Multi-user fully homomorphic encryption scheme based on proxy re-encryption for cloud computing
LI Taoshen1,2, LIU Qing1, HUANG Ruwei1,2
1. School of Computer, Electronics and Information, Guangxi University, Nanning 530004, China;
2. Guangxi Colleges and Universities Key Laboratory of Parallel and Distributed Computing, Nanning 530004, China
摘要为解决云环境下多用户共享、隐私安全和密文计算等问题,该文提出一种适用于云环境的基于代理重加密的多用户全同态(proxy re-encryption-based,multi-user,fully homomorphic encryption scheme for cloud computing,PREB-MUFHE)加密方案。该方案使用不同的公钥对不同用户的密文进行加密,使得不同用户密文满足密文独立和不可区分性。为了使2个用户之间的密文运算结果满足全同态性,当密文上传到云端时,由云服务提供商(cloud service provider,CPS)作为代理方对其中一个用户的密文进行重加密,将其转化为对同一用户下的密文,然后再进行密文的运算。安全分析证明了该方案的安全性是基于容错学习(learning with errors,LWE)困难问题,在普通双线性群随机域模型下能抵御选择明文攻击(indistinguishability under chosen plaintext attack,IND-CPA)。实验结果表明:该方案能有效实现不同用户密文的全同态运算,支持多用户共享。
Abstract:Cloud computing involves multi-user sharing, user privacy and security, and ciphertext evaluation. This paper presents a multi-user, fully homomorphic encryption scheme based on proxy re-encryption for cloud computing. The scheme uses different public keys to encrypt the ciphertexts of different users, so different user ciphertexts provide ciphertext independence and indiscernibility. When a ciphertext is uploaded to the cloud, the ciphertext of one user is re-encrypted by the cloud service provider (CPS) as the agent and converted into a ciphertext for the same user. This allows the ciphertext calculation between the two users to meet the fully homomorphic computing requirements. A security analysis shows that the security of the this scheme is based on the harder problem of learning with errors (LWE) and can resist the chosen plaintext attack (in the generic bilinear group radom oracal model). Tests show that this scheme efficiently implements fully homomorphic evaluations of different user ciphertexts and supports multi-user sharing.
李陶深, 刘青, 黄汝维. 云环境中基于代理重加密的多用户全同态加密方案[J]. 清华大学学报(自然科学版), 2018, 58(2): 143-149.
LI Taoshen, LIU Qing, HUANG Ruwei. Multi-user fully homomorphic encryption scheme based on proxy re-encryption for cloud computing. Journal of Tsinghua University(Science and Technology), 2018, 58(2): 143-149.
BÉLEN C Z, LUIS F A J, AMBROSIO T. Security in cloud computing:A mapping study[J]. Computer Science and Information Systems, 2015, 12(1):161-184.
[2]
LIANG K T, LIU J K, WONG D S, et al. An efficient cloud-based revocable identity-based proxy re-encryption scheme for public clouds data sharing[C]//Proceedings of the 19th European Symposium on Research in Computer Security. Wroclaw, Poland:Springer Press, 2014:257-272.
[3]
YANG K, JIA X H, REN K, et al. DAC-MACS:Effective data access control for multiauthority cloud storage systems[J]. IEEE Transactions on Information Forensics and Security, 2013, 8(11):1790-1801.
[4]
张玉清, 王晓菲, 刘雪峰, 等. 云计算环境安全综述[J]. 软件学报, 2016, 27(6):1328-1348. ZHANG Y Q, WANG X F, LIU X F, et al. Survey on cloud computing security[J]. Journal of Software, 2016, 27(6):1328-1348. (in Chinese)
[5]
STRIZHOV M, RAY I. Secure multi-keyword similarity search over encrypted cloud data supporting efficient multi-user setup[J]. Transactions on Data Privacy, 2016, 9(2):131-159.
[6]
GENTRY C. Fully homomorphic encryption using ideal lattices[C]//Proceedings of the Forty-First Annual ACM Symposium on Theory of Computing. Bethesda, USA:ACM Press, 2009:169-178.
[7]
CORON J S, NACCACHE D, TIBOUCHI M. Public key compression and modulus switching for fully homomorphic encryption over the integers[C]//Proceedings of the 31st Annual International Conference on Theory and Applications of Cryptographic Techniques. Cambridge, UK:Springer Press, 2012:446-464.
[8]
CHEON J H, KIM J, LEE M S, et al. CRT-based fully homomorphic encryption over the integers[J]. Information Sciences, 2015, 310:149-162.
[9]
BRAKERSKI Z, VAIKUNTANATHAN V. Efficient fully homomorphic encryption from (standard) LWE[C]//Proceedings of the 52nd Annual Symposium on Foundations of Computer Science. Palm Springs, USA:IEEE Press, 2011:97-106.
[10]
BOS J W, LAUTER K, LOFTUS J, et al. Improved security for a ring-based fully homomorphic encryption scheme[C]//Proceedings of the 14th IMA International Conference on Cryptography and Coding. Oxford, UK:Springer Press, 2013:45-64.
[11]
REGEV O. On lattices, learning with errors, random linear codes, and cryptography[C]//Proceedings of the Thirty-Seventh Annual ACM Symposium on Theory of Computing. Baltimore, USA:ACM Press, 2005:84-93.
[12]
GENTRY C, SAHAI A, WATERS B. Homomorphic encryption from learning with errors:Conceptually-simpler, asymptotically-faster, attribute-based[C]//Proceedings of the 33rd Annual Cryptology Conference. Santa Barbara, USA:Springer Press, 2013:75-92.
[13]
CLEAR M, HUGHES A, TEWARI H. Homomorphic encryption with access policies:Characterization and new constructions[C]//Proceedings of the 6th International Conference on Cryptology in Africa. Cairo, Egypt:Springer Press, 2013:61-87.
[14]
CLEAR M, MCGOLDRICK C. Policy-based non-interactive outsourcing of computation using multikey FHE and CP-ABE[C]//Proceedings of 2013 International Conference on Security and Cryptography. Reykjavik, Iceland:IEEE Press, 2013:1-9.
[15]
CLEAR M, MCGOLDRICK C. Multi-identity and multi-key leveled FHE from learning with errors[C]//Proceedings of the 35th Annual Cryptology Conference. Santa Barbara, USA:Springer Press, 2015:630-656.
[16]
LI T, YE X J, WANG J M. Protecting data confidentiality in cloud systems[C]//Proceedings of the 4th Asia-Pacific Symposium on Internetware. Qingdao, China:ACM Press, 2012:Article No. 18.
[17]
LÓPEZ-ALT A, TROME E, VAIKUNTANATHAN V. On-the-fly multiparty computation on the cloud via multikey fully homomorphic encryption[C]//Proceedings of the Forty-Fourth Annual ACM Symposium on Theory of Computing. New York, USA:ACM Press, 2012:1219-1234.
[18]
刘青, 李陶深, 黄汝维. 云计算环境中基于策略的多用户全同态加密方法[J]. 广西大学学报(自然科学版), 2016, 41(3):786-795. LIU Q, LI T S, HUANG R W. Policy-based multi-user full homomorphic encryption method in cloud computing[J]. Journal of Guangxi University (Natural Science Edition), 2016, 41(3):786-795. (in Chinese)