[go: up one dir, main page]

CN117909997A - Verifiable secret state data fusion method - Google Patents

Verifiable secret state data fusion method Download PDF

Info

Publication number
CN117909997A
CN117909997A CN202311698165.6A CN202311698165A CN117909997A CN 117909997 A CN117909997 A CN 117909997A CN 202311698165 A CN202311698165 A CN 202311698165A CN 117909997 A CN117909997 A CN 117909997A
Authority
CN
China
Prior art keywords
data
mult
key
fusion
loop
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311698165.6A
Other languages
Chinese (zh)
Inventor
陈宇翔
赵越
郝尧
易仲强
梁艺宽
过小宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CETC 30 Research Institute
Original Assignee
CETC 30 Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CETC 30 Research Institute filed Critical CETC 30 Research Institute
Priority to CN202311698165.6A priority Critical patent/CN117909997A/en
Publication of CN117909997A publication Critical patent/CN117909997A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/25Fusion techniques
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2133Verifying human interaction, e.g., Captcha

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Health & Medical Sciences (AREA)
  • Evolutionary Computation (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Artificial Intelligence (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Evolutionary Biology (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a verifiable secret state data fusion method, which comprises the following steps: s100, constructing a dense state data fusion model; s200, based on a secret state data fusion model, executing secret state data fusion: s201, a key initialization stage; s202, data encryption and authentication code generation; s203, calculating a secret state data fusion stage; s204, fusing the decryption stage of the encrypted data. The invention allows the organization or the individual to control own data privacy, supports the direct distributed collaborative calculation of the ciphertext, prevents the participants from being wrongly calculated, realizes verifiable ciphertext fusion calculation among a group of participants, ensures the data security and the true credibility of information, and reduces the cross-domain and cross-department collaboration cost. The computing characteristics mainly comprise distributed collaborative computing, input privacy and robustness.

Description

Verifiable secret state data fusion method
Technical Field
The invention relates to the technical field of data encryption, in particular to a verifiable secret state data fusion method.
Background
At present, a lot of urban intelligent brains are developed in the fields of electronic government affairs, digital medical treatment, network taxi taking and the like, and bright spots such as 'at most one running', 'data multi-running', 'accurate service' and the like are applied to realize the Huiming service, a large amount of public and personal data are generated, the public and personal data are driven by benefits, external attack frequently occurs, and adversaries often invade an internal network of an enterprise or an organization to steal or destroy the data through means such as vulnerability exploitation, protection bypass and the like. While external data security risks continue to be upgraded, data security actions such as intentional or unintentional actions, illegal utilization of private data, irregular use of data and the like of an internal administrator cause increasingly serious internal data threats. The network security laws, cryptography, etc. also emphasize that parties strengthen the protection of user data.
Data encryption is an effective data protection means, but encrypted data is difficult to directly analyze and count like plaintext, so that the usability of the data is reduced, and the conventional encryption technology faces the following problems that if the encrypted data is downloaded to a user side and then analyzed and counted is decrypted, the efficiency is low. The security is reduced by fusing the encrypted data after decryption at the server. In addition, direct fusion of ciphertext data is easy to attack by man-in-the-middle, including tampering, replacement and the like, so that ciphertext results are unavailable, and system usability is destroyed.
Disclosure of Invention
The invention aims to provide a verifiable secret state data fusion method so as to solve the problems of the traditional encryption technology.
The invention provides a verifiable secret state data fusion method, which comprises the following steps:
S100, constructing a dense state data fusion model;
s200, based on a secret state data fusion model, executing secret state data fusion:
S201, a key initialization stage;
S202, data encryption and authentication code generation;
S203, calculating a secret state data fusion stage;
S204, fusing the decryption stage of the encrypted data.
Furthermore, the dense state data fusion model supports point-to-point centerless fusion calculation and also supports cloud-based fusion calculation; the point-to-point centerless fusion calculation is executed in real time by a calculator, and ciphertext data of each party are not stored; cloud-based fusion calculation supports ciphertext storage of all parties, and asynchronous fusion processing is initiated by a calculation party.
Further, step S201 includes:
(1-1) data encryption key initialization:
(1-1-1) each party generates an initial encryption key:
n senders each hold a private key sk i, i=1, 2, …, n composed of independent and different elements uniformly sampled from the polynomial quotient loop; corresponding to public key pk i(pki=(p0,p1)=(-p*ski+e0, p), where p, a are common parameters sampled uniformly from the polynomial quotient loop and e 0 is an element sampled gaussian from the polynomial quotient loop;
The receiver holds a private key sk r and a public key pk r which are generated in the same way as the sender;
(1-1-2) each party generating a secret sharing public key pk s(pks=(Σpki, p) based on a secret sharing method;
Each party generates a corresponding calculated public key H0,i、H1,i(i=1,2,…,n),H0,i=-a*ri+ski*P+e0,i,H1,i=a*ski+e1,i, using a respective private key sk i (i=1, 2, …, n), where P is a modulus on the polynomial quotient loop, r i, a is a common parameter uniformly sampled from the polynomial quotient loop, and e 0,i、e1,i is an element gaussian sampled from the polynomial quotient loop; sending the calculated public key H 0,i、H1,i to a key management convergence to obtain a public key H 0、H1,H0=ΣH0,i,H1=ΣH1,i, i=1, 2, …, n;
(1-1-3) each party receiving a public key H 0、H1 aggregated by the computing party; using private key sk i and public key H 0、H1 to calculate H0,i'、H1,i',H0,i'=ski*H0+e2,i,H1,i'=(ri-ski)H1+e3,i, where e 2,i、e3,i is the element gaussian sampled from the polynomial ring; the calculation result H 0,i'、H1,i 'is sent to the key management convergence to obtain H 0'、H1',H0'=ΣH0,i',H1'=ΣH1,i'; and further calculate to obtain a shared calculation public key rlk (rlk = (H 0'+H1',H1)) for reducing the ciphertext size after the secret state calculation;
(1-1-4) each sender cooperatively generating a re-linearized public key rlk; first, each party generates a corresponding computation public key H0,i、H1,i,H0,i=-a*ri+ski*P+e0,i,H1,i=a*ski+e1,i, using a respective private key sk i, where P is a modulus on the polynomial quotient loop, r i, a are public parameters uniformly sampled from the polynomial quotient loop, e 0,i、e1,i are elements of gaussian sampling from the polynomial quotient loop; the key management center gathers and calculates H 0、H1, and then each participant uses a private key sk i and H 0、H1 to calculate H 0,i'、H1,i'; the key management center calculates H 0'、H1' again, and finally calculates a re-linearization public key rlk (rlk = (r 0,r1)=(H0'+H1',H1)=(-a*sk+sk*sk*P+e1, a), wherein P is a module on a polynomial quotient loop, P and a are common parameters uniformly sampled from the polynomial quotient loop, and e 1 is an element Gaussian-sampled from the polynomial quotient loop and used for reducing the ciphertext size after the cryptographic calculation;
(1-2) data authentication key initialization: each party obtains the same authentication key k from the key management center based on the same pseudo-random function F.
