NTRU型多密钥全同态加密方案的优化  被引量：4

作　　者：车小亮 周潭平[1,2] 李宁波 周昊楠[1] 刘龙飞 杨晓元[1,2] CHE Xiaoliang;ZHOU Tanping;LI Ningbo;ZHOU Haonan;LIU Longfei;YANG Xiaoyuan(School of Cryptographic Eng.,Eng.Univ.of PAP,Xi’an 710086,China;Key Lab.of Network and Info.Security of PAP,Xi’an 710086,China)

机构地区：[1]武警工程大学密码工程学院,陕西西安710086 [2]网络和信息安全武警部队重点实验室,陕西西安710086

出　　处：《工程科学与技术》2020年第5期186-193,共8页Advanced Engineering Sciences

基　　金：国家重点研发计划项目(2017YFB0802000);国家自然科学基金项目(U1636114);国家密码发展基金项目(MMJJ20170112);陕西省自然科学基金项目(2020JQ-492)。

摘　　要：现有的NTRU型多密钥全同态加密方案多是基于2的幂次分圆多项式环构造的,全同态计算过程使用了复杂的密钥交换操作,这类方案容易遭受子域攻击,且同态运算效率较低,对此本文提出了一个安全性更好、效率更高的NTRU型多密钥全同态加密方案。首先,将现有方案底层的分圆多项式环扩展应用到素数次分圆多项式环上,给出了基于素数次分圆多项式环的NTRU型多密钥全同态加密的基础方案模型(B-MKFHE方案),该方案模型可以抵御更多的子域攻击。其次,在B-MKFHE方案模型的基础上,通过扩展密文多项式维度,优化了NTRU型多密钥同态运算结构,使得同态运算过程不再需要复杂耗时的密钥交换操作。最后,根据优化的多密钥同态运算结构,结合模交换技术,构造了无需密钥交换的层级的NTRU型多密钥全同态加密方案(M-MKFHE方案)。分析结果表明,本文提出的M-MKFHE方案能有效抵御子域攻击,满足IND-CPA安全。与B-MKFHE方案相比,M-MKFHE方案具有更小的存储开销和计算开销,同态运算过程中产生的噪声值较小,运算效率较高,且支持更深层次的同态运算。The previous NTRU-type multi-key fully homomorphic encryption(MKFHE)schemes were constructed over power-of-2 cyclotomic polynomial rings,and the complicated key-switching operations were used in the schemes to complete the fully homomorphic computation.They were suffered from the subfield attacks and had low evaluating efficiency.In this paper,an NTRU-type MKFHE scheme with better security and higher efficiency was proposed.Firstly,the prime cyclotomic polynomial ring was applied to the previous NTRU-type MKFHE schemes,and a NTRU-type MKFHE basic scheme model(B-MKFHE)that could resist more subfield attacks was presented.Secondly,based on the B-MKFHE model,the NTRU-type multi-key homomorphic evaluating structure was optimized by extending the dimension of ciphertext polynomial,so that the complicated and time-consuming key-switching operations were eliminated when running the homomorphic operations.Finally,combined the optimized multi-key homomorphic evaluating structure and modulus-switching technology,a leveled NTRU-type MKFHE scheme(M-MKFHE)without key-switching operations was constructed.The result showed that the proposed M-MKFHE scheme could resist the subfield attacks well and was proved to be IND-CPA security.Compared with the B-MKFHE,the memory(bit-size)and evaluating costs of the M-MKFHE are reduced,and the error magnitude is decreased in the homomorphic evaluating process.In all,the M-MKFHE scheme has higher evaluating efficiency and supports deeper homomorphic evaluations.

关 键 词：NTRU型多密钥全同态加密 素数次分圆多项式环 密文扩展 同态运算结构 IND-CPA安全 

分 类 号：TP391[自动化与计算机技术—计算机应用技术]