支持同态算术运算的数据加密方案算法研究  被引量：15

作　　者：杨攀[1,2] 桂小林[1,2] 姚婧[1,2] 林建财 田丰[1,2] 张学军[1,2] 

机构地区：[1]西安交通大学电子与信息工程学院,陕西西安710049 [2]西安交通大学陕西省计算机网络重点实验室,陕西西安710049

出　　处：《通信学报》2015年第1期167-178,共12页Journal on Communications

基　　金：国家科技重大专项基金资助项目(2012ZX03002001);高等学校博士学科点专项科研基金资助项目(20120201110013);陕西省科技攻关基金资助项目(2012K06-30);国家自然科学基金资助项目(61172090;61472316);陕西省科技统筹创新工程基金资助项目(2013SZS16-Z01/P01/K01)~~

摘　　要：针对在计算服务中,对用户信息加密以保护隐私时,无法对密文进行计算的问题,提出一种高效的支持密文四则算术运算的同态加密方案CESIL,包括密钥生成、加密、解密及密文运算4个算法。该方案首先借助多项式环重新定义向量的加法和乘法运算,构建多项式系数向量环;然后利用理想格在向量环上划分剩余类,建立商环及其代表元集合;最后,将整数明文映射为代表元,并用代表元所在剩余类的其他元素替换该代表元,以对明文进行加密。商环的运算特性保证CESIL方案支持对密文的加法和乘法运算。在实现CESIL方案时,利用快速傅里叶变换(FFT)算法进一步提高运算效率、减少密钥长度。理论分析及实验结果表明,CESIL是语义安全的,且相比已有的一些同态加密方案,CESIL支持更多的运算类型,拥有较高的运行效率和较小的密钥及密文长度,能更好地满足实际应用需求。An efficient homomorphic encryption scheme called CESIL was proposed to meet the requirements of operating on encrypted data when protecting users＇ privacy in computing services. CESIL included key generation algorithm, encryption algorithm, decryption algorithm and calculation algorithm. In CESIL, a polynomial coefficient vector ring was established by defining addition and multiplication using polynomial ring; by using ideal lattice, the vector ring was partitioned into many residue classes to produce a quotient ring and its representative set; the plaintext was encrypted by mapping it to a representative and replacing the representative with another element in the same residue class. The features of operations in quotient ring ensured CESIL operate on encrypted data. Furthermore, the fast Fourier transform（FFT） algorithm was used to increase the efficiency and decrease the length of key. Theoretical analysis and experimental results show that CESIL is semantically secure, and can do addition and multiplication operations on encrypted data homomorphically in a specific scope. Comparing to some existing homomorphic encryption schemes, the CESIL runs efficiently, and has shorter length in key and ciphertext. Thus, the CESIL fits the practical applications better.

关 键 词：同态加密 隐私保护 理想格 代表元 计算服务 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]