具有短密文的多身份全同态加密构造框架

A Framework of Multi-id Identity-based Fully Homomorphic Encryption with Short Ciphertexts

类似于多密钥全同态加密(Multi-key Fully Homomorphic Encryption, MFHE),多身份全同态加密(Multi-id Identity-based FullyHomomorphicEncryption,MIBFHE)允许对不同用户的密文进行关于任意函数的同态计算,且后者因具有加密密钥易获取、密钥托管和密钥撤销易实现等特点,具有更深远的应用前景。Canetti等人在PKC 2017上给出了一个框架,可将身份加密方案(Identity-based Encryption,IBE)和MFHE方案转换成MIBFHE方案。若用基于DLWE假设的IBE方案和Brakerski与Perlman的全动态(1)MFHE方案(以下简称BP方案),可得到全动态的MIBFHE方案,但密文规模较大,为O(n^5log^5q),这里n, q是DLWE假设的参数,且紧致性相比于MFHE方案变弱。因密文规模是影响通信效率的主要因素,本文构造了一个密文规模较小和紧致性较强的MIBFHE方案框架,且仅用了MFHE这一个构件,然后用BP方案去实例化,得到了全动态的、选择性安全的MIBFHE方案,其密文规模为O(nlogq).

Similar to Multi-key Fully Homomorphic Encryption（MFHE）, Multi-id Identity-based Fully Homomorphic Encryption（MIBFHE） allows to homomorphically compute on ciphertexts under different users for any computable functions. And MIBFHE may be more useful in practice since it has advantages including that encryption keys are easy to obtain, for the sender, from system parameters and some unique information of the receiver＇s identity, and that key escrow and key revocation are easily achievable. Canetti et al., at PKC 2017, proposed a framework of transforming identity-based encryption（IBE） schemes and MFHE schemes into MIBFHE schemes. If we exploit a DLWE-based IBE scheme and Brakerski and Perlman＇s MFHE scheme（abbr. BP scheme）, we will obtain a fully dynamic MIBFHE scheme with ciphertext size O（n^5log^5q）, where n, q are proper parameters for DLWE assumption. And additionally, the compactness of MIBFHE is weaker than that of MFHE. In this paper, we only exploit MFHE to construct a MIBFHE framework with smaller ciphertexts and stronger compactness. And then we initiate it with the BP scheme to obtain a fully dynamic and selective secure MIBFHE scheme, whose ciphertext size is O（nlogq）.