[go: up one dir, main page]

CN115102688B - Data processing method, polynomial calculation method and electronic equipment - Google Patents

Data processing method, polynomial calculation method and electronic equipment Download PDF

Info

Publication number
CN115102688B
CN115102688B CN202211016455.3A CN202211016455A CN115102688B CN 115102688 B CN115102688 B CN 115102688B CN 202211016455 A CN202211016455 A CN 202211016455A CN 115102688 B CN115102688 B CN 115102688B
Authority
CN
China
Prior art keywords
ciphertext
data
homomorphic
encryption
ciphertext data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202211016455.3A
Other languages
Chinese (zh)
Other versions
CN115102688A (en
Inventor
秦体红
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Infosec Technologies Co Ltd
Original Assignee
Beijing Infosec Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Infosec Technologies Co Ltd filed Critical Beijing Infosec Technologies Co Ltd
Priority to CN202211016455.3A priority Critical patent/CN115102688B/en
Publication of CN115102688A publication Critical patent/CN115102688A/en
Application granted granted Critical
Publication of CN115102688B publication Critical patent/CN115102688B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/008Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Complex Calculations (AREA)

Abstract

The embodiment of the application provides a data processing method, a polynomial calculation method and electronic equipment. Wherein the method comprises the following steps: determining an encryption parameter for homomorphic encryption of target data; acquiring an encryption layer corresponding to the target data; the encryption level is an Nth encryption level used for reflecting the Nth encryption of the target data, and N is not more than two; and homomorphic encryption is carried out on the target data based on the encryption parameters and the encryption levels to obtain ciphertext data corresponding to the target data. By adopting the technical scheme provided by the embodiment of the application, the encryption performance of homomorphic encryption of data can be well improved.

Description

Data processing method, polynomial calculation method and electronic equipment
Technical Field
The present application relates to the field of computer technologies, and in particular, to a data processing method, a polynomial calculation method, and an electronic device.
Background
With the wide application of cloud computing technology, especially a large number of electronic commerce transactions on a cloud computing server, how to safely and effectively protect user privacy and security becomes a hot spot in the field of current cryptography research. In order to ensure the safety in the data transmission process, the homomorphic encryption technology is widely applied. The homomorphic encryption technology is a cryptography technology based on the computational complexity theory of data problems, data which is homomorphic encrypted is processed to obtain an output, the output is decrypted, and the decrypted result is the same as the output result obtained by processing the unencrypted original plaintext data by the same method.
In the existing homomorphic encryption technical scheme, the problems of low encryption performance and low calculation efficiency exist when ciphertext data obtained by homomorphic encryption is used for carrying out quadratic polynomial homomorphic calculation.
Disclosure of Invention
In view of the above, the present application provides a data processing method, a polynomial calculation method and an electronic device that solve the above problems or at least partially solve the above problems.
In a first embodiment of the present application, a data processing method is provided. The method comprises the following steps:
determining an encryption parameter for homomorphic encryption of target data;
acquiring an encryption layer corresponding to the target data; the encryption level is an Nth encryption level used for reflecting the Nth encryption of the target data, and N is not more than two;
and homomorphic encryption is carried out on the target data based on the encryption parameters and the encryption levels to obtain ciphertext data corresponding to the target data.
In a second embodiment of the present application, a data processing method is also provided. The method comprises the following steps:
acquiring first ciphertext data and second ciphertext data; the first ciphertext data and the second ciphertext data are obtained by homomorphically encrypting first target data and second target data respectively according to the data processing method provided in the first embodiment of the application;
determining an encryption level corresponding to first target data corresponding to the first ciphertext data and an encryption level corresponding to second target data corresponding to the second ciphertext data;
and homomorphic operation is carried out on the first ciphertext data and the second ciphertext data according to the encryption level corresponding to the first target data and the encryption level corresponding to the second target data.
In a third embodiment of the present application, a polynomial calculation method is also provided. The method comprises the following steps:
acquiring a target polynomial; wherein the target polynomial is a finite quadratic polynomial;
determining a plurality of terms contained in the target polynomial and operational relations among the plurality of terms;
according to the data processing method provided in the first embodiment of the application, each item in the multiple items is encrypted for the first level to obtain ciphertext data corresponding to each item;
performing homomorphic operation on ciphertext data corresponding to each item based on the operation relation among the items and the data processing method provided in the second embodiment of the application to obtain homomorphic operation results;
and determining a calculation result of the target polynomial according to the homomorphic operation result.
In a fourth embodiment of the present application, an electronic device is provided. The electronic device includes: a memory and a processor, wherein the memory is configured to store one or more computer programs; the processor is coupled to the memory, and configured to execute the one or more computer programs stored in the memory, so as to implement the steps in the data encryption method provided in the first embodiment of the present application, or implement the steps in the data operation method provided in the second embodiment of the present application, or implement the steps in the polynomial calculation method provided in the third embodiment of the present application.
In one technical scheme provided by the application, on the basis of determining an encryption parameter for homomorphic encryption of target data, an encryption level corresponding to the target data is obtained, wherein the encryption level is an Nth encryption level used for reflecting the Nth encryption of the target data, and N is not more than two; and then homomorphic encryption is carried out on the target data based on the encryption parameters and the encryption parameters so as to obtain ciphertext data corresponding to the target data. By using the technical scheme to perform homomorphic encryption on the target data, the encryption performance of homomorphic encryption of the data can be well improved.
In another technical solution provided by the present application, first ciphertext data and second ciphertext data are obtained, where the first ciphertext data and the second ciphertext data are obtained by performing homomorphic encryption on first target data and second target data respectively according to a data processing method provided by a first embodiment of the present application; then, further determining an encryption level corresponding to first target data corresponding to the first ciphertext data and an encryption level corresponding to second target data corresponding to the second ciphertext data; and performing homomorphic operation on the first ciphertext data and the second ciphertext data according to the encryption hierarchy corresponding to the first target data and the encryption hierarchy corresponding to the second target data. By using the technical scheme, the ciphertext data (such as the first ciphertext data and the second ciphertext data) with better encryption performance can be obtained, and the calculation efficiency among the ciphertext data can be effectively improved.
In another technical solution provided by the present application, after a target polynomial which is a finite quadratic polynomial is obtained, a plurality of terms included in the target polynomial and an operation relationship between the plurality of terms are determined; according to the data processing method provided by the first embodiment of the application, each item in the plurality of items is encrypted for the first level, so that ciphertext data corresponding to each item is obtained; further, based on the operation relationship among the plurality of terms and the data processing method provided in the first embodiment of the present application, homomorphic operation is performed on the ciphertext data corresponding to each term to obtain a corresponding homomorphic operation result, so that the calculation result of the target polynomial is determined according to the homomorphic operation result. The technical scheme provided by the embodiment can realize the privacy calculation of the quadratic polynomial while effectively improving the encryption performance of each item in the quadratic polynomial, and has higher calculation efficiency.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings required to be utilized in the description of the embodiments or the prior art are briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present application, and other drawings can be obtained according to the drawings without creative efforts for those skilled in the art.
Fig. 1 is a schematic diagram of a homomorphic encryption principle provided in an embodiment of the present application;
fig. 2 is a schematic flowchart of a data processing method according to an embodiment of the present application;
fig. 3 is a schematic flowchart of a data processing method according to another embodiment of the present application;
fig. 4 is a schematic flowchart of a polynomial calculation method according to an embodiment of the present application;
FIG. 5 is a schematic diagram of a polynomial calculation provided in an embodiment of the present application;
fig. 6 is a schematic structural diagram of a data processing apparatus according to an embodiment of the present application;
fig. 7 is a schematic structural diagram of a data processing apparatus according to another embodiment of the present application;
FIG. 8 is a schematic structural diagram of a polynomial computing device according to an embodiment of the present application;
fig. 9 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
With the wide application of cloud computing technology, especially a large number of electronic commerce transactions on a cloud computing server, how to safely and effectively protect user privacy and security becomes a hotspot in the field of current cryptology research. If the data of the user is directly transmitted and stored in a clear text form, some sensitive data (such as user identity information) may be exposed to a cloud service provider, and a series of security problems are caused to the confidential data of the user. In order to ensure the safety in the data transmission process, the homomorphic encryption technology is widely applied. The data are encrypted by utilizing the homomorphic encryption technical scheme to obtain corresponding ciphertext data, and then the ciphertext data are sent to the cloud end, when a series of operations such as uploading, downloading, deleting, updating, retrieving, calculating and the like are carried out on the data at the cloud end, the ciphertext data are all the ciphertext data, so that the risks that the data are intercepted, copied, tampered or forged and the like in the transmission process can be avoided, and the risk that a data storage party leaks the data or is broken at a server end can also be avoided.
The high-performance data homomorphic encryption scheme is beneficial to improving the efficiency of artificial intelligence, privacy protection, safe multi-party calculation and the like. At present, although various existing homomorphic encryption schemes are available, the problem of low encryption performance still exists. In addition, in the existing homomorphic encryption scheme, although the quadratic polynomial is calculated on the encrypted ciphertext data, and the calculation efficiency is relatively high, compared with the standard public key encryption, the calculation efficiency is still far lower than that of the standard public key encryption.
In order to solve the above technical problem, embodiments of the present application provide a data processing method, a polynomial calculation method, and an electronic device. By utilizing the technical scheme provided by the application, the homomorphic encryption performance of the data can be effectively improved, and the calculation efficiency of polynomial homomorphic calculation can also be effectively improved. In order to make the technical solutions better understood by those skilled in the art, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application.
In some of the flows described in the specification, claims, and above-described figures of the present application, a number of operations are included that occur in a particular order, which operations may be performed out of order or in parallel as they occur herein. The sequence numbers of the operations, e.g., 101, 102, etc., are used merely to distinguish between the various operations, and do not represent any order of execution per se. Additionally, the flows may include more or fewer operations, and the operations may be performed sequentially or in parallel. It should be noted that, the descriptions of "first", "second", etc. in this document are used for distinguishing different messages, devices, modules, etc., and do not represent a sequential order, nor limit the types of "first" and "second" to be different. In this application, the term "or/and" is only one kind of association relationship describing the associated object, and means that three relationships may exist, for example: a or/and B, which means that A can exist independently, A and B exist simultaneously, and B exists independently; the "/" character in this application generally indicates that the objects associated with each other are in an "or" relationship. It is also noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a good or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such good or system. Without further limitation, an element defined by the phrase "comprising a … …" does not exclude the presence of additional like elements in a commodity or system comprising the element. In addition, the embodiments described below are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments obtained by a person skilled in the art based on the embodiments in the present application without making any creative effort belong to the protection scope of the present application.
Before the methods provided by the embodiments of the present application are introduced, for the convenience of understanding the present solution, a detailed description of homomorphic encryption is provided.
Homomorphic Encryption (HE) refers to an Encryption algorithm meeting the Homomorphic operation property of ciphertext, that is, after data is Homomorphic encrypted to obtain corresponding ciphertext data, specific calculation is performed on the ciphertext data, and the plaintext obtained by performing corresponding Homomorphic decryption on the calculation result of the ciphertext data is equivalent to directly performing the same calculation on the plaintext data, so that the data can be calculated and invisible. The effect of homomorphic encryption can be seen from the principle diagram of homomorphic encryption shown in fig. 1.
In specific implementation, if a Homomorphic Encryption algorithm supports any form of calculation on ciphertext data, the algorithm is called Fully Homomorphic Encryption (FHE); if partial form calculation of the ciphertext data is supported, for example, only addition, only multiplication, or optimal minor addition and multiplication is supported, it is called semi-Homomorphic Encryption (swe) or Partial Homomorphic Encryption (PHE). In general, since any computation is constructed by addition and multiplication, if the encryption algorithm satisfies both addition homomorphism and multiplication homomorphism, it can be said that it satisfies full homomorphism. In the technical scheme of homomorphic data encryption provided by this embodiment, homomorphic data encryption satisfies addition homomorphism and multiplication homomorphism, that is, homomorphic data encryption satisfies full homomorphism.
The following is a detailed description of the methods provided in the embodiments of the present application.
The execution subjects of the methods provided in the following embodiments may be respectively corresponding apparatuses, for example, the execution subject of the data processing scheme provided in an embodiment may be a corresponding data processing apparatus. The apparatus may be hardware with an embedded program integrated on an electronic device, or may also be application software installed in the electronic device, or may also be tool software embedded in an operating system of the device, and the like, which is not limited in this embodiment of the present application. The electronic equipment can be a client or a server with a logic operation function; the client can be any terminal device such as a mobile phone, a tablet computer and an intelligent wearable device, the server can be a common server, a cloud end or a virtual server, and the embodiment of the application is not particularly limited to this.
Fig. 2 is a schematic flowchart illustrating a data processing method according to an embodiment of the present application. The data processing method is mainly used for realizing homomorphic encryption of target data to be encrypted so as to improve the encryption performance of homomorphic encryption of the data. As shown in fig. 2, the data processing method includes the steps of:
101. determining an encryption parameter for homomorphic encryption of target data;
102. acquiring an encryption layer corresponding to the target data; the encryption level is an Nth encryption level used for reflecting the Nth encryption of the target data, and N is not more than two;
103. and homomorphic encryption is carried out on the target data based on the encryption parameters and the encryption levels to obtain ciphertext data corresponding to the target data.
In the foregoing 101, the type of the target data may be audio/video data in an audio/video transmission process, or may also be text data, picture data, and the like in a file information transmission process, which is not limited herein. The specific type of the target data may be determined according to an application scenario of data encryption.
Further, in the present embodiment, an SM9 identity cryptographic algorithm (hereinafter referred to as SM9 algorithm) may be used to determine an encryption parameter for homomorphically encrypting the target data. The SM9 algorithm is a cryptographic algorithm constructed based on bilinear pairings on an elliptic curve point group, and comprises four functions of digital signature, public key encryption, key encapsulation and key exchange; wherein bilinear pairings refer to grouping two addition cycles (i.e., G) 1 And G 2 ) Joint mapping to another multiplicative cyclic group G T A mapping of (2). In elliptic cryptography applications, a bilinear pairing is a mapping that maps two elliptic curve cyclic point groups onto one multiplication cyclic group while satisfying the condition of linearity invariance. Suppose there are two addition cycle groups, i.e. G 1 And G 2 And a multiplication cyclic group G T Wherein G is 1 、G 2 And G T The number of elements is prime M, P 1 And P 2 Are each G 1 And G 2 The generator of (1). Bilinear pair e is the mapping G 1 ×G 2 →G T Which satisfies the following conditions:
1) Bilinear: for any F e G 1 And D ∈ G 2 For any natural numbers a and b, the following equations hold: e ([ a ]]F,[b]D )=e( F,D ) ab Wherein, the]Calculating a sign for a scalar multiplication on a group, the scalar multiplication being a scalar multiplication by a vector (the product being a vector);
2) Non-degradability: e (P) 1 ,P 2 )≠1;
3) Calculability: for any F e G 1 And D ∈ G 2 There is a method to efficiently calculate e (F, D) ≠ 1.
Wherein, let G be a group, P ∈ G, if each element in G can be represented as Fang Mi of P, then G is called a cyclic group generated by P, and P is called a generator of group G and is marked as P ∈ G.
The above SM9 algorithm requires the use of system parameters (G) 1 、G 2 、G T 、e、P 1 、P 2 ) It can be selected by means of a Key Generation Center (KGC); the KGC is a trusted mechanism in the SM9 cryptosystem, and is mainly used for selecting SM9 algorithm system parameters, generating a master key (master private key) and generating a private key, and the like, and the key generation center is (1,n-1)]And a corresponding primary public key Ppub = [ s ]) to a randomly selected integer type of the master private key s]P。
Based on the above description of the SM9 algorithm, in the present embodiment, the encryption parameters for homomorphic encryption of the target data can be specifically determined by the key generation center using the SM9 algorithm. Specifically, in a specific implementation technical solution, the determining 101 "the encryption parameter for homomorphic encrypting the target data" may include the following steps:
1011. acquiring respective generating elements of the two addition cycle groups;
1012. determining a homomorphic private key;
1013. determining a homomorphic public key based on the generator and the homomorphic private key;
1014. determining a plurality of elements contained in a multiplication cycle group by using the homomorphic public key and the generator; wherein the two addition cyclic groups and the multiplication cyclic group satisfy a bilinear mapping.
In the 1011 to 1012 examples, the generator and the homomorphic private key of each of the two addition cycle groups are selectively generated by a Key Generation Center (KGC). In specific implementation, the homomorphic private key includes two private keys, namely a first private key and a second private key, and two random integers, such as a random integer s, can be randomly generated 1 And s 2 Two private keys included as homomorphic private keys, e.g. random integer s 1 AsThe homomorphic private key comprises a first private key, and a random integer s 2 A second private key comprised as a homomorphic private key. Wherein s is 1 And s 2 ∈Z r ,Z r Is a finite field of modulo r.
In 1013, the determined homomorphic public key also includes two public keys, namely a first public key and a second public key, corresponding to the homomorphic private key. In one embodiment, two addition rounds are provided including a first addition round G 1 And a second addition cyclic group G 2 The first public key may be based on the first addition cyclic group G 1 First generator P of 1 And a first private key S of the homomorphic private keys 1 Determined, and the second public key may be based on the second addition cycle G 2 Second generator P of 2 And a second private key S of the homomorphic private keys 2 And (4) determining. Specifically, let the first public key be Q 1 The second public key is Q 2 Then, the calculation expression form of the first public key and the second public key is as follows: q 1 =[s 1 ]P 1 ,Q 2 =[s 2 ]P 2
In 1014, a plurality of elements included in the multiplication loop group can be obtained by performing bilinear mapping calculation on the generator and the homomorphic public key. Specifically, the step 1013 mentioned above, determining the plurality of elements included in the multiplication cycle group includes the following steps:
for the first addition cycle group G 1 First generator P of 1 And a second addition cyclic group G 2 Second generator P of 2 Carrying out bilinear mapping calculation to obtain a first element in the multiplication cyclic group;
for the first addition cycle group G 1 First generator P of 1 With a second public key Q of the homomorphic public keys 2 Performing bilinear mapping calculation to obtain a second element in the multiplication cyclic group;
for the first public key Q in the homomorphic public key 1 And a second addition cyclic group G 2 Second generator P of 2 Carrying out bilinear mapping calculation to obtain a third element in the multiplication cyclic group;
for the first public key Q in the homomorphic public key 1 And a second public key Q 2 And carrying out bilinear mapping calculation to obtain a fourth element in the multiplication cyclic group.
The method comprises the following steps: the number of the plurality of elements included in the multiplication loop group is four, that is, the first element, the second element, the third element, and the fourth element. Specifically, the first element, the second element, the third element, and the fourth element are denoted by g, respectively 1 、g 2 、g 3 And g 4 Then, the calculation expression form of the four elements included in the multiplication cycle group may be specifically as follows:
g 1 =e( P 1 ,P 2 )=g, g 2 =e( P 1 ,Q 2 )=g s2
g 3 =e( Q 1 ,P 2 )=g s1 , g 4 =e( Q 1 ,Q 2 )=g s1s2
it should be added that, besides the homomorphic private key is hidden, some other parameters, such as the generator of the addition cyclic group, the homomorphic public key, and multiple elements included in the multiplication cyclic group, may be published to the outside for use in decryption computation analysis.
In 102, the purpose of obtaining the encryption hierarchy corresponding to the target data is to: and subsequently, according to the encryption level corresponding to the target data, performing homomorphic encryption processing on the target data by using different parameters in the determined encryption parameters so as to improve the encryption performance of homomorphic encryption on the target data. The encryption level is an Nth encryption level used for reflecting the Nth encryption of the target data, N is an integer and 0<N is less than or equal to 2, namely the value of N is 1 and 2. For example, if the encryption hierarchy is the first encryption hierarchy, the reflection is to perform the encryption processing of the first hierarchy on the target data; if the encryption hierarchy is the second encryption hierarchy, the second-level encryption processing is performed on the target data, and the target data is the data which has been subjected to the one-level encryption processing.
After the encryption level corresponding to the target data is obtained, if the encryption level is the first encryption level, homomorphic encryption can be performed on the target data by using homomorphic public keys in the encryption parameters and respective generating elements of the two addition cycle groups; if the encryption level is the second encryption level, the target data may be encrypted using a plurality of elements included in the multiplication loop group in the encryption parameter. That is, in a specific implementation technical solution, the "performing homomorphic encryption on the target data based on the encryption parameter and the encryption hierarchy to obtain ciphertext data corresponding to the target data" in the above 103 may specifically include:
1031. under the condition that the encryption hierarchy is a first encryption hierarchy, homomorphic encryption is carried out on the target data based on the generator and the homomorphic public key to obtain the ciphertext data;
1032. and under the condition that the encryption hierarchy is a second encryption hierarchy, homomorphic encryption is carried out on the target data based on the plurality of elements to obtain the ciphertext data.
1031, as can be seen from the above description related to step 101, the homomorphic public key includes the first public key Q 1 And a second public key Q 2 The two addition cyclic groups include a first addition cyclic group G 1 And a second addition cyclic group G 2 And the first addition cycle group G 1 Is the first generator P 1 A second addition cyclic group G 2 Is the second generator P 2 In specific implementation, when the encryption hierarchy is the first encryption hierarchy, the first public key Q is included based on the homomorphic public key 1 And a second public key Q 2 And a first addition cycle group G 1 First generator P of 1 A second generator P of a second addition cycle group 2 And performing homomorphic encryption on the target data to further obtain corresponding ciphertext data. In particular, it may be based on the first public key Q 1 And a first generator P 1 Performing homomorphic encryption on the target data to obtain first ciphertext data; based on the second public key Q 2 And a second generator P 2 To the target dataHomomorphic encryption to obtain second ciphertext data; and obtaining ciphertext data corresponding to the target data based on the first ciphertext data and the second ciphertext data.
That is, the step 1031 of homomorphically encrypting the target data based on the generator and the homomorphic public key to obtain the ciphertext data may specifically include the following steps:
10311. encrypting the target data based on a first public key in the homomorphic public key and a first generator of the first addition cyclic group to obtain first ciphertext data
10312. Encrypting the target data based on a second public key in the homomorphic public key and a second generator of the second addition cyclic group to obtain second ciphertext data
10313. And determining ciphertext data corresponding to the target data based on the first ciphertext data and the second ciphertext data.
In specific implementation, the target data may be encrypted based on the first random number, the first public key, and the first generator on the basis of randomly generating the first random number and the second random number, so as to obtain first ciphertext data; and processing the target data based on the second random number, the second public key and the second generator to obtain second ciphertext data, and determining ciphertext data corresponding to the target data based on the obtained first ciphertext data and the second ciphertext data. In particular, the amount of the solvent to be used,
the obtaining of the first ciphertext data may be as follows: encrypting the target data by using the first generator, the first public key and the first random number to obtain a first ciphertext; determining a second ciphertext based on the first random number and the first generator; and determining first ciphertext data according to the first ciphertext and the second ciphertext.
The obtaining of the second ciphertext data may be as follows: encrypting the target data by using the second generator, the second public key and the second random number to obtain a third ciphertext; determining a fourth ciphertext based on the second random number and the second generator; and determining second ciphertext data according to the third ciphertext and the fourth ciphertext.
Are respectively provided withRecording the ciphertext data corresponding to the target data as C N=1 The first ciphertext data is C 11 The second ciphertext data is C 12 And a first ciphertext c 1 The second ciphertext is c 2 And the third ciphertext is c 3 The fourth ciphertext is c 4 Then, the expression form of the ciphertext data C corresponding to the target data may be as follows:
C N=1 = Enc( Enc Q1 (m),Enc Q2 (m) ) =(C 1 ,C 2 )=(c 1 ,c 2 ,c 3 ,c 4
wherein Enc represents an encryption operator, C 11 =(c 1 ,c 2 ),C 12 =(c 3 ,c 4 ) N =1 indicates that the encryption level corresponding to the target data is the first encryption level.
About c 1 ,c 2 ,c 3 And c 4 The specific calculation of (a) will be described in detail hereinafter, and is not described in detail herein.
Based on the content related to step 1031, in the above 1031, "homomorphic encrypting the target data based on the generator and the homomorphic public key to obtain the ciphertext data" may specifically be implemented by the following steps:
s11, generating a first random number and a second random number;
s12, encrypting the target data by using the first random number, the first generator of the first addition cycle group and the first public key to obtain a first ciphertext;
s13, determining a second ciphertext based on the first random number and the first generator;
s14, encrypting the target data by using the second random number, the second generator of the second addition cycle group and the second public key to obtain a third ciphertext;
s15, determining a fourth ciphertext based on the second random number and the second generator;
and S16, determining the ciphertext data according to the first ciphertext, the second ciphertext, the third ciphertext and the fourth ciphertext.
In S11, the generated first random number and the second random number are finite fields Z r Random integer of (1). For convenience of description, the lower Wen Ji is a first random number r 1 The second random number is r 2 ,r 1 、r 2 ∈Z r (ii) a In the following detailed description of the above S12 to S16, the identifiers adopted in the above description of the first generator, the second public key, and the first public key will be accepted.
In S12, the scalar quantity of the target data and the first generator P may be calculated first 1 A first random number r 1 Scalar of (2) and a first public key Q 1 After that, the sum of the first product value and the second product value is used as the first ciphertext c 1 . If the target data is m, then: c. C 1 =[m]P 1 +[r 1 ]Q 1
In S13, the first random number r may be set 1 Scalar of (2) and a first generator P 1 As the second ciphertext c 2 . I.e. c 2 =[r 1 ]P 1
In the above step S14, referring to the above step S12, similarly, the scalar of the target data m and the second generator P may be calculated first 2 A second random number r, a second product value of 2 Scalar and second public key Q 2 After that, the sum of the first product value and the second product value is used as the third ciphertext c 3 . Namely: c. C 3 =[m]P 2 +[r 2 ]Q 2
In S15, the second random number r may be set 2 Scalar of (2) and a second generator P 2 As a fourth ciphertext c 4 . Namely: c. C 4 =[r 2 ]P 2
In the above step S16, the first ciphertext c is used as the basis 1 And a second ciphertext c 2 And a third ciphertext c 3 And a fourth ciphertext c 4 And determining ciphertext data C corresponding to the target data N=1 It can be characterized as follows:
C N=1 =(c 1 ,c 2 ,c 3 ,c 4 )=([m]P 1 +[r 1 ]Q 1 ,[r 1 ]P 1 ,[m]P 2 +[r 2 ]Q 2 ,[r 2 ]P 2
1032, according to the above description related to step 101, the number of the plurality of elements included in the multiplication loop group is four, specifically, the first element g 1 A second element g 2 A third element g 3 And a fourth element g 4 . In this step, when the encryption hierarchy corresponding to the target data is the second encryption hierarchy (i.e., N = 2), that is, based on the first element g 1 A second element g 2 A third element g 3 And a fourth element g 4 The target data is homomorphic encrypted to obtain ciphertext data corresponding to the target data, and for convenience of description, the ciphertext data corresponding to the target data obtained in this case is denoted as C N=2 . In an embodiment, 1032 "performing homomorphic encryption on the target data based on the plurality of elements to obtain the ciphertext data" may specifically be implemented by the following steps:
s21, generating a third random number, a fourth random number and a fifth random number;
s22, encrypting the target data by using the first element, the fourth element and the fifth random number to obtain a fifth ciphertext;
s23, determining a sixth ciphertext based on the second element and the third random number;
s24, determining a seventh ciphertext according to the third element and the fourth random number;
s25, determining an eighth ciphertext according to the first element, the third random number, the fourth random number and the fifth random number;
and S26, determining the ciphertext data according to the fifth ciphertext, the sixth ciphertext, the seventh ciphertext and the eighth ciphertext.
In S21, the randomly generated third random number, fourth random number, and fifth random number are random integers in the finite field Zr. For convenience of description, the third random number is denoted as r 3 The fourth random number is r 4 And the fifth random number is r 5 ,r 3 、r 4 、r 5 Belongs to Zr. In the following description of S22-S26, the target data m is received.
In S22, the target data m may be used as the first element g 1 To the power of a fifth random number r 5 As a power of the fourth element, and then the first element g 1 M to the power of and a fourth element g 4 R of 5 The product value of the power is used as a fifth ciphertext. Take the fifth ciphertext as c 5 Then: c. C 5 =(
Figure 735562DEST_PATH_IMAGE001
)。
In S23, the third random number r may be used 3 As a second element g 2 To the power of, a second element g 2 R of 3 The power as the sixth ciphertext. Take the sixth ciphertext as c 6 And then: c. C 6 =
Figure 121544DEST_PATH_IMAGE002
In the above S24, the fourth random number r may be used 4 As a third element g 3 Power of, a third element g 3 R of 4 The power of which is the seventh ciphertext. Take the seventh ciphertext as c 7 Then: c. C 7 =
Figure 345022DEST_PATH_IMAGE003
In S25, the third random number r may be calculated first 3 And a fourth random number r 4 A sum of (d) and a fifth random number r 5 The difference between the first and second elements is raised to the power of the first elementg 1 Raised to the power of the difference value as the eighth ciphertext. Take the eighth ciphertext as c 8 And then: c. C 8 =
Figure 209072DEST_PATH_IMAGE004
In the above step S26, the fifth ciphertext c is obtained 5 And a sixth ciphertext c 6 And a seventh ciphertext c 7 And eighth ciphertext c 8 And determining ciphertext data C corresponding to the target data N=2 It can be characterized as follows:
C N=2 =(c 5 ,c 6 ,c 7 ,c 8 )=(
Figure 289024DEST_PATH_IMAGE005
Figure 580328DEST_PATH_IMAGE006
Figure 50623DEST_PATH_IMAGE007
Figure 515103DEST_PATH_IMAGE008
according to the technical scheme provided by the embodiment, on the basis of determining the encryption parameter for homomorphic encryption of the target data, the encryption level corresponding to the target data is also obtained, wherein the encryption level is the Nth encryption level used for reflecting the Nth encryption of the target data, and N is not more than two; and then homomorphic encryption is carried out on the target data based on the encryption parameters and the encryption parameters so as to obtain ciphertext data corresponding to the target data. By using the scheme, the homomorphic encryption is carried out on the target data, and the encryption performance of the homomorphic encryption of the data can be well improved.
Further, for the ciphertext data corresponding to the obtained target data, the embodiment further provides a scheme of decrypting the ciphertext data by using a private key included in the homomorphic key to recover the corresponding target data from the ciphertext data. As can be seen from the above description related to step 101, the homomorphic private key includes two private keys, i.e., a first private key and a second private key. The decryption scheme provided in this embodiment may specifically include the following steps:
104. when the ciphertext data is obtained by homomorphically encrypting the target data based on the generator and the homomorphic public key, decrypting the ciphertext data by using the first private key or the second private key;
105. and when the ciphertext data is obtained by homomorphically encrypting the target data based on the plurality of elements, decrypting the ciphertext data by using the first private key and the second private key.
In the above step 104, as can be seen from the above description related to the above step 1031, the ciphertext data is obtained by homomorphically encrypting the target data based on the producer and the homomorphic public key, that is, the encryption hierarchy corresponding to the target data corresponding to the ciphertext data is the first encryption hierarchy (i.e., N = 1). Under the condition that the encryption hierarchy corresponding to the target data is the first encryption hierarchy, homomorphic encryption is carried out on the target data based on the generator and the homomorphic public key, and the obtained ciphertext data corresponding to the target data is ciphertext data C N=1 And ciphertext data C N=1 The expression format of (a) is as follows:
C N=1 =(c 1 ,c 2 ,c 3 ,c 4 )=([m]P 1 +[r 1 ]Q 1 ,[r 1 ]P 1 ,[m]P 2 +[r 2 ]Q 2 ,[r 2 ]P 2
wherein, c 1 、c 2 、c 3 、c 4 Respectively representing the first, second, third and fourth ciphertexts described above, m representing the target data, P 1 Denotes a first generator, Q 1 Denotes a first public key, r 1 And r 2 Respectively representing a first random number and a second random number.
From the above-shown ciphertext data C N=1 As can be seen, ciphertext data C N=1 Containing the first ciphertext c 1 The first stepTwo cipher texts c 2 And a third ciphertext c 3 And a fourth ciphertext c 4 Of the four ciphertexts, only the first cipher text c 1 And a third ciphertext c 3 Is carrying the target data m, and a second ciphertext c 2 And a fourth ciphertext c 4 Then the target data m, here the second ciphertext c, is not carried 2 And a fourth ciphertext c 4 It plays a role of confusion. Therefore, it is right to the ciphertext data C N=1 When decrypting to recover the corresponding target data, the first ciphertext c may be decrypted by using the corresponding private key 1 Or a third ciphertext c 3 And (6) decrypting.
For example, to the first ciphertext c 1 Decryption is performed to recover the target data m, since c 1 =[m]P 1 +[r 1 ]Q 1 Wherein Q is 1 =[s 1 ]P 1 ,s 1 Represents the first private key, thereby c 1 =[m]P 1 +[r 1 ][s 1 ]P 1 (ii) a And due to c 2 =[r 1 ]P 1 Therefore, the method can be simplified as follows: [ m ] of]P 1 =c 1 -[s 1 ]c 2 And then the target data m is: m = log p1 (c 1 -[s 1 ]c 2 ) Based on this equation, the first private key s can be utilized 1 Obtaining target data m = log by solving an Elliptic Curve Discrete Logarithm Problem (ECDLP) problem p1 (c 1 -[s 1 ]c 2 ). Specifically, when the ECDLP problem is solved, but not limited to, the Pollard rho algorithm may be adopted, and in the solving process, the discrete logarithm may be solved by means of a table lookup method to recover the target data m.
For another example, to the third ciphertext c 3 Decryption is performed to recover the target data m, since c 3 = [m]P 2 +[r 2 ]Q 2 Wherein Q is 2 =[s 2 ]P 2 ,s 2 Represents a second private key, thereby c 3 =[m]P 2 +[r 2 ][s 2 ]P 2 (ii) a And due to c 4 =[r 2 ]P 2 Therefore, the method can be simplified as follows: [ m ] of]P 2 =c 3 -[s 2 ]c 4 And then the target data m is: m = log p2 (c 3 -[s 2 ]c 4 ) Based on this equation, a second private key s can be utilized 2 The target data m is obtained by solving the ECDLP problem. For the solution of the ECDLP problem, see above for a related matter.
In the above 105, as can be seen from the above description related to the above step 1032, the ciphertext data is obtained by homomorphically encrypting the target data based on a plurality of elements, that is, the encryption hierarchy corresponding to the target data corresponding to the ciphertext data is the second encryption hierarchy (i.e., N = 2). Under the condition that the encryption hierarchy corresponding to the target data is the second encryption hierarchy, homomorphic encryption is carried out on the target data based on a plurality of elements, and the obtained ciphertext data corresponding to the target data is ciphertext data C N=2 And ciphertext data C N=2 The expression format of (a) is as follows:
C N=2 =(c 5 ,c 6 ,c 7 ,c 8 )=(
Figure 902091DEST_PATH_IMAGE009
Figure 98717DEST_PATH_IMAGE010
Figure 321888DEST_PATH_IMAGE011
Figure 527741DEST_PATH_IMAGE012
wherein, c 1 、c 2 、c 3 、c 4 Respectively represent the fifth ciphertext, the sixth ciphertext, the seventh ciphertext, and the eighth ciphertext described above; g 1 、g 2 、g 3 、g 4 Respectively representing the first element, the second element, the third element and the fourth element included in the multiplication loop group described above; m is the target data, r 3 、r 4 And r 5 Respectively represent the third random number and the fourth random number described aboveMachine number and fifth random number.
From the above-shown ciphertext data C N=2 As can be seen, ciphertext data C N=2 Containing the fifth ciphertext c 5 And a sixth ciphertext c 6 And a seventh ciphertext c 7 And an eighth ciphertext c 8 Of the four ciphertexts, only the fifth cipher text c 5 Is carrying the target data m, and a sixth ciphertext c 6 The seventh ciphertext c 7 And an eighth ciphertext c 8 Then the target data m, here the sixth ciphertext c, is not carried 6 The seventh ciphertext c 7 And an eighth ciphertext c 8 It plays a role of confusion. Therefore, it is right to the ciphertext data C N=2 When decrypting to recover the corresponding target data m, the corresponding private key may be utilized to target the fifth ciphertext c 5 And performing decryption. Specifically, from c 5 =
Figure 769236DEST_PATH_IMAGE013
Obtaining g 1 m =c 5 /
Figure 667921DEST_PATH_IMAGE014
In combination with the above c 6 =
Figure 175126DEST_PATH_IMAGE015
,c 7 =
Figure 653512DEST_PATH_IMAGE016
,c 8 =
Figure 765824DEST_PATH_IMAGE017
And specific expressions corresponding to g 1-g 4 (see the corresponding contents above), can simplify g 1 m =c 5 /
Figure 366570DEST_PATH_IMAGE018
Obtaining:
Figure 813601DEST_PATH_IMAGE019
wherein s is 1 、s 2 Respectively represent the first privateThe key and the second private key, based on the reduced expression, can utilize the first private key s 1 And a first private key s 2 Obtaining target data m = log by solving the ECDLP problem g1 (g 1 m ). For the solution of the ECDLP problem, see the corresponding above.
With the data processing scheme provided in fig. 2 described above, the ciphertext data obtained by homomorphically encrypting the target data supports computation, such as multiplication, addition, and the like, on the ciphertext data. In addition, when the target data corresponds to different encryption levels, the ciphertext data obtained by homomorphically encrypting the target data will also have different specific calculation methods when participating in calculations in the form of addition, multiplication, and the like. The application also provides a data processing method aiming at the calculation of the ciphertext data. Specifically, fig. 3 shows a schematic flow chart of the data processing method provided by the present application for calculation of ciphertext data, and as shown in fig. 3, the data processing method includes the following steps:
201. acquiring first ciphertext data and second ciphertext data; the first ciphertext data is obtained by homomorphically encrypting first target data by using the data processing method embodiment provided by the present application and shown in fig. 2, and the second ciphertext data is obtained by homomorphically encrypting second target data by using the data processing method embodiment provided by the present application and shown in fig. 2;
202. determining an encryption level corresponding to first target data corresponding to the first ciphertext data and an encryption level corresponding to second target data corresponding to the second ciphertext data;
203. and homomorphic operation is carried out on the first ciphertext data and the second ciphertext data according to the encryption level corresponding to the first target data and the encryption level corresponding to the second target data.
In the above 201, the target data (such as the first target data and the second target data) may be audio/video data, text data, picture data, and the like, and is not limited herein. The specific type of the target data may be determined according to an application scenario of data encryption. How to perform homomorphic encryption on the first target data and the second target data respectively through the data processing method provided in the embodiment of the present application shown in fig. 2 above to obtain corresponding first ciphertext data and second ciphertext data may refer to corresponding contents provided in the embodiments above, which is not described in detail here.
In the above 202, considering that when ciphertext data obtained by homomorphically encrypting target data is subjected to different encryption hierarchies corresponding to the target data, and when the ciphertext data participates in calculations such as addition and multiplication, the calculation methods adopted correspondingly are different, an encryption hierarchy corresponding to first target data corresponding to first ciphertext data and an encryption hierarchy corresponding to second target data corresponding to second ciphertext data are determined, and the purpose is to: in order to select the adaptive calculation mode subsequently, homomorphic operation, such as homomorphic addition operation, is performed on the first ciphertext data and the second ciphertext data. It should be added that, in the embodiment, only when the encryption hierarchy corresponding to the first target data is the same as the encryption hierarchy corresponding to the second target data, the homomorphic operation can be subsequently performed on the first ciphertext data and the second ciphertext data.
In 203, the homomorphic operation performed on the first ciphertext data and the second ciphertext data includes at least one of: homomorphic addition operation and homomorphic multiplication operation; in addition, the number of ciphertexts included in the first cipher text data is the same as the data amount of the ciphertexts included in the second cipher text data, and specifically, as can be seen from the contents described above in connection with the data processing method provided in fig. 2, the number of the ciphertexts included in the first cipher text data and the number of the ciphertexts included in the second cipher text data are both 4 ciphertexts. And when homomorphic operation is performed on the first ciphertext data and the second ciphertext data, corresponding homomorphic operation is performed on the ciphertext in the first ciphertext data and the ciphertext in the second ciphertext data in the corresponding relationship according to the corresponding relationship between the ciphertext in the first ciphertext data and the ciphertext in the second ciphertext data, so that a homomorphic operation result of the first ciphertext data and the second ciphertext data is obtained. On the basis of this, the method is suitable for the production,
in a specific implementation technical solution, the "performing homomorphic addition operation on the first ciphertext data and the second ciphertext data according to the encryption hierarchy corresponding to the first target data and the encryption hierarchy corresponding to the second target data" in 203 may specifically include:
2031. when the encryption hierarchy corresponding to the first target data and the encryption hierarchy corresponding to the second target data are both the first encryption hierarchy, according to the corresponding relation between the ciphertext in the first ciphertext data and the ciphertext in the second ciphertext data, adding the ciphertext in the first ciphertext data and the ciphertext in the second ciphertext data which have the corresponding relation;
2032. and when the encryption hierarchy corresponding to the first target data and the encryption hierarchy corresponding to the second target data are both the second encryption hierarchy, performing dot product operation on the ciphertext in the first ciphertext data and the ciphertext in the second ciphertext data, which have a corresponding relationship, according to the corresponding relationship between the ciphertext in the first ciphertext data and the ciphertext in the second ciphertext data.
To facilitate understanding of the above steps 2031 to 2032, an example is given below. Assuming that the first target data m is m, the first ciphertext data corresponding to the first target data m obtained by homomorphically encrypting the first target data m is X, and X = Enc (N, m) = (X) 1 ,x 2 ,x 3 ,x 4 ) Where N denotes an encryption hierarchy corresponding to the first target data, x 1 、x 2 、x 3 And x 4 Is four ciphertexts included in the first cipher text data X; and the second target data is m ', and the second ciphertext data corresponding to the second target data m ' obtained by homomorphically encrypting the second target data m ' is Y, and Y = Enc (N ', m ') = (Y) 1 ,y 2 ,y 3 ,y 4 ) Where N' represents the encryption hierarchy corresponding to the second target data, y 1 、y 2 、y 3 And y 4 Is the four ciphertexts included in the second cipher text data Y. In addition, the ciphertext in the first ciphertext data X and the ciphertext in the second ciphertext data Y are arrangedTwo ciphertexts with the same sequence position are in corresponding relation, for example, the cipher text x in the first cipher text data 1 And ciphertext y in the second ciphertext data 1 There is a correspondence relationship, ciphertext x in the first ciphertext data 2 And ciphertext y in the second ciphertext data 2 There is a correspondence, and so on. In specific implementation, the homomorphic addition operation process of the first ciphertext data X and the second ciphertext data Y is as follows:
when the encryption hierarchy N corresponding to the first target data m and the encryption hierarchy N ' corresponding to the second target data m ' are both the first encryption hierarchy (i.e., N = N ' = 1), the ciphertext X in the first ciphertext data X having a correspondence relationship is respectively encrypted according to the correspondence relationship between the ciphertext in the first ciphertext data X and the ciphertext in the second ciphertext data Y 1 And ciphertext Y in the second ciphertext data Y 1 Performing addition operation to obtain ciphertext X in the first ciphertext data X with corresponding relation 2 And ciphertext Y in the second ciphertext data Y 2 Performing addition operation to obtain ciphertext X in the first ciphertext data X with corresponding relation 3 And ciphertext Y in the second ciphertext data Y 3 Adding the first ciphertext data X and corresponding to the first ciphertext data X 4 And ciphertext Y of second ciphertext data Y 4 And performing addition operation to obtain a homomorphic addition operation result of homomorphic addition operation on the first ciphertext data X and the second ciphertext data Y. That is, the representation form of the homomorphic addition result of the first ciphertext data X and the second ciphertext data Y may be as follows:
X+Y =( x 1 ,x 2 ,x 3 ,x 4 )+( y 1 ,y 2 ,y 3 ,y 4 )
=( x 1 +y 1 ,x 2 +y 2 ,x 3 +y 3 ,x 4 +y 4 ) Wherein N = N' =1
When the encryption hierarchy N corresponding to the first target data m and the encryption hierarchy N ' corresponding to the second target data m ' are both the second encryption hierarchy (i.e., N = N ' = 2), the first ciphertext data X is encrypted according to the ciphertext and the second ciphertextThe corresponding relation of the ciphertext in the text data Y is respectively the ciphertext X in the first ciphertext data X with the corresponding relation 1 And ciphertext Y in the second ciphertext data Y 1 Performing dot product operation to obtain ciphertext X in the first ciphertext data X with corresponding relation 2 And ciphertext Y in the second ciphertext data Y 2 Performing dot product operation to obtain ciphertext X in the first ciphertext data X with corresponding relation 3 And ciphertext Y in the second ciphertext data Y 3 Performing dot product operation and corresponding ciphertext X in first ciphertext data X 4 And ciphertext Y in the second ciphertext data Y 4 And performing dot product operation to obtain a homomorphic addition operation result of homomorphic addition operation on the first ciphertext data X and the second ciphertext data Y. That is, the representation form of the homomorphic addition operation result of the first ciphertext data X and the second ciphertext data Y may be as follows:
X+Y =( x 1 ,x 2 ,x 3 ,x 4 )+( y 1 ,y 2 ,y 3 ,y 4 )
=( x 1 ∙y 1 ,x 2 ∙y 2 ,x 3 ∙y 3 ,x 4 ∙y 4 ) Wherein N = N' =2
In another specific implementation technical solution, the "performing homomorphic multiplication operation on the first ciphertext data and the second ciphertext data according to the encryption hierarchy corresponding to the first target data and the encryption hierarchy corresponding to the second target data" in 203 may specifically include:
2031' determining whether the encryption level corresponding to the first target data and the encryption level corresponding to the second target data are both the first encryption level;
2032' and when it is determined that both of the first and second cryptographs are of the first encryption hierarchy, performing homomorphic multiplication on the first cryptograph data and the second cryptograph data by using the first two cryptographs with the first positions in the first cryptograph data and the second two cryptographs with the second positions in the second cryptograph data.
In specific implementation, in this embodiment, only when it is determined that the encryption hierarchy corresponding to the first target data and the encryption hierarchy corresponding to the second target data are both the first encryption hierarchy, homomorphic multiplication can be performed on the first ciphertext data and the second ciphertext data; on the contrary, if it is determined that the encryption hierarchy corresponding to at least any one of the encryption hierarchy corresponding to the first target data and the encryption hierarchy corresponding to the second target data is not the first encryption hierarchy, homomorphic multiplication processing cannot be performed on the first ciphertext data and the second ciphertext data. That is, the step 203 may further include the steps of:
2033' if it is determined that both of the first and second ciphertext levels are not the first encryption level, performing no homomorphic multiplication on the first ciphertext data and the second ciphertext data.
In 2032', when it is determined that the encryption hierarchy corresponding to the first target data and the encryption hierarchy corresponding to the second target data are both the first encryption hierarchy, a bilinear mapping calculation method may be used to perform homomorphic multiplication on the first ciphertext data and the second ciphertext data by using the first two ciphertexts located before in the first ciphertext data and the second two ciphertexts located after in the second ciphertext data, so as to obtain a homomorphic multiplication result. Specifically, in an implementable technical solution, in the 2032', the homomorphic multiplication operation is performed on the first ciphertext data and the second ciphertext data by using the first two ciphertexts with the front positions in the first ciphertext data and the second two ciphertexts with the rear positions in the second ciphertext data, which may be implemented by specifically adopting the following steps:
20321. performing bilinear mapping calculation on one ciphertext in the first ciphertext data with the first ciphertext data at the front position and the second ciphertext data at the back position in the second ciphertext data respectively;
20322. performing bilinear mapping calculation on the other ciphertext in the first ciphertext data and the last ciphertext in the second ciphertext data, wherein the ciphertext is positioned in the front of the first ciphertext data;
to facilitate understanding of the above steps 20321 to 20322, an example is given below. The above steps 2031 to 203 are carried out2, where X = (X), the first ciphertext data X and the second ciphertext data Y are assumed 1 ,x 2 ,x 3 ,x 4 ),Y=( y 1 ,y 2 ,y 3 ,y 4 ). The first two ciphertexts with the front positions in the first cipher text data X are the cipher texts X 1 And ciphertext x 2 And the last two ciphertexts positioned in the second ciphertext data Y are the ciphertexts Y 3 And ciphertext y 4 Specifically, when the homomorphic multiplication operation is performed on the first ciphertext data X and the second ciphertext data Y, the ciphertext X will be multiplied 1 Respectively with ciphertext y 3 And ciphertext y 4 Performing bilinear mapping calculation, and further, converting the ciphertext x 2 Respectively with ciphertext y 3 And ciphertext y 4 And carrying out bilinear mapping calculation. Remembering ciphertext x 1 Respectively with ciphertext y 3 And ciphertext y 4 The calculation result obtained by bilinear mapping calculation is the first calculation result, and the ciphertext x is processed 2 Respectively with ciphertext y 3 And ciphertext y 4 If the result of the bilinear mapping calculation is the second calculation result, the homomorphic multiplication result of the first ciphertext data X and the second ciphertext data Y is determined by the first calculation result and the second calculation result. Specifically, the representation form of the homomorphic multiplication result of the first ciphertext data X and the second ciphertext data Y may be as follows:
X*Y =( x 1 ,x 2 ,x 3 ,x 4 )*( y 1 ,y 2 ,y 3 ,y 4 )
=( e(x 1 ,y 3 ),e(x 1 ,y 4 ),e(x 2 ,y 3 ),e(x 2 ,y 4 ) ) ,N=N'=1
wherein, e (x) 1 ,y 3 ) And e (x) 1 ,y 4 ) To be ciphertext x 1 Respectively with ciphertext y 3 And ciphertext y 4 A first calculation result, e (x), obtained by performing a bilinear mapping calculation 2 ,y 3 ) And e (x) 2 ,y 4 ) To be ciphertext x 2 Respectively and closely matchText y 3 And ciphertext y 4 And carrying out bilinear mapping calculation to obtain a second calculation result.
In the technical scheme provided by this embodiment, first ciphertext data and second ciphertext data are obtained, where the first ciphertext data and the second ciphertext data are obtained by performing homomorphic encryption on first target data and second target data respectively according to a data processing method provided by an embodiment of the present application and shown in fig. 2 above; then, further determining an encryption level corresponding to first target data corresponding to the first ciphertext data and an encryption level corresponding to second target data corresponding to the second ciphertext data; and performing homomorphic operation on the first ciphertext data and the second ciphertext data according to the encryption hierarchy corresponding to the first target data and the encryption hierarchy corresponding to the second target data. By utilizing the scheme, the ciphertext data (namely the first ciphertext data and the second ciphertext data) with better encryption performance can be obtained, and the calculation efficiency among the ciphertext data can be effectively improved.
In order to ensure the correctness of the homomorphic operation result obtained by homomorphic operation on the first ciphertext data and the second ciphertext data, the correctness of the homomorphic operation result can be verified. In the verification process, the homomorphic operation result can be decrypted to obtain a decryption result; then, directly performing calculation processing corresponding to homomorphic operation on the first target data and the second target data to obtain corresponding calculation results, for example, if the homomorphic operation is homomorphic addition operation, directly performing addition operation on the first target data and the second target data; and finally, comparing the decryption result with the calculation result, if the decryption result is consistent (namely same) with the calculation result, judging that the homomorphic operation result is correct, otherwise, if the decryption result is inconsistent with the calculation result, judging that the homomorphic operation result is incorrect. Based on this, the method provided by this embodiment may further include the following steps:
204. performing calculation processing corresponding to the homomorphic operation on the first target data and the second target data to obtain a calculation result;
205. decrypting the obtained homomorphic operation result to obtain a decryption result; wherein the homomorphic operation result is obtained by homomorphic operation on the first ciphertext data and the second ciphertext data;
206. comparing the decryption result with the calculation result;
207. under the condition that the decryption result is consistent with the calculation result, judging that the homomorphic operation result is correct; and under the condition that the decryption result is inconsistent with the calculation result, judging that the homomorphic operation result is incorrect.
In order to facilitate understanding of the homomorphic operation result verification process described in 204 to 205, the homomorphic operation is performed on the first ciphertext data and the second ciphertext data in relation to the above-described several steps in step 203, and the verification process of the obtained homomorphic operation result is illustrated below. In particular, the amount of the solvent to be used,
while taking the above examples for the steps 2031 to 2032, it is assumed that the first target data m and the second target data m' and the first ciphertext data X and the second ciphertext data Y are all assumed, where X = (X =) 1 ,x 2 ,x 3 ,x 4 ),Y=( y 1 ,y 2 ,y 3 ,y 4 ). For convenience of description, it is assumed herein that the same random numbers are used when homomorphic encryption is performed on the first target data m and the second target data m' to obtain the corresponding first ciphertext data X and second ciphertext data Y, respectively. Based on this, in combination with the above-described homomorphic encryption of the target data to obtain the corresponding content of the ciphertext data (i.e., the content related to fig. 2), when the encryption hierarchy corresponding to each of the first target data m and the second target data m 'is the first encryption hierarchy, the specific expression form of the first ciphertext data X and the second ciphertext data Y obtained by homomorphic encryption of the first target data m and the second target data m' is as follows:
X=( x 1 ,x 2 ,x 3 ,x 4 )=([m]P 1 +[r 1 ]Q 1 ,[r 1 ]P 1 ,[m]P 2 +[r 2 ]Q 2 ,[r 2 ]P 2
Y=( y 1 ,y 2 ,y 3 ,y 4 )=([m']P 1 +[r 1 ]Q 1 ,[r 1 ]P 1 ,[m']P 2 +[r 2 ]Q 2 ,[r 2 ]P 2
further, in this case, based on the content described above in relation to step 2031, the homomorphic addition result obtained by homomorphic adding the first ciphertext data X and the second ciphertext data Y is as follows:
X+Y=( x 1 +y 1 ,x 2 +y 2 ,x 3 +y 3 ,x 4 +y 4 )
here, let us note x 1 +y 1 = h 11 ,x 2 +y 2 = h 12 ,x 3 +y 3 = h 13 ,x 4 +y 4 = h 14 And then:
X+Y=( h 11 ,h 12 ,h 13 ,h 14 )
={ ([m]+[m'] )P 1 +2[r 1 ]Q 1 ,2[r 1 ]P 1 ,( [m]+[m'] )P 2 +2[r 2 ]Q 2 ,2[r 2 ]P 2 }
as can be seen from the homomorphic addition result shown above, only h contained in the homomorphic addition result 11 And h 13 The first target data m and the second target data m' are carried, so that when the homomorphic addition operation result is decrypted, the corresponding private key can be used for h 11 Or h 13 Decryption is performed. Here to address h 11 Perform decryption as an example, from h 11 =([m]+[m'])P 1 +2[r 1 ]Q 1 ,Q 1 =[s 1 ]P 1 ,s 1 Is a first private key, thus h 11 =( [m]+[m'] )P 1 +2[r 1 ][s 1 ]P 1 (ii) a And due to h 12 =2[r 1 ]P 1 Is aThis can be simplified h 11 Obtaining: ([ m)]+[m'] )P 1 =h 11 -[s 1 ]h 12 Based on this equation, the first private key s can be utilized 1 The corresponding decryption result (i.e., m + m') is obtained by solving the ECDLP problem. If the decryption result is consistent with the calculation result obtained by directly adding the first target data m and the second target data m', the homomorphic addition result obtained by homomorphic adding the first ciphertext data X and the second ciphertext data Y is correct; on the contrary, if the decryption result is not consistent with the calculation result obtained by directly adding the first target data m and the second target data m', it indicates that the homomorphic addition result obtained by homomorphic adding the first ciphertext data X and the second ciphertext data Y is wrong.
Still further, in this case, based on the content described above in relation to step 2032', the homomorphic multiplication result obtained by homomorphic multiplication of the first ciphertext data X and the second ciphertext data Y is as follows:
X*Y =( x 1 ,x 2 ,x 3 ,x 4 )*( y 1 ,y 2 ,y 3 ,y 4 )
=( e(x 1 ,y 3 ),e(x 1 ,y 4 ),e(x 2 ,y 3 ),e(x 2 ,y 4 ) )
recording: e (x) 1 ,y 3 )= h 213 ,e(x 1 ,y 4 )= h 214 ,e(x 2 ,y 3 )= h 223 ,e(x 2 ,y 4 )= h 224 And then:
Figure 95678DEST_PATH_IMAGE020
in combination with the above h 213 、h 214 、h 223 And h 224 Can be simplified by the expression of 213 Obtaining:
Figure 328076DEST_PATH_IMAGE021
namely:
Figure 302985DEST_PATH_IMAGE022
based on g obtained above mm' Can utilize the first private key s 1 And a second private key, which obtains a corresponding decryption result (i.e., mm') by solving the ECDLP problem. If the decryption result is consistent with the calculation result obtained by directly performing the multiplication operation on the first target data m and the second target data m', the homomorphic multiplication result obtained by performing the homomorphic multiplication operation on the first ciphertext data X and the second ciphertext data Y is correct; on the contrary, if the decryption result is not consistent with the calculation result obtained by directly multiplying the first target data m and the second target data m', it indicates that the homomorphic multiplication result obtained by homomorphic multiplying the first ciphertext data X and the second ciphertext data Y is wrong.
Under the condition that the encryption hierarchies corresponding to the first target data m and the second target data m 'are both the second encryption hierarchy, in this case, the first ciphertext data X and the second ciphertext data Y obtained by homomorphically encrypting the first target data m and the second target data m' respectively have the following specific expression forms:
Figure 240242DEST_PATH_IMAGE023
based on the above-mentioned content related to step 2032, in this case, only the homomorphic addition operation can be performed on the first ciphertext data X and the second ciphertext data Y, and specifically, the homomorphic multiplication result obtained by performing the homomorphic addition operation on the first ciphertext data X and the second ciphertext data Y is as follows:
X+Y =( x 5 ,x 6 ,x 7 ,x 8 )+( y 5 ,y 6 ,y 7 ,y 8 )
=( x 5 ∙y 5 ,x 6 ∙y 6 ,x 7 ∙y 7 ,x 8 ∙y 8 )
recording: x is the number of 5 ∙y 5 =h 5 ,x 6 ∙y 6 =h 6 ,x 7 ∙y 7 =h 7 ,x 8 ∙y 8 =h 8
Combining the specific representation forms of the first ciphertext data X and the second ciphertext data Y, it is easy to see that only X in the homomorphic multiplication result is in the homomorphic multiplication result 5 ∙y 5 Carries the first target data m and the second target data m', so that when the homomorphic multiplication result is decrypted, the corresponding private key can be used for x 5 ∙y 5 Decryption is performed. Specifically, from
Figure 591588DEST_PATH_IMAGE024
Based on this formula, in combination with h 6 、h 7 And h 8 Can be simplified by a specific expression form (not specifically shown in the embodiment) 5 Obtaining:
Figure 412914DEST_PATH_IMAGE025
wherein s is 1 、s 2 Respectively representing a first private key s and a second private key, based on the reduced expression 1 And a first private key s 2 The corresponding decryption result (i.e., m + m') is obtained by solving the ECDLP problem. If the decryption result is consistent with the calculation result obtained by directly adding the first target data m and the second target data m', the homomorphic addition result obtained by homomorphic adding the first ciphertext data X and the second ciphertext data Y is correct; on the other hand, if the decryption result does not match the calculation result obtained by directly adding the first target data m and the second target data m', the homomorphic addition operation obtained by homomorphically adding the first ciphertext data X and the second ciphertext data Y is describedThe result is wrong.
Based on the related content of homomorphic operation on ciphertext data (that is, the related content to fig. 3) described above, an embodiment of the present application further provides a polynomial calculation method, which is provided to implement the privacy calculation of a polynomial. Specifically, fig. 4 shows a schematic flowchart of a polynomial computing method provided in an embodiment of the present application, and as shown in fig. 4, the polynomial computing method includes the following steps:
301. acquiring a target polynomial; wherein the target polynomial is a finite quadratic polynomial;
302. determining a plurality of terms contained in the target polynomial and operational relations among the plurality of terms;
303. according to the data processing method provided by the embodiment of the present application shown in fig. 2, each item in the multiple items is encrypted at the first level to obtain ciphertext data corresponding to each item;
304. based on the operation relationship among the multiple items and the data processing method provided by the embodiment of the present application shown in fig. 3 above, homomorphic operation is performed on ciphertext data corresponding to each item to obtain a homomorphic operation result;
305. and determining the calculation result of the target polynomial according to the homomorphic operation result.
In the above 301 to 302, the target polynomial is a finite quadratic polynomial; the second-order polynomial is a polynomial in which the number of terms of the polynomial exceeds 1 and the highest power is 2. Specifically, assuming that the target polynomial is f (z, w), the expression form of the target polynomial may be as follows:
Figure 824304DEST_PATH_IMAGE026
wherein z is i 、w i For the terms contained in the target polynomial f (z, w), the operational relationship between the different terms includes addition operation and multiplication operation.
For a specific implementation of the aforementioned 303, performing the first-level encryption on each item in the multiple items included in the target polynomial, reference may be made to corresponding contents in the foregoing embodiments, and details are not described here again. It can be known by combining the corresponding contents of the above embodiments that, here, each item in the plurality of items is encrypted at the first level, that is, the encryption level corresponding to each item in the plurality of items is the first encryption level, in this case, each item is encrypted homomorphically according to the content related to step 1031 described above, so as to obtain ciphertext data corresponding to each item.
In 304, the plurality of items may be grouped based on the operation relationship among the plurality of items to obtain at least one group item; then, according to the data processing method provided in the embodiment of the present application and shown in fig. 3, homomorphic operation is performed on the ciphertext data corresponding to the items included in each group of items, so as to obtain homomorphic operation results corresponding to each group of items, and then the calculation result of the target polynomial is determined according to the homomorphic operation results corresponding to each group of items. Based on this, in an embodiment, the aforementioned 304 "performing homomorphic operation on ciphertext data corresponding to each item to obtain a homomorphic operation result based on the operation relationship among the plurality of items and the data processing method provided in the embodiment of the present application shown in fig. 3 above" may specifically include:
3041. grouping the items based on the operational relationship among the items to obtain at least one group item; wherein the at least one group item comprises one or more group items of: the number of terms is not less than two, the operational relationship among the terms is a first group of terms of addition operation, the number of terms is equal to two, the operational relationship among the terms is a second group of terms of multiplication operation, and the number of terms is equal to a third group of terms of one;
3042. according to the data processing method provided by the embodiment of the present application and shown in fig. 3 above, homomorphic addition operation is performed on ciphertext data corresponding to multiple items in the first group of items, so as to obtain homomorphic operation results corresponding to the first group of items;
3043. according to the data processing method provided by the embodiment of the present application shown in fig. 3, homomorphic multiplication operation is performed on ciphertext data corresponding to two items in the second group of items, so as to obtain homomorphic operation results corresponding to the second group of items;
3044. taking the ciphertext data corresponding to one item in the third group of items as a homomorphic operation result corresponding to the third group of items;
wherein, the operation relation among the at least one group of terms is addition operation.
For better understanding of the descriptions 3041 to 3044, the target polynomials f (z, w) set in 301 to 302 are assumed to be followed, and the terms (i.e., z) included in the target polynomials f (z, w) are assumed to be i 、w i ) After the first layer of encryption, z is obtained i 、w i The ciphertext data are Enc (z) i )、Enc(w i ) The examples are given.
Example one, the plurality of terms included in the target polynomial f (z, w) are grouped based on an operational relationship between the plurality of terms included in the target polynomial f (z, w), and each of the n group terms obtained contains two terms (i.e., z, w) i 、w i ) And the operational relationship between the two terms is the set of terms of the multiplication operation, i.e., each of the n set of terms is the second set of terms. The expression form of the ith group item in the n group items is recorded as { z i , w i And then n groups of items are specifically: { z 1 , w 1 }、{ z 2 , w 2 }、.......、{ z i , w i }、.......、{ z n-1 ,w n-1 }、{ z n , w n }; wherein, the operation relation among the n group terms is addition operation; as described in the above step 3043, for the ith group item { z i , w i Ciphertext data (i.e., z) corresponding to two of the items in (i.e., the items in) the i Item-corresponding ciphertext data Enc (z) i ) And w i Item-corresponding ciphertext data Enc (w) i ) Performing homomorphic multiplication operation to obtain the ith group term { z i ,w i The corresponding homomorphic operation result f zwi Is expressed in the form of: f. of zwi =Enc(z i )*Enc(w i ). On the pair ciphertext data Enc (z) i ) And ciphertext data Enc (w) i ))The specific operation procedure for performing the homomorphic multiplication operation may refer to the content described above in connection with step 2032'.
Example two, assume that the concrete expression form of the target polynomial f (z, w) is: f (z, w) =1+2+3 × 5. Then, based on the operation relationship among the terms (i.e. 1, 2, 3, 5) contained in the target polynomial f (z, w), the terms contained in the target polynomial f (z, w) are grouped, two sets of terms, i.e. {1, 2} and {3, 5} are obtained, and the operation relationship between the two sets of terms, i.e. {1, 2} and {3, 5} is an addition operation; wherein, the operation relation between two terms of 1 and 2 in the {1, 2} group term is addition operation, and the operation relation between two terms of 3 and 5 in the {3, 5} group term is multiplication operation. According to the description of the above step 3042, homomorphic addition operation is performed on the ciphertext data corresponding to two items 1 and 2 in {1, 2} (i.e., the ciphertext data Enc (1) and the ciphertext data Enc (2)), so as to obtain homomorphic operation result f corresponding to the {1, 2} group item 12 Is expressed in the form of: f. of 12 = Enc (1) + Enc (2); and according to the content described in the above step 3043, performing homomorphic multiplication operation on the ciphertext data (i.e., the ciphertext data Enc (3) and the ciphertext data Enc (5)) corresponding to two items, namely 3 and 5 in {3, 5}, to obtain a homomorphic operation result f corresponding to the {3, 5} group item 35 Is expressed in the form of: f. of 35 = Enc (3) × Enc (5). The specific process of homomorphic addition operation on the ciphertext data Enc (1 and the ciphertext data Enc (2)) may refer to the content described above in connection with step 2031, and the specific process of homomorphic multiplication operation on the ciphertext data Enc (3) and the ciphertext data Enc (5) may refer to the content described above in connection with step 2032'.
Example three, assume that the concrete expression form of the target polynomial f (z, w) is: f (z, w) =1+3 × 5+4 × 6, the plurality of entries included in the target polynomial f (z, w) are grouped based on the operational relationship among the plurality of entries (i.e., 1, 3, 5, 4, 6) included in the target polynomial f (z, w), and the operational relationship among three groups of entries, i.e., {1}, {3, 5} and {4,6}, {1}, {3, 5}, and {4,6} is obtained, and the operational relationship among two entries included in each of the two groups of {3, 5} and {4,6} is obtained by addition, and the operational relationship among two entries included in each of the two groups of {3, 5} and {4,6} is obtained by multiplying the operational relationship among the plurality of entries included in the target polynomial f (z, w)And (4) carrying out arithmetic operation. Wherein, the ciphertext data Enc (1) corresponding to one item (namely 1) in the group of items {1}, namely, the homomorphic operation result f corresponding to the group of items {1}, is 1 I.e. f 1 = Enc (1). According to the description of the above step 3043, homomorphic multiplication operation is performed on the ciphertext data corresponding to two items, namely, 3 and 5 in {3, 5} (i.e., the ciphertext data Enc (3) and the ciphertext data Enc (5)), and the homomorphic multiplication operation is performed on the ciphertext data corresponding to two items, namely, 4 and 6 in {4,6} (i.e., the ciphertext data Enc (4) and the ciphertext data Enc (6)), so as to obtain homomorphic operation result f corresponding to the group item of {3, 5}, respectively 35 Is expressed in the form of: f. of 35 Homomorphic operation result f corresponding to group item of = Enc (3) × Enc (5) {4,6}, and 46 is expressed in the form of: f. of 46 = Enc (4) × Enc (6). The specific operation processes of performing homomorphic multiplication on the ciphertext data Enc (3) and the ciphertext data Enc (5), and performing homomorphic multiplication on the ciphertext data Enc (4) and the ciphertext data Enc (6) respectively may refer to the contents described above in connection with step 2032'.
In an implementation solution, the aforementioned 305 "determining the calculation result of the target polynomial according to the homomorphic operation result" may specifically include:
3051. according to the data processing method provided by the embodiment of the present application and shown in fig. 3 above, homomorphic addition operation is performed on homomorphic operation results corresponding to each group item in the at least one group item, so as to obtain a group item addition homomorphic operation result;
3052. according to the data processing method provided by the embodiment of the present application shown in fig. 2, a second-level encryption is performed on the group item addition homomorphic operation result to obtain ciphertext data corresponding to the group item addition homomorphic operation result;
3053. and using the ciphertext data corresponding to the homomorphic operation result of the item group addition as the calculation result of the target polynomial.
In order to better understand the contents described in the above 3051 to 3053, the following description will be given by taking the example one listed in the above description for the steps 3041 to 3044 as an example.
For example, pressThe data processing method provided in an embodiment of the present application illustrated in fig. 3 above is for { z } 1 , w 1 }、{ z 2 , w 2 }、...、{ z i , w i }、...、{ z n-1 ,w n-1 And { z } n , w n Homomorphic addition operation is carried out on homomorphic operation results corresponding to each group item in the n group items, and the obtained group item addition homomorphic operation result F zw_1 The expression of (A) is as follows:
F zw_1 =Enc(z 1 )*Enc(w 2 )+Enc(z 2 )*Enc(w 2 )+.......+Enc(z n )*Enc(w n )
=f zw1 +f zw2 +....+f zwn
namely:
Figure 980347DEST_PATH_IMAGE027
related to f zw1 、f zw2 、....、f zwn The specific process of performing the homomorphic addition operation may refer to the content related to step 2031 described above, and is not described herein again.
Further, in the data processing method provided by an embodiment of the present application as shown in fig. 2 above, the homomorphic operation result F is added to the set of items zw_1 Performing second-level encryption to obtain ciphertext data Enc (F) corresponding to the group of addition homomorphic operation results zw_1 ) Thereafter, the ciphertext data Enc (F) zw_1 ) I.e. the result of the calculation of the target polynomial f (z, w). Result F of homomorphic operation on addition of pair terms zw_1 The specific implementation process of the second-level encryption may refer to the content related to step 1032 described above, and is not described in detail here.
Here, it should be added that: note Enc (F) zw_1 )=F zw_2 Then utilize the corresponding private key pair F zw_2 The decryption result obtained by decryption is compared with the corresponding private key pair F zw_2 The decryption result obtained by decrypting is the same. Namely, the following steps are included:
Dec( F zw_2 )=Dec( F zw_1 ) Where Dec denotes the decryption operator.
In another implementation, the aforementioned 305 "determining the calculation result of the target polynomial according to the homomorphic operation result" may specifically include:
3051', according to the data processing method provided in the embodiment of the present application and shown in fig. 2, performing second-level encryption on homomorphic operation results corresponding to each group item in the at least one group item to obtain ciphertext data corresponding to the homomorphic operation results corresponding to each group item;
3052', according to the data processing method provided in the embodiment of the present application and shown in fig. 3, performing homomorphic addition operation on ciphertext data corresponding to homomorphic operation results corresponding to each group of items to obtain a group item addition homomorphic operation result;
3053' and using the result of the set term addition homomorphic operation as the calculation result of the target polynomial.
In order to better understand the contents described in 3051 '-3053', the following example is given by taking the example two listed in the above descriptions for steps 3041-3044 as an example.
In the above example two, the homomorphic operation result corresponding to the group term of the target polynomial f (z, w) =1+2+3 × 5, {1, 2} is f 12 And the homomorphic result corresponding to the {3, 5} group entry is f 35 Wherein, f 12 =Enc(1)+Enc(2),f 35 = Enc (3) × Enc (5). Referring to fig. 5, in the data processing method according to the embodiment of the present application shown in fig. 2, the homomorphic operation results f are respectively obtained 12 Homomorphic operation result f 35 After the second layer of encryption is performed, a homomorphic operation result f is obtained 12 Corresponding ciphertext data Enc (f) 12 ) And homomorphic operation result f 35 Corresponding ciphertext data Enc (f) 35 ). Further, according to the data processing method provided in the embodiment of the present application shown in fig. 3, the ciphertext data Enc (f) is processed 12 ) And ciphertext data Enc (f) 35 ) Performing homomorphic addition operation to obtain homomorphic operation result F of group term addition (12_35)_2 I.e. the calculation result of the target polynomial f (z, w) =1+2+3 × 5. Wherein, F (12_35)_2 =Enc( f 12 )+Enc( f 35 )。
On the result f of homomorphic operation 12 Homomorphic operation result f 35 The specific implementation of the second level of encryption may be as described above in connection with step 1032. But on the pair of ciphertext data Enc (f) 12 ) And ciphertext data Enc (f) 35 ) The specific implementation of performing the homomorphic addition operation may refer to the content described above in connection with step 2032.
According to the technical scheme provided by the embodiment, after a target polynomial which is a limited quadratic polynomial is obtained, a plurality of terms contained in the target polynomial and an operational relationship among the terms are determined; performing a first-level encryption on each item in the plurality of items according to the data processing method provided in an embodiment of the present application shown in fig. 2, so as to obtain ciphertext data corresponding to each item; further, based on the operation relationship among the plurality of terms and the data processing method provided in the embodiment of the present application as shown in fig. 3, homomorphic operation is performed on the ciphertext data corresponding to each term to obtain a corresponding homomorphic operation result, so as to determine the calculation result of the target polynomial according to the homomorphic operation result. The scheme provided by the embodiment can effectively improve the encryption performance of each item in the quadratic polynomial, and simultaneously realizes the privacy calculation of the quadratic polynomial, and the calculation efficiency is high. In addition, for the quadratic polynomial, any number of times of homomorphic addition calculation of ciphertext data and any number of times of homomorphic multiplication calculation of ciphertext data may be calculated, in other words, ciphertext data corresponding to a term in the quadratic polynomial may participate in any number of times of homomorphic addition calculation and any number of times of homomorphic multiplication calculation.
Fig. 6 shows a block diagram of a data processing apparatus according to an embodiment of the present application. As shown in fig. 6, the data processing apparatus includes: a determining module 41, an obtaining module 42 and an encrypting module 43; wherein,
a determining module 41, configured to determine an encryption parameter for homomorphic encryption of target data;
an obtaining module 42, configured to obtain an encryption hierarchy corresponding to the target data; the encryption level is an Nth encryption level used for reflecting the Nth encryption of the target data, and N is not more than two;
and an encryption module 43, configured to perform homomorphic encryption on the target data based on the encryption parameter and the encryption hierarchy to obtain ciphertext data corresponding to the target data.
Further, when the determining module 41 is configured to determine an encryption parameter for homomorphic encrypting the target data, it is specifically configured to: acquiring respective generating elements of the two addition cyclic groups; determining a homomorphic private key; determining a homomorphic public key based on the generator and the homomorphic private key; determining a plurality of elements contained in a multiplication cyclic group by using the homomorphic public key and the generator; wherein the two addition cycle groups and the multiplication cycle group satisfy a bilinear mapping.
Further, the encryption module 43, when configured to perform homomorphic encryption on the target data based on the encryption parameter and the encryption hierarchy to obtain ciphertext data corresponding to the target data, is specifically configured to: under the condition that the encryption hierarchy is a first encryption hierarchy, homomorphic encryption is carried out on the target data based on the generator and the homomorphic public key to obtain the ciphertext data; and under the condition that the encryption hierarchy is a second encryption hierarchy, homomorphic encryption is carried out on the target data based on the plurality of elements to obtain the ciphertext data.
Further, the homomorphic public key includes a first public key and a second public key, and the two addition cyclic groups include a first addition cyclic group and a second addition cyclic group; and, the encryption module 43, when configured to perform homomorphic encryption on the target data based on the generator and the homomorphic public key to obtain the ciphertext data, is specifically configured to: generating a first random number and a second random number; encrypting the target data by using the first random number, the first generator of the first addition cycle group and the first public key to obtain a first ciphertext; determining a second ciphertext based on the first random number and the first generator; encrypting the target data by using the second random number, the second generator of the second addition cycle group and the second public key to obtain a third ciphertext; determining a fourth ciphertext based on the second random number and the second generator; and determining the ciphertext data according to the first ciphertext, the second ciphertext, the third ciphertext and the fourth ciphertext.
Further, the plurality of elements include: a first element, a second element, a third element, and a fourth element; accordingly, when the encrypting module 43 is configured to perform homomorphic encryption on the target data based on the multiple elements to obtain the ciphertext data, it is specifically configured to: generating a third random number, a fourth random number and a fifth random number; encrypting the target data by using the first element, the fourth element and the fifth random number to obtain a fifth ciphertext; determining a sixth ciphertext based on the second element and the third random number; determining a seventh ciphertext based on the third element and the fourth random number; determining an eighth ciphertext based on the first element, the third nonce, the fourth nonce, and the fifth nonce; and determining the ciphertext data according to the fifth ciphertext, the sixth ciphertext, the seventh ciphertext and the eighth ciphertext.
Further, the homomorphic private key comprises a first private key and a second private key; and, the data processing apparatus provided by this embodiment further includes: a decryption module, configured to decrypt the ciphertext data using the first private key or the second private key when the ciphertext data is obtained by homomorphically encrypting the target data based on the generator and the homomorphic public key; and when the ciphertext data is obtained by homomorphically encrypting the target data based on the plurality of elements, decrypting the ciphertext data by using the first private key and the second private key.
Here, it should be noted that: the data processing apparatus provided in the foregoing embodiment may implement the technical solution described in the foregoing data processing method embodiment shown in fig. 2, and the specific implementation principle of each module or unit may refer to the corresponding content in the foregoing data processing method embodiment shown in fig. 2, and is not described herein again.
Fig. 7 shows a block diagram of a data processing apparatus according to another embodiment of the present application. As shown in fig. 7, the data processing apparatus includes: an acquisition module 51, a determination module 52 and an operation module 53; wherein,
an obtaining module 51, configured to obtain first ciphertext data and second ciphertext data; the first ciphertext data and the second ciphertext data are obtained by performing homomorphic encryption on first target data and second target data respectively according to the data processing method provided in an embodiment of the present application and shown in fig. 2;
a determining module 52, configured to determine an encryption hierarchy corresponding to first target data corresponding to the first ciphertext data and an encryption hierarchy corresponding to second target data corresponding to the second ciphertext data;
and an operation module 53, configured to perform homomorphic operation on the first ciphertext data and the second ciphertext data according to the encryption hierarchy corresponding to the first target data and the encryption hierarchy corresponding to the second target data.
Further, the homomorphic operation includes at least one of: homomorphic addition operation and homomorphic multiplication operation; the number of ciphertexts contained in the first ciphertext data is the same as that of the ciphertexts contained in the second ciphertext data, and the two ciphertexts with the same ciphertext sequencing position in the first ciphertext data and the second ciphertext data have a corresponding relation; and the operation module 53, when configured to perform homomorphic addition operation on the first ciphertext data and the second ciphertext data according to the encryption hierarchy corresponding to the first target data and the encryption hierarchy corresponding to the second target data, is specifically configured to: when the encryption hierarchy corresponding to the first target data and the encryption hierarchy corresponding to the second target data are both the first encryption hierarchy, according to the corresponding relation between the ciphertext in the first ciphertext data and the ciphertext in the second ciphertext data, adding the ciphertext in the first ciphertext data and the ciphertext in the second ciphertext data which have the corresponding relation; and when the encryption hierarchy corresponding to the first target data and the encryption hierarchy corresponding to the second target data are both the second encryption hierarchy, performing dot product operation on the ciphertext in the first ciphertext data and the ciphertext in the second ciphertext data, which have a corresponding relationship, according to the corresponding relationship between the ciphertext in the first ciphertext data and the ciphertext in the second ciphertext data.
Further, the operation module 53 is configured to perform homomorphic multiplication on the first encrypted data and the second encrypted data according to the encryption hierarchy corresponding to the first target data and the encryption hierarchy corresponding to the second target data, and includes: determining whether the encryption level corresponding to the first target data and the encryption level corresponding to the second target data are both the first encryption level; and when the first encryption hierarchy is determined, performing homomorphic multiplication operation on the first ciphertext data and the second ciphertext data by using the first two ciphertexts with the front positions in the first ciphertext data and the second two ciphertexts with the rear positions in the second ciphertext data.
Further, the operation module 53 is specifically configured to, when being configured to perform homomorphic multiplication on the first ciphertext data and the second ciphertext data by using the first two ciphertexts with the front positions in the first ciphertext data and the second two ciphertexts with the rear positions in the second ciphertext data, perform: performing bilinear mapping calculation on one ciphertext in the first ciphertext data with the first ciphertext data at the front position and the second ciphertext data at the rear position in the second ciphertext data; and performing bilinear mapping calculation on the other ciphertext in the first ciphertext data and the last two ciphertexts in the first ciphertext data.
Further, the operation module 53 is further configured to perform different homomorphic multiplication operations on the first ciphertext data and the second ciphertext data when it is determined that both of the first ciphertext hierarchy and the second ciphertext hierarchy are not the first encryption hierarchy.
Here, it should be noted that: the data processing apparatus provided in the foregoing embodiment may implement the technical solution described in the foregoing data processing method embodiment shown in fig. 3, and the specific implementation principle of each module or unit may refer to the corresponding content in the foregoing data processing method embodiment shown in fig. 3, and is not described herein again.
Fig. 8 shows a block diagram of a polynomial computing device according to an embodiment of the present application. As shown in fig. 8, the polynomial computing device includes: an acquisition module 61, a determination module 62, an encryption module 63 and an operation module 64; wherein,
an obtaining module 61, configured to obtain a target polynomial; wherein the target polynomial is a finite quadratic polynomial;
a determining module 62, configured to determine a plurality of terms included in the target polynomial and an operational relationship among the plurality of terms;
an encryption module 63, configured to perform first-level encryption on each item in the multiple items according to the data processing method provided in an embodiment of the present application shown in fig. 2, to obtain ciphertext data corresponding to each item;
an operation module 64, configured to perform homomorphic operation on ciphertext data corresponding to each item based on the operation relationship among the multiple items and the data processing method provided in another embodiment of the present application shown in fig. 3, so as to obtain a homomorphic operation result;
the determining module 62 is further configured to determine a calculation result of the target polynomial according to the homomorphic operation result.
Further, the operational relationship includes at least one of the following: addition operation and multiplication operation; and (c) a second step of,
when the operation module 64 is configured to perform homomorphic operation on ciphertext data corresponding to each item based on the operation relationship among the multiple items and the data processing method provided in another embodiment of the present application and shown in fig. 3, to obtain a homomorphic operation result, specifically configured to: grouping the items according to the operational relationship among the items to obtain at least one group item; wherein the at least one group item comprises one or more of the following group items: the number of terms is not less than two, the operational relationship among the terms is a first group of terms of addition operation, the number of terms is equal to two, the operational relationship among the terms is a second group of terms of multiplication operation, and the number of terms is equal to a third group of terms of one; according to the data processing method provided in another embodiment of the present application shown in fig. 3, homomorphic addition operation is performed on ciphertext data corresponding to a plurality of items in the first group of items, so as to obtain homomorphic operation results corresponding to the first group of items; according to the data processing method provided by another embodiment of the present application shown in fig. 3, homomorphic multiplication operation is performed on ciphertext data corresponding to two items in the second group of items, so as to obtain homomorphic operation results corresponding to the second group of items; taking the ciphertext data corresponding to one item in the third group of items as a homomorphic operation result corresponding to the third group of items; wherein, the operation relation among at least one group of terms is addition operation.
Further, the determining module 62, when configured to determine the calculation result of the target polynomial according to the homomorphic operation result, is specifically configured to: according to the data processing method provided in another embodiment of the present application shown in fig. 3, homomorphic addition operation is performed on homomorphic operation results corresponding to each group item in the at least one group item, so as to obtain a group item addition homomorphic operation result; according to the data processing method provided by another embodiment of the present application shown in fig. 2, a second-level encryption is performed on the result of the group addition homomorphic operation to obtain ciphertext data corresponding to the result of the group addition homomorphic operation; and using the ciphertext data corresponding to the homomorphic operation result of the item group addition as the calculation result of the target polynomial.
Further, the determining module 62, when configured to determine the calculation result of the target polynomial according to the homomorphic operation result, is specifically configured to: according to the data processing method provided in another embodiment of the present application shown in fig. 2, a second-level encryption is performed on homomorphic operation results corresponding to each group of items in the at least one group of items, so as to obtain ciphertext data corresponding to the homomorphic operation results corresponding to each group of items; according to the data processing method provided in another embodiment of the present application shown in fig. 3, homomorphic addition operation is performed on ciphertext data corresponding to homomorphic operation results corresponding to each group of items, so as to obtain a group item addition homomorphic operation result; and taking the homomorphic operation result of the group term addition as the calculation result of the target polynomial.
Here, it should be noted that: the polynomial computing apparatus provided in the foregoing embodiment may implement the technical solution described in the polynomial computing method embodiment shown in fig. 4, and the specific implementation principle of each module or unit may refer to the corresponding content in the polynomial computing method embodiment shown in fig. 3, which is not described herein again.
Fig. 9 is a schematic structural diagram of an electronic device according to an embodiment of the present application. As shown in fig. 9, the electronic device includes a memory 71 and a processor 72. Wherein the memory 71 is configured to store one or more computer instructions; the processor 72 is coupled to the memory 71, and is used for one or more computer instructions (such as computer instructions implementing data storage logic) to implement the steps in the data processing method or the polynomial calculation method provided in the embodiments of the present application.
The memory 71 may be implemented by any type or combination of volatile or non-volatile memory devices, such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disks.
Further, as shown in fig. 9, the electronic device further includes: communication components 73, a display 74, power components 75, and audio components 76, among other components. Only some of the components are schematically shown in fig. 9, and the electronic device is not meant to include only the components shown in fig. 9.
Yet another embodiment of the present application provides a computer program product (not shown in any figure of the drawings). The computer program product comprises computer programs or instructions which, when executed by a processor, cause the processor to carry out the steps in the above-described method embodiments.
Accordingly, the present application further provides a computer-readable storage medium storing a computer program, where the computer program can implement the method steps or functions provided by the foregoing embodiments when executed by a computer.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. Based on the understanding, the above technical solutions substantially or otherwise contributing to the prior art may be embodied in the form of a software product, which may be stored in a computer-readable storage medium, such as ROM/RAM, magnetic disk, optical disk, etc., and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the method according to the various embodiments or some parts of the embodiments.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solutions of the present application, and not to limit the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions in the embodiments of the present application.

Claims (15)

1. A data processing method, comprising:
determining an encryption parameter for homomorphic encryption of target data; the encryption parameters include: the generator, homomorphic public key and multiple elements in the multiplication cyclic group of the two addition cyclic groups; the homomorphic public key is determined based on the generator and a homomorphic private key; any element in the plurality of elements is determined by at least one of the homomorphic public key and the generator; the two addition cycle groups and the multiplication cycle group satisfy bilinear mapping;
acquiring an encryption layer corresponding to the target data; the encryption level is an Nth encryption level and is used for reflecting the Nth encryption of the target data, and N is a positive integer not greater than two;
if the encryption hierarchy is a first encryption hierarchy, homomorphic encryption is carried out on the target data based on the generator and the homomorphic public key to obtain ciphertext data corresponding to the target data;
and if the encryption hierarchy is a second encryption hierarchy, homomorphic encryption is carried out on the target data based on a plurality of elements in the multiplication cycle group, so as to obtain ciphertext data corresponding to the target data.
2. The method of claim 1, wherein the homomorphic public key comprises a first public key and a second public key, and the two addition rounds comprise a first addition round and a second addition round; the plurality of elements includes: a first element, a second element, a third element, and a fourth element;
the first element is obtained by carrying out bilinear mapping calculation on a first generating element of the first addition cycle group and a second generating element of the second addition cycle group;
the second element is obtained by performing bilinear mapping calculation on the first generator and the second public key;
the third element is obtained by performing bilinear mapping calculation on the first public key and the second generator;
the fourth element is obtained by performing bilinear mapping calculation on the first public key and the second public key.
3. The method according to claim 2, wherein homomorphic encrypting the target data based on the generator and the homomorphic public key to obtain ciphertext data corresponding to the target data comprises:
generating a first random number and a second random number;
encrypting the target data by using the first random number, the first generator of the first addition cycle group and the first public key to obtain a first ciphertext;
determining a second ciphertext based on the first random number and the first generator;
encrypting the target data by using the second random number, a second generator of the second addition cycle group and the second public key to obtain a third ciphertext;
determining a fourth ciphertext based on the second random number and the second generator;
and determining the ciphertext data according to the first ciphertext, the second ciphertext, the third ciphertext and the fourth ciphertext.
4. The method of claim 2, wherein homomorphically encrypting the target data based on a plurality of elements in the multiplication cycle group to obtain ciphertext data corresponding to the target data comprises:
generating a third random number, a fourth random number and a fifth random number;
encrypting the target data by using the first element, the fourth element and the fifth random number to obtain a fifth ciphertext;
determining a sixth ciphertext based on the second element and the third random number;
determining a seventh ciphertext based on the third element and the fourth random number;
determining an eighth ciphertext based on the first element, the third nonce, the fourth nonce, and the fifth nonce;
and determining the ciphertext data according to the fifth ciphertext, the sixth ciphertext, the seventh ciphertext and the eighth ciphertext.
5. The method of any of claims 1 to 4, wherein the homomorphic private key comprises a first private key and a second private key; and
the method further comprises the following steps:
when the ciphertext data is obtained by homomorphically encrypting the target data based on the generator and the homomorphic public key, decrypting the ciphertext data by using the first private key or the second private key;
and when the ciphertext data is obtained by homomorphically encrypting the target data based on the plurality of elements, decrypting the ciphertext data by using the first private key and the second private key.
6. A data processing method, comprising:
acquiring first ciphertext data and second ciphertext data; the first ciphertext data and the second ciphertext data are obtained by performing homomorphic encryption on first target data and second target data respectively according to the data processing method of any one of claims 1 to 5;
determining an encryption level corresponding to first target data corresponding to the first ciphertext data and an encryption level corresponding to second target data corresponding to the second ciphertext data;
and homomorphic operation is carried out on the first ciphertext data and the second ciphertext data according to the encryption level corresponding to the first target data and the encryption level corresponding to the second target data.
7. The method of claim 6, wherein the homomorphic operation comprises at least one of: homomorphic addition operation and homomorphic multiplication operation; the number of ciphertexts contained in the first ciphertext data is the same as that of the ciphertexts contained in the second ciphertext data, and the two ciphertexts with the same ciphertext sequencing position in the first ciphertext data and the second ciphertext data have a corresponding relation; and (c) a second step of,
according to the encryption hierarchy corresponding to the first target data and the encryption hierarchy corresponding to the second target data, homomorphic addition operation is carried out on the first ciphertext data and the second ciphertext data, and the homomorphic addition operation comprises the following steps:
when the encryption hierarchy corresponding to the first target data and the encryption hierarchy corresponding to the second target data are both the first encryption hierarchy, according to the corresponding relation between the ciphertext in the first ciphertext data and the ciphertext in the second ciphertext data, adding the ciphertext in the first ciphertext data and the ciphertext in the second ciphertext data which have the corresponding relation;
and when the encryption hierarchy corresponding to the first target data and the encryption hierarchy corresponding to the second target data are both the second encryption hierarchy, performing dot product operation on the ciphertext in the first ciphertext data and the ciphertext in the second ciphertext data, which have a corresponding relationship, according to the corresponding relationship between the ciphertext in the first ciphertext data and the ciphertext in the second ciphertext data.
8. The method according to claim 7, wherein performing a homomorphic multiplication operation on the first ciphertext data and the second ciphertext data according to the encryption hierarchy corresponding to the first target data and the encryption hierarchy corresponding to the second target data comprises:
determining whether the encryption layer corresponding to the first target data and the encryption layer corresponding to the second target data are both the first encryption layer;
and when the first encryption level is determined, performing homomorphic multiplication operation on the first ciphertext data and the second ciphertext data by using the first two ciphertexts with the front positions in the first ciphertext data and the second two ciphertexts with the rear positions in the second ciphertext data.
9. The method of claim 8, wherein performing homomorphic multiplication on the first ciphertext data and the second ciphertext data using a first two ciphertexts with a first position in the first ciphertext data and a second two ciphertexts with a second position in the second ciphertext data comprises:
performing bilinear mapping calculation on one ciphertext in the first ciphertext data with the first ciphertext data at the front position and the second ciphertext data at the rear position in the second ciphertext data;
and performing bilinear mapping calculation on the other ciphertext in the first ciphertext data and the last ciphertext in the first ciphertext data.
10. The method of claim 8, further comprising:
and when the situation that the first encryption hierarchy is not the first encryption hierarchy is determined, performing different homomorphic multiplication operation processing on the first ciphertext data and the second ciphertext data.
11. A polynomial computation method, comprising:
acquiring a target polynomial; wherein the target polynomial is a finite quadratic polynomial;
determining a plurality of terms contained in the target polynomial and operational relations among the plurality of terms;
the data processing method according to any one of claims 1 to 5, wherein each of the plurality of items is encrypted at a first encryption level to obtain ciphertext data corresponding to each item;
homomorphic operation is performed on ciphertext data corresponding to each item based on the operation relation among the items and the data processing method according to any one of claims 6 to 10, and homomorphic operation results are obtained;
and determining a calculation result of the target polynomial according to the homomorphic operation result.
12. The method of claim 11, wherein the operational relationship comprises at least one of: addition operation and multiplication operation; and the number of the first and second groups,
based on the operational relationship among the plurality of items and the data processing method according to any one of claims 6 to 10, homomorphic operation is performed on ciphertext data corresponding to each item to obtain a homomorphic operation result, including:
grouping the items according to the operational relationship among the items to obtain at least one group item; wherein,
the at least one group item comprises one or more of the following group items: the number of terms is not less than two, the operational relationship among the terms is a first group of terms of addition operation, the number of terms is equal to two, the operational relationship among the terms is a second group of terms of multiplication operation, and the number of terms is equal to a third group of terms of one;
the data processing method according to any one of claims 6 to 10, wherein homomorphic addition operation is performed on ciphertext data corresponding to a plurality of items in the first group of items to obtain homomorphic operation results corresponding to the first group of items;
the data processing method according to any one of claims 6 to 10, performing homomorphic multiplication operation on ciphertext data corresponding to two items in the second group of items to obtain homomorphic operation results corresponding to the second group of items;
taking the ciphertext data corresponding to one item in the third group of items as a homomorphic operation result corresponding to the third group of items;
wherein, the operation relation among the at least one group of terms is addition operation.
13. The method of claim 12, wherein determining the result of the target polynomial calculation based on the homomorphic operation result comprises:
the data processing method according to any one of claims 6 to 10, wherein homomorphic addition operation is performed on homomorphic operation results corresponding to each group item in the at least one group item to obtain a group item addition homomorphic operation result;
the data processing method according to any one of claims 1 to 5, wherein the result of the group addition homomorphic operation is encrypted at a second encryption level to obtain ciphertext data corresponding to the result of the group addition homomorphic operation;
and using the ciphertext data corresponding to the homomorphic operation result of the item group addition as the calculation result of the target polynomial.
14. The method of claim 12, wherein determining the result of the target polynomial calculation based on the homomorphic operation result comprises:
the data processing method according to any one of claims 1 to 5, wherein the homomorphic operation result corresponding to each group item in the at least one group item is encrypted at a second encryption level to obtain ciphertext data corresponding to the homomorphic operation result corresponding to each group item;
the data processing method according to any one of claims 6 to 10, wherein homomorphic addition operation is performed on ciphertext data corresponding to homomorphic operation results corresponding to each group of items to obtain a group item addition homomorphic operation result;
and taking the homomorphic operation result of the group term addition as the calculation result of the target polynomial.
15. An electronic device, comprising: a memory and a processor, wherein,
the memory for storing one or more computer programs;
the processor, coupled with the memory, configured to execute the one or more computer programs stored in the memory, so as to implement the steps in the data processing method of any one of the preceding claims 1 to 5, or implement the steps in the data processing method of any one of the preceding claims 6 to 10, or implement the steps in the polynomial computing method of any one of the preceding claims 11 to 14.
CN202211016455.3A 2022-08-24 2022-08-24 Data processing method, polynomial calculation method and electronic equipment Active CN115102688B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211016455.3A CN115102688B (en) 2022-08-24 2022-08-24 Data processing method, polynomial calculation method and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211016455.3A CN115102688B (en) 2022-08-24 2022-08-24 Data processing method, polynomial calculation method and electronic equipment

Publications (2)

Publication Number Publication Date
CN115102688A CN115102688A (en) 2022-09-23
CN115102688B true CN115102688B (en) 2022-11-22

Family

ID=83300774

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211016455.3A Active CN115102688B (en) 2022-08-24 2022-08-24 Data processing method, polynomial calculation method and electronic equipment

Country Status (1)

Country Link
CN (1) CN115102688B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115664651B (en) * 2022-10-20 2024-03-08 牛津(海南)区块链研究院有限公司 SM 9-based online and offline encryption and decryption method, system, equipment and medium
CN115549891B (en) * 2022-11-24 2023-03-10 北京信安世纪科技股份有限公司 Homomorphic encryption method, homomorphic decryption method, homomorphic calculation method and equipment
CN115982747B (en) * 2023-03-20 2023-07-14 建信金融科技有限责任公司 A secure multi-party multiplication method based on communication between participants and a trusted third party
CN117595979B (en) * 2023-11-20 2024-07-05 北京信安世纪科技股份有限公司 Data processing method and device
CN118199848A (en) * 2024-04-09 2024-06-14 支付宝(杭州)信息技术有限公司 Method and device for performing hierarchical homomorphic encryption operations

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10075288B1 (en) * 2014-02-28 2018-09-11 The Governing Council Of The University Of Toronto Systems, devices, and processes for homomorphic encryption
CN109643504A (en) * 2016-08-30 2019-04-16 三菱电机株式会社 Encryption system, encryption method and encipheror
CN112822014A (en) * 2021-04-22 2021-05-18 北京信安世纪科技股份有限公司 Data processing method and device, electronic equipment and storage medium
CN114584278A (en) * 2022-02-14 2022-06-03 北京信安世纪科技股份有限公司 Data homomorphic encryption method and device, data transmission method and device
CN114884645A (en) * 2022-07-11 2022-08-09 华控清交信息科技(北京)有限公司 Privacy calculation method and device and readable storage medium

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020006692A1 (en) * 2018-07-04 2020-01-09 深圳大学 Fully homomorphic encryption method and device and computer readable storage medium
US11483139B2 (en) * 2020-08-07 2022-10-25 Bank Of America Corporation System for secure data transmission using fully homomorphic encryption

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10075288B1 (en) * 2014-02-28 2018-09-11 The Governing Council Of The University Of Toronto Systems, devices, and processes for homomorphic encryption
CN109643504A (en) * 2016-08-30 2019-04-16 三菱电机株式会社 Encryption system, encryption method and encipheror
CN112822014A (en) * 2021-04-22 2021-05-18 北京信安世纪科技股份有限公司 Data processing method and device, electronic equipment and storage medium
CN114584278A (en) * 2022-02-14 2022-06-03 北京信安世纪科技股份有限公司 Data homomorphic encryption method and device, data transmission method and device
CN114884645A (en) * 2022-07-11 2022-08-09 华控清交信息科技(北京)有限公司 Privacy calculation method and device and readable storage medium

Non-Patent Citations (6)

* Cited by examiner, † Cited by third party
Title
Efficient and Privacy-Preserving Logistic Regression Scheme based on Leveled Fully Homomorphic Encryption;Chengjin Liu 等;《IEEE INFOCOM 2022 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS)》;20220505;全文 *
Homomorphic Encryption Technology for Cloud Computing;Min Zhao E 等;《8th International Congress of Information and Communication Technology, ICICT 2019 https://doi.org/10.1016/j.procs.2019.06.012》;20190113;全文 *
New Fully Homomorphic Encryption Scheme Based on Multistage Partial Homomorphic Encryption Applied in Cloud Computing;Zainab Hikmat Mahmood 等;《2018 1st Annual International Conference on Information and Sciences (AiCIS)》;20181121;全文 *
SM9私钥分割生成及协同密码计算研究;熊枫;《中国优秀硕士学位论文全文数据库 信息科技辑 2021年第08期》;20210815;全文 *
同态加密技术及其在云计算隐私保护中的应用;李宗育 等;《软件学报(2018年第7期)》;20180731;全文 *
高性能密码适用性分析;秦体红 等;《信息安全与通信保密(2019年第11期)》;20191110;全文 *

Also Published As

Publication number Publication date
CN115102688A (en) 2022-09-23

Similar Documents

Publication Publication Date Title
CN115102688B (en) Data processing method, polynomial calculation method and electronic equipment
US11895231B2 (en) Adaptive attack resistant distributed symmetric encryption
US8429408B2 (en) Masking the output of random number generators in key generation protocols
JP2002543478A (en) Public key signing method and system
US12489620B2 (en) Threshold secret share generation for distributed symmetric cryptography
CN115549891B (en) Homomorphic encryption method, homomorphic decryption method, homomorphic calculation method and equipment
EP4144042B1 (en) Adaptive attack resistant distributed symmetric encryption
CN103973439B (en) A kind of multi-variable public key ciphering method
EP3376706A1 (en) Method and system for privacy-preserving order statistics in a star network
CN114362912A (en) Identification password generation method based on distributed key center, electronic device and medium
Bene et al. Public key infrastructure in the post-quantum era
CN115865348B (en) Data encryption method, homomorphic calculation method and equipment
US20050135610A1 (en) Identifier-based signcryption
Stallings Digital signature algorithms
EP2395698B1 (en) Implicit certificate generation in the case of weak pseudo-random number generators
JP4869824B2 (en) Receiver device, sender device, cryptographic communication system, and program
CN111817853B (en) Signcryption algorithm for post-quantum security
Tahat et al. Hybrid publicly verifiable authenticated encryption scheme based on chaotic maps and factoring problems
Yadav et al. Hybrid cryptography approach to secure the data in computing environment
CN109495478B (en) A distributed secure communication method and system based on blockchain
Parwekar et al. Public auditing: cloud data storage
CN111865578A (en) A Multi-receiver Public Key Encryption Method Based on SM2
CN115314192B (en) Public-key encryption methods, decryption methods, and systems with two independent regulators
CN114221753B (en) Key data processing method and electronic equipment
Rani et al. A novel cryptosystem for files stored in cloud using NTRU encryption algorithm

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant