多方统计计算是指两个或多个互不信任的参与方，在不泄露各自私有数据的同时，使用联合数据集协作执行数据统计计算任务，在当今大数据时代有着广泛的应用。针对现有方案效率和安全性上存在不足的问题，论文中提出了一种基于同态加密和函数加密的多方统计计算方案，主要工作如下：

1. 在密文计算上，论文中采用全同态加密来支持密文上的任意计算，由于全同态加密算法计算效率较低，基于BGV 全同态加密方案，对全同态加密中最关键的乘法同态效率进行提升，提出了改进方案RBGV全同态加密方案。然后基于RBGV单密钥全同态加密方案，设计了多密钥全同态加密方案mkFHE方案，mkFHE方案支持不同密钥加密的密文之间的同态运算，更适合委托计算的场景。

2. 在统计方案实现上，首先以多密钥全同态加密方案mkFHE、双输出属性加密、混淆电路等作为基础模块设计了一个多输入函数加密方案miFE。双输出属性加密限制参与者的计算权限，mkFHE方案支持不同密钥加密的密文之间的同态运算，不同参与方可使用各自密钥加密私有数据，最后用混淆电路解密计算结果。然后设计了医疗监测系统下的多方统计计算方案：针对医疗检测系统中的海量数据，对统计量进行分解，设计树形聚合结构来减轻云服务器的计算压力，使用miFE方案实现统计函数的计算。

理论分析和实验数据表明，RBGV方案乘法同态的改进，使得miFE方案在计算较为复杂的统计函数计算仍具有较好效率。针对拥有海量数据的医疗监测系统，基于miFE方案设计的统计方案能有效地实现权限分配，改进的树形拓扑结构降低了数据聚合耗时，有效地缓解了服务器的计算压力。

[1]Lee S H , Lee D W . A Study on the Analysis of U-healthcare in Smart Homes[J]. International Journal of Smart Home, 2016, 10(12):221-230.

[2]Hadjidj A , Souil M , Bouabdallah A , et al. Wireless sensor networks for rehabilitation applications: Challenges and opportunities[J]. Journal of network and computer applications, 2013, 36(1):1-15.

[3]Joyce A L , Evans N , Tanzman E A , et al. International cyber incident repository system: Information sharing on a global scale[C] //International Conference on Cyber Conflict. IEEE, 2017:1-6.

[4]陈晓宇,韩斌,黄树成.基于差分隐私的数据匿名化隐私保护方法[J].计算机技术与发展,2018,28(07):99-102+107.

[5]Yao A C . Protocols for secure computation[C]// Symposium on Foundations of Computer Science. IEEE Press, 1982:160-164.

[6]Goldreich Oded. Foundations of Cryptography: Basic Applications[J]. journal of the acm, 2004, 10(509):359–364.

[7]蒋瀚, 徐秋亮. 实用安全多方计算协议关键技术研究进展[J]. 计算机研究与发展, 2015, 52(10):2247-2257.

[8]Castro J. Statistical disclosure control in tabular data[M]. Privacy and Anonymity in Information Management Systems. Springer London, 2010: 113-131.

[9]Rivest R L，Adleman L，Dertouzos M L．On data ballks and privacy homomorphisms[J] . Foundations of Secure Computation , 1978 , 4(11) :169-180.

[10]Banawan K , Arasli B , Ulukus S . Improved Storage for Efficient Private Information Retrieval[C]// 2019 IEEE Information Theory Workshop (ITW). IEEE, 2019:1-5.

[11]Yi X , Kaosar M G , Paulet R , et al. Single-Database Private Information Retrieval from Fully Homomorphic Encryption[J]. Knowledge & Data Engineering IEEE Transactions on, 2013, 25(5):1125-1134.

[12]Chillotti I , Gama N , Georgieva M , et al. A Homomorphic LWE Based E-voting Scheme[C]// International Workshop on Post-Quantum Cryptography. Springer International Publishing, 2016:245-265.

[13]Rivest R L , Shamir A , Adleman L . A method for obtaining digital signatures and public-key cryptosystems[J]. Communications of the Acm, 1978, 21(2):120-126.

[14]Gamal T E . A public key cryptosystem and a signature scheme based on discrete logarithms[J]. IEEE Transactions on Information Theory, 1985, 31:469-472.

[15]Paillier P . Public-Key Cryptosystems Based on Composite Degree Residuosity Classes[C]// International Conference on Advances in Cryptology-eurocrypt. Springer, Berlin, Heidelberg, 1999:223-238.

[16]Boneh D , Goh E J , Nissim K . Evaluating 2-DNF Formulas on Ciphertexts[C]// Theory of Cryptography, Second Theory of Cryptography Conference, Cambridge. 2005,3378:325-341.

[17]Gentry C . A fully homomorphic encryption scheme[M]. Stanford University, ProQuest Dissertations Publishing ,2009:169-178.

[18]Gentry C . Fully homomorphic encryption using ideal lattices[C]// New York :ACM Press, 2009:169-178.

[19]蒋林智. （全）同态加密及其在云计算中的应用研究[D].电子科技大学,2018.

[20]刘明洁, 王安. 全同态加密研究动态及其应用概述[J]. 计算机研究与发展, 2014, 51(12):2593-2603.

[21]Caifen W , Bing Z , Chao L , et al. Multiple to One Fully Homomorphic Encryption Algorithm Based on Integer Polynomial Ring[J]. Computer Engineering, 2019,38(24):1-4.

[22]徐海霞.云计算环境中改进的整数上全同态加密算法研究[J].科技通报,2019,35(06):87-90+113.

[23]Z. Brakerski, V. Vaikuntanathan. Efficient fully homomorphic encryption from (standard)lwe [C].Annual Symposium on Foundations of Computer Science,washington,2011,97-106.

[24]Long Chen, Zhenfeng Zhang, Xueqing Wang. Batched Multi-hop Multi-key FHE from Ring-LWE with Compact Ciphertext Extension[J]. 2017:597-627.

[25]Zhang D , Zhang K , Li B , et al. Lattice-Based Dual Receiver Encryption and More[M]// Information Security and Privacy. Springer, Cham, 2018:520-538.

[26]贺婧楠,张振飞.基于NTRU的加密及签名算法研究[J].信息安全学报,2019,4(02):29-36.

[27]Dor?z Y, Sunar B. Flattening ntru for evaluation key free homomorphic encryption [EB/OL]. https://eprint.iacr.org/2016/315.pdf, March 19, 2016

[28]Bos J W , Lauter K , Loftus J , et al. Improved Security for a Ring-Based Fully Homomorphic Encryption Scheme[C]// IMA International Conference on Cryptography and Coding. Springer, Berlin, Heidelberg, 2013:45-64.

[29]Gentry C , Sahai A , Waters B . Homomorphic Encryption from Learning with Errors: Conceptually-Simpler, Asymptotically-Faster, Attribute-Based[J]. Lecture Notes in Computer Science, 2013:75-92.

[30]Ducas L, Micciancio D . FHEW: Bootstrapping Homomorphic Encryption in Less Than a Second[C]// Annual International Conference on the Theory and Applications of Cryptographic Techniques. Springer Berlin Heidelberg, 2015:617-640.

[31]Brakerski Z , Gentry C , Vaikuntanathan V . (Leveled) Fully Homomorphic Encryption without Bootstrapping[J]. ACM Transactions on Computation Theory, 2014, 6(3):1-36.

[32]Waters B. Functional encryption: beyond public key cryptography[EB/OL]. http://doc.88.com/p-594149007432.html , Augest 26, 2012

[33]Boneh D，Sahai A，Waters B . Functional Encryption: Definitions and Challenges[C]. Theory of Cryptography Conference. Springer Berlin Heidelberg,2011:253-273.

[34]Shen E，Sahai A，Waters B．Predicate privacy in encryption systems[M]//Theory of Cryptography．Berlin：springer，2009：457-473.

[35]Boneh D , Raghunathan A , Segev G . Function-private identity-based encryption: Hiding the function in functional encryption[M]// Cryptology Conference. Berlin:Springer, 2013:461-478.

[36]Boneh D , Raghunathan A , Segev G . Function-Private Subspace-Membership Encryption and Its Applications[M]// Cryptology Conference. Berlin：springer，2013:255-275.

[37]Gorbunov S , Vaikuntanathan V , Wee H . Functional Encryption with Bounded Collusions via Multi-party Computation[J]. Annual Cryptology Conference ,2012:162-179.

[38]Goldwasser S , Kalai Y T , Popa R A , et al. Reusable garbled circuits and succinct functional encryption[J]. Proceedings of the Annual ACM Symposium on Theory of Computing , 2013:555-564.

[39]Goldwasser S , Gordon S D , Goyal V , et al. Multi-input Functional Encryption[J]. Annual International Conference on the Theory and Applications of Cryptographic Techniques ,2014:578-602.

[40]Brakerski Z , Komargodski I , Segev G . Multi-input Functional Encryption in the Private-Key Setting: Stronger Security from Weaker Assumptions[C]// International Conference on the Theory and Applications of Cryptographic Techniques. Springer, Berlin, 2016,31:434-520.

[41]Du W, Atallah M J. Secure multi-party computation problems and their applications: a review and open problems[C]. Proceedings of the 2001 workshop on New security paradigms. ACM, 2001: 13-22.

[42]Du W , Atallah M J . Privacy-preserving cooperative statistical analysis[C]// Computer Security Applications Conference, IEEE Computer Society, 2002:102-110.

[43]Du W,Han Y S,Chen S G. Privacy-preserving multivariate statistical analysis:linear regression and classification[J]. In: Proceedings of the 4th SIAM International Conference on Data Mining,Lake Buena Vista,Florida,2004:222-233.

[44]罗永龙. 安全多方计算中的若干关键问题及其应用研究[D]. 中国科学技术大学, 2005.

[45]罗文俊, 李祥. 多方安全矩阵乘积协议及应用[J]. 计算机学报, 2005(07):1230-1235.

[46]Tu S , Frans M , Samuel K , et al. Processing Analytical Queries over Encrypted Data[C]// International Conference on Very Large Data Bases. 2013, 6(5):289-300.

[47]Kocabas O , Soyata T , Couderc J P , et al. Assessment of Cloud-based Health Monitoring using Homomorphic Encryption[C]// International Conference on Computer Design. IEEE, 2013:443-446.

[48]Kim M , Lauter K . Private genome analysis through homomorphic encryption[J]. Bmc Medical Informatics & Decision Making, 2015, 15(Suppl 5):S3.

[49]刘娅茹. 安全多方计算中两个基础问题的研究[D].西安科技大学,2018.

[50]李占利, 陈立朝, 陈振华. 云环境下多方保密计算最大值、最小值及其统计学应用[J]. 密码学报, 2019, 6(02):90-104.

[51]O'Neill A. Definitional Issues in Functional Encryption[J]. IACR Cryptology ePrint Archive, 2010, 2010: 556.

[52]Shamir A . Identity-Based Cryptosystems and Signature Schemes[J]. 1984:47-53.

[53]Shamir A, Waters B. Fuzzy identity-based encryption[M]//Advances in Cryptology. Berlin:Springer, 2005:457-473.

[54]Goyal V , Pandey O , Sahai A , et al. Attribute-based encryption for fine-grained access control of encrypted data[C]// Acm Conference on Computer & Communications Security. ACM, 2006:390-399.

[55]Parno B , Raykova M , Vaikuntanathan V . How to Delegate and Verify in Public: Verifiable Computation from Attribute-Based Encryption[C]// Proceedings of the 9th international conference on Theory of Cryptography. Springer-Verlag, 2011:422-439.

[56]Smart N P , Vercauteren F . Fully homomorphic SIMD operations[J]. Designs, Codes and Cryptography, 2014, 71(1):57-81.

[57]Khedr A , Gulak G , Vaikuntanathan V . SHIELD: Scalable Homomorphic Implementation of Encrypted Data-Classifiers[J]. IEEE Transactions on Computers, 2016, 65(9):2848-2858.

[58]Clear M , Ciarán McGoldrick. Multi-identity and Multi-key Leveled FHE from Learning with Errors[C]// Cryptology Conference. Springer Berlin Heidelberg, 2015:630-656.

[59]P Mukherjee ，D Wichs .Two Round MPC from LWE via Multi-Key FHE[J]. IACR Cryptology ePrint Archive , 2015 , 2015:345.

[60]Obana S , Yoshida M . An Efficient Construction of Non-Interactive Secure Multiparty Computation[C]// International Conference on Cryptology & Network Security. Springer International Publishing, 2016:604-614.

[61]李陶深, 刘青, 黄汝维. 云环境中基于代理重加密的多用户全同态加密方案[J]. 清华大学学报:自然科学版, 2018,58(02):143-149.

[62]车亚进. 基于物联网的智慧医疗系统研究分析[J]. 电子测试, 2019(4):78-79.

[63]Goldreich O . How to play any mental game or a completeness theorem for protocols with honest majority[J]. Stoc, 1987:218-229.

[64]Drosatos G. Utilization and protection of personal data in ubiquitous computing environments[D]. Democritus University of Thrace, 2013:139-169.