Fast modular multiplication operation method and multiplier based on homomorphic encryption

CN115268840BActive Publication Date: 2026-06-19NANJING UNIV

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
NANJING UNIV
Filing Date
2022-06-29
Publication Date
2026-06-19

AI Technical Summary

Technical Problem

[0005]本发明目的在于克服现有技术中,整数模乘计算中涉及多次高位宽整数的乘法,乘法计算复杂度高,计算速度慢的问题,提出了基于同态加密的快速模乘运算方法及架构,以期能够减少乘法运算的复杂度,提高计算速度

Benefits of technology

[0033]本发明提供的一种基于同态加密的快速模乘运算方法及架构,通过减少乘法运算降低了计算的复杂度,减少了乘法器的面积开销;本发明结合移位约减,对特殊模数的模乘运算进行简化,提升了计算速度。

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN115268840B_ABST
    Figure CN115268840B_ABST
Patent Text Reader

Abstract

This invention discloses a fast modular multiplication method and modular multiplier based on homomorphic encryption, belonging to the field of lattice cryptography. The method first calculates the product of the multiplicands, performs multiple shifts and reductions under a congruent environment, and finally compares the result with the modulus for a final reduction step to obtain the final modular multiplication result. The modular multiplier includes a modular arithmetic module, a modular multiplication module, and a control and output module. The purpose of this invention is to overcome the problems of existing modular multiplication algorithms based on homomorphic encryption involving numerous multiplication calculations, high computational complexity, and long computation time. This invention can reduce computational complexity, accelerate computation speed, and reduce hardware area overhead.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of lattice cryptography algorithms in cryptography, and particularly to a fast modular multiplication method and architecture based on homomorphic encryption. Background Technology

[0002] Lattice cryptography is a public-key cryptosystem based on lattice-based hard problems. Lattice cryptosystems offer high algorithm parallelism, relatively high efficiency, and faster speed, while also providing strong security guarantees, making them "quantum-resistant" cryptosystems capable of resisting attacks from quantum computers.

[0003] Homomorphic encryption is a special type of encryption that enables computation between ciphertexts. It allows for keyless computation of ciphertext, reducing communication costs and improving information security. A feasible homomorphic encryption system can be constructed using lattice cryptosystems. To ensure good encryption and computational performance, fast modular multiplication over large integer modulo numbers is required.

[0004] Traditional Barrett modular multiplication algorithms have the following problems: 1) They involve multiple multiplications of high-bit-width integers, resulting in high multiplication complexity; 2) They run slowly in special number fields. Summary of the Invention

[0005] The purpose of this invention is to overcome the problems of high computational complexity and slow speed in the prior art, which involves multiple multiplications of high-width integers in modular multiplication. This invention proposes a fast modular multiplication method and architecture based on homomorphic encryption, in order to reduce the complexity of multiplication operations and improve computational speed.

[0006] To achieve the above-mentioned objectives, the technical solution adopted by this invention is as follows:

[0007] The purpose of this invention is to overcome the problems of high bit width and high computational complexity in large integer modular multiplication calculations in the prior art. It proposes a large integer modular multiplication operation method based on homomorphic encryption, which can reduce the computational complexity, reduce the bit width required for large integer modular multiplication calculations, and ensure the operation speed.

[0008] To achieve the above-mentioned objectives, the technical solution adopted by this invention is as follows:

[0009] A fast modular multiplication method based on homomorphic encryption includes the following steps:

[0010] Step 1: Receive the input multiplicand a, multiplicand b, modulus Q, exponent v1, and exponent v, where multiplicand a and multiplicand b are any natural numbers less than the modulus Q, and the modulus... Both exponents v1 and v are positive integers, and exponent v1 < exponent v.

[0011] Step 2: Calculate the product of multiplicand a and multiplicand b, and use it as the first calculation result;

[0012] Step 3: Right-shift the first calculation result by v bits to obtain the second calculation result;

[0013] Step 4: Right-shift the modulus Q by v1 - 1 bits and then multiply it by the second calculation result. After shifting the obtained product to the left by v1 - 1 bits and adding the second calculation result, obtain the third calculation result;

[0014] Step 5: Calculate the difference between the first calculation result and the second calculation result to obtain the fourth calculation result;

[0015] Step 6: Determine whether the fourth calculation result is less than twice the modulus Q;

[0016] If it is not less than, assign the fourth calculation result to the first calculation result and go to Step 3;

[0017] If it is less, continue to determine whether it is less than the modulus Q; if so, output the fourth calculation result; if not, subtract the modulus Q from the fourth calculation result and then output.