Further, step S202 includes:
(2-1) data encryption:
(2-1-1) each sender encoding the plaintext into an element delta x m (Ecd (z, delta) →delta x m) on the polynomial quotient loop, wherein 1/delta represents the precision that the plaintext needs to retain, so delta control precision is multiplied in the plaintext encoding;
(2-1-2) each sender encrypting the plaintext encoding result delta x m into ciphertext c(c=(ci,0,ci,1)=(Δ*m+vi*pks+e2,i,vi*p1+e3,i)mod qL, using the shared public key pk s in the initialization phase, wherein v i is an element uniformly sampled on the polynomial quotient loop, and p 1 corresponds to the public key pki(pki=(p0,p1)=(-p*ski+e0,p),i=1,2,…,n,e2,i、e3,i being an element gaussian sampled from the polynomial quotient loop, which satisfies c i,0+ci,1*s=Δ*m+e(mod qL);
(2-2) authentication code generation:
Each sender calculates a data label L i=H(ci for each data c i, further calculates a homomorphic random number r i=FK(Li), and constructs a message authentication code (A i,Bi)=(ci,(ri-ci)/k);
The first order polynomial y i(x)=Ai+Bi x of the secret authentication code is constructed synchronously while encrypting data,
And sends the encryption result c i together with the authentication code (a i,Bi) to the calculator.
Further, step S203 includes:
(3-1) data fusion:
The computing side collects ciphertext of each sending side and directly executes ciphertext computing, wherein the computing side comprises the homomorphic computing of addition/multiplication of ciphertext data and verification codes at the same time: setting ciphertext data to comprise c1=(c1,0,c1,1),c2=(c2,0,c2,1),...,cn=(cn,0,cn,1) corresponding to plaintext m 1 and plaintext m 2,...,mn, and carrying out addition/multiplication on the ciphertext data for n-1 times to obtain a result c f;
(3-1-1) performing addition calculation to obtain cf=cadd(cadd=c1+c2+...+cn=(c1,0+c2,0+...+c2,n,c1,1+c2,1+...+c2,n)mod qL, satisfying c 0+c1*s=Δ*(m1+m2+...+mn)+e(mod qL); s is the receiver key;
(3-1-2) performing a multiplication calculation to obtain c f=cmult, selecting the first two ciphertext data c 1 and c2,cmult=c1*c2=(c1,0,c1,1)*(c2,0,c2,1)=(d0,d1,d2)=(c1,0c2,0,c1,0c2,1+c1,1c2,0,c1,1c2,1),, and performing a re-linearization process on the result by using the re-linearization public key rlk in the initialization stage to obtain c mult', wherein the calculation process is as follows:
cmult'=(bmult,amult)=(d0+「P-1*d2*r0」,d1+「P-1*d2*r1」))=(d0+P-1*d2*(-a*sk+e1+P*sk2),d1+P-1*d2*a), bmult+amult*sk=Δ2*mmult+emult=Δ2*m1m2+emult;, wherein sk is the recipient key, satisfying sk= Σsk i;
(3-1-3) reducing the noise e mult of c mult' by using a modulo reduction technique and ensuring that the amplification factor delta is unchanged to improve the plaintext accuracy to obtain c f, which is calculated as follows:
cf=RS(cmult')=c"=(b3,a3)=「Δ-1*cmult'」=(Δ-1*bmult-1*amult)(mod qi-1), It satisfies b 3+a3*sk=Δ*mmult+e(modqi-1);
The two secret state data are fused, the steps (3-1-2) - (3-1-3) are continuously executed, fusion results and the next secret state data are fused, and n data are fused for n-1 times;
(3-2) authentication code fusion:
Performing an addition/multiplication operation on the secret authentication code: y f=f(y1,y2,......,yn) is performed with the secret calculation;
when addition is performed, it corresponds to polynomial coefficient addition :yf=yadd(x)=y1(x)+y2(x)+…+yn(x)=A1+A2+…+An+(B1+B2+…+Bn)x;
When performing multiplication, this corresponds to performing convolution of the corresponding coefficients:
Further, step S204 includes:
The computing party returns the secret fusion computing result (c f, A, B) to the receiving party;
(4-1) authentication code verification:
The receiver receives data c f and verification codes (a, B): firstly judging whether c f =a is satisfied, if so, further calculating a data label l=h (c f), and verifying whether r=a+bk is satisfied by a random number r=f K (L), if so, passing authentication, otherwise, failing;
(4-2) decryption by the receiving side:
Receiver pair c f=(bf,af) decrypts: b f+af*sk=Δ*mf+e(mod qi) to obtain the encoded plaintext Δ x m f, and then decoding to obtain the plaintext Dcd (m f; delta) =z; sk is the recipient key, satisfying sk= Σsk i.
Further, in each stage, the verification process is performed in parallel with the ciphertext data process.
In summary, due to the adoption of the technical scheme, the beneficial effects of the invention are as follows:
The invention allows the organization or the individual to control own data privacy, supports the direct distributed collaborative calculation of the ciphertext, prevents the participants from being wrongly calculated, realizes verifiable ciphertext fusion calculation among a group of participants, ensures the data security and the true credibility of information, and reduces the cross-domain and cross-department collaboration cost. The computing characteristics mainly comprise distributed collaborative computing, input privacy and robustness:
1. Distributed collaborative computing: the centerless computing mode enables secure multiparty computing to have the advantage of anti-interference survivability.
2. Input privacy: the information exposed from the protocol execution, except the portion that can be deduced back from the calculation results, cannot derive privacy inputs for any of the participants.
3. Robustness (computational correctness): the man-in-the-middle attack can be verified in the data fusion calculation, so that the situation that the calculation participants are wrongly caused to output error results by other honest participants is prevented.
