryption Public Key Compression Method Based on Parameter High-order Offset
CN104881838A (en) A GF(23)-based (K,N) Meaningful Non-dilation Image Sharing and Reconstruction Method
WO2019220900A1 (en) Encryption system, encryption device, decryption device, encryption method, decryption method, and program
Nejatollahi et al. Software and hardware implementation of lattice-cased cryptography schemes
CN119675854A (en) A hardware processing device for digital signature algorithm
CN114448596A (en) Lightweight Authentication Protocol for LFSR-APUF and Private Cover Functions
US20230379136A1 (en) Secure provision of keys for fully homomorphic encryption
US20230412370A1 (en) Processing of Cryptographic Data
Chang et al. Distortion‐free secret image sharing method with two meaningful shadows

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant