SYSTEM FOR SECURE MULTI-PARTY EXACT HOMOMORPHIC ENCRYPTION AND COMPUTER-IMPLEMENTED METHOD FOR PERFORMING SECURE MULTI-PARTY EXACT HOMOMORPHIC ENCRYPTION

Abstract

A system and a method for secure multi-party exact homomorphic encryption (SMPEHE) comprising a first participant, a second participant and a third participant, wherein the system further comprises: a key generation module within the first participant to produce an encryption mapping comprising an ordered product of elementary gates; to generate a multivariate polynomial set, serving as a public encryption key, via the encryption mapping; to form an encryption operator serving as a private key; and to create an encrypted polynomial set representing a computational instruction based on an encrypted action; a message encryption module within the second participant to encode a plaintext message into a first ciphertext by the public key provided by the first participant; and to transmit the first ciphertext to the third participant; and a computation module within the third participant to receive the first ciphertext; and to perform a computation on the received first ciphertext by evaluating the encrypted polynomial set. The structure of SMPEHE is a multipartite extension of the framework EHE and protects information for multiple users across all stages from transmission, to processing and to storage. All attributes of EHE are inherited and generalized in SMPEHE, including the safeguard of both data and operations, exact encrypted computations as well as exact decryptions, blind computation, the fulfillments of quantum resilience and hyper quantum resilience, and the capabilities of performing large-scale and sophisticated encrypted computations. This structure is also deployable on CPU and GPU environments.

Description

BACKGROUND OF THE INVENTION

1. Field of the Invention

The present disclosure generally relates to a system for encryption, particularly, to a system for secure multi-party exact homomorphic encryption and a computer-implemented method for performing secure multi-party exact homomorphic encryption.

2. Description of the Related Art

Homomorphic Encryption (HE) permits users to compute on encrypted messages without prior decryption, thus rendering a high level of security for the data processing. Over the next 30 years, improvements in HE remained rather constrained until Gentry's proposal in 2009. His dissertation theoretically allowed arbitrary encrypted computation contingent upon unlimited resources. While, the accumulation of noise poses a hindrance to execute this technique. The predicament is especially pronounced by dint of the exponential growth of noise with the number of multiplications.

Quantum computing has garnered much attention recently inasmuch as its momentous influence not only on data processing, but also on information protection. An intriguing field of study in relation to the security hazard is Quantum Public-Key Encryption (QPKE). The core approach entails the production of one-way functions to generate a quantum state that plays the role of a public key for encrypting message. QPKE is impeded mainly by necessitating sizable quantum operations, which falls into the hurdle of scaling up quantum computers.

Quantum Homomorphic Encryption (QHE) is another research area that has become increasingly appealing to safeguard data manipulation. Typically, an encrypted computation is exercised with a fault-tolerant Clifford+T circuit. Explicitly, physical qubits outnumber logical qubits by at least several hundred times, refuting the accessibility of QHE. An alternative rephrases a present HE to its quantum version. Aside from receiving the demerits of HE schemes aforesaid, the method in view consumes numerous qubits and then encounters the scalability barrier of quantum computers.

A serial of episodes elucidates a structure called the Quotient Algebra Partition, QAP, universally existing in finite-dimensional unitary Lie algebras. Given this structure inherited by every stabilizer code, a general methodology of Fault Tolerance Quantum Computation in QAP, abbreviated as QAPFTQC, elicits an algorithmic procedure achieving the acquirement that every action in every error-correcting code is fault tolerant. A fault tolerance quantum computation is thence derived by applying this encode on the codeword.

SUMMARY OF THE INVENTION

Accordingly, inventors of the present inventive concept introduce a system for secure multi-party exact homomorphic encryption and a computer-implemented method for performing secure multi-party exact homomorphic encryption.

The present inventive concept provides a system for secure multi-party exact homomorphic encryption (SMPEHE), wherein the system comprises a first participant as a model provider/data receiver, a second participant as a data provider/data owner and a third participant as a computation provider, wherein the system further comprises a key generation module, a message encryption module and a computation module.

The key generation module is within the first participant, which is configured to produce an encryption mapping comprising an ordered product of elementary gates; to generate a multivariate polynomial set, serving as a public encryption key, via the encryption mapping; to form an encryption operator serving as a private key; and to create an encrypted polynomial set representing a computational instruction based on an encrypted action.

The message encryption module is within the second participant, which is configured to encode a plaintext message into a first ciphertext by the public key provided by the first participant; and to transmit the first ciphertext to the third participant.

The computation module is within the third participant, which is configured to receive the first ciphertext; and to perform a computation on the received first ciphertext by evaluating the encrypted polynomial set.

According to the present inventive concept, the computation module is further configured to output a second ciphertext; and to transmit the second ciphertext to the first participant.

According to the present inventive concept, the system further comprises a decryption module within the first participant, which is configured to decrypt the second ciphertext by using the private key to retrieve a computation result.

According to the present inventive concept, the encryption mapping is generated by combining elementary gates, including negation, Toffoli, CNOT, and multi-controlled gates, to form an encryption transformation.

According to the present inventive concept, the public encryption key is a multivariate polynomial set generated through the corresponding encryption mapping.

According to the present inventive concept, the encrypted polynomial set is generated by the encrypted action composed of a desired operation, the encryption mapping and the encryption operator, and wherein the polynomial set is used for performing computations on the first ciphertext.

According to the present inventive concept, the computation module evaluates the encrypted polynomial set in parallel or sequentially on the first ciphertext to produce the second ciphertext.

According to the present inventive concept, the first ciphertext transmitted by the second participant is a tensor-product state of multiple individual ciphertexts.

According to the present inventive concept, the encrypted polynomial set is generated from an encrypted action which is defined as:

${𝒰}_{\mathrm{cv}}^{\left(j\right)}=\left({ℛ}_{\mathrm{en},j}^{-1}\otimes I_{n_j-w_j}\right)M_j{ℛ}_{\mathrm{cv},j},$

• • where _,j and _,j are the encryption transformations, is the inverse of _,j, M_j is the operation comprising elementary gates and I_nj-wj is an identity operator of n_j-w_j qubits.

According to the present inventive concept, a circuit of each of the encrypted action is further divided into a number j_t of sections for positive integers j_t and t to generate refined encrypted polynomial sets.

According to the present inventive concept, there is a first communication between the first participant and the second participant, wherein the first communication occurs in parallel or sequentially, which includes the distribution of public encryption keys from the first participant to the second participant.

According to the present inventive concept, there is a second communication between the first participant and the third participant, wherein the second communication occurs in parallel or sequentially.

According to the present inventive concept, the second communication includes the transmission of the computation instruction from the first participant to the third participant; and the transmission of the second ciphertext from the third participant to the first participant.

According to the present inventive concept, there is a third communication between the second participant and the third participant wherein the third communication occurs in parallel or sequentially, which includes the distribution of the first ciphertext from the second participant to the third participant.

The present inventive concept further provides a computer-implemented method for performing secure multi-party exact homomorphic encryption (SMPEHE) involving a first participant as a model provider/data receiver, a second participant as data provider/a data owner and a third participant as a computation provider, wherein the method comprises:

• • S10. randomly selecting E≤D members from a group of D parties in the first participant;
  • S20. generating E independent key pairs, wherein each of the independent key pairs comprises, for j=1, 2, . . . , E: a public encryption key (_,j; x_j), a multivariate polynomial set generated by an encryption mapping _,j; and a private key _,j, corresponding to the public key;
  • S30. preparing E operations M_j of n qubits, wherein each of the operation M_j is composed of elementary gates;
  • S40. generating E encryption transformations _,j of n qubits, wherein each of the encryption transformation _,j composed of elementary gates;
  • S50. creating E encrypted polynomial sets _,wj(;z_j) based on the j-th encrypted action =(_,j⊗I_nj-wj)M_jj, where M_j is a desired operation of the j-th member, _j is an inverse of _,j and I_nj-wj is an identity operator for n_j-w_j qubits;
  • S60. publicizing a set of public keys {_,kj(_,j; x_j):j=1,2, . . . , E}; and
  • S70. transmitting an encrypted polynomial set {_,wj(;z_j):j=1, 2, . . . , E} to the third participant.

According to the present inventive concept, the method further comprises, for j=1,2, . . . , E:

• • S80. preparing E plaintext messages m_j∈Z₂^kj, each of which represented as a k_j-qubit state, where k_j≤w_j;
  • S90. encrypting each of the plaintext m_j into a first ciphertext c_j using the corresponding public key _,kj(_,j; x_j);
  • S100. creating a tensor-product state of the ciphertexts |c=|c₁⊗|c₂⊗ . . . ⊗|c_E; and
  • S110. transmitting the tensor-product the ciphertext state |c to the third participant.

According to the present inventive concept, the method further comprises:

• • S120. distributing the encrypted polynomial sets {_,wj(;z_j):j=1, 2, . . . , E} among L independent third participants;
  • S130. evaluating each of the encrypted polynomial set _,wj(;z_j) on an input |c_j|c_j⊗|0_nj-wj, where |0_nj-wj is a null state of n_j-w_j qubits;
  • S140. generating the second ciphertexts |s=|s₁⊗|s₂⊗ . . . ⊗|s_E; and
  • S150. transmitting the second ciphertexts |s to the first participant.

According to the present inventive concept, the method further comprises:

• • S160. decrypting each of the second ciphertext |s_j using the corresponding private key _j to recover computation outcomes.

According to the present inventive concept, each of the encryption mapping _,j is composed of elementary gates selected from the group consisting of negation, Toffoli, CNOT, and multi-controlled gates.

According to the present inventive concept, each of the public key _,kj(_j; x_j) is generated by applying the encryption mapping _j to an initial polynomial set containing linear and nonlinear polynomials.

According to the present inventive concept, the encrypted polynomial sets _,wj(;z_j) encode computation instructions for operations performed by the third participant.

According to the present inventive concept, each of the first ciphertext c_j is generated by evaluating the public key _,kj(_j; x_j) on the plaintext message m_j, producing a bit-length k_j≤w_j.

According to the present inventive concept, the tensor-product state of the first ciphertexts is transmitted securely to the third participant without revealing the plaintext messages.

According to the present inventive concept, the encrypted polynomial sets are evaluated independently or sequentially on the first input ciphertext to optimize computational efficiency.

According to the present inventive concept, the private key _,j is used to decrypt the second ciphertexts.

According to the present inventive concept, the method further comprises distributing the public encryption keys from the first participant to the second participant in parallel or sequentially.

According to the present inventive concept, the method further comprises:

• • transmitting computation instructions from the first participant to the third participant in parallel or sequentially; and transmitting the second ciphertexts from the third participant to the first participant in parallel or sequentially.

According to the present inventive concept, the method further comprises:

• • transmitting the first ciphertexts from the second participant to the third participant in parallel or sequentially.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a process diagram of EHE according to an embodiment of the present inventive concept;

FIG. 2 is a process diagram of SMPEHE according to an embodiment of the present inventive concept;

FIG. 3 is a schematic diagram of the elementary gate used in the algorithm according to the present inventive concept;

FIG. 4 shows (a) the process of an embodiment of the present inventive concept where the message and computation are mapped to an identical space; and (b) the process of another embodiment of the present inventive concept that the message and computation are mapped to different spaces of encryption;

FIG. 5 is a schematic flow diagrams according to an embodiment of the present inventive concept;

FIG. 6 is a schematic flow diagrams according to another embodiment of the present inventive concept; and

FIG. 7 is a schematic flow diagrams according to another embodiment of the present inventive concept.

DETAILED DESCRIPTION

The present inventive concept is described by the following specific embodiments. Those with ordinary skills in the arts can readily understand other advantages and functions of the present inventive concept after reading the disclosure of this specification. Any changes or adjustments made to their relative relationships, without modifying the substantial technical contents, are also to be construed as within the range implementable by the present inventive concept.

Moreover, the word “exemplary” or “embodiment” is used herein to mean serving as an example, instance, or illustration. Any aspect or design described herein as exemplary or an embodiment is not necessarily to be construed as preferred or advantageous over other aspects or designs. Rather, use of the word “exemplary” or “embodiment” is intended to present concepts and techniques in a concrete fashion.

As used in this application, the term “or” is intended to mean an inclusive “or” rather than an exclusive “or.” That is, unless specified otherwise or clear from context, “X employs A or B” is intended to mean any of the natural inclusive permutations. That is, if X employs A; X employs B; or X employs both A and B, then “X employs A or B” is satisfied under any of the foregoing instances. In addition, the articles “a” and “an” as used in this application and the appended claims should generally be construed to mean “one or more,” unless specified otherwise or clear from context to be directed to a singular form.

Please refer to FIGS. 1 and 2 which is a process diagram of exact homomorphic encryption, EHE, and a process of secure multi-party exact homomorphic encryption, SMEHE, according to an embodiment of the method of the present inventive concept.

The present inventive concept provides a system for SMPEHE, wherein the system may comprise a first participant as a model provider/data receiver, a second participant as a data provider/data owner and a third participant as a computation provider, and the system may further comprise a key generation module, a message encryption module and a computation module.

According to the present inventive concept, the key generation module may be within the first participant, which is configured to produce an encryption mapping comprising an ordered product of elementary gates; to generate a multivariate polynomial set, serving as a public encryption key, via the encryption mapping; to form an encryption operator serving as a private key; and to create an encrypted polynomial set representing a computational instruction based on an encrypted action.

According to the present inventive concept, the message encryption module may be within the second participant, which is configured to encode a plaintext message into a first ciphertext by the public key provided by the first participant; and to transmit the first ciphertext to the third participant.

According to the present inventive concept, the computation module may be within the third participant, which is configured to receive the first ciphertext; and to perform a computation on the received first ciphertext by evaluating the encrypted polynomial set.

According to the present inventive concept, the computation module may be further configured to output a second ciphertext; and to transmit the second ciphertext to the first participant.

According to the present inventive concept, the system may further comprise a decryption module within the first participant, which is configured to decrypt the second ciphertext by using the private key to retrieve a computation result.

According to the present inventive concept, the encryption mapping may be generated by combining elementary gates, including negation, Toffoli, CNOT, and multi-controlled gates, to form an encryption transformation.

