The purpose of this invention is related to the domain of secure processors and more particularly secure calculation by homomorphic encryption.
Large amounts of research have recently been made on secure calculations, based particularly on homomorphic encryption techniques.
Homomorphic encryption can be used to perform operations (in practice arithmetic addition or multiplication operations and equivalent logical operations) on data without ever exposing these data. More precisely, a homomorphic encryption is an asymmetric key Encpk (public key pk) encryption in which the following property is satisfied:
Encpk: X→Y
Decsk[Encpk(a)⊕Encpk(b)]=a+b (1)
in which X is the unencrypted messages space (more simply called the plaintext space) and Y is the encrypted messages space (more simply called the ciphertext space), + is an additive operation in the plaintext space conferring a group structure on X, and ⊕ is an operation in the ciphertext messages space conferring a group structure on Y. It is thus understood that the application of (X,+) in (Y,⊕) is a homomorphism of groups. Decsk is the decryption function corresponding to Encpk (in which sk is the user's secret key).
If follows from expression (1) that it is possible to perform an additive operation between two plaintexts (a, b) from a corresponding operation between their ciphertexts (Encpk(a), Encpk(b)).
More generally, a homomorphic encryption can be considered to be a ring morphism between the plaintext space (including +,× operations) and the ciphertext space (including the corresponding ⊕,{circle around (×)} operations). We then have the following properties:
Decsk(Encpk(a+b))=Decsk(Encpk(a)⊕Encpk(b))=a+b (2-1)
Decsk(Encpk(a×b))=Decsk(Encpk(a){circle around (×)}Encpk(b))=a×b (2-2)
Therefore, using operations (2-1) and (2-2), it is possible to evaluate an arbitrary function F , that can be broken down into elementary addition and multiplication operations, in the ciphertext space and then decrypt the result.
Similarly, an arbitrary logical function F that can be broken down into elementary AND, OR and NOT logical functions can be evaluated in the ciphertext space. This is done by converting these logical operations into arithmetic operations:
AND(x, y)=xy (3-1)
NOT(x)=1−x (3-2)
OR(x, y)=NOT(AND(NOT(x),NOT(y))=1−(1−x)(1−y) (3-3)
and members at the right of equations (3-1) to (3-3) are calculated in the ciphertext space.
When a function F is defined in the plaintext space, the equivalent function in the ciphertext space will be denoted
F(m1, . . . , mM)=Decpk(
in which m1, . . . , mM are unencrypted data. The term at the left corresponds to an evaluation in the plaintext space and
Homomorphic encryption methods were first introduced following Craig Gentry thesis entitled “A fully homomorphic encryption scheme”.
Current homomorphic cryptosystems are widely based on encryptions derived from the LWE (Learning With Errors) or RLWE (Ring Learning With Errors) problem. In these cryptosystems, encryption consists of masking a message with noise. Conversely, decryption consists of removing this noise, that is possible if the private key of the cryptosystem is known but on the other hand is very difficult if it is not known. Homomorphic operations keep this masking naturally, or even amplify it. More precisely, if the above-mentioned function F is represented by a tree structure breakdown, each node in the tree corresponding to an elementary arithmetic (or logical) operation, noise is added at each level of the tree. Thus, it is understandable that if the calculation depth of the F function (and therefore
When a homomorphic cryptosystem can be used to perform any calculation depth, it is said to be a Fully Homomorphic Encryption (FHE). Otherwise, it is called a Somewhat Homomorphic Encryption (SHE).
The cryptosystem mentioned above is fully homomorphic. Gentry's basic idea is to used an encryption method with some (bootstrappability), namely the ability to evaluate its own decryption function in addition to basic arithmetic (or logical) operations. It is thus possible to build an FHE encryption method comprising a series of elementary encryption steps separated by decryption steps, each decryption step making the noise level drop below an acceptable threshold and therefore preventing divergence.
At the present time, the most efficient encryption methods are the BGV (Brakerski, Gentry, Vaikuntanathan) method, schemes derived from ATV (Alt-López, Tromer, Vaikuntanathan) and from GHW (Gentry Halevi Waters). Their theoretical security is based on the LWE or RLWE.
A description of an encryption scheme derived from the ATV scheme, called YASHE, is given in the paper by J. W. Bos et al. entitled “Improved security for a ring-based fully homomorphic encryption scheme” published in Cryptology ePrint Archive, Report 2013/075, 2013. Similarly, a description of an encryption scheme derived from the BGV scheme, called FV, is given in the paper by Jungfen Fan et al. entitled “Somewhat practical fully homomorphic encryption” published in Cryptology ePrint Archive, Report 2012/144, 2012.
The principle of the YASHE encryption scheme is briefly summarised below.
