Original Research Paper
Fully homomorphic encryption scheme on a ring R
Aziz Boulbot, Abdelhakim Chillali and Ali Mouhib
Sidi Mohamed Ben Abdellah University, FP, LSI, Taza, Morocco
Article history
Received: 27-03-2017
Revised:
Accepted:
Corresponding Author:
Abdelhakim Chillali
Sidi Mohamed Ben Abdellah University, FP, LSI, Taza, Morocco
Email: chil2015@yahoo.fr Abstract: In this paper we introduce one of the most famous problems on a ring F_q [e] where e^3=e^2: Fully homomorphic encryption scheme. In particular we are interested in cryptography and encryption based on conjugal classical problem in F_q [e], (ESR(F_q [e])).
We study the problem of conjugal over this non commutative ring.
The problem as stated is generally impossible to solve. Next, we describe a new encryption scheme over a ring F_q [e] based on this problem.
This method of encryption is based on two difficult problems; Discrete logarithm problem and conjugal classical problem.
Keywords: Finite field, Finite ring, Local ring, Fully homomorphic cryptosystems, Cryptography
Introduction
The public key cryptography discovered by Diffie and Hellman (Diffie, 1976) in 1976, ensures the total confidentiality of digital data, nowadays it has become stronger and stronger, thanks to the Internet which is an indispensable part of our services Private and lives at work. For this, increasingly secure encryption systems have emerged in recent years, to ensure relevance in applications, such as virtual networks, electronic voting, online banking, and so on.
Homomorphic and fully homomorphic cryptographic systems are needed.
These fully homomorphic systems were introduced by Rivest, Adleman and Dertouzous in 1978. In their work they gave a method of allowing a third party, a party without trust, to carry out an in-depth calculation on the encrypted data without having to decrypt it. Unfortunately, shortly after its publication, major safety measures were found in the original schemes proposed by Rivest et al.
Work on fully homomorphic cryptosystems has begun.
The goal of these fully homomorphic cryptosystems is to ensure confidentiality, non-repudiation, data integrity in communication and storage processes, such as the ability to perform calculations in Unreliable output systems.
If an algebraic system is used whose user can solve a problem defined in this system and encrypt it in a problem in another different algebraic system, so that the decryption to the original algebraic system is difficult, the user could Encrypt expensive calculations and send them to the sender. This receiver then performs the corresponding calculation in the second algebraic system, returning the result to the user. Upon receiving the result, the user can decrypt it in a solution in the algebraic original system, while the unapproved part is always hidden.
Asked: “Is there an encryption function Enc() such that both Enc(x+y) and Enc(x.y) are easy to compute from Enc(x) and Enc(y)?”
Definition 1.1 A public-key encryption scheme E is a tuple, (K,E,D) of probabilistic polynomial-time algorithms
(1) The key generation algorithm K takes the security parameter k as input and outputs a pair of keys (pk,sk). I refer to the first of these as the public key and the second as the private key or secret key. I assume that pk and sk each have length at least k, and that k can be determined from pk,sk.
(2) The encryption algorithm E takes a public-key pk and a string m called the message from some underlying message space M as input. It produces a ciphertext c from an underlying ciphertext space C, denoted as c Encpk(m) or simple Enc(m), if it is obvious which public key is in use.
(3) The decryption algorithm D takes a private-key sk and a ciphertext c as input, and produces an output message m. Without loss of generality we assume that Decsk is deterministic, and write this as
m’= Decsk(c).
The Ring R=F_q [e] where e^3=e^2
Let F_q be a finite field of q elements, where q is a power of a prime number p greater than or equal to 5. Let R=F_q [e], where e^3=e^2. (Boulbot, 2016)
Let X=x_0+x_1 e+x_2 e^2 and Y=y_0+y_1 e+y_2 e^2 are two elements in R, on which two binary operations are defined, called addition and start, and denoted by :
‘(+:R”R&’&R@(X,Y)&’&X+Y)
‘(*:R”R&’&R@(X,Y)&’&X*Y)
such that :
X+Y=(x_0+y_0)+(x_1+y_1)e+(x_2+y_2)e^2 (1)
X*Y=x_0 y_0+(x_0 y_1+x_1 y_2)e+x_2 y_2 e^2 (2)
Lemma 2.1 (R,+,*) is a non commutative ring with identity 1_R=1+e^2.
