| 摘要: |
| 随着信息产业的高速发展, 复杂的计算任务与用户有限的计算能力之间的矛盾愈加突出, 如何借助云平台提供的计算服务, 实现安全可靠的外包计算, 引起了人们的广泛关注。 具有隐私保护的可验证计算为该问题提供了有效途径, 它能够解决外包计算中的两大安全问题——计算结果不可信和用户隐私数据泄露。 根据客户端存储能力是否受限, 可验证计算可分为计算外包模式和数据外包模式, 本文分别对这两种模式下具有隐私保护的可验证计算进行梳理和总结。 对于计算外包模式, 本文以方案涉及的服务器数量为分类依据, 分别梳理了单服务器情形和多服务器情形下的相关工作。 其中, 对于单服务器情形下具有隐私保护的可验证计算, 提炼出了一般化的通用构造方法和针对具体函数的构造技术, 并对多服务器情形下的相关方案进行了分析对比。 对于数据外包模式, 本文根据实现工具的不同, 分别梳理了基于同态认证加密的可验证计算和基于上下文隐藏的同态签名的可验证计算。 具体地, 本文从函数类型、 安全强度、 困难假设、 验证方式、 证明规模等多个维度对现有的同态认证加密方案进行了分析对比; 此外, 本文还对同态签名不同的隐私性定义进行了总结对比, 包括单密钥情形下的弱上下文隐藏性、 强上下文隐藏性、 完全上下文隐藏性和基于模拟的上下文隐藏性, 以及多密钥情形下的内部上下文隐藏性和外部上下文隐藏性。 最后,通过分析现有方案在性能、 功能和安全性三个方面的优势及不足, 对具有隐私保护的可验证计算未来的研究重点进行了讨论与展望。 |
| 关键词: 云计算 可验证计算 数据隐私 计算外包模式 数据外包模式 隐私保护的同态消息认证码 上下文隐藏的同态签名 |
| DOI:10.19363/J.cnki.cn10-1380/tn.2024.07.12 |
| Received:October 17, 2022Revised:January 12, 2023 |
| 基金项目:本课题得到国家自然科学基金(No. 62172405),信息安全国家重点实验室开放课题基金(No. 2021-MS-02)资助。 |
|
| A Survey on Verifiable Computation with Privacy Protection |
| LI Shimin,WANG Xin,XUE Rui |
| Westone Cryptologic Research Center, CETC Cyberspace Security Technology Co., Ltd., Beijing 100043, China;State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100085, China;Ant Group, Beijing 100020, China;State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100085, China;School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China |
| Abstract: |
| With the rapid development of the information industry, the contradiction between complex computing tasks and users' limited computing ability is becoming more and more prominent. How to achieve secure and reliable outsourcing computation by using computing services provided by cloud platforms has attracted widespread attention. Verifiable computation (VC) with privacy protection provides an effective approach to this problem, which can solve two major security problems in outsourcing computation: the unreliability of computing results and the leakage of user’s privacy data. Verifiable computation can be divided into computation-outsourcing mode and data-outsourcing mode according to whether the storage capacity of the client is limited. This paper sorts out and summarizes the important research progress of privacy-preserving verifiable computation in the above two modes, respectively. For the computation-outsourcing mode, this paper sorts out the relevant work under the single-server situation and the multi-server situation based on the number of servers involved in the scheme. Among them, for VC with privacy protection in the case of single server, the generic construction methods and the construction techniques for specific functions are summarized, thereafter the relevant schemes in the case of multiple servers are analyzed and compared. For the data-outsourcing mode, according to different implementation tools this paper investigates VC based on homomorphic authenticated encryption and that based on context hiding homomorphic signature, respectively. Specifically, this paper analyzes and compares the existing homomorphic authenticated encryption schemes in several aspects such as function types, security levels, assumptions, verification mode and proof size. In addition, this paper also summarizes and compares different privacy definitions of homomorphic signature, including weakly context hiding, strong context hiding, completely context hiding and simulation-based context hiding in the case of single-key, and internally context hiding and externally context hiding in the case of multi-key. Finally, by analyzing the advantages and disadvantages of existing schemes in terms of performance, functionality and security, the future research emphasis of VC with privacy protection is discussed and prospected. |
| Key words: cloud computing verifiable computation data privacy computing-outsourcing mode data-outsourcing mode privacy-preserving homomorphic message authenticator context hiding homomorphic signature |