[0018] A fast modular multiplication operation method based on homomorphic encryption, comprising the following steps:

[0019] Step 1: Input multiplicand a, multiplicand b, and modulus Q, calculate the product of multiplicand a * b, and output the first calculation result r1 = a * b; where, multiplicand a and multiplicand b can be any natural numbers less than the modulus Q, and the modulus , v1 and v are exponents, and only need to meet the requirements that they are all positive integers and the exponent v1 < the exponent v;

[0020] Step 2: Right-shift the first calculation result r1 by v bits to obtain the second calculation result r2 = (r1 >> v), where >> represents the right-shift operation;

[0021] Step 3: Calculate the quantity to be reduced, that is, the third calculation result, and the third calculation result r3 = (r2 * (Q >> (v1 - 1))) << (v1 - 1) + r2;

[0022] Reduce the first calculation result r1, and output the fourth calculation result r4, r4 = r1 - r3;

[0023] Step 4: When the fourth calculation result r4 ≥ 2Q, repeat Steps 2 - 3; when the fourth calculation result r4 < 2Q, output as the fifth calculation result r5 = r4;

[0024] Step 5: Judge the fifth calculation result r5. When the fifth calculation result r5 < Q, output the final result r = r5, otherwise, output the final result r = r5 - Q.

[0025] According to one aspect of this application, when When the weight is less than the threshold, the calculation can be completed quickly with only two loops; for a specific prime number, the number of loops is reduced to 1, thus canceling the loop.

[0026] A fast modular multiplier based on homomorphic encryption, comprising:

[0027] Modulus calculation module, used to calculate the modulus. It contains two shift registers, one multiplier and one adder; the exponents v1 and v are both positive integers, and the exponent v1 < the exponent v;

[0028] The modular multiplication module contains three shift registers, two multipliers, one adder, and one subtractor; used to calculate various intermediate results.

[0029] The control and output module includes a comparator for comparing intermediate results with predetermined values, a subtractor for obtaining the difference between intermediate results and the modulus, and a data selector for selecting and outputting the final result.

[0030] According to one aspect of this application, the bit width of the shift register is v and v1-1.

[0031] According to one aspect of this application, based on the requirements of different computing scenarios for the modulus bit widths v and v1-1, the comparators in the modular multiplication module and the control and output module can be designed as multiple units to form a fully pipelined structure.

[0032] Compared with the prior art, the present invention employs the above-mentioned technical methods and has the following technical effects:

[0033] This invention provides a fast modular multiplication method and architecture based on homomorphic encryption, which reduces computational complexity and the area overhead of the multiplier by reducing multiplication operations. This invention also simplifies modular multiplication operations for special moduli by combining shift reduction, thereby improving computational speed. Attached Figure Description

[0034] Figure 1 This is a schematic diagram of a fast modular multiplication operation based on homomorphic encryption according to the present invention.

[0035] Figure 2 This is a circuit diagram of a fast modular multiplication operation based on homomorphic encryption according to the present invention.

[0036] Figure 3 This is a circuit diagram of Embodiment 2 of the present invention. Detailed Implementation

[0037] First, the general process of this application is described. The fast modular multiplication method based on homomorphic encryption of this invention includes the following steps:

[0038] Define a single modular multiplication as a∙b(mod Q), where a and b are the multiplicands, which can be any natural numbers less than the modulus Q. v1 and v are exponents, which only need to satisfy the requirement that they are both positive integers and v1 < v;

[0039] Step 1: Input the multiplicands a and b and the modulus Q, directly calculate the product of the multiplicands a*b, and output the first calculation result r1=a*b;

[0040] Step 2: Shift the first calculation result r1 to the right by v bits to obtain the second calculation result r2 = (r1 ≫ v), where ≫ represents the right shift operation;

[0041] Step 3: Calculate the amount to be reduced, i.e., the third calculation result r3, r3=(r2*(Q≫(v1-1)))≪(v1-1)+r2; reduce the first calculation result r1 and output the fourth calculation result r4, r4=r1-r3;

[0042] Step 4: When the fourth calculation result r4 ≥ 2Q, repeat steps 2-3; when the fourth calculation result r4 < 2Q, output the result r5.

[0043] Step 5: Judge the fifth calculation result r5 in Step 4. If the fifth calculation result r5 < Q, output the final result r = r5; otherwise, output the final result r = r5 - Q.

[0044] In actual calculations, by assigning appropriate values ​​to v, v1, and k, the calculation process can be simplified, requiring only two loops to complete the calculation quickly. For specific prime numbers with small Hamming weights, the number of loops can be further reduced to 1, thereby eliminating the loop.

[0045] The present invention also provides a fast modular multiplier based on homomorphic encryption, the hardware architecture of which includes: a modular arithmetic module, a modular multiplication module, and a control and output module.

[0046] The modulus calculation module is used to calculate the modulus. It contains two shift registers (1, 2), a multiplier (1) and an adder (1).

