Zhou et al give an attack on Ham's modified authenticated multi-key agreement protocol, and give a protocol that can prevent the unknown key-share attack. The paper points out that the protocol is vulnerable to a con...Zhou et al give an attack on Ham's modified authenticated multi-key agreement protocol, and give a protocol that can prevent the unknown key-share attack. The paper points out that the protocol is vulnerable to a concatenation attack. This paper proposes an improved authenticated multi-key agreement protocol which shows how to make Harn's protocol more secure by modifying the signature and verification. And this protocol can escape the concatenation attack.展开更多
Outsourcing the k-Nearest Neighbor(kNN)classifier to the cloud is useful,yet it will lead to serious privacy leakage due to sensitive outsourced data and models.In this paper,we design,implement and evaluate a new sys...Outsourcing the k-Nearest Neighbor(kNN)classifier to the cloud is useful,yet it will lead to serious privacy leakage due to sensitive outsourced data and models.In this paper,we design,implement and evaluate a new system employing an outsourced privacy-preserving kNN Classifier Model based on Multi-Key Homomorphic Encryption(kNNCM-MKHE).We firstly propose a security protocol based on Multi-key Brakerski-Gentry-Vaikuntanathan(BGV)for collaborative evaluation of the kNN classifier provided by multiple model owners.Analyze the operations of kNN and extract basic operations,such as addition,multiplication,and comparison.It supports the computation of encrypted data with different public keys.At the same time,we further design a new scheme that outsources evaluation works to a third-party evaluator who should not have access to the models and data.In the evaluation process,each model owner encrypts the model and uploads the encrypted models to the evaluator.After receiving encrypted the kNN classifier and the user’s inputs,the evaluator calculated the aggregated results.The evaluator will perform a secure computing protocol to aggregate the number of each class label.Then,it sends the class labels with their associated counts to the user.Each model owner and user encrypt the result together.No information will be disclosed to the evaluator.The experimental results show that our new system can securely allow multiple model owners to delegate the evaluation of kNN classifier.展开更多
The Multi-Key Fully Homomorphic Encryption (MKFHE) based on the NTRU cryptosystem is an important alternative to the post-quantum cryptography due to its simple scheme form,high efficiency,and fewer ciphertexts and ke...The Multi-Key Fully Homomorphic Encryption (MKFHE) based on the NTRU cryptosystem is an important alternative to the post-quantum cryptography due to its simple scheme form,high efficiency,and fewer ciphertexts and keys.In 2012,Lopez-Alt et al.proposed the first NTRU-type MKFHE scheme,the LTV12 scheme,using the key-switching and modulus-reduction techniques,whose security relies on two assumptions:the Ring Learning With Error (RLWE) assumption and the Decisional Small Polynomial Ratio (DSPR) assumption.However,the LTV12and subsequent NTRU-type schemes are restricted to the family of power-of-2 cyclotomic rings,which may affect the security in the case of subfield attacks.Moreover,the key-switching technique of the LTV12 scheme requires a circular application of evaluation keys,which causes rapid growth of the error and thus affects the circuit depth.In this paper,an NTRU-type MKFHE scheme over prime cyclotomic rings without key-switching is proposed,which has the potential to resist the subfield attack and decrease the error exponentially during the homomorphic evaluating process.First,based on the RLWE and DSPR assumptions over the prime cyclotomic rings,a detailed analysis of the factors affecting the error during the homomorphic evaluations in the LTV12 scheme is provided.Next,a Low Bit Discarded&Dimension Expansion of Ciphertexts (LBD&DEC) technique is proposed,and the inherent homomorphic multiplication decryption structure of the NTRU is proposed,which can eliminate the key-switching operation in the LTV12 scheme.Finally,a leveled NTRU-type MKFHE scheme is developed using the LBD&DEC and modulus-reduction techniques.The analysis shows that the proposed scheme compared to the LTV12 scheme can decrease the magnitude of the error exponentially and minimize the dimension of ciphertexts.展开更多
López-Alt et al.(STOC12)put forward a primitive called multi-key fully homomorphic encryption(MKFHE),in which each involved party encrypts their own data using keys that are independently and randomly chosen wher...López-Alt et al.