Search

CN-122027158-A - Encryption method, system and service for evaluating one or more real valued functions of encrypted data

CN122027158ACN 122027158 ACN122027158 ACN 122027158ACN-122027158-A

Abstract

The present invention relates to an encryption method based on homomorphic encryption and variants thereof, enabling the evaluation of real valued functions on encrypted data, allowing a wider and efficient homomorphic processing on the encrypted data.

Inventors

  • P. G.Y. Parier
  • M. Joey

Assignees

  • 扎马简易股份有限公司

Dates

Publication Date
20260512
Application Date
20210514
Priority Date
20200514

Claims (20)

  1. 1. An encryption method performed in digital form by at least one information handling system specifically programmed to function on multiple real values Evaluating the function to obtain a plurality of real-valued variables As inputs, take each input Is encrypted ciphertext of (a) As input, where And is back applied to Is an encrypted ciphertext of a corresponding input of the (b), wherein Is a homomorphic encryption algorithm, and Is a coding function which is to be Associated with each real number is an element in the plaintext original space of (a) , Wherein the method comprises: Pre-calculation comprising converting the multivariate function into a network of univariate functions, the network comprising a complex and a sum of univariate functions having real values, -Homomorphism evaluation of the pre-computed network of unitary functions.
  2. 2. The encryption method according to claim 1, wherein the multiple functions in the pre-calculation Is to convert into Approximate conversion of form, and wherein coefficients Is real and wherein Is a unitary function defined on real numbers and having real values, the function And the coefficient is Is determined to be for a given parameter A kind of electronic device Is a function of (2).
  3. 3. The encryption method according to claim 1, wherein the multiple functions in the pre-calculation Is to convert into Approximate conversion of a form, wherein 、 And wherein the vector Coefficient of (2) Is real and wherein Is a unitary function defined on real numbers and having real values, the function And the coefficient is Is determined to be for a given parameter And a given norm A kind of electronic device Is a function of (2).
  4. 4. The encryption method according to claim 2, wherein the coefficient Is fixed.
  5. 5. The encryption method according to claim 1, wherein the multiple functions in the pre-calculation Is to convert into Approximate conversion of form, and wherein Is a unitary function defined on real numbers and having real values, wherein Is a real constant, and wherein Is a unitary function defined on real numbers and having real values, the function Is determined to be for a given parameter A kind of electronic device Is a function of (2).
  6. 6. The encryption method according to claim 1, wherein the conversion in the pre-calculation uses formal equivalence To divide the function into Expressed as a combination of the sum of the unitary functions and the composite of the unitary functions.
  7. 7. The encryption method according to claim 1, wherein the conversion in the pre-calculation uses formal equivalence To divide the function into Expressed as a combination of the sum of the unitary functions and the composite of the unitary functions.
  8. 8. The encryption method according to claim 1, wherein the conversion in the pre-calculation uses formal equivalence To divide the function into Expressed as a combination of the sum of the unitary functions and the composite of the unitary functions.
  9. 9. The encryption method according to claim 1, wherein the conversion in the pre-calculation uses formal equivalence To divide the function into Expressed as a combination of the sum of the unitary functions and the composite of the unitary functions.
  10. 10. The encryption method of claim 6, wherein when the function includes three or more variables, the formal equivalence is obtained from an iteration of formal equivalence of two variables.
  11. 11. The encryption method according to claim 1, comprising, in homomorphism evaluation of a pre-computed univariate function network, performing a homomorphism evaluation of a real-valued variable At least one of the unitary functions of (a) Sub-process of performing approximate homomorphism assessment, take Is encrypted ciphertext of (a) As input and return Encrypted ciphertext of an approximation of (a) Wherein Wherein the univariate function is in a domain of definition With arbitrary precision and in the image Has a real value in which And Is a homomorphic encryption algorithm, and the method comprises the following steps of, And The corresponding plain text original space is And , The parameters of the sub-method are: Integer number For quantifying functions to be evaluated The actual accuracy of the variable representation at the input of (c), -Coding function Taking the domain Elements of the domain are used as inputs and the domain Elements of (2) Is associated with an element of the group consisting of, -Coding function Taking an image As input and take the image Elements of (2) Is associated with an element of the group consisting of, Discretization function Taking out As input and take the element of (2) Is associated with an exponent represented by an integer, -With encryption algorithm Homomorphic encryption scheme of (2), the encryption algorithm Plain text original space of (a) Having at least Is used for the base number of (c), -Coding function Fetch an integer as input and return Is a combination of the elements of (1), So that the domain Through coding of images of (2) Discretization Is from At most selected of (a) A set of the individual indices of the set, And wherein the method comprises: pre-computing the univariate function A corresponding table comprising: Domain of the domain Is decomposed into Selected subintervals of The union of the subintervals constitutes ; For the following Each index of (3) In subintervals of In determining representative And calculate the value ; The return includes Individual components Form of (2) Wherein for the following , ; Homomorphism evaluation of the table, comprising: If it is Ciphertext is taken Conversion to integers Ciphertext of (2) The integer is Will be assembled Index in (a) As the expected value; Based on ciphertext Sum form Obtaining the element Ciphertext of (2) The elements are Will be As the expected value; Return to 。
  12. 12. The encryption method of claim 11, wherein: -a function to be evaluated Is defined by real intervals Is given; -an overlay domain A kind of electronic device Each interval ( ) Is a half-open subinterval Dividing in a regular manner 。
  13. 13. The encryption method according to claim 11, wherein for an integer Aggregation of Is an addition group Is a subset of the set of (c).
  14. 14. The encryption method of claim 13, wherein the group The original expressed as units in multiplication The power of the root of the order, where the units are expressed as Thereby will give Elements of (2) Associated to elements Unit of All of (3) Root formation and root formation For multiplying and modulo taking isomorphic groups 。
  15. 15. The encryption method according to claim 11, wherein homomorphic encryption algorithm Is applied to the ring Given by the LWE type encryption algorithm of (2), and will As the plain text original space.
  16. 16. The encryption method according to claim 15, wherein the encryption method is in integers Is a parameter, and wherein: -coding function Is included in subintervals of the ring Inner and Discretization function The elements of the ring Applied to the product Is the rounding of (2), wherein At the position of The mathematical form is: 。
  17. 17. The encryption method according to claim 16, wherein when the function Is defined as real space At the time, the coding function Is that 。
  18. 18. The encryption method according to claim 15, wherein homomorphic encryption algorithm Is an LWE type encryption algorithm and the coding function Is an identity function.
  19. 19. The encryption method according to claim 15, wherein the encryption method is performed in an even integer number Is a parameter and homomorphic encryption algorithm thereof Is RLWE type encryption algorithm and is directed to Any polynomial of (2) Coding function Is a function of 。
  20. 20. The encryption method according to claim 18, the encryption method being equal to Even integer of (2) Is a parameter, and wherein the LWE type ciphertext in the ring Is from approximation to polynomial Is extracted in RLWE, where In (a) And wherein 。

