Search

CN-122027157-A - Encryption method, system and service for evaluating one or more real valued functions of encrypted data

CN122027157ACN 122027157 ACN122027157 ACN 122027157ACN-122027157-A

Abstract

The present invention relates to an encryption method based on homomorphic encryption and variants thereof, enabling the evaluation of real valued functions on encrypted data, allowing a wider and efficient homomorphic processing on the encrypted data.

Inventors

  • P. G.Y. Parier
  • M. Joey

Assignees

  • 扎马简易股份有限公司

Dates

Publication Date
20260512
Application Date
20210514
Priority Date
20200514

Claims (20)

  1. 1. An encryption method performed in digital form by at least one information handling system, the at least one information handling system being specifically programmed to perform a function on a unary unit Evaluating the real value variable of the unitary function As input, the method comprises: Get input Is encrypted ciphertext of (a) As input and apply back to Is an encrypted ciphertext of a corresponding input of the (b), wherein Is a homomorphic encryption algorithm, and Is a coding function which is to be Elements in the plaintext raw space of (2) are associated to real numbers The method comprises the following steps: Pre-calculation, wherein the univariate function to be evaluated Is discretized into several intervals covering its definition domain, each interval being defined by a value AND function Corresponding value of (a) represents a function Is formed by a series of forms Is displayed in list by pairs of (a) for slave Ciphertext start in the domain for the function definition Homomorphic calculation of arbitrary value of (2) Ciphertext or approximation of (a), and -Homomorphically evaluating the unary function.
  2. 2. The encryption method according to claim 1, comprising, for real-valued variables At least the unitary function of (1) Sub-process of performing approximate homomorphism assessment, take Encoded ciphertext of (a) As input, and return to Encoded ciphertext of an approximation of (a) Wherein Wherein the univariate function is in a domain of definition With arbitrary precision and in the image Has a real value in which And Is a homomorphic encryption algorithm, and And Is the function of the code that is used, Wherein: -pre-computing comprises pre-computing with the unitary function A corresponding table comprising: Domain of the domain Into several intervals, said intervals being Selected subintervals of The union of the subintervals constitutes Wherein is an integer Quantitate the function to be evaluated Accuracy of variable representation of the input of (a); For the following Each index of (3) Through subintervals Is representative of (a) Determining a value ; The return includes Individual components Form of (2) Wherein for the following , ; -Homomorphism evaluation of the univariate function comprises: If it is Ciphertext is taken Conversion to integers Ciphertext of (2) The integer is Will be assembled Index in (a) As an expected value, where Is a discretization function that relates integers to their inputs, and Is a homomorphic encryption algorithm; Based on ciphertext Sum form Obtaining the element Ciphertext of (2) The elements are Will be As the expected value; Return to 。
  3. 3. The encryption method according to claim 2, wherein the homomorphic encryption algorithm And The corresponding plain text original space is And , -Coding function Domain taking Elements of the domain are used as inputs and the domain Elements of (2) Is associated with an element of the group consisting of, -Coding function Taking an image As input and take the image Elements of (2) Is associated with an element of the group consisting of, Discretization function Taking out As input and take the element of (2) Is associated with an exponent represented by an integer, Homomorphic encryption scheme with encryption algorithm The encryption algorithm Plain text original space of (a) Having at least Is used for the base number of (c), -Coding function Take integer as input and return To make a domain of Through coding of images of (2) Discretization Is from At most selected of (a) A collection of individual indices.
  4. 4. The encryption method according to claim 2, wherein -A function to be evaluated Is defined by real intervals Is given; -an overlay domain A kind of electronic device Each interval ( ) Is a half-open subinterval Dividing in a regular manner 。
  5. 5. The encryption method of claim 2, wherein for integers Aggregation of Is an addition group Is a subset of the set of (c).
  6. 6. The encryption method of claim 5, wherein a group The original expressed as units in multiplication The power of the root of the order, where the units are expressed as Thereby will give Elements of (2) Associated to elements Unit of All of (3) Root formation and root formation For multiplying and modulo taking isomorphic groups 。
  7. 7. The encryption method according to claim 2, wherein the homomorphic encryption algorithm Is applied to the ring Given by the LWE type encryption algorithm of (2), and will As the plain text original space.
  8. 8. The encryption method according to claim 7, wherein the encryption method is performed in integers Is a parameter, wherein: -coding function Is included in subintervals of the ring Inner and Discretization function The elements of the ring Applied to the product Is the rounding of (2), wherein At the position of The mathematical form is: 。
  9. 9. The encryption method according to claim 8, wherein when the function Is defined as real space At the time, the coding function Is that 。
  10. 10. The encryption method according to claim 7, wherein homomorphic encryption algorithm Is an LWE type encryption algorithm and the coding function Is an identity function.
  11. 11. The encryption method according to claim 7, wherein the encryption method is performed in an even integer Is a parameter, wherein homomorphic encryption algorithm Is RLWE type encryption algorithm and is directed to Any polynomial of (2) Coding function Is a function of 。
  12. 12. The encryption method according to claim 10, the encryption method being equal to Even integer of (2) As a parameter, wherein the LWE ciphertext in the ring Is from approximation to polynomial Is extracted in RLWE, where In (a) And wherein 。
  13. 13. The encryption method according to claim 2, wherein when the function The image of (a) is a real number interval In the time-course of which the first and second contact surfaces, Homomorphic encryption algorithm By application to rings Is given by LWE-type encryption algorithm of (2), and will As a plaintext original space; -coding function Is that 。
  14. 14. The encryption method according to claim 1, wherein the input encrypted data comes from a previous re-encryption so as to encrypt the algorithm in the homomorphic state Is set in the form of an encrypted ciphertext.
  15. 15. An information handling system programmed to implement the homomorphic assessment encryption method of claim 1.
  16. 16. A computer program for implementing the method of claim 1, the computer program being intended to be loaded by an information processing system.
  17. 17. A remote service of the cloud computing type for implementing the encryption method of claim 1, wherein tasks are shared between a data holder and one or more third parties that are digital processing service providers.
  18. 18. The remote service of claim 17, comprising desiring to access data Secure data The holder and one or more third parties responsible for applying digital processing to the data, It is characterized in that the method comprises the steps of, From data held by the data holder Initially, data is calculated Wherein Is a homomorphic encryption algorithm, and wherein Is made by encoding function pairs Is a coded value of (2); Once the relevant third party has obtained the encrypted data The third party performs homomorphism evaluation to obtain the application according to the encryption algorithm Is a cipher text; Once the third party has obtained the function under consideration The encrypted encryption result on its input value, all of which are sent back to the data holder by the relevant third party; Data holder obtains a function after decoding based on the corresponding decryption key it holds Is a result of the above.
  19. 19. The remote service of claim 18, wherein the data holder is configured to perform the homomorphic encryption algorithm For a pair of Encrypt and data Transmitting to a third party, wherein Is made by encoding function pairs Is a coded value of (a).
  20. 20. The remote service of claim 18, wherein: By means other than the data holder Is a cryptographic algorithm pair of (a) Encrypting and transmitting the data thus encrypted; -a related third party re-encrypts the received encrypted data to follow the homomorphic encryption algorithm Obtaining ciphertext Wherein Is made by encoding function pairs Is a coded value of (a).