(STOC12)put forward a primitive called multi-key fully homomorphic encryption(MKFHE),in which each involved party encrypts their own data using keys that are independently and randomly chosen whereby arbitrary computations can be performed on these encrypted data by a final collector.Subsequently,several superior schemes based on the standard assumption(LWE)were proposed.Most of these schemes were constructed by expanding a fresh GSW-ciphertext or BGV-ciphertext under a single key to a new same-type ciphertext of the same message under a combination of associated parties’keys.Therefore,the new ciphertext’s size grew more or less linearly with an increase in the number of parties.In this paper,we proposed a novel and simple scheme of MKFHE based on LWE without increasing the size of the ciphertext in the two non-collusion server model.In other words,each party first independently shares their own data between two servers and each server only needs a one-round communication with another to construct a ciphertext of the same plaintext under a sum of associated parties’keys.Our new ciphertext under multiple keys has the same size as that of the original one with only one-round communication between two servers.The communication complexity is O(kmlogq)-bit,where k is the number of input ciphertexts involved,m is the size of a GSW-ciphertext and q is a modulus.In conclusion,we proved that our scheme is CPA-secure against semi-honest adversaries.展开更多
Genes have great significance for the prevention and treatment of some diseases.A vital consideration is the need to find a way to locate pathogenic genes by analyzing the genetic data obtained from different medical ...Genes have great significance for the prevention and treatment of some diseases.A vital consideration is the need to find a way to locate pathogenic genes by analyzing the genetic data obtained from different medical institutions while protecting the privacy of patients’genetic data.In this paper,we present a secure scheme for locating disease-causing genes based on Multi-Key Homomorphic Encryption(MKHE),which reduces the risk of leaking genetic data.First,we combine MKHE with a frequency-based pathogenic gene location function.The medical institutions use MKHE to encrypt their genetic data.The cloud then homomorphically evaluates specific gene-locating circuits on the encrypted genetic data.Second,whereas most location circuits are designed only for locating monogenic diseases,we propose two location circuits(TH-intersection and Top-q)that can locate the disease-causing genes of polygenic diseases.Third,we construct a directed decryption protocol in which the users involved in the homomorphic evaluation can appoint a target user who can obtain the final decryption result.Our experimental results show that compared to the JWB+17 scheme published in the journal Science,our scheme can be used to diagnose polygenic diseases,and the participants only need to upload their encrypted genetic data once,which reduces the communication traffic by a few hundred-fold.展开更多
In this paper we introduce an architecture for a multi-key pirate decoder which employs decryption keys from multiple traitors. The decoder has built-in monitoring and self protection functionalities and is capable of...In this paper we introduce an architecture for a multi-key pirate decoder which employs decryption keys from multiple traitors. The decoder has built-in monitoring and self protection functionalities and is capable of defeating most multiple-round based traitor tracing schemes such as the schemes based on the black-box confirmation method. In particular, the proposed pirate decoder is customized to defeat the private key and the public key fully collusion resistant traitor tracing (FTT) schemes, respectively. We show how the decoder prolongs a trace process so that the tracer has to give up his effort. FTT schemes are designed to identify all the traitors. We show that decoder enables the FTT schemes to identify at most 1 traitors. Finally, assuming the decoder is embedded with several bytes of memory, we demonstrate how the decoder is able to frame innocent users at will.展开更多
As an emerging joint learning model,federated learning is a promising way to combine model parameters of different users for training and inference without collecting users’original data.However,a practical and effic...As an emerging joint learning model,federated learning is a promising way to combine model parameters of different users for training and inference without collecting users’original data.However,a practical and efficient solution has not been established in previous work due to the absence of efficient matrix computation and cryptography schemes in the privacy-preserving federated learning model,especially in partially homomorphic cryptosystems.In this paper,we propose a Practical and Efficient Privacy-preserving Federated Learning(PEPFL)framework.First,we present a lifted distributed ElGamal cryptosystem for federated learning,which can solve the multi-key problem in federated learning.Secondly,we develop a Practical Partially Single Instruction Multiple Data(PSIMD)parallelism scheme that can encode a plaintext matrix into single plaintext for encryption,improving the encryption efficiency and reducing the communication cost in partially homomorphic cryptosystem.In addition,based on the Convolutional Neural Network(CNN)and the designed cryptosystem,a novel privacy-preserving federated learning framework is designed by using Momentum Gradient Descent(MGD).Finally,we evaluate the security and performance of PEPFL.The experiment results demonstrate that the scheme is practicable,effective,and secure with low communication and computation costs.展开更多