In summary, the invention provides a verification method which is simultaneously applicable to the fusion of the secret state data based on cloud and point-to-point scenes and is designed for the fusion of the secret state data, so that the availability of the ciphertext data is realized and the availability of the ciphertext data is improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the following description will briefly describe the drawings in the embodiments, it being understood that the following drawings only illustrate some embodiments of the present invention and should not be considered as limiting the scope, and that other related drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic diagram of a verifiable dense data fusion model in an embodiment of the present invention.
FIG. 2 is a flow chart of a method for validating a secure data fusion in accordance with an embodiment of the present invention.
Fig. 3 is a flowchart of data encryption re-linearization key initialization in an embodiment of the invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments of the present invention. The components of the embodiments of the present invention generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations.
Thus, the following detailed description of the embodiments of the invention, as presented in the figures, is not intended to limit the scope of the invention, as claimed, but is merely representative of selected embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Examples
The embodiment provides a verifiable secret state data fusion method, which comprises a key initialization stage, a data encryption and authentication code generation stage, a calculation method secret state data fusion stage and a fusion secret state data decryption stage. Specifically, the following (in each stage, the verification process is executed in parallel with the ciphertext data process):
S100, constructing a dense state data fusion model:
As shown in fig. 1, the dense data fusion model supports point-to-point centerless fusion calculation and also supports cloud-based fusion calculation; the point-to-point centerless fusion calculation is executed in real time by a calculator, and ciphertext data of each party are not stored; cloud-based fusion calculation supports ciphertext storage of each party, and asynchronous fusion processing is initiated by a calculation party;
Corresponding to the secret state data fusion process, ciphertext verification is also based on homomorphic calculation thought, a one-way function is used for extracting a data tag and carrying out random processing on the tag, and a polynomial is constructed to support subsequent homomorphic authentication code calculation. The specific process is as follows:
(1) Each sender generates each private key based on a key generation algorithm, generates a data fusion encryption key based on a secret sharing method, and generates authentication keys independently.
(2) Each sender encrypts respective data based on a homomorphic encryption algorithm to generate a data ciphertext, and generates a homomorphic MAC authentication code for the encrypted data.
(3) And the computing party performs fusion computation on the ciphertext data and performs corresponding homomorphic MAC authentication code computation.
(4) The computing side converts the secret state fusion computing result into a ciphertext which can be decrypted by the receiving side and sends the ciphertext and the homomorphic MAC authentication code to the receiving side.
(5) After the receiving party verifies the MAC to pass, the receiving party decrypts the MAC to obtain a plaintext result.
S200, based on the dense state data fusion model, performing dense state data fusion, as shown in FIG. 2:
s201, key initialization phase:
(1-1) data encryption Key initialization
(1-1-1) Each participant generating an initial encryption key
N senders each hold a private key sk i, i=1, 2, …, n composed of independent and different elements uniformly sampled from the polynomial quotient loop; corresponding to public key pk i(pki=(p0,p1)=(-p*ski+e0, p), i=1, 2, …, n, where p, a are common parameters uniformly sampled from the polynomial quotient loop and e 0 is an element gaussian sampled from the polynomial quotient loop.
The receiving side holds a private key sk r and a public key pk r generated in the same manner as each transmitting side.
(1-1-2) Each party generating a secret sharing public key pk s(pks=(Σpki, p) based on a secret sharing method.
Each party generates a corresponding calculated public key H0,i、H1,i(i=1,2,…,n),H0,i=-a*ri+ski*P+e0,i,H1,i=a*ski+e1,i, using a respective private key sk i (i=1, 2, …, n), where P is a modulus on the polynomial quotient loop, r i, a is a common parameter uniformly sampled from the polynomial quotient loop, and e 0,i、e1,i is an element gaussian sampled from the polynomial quotient loop; the calculated public key H 0,i、H1,i is sent to a key management (task management) aggregate to obtain a public key H 0、H1(H0=ΣH0,i,H1=ΣH1,i, i=1, 2, …, n.
(1-1-3) Each party receiving the public key H 0、H1 aggregated by the computing party. Using the private key sk i and the public key H 0、H1 to calculate H0,i'、H1,i'(H0,i'=ski*H0+e2,i,H1,i'=(ri-ski)H1+e3,i,, where e 2,i、e3,i is an element gaussian sampled from the polynomial quotient loop, sending the calculation result H 0,i'、H1,i 'to the key management convergence to obtain H 0'、H1'(H0'=ΣH0,i',H1'=ΣH1,i', and further calculating to obtain the shared calculation public key rlk (rlk = (H 0'+H1',H1)) for reducing the ciphertext size after the secret state calculation.
(1-1-4) Each sender cooperatively generates a re-linearized public key rlk (RelinearizationKey). First, each party generates a corresponding calculated public key H0,i、H1,i,(H0,i=-a*ri+ski*P+e0,i,H1,i=a*ski+e1,i, by using a private key sk i, wherein P is a modulus on a polynomial quotient loop, r i, a are public parameters uniformly sampled from the polynomial quotient loop, e 0,i、e1,i is an element of gaussian sampling from the polynomial quotient loop), the key management center further converges to calculate H 0、H1(H0=ΣH0,i,H1=ΣH1,i), each party then calculates H0,i'、H1,i'(H0,i'=ski*H0+e2,i,H1,I'=(ri-ski)H1+e3,i). by using a private key sk i and H 0、H1 to obtain H 0'、H1'(H0'=ΣH0,i',H1'=ΣH1,i' by calculating the key management center again, and finally each party calculates a re-linearized public key rlk (rlk = (r 0,r1)=(H0'+H1',H1)=(-a*sk+sk*sk*P+e1, a), wherein P is a modulus on the polynomial quotient loop, P enlarges the modulus space, and noise is relatively reduced. p, a are common parameters uniformly sampled from the polynomial quotient loop, e 1 is an element of gaussian sampling from the polynomial quotient loop) for reducing the ciphertext size after the secret state calculation.
