摘要
为了保证全同态加密的安全使用,以及衡量分析全同态加密方案的效率,提出一个计算分析LWE上全同态加密具体安全参数的通用方法,该方法同样适用于环LWE上的全同态加密.该方法分为两步:第一步,根据同态计算的电路深度L,以及全同态加密方案解密正确性条件与噪音增长关系,计算出所需的模q;第二步,在给定安全等级下,我们引入了敌手的优势,根据区分攻击获得LWE问题维数n与模q之间的函数关系,计算出满足第一步中模q的最小维数n.从而分析计算出全同态加密的具体安全参数.该方法具有模块化特征,可以根据最新的格密码攻击进展替换相应的内容,从而获得最新的全同态加密具体安全参数.最后利用提出的方法对两个全同态加密的代表方案进行了具体安全参数的分析与比较,这也是首次给出这两个方案的具体安全参数.数据显示目前LWE上的全同态加密参数尺寸过大,与实际应用还有距离.
In order to ensure the security of fully homomorphic encryption (FHE) and analyze the efficiency of fully homomorphic encryption, we present a general method to estimate the concert security parameters of fully homomorphic encryption scheme based on learning with errors problem (LWE). Note that this method is also applicable to the FHE on the ring LWE. The proposed method has two steps. In the first step, according to the circuit depthL, the modulusq can be estimated by the condition of correct decryption among noise growth. In the second step, we introduce the advantage of adversary. Given the security level, the minimal dimensionn can be derived from modulusq according to the distinguishing attack. Thus the concert security parameters of a fully homomorphic encryption scheme are obtained. The proposed method has the feature of modularization. We obtain the new concert security parameters of a fully homomorphic encryption scheme by replacing the old lattice attack with the new one. We use the method to analyze the concert security parameters of two fully homomorphic encryption schemes. The results show that the size of the concert security parameters is large, which means that fully homomorphic encryption scheme on learning with errors problem cannot be used in practical applications.
出处
《密码学报》
CSCD
2016年第5期-,共12页
Journal of Cryptologic Research
基金
浙江省自然科学基金资助(LY17F020002)
NSFC-浙江两化融合联合基金(U1509219)
密码科学技术国家重点实验室开放课题
宁波市自然科学基金(2016A610226)
关键词
全同态加密
具体安全参数
区分攻击
学习错误问题
fully homomorphic encryption
concert security parameters
distinguishing attack
learning with errors problem