Privacy Computing: Dynamic Encryption Technology—

BTC0.0₂₀

ETH0.0₂₀

HTX0.0₂₀

SOL0.0₂₀

BNB0.0₂₀

BTC0.0₂₀

ETH0.0₂₀

HTX0.0₂₀

SOL0.0₂₀

BNB0.0₂₀

Privacy Computing: Dynamic Encryption Technology——Blockchain Technology Volume 8

瘾App

2019-05-31 02:54

本文约8208字，阅读全文需要约33分钟

Jointly produced by Tongzhengtong Research Institute × FENBUSHI DIGITAL

Special Advisor: Bo Shen; Rin; JX

guide

Privacy computing technology is a cutting-edge development direction of cryptography, which fills the gap in the privacy of data in the calculation process, and makes the information security system based on cryptography a complete closed loop, providing cloud computing, distributed computing networks and blockchain The application of such technologies provides the basis for privacy. This topic will briefly introduce privacy computing technology, and analyze its origin, technical direction and application prospect.

Summary

Summary

Encryption functions that satisfy homomorphism can perform certain operations on encrypted data without decrypting the original data, providing computing power for encrypted data. The fully homomorphic encryption algorithm means that given any operation rule, the corresponding operation rules for encrypted data can be constructed through the algorithm, and the homomorphism can be satisfied. Fully homomorphic encryption is a relatively basic privacy computing technology with a wide range of applications, but its current computing efficiency is low and there are certain limitations.

Secure Multi-Party Computation solves the problem of how to safely calculate the agreed function and obtain verifiable results without the parties involved in the calculation revealing their own inputs and without a trusted third party. The main purpose of secure multi-party computing is to solve the problem of collaborative computing between parties who do not trust each other under the premise of protecting privacy. It also has its own limitations, and it cannot guarantee the honesty of participants, nor can it prevent malicious input from participants.

Zero-knowledge proof is an algorithm for the prover to prove to any third party that he does have specific data without revealing private data. It is mostly used in anonymous blockchains to hide transaction details and achieve anonymity.

Risk warning: There are bottlenecks in the technology, and the landing application is not as expected

Table of contents

Table of contents

1 Private Computing: Another Dimension of Encryption Technology

2 Main technical directions: fully homomorphic encryption, secure multi-party computation and zero-knowledge proof

2.1 Fully Homomorphic Encryption

2.2 Secure Multi-Party Computation

2.3 Zero-knowledge proof

3 Application prospects

3.1 Secure Cloud Computing

3.3 Encrypted chain data and hidden transaction information

text

secondary title

1 Private Computing: Another Dimension of Encryption Technology

With the continuous development of information technology, data has gradually become an important asset of the government, enterprises and individuals, and its discovery, storage, processing and use have become more and more important, gradually generating privacy requirements. The development of data science has continuously expanded the application scenarios of data, corresponding cooperation has also begun to emerge, and privacy issues have also followed. For example, the enterprise may need to use the data of the partner to form a certain judgment or result, but the partner is unwilling to completely hand over its data to others, and the enterprise also does not want its query conditions or analysis methods to be known to the partner; When using cloud computing resources, users also hope that their data and calculation methods can be kept confidential, but in reality they have to upload all the content, thus facing the risk of leakage. With the development of cloud computing and blockchain, the demand for privacy computing is increasingly emerging. This frontier field combining cryptography and computing science has once again attracted everyone's attention.

Privacy computing is a kind of technology that can calculate data and verify the calculation results under the premise of ensuring that the data provider does not disclose sensitive data.

Contemporary cryptography originated in 1977, when Ron Rivest, Adi Shamir and Leonard Adleman invented the asymmetric encryption (also known as public key encryption) algorithm RSA. RSA takes advantage of the asymmetry of the current computing difficulty of computer decomposing prime factors, and designs a public key encryption system in which the public key is used for encryption and the private key is used for decryption. The private key will not appear in the data transmission link, which greatly improves the encrypted data. Transmission Security. The RSA algorithm was published on April 3, 1977, the Passover of the Jewish nation, just like Moses exodus from Egypt, human encryption technology broke through the long-standing bottleneck and reached a new stage.

