• 专利附录
  • 专利说明
  • 权利要求
  • 类似技术
  • 同族专利
  • 引用文献
  • 法律状态
  • 优先权
    • 专利摘要:
    The invention relates to a method for executing a program operating on data encrypted by homomorphic encryption. The execution of a program instruction includes the homomorphic evaluation (320) of an associated function in the cipher space, a homomorphic masking of the evaluation result (350) with a previously encrypted random sequence (340) , a decryption of the evaluation result thus masked (360) followed by a new encryption (370) then a unmasking (380) homomorphic in the field of encrypted. The execution of the instruction does not allow any step to show in clear the result of the execution of the instruction.
    公开号:FR3048102A1
    申请号:FR1651502
    申请日:2016-02-24
    公开日:2017-08-25
    发明作者:Olivier Savry;Thomas Hiscock
    申请人:Commissariat a lEnergie Atomique CEA;Commissariat a lEnergie Atomique et aux Energies Alternatives CEA;
    IPC主号:
    专利说明:

    METHOD OF CONFIDENTIAL EXECUTION OF A PROGRAM OPERATING ON DATA ENCOUNTERED BY A HOMOMORPHIC ENCRYPTION
    DESCRIPTION
    TECHNICAL FIELD The object of the present invention relates to the field of secure processors and more particularly to secure computing by homomorphic encryption.
    STATE OF THE PRIOR ART
    Secure computing has recently been the subject of important research, based in particular on homomorphic encryption techniques.
    It is recalled that a homomorphic encryption makes it possible to perform operations (in practice arithmetic operations of addition or multiplication and equivalent logical operations) on data without ever revealing them. More specifically, a homomorphic encryption is Encpk (public key pk) asymmetric key encryption verifying the following property:
    (1) where X is the space of the clear messages (more simply clear space) and Y is the space of the encrypted messages (more simply called space of the ciphered), + an additive operation in the space of the clears giving to X a group structure, © an operation in the cipher space giving Y a group structure. We understand that the application of (X, +) in (F, ©) is a homomorphism of groups. Decsk is the decryption function corresponding to Encpk (where sk is the secret key of the user).
    It follows from the expression (1) that it is possible to perform an additive operation between two clears (a, b) from a corresponding operation between their ciphers (Encpk (a), Encpk (b)).
    More generally, a homomorphic cipher can be considered as a ring morphism between the clear space (with +, x operations) and the cipher space (with corresponding operations Θ, ®). We then have the following properties:
    (2-1) (2-2) Using expressions (2-1) and (2-2), it is therefore possible to evaluate any F function, decomposable into elementary addition and multiplication operations , in the space of the figures and then to decipher the result.
    In the same way, one can evaluate a logical function F any decomposable in elementary logical operations AND, OR and NOT in the space of the ciphers. To do this, we convert these logical operations into arithmetic operations:
    (3-1) (3-2) (3-3) and the right-hand members of the equations (3-1) to (3-3) are calculated in the space of the ciphers.
    When a function F is defined in the clear space, we will note in the sequence F the equivalent function in the space of the ciphers. In other words :
    (4) where are the data in clear. The term on the left corresponds to an evaluation in the field of clear and F (Encpk (ml), .., Encpk (mM)) to an evaluation in the field of ciphered, also called homomorphic evaluation. An evaluation of F in the clear is thus made to correspond to a homomorphic evaluation H.Evalpk (F).
    Homomorphic encryption methods came into being with Craig Gentry's thesis entitled "A fully homomorphic encryption scheme".
    Current homomorphic cryptosystems are largely based on ciphers derived from the Leaming With Errors (LWE) or Ring Leaming With Errors (RLWE) problem. In these cryptosystems, encryption consists of masking a message with noise. Reciprocally, decryption consists in removing this noise, which is feasible if one knows the private key of the cryptosystem but on the other hand extremely difficult if it is unknown. Homomorphic operations naturally maintain this masking or even amplify it. More precisely, if we represent the aforementioned function F according to a tree decomposition, each node of the tree corresponding to an elementary arithmetic (or logic) operation, a noise is added at each level of the tree. It is therefore conceivable that if the function F (and therefore F) has a large computation depth (that is to say a large number of levels in the tree representation), the noise level in the evaluation result of the F function can become high. When the noise exceeds a threshold (depending on the encryption scheme used), it is no longer guaranteed that the result is still decipherable.
