Secure method of processing data

摘要

The invention relates to a secure method of processing data in which method is implemented the evaluation of a function that may be written as a linear combination of sub-functions with two binary inputs, in which a client and a server each possess a binary code, comprising n indexed bits, the method comprising the evaluation of the function with the binary codes of the client and of the server as inputs, without one of the client or the server obtaining information about the code of the other, the method being characterized in that it comprises the following steps: —the server randomly generates n indexed values and calculates the linear combination of these values with the same linear combination as that applied to the sub-functions to obtain the function, —the client implements, for each bit of his binary code, a technique of unconscious transfer to obtain from the server an intermediate data item comprising the randomly generated value of same index as the bit of the code of the client, increased by the value of the corresponding sub-function evaluated at the bit of same index of the code of the server and at said bit of his binary code, and —the client performs a linear combination of the intermediate data for all the bits of his binary code, with the same linear combination as that applied to the sub-functions to obtain the function, in such a way as to obtain a final result comprising the linear combination of the randomly generated values, increased by the evaluation of the function at the two binary codes.

主权项

1. A secure method of identification or authentication of an individual (I) among a base (DB) of N reference data (b0 . . . bN-1) of listed individuals by evaluation of a function (F) described as a linear combination of sub-functions (fi) with two binary inputs, wherein a client (C) and a server (S) respectively have a binary code (X), comprising n indexed bits (x1, . . . xn), and a binary code (Y), comprising n indexed bits (y1, . . . , yn), the method comprising evaluation of the function (F) with the binary codes (X) and (Y) of the client (C) and of the server (S) as inputs, without either the client (C) or the server (S) obtaining information on the code of the other,
the method comprising:
acquiring a datum (b) of the individual (I):evaluating the function (F) between the datum (b) of the individual (I) and at least one reference datum of the listed individuals to determine a Hamming distance between the datum (b) and the at least one reference datum by performing a method including
the server randomly generates n indexed values (ri) and calculates the linear combination (R) of these values with the same linear combination as that applied to the sub-functions (fi) to obtain the function (F),for each bit (yi) of its binary code (Y), the client employs a technique of oblivious transfer to obtain from the server an intermediate datum comprising the randomly generated value (ri) of the same index as the bit (yi) of the code of the client, added to the value of the corresponding sub-function evaluated in the bit of the same index of the code of the server and in said bit of its binary code (fi(xi,yi)), andthe client performs a linear combination of the intermediate data for all the bits (yi) of its binary code, with the same linear combination as that applied to the sub-functions to obtain the function (F), so as to obtain a final result (RF) comprising the linear combination (R) of randomly generated values (r1, . . . , rn) added to evaluation of the function in both binary codes;comparing the Hamming distance between the datum (b) and the at least one reference datum to a predetermined threshold; andaccording to the results of the comparison, determining whether the individual (I) is a listed individual from which the at least one reference datum originates.