中興大學碩士班 - 網路安全報告 以Java實作Paillier cryptysystem 並分享於github

1. Homomorphic Encryption
學生:呂峻豪
Pure Java Paillier Cryptosystem Implementation

2. Outline
1. Introduction
2. Example
3. Classification
4. Paillier Cryptosystem
5. Implementation
6. How to Use
7. Application

3. Introduction

4. Example

5. Example

6. Example

7. Ring
1. 加法封閉性
2. 加法結合律
3. 加法交換律
4. 加法單位元
5. 加法反元素
1. 乘法封閉性
2. 乘法結合律
3. 乘法對加法分配律

8. Usage

9. Concept

10. Classification
Partially Homomorphic Encryption
• Unpadded RSA
• ElGamal
• Goldwasser–Micali
• Benaloh
• Paillier
Fully Homomorphic Encryption
• Gentry's cryptosystem

11. Paillier Cryptosystem
Key generation
𝒑, 𝒒 : 𝒈𝒄𝒅(𝒑𝒒, 𝒑 − 𝟏 𝒒 − 𝟏 ) = 𝟏 //equal length
𝒏 : 𝒑𝒒
𝝀 : 𝒍𝒄𝒎(𝒑 − 𝟏, 𝒒 − 𝟏)
𝒈 : 𝒈 ∈ 𝒁 𝒏 𝟐
∗
Ensure 𝑛 divides the order of 𝑔 by checking the existence of the
following modular multiplicative inverse:
μ = (𝑳 𝒈λ 𝒎𝒐𝒅 𝒏 𝟐 )−𝟏 𝒎𝒐𝒅 𝒏
𝑳 𝒖 =
𝒖−𝟏
𝒏
, quotient of u-1 divided by n

12. Paillier Cryptosystem
If using 𝑝, 𝑞 of equivalent length, a simpler variant of the above key
generation steps would be to set
𝑔 = 𝑛 + 1
λ = φ 𝑛
μ = φ(𝑛)−1
mod n
Where φ 𝑛 = (𝑝 − 1)(𝑞 − 1)

13. Key Pair
Public Key
(𝑛, 𝑔)
Private Key
(λ, μ)

14. Encryption
𝑚 ∶ 𝑚 ∈ 𝑍 𝑛
𝑟 ∶ random 𝑟 ∈ 𝑍 𝑛
∗
𝑐 = 𝑔 𝑚 ∙ 𝑟 𝑛 𝑚𝑜𝑑 𝑛2
(a×b) mod c = ((a mod c) * (b mod c)) mod c
Mod property
𝑐 = 𝑔 𝑚 ∙ 𝑟 𝑛 𝑚𝑜𝑑 𝑛2 = ( 𝑔 𝑚 𝑚𝑜𝑑 𝑛2 ∙ 𝑟 𝑛 𝑚𝑜𝑑 𝑛2 ) 𝑚𝑜𝑑 𝑛2

15. Decryption
𝑐 ∶ 𝑐 ∈ 𝑍 𝑛2
∗
𝑚 = 𝐿 𝑐λ 𝑚𝑜𝑑 𝑛2 ∙ μ 𝑚𝑜𝑑 𝑛

16. Homomorphic properties
• Addition
• Multiplication of plaintexts

17. Implementation
https://github.com/BenjaminLu/Paillier-Integer
BigInteger.java
• PrivateKey.java, hold (λ, μ)
• PublicKey.java, hold (𝑛, 𝑔)
• Cipher.java, hold public key, encrypted integer and
perform operations

18. Implementation – Key Generation
1. Choose two large prime numbers p and q of equivalent length
randomly and independently.
1 −
1
(2 𝑐𝑒𝑟𝑡𝑎𝑖𝑛𝑡𝑦)
certainty
𝑐𝑒𝑟𝑡𝑎𝑖𝑛𝑡𝑦 = 10
0.9990234375
𝑐𝑒𝑟𝑡𝑎𝑖𝑛𝑡𝑦 = 20
0.99999904632
PrivateKey.java

19. Implementation
OpenJDK primality test

20. Implementation – Key Generation
PublicKey.java

21. Implementation – Encryption
𝑐 = 𝑔 𝑚 ∙ 𝑟 𝑛 𝑚𝑜𝑑 𝑛2 = ( 𝑔 𝑚 𝑚𝑜𝑑 𝑛2 ∙ 𝑟 𝑛 𝑚𝑜𝑑 𝑛2 ) 𝑚𝑜𝑑 𝑛2
Cipher.java

22. Implementation – Decryption
𝑚 = 𝐿 𝑐λ
𝑚𝑜𝑑 𝑛2
∙ μ 𝑚𝑜𝑑 𝑛
𝑳 𝒖 =
𝒖−𝟏
𝒏
, quotient of u-1 divided by n
Cipher.java

23. Implementation – Homomorphism
Cipher.java

24. Implementation – Homomorphism
Cipher.java

25. Implementation – Homomorphism
Cipher.java

26. Implementation – Randomize
𝑐 = 𝑔 𝑚
∙ 𝑟 𝑛
𝑚𝑜𝑑 𝑛2
, if m = 0, random encrypted zero is
𝑐 = 𝑟 𝑛 𝑚𝑜𝑑 𝑛2
𝑚1 + 0 𝑚𝑜𝑑 𝑛 = 𝑚1 𝑚𝑜𝑑 𝑛

27. Implementation – Randomize

28. Implementation – Randomize
Randomization is useful so a server does not know that you are
resubmitting a value they have already processed. Randomizing the
encrypted integer without needing the private key is based on the
homomorphic properties to add a randomly encrypted zero.

29. How to Use
See the readme on Github

30. Application
• Electronic voting
• Electronic cash

31. Thank you