    When a homomorphic cryptosystem makes it possible to carry out any depth of computation, it is denominated entirely homomorphic or FHE (Fully Homomorphic Encryption). Otherwise, it is said to be relatively homomorphic or SHE (Somewhat Homomorphic).
    The cryptosystem quoted above is entirely homomorphic. The basic idea of Gentry is to use an encryption method that has some recursive property (bootstrappability), namely the ability to evaluate its own decryption function in addition to basic arithmetic (or logical) operations. It is then possible to construct an FHE encryption method comprising a series of elementary encryption steps interspersed with decryption steps, each decryption step making it possible to rewire the noise level below an acceptable threshold and thus to avoid divergence. To date, the most effective methods of encryption are the BGV (Brakerski, Gentry, Vaikuntanathan) method derived from ATV (Alt-Lopez, Tromer, Vaikuntanathan) and GHW (Gentry Halevi Waters). Their theoretical security is based on the LWE or RLWE problem.
    A description of an encryption scheme derived from the ATV scheme, referred to as YASHE, can be found in the article by J.W. Bos et al. entitled "Improved security for a ring-based fully homomorphic encryption scheme" published in Cryptology ePrint Archive, Report 2013/075, 2013. Similarly, a description of an encryption scheme derived from the BGV schema, referred to as FV, can be found in article by Jungfen Fan et al. entitled "Somewhat practical fully homomorphic encryption", published in Cryptology ePrint Archive, Report 2012/144, 2012.
    We will briefly recall here the principle of the YASHE encryption scheme.
    We consider a non-zero integer (qe Z *) and we write [x] the value of x modulo q, in other words the unique integer of the interval] -q / 2, q / 2 as it exists qe Z, with x = kq + H, H "z / qZ). We define the ring R = Z [X] / (P (X)) as the quotient ring of polynomials with coefficients in Z and (P (X)) the ideal generated by the polynomial P (X). The polynomial P (X) is irreducible (for example P (X) - Xd +1 with d = 2 ") and so R is a field, and R is the ring of polynomials of R whose coefficients belong to ZlqZ. We write xerr and xkey two distinct distributions on Rq, for example two Gaussian distributions of different variances, and u (R) the uniform distribution on R. We finally consider an integer t <q and we write A - _ q / t_ | where [.J is the default integer part.
    The YASHE encryption method uses two polynomials / 'and g randomly drawn in R by means of the xkey distribution. / 'is assumed such that / = l + tf' is invertible in Rq. If / is not invertible, proceed to another draw of / '.
    We then obtain a couple of public key and private key:
    (5-1) (5-2)
    Encryption is performed by generating two polynomials e, u randomly in R by means of the xerr distribution:
    (6) and calculating the cipher by adding a noise term as follows:
    (7) Reciprocally, the decryption restores the message m from and and from the private key sk = f as follows:
    (8)
    We will consider in the following a processor capable of executing a program consisting of instructions. The program is a binary file generated using a compiler from an assembly-level source program or higher. Each instruction is represented by a binary code that obeys an instruction format. An instruction is defined by an elementary operation to be performed (logical and arithmetic operation for example) and, if necessary, a source operand and a destination operand. Operands are given by the contents of internal registers or memory locations. The instructions are executed one by one by the processor.
    It has been proposed that such a processor can operate directly on data (or operands) encrypted by a homomorphic encryption. Several approaches can be considered.
    Diagrammatically shown in FIG. 1 a first approach to run a program on data encrypted by a homomorphic encryption.
    According to this approach, the entire program is executed in a homomorphic manner. More precisely, if the entire program is represented by a function F, this function can be evaluated homomorphically over the space of the encrypted data.
