Information Technology Reference
In-Depth Information
The cloud must not be able to read the data from X and disclose the informa-
tion to Y. It is thus important to hide the data from the cloud, such that the
cloud operates on the encrypted data and returns the result without even
knowing what data were involved. To ensure that the cloud is not able to
read the data while performing computations on it, many homomorphic
encryption techniques have been suggested [12, 33]. Using homomorphic
encryption, the cloud receives ciphertext of the data, performs computations
on the ciphertexts, and returns the encoded value of the result. The user
is able to decode the result, but the cloud does not know what data were
involved. In such circumstances, it must be possible for the user to verify that
the cloud returned correct results.
Several encryption techniques exist that support different homomor-
phisms, such as multiplicative homomorphism (RSA [30]), additive homo-
morphism (Paillier [28], Boneh-Goh-Nissim [5]), or the recently proposed
fully homomorphic scheme [12], which can support complicated functions.
We give a brief description of how the Paillier homomorphic encryption
technique works.
3.2.1 Paillier Homomorphic Encryption Scheme
Given two numbers
M
1
and
M
2
, a user might want the cloud to calculate
the result
M
1
+
M
2
without the cloud knowing the values of
M
1
and
M
2
. The
protocol consists of three algorithms:
1. Key generation: This algorithm generates the public keys and global
parameters, given a security parameter. Let
N
=
p
1
p
2
, where
p
1
and
p
2
are primes. Choose
g
∈
∗
2
, such that
g
has an order that is a multi-
ple of
N
. Let λ(
N
) =
lcm
(
p
1
− 1,
p
2
− 1), where
lcm
represents the least
common multiple. Then, the public key is
PK
= (
N
,
g
), and the secret
key is
SK
= (λ(
N
)).
N
2. Encryption: Let
M
be a message. Select a random number
∈
N
∗
. The ciphertext
c
is given by
rZ
N
∈
=
()
=
MN
2
cEMgr
mod
N
(3.1)
3. Decryption: To decrypt
c
,
M
can be calculated as
(
)
()
λ
N
2
Lc
mod
N
=
()
=
MDc
mod
N
,
(3.2)
(
)
()
λ
N
2
Lg
mod
N
where the
L
function takes input from the set {
u
<
N
2
|
u
= 1 mod
N
} and
computes
L
(
u
) = (
u
− 1)/
N
.
Search WWH ::
Custom Search