西安电子科技大学学报 ›› 2024, Vol. 51 ›› Issue (3): 182-193.doi: 10.19665/j.issn1001-2400.20230905

• 网络空间安全 • 上一篇    下一篇

LowMC在BGV全同态加密环境下的噪声评估

李雪莲(), 陈卓皓()   

  1. 西安电子科技大学 数学与统计学院,陕西 西安 710071
  • 收稿日期:2023-03-22 出版日期:2024-06-20 发布日期:2023-09-27
  • 作者简介:李雪莲(1979—),女,副教授,E-mail:xlli@mail.xidian.edu.cn
    陈卓皓(1999—),女,西安电子科技大学硕士研究生,E-mail:caijc1130@163.com
  • 基金资助:
    陕西省重点研发计划(2021ZDLGY06-04);广西密码学与信息安全重点实验室基金(GCIS201802)

Homomorphic noise evaluation of LowMC in BGV environment

LI Xuelian(), CHEN Zhuohao()   

  1. School of Mathematics and Statistics,Xidian University,Xi’an 710071,China
  • Received:2023-03-22 Online:2024-06-20 Published:2023-09-27

摘要:

全同态加密技术具备的密文计算特性可以有效保护用户在互联网上的敏感数据,但该技术存在的密文膨胀问题是制约其在云计算、隐私保护等领域进行实际应用的一个难点。针对上述问题,提出了混合全同态加密方案FHE-LowMC,将LowMC对称加密算法与BGV全同态加密算法结合,分析了LowMC在BGV全同态加密环境下的同态噪声。首先给出了将LowMC明文编码成整系数多项式的方法,利用编码和解码完成不同空间明文消息的转换;然后描述了分圆多项式f(X)的选取规则,给出了适合LowMC加密算法的f(X)的条件;接着分析了简化LowMC的同态噪声;最后对一般情况下的LowMC进行同态噪声评估。结果表明,LowMC轮函数所消耗的电路层数大约为两层。相较于目前常用的AES和BGV结合的方案,LowMC与BGV结合的方案噪声更小,即消耗的电路的层数更少,成本更低,更适合构造基于全同态的云服务器;此外用户可以自主选择LowMC的参数集( n ˜,k,m,d),可以满足用户的不同需求,适用范围更广。

关键词: 同态噪声评估, 敏感数据, LowMC, BGV, 编码和解码

Abstract:

The ciphertext computing characteristics of full homomorphic encryption technology can effectively protect users' sensitive data on the Internet,but the problem of ciphertext inflation in this technology is a difficulty that restricts its practical application in fields such as cloud computing and privacy protection.In response to the above issues,this article proposes a hybrid homomorphic encryption scheme FHE-LowMC,which combines the LowMC symmetric encryption algorithm with the BGV homomorphic encryption algorithm to analyze the homomorphic noise of LowMC in the BGV homomorphic encryption environment.First,a method for encoding the LowMC plaintext into integer coefficient polynomials is proposed,which utilizes encoding and decoding to complete the conversion of plaintext messages in different spaces.Then,the selection rules for the cyclotomic polynomial f(X) is described,with the conditions f(X) suitable for the LowMC encryption algorithm given.Afterwards,the homomorphic noise of the simplified LowMC is analyzed.Finally,homomorphic noise evaluation is performed on LowMC under general conditions.The results show that the number of circuit layers consumed by the LowMC round function is about two.Compared with the currently commonly used AES and BGV combination scheme,the scheme combining LowMC and BGV has a lower noise,which means it consumes fewer layers of circuits and has lower costs,making it more suitable for constructing cloud servers based on homomorphisms.In addition,users can independently select the parameter set( n ˜,k,m,d)of LowMC,which meets the different needs of users and has a wider scope of application.

Key words: homomorphic noise evaluation, sensitive data, LowMC, BGV, encoding and decoding

中图分类号: 

  • TN918.4