    There is shown at 110 a memory area storing data (RAM and / or flash memory and / or registers). The data is stored in encrypted form by homomorphic encryption. The operands in the clear are noted mi and those encrypted are denoted H.Enci =. Similarly, the instructions of the program are stored in a program memory 115.
    The function F representing all the instructions of the program is evaluated at 120 homomorphically. The homomorphic evaluation of the function F has been designated here by F - H.Evalpk (F).
    However, the depth of calculation of F, potentially dependent on the length of the program, can thus reach very high values. We are thus confronted with a problem of amplification of noise which must be remedied by bootstrapping techniques (evaluation of the decryption function in the space of the ciphers), very consuming in computing resources and in memory size (expansion of the size of keys and numbers).
    An alternative approach is shown in FIG. 2. According to this approach, the data are also stored in memory 210 in encrypted form by a homomorphic encryption and the instructions are stored in the program memory 215. On the other hand, each of the instructions is independently subject to a homomorphic evaluation. More precisely, if we write Fn n = l, ... N the functions performed by these instructions and if we assume for simplification that each of them can depend on the set of data each of these instructions is first evaluated in 220 homomorphously. Thus, the depth of calculation is limited to that of a single instruction and therefore relatively reduced. The result is then decrypted at 230 by means of the secret key sk (H.Decsk) to avoid propagation of the noise at the next instruction. The result is then re-encrypted at 240 by encryption (H.Encpk) to ensure confidentiality before being stored in the memory area, for example in an intermediate register. It can then be used during homomorphic evaluation of a subsequent instruction. The major disadvantage of this approach is that the evaluation result of the instruction appears in clear during its execution, which affects the confidentiality and makes possible certain attacks.
    The purpose of the present invention is therefore to propose a method for executing a program operating on encrypted data by homomorphic encryption that is confidential, in the sense that it does not at any time require the disclosure of data or results. evaluation in the clear.
    STATEMENT OF THE INVENTION
    The present invention is defined by a method of executing a program operating on encrypted data by means of a homomorphic encryption, said program comprising a plurality of instructions, each instruction being able to be represented by a function of said data, the execution of said instruction comprising a homomorphic evaluation by a processor of said function from said encrypted data, characterized in that: (a) the result of said evaluation is masked by a first summation operation with a random sequence previously encrypted by said homomorphic encryption said first summing operation in the cipher field corresponding to a modulo 2 summing operation in the plaintext data field; (b) the result of said masked evaluation is first decrypted and then re-encrypted by means of said homomorphic cipher; (c) the result obtained in step (b) is unmasked by a second summation operation with said random sequence previously encrypted by said homomorphic encryption, said second summation operation in the domain of the digits corresponding to a modulo 2 summation operation in the field of data in clear, the result of the second summation operation being stored in a memory area.
    According to one variant, steps (a), (b) and (c) are performed by a coprocessor distinct from said processor.
    According to a first embodiment, said instructions are stored in the form of functions expressed in the field of data in the clear, said instructions being translated during boot by expressing said functions in the domain of the encrypted data, before being stored in a database. program memory.
    According to a second embodiment, said instructions are stored in a program memory in the form of functions expressed in the field of data in the clear, said instructions being translated on the fly, as and when they are executed, by expressing said functions in the field of encrypted data.
    The encryption can be a fully homomorphic encryption or, advantageously, relatively homomorphic. In the latter case, it may for example be a BGV, ATV or YASHE encryption.
    BRIEF DESCRIPTION OF THE DRAWINGS Other features and advantages of the invention will appear on reading a preferred embodiment of the invention, with reference to the appended figures among which:
    Fig. 1 schematically shows a first example of execution of a program on data encrypted by a homomorphic encryption;
    Fig. 2 schematically shows a second example of execution of a program on data encrypted by a homomorphic encryption;
    Fig. 3 schematically represents the principle of a confidential execution method on data encrypted by a homomorphic encryption, according to one embodiment of the invention.
