SECURE THRESHOLD DECRYPTION PROTOCOL COMPUTATION

摘要

The present invention relates to a method of converting an encrypted data set into an encryption of individual bits representing the data set. Further, the invention relates to a system for converting an encrypted data set into an encryption of individual bits representing the data set. A basic idea of the present invention is to provide a protocol in which it is possible to divide an encryption of a data set in the form of e.g. a biometric feature, such as a number x, where x∈{0, 1, . . . , n−1}, into an encryption of respective bits x0, x1, . . . , xt-1 forming the number x, where t is the number of bits of the number n−1, without leaking any information about x or its bits x0, x1, . . . , xt-1. Hence, the present invention enables splitting of the encryption [[x]] into the respective encrypted bits [[x0]], [[x1]], . . . , [[xt-1]] forming the encrypted number x=ΣI=1n xi 2i.

主权项

1. A system for validating an identity comprising:
an enrolling device:
receiving a first number and generating an encrypted version of the first number; a validation device:
receiving a second number and generating an encrypted version of the second number; a verification device comprising: at least two servers receiving the encrypted first number and second number;
the at least two servers jointly:
generating a random number;decomposing the random number into a bit representation; andencrypting each of the bits of the bit representation of the random number;at least one of the at least two servers determining:an encrypted representation of the first number as a sum of the encrypted first number and the encrypted bit representation of the random number; andan encrypted representation of the second number as a sum of the encrypted second and the encrypted bit representation of the random number; the at least two servers jointly:
generating an encrypted bit representation of the first number by:decrypting the encrypted representation of the first number; andsubtracting the encrypted random number; andgenerating an encrypted bit representation of the second number by:decrypting the encrypted representation of the second number; andsubtracting the encrypted random number;comparing the encrypted bit representation of the first number and the encrypted bit representation of the second number; andvalidating the identity when the comparison of the encrypted bit representations is within a predetermined distance.