According to the present inventive concept, the public encryption key may be a multivariate polynomial set generated through the corresponding encryption mapping.

According to the present inventive concept, the encrypted polynomial set may be generated by the encrypted action composed of a desired operation, the encryption mapping and the encryption operator, and wherein the polynomial set may be used for performing computations on the first ciphertext.

According to the present inventive concept, the computation module may evaluate the encrypted polynomial set in parallel or sequentially on the first ciphertext to produce the second ciphertext.

According to the present inventive concept, the first ciphertext transmitted by the second participant may be a tensor-product state of multiple individual ciphertexts.

According to the present inventive concept, a circuit of each of the encrypted action is further divided into a number j_t of sections for positive integers j_t and t to generate refined encrypted polynomial sets.

According to the present inventive concept, there is a first communication between the first participant and the second participant, wherein the first communication occurs in parallel or sequentially, which includes the distribution of public encryption keys from the first participant to the second participant.

According to the present inventive concept, there is a second communication between the first participant and the third participant, wherein the second communication occurs in parallel or sequentially.

According to the present inventive concept, the second communication includes the transmission of the computation instruction from the first participant to the third participant; and the transmission of the second ciphertext from the third participant to the first participant.

According to the present inventive concept, there is a third communication between the second participant and the third participant wherein the third communication occurs in parallel or sequentially, which includes the distribution of the first ciphertext from the second participant to the third participant.

Please refer to FIG. 5, which is a schematic flow diagrams according to an embodiment of the present inventive concept, along with FIGS. 1 and 2. The present inventive concept further provides a computer-implemented method for performing secure multi-party exact homomorphic encryption (SMPEHE) involving a first participant as a model provider/data receiver, a second participant as data provider/a data owner and a third participant as a computation provider, wherein the method may comprise:

• • S10. randomly selecting E≤D members from a group of D parties in the first participant;
  • S20. generating E independent key pairs, wherein each of the independent key pairs comprises, for j=1, 2, . . . , E: a public encryption key _,kj(_,j; x_j), a multivariate polynomial set generated by an encryption mapping _,j; and a private key _,j, corresponding to the public key;
  • S30. preparing E operations M_j of n qubits, wherein each of the operation Mi is composed of elementary gates;
  • S40. generating E encryption transformations _,j of n qubits, wherein each of the encryption transformation _,j composed of elementary gates;
  • S50. creating E encrypted polynomial sets _,wj(;z_j) based on the j-th encrypted action =(_,j⊗I_nj-wj)M_j,j, where M_j is a desired operation of the j-th member, _,j is an inverse of _,j and I_nj-wj is an identity operator for n_j-w_j qubits;
  • S60. publicizing a set of public encryption keys {_,kj(_,j; x_j):j=1, 2, . . . , E}; and
  • S70. transmitting an encrypted polynomial set {_,wj(;z_j):j=1, 2, . . . , E} to the third participant.

Please refer to FIG. 6, which is a schematic flow diagrams according to an embodiment of the present inventive concept, along with FIGS. 1 and 2. According to the present inventive concept, the method further comprises, for j=1, 2, . . . , E:

• • S80. preparing E plaintext messages m_j∈Z₂^kj, each of which represented as a k_j-qubit state, where k_j≤w_j, wherein m_j may be the plaintext of the j-th member;
  • S90. encrypting each of the plaintext m_j into a first ciphertext c_j using the corresponding public key P_,kj(_,j; x_j);
  • S100. creating a tensor-product state of the ciphertexts |c=|c₁⊗|c₂⊗ . . . ⊗|c_E; and
  • S110. transmitting the tensor-product the ciphertext state |c to the third participant.

Please refer to FIG. 7, which is a schematic flow diagrams according to an embodiment of the present inventive concept. According to the present inventive concept, the method further comprises:

S120. distributing the encrypted polynomial sets {_,wj(;z_j):j=1, 2, . . . , E} among L independent third participants;

S130. evaluating each of the encrypted polynomial set _,wj(;z_j) on an input |c_j=|c_j|0_nj-wj, where |0_nj-wj is a null state of n_j-w_j qubits, wherein |c_j may be the ciphertext of the j-th member for IME;

S140. generating the second ciphertexts |s=|s₁⊗|s₂⊗ . . . ⊗|s_E, wherein |s may be the ciphertext of cryptovaluation; and

S150. transmitting the second ciphertexts |s) to the first participant.

Please further refer to FIG. 7, along with FIGS. 1 and 2. According to the present inventive concept, the method further comprises:

S160. decrypting each of the second ciphertext |s_j using the corresponding private key _,j to recover computation outcomes. The second ciphertext |s_j may be the ciphertext of j-th member in the cryptovaluation.

According to the present inventive concept, each of the encryption mapping _,j is composed of elementary gates selected from the group consisting of negation, Toffoli, CNOT, and multi-controlled gates.

According to the present inventive concept, each of the public key _,kj(_,j; x_j) is generated by applying the encryption mapping _,j to an initial polynomial set containing linear and nonlinear polynomials.

According to the present inventive concept, the encrypted polynomial sets _,wj(;z_j) encode computation instructions for operations performed by the third participant, as shown in FIG. 2.

According to the present inventive concept, each of the first ciphertext c_j is generated by evaluating the public encryption key _,kj(_,j; x_j) on the plaintext message m_j, producing a bit-length k_j≤w_j, as show in FIG. 2.

According to the present inventive concept, the tensor-product state of the first ciphertexts is transmitted securely to the third participant without revealing the plaintext messages.

According to the present inventive concept, the encrypted polynomial sets are evaluated independently or sequentially on the first input ciphertext to optimize computational efficiency.

According to the present inventive concept, the private key _,j is used to decrypt the second ciphertexts.

According to the present inventive concept, the method further comprises distributing the public encryption keys from the first participant to the second participant in parallel or sequentially.

According to the present inventive concept, the method further comprises:

• • transmitting computation instructions from the first participant to the third participant in parallel or sequentially; and transmitting the second ciphertexts from the third participant to the first participant in parallel or sequentially.

According to the present inventive concept, the method further comprises:

• • transmitting the first ciphertexts from the second participant to the third participant in parallel or sequentially.

Please refer to FIG. 1 which is a process diagram of EHE according to an embodiment of the present inventive concept. The process begins when {circle around (1)} the first participant produces a public key (; x) and releases this key, after which {circle around (2)} the second participant takes the public key to encode an message m into the ciphertext c.

Then, {circle around (3)} The ciphertext c is then sent to the third participant from the second participant. Subsequently, {circle around (4)} the first participant provides the computation instructions/model _w(;z) to the third participant for further processing. Once the computations are performed, {circle around (5)} the resulting ciphertext s is sent back to the first participant by the third participant. Finally, the first participant decrypts the computation result s via the private key to obtain the final output of the process.

Please refer to FIG. 2 which is a process diagram of SMPEHE according to an embodiment of the present inventive concept.

According to this embodiment, the process starts with {circle around (1)} the first participant produces a public key {_,kj(_j; x_j):j=1, 2, . . . , E} and releases the public key. Next, {circle around (2)} The second participant encodes the j-th message m_j into the ciphertext c_j by using the public key.

