CN-121984661-A - Encryption method, system and service for evaluating real valued function on encrypted data

Abstract

The present invention relates to an encryption method based on homomorphic encryption and variants thereof, enabling the evaluation of a one-or multi-element real-valued function on encrypted data, allowing a wider and efficient homomorphic processing on the encrypted data.

Inventors

• P. G.Y. Parier
• M. Joey

Assignees

• 扎马简易股份有限公司

Dates

Publication Date

20260505

Application Date

20210514

Priority Date

20200514

Claims (16)

1. 1. An encryption method performed in digital form by at least one information processing system, said at least one information processing system being specifically programmed to process real variables Is a unitary function of (2) Performing approximate homomorphism evaluation, wherein the unitary function is in a definition domain In taking out Encoded ciphertext of (a) As input and return Encoded ciphertext of an approximation of (a) Wherein Wherein And Is a homomorphic encryption algorithm, and And Is the function of the code that is used, The method comprises the following steps: Pre-computing the univariate function A corresponding table step comprising: Domain of the function Is decomposed into Selected subintervals of The union of the subintervals constitutes ; For the following Each index of (3) In subintervals of In determining representative And calculate the value Wherein is an integer Quantitate the function to be evaluated The actual accuracy of the variable representation at the input of (a); The return includes Individual components Form of (2) Wherein for the following , ; -B. a step of homomorphic evaluation of the table, comprising: If it is Ciphertext is taken Conversion to integers Ciphertext of (2) The integer is Will be assembled Index in (a) As an expected value, where Is a discretization function that relates integers to their inputs, and Is a homomorphic encryption algorithm; Based on ciphertext Sum form Obtaining the element Ciphertext of (2) The elements are Will be As the expected value; return to 。
2. 2. The encryption method of claim 1, wherein: -a function to be evaluated Is defined by real intervals Is given; -an overlay domain A kind of electronic device Each interval ( ) Is a half-open subinterval Dividing in a regular manner 。
3. 3. The encryption method according to claim 1, wherein for an integer Aggregation of Is an addition group Is a subset of the set of (c).
4. 4. The encryption method of claim 3, wherein the group Expressed as a unit of original in a multiplicative manner The power of the root of the order, where the units are expressed as Thereby will give Elements of (2) Associated to elements Unit of All of (3) Root formation and root formation For multiplying and modulo taking isomorphic groups 。
5. 5. The encryption method according to claim 1, wherein homomorphic encryption algorithm Is applied to the ring Given by the LWE type encryption algorithm of (2), and will As the plain text original space.
6. 6. The encryption method according to claim 5, wherein the parameter is an integer Wherein: -coding function Is included in subintervals of the ring Inner and Discretization function The elements of the ring Applied to the product Taking out mould Wherein At the position of The mathematical form is: 。
7. 7. The encryption method according to claim 6, wherein when the function Is defined as real space At the time, the coding function Is that 。
8. 8. The encryption method according to claim 5, wherein homomorphic encryption algorithm Is an LWE type encryption algorithm and the coding function Is an identity function.
9. 9. The encryption method according to claim 5, wherein the encryption method is performed by an even integer Is a parameter, wherein homomorphic encryption algorithm Is RLWE type encryption algorithm for Any polynomial of (2) Coding function Is a function of 。
10. 10. The encryption method according to claim 8, so as to be equal to Even integer of (2) As a parameter, wherein the LWE ciphertext in the ring Is from approximation to polynomial Is extracted in RLWE, where In (a) And wherein 。
11. 11. The encryption method of claim 1, wherein, when the function is The image of (a) is a real number interval In the time-course of which the first and second contact surfaces, Homomorphic encryption algorithm By application to rings Is given by LWE-type encryption algorithm of (2), and will As a plaintext original space; -coding function Is that 。
12. 12. The encryption method according to claim 1, wherein the at least one unitary function subjected to the approximate homomorphism evaluation is derived from a preliminary processing of the at least one multi-element function by performing the preliminary steps of: A pre-calculation step comprising converting each of said multivariate functions into a network of univariate functions comprising a complex sum of univariate real valued functions; a pre-selection step comprising identifying in said pre-computed network of unitary functions redundancy of one of three types: -the same unary function applied to the same parameter; -different univariate functions applied to the same parameters; -applying the same univariate function to parameters differing by non-zero additive constants, and selecting all or part of the above; A step of homomorphism evaluation of each of the pre-computed networks of unitary functions, wherein the redundancy selected in the pre-selection step is evaluated in a shared manner when all or part of one or more of the unitary functions are reused.
13. 13. The encryption method according to claim 1, wherein the input encrypted data comes from a previous re-encryption step, thereby encrypting the algorithm in the homomorphic state Is set in the form of an encrypted ciphertext.
14. 14. An information handling system, wherein the information handling system is programmed to implement the homomorphic assessment encryption method of claim 1.
15. 15. A computer program intended to implement the encryption method according to claim 1 when loaded onto an information processing system.
16. 16. A remote service of the cloud computing type for implementing the encryption method of claim 1, wherein tasks are shared between a data holder and one or more third parties that are digital processing service providers.

