CN113449325B - Data processing method and device and data processing device - Google Patents

Data processing method and device and data processing device Download PDF

Info

Publication number
CN113449325B
CN113449325B CN202111001704.7A CN202111001704A CN113449325B CN 113449325 B CN113449325 B CN 113449325B CN 202111001704 A CN202111001704 A CN 202111001704A CN 113449325 B CN113449325 B CN 113449325B
Authority
CN
China
Prior art keywords
data
type
calculation
ciphertext
plaintext
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111001704.7A
Other languages
Chinese (zh)
Other versions
CN113449325A (en
Inventor
何昊青
王祥
李艺
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huakong Tsingjiao Information Technology Beijing Co Ltd
Original Assignee
Huakong Tsingjiao Information Technology Beijing Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huakong Tsingjiao Information Technology Beijing Co Ltd filed Critical Huakong Tsingjiao Information Technology Beijing Co Ltd
Priority to CN202111001704.7A priority Critical patent/CN113449325B/en
Publication of CN113449325A publication Critical patent/CN113449325A/en
Application granted granted Critical
Publication of CN113449325B publication Critical patent/CN113449325B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the invention provides a data processing method and device and a device for data processing. The method comprises the following steps: receiving a computing task, wherein the computing task comprises a general computing function; determining a privacy type of the calculation data participating in the general calculation function, wherein the privacy type comprises a plaintext type or a ciphertext type, and the calculation data conforms to a predefined general data type; according to the privacy type, determining a target calculation function which accords with the privacy type and an execution end corresponding to the target calculation function, wherein the target calculation function comprises a plaintext calculation function or a ciphertext calculation function; and executing the target calculation function through the execution end. The embodiment of the invention can improve the calculation efficiency on the basis of ensuring the data privacy safety.

Description

Data processing method and device and data processing device
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a data processing method and apparatus, and an apparatus for data processing.
Background
The mixed calculation system for the plaintext and the ciphertext is a system which can perform plaintext calculation and ciphertext calculation.
Based on the plain text and cipher text mixed computing system, multi-party safe computing can be performed. Multiparty secure computing is a technique for securely computing an engagement function without the computing participants sharing the respective data and without a trusted third party. Through a safe algorithm and a safe protocol, the data in the plaintext form is encrypted or converted by the calculation participator and then provided to other parties, and other calculation participators cannot contact the data in the plaintext form of other parties, so that the safety of the data of each party is ensured.
The system comprises a plaintext calculation function library and a ciphertext calculation function library. Wherein, the function in the plaintext calculation function library is used for calculating the plaintext data; and the functions in the ciphertext calculation function library are used for calculating the ciphertext data. The user needs to select the correct function library only when the user perceives whether the data is plaintext or ciphertext. The user needs to learn two calculation function libraries, and the learning cost is high. If the user is unfamiliar with the two calculation function libraries, the situation that the function library is selected wrongly may occur, and the calculation efficiency or the privacy security of data are affected.
Disclosure of Invention
The embodiment of the invention provides a data processing method and device and a data processing device, which can automatically select a proper computing function for a multi-party safe computing task and improve the computing efficiency on the basis of ensuring the data privacy safety.
In order to solve the above problem, an embodiment of the present invention discloses a data processing method applied to a plaintext and ciphertext hybrid computing system, where the method includes:
receiving a computing task, wherein the computing task comprises a general computing function;
determining a privacy type of the calculation data participating in the general calculation function, wherein the privacy type comprises a plaintext type or a ciphertext type, and the calculation data conforms to a predefined general data type;
according to the privacy type, determining a target calculation function which accords with the privacy type and an execution end corresponding to the target calculation function, wherein the target calculation function comprises a plaintext calculation function or a ciphertext calculation function;
and executing the target calculation function through the execution end.
Optionally, the executing end includes a plaintext end or a ciphertext end, and the executing end executes the target computation function, including:
calling the plaintext calculation function through the plaintext end to perform plaintext calculation on the calculation data of the plaintext type; or
And calling the ciphertext calculation function through the ciphertext end to perform ciphertext calculation on the calculation data of the ciphertext type.
