Search

US-20260128857-A1 - USER-LEVEL HOMOMORPHIC ENCRYPTION MANAGEMENT METHOD AND APPARATUS

US20260128857A1US 20260128857 A1US20260128857 A1US 20260128857A1US-20260128857-A1

Abstract

This application provides a user-level homomorphic encryption management method and an apparatus. In the method, a terminal or a network apparatus may determine a homomorphic encryption algorithm by comprehensively considering homomorphic security capabilities of a terminal side and a network side, which helps the terminal provide user-level high privacy protection strength. In addition, a user-level homomorphic key may be determined based on the homomorphic encryption algorithm, thereby implementing user-level key management.

Inventors

  • Wenhui Wang
  • Faye LIU
  • Yurong Song
  • Donghui Wang

Assignees

  • HUAWEI TECHNOLOGIES CO., LTD.

Dates

Publication Date
20260507
Application Date
20251229

Claims (20)

  1. 1 . A user-level homomorphic encryption management method, comprising: receiving a homomorphic security capability of a network side; determining a homomorphic encryption algorithm based on a homomorphic security capability of a terminal and the homomorphic security capability of the network side; and sending an identifier of the homomorphic encryption algorithm.
  2. 2 . The method according to claim 1 , wherein the homomorphic security capability of the network side is carried in a security mode command, and the homomorphic encryption algorithm is carried in a security mode complete message.
  3. 3 . The method according to claim 1 , wherein the method further comprises: determining a homomorphic encryption key and/or a homomorphic decryption key based on the homomorphic encryption algorithm, wherein the homomorphic encryption key is used to encrypt a plaintext message into a first ciphertext, and the homomorphic decryption key is used to decrypt a second ciphertext into a plaintext message.
  4. 4 . The method according to claim 1 , wherein the method further comprises: receiving a homomorphic evaluation key after a homomorphic encryption task is created, wherein the homomorphic evaluation key is used by one or more homomorphic evaluation parties in the homomorphic encryption task to perform homomorphic evaluation on a first ciphertext, so as to output a second ciphertext.
  5. 5 . The method according to claim 1 , wherein the method further comprises: receiving first indication information indicating to destroy a homomorphic key, wherein the homomorphic key is a homomorphic encryption key, a homomorphic decryption key, or a homomorphic evaluation key; and destroying the homomorphic key.
  6. 6 . The method according to claim 1 , wherein the method further comprises: receiving second indication information indicating to update a homomorphic key, wherein the homomorphic key is a homomorphic encryption key, a homomorphic decryption key, or a homomorphic evaluation key; and updating the homomorphic key.
  7. 7 . The method according to claim 1 , wherein the method further comprises: storing a first ciphertext and key information corresponding to the first ciphertext, and/or a second ciphertext and key information corresponding to the second ciphertext, wherein the key information comprises one or more of a homomorphic encryption key, a homomorphic decryption key, a homomorphic evaluation key, a key derivation parameter, or a security context.
  8. 8 . The method according to claim 1 , wherein the homomorphic security capability of the network side, the homomorphic security capability of the terminal, the homomorphic encryption algorithm, first indication information, or second indication information is carried in signaling with encryption and integrity protection, and the signaling comprises radio resource control RRC signaling and/or non-access stratum NAS signaling with integrity protection.
  9. 9 . A user-level homomorphic encryption management method, comprising: sending a homomorphic security capability of a terminal; and receiving an identifier of a homomorphic encryption algorithm determined by a network side based on the homomorphic security capability of the terminal and a homomorphic security capability of the network side.
  10. 10 . The method according to claim 9 , wherein the homomorphic security capability of the terminal is carried in a security mode complete message.
  11. 11 . The method according to claim 9 , wherein the method further comprises: determining a homomorphic encryption key and/or a homomorphic decryption key based on the homomorphic encryption algorithm, wherein the homomorphic encryption key is used to encrypt a plaintext message into a first ciphertext, and the homomorphic decryption key is used to decrypt a second ciphertext into a plaintext message.
  12. 12 . The method according to claim 9 , wherein the method further comprises: receiving a homomorphic evaluation key after a homomorphic encryption task is created, wherein the homomorphic evaluation key is used by one or more homomorphic evaluation parties in the homomorphic encryption task to perform homomorphic evaluation on a first ciphertext, so as to output a second ciphertext.
  13. 13 . The method according to claim 12 , wherein a life cycle of the homomorphic evaluation key is duration of the homomorphic encryption task.
  14. 14 . The method according to claim 9 , wherein the method further comprises: receiving first indication information indicating to destroy a homomorphic key, wherein the homomorphic key is a homomorphic encryption key, a homomorphic decryption key, or a homomorphic evaluation key; and destroying the homomorphic key.
  15. 15 . The method according to claim 14 , wherein a life cycle of the homomorphic encryption key or the homomorphic decryption key is within time between successful establishment and completion of release of a radio resource control RRC connection of a user, the user is a homomorphic encryption party or a homomorphic decryption party, and first indication information is carried in RRC release signaling.
  16. 16 . The method according to claim 9 , wherein the method further comprises: receiving second indication information indicating to update a homomorphic key, wherein the homomorphic key is a homomorphic encryption key, a homomorphic decryption key, or a homomorphic evaluation key; and updating the homomorphic key.