Cryptography converts data into ciphertext through mathematical theory, and its content cannot be read without a private key, which solves the problem of private storage and communication in an insecure environment, but there is a gap in the use link. When it comes to the use of information, the encrypted data in the process of communication and storage has to be decrypted for query and calculation. Therefore, there is a gap in the use of the information encryption system based on cryptography, and it is not yet possible to form a closed-loop encryption system. When the information owner has to submit data to use third-party services, he faces the risk of information leakage, and the encryption status of other links loses its meaning. In response to this situation, the academic community has carried out research on data computing in an encrypted state, which is what we call privacy computing.

In 1978, Ron Rivest, Leonard Adleman and Michael L. Dertouzos proposed the homomorphic encryption problem, and in the same year proposed the algorithm RSA that satisfies multiplicative homomorphism. Prior to this, cryptography research focused on the static security of data in the process of storage and transmission, and the proposal of the homomorphic encryption problem led the research of encryption technology from static to dynamic, which was a huge innovation in theory and created a new era. The first of its kind in private computing.

In 1982, the Chinese Turing Award winner Yao Qizhi pioneered the millionaire problem, which introduced the concept of multi-party secure computing. In his paper "Protocols for Secure Computations", Yao Zhizhi proposed the millionaire problem, that is, how to compare who is richer between two millionaires without a trusted third party and without disclosing their property status.

After continuous research and development in the academic circles, privacy computing represented by fully homomorphic computing, secure multi-party computing, and zero-knowledge proof has achieved certain results, and has become one of the hot issues in cryptography research.

secondary title

2 Main technical directions: fully homomorphic encryption, secure multi-party computation and zero-knowledge proof

At present, privacy computing at the cryptographic level mainly includes three main technologies: Full Homomorphic Encryption (FHE), Secure Multi-Party Computation (sMPC), and Zero-knowledge Proof (Zero-knowledge Proof). direction. In addition, there are directions such as trusted execution environment and indistinguishable obfuscation. This topic will analyze fully homomorphic encryption, secure multi-party computation and zero-knowledge proof, and analyze their advantages and disadvantages.

2.1 Fully Homomorphic Encryption

In the era of symmetric encryption algorithms before the advent of the RSA algorithm, encrypting and decrypting data followed the same rules. The key elements of symmetric encryption include encryption algorithm and key. The data sender uses a specific key to encrypt data, and sends the encrypted data and key to the receiver. During transmission, encrypted data or keys are at risk of being intercepted. Once the encryption algorithm is cracked, if the key is not replaced in time, the subsequent communication process between the two parties will no longer be safe.

Asymmetric encryption ensures the security of data storage and transmission. The asymmetric encryption algorithm generates a pair of public key and private key, the public key is used to encrypt data, and the private key is used to decrypt the data encrypted by the corresponding public key. In the above example, the data receiver only needs to disclose the public key to the sender, the sender uses the receiver's public key to encrypt the data, and the receiver uses the private key to decrypt the data after receiving it. During the entire encryption and decryption process, the two parties do not need to exchange information about the private key, so the security is very high.

Homomorphic encryption ensures the security of the data calculation process and provides the function of processing encrypted data. If you want to process the original data, you generally need to decrypt the data first. If the party performing the calculation process is untrustworthy, then the previous encryption and decryption process is tantamount to wasting effort.

Homomorphism is originally a concept in abstract algebra. The encryption function f is used to represent the process of obtaining the ciphertext S from the original data M through encryption, and f^(-1) represents its inverse operation, that is, the decryption process:

If some kind of operation "+" can be performed between the original data S1 and S2, and the operation result can still be processed by the encryption function, in addition to satisfying

It is said that the encryption function f satisfies the homomorphism of the operation "+". The "+" here represents an abstract operation rule, which can be well-known addition, multiplication, and so on.

Encryption functions that satisfy homomorphism can perform certain operations on encrypted data without decrypting the original data. Calculate the encrypted data to get the result:

The calculation service requester decrypts the calculation result after receiving it, and the obtained result is:

It is equal to the direct operation result of the original data. The common asymmetric encryption algorithms RSA and ECC are additive homomorphic.

The fully homomorphic encryption algorithm means that given any kind of operation rules, the corresponding operation rules for encrypted data can be constructed through the algorithm, and the requirements of homomorphism can be satisfied.

Fully homomorphic encryption algorithms can be divided into three categories according to their development stages. In 2009, Craig Gentry gave the first algorithm implementation of Fully Homomorphic Encryption (FHE) in the paper "Fully Homomorphic Encryption Using Ideal Lattices" (Fully Homomorphic Encryption Based on Ideal Lattice), and it is also the first algorithm that simultaneously satisfies additive homomorphism and Multiplicative homomorphic encryption algorithm. But Gentry's algorithm is extremely inefficient. According to tests, the algorithm takes 30 minutes to perform a single bit operation, which is far from meeting the needs of large-scale applications.

Brakerski and Vinod Vaikuntanathan made improvements on the basis of the original fully homomorphic encryption algorithm, and proposed the BGV algorithm in 2011. Its mathematical basis is the asymmetry of the difficulty of solving RLWE (Ring Learning-with-errors) problems.

Craig Gendry, Amit Sahai and Brent Waters published the GSW13 algorithm in 2013, further optimizing the homomorphic multiplication algorithm. The current mainstream fully homomorphic encryption computing systems all use the latter two types of encryption algorithms.

Fully homomorphic encryption is a relatively basic privacy computing technology with a wide range of potential applications. The fully homomorphic encryption technology realizes the direct calculation of ciphertext and solves the privacy problem in computing cooperation. Through fully homomorphic encryption, the requester of computing resources can send privacy-related data in ciphertext to untrusted third parties such as cloud servers or computing companies and complete the calculation without worrying about any information security issues.

Existing solutions have a large loss of efficiency and cannot be used in large-scale commercial applications. At present, some algorithms have been improved to a certain extent compared with the original algorithm of Gentry. For example, the BGV algorithm proposed by Smart et al. gave up Bootstrapping and adopted the technology of mold change and private key exchange, which has made a breakthrough in a certain sense and is the current efficiency The best fully homomorphic encryption algorithm. However, from the perspective of absolute performance, the efficiency of the current fully homomorphic encryption algorithm is still very low, and the computing resources consumed by the same operation are about 6 orders of magnitude higher than that of plaintext. Therefore, fully homomorphic encryption is still a technology in the research and experimental stage, which is not yet sufficient for commercial application. In the future, the implementation of fully homomorphic encryption technology depends on the emergence of more efficient algorithms on the one hand, and on the other hand, it will also benefit from the improvement of equipment computing capabilities. It may be gradually applied from key data, and eventually expanded to more Calculate the scene.

Homomorphic encryption itself has certain limitations. All intermediate results of homomorphic encryption are encrypted, so the server cannot make any decisions on intermediate values, that is to say, all conditional branches need to be calculated, so all operations can only be included in the function, which increases the complexity of the function , and cause a performance loss.

M.Van Dijk and A.Juels have proved that homomorphic encryption must be performed under the same key, and there is a possibility of collusion in multi-party cooperation. Therefore, fully homomorphic encryption is usually suitable for collaborative computing. The security calculation efficiency of state encryption is lower than that of other general protocols.

2.2 Secure Multi-Party Computation

Secure Multi-Party Computation solves the problem of how to safely calculate the agreed function and obtain verifiable results without the parties involved in the calculation revealing their own inputs and without a trusted third party. For example, in the millionaire problem, two millionaires can encrypt their own property status X and Y as input, and through a specific algorithm, both parties can obtain a credible comparison result of X and Y, but they cannot know the other party’s property status .

The garbled circuits proposed by Yao Zhizhi are a solution to two-party computing. Goldreich, Micali and Wigderson have researched and developed it, and it has become one of the hot issues in the field of cryptography.

Secure multi-party computing also has the following application scenarios: a key K that needs to be encrypted is split into n different parts, and kept in different parties, and no party knows the part kept by others. Using any at least t parts (2<=t<=n) of the n shares can completely restore the content of the key K, and this key storage method is also called (t, n) threshold signature.