A new era of data access and management has begun with the use of cloud computing in the healthcare industry.Despite the efficiency and scalability that the cloud provides, the security of private patient data is stil...A new era of data access and management has begun with the use of cloud computing in the healthcare industry.Despite the efficiency and scalability that the cloud provides, the security of private patient data is still a majorconcern. Encryption, network security, and adherence to data protection laws are key to ensuring the confidentialityand integrity of healthcare data in the cloud. The computational overhead of encryption technologies could leadto delays in data access and processing rates. To address these challenges, we introduced the Enhanced ParallelMulti-Key Encryption Algorithm (EPM-KEA), aiming to bolster healthcare data security and facilitate the securestorage of critical patient records in the cloud. The data was gathered from two categories Authorization forHospital Admission (AIH) and Authorization for High Complexity Operations.We use Z-score normalization forpreprocessing. The primary goal of implementing encryption techniques is to secure and store massive amountsof data on the cloud. It is feasible that cloud storage alternatives for protecting healthcare data will become morewidely available if security issues can be successfully fixed. As a result of our analysis using specific parametersincluding Execution time (42%), Encryption time (45%), Decryption time (40%), Security level (97%), and Energyconsumption (53%), the system demonstrated favorable performance when compared to the traditional method.This suggests that by addressing these security concerns, there is the potential for broader accessibility to cloudstorage solutions for safeguarding healthcare data.展开更多
The construction of the tweakable Even-Mansour cipher is in fact the designs of permutations,mask operations,and masking functions.For information-theoretic security,permutations are usually taken as random permutatio...The construction of the tweakable Even-Mansour cipher is in fact the designs of permutations,mask operations,and masking functions.For information-theoretic security,permutations are usually taken as random permutations.This paper focuses on the mask operations and masking functions to construct a universal tweakable Even-Mansour cipher.Firstly,we describe a formal definition of a universal masking function and provide a universal tweakable Even-Mansour cipher UTEM.In the random permutation model,we prove that UTEM is multi-key secure by H-coefficients technique.Then we show some efficient instantiations of the universal masking function to concertize UTEM.Finally,we apply UTEM to an encryption mode TIE(tweak incrementation encryption)and an authenticated encryption mode IAPM(integrity aware parallelizable mode),present two new schemes TIE-plus and IAPM-plus,and prove their security.UTEM enriches tweakable blockciphers,brings more research topics,and plays an important role in modes of operation,which will be of great significance.展开更多
基金Supported by the National Natural Science Foun-dation of China(60373059) the National Research Foundationfor theDoctoral Programof Higher Education of China(20040013007) the Major Research Plan of the National Natural Science Foundation ofChina(90604023)
文摘Zhou et al give an attack on Ham's modified authenticated multi-key agreement protocol, and give a protocol that can prevent the unknown key-share attack. The paper points out that the protocol is vulnerable to a concatenation attack. This paper proposes an improved authenticated multi-key agreement protocol which shows how to make Harn's protocol more secure by modifying the signature and verification. And this protocol can escape the concatenation attack.
基金supported in part by the National Natural Science Foundation of China under Grant No.61872069in part by the Fundamental Research Funds for the Central Universities under Grant N2017012.
文摘Outsourcing the k-Nearest Neighbor(kNN)classifier to the cloud is useful,yet it will lead to serious privacy leakage due to sensitive outsourced data and models.In this paper,we design,implement and evaluate a new system employing an outsourced privacy-preserving kNN Classifier Model based on Multi-Key Homomorphic Encryption(kNNCM-MKHE).We firstly propose a security protocol based on Multi-key Brakerski-Gentry-Vaikuntanathan(BGV)for collaborative evaluation of the kNN classifier provided by multiple model owners.Analyze the operations of kNN and extract basic operations,such as addition,multiplication,and comparison.It supports the computation of encrypted data with different public keys.At the same time,we further design a new scheme that outsources evaluation works to a third-party evaluator who should not have access to the models and data.In the evaluation process,each model owner encrypts the model and uploads the encrypted models to the evaluator.After receiving encrypted the kNN classifier and the user’s inputs,the evaluator calculated the aggregated results.The evaluator will perform a secure computing protocol to aggregate the number of each class label.Then,it sends the class labels with their associated counts to the user.Each model owner and user encrypt the result together.No information will be disclosed to the evaluator.The experimental results show that our new system can securely allow multiple model owners to delegate the evaluation of kNN classifier.
