返回
Lecture 22 Homomorphic Encryption 4

Lecture 22 Homomorphic Encryption 4

ID:41190688

大小:279.21 KB

页数:7页

时间:2019-08-18

Lecture 22 Homomorphic Encryption 4_第1页
Lecture 22 Homomorphic Encryption 4_第2页
Lecture 22 Homomorphic Encryption 4_第3页
Lecture 22 Homomorphic Encryption 4_第4页
Lecture 22 Homomorphic Encryption 4_第5页
资源描述:

《Lecture 22 Homomorphic Encryption 4》由会员上传分享,免费在线阅读,更多相关内容在学术论文-天天文库

1、Lecture22

2、HomomorphicEncryption4:Constructionoffullyhomomorphicencryption.BoazBarakApril21,2010Reviewofmildlyhomomorphicscheme(Recallthatbxedenotestheintegerclosesttox,breakingties,say,downwards.)AssumptionWe'llmakethefollowinglearningdivisorwithnoise"assumptio

3、n:LDNAssump-tion:letParandomnbitprime,Rarandomn4bitprime,andletN=PR.Adistin-guisherthatisgivenNandX1;:::;Xpoly(n)cannotdistinguishbetweencase(I)Xi'sarechosenindependentlyatrandomfrom[N],and(II)Xi=PQi+2Ei(modN)whereQiischosenindependentlyatrandomfrom[R]andEiischo

4、senindependentlyatrandomfrom[2n0:1;+2n0:1].Note:FollowingSushant'ssuggestion,IchangedtheLDNassumptionsothatNisanexactmultipleofP.Thismakesreducingciphertextsizemucheasier,sincenowreducingmoduloNdoesn'tintroduceanyadditionalnoise(canyouseewhy?).Ialsochangedthepa

5、rametersabit(setNtohaven5bitsratherthan100n),sincethereareinfactsomeattacksifNisnotbigenough.Thismakesnodi erenceinanythingwediscussedlasttime.Addingthe(modN)incase(II)doesnotmakeanydi erenceaswith1negl(n)probabilityXiwillbeanumberbetween1andN

6、it'sjustabitclean

7、erthisway.Revisionoflastlecture'sscheme:Belowisaslightvariantoftheprivatekeymildlyhomomor-phicschemeweshowedonMonday.AsImentionedinclassandyou'llshowinanexercise,afullyhomomorphicprivatekeyencryptionimpliesafullyhomomorphicpublickeyencryption,sooncewegetafullyho

8、momorphicencryptionwe'llbe ne.KeyWechoosePtobearandomnbitprime,andRtobearandomn4bitprime,N=PQ.WekeepPsecret,andcanpublishNasapublicparameter.(OnecanalsothinkofNasbeingconcatenatedtoeveryencryption.)EncryptionEncE(b)denotesencryptionofbwithkeyPandnoiseparameterE.

9、It'sde nedPasfollows:chooseQR[N=P]andEpR[E;+E],andoutputX=QP+2E+b(modN).WesettheparameterEtobe2n.DecryptionTodecryptX,outputXbX=PeP(mod2).11Thisisaclosevarianttothedecryptionalgorithmofoutputting(X+2bP=4c(modP))(mod2)IshowedlasttimesinceXbX=PePisthesameasXbX

10、=P+0:5cP,whichinourcase(whereX=Pisveryclosetoaninteger)equalsX+2bP=4c(modP)uptoanevennumber.1pSecurityandcorrectnessofschemeThechoice2nfortheparameterEmakestheschemeb

当前文档最多预览五页,下载文档查看全文

此文档下载收益归作者所有

当前文档最多预览五页,下载文档查看全文
温馨提示:
1. 部分包含数学公式或PPT动画的文件,查看预览时可能会显示错乱或异常,文件下载后无此问题,请放心下载。
2. 本文档由用户上传,版权归属用户,天天文库负责整理代发布。如果您对本文档版权有争议请及时联系客服。
3. 下载前请仔细阅读文档内容,确认文档内容符合您的需求后进行下载,若出现内容与标题不符可向本站投诉处理。
4. 下载文档时可能由于网络波动等原因无法下载或下载错误,付费完成后未能成功下载的用户请联系客服处理。