Description

Encryption method, system and service for evaluating one or more real valued functions of encrypted data The application is a divisional application of an application patent application of which the international application date is 2021, 5 and 14, the national application number is 202180060773.7 and the name is 'encryption method, system and service for evaluating encrypted data one or multiple real value functions'. Technical Field The invention relates to improving homomorphic assessment of one or more functions applied to previously encrypted dataHomomorphe). Based on recent cryptographic work, this technical field may include many applications in all areas of activity where privacy restrictions exist (such as, but not limited to, privacy preserving applications, business secret applications, or medical data applications). More particularly, the present invention relates to a method for implementing the calculations required to automatically complete homomorphic assessment of one or more functions by one or more specially programmed computer systems. Therefore, it is necessary to consider limited storage and computation time capabilities, or in the case of cloud computing type remote processing, transmission capabilities that are known to the information processing system that should perform this type of evaluation. As will be described below, the development of homomorphic encryption methods has so far been greatly hampered by such technical limitations inherent in most schemes related to computer processing power and proposed by the literature, particularly in terms of machine resources to be implemented and computation time to be supported in order to perform the different computation phases. Background A fully homomorphic encryption scheme (Fully Homomorphic encryption, abbreviated FHE) enables any participant to encrypt a set of ciphertext (corresponding to plaintext) Public conversion to a given function corresponding to plaintextAnd the participant itself has no access to the plaintext. It is well known that such schemes can be used to construct protocols that conform to private life (PRIVACY PRESERVING) in that a user can store encrypted data on a server and authorize a third party to perform operations on the encrypted data without having to disclose the data itself to the server. The first generation of full homomorphic encryption scheme was only proposed by Gentry in 2009 (he has obtained patent No. US8630422B2 in 2014 based on the first application in 2009); see also [ CRAIG GENTRY, "Fully homomorphic encryption using IDEAL LATTICES", inPages 169-178, ACM Press, 2009]. The construction Gentry is now no longer used, but one of the functions it introduces, "bootstrapping", in particular one of its embodiments, is widely used in the solutions proposed subsequently. Bootstrapping is a technique for reducing ciphertext noise-in fact, in all known FHE schemes, the ciphertext includes a small amount of random noise, which is necessary for security. When performing an operation on the noisy ciphertext, the noise may increase. After evaluating a given number of operations, this noise can become too high, potentially compromising the results of the calculations. Bootstrapping is therefore the basis for constructing homomorphic encryption schemes, but this technique is very expensive, both in terms of memory used and computation time. Work after Gentry publication is aimed at providing new schemes and improving bootstrapping in order to make homomorphic encryption practical. The most well known constructions are DGHV [ MARTEN VAN Dijk, CRAIG GENTRY, SHAI HALEVI and Vinod Vaikuntanathan, "Fully homomorphic encryption over THE INTEGERS", in, volume 6110 de Lecture Notes in Computer Science, pp. 24-43, Springer, 2010]、BGV [Zvika Brakerski, Craig Gentry And Vinod Vaikuntanathan, "(Leveled) fully homomorphic encryption without bootstrapping", inPages 309-325, ACM Press, 2012], GSW [ CRAIG GENTRY, eds, AMIT SAHAI and Brent Waters, "Homomorphic encryption from learning with errors: Conceptually simpler, asymptotically faster, Attribute-based", in Advances in Cryptology-CRYPTO 2013, Part I, volume 8042 de Pp.75-92, springer, 2013] and variants thereof. While bootstrap is not feasible in practice (one lifetime is not sufficient to complete the calculation) in the first generation Gentry scheme, the successively proposed architecture makes this operation feasible, although not very practical (each bootstrap lasts a few minutes). A faster bootstrap, performed on GSW-type schemes, has been proposed by Ducas and Micciancio in 2015Ducas and Daniele Micciancio, "FHEW: bootstrapping homomorphic encryption IN LESS THAN A second", inPart I, volume 9056 de Lecture Notes in Computer Science, pages 617-640, springer, 2015] bootstrap operations are performed in slightly more than half a second. In 2016, chillotti, gama, georgieva andA new variant of the FHE scheme is proposed, called TFHE [ IIaria Chillotti, nicolas Gama,