    DETAILED PRESENTATION OF PARTICULAR EMBODIMENTS
    We will consider in the following a program comprising a plurality of instructions intended to be sequentially executed by a processor (CPU or microcontroller). The instructions operate on data stored in a memory area (eg flash memory, RAM, registers). This data is stored in encrypted form by means of a homomorphic encryption, for example a relatively homomorphic encryption (SHE), characterized by its public key pk and its secret key sk.
    Each instruction is evaluated homomorphically. More precisely, each instruction can be expressed in the form of a logical operation (combination of elementary operations AND, OR, NOT) or arithmetic (combination of elementary operations of addition and multiplication) or in the space of clear (function F), or equivalent (function F) in the space of the cipher. The translation from F to F can be done offline, that is to say prior to storing the program. If necessary, the translation can be performed during the boot, the set of translated instructions then being stored in a program memory, or even performed on the fly by the processor, statement by instruction.
    Fig. 3 schematically represents the principle of a confidential execution method on data encrypted by a homomorphic encryption, according to one embodiment of the invention.
    310 has been designated as the memory space storing the encrypted data and by 315 the memory space storing the program instructions (assumed here expressed in the space of the ciphers).
    Each new instruction Fn is evaluated in a homomorphic manner, at 320, in other words an evaluation result H.Evalpk (Fn) is obtained as in the second approach envisaged in the introductory part.
    However, unlike the latter, the result of the evaluation is the subject of homomorphic masking before being deciphered.
    More precisely, a random mask r is generated at 330 by means of a pseudo-random sequence generator or preferably a cryptographic quality random sequence generator known per se.
    A pseudo-random sequence generator generally consists of one or more shift registers, looped back on themselves and / or between them and whose outputs are combined in a linear or non-linear manner. The size of the mask is chosen equal to the length of the evaluation result H.Evalpk (Fn).
    A pseudo-random generator uses a source of physical entropy, such as a thermal noise of a resistor for example and the figure for example by means of symmetric encryption.
    In 340, the random mask r is then subjected to a homomorphic encryption with the same cryptosystem (and in particular the same public key pk) as that used to encrypt the data. The mask thus encrypted, H.Encpk (r) is then added by means of a summation operation in the domain of the ciphered data (that is to say by means of the operation denoted by 0) to the homomorphic evaluation result. H.Evalpk (Fn). The summation operation 0 corresponds by definition to the summation operation in the light domain, +, here considered as a modulo 2 addition (in other words bit-by-bit without restraint). Advantageously, the homomorphic encryption is chosen such that the summation operation est is also a modulo 2 summation operation. This is particularly the case for the previously mentioned ATV and BGV encryption algorithms.
    The evaluation result, masked by the random mask, is then decrypted by means of the secret key sk at 360. Advantageously, the secret key is stored in a secure register of the processor. This decryption makes it possible to avoid propagation of the noise from one instruction to the next, as explained above. The result of the decryption is none other than Fn (m1, ..., mM) + r.
    The result of the decryption is then again encrypted by means of the homomorphic encryption 370, then unmasked at 380, by adding it to the encrypted random mask H.Encpk (r) by means of the operation ((advantageously a bitwise summation at average of an XOR as indicated above) in 380.
    The sum thus obtained is then stored in the memory zone 310.
    Thanks to homomorphic masking upstream of the result decryption operation, the result of the instruction (rap ..., mM) does not appear in clear at any stage of its execution by the processor. The unmasking operation at 380 being performed homomorphously in the field of ciphers, it does not reveal the result of the instruction.
    It will be understood that the unmasked result H.Encpk (Fn {m1, ..., mM) + r) ®H.Encpk (r) is in encrypted form and that its storage in the memory zone does not present any problem of security. Its treatment by a subsequent instruction will be that of a homomorphic cipher of Fn (ml, ..., mM), and therefore identical to that which would be performed on Fn [η , ..., ηιΜ), since:
    (9)
    Compared with the second approach illustrated in FIG. 2, only the noise corresponding to a single operation in the field of encrypted, in this case the unmasking operation, is to be taken into account in the next instruction. This noise being well dimensioned, no additional decryption (bootstrapping step) is to be expected.