Description

Encryption method, system and service for evaluating real valued function on encrypted data The application is a divisional application of an application patent application with international application date of 2021, 5-month 14, national application number of 202180060685.7 and name of encryption method, system and service for evaluating real value function on encrypted data. Technical Field The invention relates to improving homomorphic assessment of one or more functions applied to previously encrypted dataHomomorphe). Based on recent cryptographic work, this technical field may include many applications in all areas of activity where privacy restrictions exist (such as, but not limited to, privacy preserving applications, business secret applications, or medical data applications). More particularly, the present invention relates to a method for implementing the calculations required to automatically complete homomorphic assessment of one or more functions by one or more specially programmed computer systems. Therefore, it is necessary to consider limited storage and computation time capabilities, or in the case of cloud computing type remote processing, transmission capabilities that are known to the information processing system that should perform this type of evaluation. As will be described below, the development of homomorphic encryption methods has so far been greatly hampered by such technical limitations inherent in most schemes related to computer processing power and proposed by the literature, particularly in terms of machine resources to be implemented and computation time to be supported in order to perform the different computation phases. Background A fully homomorphic encryption scheme (Fully Homomorphic encryption, abbreviated FHE) enables any participant to encrypt a set of ciphertext (corresponding to plaintext) Public conversion to a given function corresponding to plaintextAnd the participant itself has no access to the plaintext. It is well known that such schemes can be used to construct protocols that conform to private life (PRIVACY PRESERVING) in that a user can store encrypted data on a server and authorize a third party to perform operations on the encrypted data without having to disclose the data itself to the server. The first generation of full homomorphic encryption scheme was only proposed by Gentry in 2009 (he has obtained patent No. US8630422B2 in 2014 based on the first application in 2009); see also [ CRAIG GENTRY, "Fully homomorphic encryption using IDEAL LATTICES", in 41stPages 169-178, ACM Press, 2009]. The construction Gentry is now no longer used, but one of the functions it introduces, "bootstrapping", in particular one of its embodiments, is widely used in the solutions proposed subsequently. Bootstrapping is a technique for reducing ciphertext noise-in fact, in all known FHE schemes, the ciphertext includes a small amount of random noise, which is necessary for security. When performing an operation on the noisy ciphertext, the noise may increase. After evaluating a given number of operations, this noise can become too high, potentially compromising the results of the calculations. Bootstrapping is therefore the basis for constructing homomorphic encryption schemes, but this technique is very expensive, both in terms of memory used and computation time. Work after Gentry publication is aimed at providing new schemes and improving bootstrapping in order to make homomorphic encryption practical. The most well known constructions are DGHV [ MARTEN VAN Dijk, CRAIG GENTRY, SHAI HALEVI and Vinod Vaikuntanathan, "Fully homomorphic encryption over THE INTEGERS", in, volume 6110 de Lecture Notes in Computer Science, pp. 24-43, Springer, 2010]、BGV [Zvika Brakerski, Craig Gentry And Vinod Vaikuntanathan, "(Leveled) fully homomorphic encryption without bootstrapping", inPages 309-325, ACM Press, 2012], GSW [ CRAIG GENTRY, eds, AMIT SAHAI and Brent Waters, "Homomorphic encryption from learning with errors: Conceptually simpler, asymptotically faster, Attribute-based", in Advances in Cryptology-CRYPTO 2013, Part I, volume 8042 de Pp.75-92, springer, 2013] and variants thereof. While bootstrap is not feasible in practice (one lifetime is not sufficient to complete the calculation) in the first generation Gentry scheme, the successively proposed architecture makes this operation feasible, although not very practical (each bootstrap lasts a few minutes). A faster bootstrap, performed on GSW-type schemes, has been proposed by Ducas and Micciancio in 2015Ducas and Daniele Micciancio, "FHEW: bootstrapping homomorphic encryption IN LESS THAN A second", inPart I, volume 9056 de Lecture Notes in Computer Science, pages 617-640, springer, 2015] bootstrap operations are performed in slightly more than half a second. In 2016, chillotti, gama, georgeva and Izabachene proposed a new variant of the FHE scheme, called TFHE [ IIaria Chillotti, nicolas Gama, mariya Georgieva and Malika, “