Description

Encryption method, system and service for evaluating one or more real valued functions of encrypted data The application is a divisional application of an application patent application of which the international application date is 2021, 5 and 14, the national application number is 202180060773.7 and the name is 'encryption method, system and service for evaluating encrypted data one or multiple real value functions'. Technical Field The invention relates to improving homomorphic assessment of one or more functions applied to previously encrypted dataHomomorphe). Based on recent cryptographic work, this technical field may include many applications in all areas of activity where privacy restrictions exist (such as, but not limited to, privacy preserving applications, business secret applications, or medical data applications). More particularly, the present invention relates to a method for implementing the calculations required to automatically complete homomorphic assessment of one or more functions by one or more specially programmed computer systems. Therefore, it is necessary to consider limited storage and computation time capabilities, or in the case of cloud computing type remote processing, transmission capabilities that are known to the information processing system that should perform this type of evaluation. As will be described below, the development of homomorphic encryption methods has so far been greatly hampered by such technical limitations inherent in most schemes related to computer processing power and proposed by the literature, particularly in terms of machine resources to be implemented and computation time to be supported in order to perform the different computation phases. Background A fully homomorphic encryption scheme (Fully Homomorphic encryption, abbreviated FHE) enables any participant to encrypt a set of ciphertext (corresponding to plaintext) Public conversion to a given function corresponding to plaintextAnd the participant itself has no access to the plaintext. It is well known that such schemes can be used to construct protocols that conform to private life (PRIVACY PRESERVING) in that a user can store encrypted data on a server and authorize a third party to perform operations on the encrypted data without having to disclose the data itself to the server. The first generation of full homomorphic encryption scheme was only proposed by Gentry in 2009 (he has obtained patent No. US8630422B2 in 2014 based on the first application in 2009); see also [ CRAIG GENTRY, "Fully homomorphic encryption using IDEAL LATTICES", inPages 169-178, ACM Press, 2009]. The construction Gentry is now no longer used, but one of the functions it introduces, "bootstrapping", in particular one of its embodiments, is widely used in the solutions proposed subsequently. Bootstrapping is a technique for reducing ciphertext noise-in fact, in all known FHE schemes, the ciphertext includes a small amount of random noise, which is necessary for security. When performing an operation on the noisy ciphertext, the noise may increase. After evaluating a given number of operations, this noise can become too high, potentially compromising the results of the calculations. Bootstrapping is therefore the basis for constructing homomorphic encryption schemes, but this technique is very expensive, both in terms of memory used and computation time. Work after Gentry publication is aimed at providing new schemes and improving bootstrapping in order to make homomorphic encryption practical. The most well known constructions are DGHV [ MARTEN VAN Dijk, CRAIG GENTRY, SHAI HALEVI and Vinod Vaikuntanathan, "Fully homomorphic encryption over THE INTEGERS", in, volume 6110 de Lecture Notes in Computer Science, pp. 24-43, Springer, 2010]、BGV [Zvika Brakerski, Craig Gentry And Vinod Vaikuntanathan, "(Leveled) fully homomorphic encryption without bootstrapping", inPages 309-325, ACM Press, 2012], GSW [ CRAIG GENTRY, eds, AMIT SAHAI and Brent Waters, "Homomorphic encryption from learning with errors: Conceptually simpler, asymptotically faster, Attribute-based", in Advances in Cryptology-CRYPTO 2013, Part I, volume 8042 de Pp.75-92, springer, 2013] and variants thereof. While bootstrap is not feasible in practice (one lifetime is not sufficient to complete the calculation) in the first generation Gentry scheme, the successively proposed architecture makes this operation feasible, although not very practical (each bootstrap lasts a few minutes). A faster bootstrap, performed on GSW-type schemes, has been proposed by Ducas and Micciancio in 2015Ducas and Daniele Micciancio, "FHEW: bootstrapping homomorphic encryption IN LESS THAN A second", inPart I, volume 9056 de Lecture Notes in Computer Science, pages 617-640, springer, 2015] bootstrap operations are performed in slightly more than half a second. In 2016, chillotti, gama, georgeva andA new variant of the FHE scheme is proposed, called TFHE [ IIaria Chillotti, nicolas Gama, m