基金supported by the National Key R&D Program of China(No.2017YFB0802000)the National Natural Science Foundation of China(Nos.U1636114 and 61872289)National Cryptography Development Fund of China(No.MMJJ20170112)。
文摘The Multi-Key Fully Homomorphic Encryption (MKFHE) based on the NTRU cryptosystem is an important alternative to the post-quantum cryptography due to its simple scheme form,high efficiency,and fewer ciphertexts and keys.In 2012,Lopez-Alt et al.proposed the first NTRU-type MKFHE scheme,the LTV12 scheme,using the key-switching and modulus-reduction techniques,whose security relies on two assumptions:the Ring Learning With Error (RLWE) assumption and the Decisional Small Polynomial Ratio (DSPR) assumption.However,the LTV12and subsequent NTRU-type schemes are restricted to the family of power-of-2 cyclotomic rings,which may affect the security in the case of subfield attacks.Moreover,the key-switching technique of the LTV12 scheme requires a circular application of evaluation keys,which causes rapid growth of the error and thus affects the circuit depth.In this paper,an NTRU-type MKFHE scheme over prime cyclotomic rings without key-switching is proposed,which has the potential to resist the subfield attack and decrease the error exponentially during the homomorphic evaluating process.First,based on the RLWE and DSPR assumptions over the prime cyclotomic rings,a detailed analysis of the factors affecting the error during the homomorphic evaluations in the LTV12 scheme is provided.Next,a Low Bit Discarded&Dimension Expansion of Ciphertexts (LBD&DEC) technique is proposed,and the inherent homomorphic multiplication decryption structure of the NTRU is proposed,which can eliminate the key-switching operation in the LTV12 scheme.Finally,a leveled NTRU-type MKFHE scheme is developed using the LBD&DEC and modulus-reduction techniques.The analysis shows that the proposed scheme compared to the LTV12 scheme can decrease the magnitude of the error exponentially and minimize the dimension of ciphertexts.
文摘López-Alt et al.(STOC12)put forward a primitive called multi-key fully homomorphic encryption(MKFHE),in which each involved party encrypts their own data using keys that are independently and randomly chosen whereby arbitrary computations can be performed on these encrypted data by a final collector.Subsequently,several superior schemes based on the standard assumption(LWE)were proposed.Most of these schemes were constructed by expanding a fresh GSW-ciphertext or BGV-ciphertext under a single key to a new same-type ciphertext of the same message under a combination of associated parties’keys.Therefore,the new ciphertext’s size grew more or less linearly with an increase in the number of parties.In this paper,we proposed a novel and simple scheme of MKFHE based on LWE without increasing the size of the ciphertext in the two non-collusion server model.In other words,each party first independently shares their own data between two servers and each server only needs a one-round communication with another to construct a ciphertext of the same plaintext under a sum of associated parties’keys.Our new ciphertext under multiple keys has the same size as that of the original one with only one-round communication between two servers.The communication complexity is O(kmlogq)-bit,where k is the number of input ciphertexts involved,m is the size of a GSW-ciphertext and q is a modulus.In conclusion,we proved that our scheme is CPA-secure against semi-honest adversaries.
基金supported by the National Key R&D Program of China(No.2017YFB0802000)the Innovative Research Team in Engineering University of PAP(No.KYTD201805)+2 种基金the National Natural Science Foundation of China(No.61872384)the Natural Science Basic Research Plan in Shaanxi Province of China(No.2020JQ-492)the Fundamental Research Project of Engineering University of PAP(Nos.WJY201910,WJY201914,and WJY201912)。
文摘Genes have great significance for the prevention and treatment of some diseases.A vital consideration is the need to find a way to locate pathogenic genes by analyzing the genetic data obtained from different medical institutions while protecting the privacy of patients’genetic data.In this paper,we present a secure scheme for locating disease-causing genes based on Multi-Key Homomorphic Encryption(MKHE),which reduces the risk of leaking genetic data.First,we combine MKHE with a frequency-based pathogenic gene location function.The medical institutions use MKHE to encrypt their genetic data.The cloud then homomorphically evaluates specific gene-locating circuits on the encrypted genetic data.Second,whereas most location circuits are designed only for locating monogenic diseases,we propose two location circuits(TH-intersection and Top-q)that can locate the disease-causing genes of polygenic diseases.Third,we construct a directed decryption protocol in which the users involved in the homomorphic evaluation can appoint a target user who can obtain the final decryption result.Our experimental results show that compared to the JWB+17 scheme published in the journal Science,our scheme can be used to diagnose polygenic diseases,and the participants only need to upload their encrypted genetic data once,which reduces the communication traffic by a few hundred-fold.