  17. 17 . The method according to claim 9 , wherein the method further comprises: storing a first ciphertext and key information corresponding to the first ciphertext, and/or a second ciphertext and key information corresponding to the second ciphertext, wherein the key information comprises one or more of a homomorphic encryption key, a homomorphic decryption key, a homomorphic evaluation key, a key derivation parameter, or a security context.
  18. 18 . The method according to claim 9 , wherein the homomorphic security capability of the network side, the homomorphic security capability of the terminal, the homomorphic encryption algorithm, first indication information, or second indication information is carried in signaling with encryption and integrity protection, and the signaling comprises radio resource control RRC signaling and/or non-access stratum NAS signaling with integrity protection.
  19. 19 . A user-level homomorphic encryption management method, comprising: sending a homomorphic security capability of a network side; and receiving an identifier of a homomorphic encryption algorithm determined by a terminal based on a homomorphic security capability of the terminal and the homomorphic security capability of the network side.
  20. 20 . The method according to claim 19 , wherein the homomorphic security capability of the network side is carried in a security mode command, and the homomorphic encryption algorithm is carried in a security mode complete message.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS This application is a continuation of International Application No. PCT/CN2023/105087, filed on Jun. 30, 2023, the disclosure of which is hereby incorporated by reference in its entirety. TECHNICAL FIELD This application relates to the field of communication technologies, and in particular, to a user-level homomorphic encryption management method and an apparatus. BACKGROUND Homomorphic encryption (HE) is an encryption scheme in which an operation can be directly performed on a ciphertext. The homomorphic encryption is based on basic encryption, and a function of homomorphic evaluation on a ciphertext is added. Moreover, a computation result obtained by decrypting a ciphertext evaluation result is consistent with a plaintext computation result. For example, in a homomorphic encryption task, one or more homomorphic encryption parties may encrypt data from different sources based on a homomorphic encryption key, and one or more homomorphic evaluation parties may perform homomorphic evaluation based on a homomorphic evaluation key. In a homomorphic encryption task, one or more homomorphic decryption parties may decrypt, based on a homomorphic decryption key, data obtained through homomorphic evaluation, and an obtained decryption result may be provided to one or more data users. The homomorphic decryption party and the data user may be a same entity or different entities. Therefore, how to manage a homomorphic key of a single party or a plurality of parties for a plurality of homomorphic request parties/evaluation parties/decryption parties becomes a problem to be resolved. SUMMARY This application provides a user-level homomorphic encryption management method and an apparatus. According to the method, user-level high privacy protection strength can be provided. In addition, ciphertext data exhibits high reusability, and user-level homomorphic encryption data may be transferred and undergo homomorphic evaluation in different homomorphic encryption tasks. According to a first aspect, this application provides a user-level homomorphic encryption management method. The method is performed by a terminal. The terminal may be a terminal device or a component (for example, a processor, a chip, or a chip system) of the terminal device, or may be a logic module that can implement all or some functions of a terminal device. The terminal receives a homomorphic security capability of a network side, and determines a homomorphic encryption algorithm based on a homomorphic security capability of the terminal and the homomorphic security capability of the network side. The terminal sends an identifier of the homomorphic encryption algorithm. In the method, the terminal may receive the homomorphic security capability of the network side, so as to determine the homomorphic encryption algorithm by comprehensively considering homomorphic security capabilities of a terminal side and the network side. This helps the terminal provide user-level high privacy protection strength. In an embodiment, the homomorphic security capability of the network side is carried in a security mode command, and the homomorphic encryption algorithm is carried in a security mode complete message. In the method, the homomorphic security capability of the network side and the homomorphic encryption algorithm may be carried in corresponding security signaling, which helps further determine an appropriate homomorphic encryption algorithm to improve privacy protection strength. According to a second aspect, this application provides a user-level homomorphic encryption management method. The method is performed by a terminal. The terminal may be implemented by a terminal device or a component (for example, a processor, a chip, or a chip system) of the terminal device, or may be implemented by a logic module that can implement all or some functions of a terminal device. The terminal sends a homomorphic security capability of the terminal, and receives an identifier of a homomorphic encryption algorithm, where the homomorphic encryption algorithm is determined by a network side based on the homomorphic security capability of the terminal and a homomorphic security capability of the network side. In the method, the terminal may send the homomorphic security capability of the terminal to the network side, and the network side determines the homomorphic encryption algorithm by comprehensively considering homomorphic security capabilities of a terminal side and the network side, and feeds back the homomorphic encryption algorithm to the terminal. This helps the terminal provide user-level high privacy protection strength. In an embodiment, the homomorphic security capability of the terminal is carried in a security mode complete message. In the method, the homomorphic security capability of the terminal may be carried in corresponding security signaling, which helps the terminal further improve privacy protection strength. T