一种基于LWE问题的无证书全同态加密体制
|
摘要
全同态加密在云计算等领域具有重要的应用价值,然而,现有全同态加密体制普遍存在公钥尺寸较大的缺陷,严重影响密钥管理与身份认证的效率。为解决这一问题,该文将无证书公钥加密的思想与全同态加密体制相结合,提出一种基于容错学习(LWE)问题的无证书全同态加密体制,利用前像可采样陷门单向函数建立用户身份信息与公钥之间的联系,无须使用公钥证书进行身份认证;用户私钥由用户自行选定,不存在密钥托管问题。体制的安全性在随机喻示模型下归约到判定性LWE问题难解性,并包含严格的可证安全证明。
Fully homomorphic encryption has important application in cloud computing.However,the existing fully homomorphic encryption schemes share a common flaw that they all use public keys of large scales.And this flaw may cause inefficiency of these schemes in the key and identity management.To solve this problem,a certificateless fully homomorphic encryption scheme is presented based on Learning With Errors(LWE) problem.The scheme builds the connection between the user's identity and its public key with the trapdoor one-way function with preimage sampling so that the certificates are no longer necessary.The private keys are chosen by the users without key escrow.In the random oracle model,the security of the scheme strictly reduces to hardness of decisional LWE problem.
Fully homomorphic encryption has important application in cloud computing.However,the existing fully homomorphic encryption schemes share a common flaw that they all use public keys of large scales.And this flaw may cause inefficiency of these schemes in the key and identity management.To solve this problem,a certificateless fully homomorphic encryption scheme is presented based on Learning With Errors(LWE) problem.The scheme builds the connection between the user's identity and its public key with the trapdoor one-way function with preimage sampling so that the certificates are no longer necessary.The private keys are chosen by the users without key escrow.In the random oracle model,the security of the scheme strictly reduces to hardness of decisional LWE problem.
引文
[1]Rivest R,Adleman L,and Dertouzos M.On data banks andprivacy homomorphisms[C].Proceedings of IEEE 17ndAnnual Symposium on Foundations of Computer Science(FOCS1978)Ann Arbor,Michigan,USA,October 16-18,1978:169-177.
[2]Gentry C.Fully homomorphic encryption using ideallattices[C].Proceedings of 41rd ACM Symposium on Theoryof Computing(STOC2009),Bethesda,Maryland,USA,May31-June 2,2009:169-178.
[3]Van Dijk M,Craig Gentry,Halevi S,et al..Fullyhomomorphic encryption over the integers[C].Proceedings ofEUROCRYPT2010,Riviera,French,May 30-June 3,2010:24-43.
[4]Smart N P and Vercauteren F.Fully homomorphicencryption with relatively small key and ciphertext sizes[C].Proceedings of 13th International Conference on Practice andTheory in Public Key Cryptography(PKC2010),Paris,France,May 26-28,2010:420-443.
[5]Gentry C and Halevi S.Implementing gentry’s fully-homomorphic encryption scheme[C].Proceedings ofEUROCRYPT2011,Tallinn,Estonia,May 15-19,2011:129-148.
[6]StehléD and Steinfeld R.Faster fully homomorphicencryption[C].Proceedings of ASIACRYPT2010,Singapore,December 5-9,2010:377-394.
[7]Brakerski Z and Vaikuntanathan V.Efficient fullyhomomorphic encryption from(standard)LWE[C].Proceedings of IEEE 52nd Annual Symposium onFoundations of Computer Science(FOCS2011),Palm Springs,CA,USA,October 22-25,2011:97-106.
[8]Regev O.On lattices,learning with errors,random linearcodes,and cryptography[C].Proceedings of 37rd ACMSymposium on Theory of Computing(STOC2005),Baltimore,MD,USA,May 22-24,2005:84-93.
[9]Brakerski Z,Gentry C,and Vaikuntanathan V.Fullyhomomorphic encryption without bootstrapping[C].Proceedings of Innovations in Theoretical Computer Science2012,Cambridge,MA,USA,January 8-10,2012:309-325.
[10]Gentry C,Halevi S,and Smart N P.Fully homomorphicencryption with Polylog Overhead[C].Proceedings ofEUROCRYPT2012,Canbridge,UK,April 15-19,2012:465-482.
