基于多方混淆电路的常数轮多方私有函数计算方案  

作　　者：吴伟宁 李宏博 黄建业 黄琼 WU Wei-Ning;LI Hong-Bo;HUANG Jian-Ye;HUANG Qiong(College of Mathematics and Informatics/College of Software Engineering,South China Agricultural University,Guangzhou 510642,China;Guangzhou Key Lab of Intelligent Agriculture,Guangzhou 510642,China;School of Computing and Information Technology,University of Wollongong,Wollongong,NSW 2500,Australia)

机构地区：[1]华南农业大学数学与信息学院、软件学院,广州510642 [2]广州市智慧农业重点实验室,广州510642 [3]伍伦贡大学计算机与信息技术学院,伍伦贡新南威尔士2500

出　　处：《密码学报(中英文)》2024年第6期1331-1353,共23页Journal of Cryptologic Research

基　　金：国家自然科学基金(62272174);广东省基础与应用基础研究重大项目(2019B030302008);广州市科技计划(2024A04J6542)。

摘　　要：私有函数计算(private function evaluation,PFE)的目的是安全地计算函数f(x1,x2,···,xn),而不泄露除了输出所揭示的信息之外的任何其他信息,适用于计算多方联合数据集的大数据分析任务,且其分析算法f是不方便公开的.Mohassel等在EUROCRYPT 2013提出了一个基于多方秘密共享方案(GMW)的被动安全多方私有函数计算方案,他们的协议具有线性轮交互,不适用于高延迟网络,限制了多方私有函数计算的实用性.针对上述问题,本文利用Ben-Efraim等人的优化多方混淆电路BMR方案、Katz等人的基于同态加密的不经意扩展置换方案(HE-OEP)和Mohassel等人的基于交换网络的不经意扩展置换方案(SN-OEP),通过隐藏由函数f编译得到的电路Cf的拓扑结构达到保护电路私有性的目的,分别构造基于同态加密的多方私有函数计算协议ΠBMR-PFE(HE-OEP)和基于交换网络的多方私有函数计算协议ΠBMR-PFE(SN-OEP).所提两个协议都具有常数交互轮次,前者主要基于非对称密码原语构造,具有线性复杂度O(g),交互轮次可以压缩至7轮;后者主要基于对称密码原语构造,具有复杂度O(g log(g)),交互轮次可以压缩至8轮.所提方案能够抵抗半诚实敌手腐化最多n−1个参与方,在大多数不信任的参与方的协议执行环境下,这能够有效保护自己重要的私有数据财产,避免因数据泄露而被侵犯利益.另外,所提协议与2023年Xu等人提出的协议具有相近的通信、计算复杂度和交互轮次,当参与方数量从5开始,在电路门数量级在2^(10)∼2^(20)之间,所提协议对比他们的协议具有更低的通信开销,而混淆电路提出至今,通信开销一直是其性能瓶颈,因此所提基于多方混淆电路的常数轮多方私有函数计算方案,能够有效提升高延迟网络环境下计算大型电路时多方私有函数计算协议的效率.The purpose of private function evaluation(PFE)is to securely compute a function f(x1,x2,···,xn)without revealing any information other than that revealed by the output,and PFE is suitable for computing multi-party big data analysis tasks of joint dataset whose analysis algorithm f is not conveniently public.Mohassel et al.proposed a passively secure multi-party private function evaluation scheme based on a multi-party secret sharing scheme(GMW)in EUROCRYPT 2013.Their protocol has linear rounds of interaction and is not applicable to high latency networks,which limits the practicality of multi-party private function evaluation.To address such problems,this study utilizes the optimized multi-party garbled circuit BMR scheme proposed by Ben-Efraim et al,the oblivious extended permutation based on homomorphic encryption scheme(HE-OEP)proposed by Mohassel et al.and the oblivious extended permutation based on switching network scheme(SN-OEP)proposed by Katz et al.to achieve circuit protection by hiding the topology of the circuit Cf compiled from the function f and constructing the multi-party private function evaluation protocolΠBMR-PFE(HE-OEP)based on homomorphic encryption andΠBMR-PFE(SN-OEP)based on switching network,respectively.Both protocols proposed in this study have a constant rounds of interaction,the former is constructed mainly based on asymmetric cryptographic primitives with linear complexity O(g),and its rounds of interaction can be compressed to 7 rounds of interaction,while the latter is constructed mainly based on symmetric cryptographic primitives construction with complexity O(g log(g)),and its rounds of interaction can be compressed to 8 rounds of interaction.The scheme proposed in this study can resist semi-honest adversaries to corrupt at most n-1 participants,which can effectively protect one’s important private data property from data leakage in a protocol execution environment where most of the participants are untrusted.In addition,the protocols proposed in this study has similar com

关 键 词：多方私有函数计算 BMR OEP 被动安全 常数轮 

分 类 号：TP309.7[自动化与计算机技术—计算机系统结构]