CN-121814321-B - Quantum threshold value resisting encryption method and system

Abstract

The invention belongs to the technical field of encryption and provides an anti-quantum threshold encryption method and system, wherein a trusted third party generates system parameters, uniformly and randomly generates a matrix, samples secret vectors and noise vectors, calculates public key vectors, takes the matrix and the public key vectors as public keys to be disclosed, distributes unique and disclosed identification values for each authorized visitor, calculates private key shares of the authorized visitor, respectively sends the private key shares to the authorized visitor, a data owner obtains a message to be encrypted and a public key, calculates ciphertext, the ciphertext comprises a first component and a second component, the authorized visitor participating in decryption reads the first component of the ciphertext, calculates a part of decryption value, sends the identification values and the part of decryption value to the trusted third party, and when the trusted third party receives the part of decryption value which is not less than the threshold parameters, calculates Lagrange coefficients, calculates an aggregate decryption value, decrypts the ciphertext and sends the obtained result to the authorized visitor participating in decryption. The invention can ensure the confidentiality of the message.

Inventors

• GAO FEI
• LAN FENG
• ZHUANG JINCHENG

Assignees

• 山东大学

Dates

Publication Date

20260508

Application Date

20260312

Claims (6)

1. 1. An anti-quantum threshold encryption method is characterized by comprising the following steps: generating system parameters by a trusted third party, uniformly and randomly generating a matrix according to the system parameters, sampling a secret vector and a noise vector, calculating a public key vector according to the sampled vector, and disclosing the matrix and the public key vector as a public key; the trusted third party constructs a vector and a polynomial according to the secret vector and the noise vector, distributes a unique and public identification value for each authorized visitor, calculates the private key share of the authorized visitor, and respectively sends the private key share to the authorized visitor; The data owner obtains a message to be encrypted and a public key, samples a random vector and a noise vector, constructs an expansion matrix, calculates a ciphertext according to the expansion matrix, the random vector and the noise vector, and the ciphertext comprises a first component and a second component; when the encrypted data is required to be accessed, at least authorized visitors with the preset threshold parameter quantity initiate decryption requests, the authorized visitors participating in decryption read the first component of the ciphertext, calculate partial decryption values, and send the identification values and the partial decryption values to a trusted third party; When the trusted third party receives partial decryption values which are not less than the number of the preset threshold parameters, calculating the Lagrange coefficient, calculating the aggregate decryption value, decrypting the ciphertext, and sending the obtained result to authorized visitors participating in decryption; in the process of generating system parameters by a trusted third party, the system parameters comprise a modulus and a module Integer ring of (2) Parameters (parameters) And Number of authorized visitors And threshold parameter ; The method comprises uniformly and randomly generating matrix according to system parameters, sampling secret vector and noise vector, calculating public key vector according to sampled vector, and disclosing matrix and public key vector as public key by uniformly and randomly generating matrix From noise distribution Mid-sampling secret vector And noise vector Calculating a public key vector Matrix is formed Sum vector Public as a public key; the process of the data owner obtaining the message to be encrypted and the public key, sampling the random vector and the noise vector includes the data owner sampling the random vector from the noise distribution And noise vector , The width of the gauss is larger; Constructing an expansion matrix, and calculating ciphertext including a first component and a second component based on the expansion matrix, the random vector, and the noise vector, the process including constructing the expansion matrix Calculating ciphertext Wherein the ciphertext first component Ciphertext second component Uploading the ciphertext to a cloud server; All using the same But distinguish between the texts And Regarded as qMH-MLWE problem, in which Is randomly and uniformly selected.
2. 2. The quantum threshold encryption method of claim 1 wherein the process of constructing the vector sum polynomial based on the secret vector and the noise vector comprises constructing the vector by the trusted third party The number of construction times is Is a polynomial of (2) , wherein, Is a mould And (5) randomly selecting coefficients.
3. 3. The quantum threshold encryption method according to claim 1, wherein the process of assigning each authorized visitor a unique and public identification value is to assign each authorized visitor a unique and public identification value Wherein And calculate its private key share ) Wherein The private key shares are sent to authorized visitors, respectively.
4. 4. The quantum threshold encryption method of claim 1 wherein the act of reading the first component of ciphertext by an authorized visitor engaged in decryption includes the act of engaging in decryption The authorized visitor reads the ciphertext first component Sampling noise vector Wherein at least one of the components is arranged to participate in decryption The set of authorized visitors is , Calculating a partial decryption value And combining the identification value and the partial decryption value And sending the message to a trusted third party.
5. 5. The quantum threshold encryption method according to claim 1, wherein calculating Lagrange coefficient, calculating aggregate decryption value, and decrypting ciphertext comprises receiving at least one of the following by a trusted third party Personal (S) Calculating Lagrange coefficients And calculates an aggregate decryption value = Calculation of And sending the obtained result to authorized visitors participating in decryption.
6. 6. An anti-quantum threshold encryption system employing the method of claim 1, comprising: The trusted third party is used for generating system parameters, uniformly and randomly generating a matrix according to the system parameters, sampling a secret vector and a noise vector, calculating a public key vector according to the sampled vector, and disclosing the matrix and the public key vector as a public key; constructing a vector and a polynomial according to the secret vector and the noise vector, distributing unique and public identification values for each authorized visitor, calculating the private key share of each authorized visitor, and respectively transmitting the private key shares to the authorized visitor; Receiving decryption values of all parts, calculating Lagrange coefficients when receiving the decryption values of the parts which are not less than the number of the preset threshold parameters, calculating an aggregate decryption value, decrypting ciphertext, and transmitting the obtained result to authorized visitors participating in decryption; The data owner is used for acquiring a message to be encrypted and a public key, sampling a random vector and a noise vector, constructing an expansion matrix, and calculating a ciphertext according to the expansion matrix, the random vector and the noise vector, wherein the ciphertext comprises a first component and a second component; the authorized visitor is used for initiating a decryption request when the encrypted data is required to be accessed, the authorized visitor participating in decryption reads the first component of the ciphertext, calculates a part of decryption value, and sends the identification value and the part of decryption value to a trusted third party; and the cloud server is used for storing the ciphertext data and providing ciphertext access service.