(1-2) Data authentication Key initialization
Each party obtains the same authentication key k from the key management center based on the same pseudo-random function F.
S202, data encryption and authentication code generation:
(2-1) data encryption
(2-1-1) Each sender encodes plaintext into an element delta x m (Ecd (z, delta) →delta x m) on the polynomial quotient loop, wherein 1/delta represents the precision that the plaintext needs to preserve, and thus delta control precision is multiplied in plaintext encoding.
(2-1-2) Each sender encrypts the plaintext encoding result Δχm into ciphertext c(c=(ci,0,ci,1)=(Δ*m+vi*pks+e2,i,vi*p1+e3,i)mod qL, using the shared public key pk s in the initialization phase, where v i is an element (private key) uniformly sampled on the polynomial quotient loop and p 1 corresponds to public key pki(pki=(p0,p1)=(-p*ski+e0,p),i=1,2,...,n,e2,i、e3,i being an element gaussian sampled from the polynomial quotient loop, which satisfies c i,0+ci,1*s=Δ*m+e(mod qL.
(2-2) Authentication code Generation
Each sender calculates a data tag L i=H(ci for each data c i, further calculates a homomorphic random number r i=FK(Li), and constructs a message authentication code (a i,Bi)=(ci,(ri-ci)/k).
The first order polynomial y i(x)=Ai+Bi x of the secret authentication code is constructed synchronously while encrypting data,
And sends the encryption result c i together with the authentication code (a i,Bi) to the calculator.
S203, calculating a secret state data fusion stage:
The computing party is a cloud center in a cloud-based asynchronous scenario, and in a point-to-point real-time scenario, the computing party may perform fusion computation by using a computation public key rlk, a ciphertext c and an execution action f to complete homomorphic computation, so as to obtain a ciphertext computation result c f=cadd or c mult (an addition/multiplication result), as shown in fig. 3.
(3-1) Data fusion
The computing side collects ciphertext of each sending side and directly executes ciphertext computing, wherein the computing side comprises the homomorphic computing of addition/multiplication of ciphertext data and verification codes at the same time: let the ciphertext data comprise c1=(c1,0,c1,1),c2=(c2,0,c2,1),...,cn=(cn,0,cn,1) corresponding to plaintext m 1 and m 2,...,mn, add/multiply n-1 times two by two, get result c f.
(3-1-1) Performing the addition calculation to cf=cadd(cadd=c1+c2+...+cn=(c1,0+c2,0+...+c2,n,c1,1+c2,1+...+c2,n)mod qL, to satisfy c 0+c1*s=Δ*(m1+m2+...+mn)+e(mod qL)). s is the receiver key.
(3-1-2) Performing a multiplication to obtain c f=cmult, selecting the first two ciphertext data c 1 and c2,cmult=c1*c2=(c1,0,c1,1)*(c2,0,c2,1)=(d0,d1,d2)=(c1,0c2,0,c1,0c2,1+c1,1c2,0,c1,1c2,1),, wherein the ciphertext size is expanded due to the ciphertext data multiplication, and performing a re-linearization process on the result by using the re-linearization public key rlk in the initialization stage to obtain c mult', wherein the calculation process is shown as :Acmult'=(bmult,amult)=(d0+「P-1*d2*r0」,d1+「P-1*d2*r1」))=(d0+P-1*d2*(-a*sk+e1+P*sk2),d1+P-1*d2*a), having bmult+amult*sk=Δ2*mmult+emult=Δ2*m1m2+emult., sk is a receiver key, and sk= Σsk i is satisfied.
(3-1-3) Reducing the noise e mult of c mult' and ensuring that the amplification factor delta is unchanged using a modulo reduction technique (RESCALING) to improve the plaintext accuracy to give c f, calculated as follows:
cf=RS(cmult')=c"=(b3,a3)=「Δ-1*cmult'」=(Δ-1*bmult-1*amult)(mod qi-1),( After homomorphic multiplication, q i becomes q i-1, and q i/qi-1 =Δ is satisfied, Δ representing the precision with which the fractional part number of bits is maintained). Which satisfies b 3+a3*sk=Δ*mmult+e(modqi-1).
And (3) finishing the fusion of the two secret state data, continuing to execute the steps (3-1-2) - (3-1-3), and fusing the fusion result with the next secret state data, wherein n data are fused for n-1 times.
(3-2) Authentication code fusion
Performing an addition/multiplication operation on the secret authentication code: y f=f(y1,y2,......,yn) are performed with the secret calculation.
When addition is performed, it corresponds to polynomial coefficient addition :yf=yadd(x)=y1(x)+y2(x)+…+yn(x)=A1+A2+…+An+(B1+B2+…+Bn)x.
When performing multiplication, this corresponds to performing convolution of the corresponding coefficients:
s204, fusing the encrypted data to decrypt the phase:
The computing side returns the result of the secret fusion computation (c f, a, B) to the receiving side.
(4-1) Authentication code verification
The receiver receives data c f and verification codes (a, B): first, whether c f =a is satisfied is determined, if so, the data label l=h (c f) is further calculated, the random number r=f K (L), whether r=a+bk is satisfied is verified, if so, authentication is passed, otherwise, failure is caused.
(4-2) Receiver decryption
Receiver pair c f=(bf,af) decrypts: b f+af*sk=Δ*mf+e(mod qi) to obtain the encoded plaintext Δ x m f, and then decoding to obtain the plaintext Dcd (m f; delta) =z. sk is the recipient key, satisfying sk= Σsk i.
The above description is only of the preferred embodiments of the present invention and is not intended to limit the present invention, but various modifications and variations can be made to the present invention by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (7)

