引用本文: |
-
王学庆,王彪,薛锐.具有短密文的多身份全同态加密构造框架[J].信息安全学报,2018,3(5):54-63 [点击复制]
- WANG Xueqing,WANG Biao,XUE Rui.A Framework of Multi-id Identity-based Fully Homomorphic Encryption with Short Ciphertexts[J].Journal of Cyber Security,2018,3(5):54-63 [点击复制]
|
|
摘要: |
类似于多密钥全同态加密(Multi-key Fully Homomorphic Encryption,MFHE),多身份全同态加密(Multi-id Identity-basedFully Homomorphic Encryption,MIBFHE)允许对不同用户的密文进行关于任意函数的同态计算,且后者因具有加密密钥易获取、密钥托管和密钥撤销易实现等特点,具有更深远的应用前景。 Canetti等人在PKC 2017上给出了一个框架,可将身份加密方案(Identity-based Encryption,IBE)和MFHE方案转换成MIBFHE方案。若用基于DLWE假设的IBE方案和Brakerski与Perlman的全动态①MFHE方案(以下简称BP方案),可得到全动态的MIBFHE方案,但密文规模较大,为O(n5log5q),这里n,q是DLWE假设的参数,且紧致性相比于MFHE方案变弱。因密文规模是影响通信效率的主要因素,本文构造了一个密文规模较小和紧致性较强的MIBFHE方案框架,且仅用了MFHE这一个构件,然后用BP方案去实例化,得到了全动态的、选择性安全的MIBFHE方案,其密文规模为O(nlogq). |
关键词: 多身份的身份全同态加密 多密钥的全同态加密 全同态加密 身份加密 |
DOI:10.19363/J.cnki.cn10-1380/tn.2018.09.05 |
投稿时间:2017-05-02修订日期:2017-07-03 |
基金项目:本课题得到国家自然基金项目(No.61472414;No.61772514;No.61602061)资助。 |
|
A Framework of Multi-id Identity-based Fully Homomorphic Encryption with Short Ciphertexts |
WANG Xueqing1,2, WANG Biao1,2, XUE Rui1,2
|
(1.State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;2.School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China) |
Abstract: |
Similar to Multi-key Fully Homomorphic Encryption (MFHE), Multi-id Identity-based Fully Homomorphic Encryption (MIBFHE) allows to homomorphically compute on ciphertexts under different users for any computable functions. And MIBFHE may be more useful in practice since it has advantages including that encryption keys are easy to obtain, for the sender, from system parameters and some unique information of the receiver's identity, and that key escrow and key revocation are easily achievable. Canetti et al., at PKC 2017, proposed a framework of transforming identity-based encryption (IBE) schemes and MFHE schemes into MIBFHE schemes. If we exploit a DLWE-based IBE scheme and Brakerski and Perlman's MFHE scheme (abbr. BP scheme), we will obtain a fully dynamic MIBFHE scheme with ciphertext size O(n5log5q), where n, q are proper parameters for DLWE assumption. And additionally, the compactness of MIBFHE is weaker than that of MFHE. In this paper, we only exploit MFHE to construct a MIBFHE framework with smaller ciphertexts and stronger compactness. And then we initiate it with the BP scheme to obtain a fully dynamic and selective secure MIBFHE scheme, whose ciphertext size is O(nlogq). |
Key words: multi-id identity-based fully homomorphic encryption multi-key fully homomorphic encryption fully homomorphic encryption identity-based Encryption |