Proof. (R,+,*) is called a non commutative ring with respect to these operations, if the following properties hold:
Associative laws: ‘ X,Y,Z’R,
(X+Y)+Z=X+(Y+Z)
(X*Y)*Z=X*(Y*Z)
Commutative law: ‘ X,Y’R,
X+Y=Y+X
A non commutative law: ‘ X,Y’R such that
X*Y’Y*X
Distributive laws: ‘ X,Y,Z’R,
(X+Y)*Z=X*Z+Y*Z
Z*(X+Y)=Z*X+Z*Y
Additive identity: ‘ X’R,
X+0=0+X=X
Start identity: ‘ X’R,
X*1_R=1_R*X=X,
1_R is called the start identity element of R.
Additive inverses: ‘ X’R,
X+(-X)=0 ;
-X is called the additive inverse of X.
Lemma 2.2 Let X=x_0+x_1 e+x_2 e^2’R .
X is invertible if only if x_0 x_2’0, in this case we have
X^(-1*)=1/x_0 -x_1/(x_0 x_2 ) e+1/x_2 e^2
Proof. We have
X*Y=x_0 y_0+(x_0 y_1+x_1 y_2)e+x_2 y_2 e^2 (3)
Y*X=x_0 y_0+(y_0 x_1+y_1 x_2)e+x_2 y_2 e^2 (4)
So,
X*Y=1+e^2 and Y*X=1+e^2 (*)
‘((*)&’&{‘(x_0 y_0=1@x_0 y_1+x_1 y_2=y_0 x_1+y_1 x_2=0@x_2 y_2=1)’@ &’&{‘(y_0=1/x_0 ,x_0’0 @y_1=-x_1/(x_0 x_2 ) @y_2=1/x_2 ,x_2’0 )’ )
Since, X^(-1*)=1/x_0 -x_1/(x_0 x_2 ) e+1/x_2 e^2
Lemma 2.3 Let n be a positive integer. Then if X=x_0+x_1 e+x_2 e^2 is any element of R. The n-power of X can be given by X^(*n)=y_0+y_1 e+y_2 e^2 where
y_0=’x_0’^n
y_1=x_1 ‘_(i+j=n-1)’x_0’^i ” x’_2’^j ‘
y_2=’x_2’^n
Proof. The last relation is true for n=1, since
X^(*1)=x_0+x_1 e+x_2 e^2
We assume that X^(*n)=y_0+y_1 e+y_2 e^2, for certain n’1 , where
y_0=’x_0’^n
y_1=x_1 ‘_(i+j=n-1)’x_0’^i ” x’_2’^j ‘
y_2=’x_2’^n
We have :
X^(*(n+1))=(y_0+y_1 e+y_2 e^2 )*(x_0+x_1 e+x_2 e^2)
So,
X^(*(n+1))=z_0+z_1 e+z_2 e^2
where
z_0=y_0.’x_0=x_0’^((n+1))
z_1=x_0 y_1+x_1 y_2=x_1 ‘_(i+j=n)’x_0’^i ” x’_2’^j ‘
z_2=y_2.x_2=’x_2’^((n+1))
Hence: let n be a positive integer,
X^(*n)=y_0+y_1 e+y_2 e^2, where
y_0=’x_0’^n
y_1=x_1 ‘_(i+j=n-1)’x_0’^i ” x’_2’^j ‘
y_2=’x_2’^n
Remark 2.4 (R,+,.) is a finite non local commutative ring
Definition 2.5 We define an elliptic Curve over the ring (R,+,.), as a curve in the projective space P^2 (R), which is given by the Weiersstrass equation :
Y^2 Z=X^3+AXZ^2+BZ^3,
Where the discriminant ‘ is invertible in R . (Tadmori, 2015), (Tadmori. Chillali, 2015) , (Silverman, 1985).
We denote this elliptic curve by : (Chillali, 2011)
E_(A,B) (R)
A fully homomorphic encryption scheme
Definition 3.1 A public-key encryption scheme E=(K,E,D) is homomorphic if for all k and all (pk,sk) output from k, it is possible to define groups (M,*), (C,’) so that:
The plaintext space M, and all ciphertexts output by Encpk are elements of C.
For any m_1,m_2’M and c_1,c_2’C with m_1= Decsk(c_1) and m_2 = Decsk(c_2) it
holds that:
Decsk(c_1 ‘c_2) = m_1*m_2
A fully homomorphic encryption scheme can be defined as a tuple of three algorithms E=(K,E,D) for which the message space is a ring (R,+,.) and the ciphertext space is also a ring (R’,’,’) such that for all messages m_1,m_2’R, and all outputs (pk,sk)’K, we have:
m_1+m_2 = Decsk(Encpk(m_1,pk) ‘Encpk(m_2,pk),sk)
m_1.m_2 = Decsk(Encpk(m_1,pk) ‘Encpk(m_2,pk),sk)
If E is a symmetric fully homomorphic encryption scheme, we will have a single key for encryption and decryption, so the role of pk will be played by sk.
A scheme is supposed to be somewhat homomorphic if it permits only a limited number of additions and multiplications.
Encryption Scheme over R
In this section, we provide a construct a new encryption scheme using the ring R.
ECC Key exchange protocol
Traditionally, secure encrypted communication between two parties required that they first exchange keys by some secure physical channel, such as paper key lists transported by a trusted courier. The Diffie’Hellman key exchange method allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure channel. This key can then be used to encrypt subsequent communications using a symmetric key cipher.
Steps in the algorithm:
1) Alice and Bob agree on a prime number p, a generator P of a known order subgroup of the elliptic curve E_(A,B) (R) and (a,b)’F_q”F_q.
2) Alice chooses a secret some large random integer t<ord(P), and sends tP to Bob.
3) Bob chooses a secret some large random integer l<ord(P), and sends lP to Alice.
4) Alice computes tlP.
5) Bob computes ltP.
If tlP=ltp=[k :r :1] and k is * invertible then the secret key between Alice and Bob is k else return (2)
Both Alice and Bob can use this number as their key.
Notice that p and P need not be protected.
Figure 1: Diffie-Hellman Key Exchange Protocol
Encryption and Decryption
The scheme is constructed using the commutative ring (F_q,+,.).
Public key (a,b)’F_q”F_q
The secret key consists of a start invertible element k’R.
To encrypt a message m’F_q, we compute the ciphertext Encpk(m) ‘F_q such that:
Encpk(m)=coeff(k*(a+me+be^2)*k^(-1*),e)
To decrypt a ciphertext c’F_q, we compute:
Decsk(c)=coeff'(k’^(-1*)*(a+ce+be^2 )*k,e)
This cryptosystem is a fully homomorphic encryption scheme because we have:
E_k (m_1 )+E_k (m_2 )= E_k (m_1+m_2 )
E_k (m_1 ).E_k (m_2 )=E_k (m_1.m_2 )
Remark 4.1 We have
Decsk’Encpk(m)=Encpk(m)
Comparison table
Table 1 summarizes the advantages of these schemes.
ECC ESR(F_q [e])
Based Problem DLP DLP+CCP
Table 1: Comparison
The capability of selectively sharing encrypted data with different users via public cloud storage may greatly ease. Any group of selected document shared with group of user’s demands different encryption key to be used for different documents.so large number of key uses for both encryption and search .and also submit large number of trapdoor to the cloud in order to perform search data over shared document. This leads to key management and storage problem. This practical problem can be addressed by using Key Based Encryption scheme. System play main three role user which is uploaded files and cloud service provider, third one is admin .user registered and added in group if group of user want to share files then encrypted before uploaded to cloud then aggregate key send to another group of user only authenticate user can decrypt files group of manager provide key to group of user then user can access files from cloud, search keyword using single trapdoor. System composed of seven polynomial algorithms for security. Parameter setup, key generation, encryption, key extraction, trapdoor generation, trapdoor adjustment, and trapdoor testing.
