摘要
针对传统的身份基全同态加密方案只能对同一身份下的密文进行同态运算和访问控制的问题,提出了一个基于LWE问题的多身份全同态加密方案。首先,使用工具矩阵得到新的加解密形式,约减噪音,并改变身份基加密中底层格基的维度,对身份基全同态加密方案进行优化。其次,利用多密钥全同态转化机制,构造身份基全同态加密方案的屏蔽系统,生成辅助密文。最后,将多密钥全同态加密中的多用户场景延伸到多身份场景,构造多身份全同态加密方案,实现对不同身份下密文的同态运算和访问控制。结果表明,本方案实现了身份基加密与多密钥全同态加密的结合,并证明为选择身份下的IND–CPA安全。与其他方案相比,本方案加密单比特明文消息时密文规模更小,对密文进行同态运算时噪音扩张率更低,并且允许多个PKG参与密钥的生成、分发。同时,给出本方案的门限解密过程,据此可以构造一个2轮多方计算协议。
In order to solve the problem that traditional identity-based fully homomorphic encryption schemes can only perform homomorphic operations and access control on ciphertexts under the same identity, a multi-identity fully homomorphic encryption scheme was proposed based on LWE problem. Firstly, the identity-based fully homomorphic encryption scheme was optimized by using a gadget matrix and a new form of encryption and decryption was obtained, which reduced noise, and changed the dimension of the underlying lattice basis in the identity-based encryption. Secondly, by using the multi-key fully homomorphic transformation mechanism, the masking system was constructed to generate auxiliary ciphertext. Finally, the multi-identity fully homomorphic encryption scheme was constructed to handle ciphertexts under different identities in which the multi-key scenario was extended to the multi-identity scenario. The results showed that the proposed scheme combined identity-based encryption with multi-key fully homomorphic encryption, and was proved to be IND–CPA security under the selected identity. Compared with other schemes, the ciphertext size and noise expansion were reduced when encrypting a single-bit message and evaluating ciphertexts, and more PKGs were allowed to participate in the generation and distribution of private key. Meanwhile, a 2-round multi-party computation protocol could be constructed by the given threshold decryption scheme.
引文
[1]Shamir A.Identity-based cryptosystems and signature schemes[M]//Advances in Cryptology.Berlin:Springer,1984:47-53.
[2]Boneh D,Franklin M.Identity-based encryption from the Weil pairing[M]//Advances in Cryptology-CRYPTO 2001.Berlin:Springer,2001:213-229.
[3]Cocks C.An identity based encryption scheme based on quadratic residues[M]//Cryptography and Coding.Berlin:Springer,2001:360-363.
[4]Gentry C,Peikert C,Vaikuntanathan V.Trapdoors for hard lattices and new cryptographic constructions[C]//Proceedings of the 40th Annual ACM Symposium on Theory of Computing.New York:ACM,2008:197-206.
[5]Zeng Mengqi,Qing Yu,Tan Pingzhang,et al.An overview of identity-based cryptography research[J].Computer Application Research,2010,27(1):27-31.[曾梦岐,卿昱,谭平璋,等.基于身份的加密体制研究综述[J].计算机应用研究,2010,27(1):27-31.]
[6]Horwitz J,Lynn B.Towards hierarchical identity-based encryption[M]//Advances in Cryptology-EUROCRYPT2002.Berlin:Springer,2002:466-481.
[7]Boyen X,Waters B.Anonymous hierarchical identity-based encryption(without random oracles)[M]//Advances in Cryptology-CRYPTO 2006.Berlin:Springer,2006:290-307.
[8]Boneh D,Boyen X.Efficient selectice-ID secure identity based encryption without random oracles[M]//Advances in Cryptology-EUROCRYPT 2004.Berlin:Springer,2004:223-238.
[9]Cash D,Hofheinz D,Kiltz E,et al.Bonsai trees,or how to delegate a lattice basis[M]//Advances in CryptologyEUROCRYPT 2010.Berlin:Springer,2010:523-552.
[10]Zhang Xi,Yang Ling.An efficient identity-based hierarchical encryption scheme[J].Computer Engineering and Applications,2012,48(24):101-105.[张席,杨玲.一个高效的基于身份的分层加密方案[J].计算机工程与应用,2012,48(24):101-105.]
[11]Rivest R,Adleman L,Dertouzos M.On data banks and pri-vacy homomorphisms[J].Foundations of Secure Computation,1978,4:169-179.
[12]Gentry C.Fully homomorphic encryption using ideal lattices[C]//Proceedings of the 41st Annual ACM Symposium on Symposium on Theory of Computing.New York:ACM,2009:169-178.
[13]Brakerski Z,Vaikuntanathan V.Efficient fully homomorphic encryption from(standard)LWE[C]//Proceedings of the2011 IEEE 52nd Annual Symposium on Foundations of Computer Science.Palm Springs:IEEE,2011:97-106.
[14]Gentry C,Sahai A,Waters B.Homomorphic encryption from learning with errors:Conceptually-simpler,asymptoticallyfaster,attribute-based[M]//Advances in CryptologyCRYPTO 2013.Berlin:Springer,2013:75-92.
[15]L’opez-Alt A,Tromer E,Vaikuntanathan V.On-the-fly multiparty computation on the cloud via multikey fully homomorphic encryption[C]//Proceedings of the 44th Annual ACM Symposium on Theory of Computing.New York:ACM,2012:1219-1234.
[16]Clear M,McGoldrick C.Multi-identity and multi-key leveled FHE from learning with errors[M]//Advances in Cryptology-CRYPTO 2015.Berlin:Springer,2015:630-656.
[17]Mukherjee P,Wichs D.Two round multiparty computationvia multi-key FHE[M]//Advances in Cryptology-EURO-CRYPT 2016.Berlin:Springer,2016:735-763.
[18]Chen Long,Zhang Zhenfeng,Wang Xueqing.Batched multihop multi-key FHE from ring-LWE with compact ciphertext extension[M]//Theory of Cryptography.Cham:Springer,2017:597-627.
[19]Canetti R,Raghuraman S,Richelson S,et al.Chosen-ciphertext secure fully homomorphic encryption[M]//Public-Key Cryptography-PKC 2017.Berlin:Springer,2017:213-240.
[20]Li Zengpeng,Ma Chunguang,Zhou Hongsheng.Study of all homomorphic encryption[J].Journal of Cryptography,2017,4(6):561-578.[李增鹏,马春光,周红生.全同态加密研究[J].密码学报,2017,4(6):561-578.]
[21]Micciancio P,Peikert C.Trapdoors for lattices:Simpler,tighter,faster,smaller[M]//Advances in Cryptology-EURO-CRYPT 2012.Berlin:Springer,2012:700-718.
[22]Han Yiliang,Lu Wanyi,Yang Xiaoyuan.Attribute-based signcryption for circuits from multi-linear maps[J].Journal of Sichuan University(Engineering Science Edition),2013,45(6):27-32.[韩益亮,卢万谊,杨晓元.支持电路结构的多线性映射属性签密方案[J].四川大学学报(工程科学版),2013,45(6):27-32.]