[11]Gentry C,Halevi S,and Smart N.Better bootstrapping infully homomorphic encryption[C].Proceedings of 15thInternational Conference on Practice and Theory in PublicKey Cryptography,Darmstadt,Germany,May 21-23,2012:1-16.
[12]Al-Riyami S S and Paterson K G.Certificateless Public KeyCryptography[C].Proceedings of ASIACRYPT2003,Taipei,Nov.30-Dec.4,2003:452-473.
[13]Peikert C.Public-key cryptosystems from the worst-caseshortest vector problem:extended abstract[C].Proceedings of41rd ACM Symposium on Theory of Computing(STOC2009),Bethesda,Maryland,USA,May 31-June 2,2009:333-342.
[14]Gentry C,Peikert C,and Vaikuntanathan V.Trapdoors forhard lattices and new cryptographic constructions[C].Proceedings of 40rd ACM Symposium on Theory ofComputing(STOC2008),Victoria,British Columbia,Canada,Mar.29-30,2008:197-206.
[2]Gentry C.Fully homomorphic encryption using ideallattices[C].Proceedings of 41rd ACM Symposium on Theoryof Computing(STOC2009),Bethesda,Maryland,USA,May31-June 2,2009:169-178.
[3]Van Dijk M,Craig Gentry,Halevi S,et al..Fullyhomomorphic encryption over the integers[C].Proceedings ofEUROCRYPT2010,Riviera,French,May 30-June 3,2010:24-43.
[4]Smart N P and Vercauteren F.Fully homomorphicencryption with relatively small key and ciphertext sizes[C].Proceedings of 13th International Conference on Practice andTheory in Public Key Cryptography(PKC2010),Paris,France,May 26-28,2010:420-443.
[5]Gentry C and Halevi S.Implementing gentry’s fully-homomorphic encryption scheme[C].Proceedings ofEUROCRYPT2011,Tallinn,Estonia,May 15-19,2011:129-148.
[6]StehléD and Steinfeld R.Faster fully homomorphicencryption[C].Proceedings of ASIACRYPT2010,Singapore,December 5-9,2010:377-394.
[7]Brakerski Z and Vaikuntanathan V.Efficient fullyhomomorphic encryption from(standard)LWE[C].Proceedings of IEEE 52nd Annual Symposium onFoundations of Computer Science(FOCS2011),Palm Springs,CA,USA,October 22-25,2011:97-106.
[8]Regev O.On lattices,learning with errors,random linearcodes,and cryptography[C].Proceedings of 37rd ACMSymposium on Theory of Computing(STOC2005),Baltimore,MD,USA,May 22-24,2005:84-93.
[9]Brakerski Z,Gentry C,and Vaikuntanathan V.Fullyhomomorphic encryption without bootstrapping[C].Proceedings of Innovations in Theoretical Computer Science2012,Cambridge,MA,USA,January 8-10,2012:309-325.
[10]Gentry C,Halevi S,and Smart N P.Fully homomorphicencryption with Polylog Overhead[C].Proceedings ofEUROCRYPT2012,Canbridge,UK,April 15-19,2012:465-482.
[11]Gentry C,Halevi S,and Smart N.Better bootstrapping infully homomorphic encryption[C].Proceedings of 15thInternational Conference on Practice and Theory in PublicKey Cryptography,Darmstadt,Germany,May 21-23,2012:1-16.
[12]Al-Riyami S S and Paterson K G.Certificateless Public KeyCryptography[C].Proceedings of ASIACRYPT2003,Taipei,Nov.30-Dec.4,2003:452-473.
[13]Peikert C.Public-key cryptosystems from the worst-caseshortest vector problem:extended abstract[C].Proceedings of41rd ACM Symposium on Theory of Computing(STOC2009),Bethesda,Maryland,USA,May 31-June 2,2009:333-342.
[14]Gentry C,Peikert C,and Vaikuntanathan V.Trapdoors forhard lattices and new cryptographic constructions[C].Proceedings of 40rd ACM Symposium on Theory ofComputing(STOC2008),Victoria,British Columbia,Canada,Mar.29-30,2008:197-206.