[0047] The modular multiplication module contains three shift registers (3, 4, 5); two multipliers (2, 3); one adder (2); and one subtractor (1) to calculate the reduced quantity r3=(r2*(Q≫(v1-1)))≪(v1-1)+r2 and the intermediate results r1, r2, r3.

[0048] The control and output module includes a comparator (1) for comparing the result r4 with 2Q. If r4 is greater than 2Q, the result will be fed into the modular multiplication module in a loop until r4 is less than 2Q, and the result r5 will be output. A subtractor (2) is used to calculate the final result r = r5 - Q and output the sign bit. A data selector (1) is used to select the output r5 or r5 - Q by using the sign bit output by the subtractor (2).

[0049] The shift registers (2, 4) and (3, 5) used in the modular arithmetic module and modular multiplication module can be replaced by two shift registers with bit widths of v and v1-1 respectively. The modular arithmetic module can calculate the modulus by pre-calculating and storing the result, thereby saving circuit resource overhead.

[0050] The fast modular multiplier circuit structure can be expanded by adding an additional modular multiplication operation module and a comparator (1) in the control and output module, thereby canceling the loop operation in the fast modular multiplier and turning it into a fully pipelined structure.

[0051] To further understand the content of this invention, a detailed description of the invention will be provided in conjunction with the accompanying drawings.

[0052] like Figure 1 As shown, this invention provides a fast modular multiplication algorithm based on homomorphic encryption, comprising the following steps:

[0053] Define a single modular multiplication as a∙b(mod Q), where a and b are the multiplicands, which can be any natural numbers less than Q, and Q is the modulus. v1 and v are exponents, which only need to satisfy the requirement that they are both positive integers and v1 < v;

[0054] S1. Set the first calculation result and assign a*b to the first calculation result;

[0055] S2. Establish a second calculation result and initialize it to 0;

[0056] S3. Shift the first calculation result to the right by v bits and assign it to the second calculation result;

[0057] S4. Set the third calculation result. The result of multiplying the second calculation result and the modulus Q is calculated by shifting and decomposing the result. That is, first shift the modulus Q to the right by v1-1 bits and then multiply it with the second calculation result. Then shift the intermediate result to the left by v1-1 bits and finally add the second calculation result to get the third calculation result.

[0058] S5. Set a fourth calculation result and assign it the value of the difference between the first and third calculation results;

[0059] S6. When the fourth calculation result is greater than or equal to 2Q, assign the fourth calculation result to the first calculation result and repeat steps S3-S5; when the fourth calculation result is less than 2Q, establish a fifth calculation result and assign the fourth calculation result to the fifth calculation result.

[0060] S7. Judge the fifth calculation result. When the fifth calculation result is greater than or equal to the modulus, the output result is the difference between the fifth calculation result and the modulus; when the fifth calculation result is less than the modulus, the output result is the fifth calculation result.

[0061] Example 1

[0062] Setting the modulus v and v1 satisfy Let a and b be the multiplicands. For software circuits, the specific steps of the fast modular multiplication algorithm are as follows:

[0063] Step 1, calculate r1 = a * b;

[0064] Step 2, calculate r2 = (r1 ≫ v);

[0065] Step 3, calculate r3 = r1 - r2 * Q;

[0066] Step 4: Determine if r3 is greater than the modulus Q. If it is greater than the modulus Q, subtract the modulus Q and output the result. If it is less than the modulus Q, output the result as r3.

[0067] The algorithm was implemented in C++, with k=1, v1=3, v=13, 14, and 15, and a=b=Q-1. It was compared with Barrett's algorithm, running it 1 million times. The results are shown in Table 1.

[0068] Table 1 Comparison of runtime under different parameters v

[0069] Parameter v Modulus Q Time (seconds) required for embodiments of the present invention Time required for Barrett's modular multiplication algorithm (in seconds) 13 8185 0.003 0.005 14 16377 0.003 0.004 15 32761 0.003 0.004

[0070] As can be seen from the modular multiplication algorithm at this time, the fast modular multiplication algorithm provided by this invention reduces the number of multiplications compared to Barrett's modular multiplication algorithm; as can be seen from the computation time in Table 1, the computation time of the fast modular multiplication algorithm provided by this invention is reduced compared to Barrett's modular multiplication algorithm.

[0071] Example 2

[0072] Setting the modulus Let k=1, v=30, v1=14, and let a and b be the multiplicands. For the hardware circuit, the specific steps of the fast modular multiplication algorithm are as follows:

[0073] Step 1, calculate r1 = a * b;

[0074] Step 2, calculate r2 = (r1 ≫ v);

[0075] Step 3, calculate r3=(r2*(Q≫(v1-1)))≪(v1-1)+r2;

[0076] Step 4, calculate r4 = r1 - r3;

[0077] Step 5: Repeat steps 2-4, and the output result is r5;

[0078] Step 6: Judge the result r5 from step 5. If r5 < Q, output the final result r = r5; otherwise, output the final result r = r5 - Q.