A non-null integer (q∈Z*) is considered and [x]q denotes the value of x modulo q, in other words the unique integer in the ]−q/2,q/2] interval as it exists q∈Z, in which x=kq+[x]q([x]q∈Z/qZ). The ring R=Z[X]/P(X) is defined as the polynomials quotient ring with coefficients in Z and P(X) is the ideal generated by the polynomial P(X). The polynomial P(X) is chosen to be irreducible (for example P(X)=Xd+1 with d=2″) and therefore R is a field. Rq denotes the polynomials ring R for which the coefficients belong to Z/qZ. χerr and χkey denote two distinct distributions on Rq, for example two Gaussian distributions with different variances and u(Rq) denotes the uniform distribution on Rq. Finally, we consider an integer t<q and we denote Δ=└q/t┘ where └.┘ is the next lower interger part.
The YASHE encryption method uses two polynomials f′ and g drawn at random in Rq using the distribution χkey. f′ is assumed such that f=1+tf′ is invertible in Rq. If f is not invertible, another draw is made of f′.
The result obtained is thus a public key and a private key pair:
sk=f∈Rq (5-1)
pk=h=t.g.f−1∈Rq (5-2)
The encryption is made generating two polynomials e,u drawn at random in Rq, using the distribution χerr:
e←χerr; u←χerr (6)
and calculating the encrypted message by adding a noise terms as follows:
ct=h.u+e+Δ.m∈R
q (7)
Conversely, decryption restores the message m starting from ct and the private key sk=f as follows:
In the following, we will consider a processor capable of executing a program composed of instructions. The program is in the form of a binary file generated using a compiler from a source program in an Assembly language or higher level language. Each instruction is represented by a binary code that respects an instruction format. An instruction is defined by an elementary operation to be done (for example logical and arithmetic operation) and if applicable, a source operand and a destination operand. Operands are given by the content of internal registers or memory locations. Instructions are executed one by one by the processor.
It has been suggested that such a processor can operate directly on the data (or operands) encrypted by a homomorphic encryption. Several approaches can be envisaged.
With this approach, the entire program is executed homomorphically. More precisely, if the entire program is represented by a function F, this function may be evaluated homomorphically on the encrypted data space.
110 represents a memory area in which data are stored (RAM memory and/or flash memory and/or registers. Data are stored in this area after being encrypted by homomorphic encryption. Unencrypted operands are denoted mi and encrypted operands are denoted H.Encpk(mi), i=1, . . . , M. Similarly, program instructions are stored in a program memory 115.
Function F representing all program instructions is homomorphically evaluated in 120. The homomorphic evaluation of function F has been denoted herein by
The calculation depth F, that is potentially dependent on the program length, can thus become very high. Thus, a noise amplification problem arises that has to be solved by bootstrapping techniques (evaluation of the decryption function in the ciphertext space), that consume large quantities of calculation and memory size resources (expansion of the size of keys and encrypted messages).
The major disadvantage of this approach is that the result of the evaluation of the instruction is unencrypted during execution, which reduces confidentiality and make some attacks possible.
Consequently, the purpose of this invention is to disclose a method of executing a program operating on data encrypted by homomorphic encryption that is confidential, in the sense that it is never necessary to expose unencrypted data or evaluated results.
This invention is defined by a method of executing a program operating on data encrypted by means of a homomorphic encryption, said program comprising a plurality of instructions, each instruction possibly being represented by a function of said data, execution of said instruction including a homomorphic evaluation by a processor of said function starting from said encrypted data, characterised in that:
(a) the result of said evaluation is masked by a first summation operation with a random sequence previously encrypted by said homomorphic encryption, said first summation operation in the ciphertext space corresponding to a modulo 2 summation operation in the plaintext space;
(b) the result of said evaluation thus masked is firstly decrypted and then reencrypted by means of said homomorphic encryption;
(c) the result obtained in step (b) is unmasked by a second summation operation with said random sequence previously encrypted by said homomorphic encryption, said second summation operation in the ciphertext space corresponding to a modulo 2 summation operation in the plaintext space; the result of the second summation operation being stored in a memory zone.
According to one variant, steps (a), (b) and (c) are performed by a coprocessor distinct from said processor.
According to a first embodiment, said instructions are stored in the form of functions expressed in the plaintext space, said instructions being translated during the boot by expressing said functions in the ciphertext space before being stored in a program memory.
According to a second embodiment; said instructions are stored in a program memory in the form of functions expressed in the plaintext space, said functions being translated on the fly, as they are executed, expressing said functions in the ciphertext space.
Encryption may be a fully homomorphic encryption, or advantageously a somewhat homomorphic encryption. In the latter case, it may for example by a BGV, ATV or YASHE encryption.