    In a hardware implementation, the operations 320 to 380 may be performed by the processor itself or, according to another embodiment, distributed between the processor and a dedicated coprocessor. In this case, the operations 330 to 380, which do not require access to the instruction, can be supported by the coprocessor, the latter simply performing homomorphic masking on the result of the instruction before the instruction. store in memory.
    权利要求:
    Claims (9)
    [1" id="c-fr-0001]
    A method of executing a program operating on encrypted data using homomorphic encryption, said program comprising a plurality of instructions, each instruction being represented by a function of said data, the execution of said instruction comprising a homomorphic evaluation (320) by a processor of said function from said encrypted data, characterized in that: (a) the result of said evaluation is masked by a first summation operation (350) with a previously encrypted random sequence (340) by said homomorphic encryption, said first summation operation in the domain of the ciphers corresponding to a summation operation modulo 2 in the field of the data in clear; (b) the result of said masked evaluation is first decrypted (360) and then re-encrypted (370) by said homomorphic cipher; (c) the result obtained in step (b) is unmasked by a second summation operation (380) with said random sequence previously encrypted by said homomorphic encryption, said second summation operation in the field of encrypted corresponding to an operation of summation modulo 2 in the field of data in clear, the result of the second summation operation being stored in a memory area.
    [2" id="c-fr-0002]
    2. Method of executing a program according to claim 1, characterized in that steps (a), (b) and (c) are performed by a coprocessor separate from said processor.
    [3" id="c-fr-0003]
    3. A method of executing a program according to claim 1 or 2, characterized in that said instructions are stored in the form of functions expressed in the field of data in clear, said instructions being translated during booting. expressing said functions in the field of the encrypted data, before being stored in a program memory (315).
    [4" id="c-fr-0004]
    4. Method of execution of a program according to claim 1 or 2, characterized in that said instructions are stored in a program memory in the form of functions expressed in the field of data in clear, said instructions being translated on the fly , as and when executed, expressing said functions in the field of encrypted data.
    [5" id="c-fr-0005]
    5. Method of executing a program according to one of the preceding claims, characterized in that the encryption is an entirely homomorphic encryption.
    [6" id="c-fr-0006]
    6. Method of executing a program according to one of the preceding claims, characterized in that the encryption is a relatively homomorphic encryption.
    [7" id="c-fr-0007]
    7. Method of executing a program according to claim 6, characterized in that the encryption is a BGV encryption.
    [8" id="c-fr-0008]
    8. Method of executing a program according to claim 6, characterized in that the encryption is an ATV encryption.
    [9" id="c-fr-0009]
    9. Method of executing a program according to claim 6, characterized in that the encryption is a YASHE encryption.
    类似技术:
    公开号 | 公开日 | 专利标题
    EP3211823B1|2018-01-03|Method for confidential execution of a program operating on data encrypted by means of homomorphic encryption
    Shankar et al.2020|Adaptive optimal multi key based encryption for digital image security
    EP2458776A1|2012-05-30|Method and system for protecting a cryptography device
    FR2871969A1|2005-12-23|METHOD AND DEVICE FOR PERFORMING A CRYPTOGRAPHIC CALCULATION
    EP2707989A1|2014-03-19|Device and method for generating keys with enhanced security for fully homomorphic encryption algorithm
    EP2893431A1|2015-07-15|Protection against side channels
    EP3228043B1|2019-10-02|Method of encryption with dynamic diffusion and confusion layers
    Di et al.2017|A semi-symmetric image encryption scheme based on the function projective synchronization of two hyperchaotic systems
    FR2960728A1|2011-12-02|METHOD FOR DETERMINING A REPRESENTATION OF A PRODUCT AND METHOD FOR EVALUATING A FUNCTION
    EP2643943A1|2013-10-02|Method and system for conditional access to a digital content, associated terminal and subscriber device
    FR3097353A1|2020-12-18|COLLABORATIVE LEARNING METHOD OF AN ARTIFICIAL NEURON NETWORK WITHOUT DISCLOSURE OF LEARNING DATA
    FR2742617A1|1997-06-20|METHODS OF REDUCTION AND PROVISION OF ENCRYPTION KEYS, AND STRUCTURE AND SUPPORT OF DATA FOR THEIR IMPLEMENTATION
    FR3024808A1|2016-02-12|ELLIPTICAL CURVED CRYPTOGRAPHY METHOD COMPRISING ERROR DETECTION
    Phull et al.2016|Symmetric cryptography using multiple access circular queues |
    FR2922393A1|2009-04-17|TRACABLE SYSTEM FOR THE ENCRYPTION / ENCRYPTION OF DIFFUSED DIGITAL DATA
    Aydin et al.2019|A provable secure image encryption schema based on fractional order chaotic systems
    Zucca2018|Towards efficient arithmetic for Ring-LWE based homomorphic encryption
    FR2872977A1|2006-01-13|METHOD FOR COUNTERMEASING AN ELECTRONIC COMPONENT USING A PUBLIC KEY ALGORITHM USING THE ELLIPTICAL CURVES FOR PROTECTING THE COUPLING CALCULATION ON THE CURVED HANDS
    Rodas et al.2021|O2MD²: A New Post-Quantum Cryptosystem With One-to-Many Distributed Key Management Based on Prime Modulo Double Encapsulation
    FR2923968A1|2009-05-22|Strong secret i.e. cryptographic key, sharing method for e.g. subscriber identity module card of mobile telephone, involves decrypting strong secret by asymmetric algorithm using private key such that parts are in strong secret possession
    Liu et al.2022|Quantum public key encryption scheme with four states key
    Sulaiman et al.2021|Extensive Analysis on Images Encryption using Hybrid Elliptic Curve Cryptosystem and Hill Cipher
    WO2020070455A1|2020-04-09|Low latency calculation transcryption method applied to homomorphic encryption
    Jansen2020|A Security Analysis of the Signal Protocol’s Group Messaging Capabilities in Comparison to Direct Messaging
    FR3085093A1|2020-02-21|METHOD AND DEVICE FOR GENERATING PARAMETER | OF AN ASYMMETRIC CRYPTOGRAPHIC PROTOCOL FROM A BLOCKCHAIN, ENCRYPTION OR DECRYPTION METHOD AND APPARATUS, AND COMPUTER PROGRAM
    同族专利:
    公开号 | 公开日
    FR3048102B1|2018-03-09|
    US20170244553A1|2017-08-24|
    US10439798B2|2019-10-08|
    EP3211823A1|2017-08-30|
    EP3211823B1|2018-01-03|
    引用文献:
    公开号 | 申请日 | 公开日 | 申请人 | 专利标题
    WO2015008607A1|2013-07-18|2015-01-22|日本電信電話株式会社|Decoding device, decoding ability providing device, method thereof, and program|
    US20160133164A1|2013-07-18|2016-05-12|Nippon Telegraph And Telephone Corporation|Decoding apparatus, decoding capability providing apparatus, method thereof and program|