文摘In this paper we introduce an architecture for a multi-key pirate decoder which employs decryption keys from multiple traitors. The decoder has built-in monitoring and self protection functionalities and is capable of defeating most multiple-round based traitor tracing schemes such as the schemes based on the black-box confirmation method. In particular, the proposed pirate decoder is customized to defeat the private key and the public key fully collusion resistant traitor tracing (FTT) schemes, respectively. We show how the decoder prolongs a trace process so that the tracer has to give up his effort. FTT schemes are designed to identify all the traitors. We show that decoder enables the FTT schemes to identify at most 1 traitors. Finally, assuming the decoder is embedded with several bytes of memory, we demonstrate how the decoder is able to frame innocent users at will.
基金supported by the National Natural Science Foundation of China under Grant No.U19B2021the Key Research and Development Program of Shaanxi under Grant No.2020ZDLGY08-04+1 种基金the Key Technologies R&D Program of He’nan Province under Grant No.212102210084the Innovation Scientists and Technicians Troop Construction Projects of Henan Province.
文摘As an emerging joint learning model,federated learning is a promising way to combine model parameters of different users for training and inference without collecting users’original data.However,a practical and efficient solution has not been established in previous work due to the absence of efficient matrix computation and cryptography schemes in the privacy-preserving federated learning model,especially in partially homomorphic cryptosystems.In this paper,we propose a Practical and Efficient Privacy-preserving Federated Learning(PEPFL)framework.First,we present a lifted distributed ElGamal cryptosystem for federated learning,which can solve the multi-key problem in federated learning.Secondly,we develop a Practical Partially Single Instruction Multiple Data(PSIMD)parallelism scheme that can encode a plaintext matrix into single plaintext for encryption,improving the encryption efficiency and reducing the communication cost in partially homomorphic cryptosystem.In addition,based on the Convolutional Neural Network(CNN)and the designed cryptosystem,a novel privacy-preserving federated learning framework is designed by using Momentum Gradient Descent(MGD).Finally,we evaluate the security and performance of PEPFL.The experiment results demonstrate that the scheme is practicable,effective,and secure with low communication and computation costs.
文摘A new era of data access and management has begun with the use of cloud computing in the healthcare industry.Despite the efficiency and scalability that the cloud provides, the security of private patient data is still a majorconcern. Encryption, network security, and adherence to data protection laws are key to ensuring the confidentialityand integrity of healthcare data in the cloud. The computational overhead of encryption technologies could leadto delays in data access and processing rates. To address these challenges, we introduced the Enhanced ParallelMulti-Key Encryption Algorithm (EPM-KEA), aiming to bolster healthcare data security and facilitate the securestorage of critical patient records in the cloud. The data was gathered from two categories Authorization forHospital Admission (AIH) and Authorization for High Complexity Operations.We use Z-score normalization forpreprocessing. The primary goal of implementing encryption techniques is to secure and store massive amountsof data on the cloud. It is feasible that cloud storage alternatives for protecting healthcare data will become morewidely available if security issues can be successfully fixed. As a result of our analysis using specific parametersincluding Execution time (42%), Encryption time (45%), Decryption time (40%), Security level (97%), and Energyconsumption (53%), the system demonstrated favorable performance when compared to the traditional method.This suggests that by addressing these security concerns, there is the potential for broader accessibility to cloudstorage solutions for safeguarding healthcare data.
基金supported by the National Key Research and Development Program of China(2019YFB2101704)National Natural Science Foundation of China(Grant Nos.61902195 and 62102196)NUPTSF(NY219131).
文摘The construction of the tweakable Even-Mansour cipher is in fact the designs of permutations,mask operations,and masking functions.For information-theoretic security,permutations are usually taken as random permutations.This paper focuses on the mask operations and masking functions to construct a universal tweakable Even-Mansour cipher.Firstly,we describe a formal definition of a universal masking function and provide a universal tweakable Even-Mansour cipher UTEM.In the random permutation model,we prove that UTEM is multi-key secure by H-coefficients technique.Then we show some efficient instantiations of the universal masking function to concertize UTEM.Finally,we apply UTEM to an encryption mode TIE(tweak incrementation encryption)and an authenticated encryption mode IAPM(integrity aware parallelizable mode),present two new schemes TIE-plus and IAPM-plus,and prove their security.UTEM enriches tweakable blockciphers,brings more research topics,and plays an important role in modes of operation,which will be of great significance.