Optionally, the computing task further includes a first conversion instruction for the first data, and the method further includes:
and when the first conversion instruction is executed, converting the privacy type of the first data into a plaintext type.
Optionally, the method further comprises:
sending the first data converted into the plaintext type as result data to a result receiver appointed by the first conversion instruction; or
And sending the first data converted into the plaintext type as calculation data to a plaintext end appointed by the first conversion instruction for calculation.
Optionally, the method further comprises:
respectively performing security audit on codes of the computing task through each participant of the computing task;
and for any participant, when the participant determines that code segments which leak self data exist in the codes of the computing task, refusing to participate in executing the computing task, and sending prompt information.
Optionally, the computing task further includes a second conversion instruction for second data, and the method further includes:
and when the second conversion instruction is executed, converting the privacy type of the second data into a ciphertext type.
Optionally, the method further comprises:
sending the second data converted into the ciphertext type as result data to a result receiver appointed by the second conversion instruction; or
And sending the second data converted into the ciphertext type as calculation data to a ciphertext end appointed by the second conversion instruction for calculation.
Optionally, the general computation function includes at least two pieces of computation data, and determining, according to the privacy type, a target computation function that conforms to the privacy type and an execution end corresponding to the target computation function includes:
obtaining the privacy type and attribution information of each piece of calculation data in the at least two pieces of calculation data;
if the privacy types of the at least two pieces of calculation data are determined to be plaintext types and each piece of calculation data belongs to different participants, converting the privacy type of each piece of calculation data in the at least two pieces of calculation data into a ciphertext type;
and determining that the target calculation function is a ciphertext calculation function, and determining that the execution end of the target calculation function is a ciphertext end.
Optionally, the generic data type includes any one of: a general scalar data type, a general array data type, a general table data type.
Optionally, the execution end includes one of a single plaintext end, a multi-party plaintext end, and a ciphertext end.
On the other hand, the embodiment of the invention discloses a data processing device, which is applied to a plain text and ciphertext hybrid computing system, and the device comprises:
the task receiving module is used for receiving a computing task, and the computing task comprises a general computing function;
the type determining module is used for determining the privacy type of the computing data participating in the general computing function, the privacy type comprises a plaintext type or a ciphertext type, and the computing data conforms to a predefined general data type;
the target determination module is used for determining a target calculation function which accords with the privacy type and an execution end corresponding to the target calculation function according to the privacy type, wherein the target calculation function comprises a plaintext calculation function or a ciphertext calculation function;
and the task execution module is used for executing the target calculation function through the execution end.
Optionally, the execution end includes a plaintext end or a ciphertext end, and the task execution module includes:
the first execution submodule is used for calling the plaintext calculation function through the plaintext terminal and carrying out plaintext calculation on the calculation data of the plaintext type; or
And the second execution submodule is used for calling the ciphertext calculation function through the ciphertext end to perform ciphertext calculation on the calculation data of the ciphertext type.
Optionally, the computing task further includes a first conversion instruction for the first data, and the apparatus further includes:
and the first conversion module is used for converting the privacy type of the first data into a plaintext type when the first conversion instruction is executed.
Optionally, the apparatus further comprises:
the first sending module is used for sending the first data converted into the plaintext type as result data to a result receiver appointed by the first conversion instruction; or
And the second sending module is used for sending the first data converted into the plaintext type as calculation data to a plaintext end appointed by the first conversion instruction for calculation.
Optionally, the apparatus further comprises:
the safety auditing module is used for respectively carrying out safety auditing on codes of the computing task through each participant of the computing task;
and the task rejection module is used for rejecting any participant to participate in executing the computing task and sending prompt information when the participant determines that code segments which leak own data exist in the codes of the computing task.
Optionally, the computing task further includes a second conversion instruction for second data, and the apparatus further includes:
and the second conversion module is used for converting the privacy type of the second data into the ciphertext type when the second conversion instruction is executed.