1. A verifiable method of cryptographically secure data fusion, comprising:
S100, constructing a dense state data fusion model;
s200, based on a secret state data fusion model, executing secret state data fusion:
S201, a key initialization stage;
S202, data encryption and authentication code generation;
S203, calculating a secret state data fusion stage;
S204, fusing the decryption stage of the encrypted data.
2. The verifiable secret data fusion method of claim 1, wherein the secret data fusion model supports point-to-point centreless fusion computation and also supports cloud-based fusion computation; the point-to-point centerless fusion calculation is executed in real time by a calculator, and ciphertext data of each party are not stored; cloud-based fusion calculation supports ciphertext storage of all parties, and asynchronous fusion processing is initiated by a calculation party.
3. The verifiable secret data fusion method of claim 2, wherein step S201 comprises:
(1-1) data encryption key initialization:
(1-1-1) each party generates an initial encryption key:
n senders each hold a private key sk i, i=1, 2, …, n composed of independent and different elements uniformly sampled from the polynomial quotient loop; corresponding to public key pk i(pki=(p0,p1)=(-p*ski+e0, p), where p, a are common parameters sampled uniformly from the polynomial quotient loop and e 0 is an element sampled gaussian from the polynomial quotient loop;
The receiver holds a private key sk r and a public key pk r which are generated in the same way as the sender;
(1-1-2) each party generating a secret sharing public key pk s(pks=(Σpki, p) based on a secret sharing method;
Each party generates a corresponding calculated public key H0,i、H1,i(i=1,2,…,n),H0,i=-a*ri+ski*P+e0,i,H1,i=a*ski+e1,i, using a respective private key sk i (i=1, 2, …, n), where P is a modulus on the polynomial quotient loop, r i, a is a common parameter uniformly sampled from the polynomial quotient loop, and e 0,i、e1,i is an element gaussian sampled from the polynomial quotient loop; sending the calculated public key H 0,i、H1,i to a key management convergence to obtain a public key H 0、H1,H0=ΣH0,i,H1=ΣH1,i, i=1, 2, …, n;
(1-1-3) each party receiving a public key H 0、H1 aggregated by the computing party; using private key sk i and public key H 0、H1 to calculate H0,i'、H1,i',H0,i'=ski*H0+e2,i,H1,i'=(ri-ski)H1+e3,i, where e 2,i、e3,i is the element gaussian sampled from the polynomial ring; the calculation result H 0,i'、H1,i 'is sent to the key management convergence to obtain H 0'、H1',H0'=ΣH0,i',H1'=ΣH1,i'; and further calculate to obtain a shared calculation public key rlk (rlk = (H 0'+H1',H1)) for reducing the ciphertext size after the secret state calculation;
(1-1-4) each sender cooperatively generating a re-linearized public key rlk; first, each party generates a corresponding computation public key H0,i、H1,i,H0,i=-a*ri+ski*P+e0,i,H1,i=a*ski+e1,i, using a respective private key sk i, where P is a modulus on the polynomial quotient loop, r i, a are public parameters uniformly sampled from the polynomial quotient loop, e 0,i、e1,i are elements of gaussian sampling from the polynomial quotient loop; the key management center gathers and calculates H 0、H1, and then each participant uses a private key sk i and H 0、H1 to calculate H 0,i'、H1,i'; the key management center calculates H 0'、H1' again, and finally calculates a re-linearization public key rlk (rlk = (r 0,r1)=(H0'+H1',H1)=(-a*sk+sk*sk*P+e1, a), wherein P is a module on a polynomial quotient loop, P and a are common parameters uniformly sampled from the polynomial quotient loop, and e 1 is an element Gaussian-sampled from the polynomial quotient loop and used for reducing the ciphertext size after the cryptographic calculation;
(1-2) data authentication key initialization: each party obtains the same authentication key k from the key management center based on the same pseudo-random function F.
4. The method of claim 3, wherein the step S202 includes:
(2-1) data encryption:
(2-1-1) each sender encoding the plaintext into an element delta x m (Ecd (z, delta) →delta x m) on the polynomial quotient loop, wherein 1/delta represents the precision that the plaintext needs to retain, so delta control precision is multiplied in the plaintext encoding;