Description

Quantum threshold value resisting encryption method and system Technical Field The invention belongs to the technical field of encryption, and particularly relates to an anti-quantum threshold encryption method and system. Background The statements in this section merely provide background information related to the present disclosure and may not necessarily constitute prior art. With the rapid development of cloud computing and distributed systems, a large amount of sensitive data is encrypted and stored in a cloud environment, and a cloud server provides access services for a plurality of users or organizations. Because the cloud environment generally adopts a centralized storage and distributed access mode, data not only needs to meet strict data confidentiality requirements in the storage and use process, but also needs to support multi-party collaborative access in a specific business scene. For example, in application scenarios such as cloud data sharing, multi-role joint authorization, and distributed collaborative decision-making, multiple mutually independent participants are often required to participate in the data access and processing process together. In the above scenario, if a single entity independently grasps the complete decryption key, a single point leakage risk is easily caused. In order to solve the above problems, the threshold encryption technology is gradually applied to the field of data protection of multiparty collaboration. The threshold encryption is implemented by splitting the decryption key into a plurality of key shares and distributing the key shares to different participants, so that the original plaintext data can be restored only when the number of the decryption participants reaches a preset threshold, and the safety and the reliability of the system are effectively improved. However, existing threshold encryption schemes are mostly based on traditional public key cryptosystems, and their security usually depends on large integer decomposition problem or discrete logarithm problem. With the development of quantum computing technology, the above-mentioned difficult problems may face security risks in the future, thereby threatening the security of the conventional threshold encryption scheme. Therefore, how to construct a threshold encryption scheme with quantum computation resistance becomes an important issue in current cryptography research and application. Cryptographic schemes based on the grignard problem are considered as important candidate directions for post quantum cryptography due to their provable security and good structural expansibility. The problem of error learning (LEARNING WITH Errors, LWE) is that a matrix and vector combination containing secret information is indistinguishable from a completely random combination in a computational sense by introducing small random errors in a linear relation, so that provable security guarantee is provided for an encryption scheme. Although encryption schemes based on LWE have provable security, in practical applications, LWE-based schemes generally have problems of large public key and ciphertext sizes and high computation and communication overhead. To improve efficiency, 2015 Langlois et al proposed Module learning and error (Module LEARNING WITH Errors, MLWE) issues. MLWE inherits the security of LWE, and simultaneously introduces a polynomial ring structure, so that a single sample can bear more dimensionality information, and the key and ciphertext size are effectively compressed under the same security level. MLWE-based schemes (e.g., CRYSTALS-Kyber) achieve a better balance between efficiency and security and have become the dominant choice in post quantum cryptography standardization processes. To further enhance the flexibility and functionality expansion capabilities of cryptographic schemes in complex protocol environments, kim et al in 2023 raised the problem of MLWE with hints (Hint-MLWE). The problem allows an attacker to obtain partial extra hints about the key on the basis of MLWE while still maintaining the computational difficulty of the problem, but the sampling of elements of the coefficient matrix in the partial extra hints about the key remains limited to some sort of set. Disclosure of Invention In order to solve the problems, the invention provides an anti-quantum threshold encryption method and system, and a threshold encryption scheme based on novel difficult problems is constructed in a cloud environment, the scheme meets the requirements of anti-quantum security and threshold encryption, reduces the security to the novel difficult problems, ensures the confidentiality of messages even if the ciphertext contains partial auxiliary information about random vectors, reduces the number of leaked LWE examples, enhances the security, and simultaneously improves the practicability and the selectivity of threshold encryption in cloud environment application scenes. According to some embodimen