AGGREGATOR-OBLIVIOUS ENCRYPTION OF TIME-SERIES DATA

摘要

A processor of a device of user i in an aggregator-oblivious encryption system with n users encrypts a message {right arrow over (xl,t)}=(xi,t,1, . . . , xi,t,r) where t denotes a time period by generating an encrypted value ci,t for the time period t, by calculating ci,t=g1xi,t,1 . . . grxi,t,r·H(t)si, wherein H(t) is a hash function that hashes the time t on to an element of a first group 1 with order q1 in which discrete logarithms are calculable only in non-polynomial time for a security parameter κ, wherein g1, . . . , gr the base of a second group 2=g1, . . . , gr with order q2 in which discrete logarithms are calculable in polynomial time, the first group 1 and the second group 2 both being different subgroups of a third group , and wherein si is a key for user i provided by a dealer so that an aggregator key s0=−Σi=1n si and outputs the encrypted value ci,t to an aggregator. The aggregator obtains the sum Xt for time period t by first computing Vt:=H(t)s0 Πi=1n ci,t=Πi=1n Πj=1r gjxi,t,j, and then {right arrow over (Xt)}=(Xt,1, . . . , Xt,r), with Xt,j=Σi=1n xi,t,j for each j ε{1, . . . , r}, as the unique representation of Vtε2 with regard to basis g1, . . . , gr.

主权项

1. A method of encrypting a value {right arrow over (xl,t)}=(xi,t,1, . . . , xi,t,r) for a user i in an aggregator-oblivious encryption system with n users, wherein t denotes a time period, the method comprising at a processor of a device:
generating an encrypted value ci,t for the time period t by using the value {right arrow over (xl,t)} as an exponent to a base of a second group 2=g1, . . . , gr with order q2 in which discrete logarithms are calculable in polynomial time and using a key si for user i as an exponent to a base in a first group 1 with order q1 in which discrete logarithms are calculable only in non-polynomial time for a security parameter κ, and wherein the key si is provided by a dealer and has been generated so that an aggregator key s0=−Σi=1n si; and outputting the encrypted value ci,t;wherein the first group 1 and the second group 2 both are different subgroups of a third group .