The main purpose of secure multi-party computing is to solve the problem of collaborative computing between distrusting parties while protecting privacy. In the real world, there will often be some collaboration scenarios where computing participants want to use their data to obtain certain results, but are unwilling to disclose their data to others. The design concept of secure multi-party computing satisfies the objective needs of participants in real economic cooperation who want to obtain cooperation benefits but do not want their own data to be leaked, and has a large potential market space. Its main application areas include electronic elections, electronic auctions, and asset custody wait.

Most secure multi-party computing schemes require the honesty of the participating parties. In secure multi-party computation research, participants are usually divided into honest, semi-honest, and attackers. An honest person provides correct data and does not try to steal other people's input data; a semi-honest person provides correct data and is willing to obtain other people's input without adverse consequences; an attacker provides false data to destroy cooperation and tries to steal other people's input. Most of the relatively efficient secure multi-party computing protocols are only safe when most of the participants are honest or semi-honest. Only the research results of the SPDZ line can guarantee that most of the participants are attackers. safety and correctness. A secure multi-party computing protocol should at least be able to run when all participants are half-honest, so as to adapt to the reality of the market economy and protect the privacy of participants. Malicious attackers do not expect to get correct results, so they rely more on the design of the incentive mechanism to limit.

In addition to the correctness of the result and the privacy of the input, the secure multi-party computation protocol also guarantees fairness among the participants. That is, the calculation result can only be obtained by everyone or not, in order to deal with the possible early termination behavior of the attacker.

The limitations of secure multi-party computation are: low efficiency; cannot guarantee the authenticity of participants' input. There is no way to prevent participants from maliciously constructing inputs and inferring other people's inputs from the results.

2.3 Zero-knowledge proof

Zero-knowledge proof is an algorithm for the prover to prove to any third party that he does have specific data without disclosing private data. It is divided into two types: interactive and non-interactive. The zero-knowledge proof algorithm has the following characteristics:

completeness. If both the prover and the verifier are honest, and the prover does possess the specific data, then the verification must pass.

stability. It is nearly impossible for an honest prover to pass verification if the prover does not possess the particular data.

Zero knowledge. After the verification process is over, the verifier does not get any information about the data.

In asymmetric encryption, concepts like zero-knowledge proofs have emerged. If someone needs to prove that he is indeed the holder of a particular private key, he can ask the verifier to randomly generate a number and sign the number himself with the private key. If the signature can be verified by the corresponding public key, then the proof passes. During the whole process, the holder's private key will not be disclosed. However, since the public key and the private key are in one-to-one correspondence, as long as the verification process is completed, it is easy for a third party to associate the private key holder with the public key.

Zero-knowledge proof is an advanced application of cryptography, but not all problems can be verified by zero-knowledge proof algorithm. Goldreich, Micali and Wigderson proved that there must be a zero-knowledge proof algorithm for the problem (NP problem) that can verify the correctness of the solution in polynomial time.

secondary title

3 Application prospects

Currently, privacy computing techniques are less efficient and have fewer practical commercial applications. With the continuous development of technology, cloud computing, blockchain and even distributed computing networks have gradually entered people's field of vision, and people's emphasis on data security provides an urgent need for the application of privacy computing. Privacy computing will have broad application prospects in the three directions of secure cloud computing, distributed computing networks, and encrypted blockchains.

3.1 Secure Cloud Computing

Cloud computing has greatly improved the utilization efficiency of computing power resources, and the market scale has grown rapidly, with broad development prospects. With the development of information technology, the speed of network communication and the computing power of servers have been gradually improved, and the cloud computing industry has developed rapidly. On the one hand, cloud computing services avoid the waste of resources that individuals and enterprises repeatedly purchase hardware devices by renting computing resources. The service provider's hardware can also maintain a very high utilization rate, which improves the efficiency of resource allocation; on the other hand, the cloud computing service provider has a large number of computing hardware, which can provide these devices with a suitable operating environment and timely maintenance. The construction of the data center will greatly reduce the cost of computing resources per unit and bring into play the effect of scale. These advantages of cloud computing have led to its rapid development in recent years, and has now formed a market size of about 260.2 billion US dollars. Cloud computing technology has been widely recognized by various industries, has very rich application scenarios and broad development space, and will greatly change the way computing resources are utilized.

However, using cloud computing services inevitably sacrifices privacy. Currently, in the process of using cloud computing services, user data is stored in clear text at the cloud service provider. On the one hand, data will inevitably be obtained by cloud computing providers. Although there are relevant laws and regulations to protect, ordinary users are always at a disadvantage in the game with oligarchic enterprises; Data can still be accessed by insiders and hackers. Although cloud computing improves the efficiency of computing resources, data security cannot be guaranteed.

Privacy computing can keep data encrypted during cloud computing, avoiding being obtained by service providers and other third parties, and greatly improving data security during cloud computing. Traditional cryptography cannot guarantee security in data computing, but privacy computing technology fills this gap, making various data cooperation including cloud computing more secure and private. Confidential data can be handed over to the cloud computing service provider for calculation through a fully homomorphic encryption algorithm without directly transmitting plaintext data. Through secure multi-party computing, data owners can safely perform cooperative computing without worrying that their data will be obtained by collaborators or third parties. Privacy computing will greatly expand the application scenarios of cloud computing.

3.2 Distributed computing network

Distributed computing network is an advanced form of cloud computing, which uses a wide range of individual computing resources to form a distributed computing network. With the improvement of the performance of personal computing equipment and the increase of the number of Internet node access, the redundancy of network computing capacity is increasing. People's idle mobile phones, computers and other equipment can be effectively reused through distributed computing networks. With the continuous development of communication technology and the gradual increase of network bandwidth, the establishment of distributed computing network has gradually moved from theory to reality.

Distributed computing networks can prevent cloud computing oligopolies from monopolizing computing resources. The scale effect of cloud computing is very obvious. It will inevitably form an oligopolistic pattern in the later stage of development. After people's usage habits are formed, these companies will raise prices and obtain high monopoly profits. It is difficult for the public to fully enjoy the benefits brought by efficiency improvements. Distributed computing network is different from cloud computing. It is the utilization of existing computing resources. Individuals do not give up the ownership of computing resources, but only perform mutual assistance and resource sharing on the network. Enterprises may have high computing power, but compared with the power of all human computing equipment integrated by distributed computing networks, it is difficult to form a monopoly advantage. Any attempt to obtain monopoly profits is against the computing power of the world and is not economically rational.

Privacy computing provides a guarantee of information security for distributed computing networks. Distributed computing networks are likely to exist in a point-to-point form, and computing resources are allocated directly between nodes, and security issues are particularly important. In this form, data will be sent directly from computing resource demand nodes to untrusted supply nodes, and data security will face greater challenges than cloud computing. If privacy computing can be used, it can fundamentally solve the information security problem of distributed computing networks. On the one hand, users can safely use other people's computing resources, and on the other hand, they can also carry out computing cooperation without disclosing data. It greatly enriches the application scenarios of distributed computing networks.

3.3 Encrypted chain data and hidden transaction information

Blockchain can provide credible distributed accounting, which greatly reduces the cost of trust, but it faces the dilemma of data verifiability and privacy on the chain. The blockchain realizes non-tamperable distributed accounting through the consensus mechanism, and provides a reliable new form of trust for the value Internet, which will greatly promote the development of online assets, and change the Internet and even the economy with trust as the starting point. social ecology. However, the information on the chain is publicly available to all, and privacy is sacrificed a lot.

Concerns about data privacy limit the scope of application of smart contracts. Smart contracts running on the blockchain bring the blockchain into the 2.0 era, realizing many functions other than payment and settlement. However, the credibility brought by running on the smart contract chain also comes at the expense of privacy. All processing records can be found on the blockchain, and its application range is also limited by data sensitivity.

Due to some reasons, some nouns in this article are not very accurate, mainly such as: general certificate, digital certificate, digital currency, currency, token, crowdsale, etc. If readers have any questions, they can call or write to discuss together.

Note:

This article was originally created by TokenRoll Research Institute (ID: TokenRoll). Unauthorized reprinting is prohibited. For reprint, please reply to keywords in the background【Reprint】

BTC

瘾App

作者文库