CN-115603896-B - Privacy protection method and system for AES encryption under optimized MPC

Abstract

Under the mechanism of secret sharing of two sides of addition, a third party holding original data carries out AES segmentation operation on the original data, then the segmentation is sent to both sides of AES calculation as input, a series of pretreatment random segmentation is calculated, and the pretreatment segmentation is sent to both sides of AES calculation, so that both sides carry out local calculation after communication to obtain the result of S-box encryption. The invention generates the fragments of auxiliary operation in the preprocessing stage, applies the fragments to the S-box interactive calculation process on the line, and improves the password substitution box (S-box) operation polynomial in the AES encryption, thereby reducing the traffic of the on-line stage and improving the privacy protection efficiency at the cost of preprocessing fragment storage in the off-line stage.

Inventors

• ZHANG XU
• XING CHAOPING

Assignees

• 上海交通大学

Dates

Publication Date

20260512

Application Date

20221008

Claims (7)

1. 1. Under the mechanism of secret sharing of two sides addition, firstly, carrying out AES segmentation processing on original data by a third party holding the original data, and then sending the obtained segmentation to both sides of AES computation, so that both sides carry out communication and then carry out local computation to obtain an S-box encryption result; The AES slicing processing comprises key expansion, round key addition, byte replacement, column confusion and row transformation which are sequentially carried out; The two parties respectively perform local calculation after communication, and specifically comprises the following steps: step ① computing both parties to secret sharing the random value and generating seven secret shared values ; Step ②, generating a secret sharing group 1 to 7 times, wherein, The secondary secret sharing group refers to a plurality of random secret sharing values A set formed by secret sharing of all i times of singles formed by the elements; Step ③ each participant calculates Is segmented and broadcast to obtain Thereby, the original S-box polynomial And (b) and Has been broadcast, thus converting the original S-box polynomial to a shared value with respect to the secret Is a polynomial of (2) Wherein: secret sharing values corresponding to each power of the AES state byte x; Step ④ bringing the previously generated secret sharing group to a polynomial Each participant can obtain the fragments of the final original S-box polynomial result, and when each participant broadcasts the fragments of the obtained final result, the final result can be obtained; When the S-box operation in the AES is calculated in the secure multiparty calculation scene, the calculation is completed under the condition of storing fragments in advance, namely, fragments are generated locally by a fragment unit under the line of the first third party, and the fragments are generated and sent to both sides.
2. 2. The optimized AES implementation for secure multiparty computing scenario according to claim 1, wherein the two-party addition secret sharing is to share a value for one secret Divide it into Both sides performing the calculation respectively hold And does not know the opposite party's shard value, the value is shared for the secret Privacy protection is carried out, and under the secret sharing mechanism of addition, all generated intermediate results and final results meet the requirement of addition sharing, namely, for any function By setting the corresponding operation mode, the method leads to 。
3. 3. The optimized AES implementation for secure multiparty computing scenarios according to claim 1, wherein the key expansion comprises expanding a 16-byte key to 44 x four 1-byte keys, comprising: 1) The keys with 16 bytes are arranged into a 4*4 matrix, and the total four columns are four keys with 4 bytes of the first round ); 2) For the last 4-byte key, i.e Performing left loop shift once, performing s-box operation once, and adding the leftmost byte and constant RC to obtain Recalculating Thereby obtaining the key of the next round of encryption ); 3) And continuing the operation of the four 4-byte keys obtained in the step 2) for 10 rounds, and finally obtaining forty-four 4-byte keys to be used in the round key addition process of 11 rounds.
4. 4. The optimized AES implementation for secure multiparty computing scenario according to claim 1, wherein the round key addition is a local addition of two secret shared values for which And Only two parties are required to perform local calculation: Then finally get The mechanism of satisfying the addition sharing, namely the final result 。
5. 5. The optimized AES implementation for secure multiparty computing scenarios according to claim 1, wherein the column confusion is a multiplication of secret shared values with a constant matrix, performed locally by both parties: Then finally get The mechanism of satisfying the addition sharing, namely the final result 。
6. 6. The optimized AES implementation for a secure multiparty computing scenario according to claim 1, wherein the row transformation shifts secret sharing values for one of the secret sharing values For the following Is shifted by two pairs of local pairs The shift operation is completed.
7. 7. An optimized AES implementation system for secure multiparty computing scenarios implementing the method of any one of claims 1-6, characterized in that it comprises an offline generation fragmentation unit that generates a plurality of pre-processed fragments for use in the online S-box operation phase and distributes them to both computing parties performing the AES encryption operation as an offline generation fragmentation unit of a trusted third party, an input unit that locally partitions the fragments for the original data, i.e. plaintext, and key, and then transmits the fragments to both computing party servers performing the AES encryption operation, a communication broadcast unit that performs communication interactions for both computing parties performing the AES encryption operation, broadcasting a plurality of fragment values, and a local computing unit that performs all local direct additions and obtains the result of S-box encryption after communication using a fragment computation polynomial.