Security
Elliptic curve cryptography (ECC, see (Miller, 1985) and (Koblitz, 1987)) is a public key encryption technique based on elliptic curve theory that can be used to create faster, smaller, and more efficient cryptographic keys. ECC generates keys through the properties of the elliptic curve equation instead of the traditional method of generation as the product of very large prime numbers. The technology can be used in conjunction with most public key encryption methods, such as RSA, and Diffie-Hellman. According to some researchers, ECC can yield a level of security with a 164-bit key that other systems require a 1,024-bit key to achieve. Because ECC helps to establish equivalent security with lower computing power and battery resource usage, it is becoming widely used for mobile applications. ECC was developed by Certicom, a mobile e-business security provider, and was recently licensed by Hifn, a manufacturer of integrated circuitry (IC) and network security products. RSA has been developing its own version of ECC. Many manufacturers, including 3COM, Cylink, Motorola, Pitney Bowes, Siemens, TRW, and VeriFone have included support for ECC in their products.
Numerical Example
p = 12141680576410806693246636917646993166515042744075872007823 8275608681517825325531293
a=115792089237316195423570985008687907853269984665640564039457584007913129640233
b=948568795032094272909893509191171341133987714380927500611236528192824358010355957
m = 463168356949264781694283940034751631413079938662562256157830336031652518559817
k = 29642774844752946028434172162224104410437116074403984394101141506025761187823791+7237005577332262213973186563042994240829374041602535252466099000494570602917 e +23714219875
8023568227473377297792835283496928595231875152809132048206089502589237e2
c=37599608055473163124466745634442328940635586913242365184093361109148436480978867053
Conclusion
The great beauty and that this new cryptosystem is totally homomorphic which will be widely used in practice in particular in cloud computing, e-commerce, e-voting …, the authors said:
The complexity of the calculations
A computerized demonstration of the inversibility of the key secretes K
They gave a very interesting numerical example
The work has been justified, on the part of security: the security of this new cryptosystem is based on the problem of the discrete logarithm and the resolution of the problem of conjugal over this non commutative ring.
Nor at least I propose to the lecteurs two questions of great interest that can give form to a new article in cryptography:
Strengthen this work by an algebraic proof of the inversibility of K
Write an article to show how to transform a given message into a element in R.
Acknowledgement
The authors express their deep gratitude to University Mohamed Ben Abdellah.
References
A. Tadmori, A. Chillali, M. Ziane, 2015. The binary operations calculus in E_(a,b,c). International Journal of Mathematical Models and Methods in Applied Sciences.
A. Tadmori, A. Chillali, M. Ziane, 2015 Elliptic Curve over Ring A. Applied Mathematical Sciences.
A. Chillali, 2011. Cryptography over elliptic curve of the ring. World Academy of Science, Engineering and Technology. 78 (2011),pp.848-850
W. Diffie and M. Hellman, 1976. New directions in cryptography. IEEE Transactions on Information Theory.
J.H. Silverman, 1985. The Arithmetic of Elliptic curves,Graduate Texts in Mathematcs. Springer. Volume 106(1985).2,19,20,21
A. Boulbot, A. Chillali and A. Mouhib, 2016. Elliptic curves over the ring R. Gulf J. Math. pp.123-129.
N. Koblitz, 1987. Elliptic curve cryptosystems. Mathematics of Computation. 48(177): 203’209.
V. Miller, 1985. Use of elliptic curves in cryptography. CRYPTO. Lecture Notes in Computer Science. 85: 417’426.
S. Abdelalim, A .Chillali, S. Elhajji, 2014. Point of infinite order on an elliptic curve over a quadratic field. WSEAS Transactions on Mathematics.