Other characteristics and advantages of the invention will become clear after reading a preferred embodiment of the invention with reference to the appended figures among which:
In the following description, we will consider a program comprising a plurality of instructions that can be executed sequentially by a processor (CPU or microcontroller). The instructions operate on data stored in a memory zone (for example flash memory, RAM, registers). These data are stored in a form encrypted by means of a homomorphic encryption, for example a somewhat homomorphic encryption (SHE), characterised by its public key pk and its secret key sk.
Each instruction is evaluated homomorphically. More precisely, each instruction can be expressed in the form of a logical operation (combination of AND, OR, NOT elementary operations) or an arithmetic operation (combination of elementary addition and multiplication operations), either in the plaintext space (function F) or equivalently (function
310 denotes the memory space in which encrypted data are stored and 315 denotes the memory space in which program instructions are stored (in this case assumed to be expressed in the ciphertext space).
Each new instruction Fn is evaluated homomorphically in 320, in other words an evaluation result H.Evalpk(Fn) is obtained as in the second approach envisaged in the introduction part.
However, unlike the second case envisaged above, the result of the evaluation is homomorphically masked before it is decrypted.
More precisely, a random mask r is generated in 330 by means of a cryptographic quality pseudo-random sequence generator or preferably random sequence generator known in itself.
A pseudo-random sequence generator is generally composed of one or several shift registers looped back on themselves and/or between themselves, the outputs of which are combined linearly or non-linearly. The size of the mask is also chosen to be equal to the length of the evaluation result H.Evalpk(Fn).
A pseudo-random generator uses a physical entropy source, for example such as a thermal noise of a resistance, and encrypts it using a symmetric encryption.
The mask could be determined as the sum of an arbitrary number of random or pseudo-random numbers. This arbitrary number can also be random or semi-random, so as to resist higher order attacks.
In 340, a homomorphic encryption is then made on the random mask r using the same cryptosystem (and particularly the same public key pk) as that used to encrypt the data.
Alternatively, the masks could have been generated in encrypted form directly or previously stored in encrypted form in a memory.
In all cases, the mask thus encrypted, H.Encpk(r) is then added by means of a summation operation in the ciphertext space (in other words by means of the operation denoted ⊕) to the result of the homomorphic evaluation result H.Evalpk(Fn). By definition, the ⊕ summation operation corresponds to the summation operation in the plaintext space, +, in this case considered as a modulo 2 addition (in other words bit by bit with no carry over). Advantageously, the homomorphic encryption is chosen such that the summation operation ⊕ is also a modulo 2 summation operation. This is the case particularly for the ATV and BGV encryption algorithms mentioned above
The result of the evaluation, masked by the random mask, is then decrypted using the secret key sk in 360. Advantageously, the secret key is stored in a secure register in the processor. This decryption prevents propagation of noise from one instruction to the next, as explained above. The result of the decryption is simply Fn(M1, . . . , mM)+r.
The result of the decryption is then encrypted again using the homomorphic encryption 370, then unmasked in 380 by adding it to the encrypted random mask H.Encpk(r) by means of the ⊕ operation (advantageously a bit by bit summation making use of an XOR as described above) in 380.
The sum thus obtained is then stored in the memory zone 310.
Due to the homomorphic masking before the result decryption operation, the result of the Fn(m1, . . . , mM) instruction does not appear unencrypted at any step in its execution by the processor.
Since the demasking operation in 380 was done homomorphically in the ciphertext space, it does not reveal the result of the instruction.
It will be understood that the unmasked result H.Encpk(Fn(m1, . . . , mM)+r)⊕H.Encpk(r) is in encrypted form and that there is no security problem with storing it in the memory zone. Its processing by a later instruction will consist of homomorphic encryption of Fn(m1, . . . , mM) , and will therefore be identical to the processing that would be done on Fn(m1, . . . , mM), because:
Decpk(H.Encpk(Fn(m1, . . . , mM)+r)⊕H.Encpk(r))=
Decpk(H.Encpk(Fn(m1, . . . , mM)+r))+Decpk(H.Encpk(r))= (9)
F
n(m1, . . . , mM)+r+r=Fn(m1, . . . , mM)
Unlike the second approach illustrated in
In one hardware implementation, operations 320 to 380 can be done by the processor itself, or according to another embodiment, can be distributed between the processor and a dedicated coprocessor. In this case, operations 330 to 380 that do not need access to the instruction, can be handled by the coprocessor, that limits its actions to homomorphic masking on the result of the instruction before storing it in memory.
Decryption in 360 is potentially vulnerable to physical attacks (and particularly attacks through auxiliary channels) aimed at determining the secret key sk of the cryptosystem. The circuit designed for decryption could also be made robust using a generic transformation method like that described for example in the paper by Y. Ishai et al. entitled “Private circuits: securing hardware against probing attacks” published in Proc. of Annual International Cryptology Conference, 2003.
Number | Date | Country | Kind |
---|---|---|---|
16 51502 | Feb 2016 | FR | national |