基于多比特全同态加密的安全多方计算

本文中,我们首先证明了李增鹏等人提出的多比特多密钥全同态加密方案(MFHE)满足密钥同态性质,利用此性质,可以通过门限解密得到最终解密结果.使用该方案,我们设计了一个在CRS模型下和半恶意攻击者模型下安全的三轮多方计算协议(MPC).该安全多方计算协议的安全性是基于容错学习问题(LWE)的两个变种问题Ferr-LWE和...

Secure Multi-Party Computation Based on Multi-Bit Fully Homomorphic Encryption

In this paper,we study secure multi-party computation based on multi-bit fully homomorphic encryption.In the previous work,a lot of research has been done on the secure multi-party computing protocol based on single-bit full homomorphic encryption.Although this protocol can be naturally extended to multi-bit version,it needs to be encrypted repeatedly,which greatly reduces efficiency.On the other hand,we know that in the full homomorphic encryption schemes based on ring-LWE such as BGV,multi-bits can be encrypted simultaneously by using the Chinese remainder theorem,namely SIMD operation.However,in those schemes,the dimension of ciphertext expands too fast,so the evaluated key is needed to perform re-linearization to reduce the dimension of ciphertext.Therefore,we choose GSW full homomorphic encryption scheme as the basis to build a secure multi-party computation protocol.In 2017,Li et al.used dual LWE to convert GSW full homomorphic encryption into multi-bit version,which could encrypt t bits at the same time.Based on this scheme,we construct a three-round secure multiparty computation.We first prove that the multi bit multi key fully homomorphic encryption scheme(MFHE) satisfies the key homomorphic property,because in the public key generation phase,each party uses a common random matrix.With this property,the final decryption result can be obtained by threshold decryption,namely each participant can use its own private key to decrypt the evaluated ciphertext.In combination with the partial decryption of all parties,the plaintext data can be recovered.Using this scheme,we design a three-round secure multi-party computation protocol(MPC) in the CRS model and semi-malicious adversary model.The number of rounds of three is optimal,because at the ciphertext generation stage,each participant needs at least one round to encrypt the private message using the public key of all to be calculated as the joint public key.Then,in the second round,each party publishes the ciphertext that encrypts its own private data to calculate evaluated ciphertext,and in the last round,all parties publish their own partial decryption to reconstruct the final message.We compare it with the existing secure multi-party computation protocol based on GSW full homomorphic encryption scheme,because we can encrypt multiple bits at the same time,so the efficiency is the highest.The security of the secure multi-party computing protocol is based on the variants of the Learning with Errors Problem(LWE) called Ferr-LWE and Some-are-errorless.LWE problem,the difficulty is the same as solving the LWE problem.We can use ideal vs real models to prove this,namely using a simulator to simulate the input of the honest party,and finally a series of hybrid games are defined to prove that the ideal and the real are computation indistinguishable,which is hold when there is only one honest party,also we can prove the security against those who corrupt the arbitrary number of parties using only pseudorandom functions.On the other hand,based on non-interactive zero knowledge proof,we can transform the Three-round secure multiparty computation protocol under the semi-malicious adversary model into the Three-round secure multiparty computation protocol under the malicious model.