동형암호 재부팅 기법에 관한 연구

학위논문 (박사)-- 서울대학교 대학원 : 자연과학대학 수리과학부, 2019. 2. 천정희.2009년 Gentry에 의해서 완전동형암호가 처음 설계된 이후로 최적화와 고속화를 위해서 다양한 기법들과 스킴들이 설계되어 왔다. 하지만 동형암호의 연산횟수를 무제한으로 늘리기 위해서 필수적인 재부팅 기법의 효율성 문제로 실제 응용에 적용하기에는 부적합하다는 평가를 많이 받아왔다. 본 논문에서는 재부팅 기법의 고속화를 위한 다양한 기법을 제시하고 이를 실제로 응용분야에 적용하였다. 본 논문에서는 대표적인 동형암호 스킴들에 대한 재부팅 기법에 대한 연구를 수행하였는데, 첫 번째로는 Microsoft Research와 IMB에서 만든 동형암호 라이브러리인 SEAL과 HElib에 적용가능한 재부팅 기법에 대한 연구를 수행하였다. 해당 재부팅 기법에서 핵심적이 과정은 암호화된 상태에서 복호화 함수를 계산하는 부분이다. 암호된 상태에서 최하위 비트를 추출하는 새로운 방법을 제시하여 재부팅 과정에서 소모되는 계산량과 표현되는 다항식의 차수를 줄이는데에 성공하였다. 두 번째로는, 비교적 최근에 개발된 근사계산 동형암호인 HEAAN 스킴의 재부팅 기법을 개선하는 연구를 수행하였다. 2018년에 삼각함수를 이용한 근사법을 통해서 처음 해당 스킴에 대한 재부팅 기법이 제시되었는데, 많은 데이터를 담고있는 암호문에 대해서는 전처리, 후처리 과정이 계산량의 대부분을 차지하는 문제가 있었다. 해당 과정들을 여러 단계로 재귀적인 함수들로 표현하여 계산량이 데이터 사이즈에 대해서 로그적으로 줄이는 것에 성공하였다. 추가로, 다른 스킴들에 비해서 많이 사용되지는 않지만, 정수기반 동형암호들에 대해서도 재부팅 기법을 개선하는 연구를 수행하였고 그 결과 계산량을 로그적으로 줄이는 것에 성공하였다. 마지막으로, 재부팅 기법의 활용성과 사용 가능성을 보이기 위해 실제 데이터 보안을 필요로 하는 기계학습 분야에 적용해보았다. 실제로 400,000건의 금융 데이터를 이용한 회귀분석을 암호화된 데이터를 이용해서 수행하였다. 그 결과 약 16시간 안에 80\% 이상의 정확도와 0.8 정도의 AUROC 값을 가지는 유의미한 분석 모델을 얻을 수 있었다.After Gentry's blueprint on homomorphic encryption (HE) scheme, various efficient schemes have been suggested. For unlimited number of operations between encrypted data, the bootstrapping process is necessary. There are only few works on bootstrapping procedure because of the complexity and inefficiency of bootstrapping. In this paper, we propose various method and techniques for improved bootstrapping algorithm, and we apply it to logistic regression on large scale encrypted data. The bootstrapping process depends on based homomorphic encryption scheme. For various schemes such as BGV, BFV, HEAAN, and integer-based scheme, we improve bootstrapping algorithm. First, we improved bootstrapping for BGV (HElib) and FV (SEAL) schemes which is implemented by Microsoft Research and IMB respectively. The key process for bootstrapping in those two scheme is extracting lower digits of plaintext in encrypted state. We suggest new polynomial that removes lowest digit of input, and we apply it to bootstrapping with previous method. As a result, both the complexity and the consumed depth are reduced. Second, bootstrapping for multiple data needs homomorphic linear transformation. The complexity of this part is O(n) for number of slot n, and this part becomes a bottleneck when we use large n. We use the structure of linear transformation which is used in bootstrapping, and we decompose the matrix which is corresponding to the transformation. By applying recursive strategy, we reduce the complexity to O(log n). Furthermore, we suggest new bootstrapping method for integer-based HE schemes which are based on approximate greatest common divisor problem. By using digit extraction instead of previous bit-wise approach, the complexity of bootstrapping algorithm reduced from O(poly(lambda)) to O(log^2(lambda)). Our implementation for this process shows 6 seconds which was about 3 minutes. To show that bootstrapping can be used for practical application, we implement logistic regression on encrypted data with large scale. Our target data has 400,000 samples, and each sample has 200 features. Because of the size of the data, direct application of homomorphic encryption scheme is almost impossible. Therefore, we decide the method for encryption to maximize the effect of multi-threading and SIMD operations in HE scheme. As a result, our homomorphic logistic regression takes about 16 hours for the target data. The output model has 0.8 AUROC with about 80% accuracy. Another experiment on MNIST dataset shows correctness of our implementation and method.Abstract 1 Introduction 1.1 Homomorphic Encryption 1.2 Machine Learning on Encrypted Data 1.3 List of Papers 2 Background 2.1 Notation 2.2 Homomorphic Encryption 2.3 Ring Learning with Errors 2.4 Approximate GCD 3 Lower Digit Removal and Improved Bootstrapping 3.1 Basis of BGV and BFV scheme 3.2 Improved Digit Extraction Algorithm 3.3 Bootstrapping for BGV and BFV Scheme 3.3.1 Our modications 3.4 Slim Bootstrapping Algorithm 3.5 Implementation Result 4 Faster Homomorphic DFT and Improved Bootstrapping 4.1 Basis of HEAAN scheme 4.2 Homomorphic DFT 4.2.1 Previous Approach 4.2.2 Our method 4.2.3 Hybrid method 4.2.4 Implementation Result 4.3 Improved Bootstrapping for HEAAN 4.3.1 Linear Transformation in Bootstrapping 4.3.2 Improved CoeToSlot and SlotToCoe 4.3.3 Implementation Result 5 Faster Bootstrapping for FHE over the integers 5.1 Basis of FHE over the integers 5.2 Decryption Function via Digit Extraction 5.2.1 Squashed Decryption Function 5.2.2 Digit extraction Technique 5.2.3 Homomorphic Digit Extraction in FHE over the integers 5.3 Bootstrapping for FHE over the integers 5.3.1 CLT scheme with M Z_t 5.3.2 Homomorphic Operations with M Z_t^a 5.3.3 Homomorphic Digit Extraction for CLT scheme 5.3.4 Our Method on the CLT scheme 5.3.5 Analysis of Proposed Bootstrapping Method 5.4 Implementation Result 6 Logistic Regression on Large Encrypted Data 6.1 Basis of Logistic Regression 6.2 Logistic Regression on Encrypted Data 6.2.1 HE-friendly Logistic Regression Algorithm 6.2.2 HE-Optimized Logistic Regression Algorithm 6.2.3 Further Optimization 6.3 Evaluation 6.3.1 Logistic Regression on Encrypted Financial Dataset 6.3.2 Logistic Regression on Encrypted MNIST Dataset 6.3.3 Discussion 7 Conclusions Abstract (in Korean)Docto

A Simple and Robust Gray Image Encryption Scheme Using Chaotic Logistic Map and Artificial Neural Network

A robust gray image encryption scheme using chaotic logistic map and artificial neural network (ANN) is introduced. In the proposed method, an external secret key is used to derive the initial conditions for the logistic chaotic maps which are employed to generate weights and biases matrices of the multilayer perceptron (MLP). During the learning process with the backpropagation algorithm, ANN determines the weight matrix of the connections. The plain image is divided into four subimages which are used for the first diffusion stage. The subimages obtained previously are divided into the square subimage blocks. In the next stage, different initial conditions are employed to generate a key stream which will be used for permutation and diffusion of the subimage blocks. Some security analyses such as entropy analysis, statistical analysis, and key sensitivity analysis are given to demonstrate the key space of the proposed algorithm which is large enough to make brute force attacks infeasible. Computing validation using experimental data with several gray images has been carried out with detailed numerical analysis, in order to validate the high security of the proposed encryption scheme

A new RSA public key encryption scheme with chaotic maps

Public key cryptography has received great attention in the field of information exchange through insecure channels. In this paper, we combine the Dependent-RSA (DRSA) and chaotic maps (CM) to get a new secure cryptosystem, which depends on both integer factorization and chaotic maps discrete logarithm (CMDL). Using this new system, the scammer has to go through two levels of reverse engineering, concurrently, so as to perform the recovery of original text from the cipher-text has been received. Thus, this new system is supposed to be more sophisticated and more secure than other systems. We prove that our new cryptosystem does not increase the overhead in performing the encryption process or the decryption process considering that it requires minimum operations in both. We show that this new cryptosystem is more efficient in terms of performance compared with other encryption systems, which makes it more suitable for nodes with limited computational ability

Research on digital image watermark encryption based on hyperchaos

The digital watermarking technique embeds meaningful information into one or more watermark images hidden in one image, in which it is known as a secret carrier. It is difficult for a hacker to extract or remove any hidden watermark from an image, and especially to crack so called digital watermark. The combination of digital watermarking technique and traditional image encryption technique is able to greatly improve anti-hacking capability, which suggests it is a good method for keeping the integrity of the original image. The research works contained in this thesis include: (1)A literature review the hyperchaotic watermarking technique is relatively more advantageous, and becomes the main subject in this programme. (2)The theoretical foundation of watermarking technologies, including the human visual system (HVS), the colour space transform, discrete wavelet transform (DWT), the main watermark embedding algorithms, and the mainstream methods for improving watermark robustness and for evaluating watermark embedding performance. (3) The devised hyperchaotic scrambling technique it has been applied to colour image watermark that helps to improve the image encryption and anti-cracking capabilities. The experiments in this research prove the robustness and some other advantages of the invented technique. This thesis focuses on combining the chaotic scrambling and wavelet watermark embedding to achieve a hyperchaotic digital watermark to encrypt digital products, with the human visual system (HVS) and other factors taken into account. This research is of significant importance and has industrial application value