Description

Privacy protection method and system for AES encryption under optimized MPC Technical Field The invention relates to a technology in the field of privacy protection, in particular to a privacy protection method and a privacy protection system for optimizing AES encryption under the condition of secure multiparty computing (MPC). Background Secure multiparty computing (Secure multiply computation) is a theoretical framework proposed to solve the collaborative computing problem of a group of mutually untrusted parties, guaranteeing privacy and without trusted third parties. Two properties that secure multiparty computing needs to satisfy are privacy, i.e. participant P i will not get any information of x j, where i+.j, correctness, i.e. function value f (x 1,x2,...,xn) should be calculated correctly. In the current most secure multiparty calculation models, when calculating a polynomial, polynomial operation is split into certain addition operation and multiplication operation, and the addition and multiplication have more mature algorithms in the secure multiparty calculation, and after the polynomial is split, the basic algorithms are adopted to carry out the operation of polynomial results. Disclosure of Invention Aiming at the defects that AES encryption calculation can not be realized efficiently under the condition of multiparty calculation and AES encryption can not be realized safely by two parties under the premise of privacy protection in the prior art, the invention provides a privacy protection method and a privacy protection system for optimizing AES encryption under MPC, the method has the advantages that the fragments of auxiliary operation are generated in the preprocessing stage and are applied to the S-box interactive calculation process on line, and the password substitution box (S-box) operation polynomial in AES encryption is improved, so that the traffic of the on-line stage is reduced and the privacy protection efficiency is improved at the cost of preprocessing fragment storage in the off-line stage. The invention is realized by the following technical scheme: Under the mechanism of secret sharing of two sides of addition, the invention firstly carries out AES segmentation operation on original data by a third party holding the original data, then sends the segmentation to both sides of AES calculation as input, calculates a series of pretreatment random segmentation, and sends the pretreatment segmentation to both sides carrying out AES calculation, so that both sides carry out communication and then carry out local calculation to obtain the result of S-box encryption. The AES slicing operations include key expansion (key-expansion), round key addition (add round key), byte substitution (sub key), column aliasing (mix columns), and row transformation (shiftrows). The original data refers to an encrypted plaintext and a secret key which are provided by an operator desiring to perform AES encryption. The two-party addition secret sharing refers to that one secret sharing value x is divided into x=x 1+x2, two parties for calculation respectively hold x 1,x2, the fragment value of the other party is not known, and the secret value x is subjected to privacy protection. Under the secret sharing mechanism of addition, all intermediate results and final results generated meet the requirement of addition sharing, namely, for any one function f (x), f (x) =f (x 1)+f(x2) is set by setting a corresponding operation mode. The invention relates to a system for realizing the method, which comprises an off-line generation slicing unit, an input unit, a communication broadcasting unit and a local computing unit, wherein the off-line generation slicing unit serving as a trusted third party generates a series of preprocessing slices used in an on-line S-box operation stage and distributes the preprocessing slices to two computing parties for executing an AES encryption operation, the input unit is a client end for expecting to obtain an encryption result, the client end locally divides the slices into a plaintext and a secret key, then transmits the slices to two computing party servers for executing the AES encryption operation, the communication broadcasting unit performs communication interaction for the two computing parties for executing the AES encryption operation, broadcasts a series of slicing values, and the local computing unit executes all local direct addition and utilizes a slicing computation polynomial after communication to obtain the S-box encryption result. Drawings FIG. 1 is a flow chart of the present invention. Detailed Description Under the mechanism of secret sharing of addition of two parties, a third party holding original data performs AES (advanced encryption standard) fragmentation operation on a secret key and encrypted data, and then the result of the fragmentation operation is sent to the two parties performing the calculation, so that the two parties respectively perform