(2-1-2) each sender encrypting the plaintext encoding result delta x m into ciphertext c(c=(ci,0,ci,1)=(Δ*m+vi*pks+e2,i,vi*p1+e3,i)mod qL, using the shared public key pk s in the initialization phase, wherein v i is an element uniformly sampled on the polynomial quotient loop, and p 1 corresponds to the public key pki(pki=(p0,p1)=(-p*ski+e0,p),i=1,2,…,n,e2,i、e3,i being an element gaussian sampled from the polynomial quotient loop, which satisfies c i,0+ci,1*s=Δ*m+e(mod qL);
(2-2) authentication code generation:
Each sender calculates a data label L i=H(ci for each data c i, further calculates a homomorphic random number r i=FK(Li), and constructs a message authentication code (A i,Bi)=(ci,(ri-ci)/k);
The first order polynomial y i(x)=Ai+Bi x of the secret authentication code is constructed synchronously while encrypting data,
And sends the encryption result c i together with the authentication code (a i,Bi) to the calculator.
5. The verifiable secret data fusion method of claim 4, wherein step S203 comprises:
(3-1) data fusion:
The computing side collects ciphertext of each sending side and directly executes ciphertext computing, wherein the computing side comprises the homomorphic computing of addition/multiplication of ciphertext data and verification codes at the same time: setting ciphertext data to comprise c1=(c1,0,c1,1),c2=(c2,0,c2,1),…,cn=(cn,0,cn,1) corresponding to plaintext m 1 and plaintext m 2,…,mn, and carrying out addition/multiplication on the ciphertext data for n-1 times to obtain a result c f;
(3-1-1) performing addition calculation to obtain cf=cadd(cadd=c1+c2+…+cn=(c1,0+c2,0+…+c2,n,c1,1+c2,1+…+c2,n)mod qL, satisfying c 0+c1*s=Δ*(m1+m2+…+mn)+e(mod qL); s is the receiver key;
(3-1-2) performing a multiplication calculation to obtain c f=cmult, selecting the first two ciphertext data c 1 and c2,cmult=c1*c2=(c1,0,c1,1)*(c2,0,c2,1)=(d0,d1,d2)=(c1,0c2,0,c1,0c2,1+c1,1c2,0,c1,1c2,1),, and performing a re-linearization process on the result by using the re-linearization public key rlk in the initialization stage to obtain c mult', wherein the calculation process is as follows:
cmult'=(bmult,amult)=(d0+「P-1*d2*r0」,d1+「P-1*d2*r1」))=(d0+P-1*d2*(-a*sk+e1+P*sk2),d1+P-1*d2*a), bmult+amult*sk=Δ2*mmult+emult=Δ2*m1m2+emult;, where sk is the recipient key, satisfying sk=Σsk i;
(3-1-3) reducing the noise e mult of c mult' by using a modulo reduction technique and ensuring that the amplification factor delta is unchanged to improve the plaintext accuracy to obtain c f, which is calculated as follows:
cf=RS(cmult')=c"=(b3,a3)=「Δ-1*cmult'」=(Δ-1*bmult-1*amult)(mod qi-1); It satisfies b 3+a3*sk=Δ*mmult+e(modqi-1);
The two secret state data are fused, the steps (3-1-2) - (3-1-3) are continuously executed, fusion results and the next secret state data are fused, and n data are fused for n-1 times;
(3-2) authentication code fusion:
Performing an addition/multiplication operation on the secret authentication code: y f=f(y1,y2,……,yn) is performed with the secret calculation;
when addition is performed, it corresponds to polynomial coefficient addition :yf=yadd(x)=y1(x)+y2(x)+…+yn(x)=A1+A2+…+An+(B1+B2+…+Bn)x;
When performing multiplication, this corresponds to performing convolution of the corresponding coefficients:
6. the verifiable secret data fusion method of claim 5, wherein step S204 comprises:
The computing party returns the secret fusion computing result (c f, A, B) to the receiving party;
(4-1) authentication code verification:
The receiver receives data c f and verification codes (a, B): firstly judging whether c f =a is satisfied, if so, further calculating a data label l=h (c f), and verifying whether r=a+bk is satisfied by a random number r=f K (L), if so, passing authentication, otherwise, failing;
(4-2) decryption by the receiving side:
Receiver pair c f=(bf,af) decrypts: b f+af*sk=Δ*mf+e(mod qi) to obtain the encoded plaintext Δ x m f, and then decoding to obtain the plaintext Dcd (m f; delta) =z; sk is the recipient key, satisfying sk=Σsk i.
7. The method of any one of claims 1-6, wherein the verification process is performed in parallel with the ciphertext data process in each stage.
CN202311698165.6A 2023-12-12 2023-12-12 Verifiable secret state data fusion method Pending CN117909997A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311698165.6A CN117909997A (en) 2023-12-12 2023-12-12 Verifiable secret state data fusion method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311698165.6A CN117909997A (en) 2023-12-12 2023-12-12 Verifiable secret state data fusion method

