基于k-Lin假设的同态加密方案
作者:
作者单位:

作者简介:

通讯作者:

中图分类号:

基金项目:

国家自然科学基金(61922036,U2001205);广东省基础与应用基础研究重大项目(2019B030302008)


k-Lin-based homomorphic encryption schemes
Author:
Affiliation:

Fund Project:

  • 摘要
  • |
  • 图/表
  • |
  • 访问统计
  • |
  • 参考文献
  • |
  • 相似文献
  • |
  • 引证文献
  • |
  • 资源附件
  • |
  • 文章评论
    摘要:

    作为数字货币的底层核心技术之一,区块链随着数字货币的快速发展而受到了广泛关注.由于区块链具有去中心化、防篡改、可追溯等性质,如今越来越多的企业和个人用户选择利用区块链技术来实现数据的传输和记录.区块链公开透明的特性,一方面充分保证了数据的可用性,但另一方面又给用户的隐私信息带来了严重威胁.为了同时兼顾用户数据的机密性和可用性,同态加密常常被用到区块链的安全解决方案之中.然而,现实应用对于所部署的同态加密方案的安全强度要求也很可能会随着时间推移而有所变化.考虑到区块链应用场景的复杂多样性和分布式特点,同态加密方案一旦部署下去,之后随着时间推移需要调整安全性强度时,相应的工作量将会非常繁重.此外,在区块链的现实应用中,考虑到监管方面的需求,很多情况下(尤其是针对某些群组成员发布和传输的数据)需要允许某可信第三方(比如监管方)能够对链上的相应密文数据进行解密.如果采用传统的同态加密方案对数据进行加密,可信第三方需要存储所有用户的私钥,这将给密钥管理和存储带来巨大压力.针对当前的区块链应用场景和安全需求,提出了一个基于kk)上的判定性k-Lin假设的加法同态加密方案.我们的方案不仅在标准模型下能满足IND-CCA1安全性,还具有三个特殊优势:(i)可以通过对参数k的调控来细粒度调节加密方案的安全性强度;(ii)加密方案具有双解密机制:存在两种私钥,一种由用户本人持有,另一种由可信第三方持有,其中可信第三方的私钥可用于该加密体制所有用户的密文解密;(iii)加密方案可以极为便利地退化为IND-CPA安全的公钥加密方案,退化后的方案不仅其公私钥长度和密文长度变得更短,而且同样具有加法同态性和双解密机制.

    Abstract:

    Blockchain, as one of the underlying key technologies of digital currency, has received extensive attention with the rapid development of digital currency. Due to the decentralization, tamper resistance, traceability and other properties of blockchain, more and more enterprise/individual users now choose to use blockchain technology to achieve data transmission and recording. On the one hand, the openness and transparency of the blockchain can fully guarantee the availability of data, but on the other hand, it brings high risks to users' privacy. In order to balance the confidentiality and availability of data, homomorphic encryption is usually employed in security solutions of blockchain. However, in practice, the security strength of the deployed homomorphic encryption schemes is likely to change over time. Considering the complex diversity and distributed characteristics of blockchain application scenarios, once a homomorphic encryption scheme is deployed, the corresponding workload will be very heavy when its security strength needs to be adjusted over time. To make things worse, in practice of blockchain, when considering the regulation requirements in many cases (especially for the data published and transmitted by certain group members), a trusted third party (TTP) such as a regulator, which is able to decrypt all the corresponding ciphertexts on the chain, is needed. If a traditional homomorphic encryption scheme is deployed, the TTP needs to store all users' secret keys, which introduces lots of practical problems to key management and storage of the TTP. According to the current application scenarios and security requirements of blockchain, we propose an additive homomorphic encryption scheme, whose security is based on the decisional k-Lin assumption over k where k. Our scheme can be proved IND-CCA1 secure in the standard model, and has the following three advantages:(i) fine-grained adjustment of the security strength of the proposed scheme can achieved via adjusting the parameter k; (ii) it is a double decryption scheme (i.e., it has two kinds of secret keys, where one of them is held by a certain user, and the other is kept by the TTP, so the TTP can use this key to decrypt all the ciphertexts encrypted by the users under their own public keys); (iii) it can easily degenerate into an IND-CPA secure homomorphic encryption scheme, such that the obtaining scheme, with shorter public-secret key pair and shorter ciphertexts, is also an additively homomorphic, double decryption scheme.

    参考文献
    相似文献
    引证文献
引用本文

赖俊祚,黄正安,翁健,吴永东.基于k-Lin假设的同态加密方案.软件学报,,():0

复制
分享
文章指标
  • 点击次数:
  • 下载次数:
  • HTML阅读次数:
  • 引用次数:
历史
  • 收稿日期:2021-06-10
  • 最后修改日期:2022-04-12
  • 录用日期:
  • 在线发布日期: 2022-07-22
  • 出版日期:
您是第位访问者
版权所有:中国科学院软件研究所 京ICP备05046678号-3
地址:北京市海淀区中关村南四街4号,邮政编码:100190
电话:010-62562563 传真:010-62562533 Email:jos@iscas.ac.cn
技术支持:北京勤云科技发展有限公司

京公网安备 11040202500063号