    US20150381348A1|2014-06-30|2015-12-31|Fujitsu Limited|Encryption processing method, encryption processing device, and computer-readable recording medium storing program for encryption processing|
    FR2845157B1|2002-10-01|2004-11-05|Commissariat Energie Atomique|BOLOMETRIC DETECTOR WITH ANTENNA HAVING A SWITCH AND IMAGING DEVICE COMPRISING SAME.|
    FR2864667B1|2003-12-29|2006-02-24|Commissariat Energie Atomique|PROTECTING AN INTEGRATED CIRCUIT CHIP CONTAINING CONFIDENTIAL DATA|
    FR2875975B1|2004-09-27|2009-05-15|Commissariat Energie Atomique|NON-CONTACT DEVICE FOR EXTENDING PRIVACY|
    US7472105B2|2004-10-19|2008-12-30|Palo Alto Research Center Incorporated|System and method for providing private inference control|
    FR2891091B1|2005-09-22|2008-01-11|Commissariat Energie Atomique|OMNIDIRECTIONAL PLANAR ANTENNA AND METHOD OF MANUFACTURE|
    FR2914518B1|2007-03-27|2009-05-01|Commissariat Energie Atomique|SECURE COMMUNICATION SYSTEM BETWEEN A CONTACTLESS CARD READER AND A CARD.|
    FR2928475B1|2008-03-05|2010-05-07|Commissariat Energie Atomique|CONTACTLESS COMMUNICATION DEVICE.|
    FR2931601B1|2008-05-26|2010-04-23|Commissariat Energie Atomique|RADIOFREQUENCY COMMUNICATION DEVICE, SYSTEM AND METHOD|
    US8515058B1|2009-11-10|2013-08-20|The Board Of Trustees Of The Leland Stanford Junior University|Bootstrappable homomorphic encryption method, computer program and apparatus|
    FR2954550A1|2009-12-23|2011-06-24|Commissariat Energie Atomique|PROTECTION METHOD IN CONTACTLESS RADIO FREQUENCY COMMUNICATION|
    JP2012049679A|2010-08-25|2012-03-08|Sony Corp|Terminal apparatus, server, data processing system, data processing method and program|
    FR2974209B1|2011-04-14|2013-06-07|Commissariat Energie Atomique|METHOD FOR DETECTING CONTACTLESS RECEIVER|
    JP5657128B2|2011-09-27|2015-01-21|株式会社日立製作所|Secure calculation system, secure calculation method, and secure calculation program|
    US20130097431A1|2011-10-18|2013-04-18|Paul Marion Hriljac|Systems and methods of source software code modification|
    US9306738B2|2012-12-21|2016-04-05|Microsoft Technology Licensing, Llc|Managed secure computations on encrypted data|CN107919965B|2018-01-05|2020-10-09|杭州电子科技大学|Biological characteristic sensitive information outsourcing identity authentication method based on homomorphic encryption|
    US11032061B2|2018-04-27|2021-06-08|Microsoft Technology Licensing, Llc|Enabling constant plaintext space in bootstrapping in fully homomorphic encryption|
    DE102018113475A1|2018-06-06|2019-12-12|Infineon Technologies Ag|READY TO CALCULATE WITH MASKED DATA|
    US20200358610A1|2019-05-09|2020-11-12|Google Llc|Compression and Oblivious Expansion of RLWE Ciphertexts|
    US20210097206A1|2019-09-27|2021-04-01|Intel Corporation|Processor with private pipeline|
    CN110730187A|2019-10-22|2020-01-24|全链通有限公司|Transaction verification method, accounting node and medium based on block chain|
    法律状态:
    2017-02-28| PLFP| Fee payment|Year of fee payment: 2 |
    2017-08-25| PLSC| Publication of the preliminary search report|Effective date: 20170825 |
    2018-02-26| PLFP| Fee payment|Year of fee payment: 3 |
    2019-10-25| ST| Notification of lapse|Effective date: 20191006 |
    优先权:
    申请号 | 申请日 | 专利标题
    FR1651502A|FR3048102B1|2016-02-24|2016-02-24|METHOD FOR CONFIDENTIAL EXECUTION OF A PROGRAM OPERATING ON DATA COMPRISING A HOMOMORPHIC NUMBER|
    FR1651502|2016-02-24|FR1651502A| FR3048102B1|2016-02-24|2016-02-24|METHOD FOR CONFIDENTIAL EXECUTION OF A PROGRAM OPERATING ON DATA COMPRISING A HOMOMORPHIC NUMBER|
    EP17157049.2A| EP3211823B1|2016-02-24|2017-02-21|Method for confidential execution of a program operating on data encrypted by means of homomorphic encryption|
    US15/440,157| US10439798B2|2016-02-24|2017-02-23|Method for confidential execution of a program operating on data encrypted by a homomorphic encryption|
    [返回顶部]