[0079] Designed as follows Figure 3 The circuit results shown indicate that the calculations within the dashed box can all be solved through pre-computation and storage. Because the number of pre-stored Q values ​​is relatively small, the storage footprint is very small. The area outside the dashed box represents the resource consumption of this circuit design; each layer requires one multiplier and two adders. The multiplier used in 30-bit operations has a maximum output bit width of 45. By expanding the two-layer loop into a two-stage pipeline, the area overhead is reduced compared to the two full-size multipliers used in the Barrett method.

[0080] Example 3

[0081] For specific prime numbers with Hamming weights less than a threshold, the number of iterations in this modular multiplication algorithm can be reduced to 2 or even 1, thus providing a speed improvement and further reducing circuit resource overhead for such prime numbers with Hamming weights less than the threshold. The set thresholds are divided into two categories, and the results are shown in Table 2.

[0082] 1. For the modulus When the threshold is met At this point, the modulus becomes Q=2. v If the result of step 3 is a Mersenne prime with a length of +1, then the data length of r3 is the same as that of r1. After step 4 is completed, the loop can be exited.

[0083] 2. For the modulus When the threshold is met At this point, the data length of r3 obtained in step 3 is increased by v1 and becomes the same as r1. After executing the loop once more, the loop can be exited.

[0084] Table 2 Different parameters Comparison of next loop count

[0085] Parameter v parameter Modulus Number of loops required 30 0 <![CDATA[2 30 +1=1073741825]]> 1 30 <![CDATA[1*2 14 ]]> <![CDATA[2 30 -2 14 +1=1073725441]]> 2 30 <![CDATA[1*2 23 ]]> <![CDATA[2 30 -2 23 +1=1065353217]]> 4

[0086] The present invention has been described in detail above with reference to specific exemplary embodiments. However, it should be understood that various modifications and variations can be made without departing from the scope of the invention as defined by the appended claims. The detailed description and drawings should be considered illustrative only and not restrictive, and any such modifications and variations shall fall within the scope of the invention described herein. The drawings are only one embodiment of the invention, and the actual structure is not limited thereto. No reference numerals in the claims should limit the scope of the claims. Furthermore, the background art is intended to illustrate the current state of research and development and significance of the technology, and is not intended to limit the invention or the application field of the invention. Therefore, if a person skilled in the art is inspired by it and designs a similar structure and embodiment without departing from the spirit of the invention, such design should fall within the protection scope of this patent.

Claims

1. A method for fast modular multiplication operation based on homomorphic encryption, characterized in that, It includes the following steps: Step 1: Input the multiplicands a, b, and modulus Q into the multiplier, calculate the product of multiplicands a and b, and output the first calculation result r1 = a * b into the shift register; where multiplicands a and b are any natural numbers less than the modulus Q, and the modulus Q is... v1 and v are exponents, both of which are positive integers and exponent v1 < exponent v; Step 2: Shift the first calculation result r1 to the right by v bits to obtain the second calculation result r2 = (r1 ≫ v), where ≫ represents the right shift operation; Step 3: Calculate the quantity to be reduced, that is, the third calculation result. The third calculation result r3 = (r2 * (Q ≫ (v1 - 1))) ≪ (v1 - 1) + r2; ≪ represents the left shift operation, Reduce the first calculation result r1 and output the fourth calculation result r4, r4 = r1 - r3; The comparator compares. When the fourth calculation result r4 ≥ 2Q, repeat Steps 2 - 3; when the fourth calculation result r4 < 2Q, the output is the fifth calculation result r5 = r4; Step 5: Judge the fifth calculation result r5. When the fifth calculation result r5 < Q, output the final result r = r5; otherwise, output the final result r = r5 - Q.

2. A fast modular multiplier for implementing the fast modular multiplication method based on homomorphic encryption as described in claim 1, characterized in that, The modular multiplier includes: Modulus calculation module, used to calculate the modulus. It contains two shift registers, one multiplier and one adder; the exponents v1 and v are both positive integers, and the exponent v1 < the exponent v; A modular multiplication operation module, including three shift registers; two multipliers, one adder and one subtractor; used to calculate each intermediate result r1, r2, r3; A control and output module, including a comparator for comparing the intermediate results r1, r2, r3 with a predetermined value, a subtractor for obtaining the difference between the intermediate result r5 and the modulus, and a data selector for selecting and outputting the final result.

3. The fast modular multiplier according to claim 2, characterized in that, The bit widths of the shift registers used in the modulus operation module and the modular multiplication operation module are v and v1 - 1 respectively.

4. The fast modular multiplier of claim 2, wherein, According to the requirements of the modular bit widths v and v1 - 1 for different operation scenarios, design multiple modular multiplication operation modules and comparators in the control and output module to form a full pipeline structure.