一個可降低Gentry全同態加密演算法公鑰個數之提案 / An Improvement of Gentry’s “Fully Homomorphic Encryption Scheme” by Reducing the Number of Public Keys

陳漢光

Unknown Date

"全同態加密法"(Fully Homomorphic Encryption (FHE))一詞的介紹以及架構源於西元2009年由Gentry所提出。它讓加密後的密文執行特定的運算再將其解密即可得出該對應的明文運算結果，除此之外，全同態與同態最大的不同是它允許兩種或是多種以上的運算元進行資料運算，期間必須可以處理大量的資料並且保護其資料隱私性使其無洩漏之虞。也因為上述特點使得它可被廣泛使用在許多資料庫或是資料儲存上的應用，像是ASP、雲端運算或是雙方相等性驗證上，然而在Gentry的全同態加密中，它需要大量的空間來儲存所需要的公鑰，因此在實作上仍有一定的難度。為了解決上述問題，本文提供了一種新的改良方案使其更有效率來達到全同態加密的實作性，除此之外，我們也會在文章中提出安全性分析來證明本改良方案並不會對安全性造成影響，並且提出系統效能測試，說明本方案除了可減少公鑰儲存空間之外，在時間上，更可降低公鑰生成以及系統加密的時間，讓其全同態運算更具效率。 / C. Gentry in 2009 proposed the first practical scheme which can compute arbitrary functions of encrypted data. This scheme is named “Fully Homomorphic Encryption (FHE)”. FHE allows a worker without the secret decryption key to compute any result of the data on one hand and still keep the data privacy on the other hand. It can be widely used in data storage application or database application, such as ASP, cloud computing and two-party equality testing. However, one drawback of Gentry’s fully homomorphic encryption scheme is that the size of public keys used in this system is extremely large. This means that a lot of space is required in order to store those public keys. This problem causes Gentry’s FHE hard to be implemented. In this thesis, we address the problem above, and give an improvement encryption scheme. Our improvement scheme needs less space to store the public keys which also makes the new scheme more efficient than Gentry’s original scheme. We also give a rigorous security proof to show that our improvement scheme is as secure as Gentry’s original scheme. A system performance test is also provided which shows that our scheme can not only reduce the numbers of public keys, but also reduce the time for public key generation and for encryption. Therefore, our improvement scheme can make fully homomorphic encryption more practical.

全同態加密

密碼學

秘密計算

雲端運算

隱私保護

雙方相等性驗證機制的設計及其應用 / A study on the design of Two-Party equality testing protocol and its applications

吳承峰, Wu, Cheng Feng

Unknown Date

雙方相等性驗證即是在不洩漏任何自身私密資訊的情況下，進行秘密計算來了解彼此的資訊是否相等。然而在大多數的現有協議之中，多數為不公平的協定，也就是說其中的一方(被告知方)只能相信另一方(告知方)所告知的比較結果，而無從驗證。雖然邱等學者在2011 年提出的〝具隱私保護功能之兩方相等性驗證機制之提案〞已經提供了具雙方驗證的協定，但此方案因為在加密演算法上的限制導致實作較為困難。因此，在本論文中，將利用ElGamal 的加密機制，提出了一套新的雙方相等性驗證的協議，具備相同的雙方相等性驗證的功能，但對加密演算法的限制較少，實作及運算也較為有效率。另外，搭配模糊傳輸的協定，讓使用者藉由本研究所提出的協定跟伺服器端溝通，來獲得所欲取得的資料，並同時保障使用者以及伺服器端的隱私。同時除了理論的證明安全性及正確性之外，也撰寫程式模擬並證實協定的正確性及討論其效能。 / Two-party equality testing protocol allows two entities to compare their secrete information without leaking any information except the comparison result. In previous works, the comparison result can only be obtained by one entity (ie. informer) and then the entity informs the result to the other entity (ie. receiver). The receiver has to accept the received result since he has no way to verify its correctness. Ciou et al. in 2011 first mentioned this problem and proposed a new protocol to solve the aforementioned problem. However, their protocol has some specific restrictions which making it unpractical. In this paper, based on the ElGamal encryption, we propose a new two-party equality testing protocol. Our protocol has the same feature (ie. allows the two entries to test the correctness of the comparison result) as Ciou et al.’s protocol but is more efficient and practical than theirs. On the other hand, combining our protocol with an oblivious transfer protocol can let users communicate with servers and to get the data in a private way. It is useful on the issue of privacy protection. Finally, the security and correctness are discussed and proved. The efficiency of the protocol is also provided.

密碼學

ElGamal加密系統

同態加密

模糊傳輸

秘密計算

Cryptography

ElGamal encryption

Homomorphic encryption

Oblivious transfer

Secure computing