基于Kyber的小数加法同态密码体制的研究

Research on Decimal Addition Homomorphic Cryptosystem Based on Kyber

在云端数据存储中普遍存在隐私泄露问题,确保用户云端数据安全性已成为密码学领域的热点。结合同态加密技术,可以有效实现这一目标。目前大多数同态加密算法都是基于格上LWE和RLWE问题构建,出于两者效率和安全方面的考虑,研究者进一步提出了MLWE问题,其成为了Kyber公钥密码体制的重要理论基础,部分学者对该算法明文域进行了扩展,但未考虑其同态加密性质。该文首先对扩展明文域后的Kyber公钥密码算法做了充分研究,为了使其获得同态特性,采用了一种新型编码方法,使其能够在整数域上正确进行加法同态运算;其次,在整数加法同态的基础上,进行了有限小数到整数的编码,将明文域扩展到有限小数域,使其能够在有限小数域上正确进行加法同态运算;最后,在算法实现部分,该同态加密方案支持无限次加法同态操作,可进行加法同态运算的小数位数为lg(2^(1792)-1)位。另外,还进一步结合SIMD编码,将方案可加密解密的小数位数扩展到2^(30)位。通过安全性分析,在MLWE问题的安全性假设下,可证明该方案是IND-CPA安全的。

Privacy leakage is common in cloud data storage,and ensuring the security of users' cloud data has become a hot topic in the field of cryptography.Combined with homomorphic encryption,this goal can be effectively realized.Most of the current homomorphic encryption algorithms are constructed based on the LWE and RLWE problems on the lattice.For both efficiency and security considerations,researchers further proposed the MLWE problem,which became an important theoretical basis for the Kyber public key cryptography system,some scholars extended the plaintext domain of the algorithm,but did not take into account its homomorphic encryption nature.Firstly,we fully study the Kyber public key cryptographic algorithm after extending the plaintext domain.In order to obtain the homomorphic property,a new coding method is adopted,so that it can correctly perform the additive homomorphic operation on the integer domain.Secondly,on the basis of integer additive homomorphism,the coding of finite decimals to integer is carried out,and the plaintext domain is extended to a finite decimals domain,so that it can correctly carry out additive homomorphism on the finite decimals domain.Finally,in the algorithm implementation part,the proposed homomorphic encryption scheme supports unlimited additive homomorphic operations,and the number of decimal places for which additive homomorphic operations can be performed is lg(2~(1792)-1) bits.In addition,we further incorporate SIMD coding to extend the number of decimal digits that can be encrypted and decrypted by the scheme to 2~(30) digits.Through the security analysis,under the security assumption of the MLWE problem,it can be proved that the proposed scheme is IND-CPA secure.