After that, {circle around (3)} the aggregated ciphertext c is then transmitted from the second participant to the third participant. Subsequently, {circle around (4)} the first participant provides the computation instructions/model {_,wj(;z_j):j=1, 2, . . . , E} to the third participant for execution.

Finally, {circle around (5)} the third participant sends the computation result ciphertext

$❘s\rangle =\stackrel{E}{\underset{j=1}{\otimes }}❘s_j\rangle$

back to the first participant, and the j-th component |s_j is decrypted into the corresponding j-th component of the computation result via the private key _,j.

According to an embodiment of the present inventive concept, a multivariate polynomial of k variables f(x)=E_τ∈z2kc_τx^τ may be provided, wherein f(x) is a linear combination of monomials x^τ of degrees≤k with coefficients c_τ∈Z₂. Each monomial x^τ may be expressed as x^τ=x₁^σ1x₂^σ2 . . . x_k^σk, where x_r∈Z₂, τ=σ₁σ₂ . . . σ_r . . . σ_k ∈Z₂^k and r∈[k], with [k] denoting a set of positive integers from 1 to k.

In this embodiment, the formulation provides the foundational representation of polynomials in the binary field Z₂.

The polynomial f(x) may serve as the foundation for encoding and transforming data in the EHE framework in the system of the present inventive concept, where public encryption keys are generated as multivariate polynomial sets.

According to an embodiment of the present inventive concept, elementary gates Λ_r^θ of k qubits are introduced, where the integer r signifies the r-th qubit as a target qubit of the elementary gate, and nonzero entities of k-bit binary string θ=∈₁∈₂ . . . ∈_k∈Z₂^k indicate positions of qubits serving as control bits.

In this embodiment, the elementary gates may act on k-qubit quantum states and the gates may be represented by the transformation Λ_r^θ, wherein r may identify the target qubit and θ=∈₁∈₂ . . . ∈_k∈Z₂^k may specify the control bits.

In this embodiment, the elementary gates may comprise the negation gates, the controlled-NOT, CNOT, gates, Toffoli gates, and multi-controlled gates as shown in FIG. 3.

Every elementary gate is a transformation of dimension-one preserving that maps a basis quantum state into another, referring to FIG. 3 for the diagrammatic exemplification. Since AND and OR can be rephrased in Toffoli gates attended with ancilla qubits, this set vouches for the computational universality. These gates may operate on quantum states to enable transformations within the EHE framework.

Each of elementary gates used in the present inventive concept is designed to be dimension-one preserving, avoiding the memory-intensive demands associated with simulating full quantum states. This design may support the feasibility of implementing the system on classical computing platforms, such as CPUs and GPUs, without the need for quantum hardware.

According to an embodiment of the present inventive concept, elementary gates are applied on quantum states. In this embodiment, elementary gates may act on the variables to generate multivariate polynomials over a binary field Z₂, formulated as the following transformation rule,

$\begin{array}{cc}{\Lambda }_r^{\theta }⊢x_s=x_s+{\delta }_{\mathrm{rs}}{x}^{\theta }& \mathrm{Eq}.1\end{array}$

• • wherein x_s∈Z₂ is a binary variable and x^θ=x₁^∈1,x₂^∈2 . . . x_k^∈k represents the monomial transformation of k variables which induced by the gate.

According to an embodiment of the present inventive concept, a first encryption mapping may be defined, which is an ordered product of elementary gates randomly chosen. The first encryption operator is applied to generate a set of w multivariate polynomials that serves as a public encryption key for encoding a k-qubit plaintext into a w-qubit first ciphertext, where w≥k, for message encryption.

The first encryption mapping is constructed to encode plaintext into ciphertext by applying transformations to the input polynomials. According to the precent inventive concept, the output may be a set of w-multivariate polynomials, which may form a public encryption key.

The transformation rule described in Eq. 1 de facto unveils the polynomial representation of elementary gates. When this mapping is applied, the variable x_s receives a shift of the product x^θ if the s-th qubit corresponds to the target bit, or remains intact otherwise. In practical maneuvers, the elementary gates act on variables of monomials. The gate Λ_r^θ is said to be of rank t if θ contains a number t of nonzero bits. That is, a negation gate is of rank zero, a CNOT gate is of rank one, a Toffoli gate is rank two, and a multi-controlled gate is of rank t≥3. Every elementary gate defined here is unitary and involutory.

According to an embodiment of the present inventive concept, a desired operation M of n qubits are introduced, where n>w, and M is represented as a circuit composed of n-qubit elementary gates. In this embodiment, the operation M may serve as the computation to be encrypted and performed homomorphically.

According to an embodiment of the present inventive concept, a second encryption mapping is defined, wherein is an ordered product of n-qubit elementary gates randomly chosen. The second encryption mapping may introduce cryptographic complexity.

According to an embodiment of the present inventive concept, the desired operation M may be encoded into an encrypted action U, wherein the desired operation M is cryptified into an encrypted action U through the first encryption operator and the second encryption operator . The process may ensure that the operation M is transformed into a secure, encrypted form compatible with ciphertext computations.

According to an embodiment of the present inventive concept, an encrypted polynomial set is generated from the encrypted action U, and the encrypted polynomial set may be evaluated on the ciphertext to yield an encrypted computation.

According to an embodiment of the present inventive concept, the encrypted action U may enable computations to be performed in the encrypted domain. The polynomial sets may serve as intermediaries to evaluate encrypted operations.

The computation can be performed homomorphically without decrypting the ciphertext by the system of the present inventive concept. The evaluation process, referred to as cryptovaluation, may establish the duality between polynomial evaluation and state computation, thereby validating the integrity of the encrypted computation.

According to an embodiment of the present inventive concept, a second binary string ζ is introduced, wherein the second binary string ζ determines how variables interact within the monomial. The monomial x^θ may be modified based on the second binary string ζ into a modified form x_ζ^θ. Consequently, the Eq. 1 may be expanded into the following generalized transformation:

$\begin{array}{cc}{\Lambda }_r^{\theta ,\zeta }⊢x_s=x_s+{\delta }_{\mathrm{rs}}{\stackrel{\_}{x}}_{\zeta }^{\theta }& \mathrm{Eq}.2\end{array}$

• • where s∈[k] and x_ζ^θ is defined as x_ζ^θ=Π_i=1^k(x_i+ζ_i)^∈i.

In this embodiment, the second binary string ζ is used to modify the monomial interactions through control bits introducing an additional degree of freedom in variable transformations.

According to an embodiment of the present inventive concept, the monomial x^θ may be transformed into the modified form x_ζ^θ, defined as

${\stackrel{\_}{x}}_{\zeta }^{\theta }={\prod }_{i=1}^k{\left(x_i+{\varsigma }_i\right)}^{{ϵ}_i},$

• • where x_i∈Z₂ may represent the variables, ζ_i∈Z₂ may modify the interaction for each variable based on its binary value, and ∈_i may determine the control bit configuration.

According to the present inventive concept, the most general form of an elementary gate acting on k variables over Z₂ may be expressed in Eq. 2.

According to the present inventive concept, the generalization of Eq. 1 into Eq. 2 enhances the transformation rule by incorporating the second binary string ζ.