Publications (1)

Publication Number Publication Date
CN117909997A true CN117909997A (en) 2024-04-19

Family

ID=90685995

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311698165.6A Pending CN117909997A (en) 2023-12-12 2023-12-12 Verifiable secret state data fusion method

Country Status (1)

Country Link
CN (1) CN117909997A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN118803743A (en) * 2024-09-12 2024-10-18 暨南大学 A privacy-preserving online car-hailing service method based on secure multi-party computing

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN118803743A (en) * 2024-09-12 2024-10-18 暨南大学 A privacy-preserving online car-hailing service method based on secure multi-party computing

Similar Documents

Publication Publication Date Title
US11374975B2 (en) TLS integration of post quantum cryptographic algorithms
Liu et al. An efficient privacy-preserving outsourced calculation toolkit with multiple keys
CN110247757B (en) Block chain processing method, device and system based on cryptographic algorithm
Wang et al. Privacy-preserving public auditing for data storage security in cloud computing
CN104270249B (en) It is a kind of from the label decryption method without certificate environment to identity-based environment
EP3005608B1 (en) Authentication
CN112906030B (en) Data sharing method and system based on multi-party homomorphic encryption
CN110120939B (en) Encryption method and system capable of repudiation authentication based on heterogeneous system
CN104301108B (en) It is a kind of from identity-based environment to the label decryption method without certificate environment
CN109450640B (en) SM 2-based two-party signature method and system
CN115883053A (en) Model training method and device based on federated machine learning
Shankar et al. Improved multisignature scheme for authenticity of digital document in digital forensics using edward‐curve digital signature algorithm
CN111565108B (en) Signature processing method, device and system
CN115580396A (en) System and method for inquiring hiding trace
CN113849831B (en) A two-party collaborative signature and decryption method and system based on SM2 algorithm
CN114189329A (en) Public key authentication repudiatable encryption method and system
CN117909997A (en) Verifiable secret state data fusion method
Aldosary et al. A secure authentication framework for consumer mobile crowdsourcing networks
Zhang et al. Robust and efficient password authenticated key agreement with user anonymity for session initiation protocol‐based communications
Abo-Alian et al. Auditing-as-a-service for cloud storage
Aumasson Crypto Dictionary: 500 Tasty Tidbits for the Curious Cryptographer
CN114070549B (en) Key generation method, device, equipment and storage medium
CN114153382A (en) Efficient data migration method and system supporting verifiable deletion of data in cloud storage
Wanda et al. Efficient message security based Hyper Elliptic Curve Cryptosystem (HECC) for mobile instant messenger
Iwamura et al. Secure user authentication with information theoretic security using secret sharing based secure computation

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination