Search

CN-116582237-B - Homomorphic encryption operation key management system and management method

CN116582237BCN 116582237 BCN116582237 BCN 116582237BCN-116582237-B

Abstract

The invention relates to a homomorphic encryption operation key management system and a method for managing homomorphic encryption operation keys. The homomorphic encryption operation key management system receives a public key and a hierarchical galois key from a client device, verifies the validity of the token in response to receiving the token and a request for the homomorphic encryption operation key for the client device from a server, generates a homomorphic encryption operation key using the public key and the hierarchical galois key, and sends the homomorphic encryption operation key to the server when the token is valid.

Inventors

  • LU ZONGSHAN
  • LI JUNYU
  • JIN RONGZHI

Assignees

  • 首尔大学校产学协力团
  • 朝鲜大学敎产学协力团

Dates

Publication Date
20260505
Application Date
20230208
Priority Date
20220210

Claims (16)

  1. 1. A homomorphic encryption operating key management system comprising: a communication interface configured to support communication using a security protocol; memory, and At least one processor operably coupled to the communication interface and memory, wherein: The memory includes a token and one or more public keys received from each of a plurality of electronic devices; In response to the communication interface receiving a first token and a homomorphic encryption operation key request from a first server, the at least one processor verifies the validity of the first token; Generating one or more homomorphic encryption operation keys using one or more public keys for a first electronic device of the plurality of electronic devices based on data obtained by decrypting the first token in response to the first token being valid, and Sending the homomorphic encryption operation key of the first electronic device to the first server through the communication interface; wherein the one or more public keys comprise a hierarchical galois key generated using a private key of the first electronic device.
  2. 2. The homomorphic encryption operating key management system of claim 1, wherein the at least one processor determines that the first token is valid when the at least one processor successfully decrypts the first token based on an encryption method preset by the first electronic device.
  3. 3. The homomorphic encryption operating key management system of claim 1, wherein the first token is encrypted and comprises at least one of a user identity of the first electronic device, allowed operating time information, a type and range of homomorphic encryption operating keys allowed to be generated, or a random number issued by the first electronic device.
  4. 4. The homomorphic encryption operation key management system of claim 3, wherein when the request time of the homomorphic encryption operation key is outside an allowable range based on the allowable operation time information, the at least one processor: Does not generate the homomorphic encryption operation key, and And sending a message for suspending the use of the homomorphic encryption operation key to the first server through the communication interface.
  5. 5. A homomorphic encryption operation key management system according to claim 3, wherein said at least one processor verifies whether said first token is valid by checking said random number according to the type of homomorphic encryption operation key request of said first server.
  6. 6. The homomorphic encryption operating key management system of claim 1, wherein: The hierarchical galois key corresponds to a k-step shift; The at least one processor generates one or more homomorphic rotation operation keys corresponding to the k-step shift by repeatedly performing rotation operations using the hierarchical galois key.
  7. 7. The homomorphic encryption operating key management system of claim 6, wherein the at least one processor stores the one or more homomorphic rotation operating keys in the memory and sets a storage period of the one or more homomorphic rotation operating keys according to content negotiated with the first electronic device.
  8. 8. The homomorphic encryption operation key management system of claim 1, wherein the at least one processor sends the homomorphic encryption operation key stored in the memory to the first server in response to searching the memory for the requested homomorphic encryption operation key for the first electronic device.
  9. 9. A method of managing homomorphic encryption operation keys, the method comprising: Receiving a first token and a request for a homomorphic encryption operation key from a first server; Verifying the validity of the first token and, when the first token is valid, generating the homomorphic encryption operation key using one or more public keys received from a first electronic device based on data obtained by decrypting the first token, and Sending the homomorphic encryption operation key to the first server; wherein the one or more public keys comprise a hierarchical galois key generated using a private key of the first electronic device.
  10. 10. The method of claim 9, wherein the method further comprises sending a message to the first server indicating that the first token is invalid when the first token is invalid.
  11. 11. The method of claim 9, wherein the generating the homomorphic encryption operation keys comprises generating one or more homomorphic rotation operation keys by repeatedly performing a rotation operation using the hierarchical galois key.
  12. 12. The method of claim 9, wherein verifying the validity of the first token comprises determining that the first token is valid when the first token is decrypted using an encryption method preset by the first electronic device.
  13. 13. The method of claim 9, wherein the first token is encrypted and comprises at least one of a user identity of the first electronic device, allowed time of operation information, a type and range of homomorphic encryption operation keys allowed to be generated, or a random number issued by the first electronic device.
  14. 14. The method of claim 13, wherein the generating the homomorphic encryption operation key comprises sending a message to the first server to suspend use of the homomorphic encryption operation key without generating the homomorphic encryption operation key when a request time of the homomorphic encryption operation key is outside an allowable range based on the allowable operation time information.
  15. 15. The method according to claim 13, wherein: The verifying of the validity of the first token includes checking the random number according to a type of homomorphic encryption operation key request of the first server, and A homomorphic encryption operation key is generated in response to the first token being valid.
  16. 16. The method of claim 9, wherein the method further comprises setting a storage period of the homomorphic encryption operation key according to content negotiated with the first electronic device, and storing the homomorphic encryption operation key in a memory.

Description

Homomorphic encryption operation key management system and management method Technical Field The present invention relates to homomorphic encryption technology, and more particularly, to a method of generating an operation key for homomorphic encryption operation in a client-server model. Background Homomorphic encryption (homomorphic encryption, HE) is an encryption method that can compute data in an encrypted state. The result of the operation performed by using the ciphertext becomes a new ciphertext, and the plaintext obtained by decrypting the ciphertext is identical to the operation result of the original data before encryption. Homomorphic encryption may be used to store personal information in an external medium or to calculate personal information while securing the personal information. For example, when homomorphic encryption is used, data may be outsourced to a business cloud service in an encrypted state and processed in an encrypted state. In homomorphic encryption, several pieces of data are encrypted into one ciphertext, and when two different ciphertexts are operated on, the operation is performed between the pieces of data at corresponding positions. When it is necessary to perform an operation on data at different positions in the ciphertext in an encrypted state, it is necessary to move the position in some cases to perform the operation. Only homomorphic rotation operation is an operation of changing the data position in ciphertext in an encrypted state, homomorphic rotation operation is a cyclic shift operation in an encrypted state, and homomorphic rotation operation corresponds to a basic operation in using homomorphic encryption. Fig. 1 is a network environment of a conventional client-server model for performing homomorphic encryption operations. Referring to fig. 1, in a conventional client 1-server 2 model for performing homomorphic encryption operations, a client 1 generating ciphertext from homomorphic encryption may generate and transmit the necessary operation keys to request the server 2 to perform homomorphic encryption operations on the ciphertext. For example, the client 1 may generate a rotation operation key for performing a rotation operation according to homomorphic encryption using its private key (SECRET KEY) and transmit the generated rotation operation key to the server 2, thereby performing a rotation operation on ciphertext in the server 2. The operation key required for homomorphic encryption may be generated from the private key of the client 1 and thus cannot be generated in another electronic device (e.g., the server 2) that does not know the private key. Disclosure of Invention Homomorphic rotation keys used to perform rotation operations in homomorphic encryption take several hundred MB in many cases and are of over 100 types. Thus, considerable costs are incurred when all rotational operation keys are generated by client electronic devices of relatively low specification compared to the server and transmitted to the server. In addition, even when a server generates homomorphic rotation operation keys, if there are actually a plurality of servers performing homomorphic encryption operations in response to a service request from a client, it is not appropriate from the standpoint of the overall memory burden to generate or store all rotation operation keys for the client by each of the plurality of servers. According to an embodiment of the present disclosure, a method of generating an operation key using a public key of a client is newly proposed, and a right to generate an operation key required for homomorphic encryption operation of ciphertext of the client can be delegated to another electronic device. As one embodiment, a homomorphic encryption operation key management system may be provided for generating and transmitting homomorphic encryption operation keys of a client ciphertext in response to a request from a server, and storing and managing the generated operation keys. According to an embodiment of the present disclosure, a homomorphic encryption operation key management system capable of transmitting an operation key stored in a memory on the fly or generating the operation key only once and transmitting the generated operation key to one or more servers requesting homomorphic encryption operation keys of the same client may be provided. In accordance with one aspect of the present invention, the above and other objects can be accomplished by the provision of a homomorphic encryption operation key management system comprising a communication interface configured to support communication using a secure protocol, a memory, and at least one processor operatively coupled to the communication interface and the memory, wherein the memory comprises a token and one or more public keys received from each of a plurality of electronic devices, the at least one processor verifying the validity of the token in response to the communication interface receiv