ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2019, Vol. 56 ›› Issue (3): 496-507.doi: 10.7544/issn1000-1239.2019.20170443

• 信息安全 • 上一篇    下一篇

抵抗自适应密钥恢复攻击的层级全同态加密

李增鹏1,2,马春光1,赵明昊3   

  1. 1(哈尔滨工程大学计算机科学与技术学院 哈尔滨 150001); 2(青岛大学计算机科学技术学院 山东青岛 266071); 3(清华大学软件学院 北京 100084) (lizengpeng@hrbeu.edu.cn)
  • 出版日期: 2019-03-01
  • 基金资助: 
    国家自然科学基金项目(61472097,61802214)

Leveled Fully Homomorphic Encryption Against Adaptive Key Recovery Attacks

Li Zengpeng1,2, Ma Chunguang1, Zhao Minghao3   

  1. 1(College of Computer Science and Technology, Harbin Engineering University, Harbin 150001); 2(College of Computer Science and Technology, Qingdao University, Qingdao, Shandong 266071); 3(School of Software, Tsinghua University, Beijing 100084)
  • Online: 2019-03-01

摘要: 由于攻击者可以通过自适应攻击的方式获得私钥,因此目前一个重要的公开问题是如何保护层级全同态加密(fully homomorphic encryption, FHE)免受自适应攻击.在该问题的研究中,为实现抵抗自适应密钥恢复攻击的目标,近来,李增鹏等人(PROVSEC’16)在容错学习(learning with errors, LWE)假设下,提出了一个多私钥的全同态加密方案,该方案并不依赖于Loftus等人(SAC’11)利用的“有效密文”概念.然而尽管该方案能抵抗私钥信息的泄漏,但利用噪声信息仍然能够实现自适应的密钥恢复攻击.基于李增鹏等人(EPRINT’16)的工作,给出对李增鹏等人方案的一种新的自适应攻击方法,并提出了一种不同于EPRINT’16的对偶的多私钥全同态加密方案以抵抗该自适应攻击.其核心思想是采用对偶的加密方式,并在每次解密算法运行时,都生成一个“一次”私钥,因此即使攻击者能够从每个解密查询中得到该一次私钥的某些比特,但却无法获得噪声的某些比特,因此,攻击者仍不能计算出一个有效的私钥.

关键词: 自适应密钥恢复攻击, 格基密码学, 容错学习, 全同态加密, 多私钥

Abstract: A major open problem is to protect leveled homomorphic encryption from adaptive attacks that allow an adversary to learn the private key. In order to achieve the goal of preventing key recovery attacks on fully homomorphic encryption (FHE), Li Zengpeng et al (PROVSEC’16) proposed an multiple secret keys fully homomorphic encryption scheme under the learning with errors (LWE) assumption to prevent key recovery attacks on FHE, which did not use the notion of “valid ciphertexts” of Loftus et al (SAC’11). However, utilizing the information of noise, the attacks can still recover the information of the secret key. Li Zengpeng et al.’s scheme cannot provide an efficient method to protect the secret key. In this paper, Inspired by the work of Li Zengpeng et al (EPRINT’16), we first give a new method of key recovery attacks to Li Zengpeng et al.’s scheme; then, we propose a new FHE scheme with multiple secret keys which differs from EPRINT’16, and prove our new scheme against key recovery attacks. Our main idea is to adopt the dual version of encryption algorithm and generate a “one-time” secret key every time, so that even if an attacker can learn some bits of the one-time private key from each decryption query and cannot obtain some bits of noise, the scheme still does not allow them to compute a valid private key.

Key words: adaptive key recovery attacks, lattice-based cryptography, learning with errors, fully homomorphic encryption, multiple secret keys

中图分类号: