METHOD FOR CIPHERING A MESSAGE VIA A KEYED HOMOMORPHIC ENCRYPTION FUNCTION, CORRESPONDING ELECTRONIC DEVICE AND COMPUTER PROGRAM PRODUCT

US 20150100785A1
Filed: 10/07/2014
Published: 04/09/2015
Est. Priority Date: 10/09/2013
Status: Abandoned Application

First Claim

Patent Images

1. Method for ciphering a message by a sender device at destination to a receiver device, said method comprising using a keyed homomorphic encryption function associated with a public key of said receiver device, wherein it comprises:

ciphering said message with an encryption scheme secure against adaptive chosen-ciphertext attacks, in function of a first element of said public key, delivering a ciphertext;

determining for said ciphertext, an homomorphic non-interactive proof and a simulation-sound non-interactive proof, said homomorphic non-interactive proof being obtained in function of a set of signatures comprised in said public key, and said simulation-sound non-interactive proof being obtained in function of a second element comprised in said public key, and an evaluation key of said keyed homomorphic encryption function being an element linked to said second element;

delivering a cipher of said message comprising said ciphertext, said homomorphic non-interactive proof and said simulation-sound non-interactive proof.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, it is proposed a method for ciphering a message by a sender device at destination to a receiver device, said method comprising using a keyed homomorphic encryption function associated with a public key of said receiver device. Such method is remarkable in that it comprises:

- ciphering said message with an encryption scheme secure against adaptive chosen-ciphertext attacks, in function of a first element of said public key, delivering a ciphertext;
- determining for said ciphertext, an homomorphic non-interactive proof and a simulation-sound non-interactive proof, said homomorphic non-interactive proof being obtained in function of a set of signatures comprised in said public key, and said simulation-sound non-interactive proof being obtained in function of a second element comprised in said public key, and an evaluation key of said keyed homomorphic encryption function being an element linked to said second element;
- delivering a cipher of said message comprising said ciphertext, said homomorphic non-interactive proof and said simulation-sound non-interactive proof.

Citations

16 Claims

1. Method for ciphering a message by a sender device at destination to a receiver device, said method comprising using a keyed homomorphic encryption function associated with a public key of said receiver device, wherein it comprises:
- ciphering said message with an encryption scheme secure against adaptive chosen-ciphertext attacks, in function of a first element of said public key, delivering a ciphertext;
  
  determining for said ciphertext, an homomorphic non-interactive proof and a simulation-sound non-interactive proof, said homomorphic non-interactive proof being obtained in function of a set of signatures comprised in said public key, and said simulation-sound non-interactive proof being obtained in function of a second element comprised in said public key, and an evaluation key of said keyed homomorphic encryption function being an element linked to said second element;
  
  delivering a cipher of said message comprising said ciphertext, said homomorphic non-interactive proof and said simulation-sound non-interactive proof.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. Method for ciphering according to claim 1, wherein said cipher of said message further comprises a one-time verification public key SVK and a one-time signature corresponding to a signature of a concatenation of said ciphertext, said homomorphic non-interactive proof and said simulation-sound non-interactive proof, said signature being verifiable with said verification public key SVK.
  - 3. Method for ciphering according to claim 1, wherein said encryption scheme is based on the Naor-Yung encryption paradigm.
  - 4. Method for ciphering according to claim 1, wherein said encryption scheme is based on the Cramer-Shoup paradigm.
  - 5. Method for ciphering according to claim 4, wherein said ciphertext corresponds to an uplet(C₀, C₁, C₂, C₃)=(M·
    - X₁^θ²·
      
      X₂^θ², f^θ², h^θ²,g^θ²⁺⁶₂) where M is said message and belongs to a group G, encryption exponents θ
      
      ₁, θ
      
      ₂that belong to group Z_pare private random values, and elements X₁=f^x²g^x⁰∈
      
      and X₂=h^x²g^x⁰∈
      
      are comprised in said public key, with (x₀, x₁, x₂) ∈
      
      _p³being unknown elements for said sender device and corresponding to a private key for said receiver device, and elements g, f, h are elements that belong to said group G.
  - 6. Method for ciphering according to claim 5, wherein determining said homomorphic non-interactive proof comprises:
    - obtaining said set of signatures which is a signature on independent vectors {right arrow over (f)}=(f, 1, g) ∈
      
      ³and {right arrow over (h)}=∈
      
      ³comprising elements {(a_j, b, c_j)}_j=1²obtained through a use of a private key sk′
      
      ={χ
      
      _i, γ
      
      _i, δ
      
      _i}_i=1³, with (χ
      
      _i, γ
      
      _i, δ
      
      _i) ∈
      
      _p³, and (a₁, b₁, c₁)=(f^−
      
      χ²g^−
      
      χ³, f^−
      
      γⁱg^−
      
      γ², f^−
      
      δ¹g^−
      
      δ³), (a₂, b₂, c₂)=(h^−
      
      χ²g^−
      
      χ³, h^−
      
      γ²g^−
      
      γ², h^−
      
      δ²g^−
      
      δ³), and public key associated to said private key sk′
      
      being comprised in said public key of said receiver device;
      
      deriving a linearly homomorphic signature from said set of signatures and said encryption exponents θ
      
      ₁, θ
      
      ₂, delivering a derived signature (a, b, c)=(a₁^θ²·
      
      a₂^θ², b=b₁^θ¹·
      
      b₂^θ², c=c₁^θ¹·
      
      c₂^θ²) on the vector (C₁, C₂, C₃), said derived signature being said homomorphic non-interactive proof.
  - 7. Method for ciphering according to claim 2, wherein determining said simulation-sound non-interactive proof comprises:
    - obtaining said second element corresponding to a one time homomorphic signature on the independent vectors {right arrow over (f)}=(f, 1, g) ∈
      
      ³and {right arrow over (h)}=(1, h, g) ∈
      
      ³generated with a private key, said evaluation key corresponding to said private key;
      
      determining a derived signature on said second element, said derived signature being a one-time linearly homomorphic signature;
      
      generating commitments on said derived signature using a Groth-Sahai common reference string based on said one-time verification public key VK;
      
      generating proofs with a randomizable linearly homomorphic structure-preserving signing method, said simulation-sound non-interactive proof being a concatenation of said commitments and said proofs.
  - 8. Method for ciphering according to claim 4, wherein determining said simulation-sound non-interactive proof comprises determining a non-interactive witness OR proof in function of said encryption exponents θ
    - ₁, θ
      
      ₂and said second element, said second element being a verification key of a digital signature method, and said evaluation key being a corresponding private key of said verification key of said digital signature method.
  - 9. Method for ciphering according to claim 8, wherein said digital signature method is a Waters signature method.

10. Method for processing a cipher of a message, said method being executed by a receiver device, and said method being characterized in that it comprises:
- obtaining a homomorphic non-interactive proof and a simulation-sound non-interactive proof that are associated to said cipher;
  
  verifying a validity of said homomorphic non-interactive proof and said simulation-sound non-interactive proof, delivering an information of validity of said cipher.
- View Dependent Claims (11, 12)
- - 11. Method according to claim 10, wherein said method further comprises obtaining said message from said cipher in case that said information of validity asserts that said cipher is valid, by using a private key.
  - 12. Method according to claim 10, wherein when at least a first and a second cipher of a first message and a second message are obtained by said receiver device, the method further comprises a set of combining said first and said second cipher by using an evaluation key, delivering a third cipher comprising an homomorphic non-interactive proof and a simulation-sound non-interactive proof.

13. A computer-readable and non-transient storage medium storing a computer program comprising a set of computer-executable instructions to implement a method for cryptographic computations when the instructions are executed by a computer, wherein the instructions comprise instructions, which when executed, configure the computer to perform a method for ciphering a message, said method comprising using a keyed homomorphic encryption function associated with a public key of a receiver device, wherein it comprises:
- ciphering said message with an encryption scheme secure against adaptive chosen-ciphertext attacks, in function of a first element of said public key, delivering a ciphertext;
  
  determining for said ciphertext, an homomorphic non-interactive proof and a simulation-sound non-interactive proof, said homomorphic non-interactive proof being obtained in function of a set of signatures comprised in said public key, and said simulation-sound non-interactive proof being obtained in function of a second element comprised in said public key, and an evaluation key of said keyed homomorphic encryption function being an element linked to said second element;
  
  delivering a cipher of said message comprising said ciphertext, said homomorphic non-interactive proof and said simulation-sound non-interactive proof.

14. A computer-readable and non-transient storage medium storing a computer program comprising a set of computer-executable instructions to implement a method for cryptographic computations when the instructions are executed by a computer, wherein the instructions comprise instructions, which when executed, configure the computer to perform a method for processing a cipher of a message, wherein said method comprises:
- obtaining a homomorphic non-interactive proof and a simulation-sound non-interactive proof that are associated to said cipher;
  
  verifying a validity of said homomorphic non-interactive proof and said simulation-sound non-interactive proof, delivering an information of validity of said cipher.

15. Electronic device comprising a ciphering module configured to cipher a message, said ciphering module comprising a module configured to use a keyed homomorphic encryption function associated with a public key of a receiver device, wherein said module configured to use comprises:
- a module configured to cipher said message with an encryption scheme secure against adaptive chosen-ciphertext attacks, in function of a first element of said public key, delivering a ciphertext;
  
  a module configured to determine for said ciphertext, an homomorphic non-interactive proof and a simulation-sound non-interactive proof, said homomorphic non-interactive proof being obtained in function of a set of signatures comprised in said public key, and said simulation-sound non-interactive proof being obtained in function of a second element comprised in said public key, and an evaluation key of said keyed homomorphic encryption function being an element linked to said second element;
  
  a module configured to deliver a cipher of said message comprising said ciphertext, said homomorphic non-interactive proof and said simulation-sound non-interactive proof.

16. Electronic device comprising a module configured to process a cipher of a message, wherein said module comprises:
- a module configured to obtain a homomorphic non-interactive proof and a simulation-sound non-interactive proof that are associated to said cipher;
  
  a module configured to verify a validity of said homomorphic non-interactive proof and said simulation-sound non-interactive proof, delivering an information of validity of said cipher.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Thomson Licensing SAS (Vantiva SA)
Original Assignee
Thomson Licensing (Vantiva SA)
Inventors
JOYE, Marc, LIBERT, Benoit

Application Number

US14/508,337
Publication Number

US 20150100785A1
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

H04L 2209/24   Key scheduling, i.e. genera...

H04L 9/008   involving homomorphic encry...

H04L 9/14   using a plurality of keys o...

METHOD FOR CIPHERING A MESSAGE VIA A KEYED HOMOMORPHIC ENCRYPTION FUNCTION, CORRESPONDING ELECTRONIC DEVICE AND COMPUTER PROGRAM PRODUCT

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD FOR CIPHERING A MESSAGE VIA A KEYED HOMOMORPHIC ENCRYPTION FUNCTION, CORRESPONDING ELECTRONIC DEVICE AND COMPUTER PROGRAM PRODUCT

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links