According to the present inventive concept, the generalization may support more complex polynomial transformations and improve the framework's ability in the system of the present inventive concept to represent and process non-linear relationships in the encrypted polynomial sets.

According to an embodiment of the present inventive concept, the first encryption operator may be further defined as a product operation which is a k-qubit ordered product of elementary gates, as:

$ℛ={\prod }_{i=1}^n{\Lambda }_{r_i}^{{\theta }_i},$

• • where Λ_ri^θi denotes the i-th elementary gate acting on the r_i-th qubit with a control string θ_i ∈.

According to the present inventive concept, the control string θ_i∈ may specify which qubits interact during the operation.

According to the present inventive concept, the ordered product may encapsulate the sequential application of these gates to transform plaintext states into encrypted representations.

According to the present inventive concept, the use of elementary gates, e.g., the negation, the CNOT, Toffoli gates, may be used as the building blocks of encryption mappings.

According to an embodiment of the present inventive concept, a reverse product operation may be further defined, wherein is the order-reversed product of , which is expressed as:

$\widehat{ℛ}={\prod }_{i=n}^1{\Lambda }_{r_i}^{{\theta }_i}.$

In this embodiment, the reverse operation may ensure symmetry and facilitates invariance properties that are essential for encryption and decryption processes within the SMPEHE framework of the system of the present inventive concept.

According to an embodiment of the present inventive concept, an equality may be established between the product operation and its reverse for each basis state |x:

$\begin{array}{cc}❘ℛ⊢x\rangle =\widehat{ℛ}❘x\rangle ,\mathrm{where}x\in {\mathbb{Z}}_2^k.& \mathrm{Eq}.3\end{array}$

According to the present inventive concept, an elementary gate of k qubits Λ_r^θ sends a basis state of the same number of qubits |a₁a₂ . . . a_r . . . a_k to

$\begin{array}{cc}{\Lambda }_r^{\theta }❘a_1{a}_2\dots a_r\dots a_k\rangle =❘a_1{a}_2\dots \left(a_r+a^{\theta }\right)\dots a_k\rangle ,& \mathrm{Eq}.2-1\end{array}$

• • where r∈[k], θ=∈₁∈₂ . . . ∈_k and a₁^∈1=a₂^∈2 . . . a_k^∈k∈Z₂^k.

The equality in Eq. 3 is deemed as the evaluation duality between a state and its associated polynomials. Specifically, |x=|y₁(x)y₂(x) . . . y_k(x) indicates a sequence of ordered polynomials written in a state. The s-th polynomial, y_s(x)=x, is the is the resulted polynomial of applying the product operation =Λ_ru^θu . . . Λ_r2^θ2Λ_r1^θ1 embracing u≥1 elementary gates on the s-th variable x_s of x=x₁x₂ . . . x_k ∈Z₂^k, s∈[k]. The state |x results from activating the order-reversed product =Λ_r1^θ1Λ_r2^θ2 . . . Λ_ru^θu of on the basis state |x. This equality elucidates the equivalence of the polynomial evaluation and the state computation, namely |x_=a=|a by substituting a multi-valued string a for the input x of polynomials y_s(x) respectively. The validness of Eq. 3 is confirmed through a process that repetitively employs Eq. 1 to generate polynomial monomials and Eq. 2-1 to calculate state components.

The transformations applied by and its reverse may yield equivalent outcomes, independent of the order of gate application.

According to the present inventive concept, the sequential application of gates in may introduce layers of cryptographic complexity by leveraging the noncommutative properties of elementary gates for enhanced security.

The equality |x=|x establishes an invariant property that strengthens the theoretical foundation of the encryption process in the system of the present inventive concept.

According to an embodiment of the present inventive concept, an initial set of the multivariable polynomials ={g_j(x)|j∈[w]} is prepared, wherein g_j(x) corresponds to each polynomial f(x), wherein each of g_j(x) is expressed as:

$g_j\left(x\right)={\sum }_{\tau \in Z_2^k}{c}_{\tau ,j}{x}^{\tau },$

• • where c_τ,j∈Z₂ are binary coefficients and x^τ=x₁^σ1,x₂^σ2 . . . x_k^σk are monomials of degree≤k.

In this embodiment, the polynomial set may be structured and compatible with subsequent encryption transformations, enabling the efficient computation in the SMPEHE framework in the system of the present inventive concept

According to an embodiment of the present inventive concept, the first encryption operator is applied on each polynomial in the initial polynomial set . The resulting ordered set of polynomials is denoted as (; x)={f_j(x)=g_j(x): j∈[w]}, where w≥k is the number of the polynomials. This ordered set may serve as a public encryption key, as shown in FIG. 1.

In this embodiment, the first encryption operator may transform each polynomial g_j(x) in into a corresponding encrypted polynomial f_j(x). The transformation is expressed as: f_j(x)=+g_j(x),∀j∈[w].

The polynomials may be transformed into secure forms while retaining their structural consistency.

The algorithm favors the first encryption operator including a certain number of multi-controlled gates of higher ranks ≥2 for the purpose of breeding polynomials of higher degrees in (; x). In the composition of , a pair of gates Λ_r^θ and Λ_s^τ are noncommuting if the r-th digit in τ or the s-th digit in θ is non-null, r and s∈[k].

In this embodiment, the condition w≥k ensures sufficient encoding capacity for the plaintext. The set (; x) may serve as a reusable key for encoding plaintexts into ciphertexts.

According to an embodiment of the present inventive concept, the plaintext |m may be provided, wherein the plaintext is of k qubits. The plaintext may be encoded to the first ciphertext |c, wherein the ciphertext is of w qubits. The ciphertext is generated by evaluating the public encryption (; x) on the plaintext, such that

$❘c\rangle =❘f_1\left(m\right)f_2\left(m\right)...f_w\left(m\right)\rangle ,$

• • where m∈Z₂^k, c∈Z₂^w and f_j(m)∈Z₂ is the evaluation of the j-th polynomial f_j(x)∈_,k(; x) on the plaintext, 1≤j≤w.

In this embodiment, the plaintext |m) may serve as the data to be encrypted using the EHE framework of the present inventive concept and the public encryption _,k(; x) may serve as the functional basis for encoding the plaintexts into the ciphertexts. Specifically, the ciphertext |c is the evaluation of the public key _,k(; x), a multivariate polynomial set, on the input message x=m.

According to the present inventive concept, wherein the number of different polynomial sets, generated by all permutations of the elementary gates composing the operator , is a minimum of h!, where h is a size of a maximal set of pairwise noncommuting gates in .

In an embodiment of the present inventive concept, the concept of a maximal set of pairwise noncommuting gates within is introduced, wherein pairwise noncommuting gates satisfy A·B≠B·A, ensuring that their order impacts the resulting transformations. Besides, the size of the maximal set is denoted as h, capturing the structural complexity of .

As a result, attempting to reconstruct the public key _,k(; x) generated by an encryption mapping with a maximal set of size h incurs a combinatorial complexity of at least h!.

The overall complexity is given by h_l!·h_l-1! . . . h₁! for encryption mappings composed of multiple disjoint subsets of mutually noncommuting gates (h_r, r∈[l]). This establishes a cryptographic complexity criterion based on the structural properties of the encryption operator . This result may directly quantify the security strength of the encryption mapping of the present inventive concept.

According to an embodiment of the present inventive concept, the w-qubit first ciphertext |c may be decrypted to |m⊗|r=|c by the first encryption mapping to recover the plaintext m.

The complexities of attacking the invertible message encryption, IME, of w qubits is proven to satisfy the complexity criteria T_de-NC>T_ICRP>T_XL>2^w, where T_de-NC is the decompositional noncommutativity complexity for this IME, T_ICRP is the complexity of solving Invertible Circuit Reconstruction Problem (ICRP) for this IME, T_XL is the complexity of attacking this IME via the XL algorithm, and 2^w is the complexity of attacking this IME via the brute-force method.

The complexity criteria of IME suggest that attacking the private key is more difficult than breaking the public key or the ciphertext.

Grounded on the complexity criteria, the security strength of IME may be straightforwardly increased with moderate efforts, whose minimum strength grows linearly with the length of input plaintext.

Based on the complexity criteria, the security of IME with a public key _,k(; x) surpasses the post-quantum standard 2¹²⁸, and further attains the suggested threshold 2¹⁰²⁴ of hyper quantum resilience.

The security requirements of IME fulfill the advanced privacy demands beyond the post-quantum standards, especially surpassing the security level 256 bits.

The security requirements of IME prevent information from quantum attacks, including Grover's algorithm, quantum annealing and quantum Groebner-basis algorithm.

Please further refer to FIG. 2. IME can be designed into a multipartite version for message encryption, denoted as multipartite IME, by generating a set of E independent key pairs (_,kj(_,j; x_j),_,j), 1≤j≤E, where the j-th member possesses the polynomial set, _,kj(_,j; x_j), serving as the j-th public key and the j-th encryption mapping, _,j serving as the j-th private key, k_j is the bit-length of the plaintext x_j∈Z₂^kj and w_j the number of polynomials in _,kj(_,j; x_j).

In multipartite IME, a number E of messages/plaintexts m_j ∈Z₂^kj are prepared, each m_j is encoded into a ciphertext c_j of w_j qubits, and then a culminated ciphertext |c=|c₁⊗|c₂⊗ . . . ⊗|C_E is generated, where the message m_j of the j-th member is a state of k_j qubits, 1≤j≤E and k_j≤w_j.

In multipartite IME, each individual ciphertext c_j is decrypted into m_j via _,j.

The multipartite IME follows a similar security criteria as those in IME, T_de-NC>T_ICRP>T_XL>2^w, here w=Σ_j=1^Ew_j, and also inherits similar security requirements as the aforementioned in IME.

Due to the duality, the ciphertext |c=[x_x=e, through evaluating _,k(; x) over a w-qubit state |e to |m⊗|r, equals |e. Here, |r is a basis state of w-k qubits randomly assigned and the order-reversed product of . Since every elementary gate is its own inverse, =. The plaintext |m is thereby recovered from |c=|c=|e.

According to the present inventive concept, the duality relationship and the invertibility of elementary gates used in lead to the exactness of decryption, so that the plaintext is able to be accurately recovered from the ciphertext without error, which may distinguish the system of the present inventive concept from the noisy decryption methods in traditional systems.

According to the present inventive concept, the encrypted polynomial set may be generated from an encrypted action which is defined as:

=(_,j⊗I_nj-wj)M_j,j;

• • where _,j and _,j are the encryption transformations, _,j is the inverse of _,j, M_j is the operation comprising elementary gates and I_nj-wj is an identity operator of n_j-w_j qubits.

According to the present inventive concept, a circuit of each of the encrypted action may be further divided into a number j_t of sections for positive integers j_t and t to generate refined encrypted polynomial sets.

According to an embodiment of the present inventive concept, an encrypted action , is defined, wherein =(⊗I){circumflex over (M)}, with {circumflex over (M)} is an order-reversed product of M, n≥w, and/is an identity operator of n-w qubits; the w-qubit ciphertext |c of the k-qubit plaintext |m derived from the second encryption operator and an n-qubit action M may be given, n=w≥k, generating an encrypted polynomial set:

$\begin{array}{cc}{𝒫}_{n,n}\left({𝒰}_{\mathrm{cv}}^{‡};𝓏\right)=\left\{{\alpha }_i\left(𝓏\right)={𝒰}_{\mathrm{cv}}^{‡}⊢{𝓏}_i:i\in \left[n\right]\right\},& \mathrm{Eq}.3\end{array}$

• • wherein is an encrypted action, and expressed as ={circumflex over (M)}, which is the adjoint of the encrypted action. Besides, α_i(z) is the i-th polynomial in the encrypted polynomial set _,n (;z), z=z₁z₂ . . . z_n ∈Z₂ⁿ which is derived by applying on the variables z.

The present inventive concept borrows the mechanism of QAPFTQC to encipher computations.

Assume that a k-qubit plaintext is encoded into a w-qubit ciphertext via a multivariate polynomial set generated by the first encryption operator , which is the encryption mapping, k≤w. Accompanied by the second encryption operator , an n-qubit operation M, a circuit of elementary gates, is concealed into the encrypted action =(⊗I){circumflex over (M)} with {circumflex over (M)} is an order-reversed product of M, n≥w.

This encrypted action is a simplified form of the fault tolerant encode in QAPFTQC. Let the circuit of be rephrased as a set of n multivariate polynomials. Grounded on the poetic duality, evaluating this polynomial set on the ciphertext yields the cryptovaluation. Finally, may serve as the private cryptovaluation key to decrypt the encrypted computation.

In the case w=n, the message and computation are mapped into an identical space of encryption as depicted in FIG. 4(a).

Please further refer to FIG. 1. In this embodiment, the polynomial set _,k (;x) generated by , which is the public encryption key for invertible message encryption, IME, encodes |m into a ciphertext |c. On the strength of the duality relation, this ciphertext is alternatively written as |c=|m|⊗|0 from exercising the order-reversed product of on the product state |m⊗|0 of |m and the (n-k)-qubit null state |0. A step further is drawing that encodes M into the composition =M, resulting in the encrypted computation |c=M|m⊗|0called the cryptovaluation. Here, is the order-reversed product of the encrypted action tv.

With the associated state z=|α₁(z)α₂(z) . . . α_n(z)) and i∈[n], it relishes the duality |c=z_z=c between the state computation and the polynomial evaluation. Thus, the cryptovaluation is engaged in z_z=c of calculating the polynomial set _,n(;z) on the ciphertext |c. The operator = works as the private cryptovaluation key of the decryption, namely |z_z=c=|c=M|m⊗|0. Refer to FIG. 8(a) for the diagram outlining the process in the system of the present inventive concept. In the scenario where n=w, the message and computation are elegantly sent into an identical space of encryption under the same encryption operator .

According to the present inventive concept, is the inverse of the first encryption operator, which decodes the ciphertext into a form compatible with {circumflex over (M)}. The use of {circumflex over (M)} make sure the invertibility of the computation and the consistency with the EHE framework's duality principles in the system of the present inventive concept.

Besides, the encrypted action enables secure computation by maintaining the encrypted state throughout the process, preserving data confidentiality.

According to an embodiment of the present inventive concept, the w-qubit ciphertext |c of the k-qubit plaintext |m derived from the first encryption operator and an n-qubit action M is given, n>w≥k, generating an encrypted polynomial set:

$\begin{array}{cc}{𝒫}_{n,w}\left({𝒰}_{\mathrm{cv}};𝓏\right)=\left\{{\beta }_i\left(𝓏\right)={𝒰}_{\mathrm{cv}}⊢{𝓏}_i:i\in \left[n\right]\right\},& \mathrm{Eq}.4\end{array}$

• • wherein β_i(z) is the i-th polynomial in the encrypted polynomial set _,w(;z), z=z₁z₂ . . . z_n ∈z₂ⁿ, encapsulating the transformation applied by , which is shown in FIG. 1.

Here, the encoded operation =M(⊗I) is the order-reversed product of encrypted action , with M sandwiched by the operator of input errors ⊗I and the operator of output errors .

The proof is similar as mentioned above, but replacing the encryption operator of by ⊗I, the encrypted polynomial set _,n(;z) by _,w(;z), and the polynomial state +z by |+z. Similarly, ascertained from the duality relation, the output of the cryptovaluation is the polynomial evaluation |z_z=c on the product state |c)=|c|0′) of |c and a null basis state |0′ of n-w qubits. Likewise, the operator decrypts the evaluation. Please refer to FIG. 4(b) which pictures this process in the system of the present inventive concept.

According to an embodiment of the present inventive concept, a number e of sectional encrypted circuits _,g composing may be paralleled, q∈[e]; and a sequential evaluation of encrypted polynomial sets may be generated as:

$\begin{array}{cc}{𝒫}_{n,w}\left({𝒰}_{\mathrm{cv},q};𝓏\right)=\left\{{\beta }_{i,q}\left(𝓏\right)={𝒰}_{\mathrm{cv},q}⊢{𝓏}_i:i\in \left[n\right]\right\}.& \mathrm{Eq}.5\end{array}$

In an embodiment of the present inventive concept, ciphertext |c, a w-qubit ciphertext derived from the first encryption mapping , encodes the k-qubit plaintext |m, wherein |c) may serve as the input for the encrypted computational action. Then, may further transform the ciphertext |c within the encrypted domain. Next, the encrypted polynomial set _,w(;z) is generated, where each β_i(z) may correspond to a transformed variable z_i under the action of .

In another embodiment of the present inventive concept, the encrypted action may be partitioned into e sectional encrypted circuits _,q, each of the sectional circuit may independently handle a subset of the computations, facilitating the parallelized execution. Each of the sectional circuit may be applied to the variables z; in the encrypted domain.

For every circuit q, an encrypted polynomial set _,w(_,q;z) is generated _,w(_,q;z)={β_i,q(z)=_,qz_i; i∈[n]}, where each β_i,q(z) may correspond to a transformed variable z_i by the sectional circuit _,q.

After all sectional circuits _,q have been applied, their outputs, the polynomial sets, may be sequentially combined. The sequential evaluation consolidates the partial results from each _,w(_,q;z) into the final encrypted polynomial set to complete the computation.

The complexity of attacking the computation encryption, cryptovaluation, of n qubits on w-qubit ciphertexts is greater than 2^w.

In a cryptovaluation, attacking the private key is more difficult than breaking the public key or the ciphertext.

In a cryptovaluation, the security strength may be straightforwardly increased with moderate efforts, whose minimum strength grows linearly with the length of input ciphertext.

In a cryptovaluation, the security surpasses the post-quantum standard 2¹²⁸, and further attains the suggested threshold 2¹⁰²⁴ of hyper quantum resilience.

The security requirements of cryptovaluation fulfill the advanced privacy demands beyond the post-quantum standards, especially surpassing the security level 256 bits.

SMPEHE follows similar security criteria and requirements as those in EHE.

The security requirements of cryptovaluation prevent information from quantum attacks, including Grover's algorithm, quantum annealing and quantum Groebner-basis algorithm.

According to the present inventive concept, there is a first communication between the first participant and the second participant, wherein the first communication occurs in parallel or sequentially, which includes the distribution of public encryption keys from the first participant to the second participant.

According to an embodiment of the present inventive concept, the first communication between the first participant and the second participant may refer to the distribution of the public encryption key from the first participant to the second participant. This may enable the second participant to encrypt their plaintext data into ciphertexts.

In an embodiment, the ciphertext |c is the evaluation of the public key _,k(; x), a multivariate polynomial set, on the input message x=m.

In this embodiment, the second participant may use the public encryption key to transform the plaintext message m into the first ciphertext |c. The process of accessing the public encryption key is the foundational step in the first communication between the participants.

According to the present inventive concept, there is a second communication between the first participant and the third participant, wherein the second communication occurs in parallel or sequentially.

According to the present inventive concept, the second communication includes the transmission of the computation instruction from the first participant to the third participant; and the transmission of the second ciphertext from the third participant to the first participant.

According to the present inventive concept, the second communication between the first participant and the third participant may involve two key steps, transmission of computation instructions, and transmission of computation results.

In an embodiment of the present inventive concept, the first participant may send encrypted polynomial sets, which may represent the computation instructions, to the third participant to perform computations on the encrypted data. This allows the third participant to perform operations on the encrypted data. After performing the computations, the third participant may further send back the result of the encrypted computation, referred to as the second ciphertext, to the first participant to decrypt the result using the private key.

In an embodiment, the encrypted computation which refers as cryptovaluation is the fruition of evaluating the encrypted polynomial set on an input ciphertext. The result of the encrypted computation is the evaluated polynomial set, which is returned as an encrypted output. The encrypted results are transmitted to the first participant for decryption.

In this embodiment, the first participant sends the encrypted polynomial set to the third participant as computation instructions. The encrypted polynomial set encodes the function to be computed. After evaluating the polynomial set, the third participant sends the result back to the first participant as an encrypted output, i.e. the second ciphertext. This explicitly states that the encrypted computation results are sent from the third participant to the first participant.

According to the present inventive concept, there is a third communication between the second participant and the third participant wherein the third communication occurs in parallel or sequentially, which includes the distribution of the first ciphertext from the second participant to the third participant.

According to the present inventive concept, the third communication between the second participant and the third participant involves the transmission of the first ciphertext (i.e., the encrypted message) from the second participant to the third participant. The third communication may allow the computation provider to receive the encrypted data on which the computations are performed.

In an embodiment of the present inventive concept, the ciphertext |c is the evaluation of the public key _k(; x) on the input message x=m. The encrypted message is transmitted to the computation provider. Encrypted polynomial sets and ciphertexts may be processed either sequentially or in parallel to optimize computational efficiency.

In this embodiment, the formation of the first ciphertext by the second participant after encrypting the plaintext using the public key provided by the first participant. The transmission of the first ciphertext from the second participant to the third participant ensures that the encrypted data reaches the third participant for further processing. The data flow, including ciphertext transmission can be implemented using either parallel or sequential methods, depending on the architecture.

The third communication ensures that the computation provider receives the necessary encrypted data to perform cryptovaluation (the computation on encrypted data).

This communication pathway supports flexible data transfer methods in parallel or sequential but primarily focuses on securely transferring the encrypted input data without exposing the plaintext.

The foregoing descriptions of the detailed embodiments are only illustrated to disclose the features and functions of the present inventive concept and not restrictive of the scope of the present inventive concept. It should be understood to those in the art that all modifications and variations according to the spirit and principle in the disclosure of the present inventive concept should fall within the scope of the appended claims.

Claims

1. A system for secure multi-party exact homomorphic encryption (SMPEHE), wherein the system comprises a first participant as a model provider/data receiver, a second participant as a data provider/data owner and a third participant as a computation provider, wherein the system further comprises: a key generation module within the first participant, which is configured to produce an encryption mapping comprising an ordered product of elementary gates; to generate a multivariate polynomial set, serving as a public encryption key, via the encryption mapping; to form an encryption operator serving as a private key;and to create an encrypted polynomial set representing a computational instruction based on an encrypted action;a message encryption module within the second participant, which is configured to encode a plaintext message into a first ciphertext by the public key provided by the first participant; and to transmit the first ciphertext to the third participant; anda computation module within the third participant, which is configured to receive the first ciphertext; and to perform a computation on the received first ciphertext by evaluating the encrypted polynomial set.

2. According to the system of claim 1, wherein the computation module is further configured to output a second ciphertext; and to transmit the second ciphertext to the first participant.

3. According to the system of claim 2, wherein the system further comprises a decryption module within the first participant, which is configured to decrypt the second ciphertext by using the private key to retrieve a computation result.

4. According to the system of claim 3, wherein the encryption mapping is generated by combining elementary gates, including negation, Toffoli, CNOT, and multi-controlled gates, to form an encryption transformation.

5. According to the system of claim 4, wherein the public encryption key is a multivariate polynomial set generated through the corresponding encryption mapping.

6. According to the system of claim 1, wherein the encrypted polynomial set is generated by the encrypted action composed of a desired operation, the encryption mapping and the encryption operator, and wherein the polynomial set is used for performing computations on the first ciphertext.

7. According to the system of claim 6, wherein the computation module evaluates the encrypted polynomial set in parallel or sequentially on the first ciphertext to produce the second ciphertext.

8. According to the system of claim 7, wherein the first ciphertext transmitted by the second participant is a tensor-product state of multiple individual ciphertexts.

9. According to the system of claim 8, wherein the encrypted polynomial set is generated from an encrypted action which is defined as:

10. According to the system of claim 9, wherein a circuit of each of the encrypted action is further divided into a number jt of sections for positive integers jt and t to generate refined encrypted polynomial sets.

11. According to the system of claim 10, wherein there is a first communication between the first participant and the second participant, wherein the first communication occurs in parallel or sequentially, which includes the distribution of public encryption keys from the first participant to the second participant.

12. According to the system of claim 11, wherein there is a second communication between the first participant and the third participant, wherein the second communication occurs in parallel or sequentially, which includes: the transmission of the computation instruction from the first participant to the third participant; andthe transmission of the second ciphertext from the third participant to the first participant.

13. According to the system of claim 11, there is a third communication between the second participant and the third participant wherein the third communication occurs in parallel or sequentially, which includes the distribution of the first ciphertext from the second participant to the third participant.

14. A computer-implemented method for performing secure multi-party exact homomorphic encryption (SMPEHE) involving a first participant as a model provider/data receiver, a second participant as data provider/a data owner and a third participant as a computation provider, wherein the method comprises: S10. randomly selecting E≤D members from a group of D parties in the first participant;S20. generating E independent key pairs, wherein each of the independent key pairs comprises, for j=1, 2, . . . , E: a public key ,kj(,j; xj), a multivariate polynomial set generated by an encryption mapping ,j; anda private key ,j, corresponding to the public key;S30. preparing E operations Mj of n qubits, wherein each of the operation Mj is composed of elementary gates;S40. generating E encryption transformations ,j of n qubits, wherein each of the encryption transformation ,j composed of elementary gates;S50. creating E encrypted polynomial sets ,wj(;zj) based on the j-th encrypted action =(,j ⊗Inj-wj)Mj,j, where Mj is a desired operation of the j-th member, ,j is an inverse of ,j and Inj-wj is an identity operator for nj-wj qubits;S60. publicizing a set of public keys {,kj(,j; xj):j=1,2, . . . , E}; andS70. transmitting an encrypted polynomial set {,wj(;zj):j=1, 2, . . . , E} to the third participant.

15. According to the computer-implemented method of claim 14, wherein the method further comprises, for j=1, 2, . . . , E: S80. preparing E plaintext messages mj∈Z2kj, each of which represented as a kj-qubit state, where kj≤wj;S90. encrypting each of the plaintext mj into a first ciphertext cj using the corresponding public key ,kj(,j; xj);S100. creating a tensor-product state of the ciphertexts |c=|c1|c2⊗ . . . ⊗|cE; andS110. transmitting the tensor-product the ciphertext state |c to the third participant.

16. According to the computer-implemented method of claim 15, wherein the method further comprises: S120. distributing the encrypted polynomial sets {,wj(;zj):j=1,2, . . . , E} among L independent third participants;S130. evaluating each of the encrypted polynomial set ,wj(;zj) on an input |cj=|cj⊗|0nj-wj, where |0nj-wjis a null state of nj-wj qubits;S140. generating the second ciphertexts |s=|s1⊗|s2⊗ . . . ⊗|sE; andS150. transmitting the second ciphertexts |s to the first participant.

17. According to the computer-implemented method of claim 16, wherein the method further comprises: S160. decrypting each of the second ciphertext |sj using the corresponding private key ,j to recover computation outcomes.

18. According to the computer-implemented method of claim 15, wherein each of the encryption mapping ,j is composed of elementary gates selected from the group consisting of negation, Toffoli, CNOT, and multi-controlled gates.

19. According to the computer-implemented method of claim 18, wherein each of the public key ,kj(,j; xj) is generated by applying the encryption mapping ,j to an initial polynomial set containing linear and nonlinear polynomials.

20. According to the computer-implemented method of claim 17, wherein the encrypted polynomial sets ,wj(;zj) encode computation instructions for operations performed by the third participant.

21. According to the computer-implemented method of claim 15, wherein each of the first ciphertext cj is generated by evaluating the public key ,kj(,j; xj) on the plaintext message mj, producing a bit-length kj≤wj.

22. According to the computer-implemented method of claim 16, wherein the tensor-product state of the first ciphertexts is transmitted securely to the third participant without revealing the plaintext messages.

23. According to the computer-implemented method of claim 16, wherein the encrypted polynomial sets are evaluated independently or sequentially on the first input ciphertext to optimize computational efficiency.

24. According to the computer-implemented method of claim 17, wherein the private key ,j is used to decrypt the second ciphertexts.

25. According to the computer-implemented method of claim 15, wherein the method further comprises distributing the public encryption keys from the first participant to the second participant in parallel or sequentially.

26. According to the computer-implemented method of claim 16, wherein the method further comprises: transmitting computation instructions from the first participant to the third participant in parallel or sequentially; andtransmitting the second ciphertexts from the third participant to the first participant in parallel or sequentially.

27. According to the computer-implemented method of claim 16, wherein the method further comprises: transmitting the first ciphertexts from the second participant to the third participant in parallel or sequentially.