Optionally, the apparatus further comprises:
the third sending module is used for sending the second data converted into the ciphertext type as result data to a result receiver appointed by the second conversion instruction; or
And the fourth sending module is used for sending the second data converted into the ciphertext type as calculation data to the ciphertext end appointed by the second conversion instruction for calculation.
Optionally, the generic computation function includes at least two computation data, and the target determination module includes:
the information acquisition submodule is used for acquiring the privacy type and the attribution information of each piece of calculation data in the at least two pieces of calculation data;
the data conversion sub-module is used for converting the privacy type of each piece of calculation data in the at least two pieces of calculation data into a ciphertext type if the privacy types of the at least two pieces of calculation data are determined to be plaintext types and each piece of calculation data belongs to different participants;
and the target determining submodule is used for determining the target calculation function as a ciphertext calculation function and determining the execution end of the target calculation function as a ciphertext end.
Optionally, the generic data type includes any one of: a general scalar data type, a general array data type, a general table data type.
Optionally, the execution end includes one of a single plaintext end, a multi-party plaintext end, and a ciphertext end.
In still another aspect, an embodiment of the present invention discloses an apparatus for data processing, applied to a plaintext/ciphertext hybrid computing system, the apparatus including a memory, and one or more programs, wherein the one or more programs are stored in the memory and configured to be executed by one or more processors, and the one or more programs include instructions for performing one or more of the data processing methods described above.
In yet another aspect, an embodiment of the present invention discloses a machine-readable medium having stored thereon instructions which, when executed by one or more processors of an apparatus, cause the apparatus to perform a data processing method as described in one or more of the preceding.
The embodiment of the invention has the following advantages:
the embodiment of the invention defines the data type common to the plaintext data and the calculation function common to the plaintext data and the plaintext data in the plaintext and ciphertext mixed calculation system. The plaintext and ciphertext mixed computing system can receive a computing task issued by a user, wherein the computing task comprises a general computing function to be executed, and computing data of the general computing function conforms to a predefined general data type. And the clear text and ciphertext mixed computing system automatically determines a target computing function conforming to the privacy type and an execution end corresponding to the target computing function according to the privacy type of the computing data, and executes the target computing function through the execution end. In the whole calculation process, a user does not need to perceive whether the calculation data is plaintext data or ciphertext data, and does not need to specify a specific plaintext calculation function or ciphertext calculation function. Therefore, the learning cost of the user for learning the plaintext calculation function library and the ciphertext calculation function library can be reduced. In addition, the clear text and ciphertext mixed computing system can automatically select the target computing function and the corresponding execution end which accord with the privacy type according to the privacy type of the computing data, can avoid the situation that a user is unfamiliar with two computing function libraries to cause selection of a wrong function library, can ensure the privacy safety of the data, and can also ensure the computing efficiency of a computing task.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments of the present invention will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without inventive labor.
FIG. 1 is a flow chart of the steps of one data processing method embodiment of the present invention;
FIG. 2 is a block diagram of an embodiment of a data processing apparatus according to the present invention;
FIG. 3 is a block diagram of an apparatus 800 for data processing of the present invention;
fig. 4 is a schematic diagram of a server in some embodiments of the invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Method embodiment
Referring to fig. 1, a flowchart illustrating steps of an embodiment of a data processing method according to the present invention is shown, where the method is applicable to a plaintext/ciphertext hybrid computing system, and the method specifically includes the following steps:
step 101, receiving a calculation task, wherein the calculation task comprises a general calculation function;
step 102, determining a privacy type of calculation data participating in the general calculation function, wherein the privacy type comprises a plaintext type or a ciphertext type, and the calculation data conforms to a predefined general data type;
103, determining a target calculation function according with the privacy type and an execution end corresponding to the target calculation function according with the privacy type, wherein the target calculation function comprises a plaintext calculation function or a ciphertext calculation function;
and 104, executing the target calculation function through the execution end.
The data processing method provided by the invention can be applied to a plain text and ciphertext hybrid computing system. The plaintext and ciphertext mixed computing system can comprise a plaintext computing end (plaintext end for short) and a ciphertext computing end (ciphertext end for short). Optionally, the plaintext-ciphertext hybrid computing system may include at least one ciphertext end and at least one plaintext end of a participant. The participants may be data owners and may be used to provide computing data for multi-party secure computing. It should be noted that, the number of the participants is not limited in the embodiment of the present invention.
Further, the plaintext and ciphertext hybrid computing system may be a multi-party secure computing system, and the embodiment of the present invention does not limit the secure computing protocol used by the multi-party secure computing system. For example, the Multi-party Secure computing system may be based on an MPC (Multi-party Secure computing) protocol, in the Multi-party Secure computing system based on the MPC protocol, multiple computing participants may perform collaborative computing using a Multi-party Secure computing technique to obtain a computing result without leaking their own data, and the data participating in the computing, the intermediate results, and the final result may be ciphertext. Of course, the multi-party secure computing system may also be a multi-party secure computing protocol implemented based on techniques such as secret sharing, semi-homomorphism, and oblivious transmission.
The plaintext-ciphertext hybrid computing system may be used to perform a computing task, which may be a multiparty secure computing task that includes a plaintext computation and a plaintext computation. The computational task may be any type of computation including, but not limited to, data cleansing, computation, analysis, model training, storage, database queries, federated learning, logistic regression, Xgboost, federated statistics, covert queries, privacy intersection, and the like.
The embodiment of the invention uniformly encapsulates the data types of the plaintext data and the ciphertext data, defines the general data type, has no difference in declaration, definition and using methods of the plaintext data and the ciphertext data for users, and ensures that the users do not need to sense whether the calculation data is the plaintext data or the ciphertext data.
In an alternative embodiment of the present invention, the generic data types may include, but are not limited to, any of the following: a general scalar data type, a general array data type, a general table data type.
The general scalar data type refers to a scalar data type which is general to plaintext data and ciphertext data. A variable of a scalar data type has only one value and no component inside. Scalar data types include numeric, character, date, and boolean types. The common array data type refers to an array data type common to plaintext data and ciphertext data. The array is an ordered sequence of elements. The common table data type refers to a table data type common to plaintext data and ciphertext data. A table consists of one or more rows of cells for displaying numbers and other items for quick reference and analysis. The entries in the table are organized into rows and columns.
In actual calculation, the general scalar data type, the general array data type and the general table data type can be mutually converted. For example, the result of summing the data of a generic array data type is a generic scalar data type. For another example, a row or a column is taken from the data of the general table data type, and the result is the general array data type, and so on.
In addition, the embodiment of the invention defines a general computation function, and when the general computation function is executed by the bright and ciphertext hybrid computation system, the target computation function conforming to the privacy type and the execution end corresponding to the target computation function can be automatically selected according to the privacy type of the computation data of the general computation function, so that the target computation function can be executed through the execution end. Wherein the privacy type is used to indicate whether the calculation data is plaintext data or ciphertext data. For example, the privacy type is a plaintext type, which means that the calculation data is plaintext data; the privacy type is a cipher text type, and represents that the calculation data is cipher text data.
In one example, the summation needs to be performed on each element in the array a, and the elements in the array a are all plaintext data, an array summation function in the plaintext calculation function library numpy needs to be called, for example, numpy. In another example, the summation needs to be performed on each element in the array B, and the elements in the array B are all ciphertext data, and then an array summation function in the ciphertext computation function library pnumpy needs to be called, for example, pnumpy. This requires that the user needs to perceive whether the array a and the array B are plaintext data or ciphertext data, and then selects a corresponding calculation function in the calculation function library, which not only has a high learning cost, but also is prone to error.
In order to solve the problem, the embodiment of the invention defines a general calculation function, that is, provides a function interface general for plaintext data and ciphertext data, so that when a user uses calculation data of a general data type to perform calculation, the user only needs to specify the corresponding general calculation function according to specific calculation, and does not need to call a plaintext calculation function library or a calculation function in the plaintext calculation function library. And a bottom system selects a proper plaintext calculation function or a proper ciphertext calculation function for calculation according to the privacy type of the calculation data, so that the calculation requirements of users are met. For example, in the above example, both array a and array B may be defined as a general array data type, without distinguishing between a ciphertext array and a plaintext array. When the summation of each element is carried out on the array A of the general array data type, only a general calculation function needs to be called, and the summation calculation can be carried out on each element in the array A if A.sum () is called. Similarly, when summing the array B of the general array data type, calling B.sum () can perform summation calculation on each element in the array B.
The embodiment of the invention defines the data type common to the plaintext data and the calculation function common to the plaintext data and the plaintext data. The plaintext and ciphertext mixed computing system can receive a computing task issued by a user, wherein the computing task comprises a general computing function to be executed, and computing data of the general computing function conforms to a predefined general data type. And the clear text and ciphertext mixed computing system automatically determines a target computing function conforming to the privacy type and an execution end corresponding to the target computing function according to the privacy type of the computing data, and executes the target computing function through the execution end.
Further, the executing end may include a plaintext end or a ciphertext end, and the executing the target calculation function by the executing end may include:
calling the plaintext calculation function through the plaintext end to perform plaintext calculation on the calculation data of the plaintext type; or
And calling the ciphertext calculation function through the ciphertext end to perform ciphertext calculation on the calculation data of the ciphertext type.
For example, in the above example, when the plaintext and ciphertext mixing computing system executes a.sum (), and recognizes that the privacy type of the array a is the plaintext type, the plaintext computing function numpy.sum (a) is automatically selected, and plaintext computing is performed at the plaintext end. When the plaintext and ciphertext mixed computing system executes the B.sum (), the privacy type of the array B is identified to be the ciphertext type, and then a ciphertext computing function pnumpy.sum (B) is automatically selected, and ciphertext computing is carried out at a ciphertext end.
It should be noted that the plaintext end and/or the ciphertext end may be independent physical servers, may also be a server cluster or a distributed system formed by a plurality of physical servers, and may also be a cloud server that provides basic cloud computing services such as cloud service, a cloud database, cloud computing, a cloud function, cloud storage, Network service, cloud communication, middleware service, domain name service, security service, CDN (Content Delivery Network), big data, and an artificial intelligence platform. The embodiment of the invention does not limit the specific types of the plaintext terminal and the ciphertext terminal.
The plaintext-ciphertext hybrid computing system may comprise at least one ciphertext side and at least one plaintext side. In one example, the participants of the computing task include participant 1, participant 2, and participant 3, and the execution ends that may participate in the computing process include the plaintext end of participant 1, the plaintext end of participant 2, the plaintext end of participant 3, and the ciphertext end.
The clear text end may be the clear text end of the participant. Further, the plaintext terminal may further include a single plaintext terminal or a multi-party plaintext terminal. The multi-party cleartext end may include cleartext ends of all participants or cleartext ends of some of all participants. That is, for a certain target computation function, the execution end of the target computation function may include one of a single plaintext end, a multi-party plaintext end, and a ciphertext end.
The execution end is a single-party plaintext end, which means that calculation is executed at the plaintext end of a certain participant. The execution end is a multi-party plaintext end, which means that the calculation is executed at the plaintext ends of a plurality of participants at the same time. The execution end is a ciphertext end, which means that the calculation is executed at the ciphertext end based on the existing multi-party secure calculation technology.
The embodiment of the invention takes the principle of simultaneously ensuring the calculation efficiency and the data privacy safety as the principle when determining the target calculation function and the execution end corresponding to the target calculation function. For example, on the basis of ensuring the data privacy and safety, as many calculations as possible are placed at the plaintext end to improve the overall calculation efficiency.
In the whole calculation process, a user does not need to perceive whether the calculation data is plaintext data or ciphertext data, and does not need to specify a specific plaintext calculation function or ciphertext calculation function. Therefore, the learning cost of the user for learning the plaintext calculation function library and the ciphertext calculation function library can be reduced. Meanwhile, the clear text and ciphertext mixed computing system automatically selects the target computing function according to the privacy type of the computing data, so that the condition that a user is unfamiliar with two computing function libraries to select a wrong function library can be avoided, the privacy safety of the data can be ensured, and the computing efficiency can be ensured.
In an optional embodiment of the present invention, the general computation function may include at least two pieces of computation data, and the determining, according to the privacy type, a target computation function that conforms to the privacy type and an execution end corresponding to the target computation function may include:
step S11, obtaining the privacy type and attribution information of each calculation data in the at least two calculation data;
step S12, if the privacy types of the at least two calculation data are determined to be plaintext types and each calculation data belongs to different participants, converting the privacy type of each calculation data in the at least two calculation data into a ciphertext type;
step S13, determining that the target calculation function is a ciphertext calculation function, and determining that the execution end of the target calculation function is a ciphertext end.
The attribution information is used to indicate to which party the computing data belongs, and may be indicated by a party identifier, for example.
In the above example, when the plaintext cipher text hybrid computing system executes a.sum (), it is recognized that the privacy type of the array a is the plaintext type, and the attribution information of the array a is the participant 1, and then the plaintext computing function numpy.sum (a) may be automatically selected, and plaintext computing may be performed at the plaintext side of the participant 1.
In another example, c = a + b needs to be calculated, and the privacy types of the data a and b are both plaintext types, that is, the data a and b are both plaintext data; however, data a is attributed to party 1 and data b is attributed to party 2. In order to avoid revealing the data privacy of the participants, the plaintext and ciphertext mixed computing system can automatically encrypt the data a and the data b, and convert the data a and the data b into ciphertext data, namely, convert the privacy types of the data a and the data b from plaintext types into ciphertext types. Then, c = a + b is calculated based on the ciphertext. Therefore, it is possible to determine the target calculation function as the ciphertext calculation function and determine the execution end of the target calculation function as the ciphertext end.
In the embodiment of the invention, when the plaintext and ciphertext mixed computing system executes a computing task, computing data can be implicitly converted from plaintext data into ciphertext data, so that the privacy and the safety of the data in the computing process are ensured.
In actual calculation, in some situations, for example, when a calculation result of a plaintext needs to be returned; or some calculations need to be performed on the plaintext side to achieve efficiency improvement, there is a need to convert ciphertext data into plaintext data. Because the ciphertext data is converted into the plaintext data, the risk of data leakage may exist, so that the embodiment of the invention provides an interface for converting the ciphertext data into the plaintext data, and the ciphertext data is converted into the plaintext data in a display calling mode, so that the calculation task can be safely checked.
In an optional embodiment of the present invention, the computing task may further include a first conversion instruction for the first data, and the method may further include:
and when the first conversion instruction is executed, converting the privacy type of the first data into a plaintext type.
The first conversion instruction is used for displaying and calling an interface for converting the ciphertext data into the plaintext data, and converting the first data into the plaintext data.
In one example, the interface that converts ciphertext data to plaintext data is a reveal function. Assuming that the first data is ciphertext data d1, the first conversion instruction may be d1. current (). When the plaintext/ciphertext hybrid computing system executes to d1. derived (), the privacy type of the first data d1 is converted into the plaintext type, that is, the data d1 is decrypted, and the data d1 is converted from the ciphertext data into the plaintext data.
In an optional embodiment of the invention, the method may further comprise:
sending the first data converted into the plaintext type as result data to a result receiver appointed by the first conversion instruction; or
And sending the first data converted into the plaintext type as calculation data to a plaintext end appointed by the first conversion instruction for calculation.
In an embodiment of the present invention, the first data is data to be converted into a plaintext type. The first data may be result data that needs to be sent to a designated result receiving party, or the first data may be calculation data that needs to be sent to a designated plaintext side to participate in calculation.
In one example, assume that p = m + n needs to be calculated. Where data m and n are both ciphertext data, but both m and n belong to party 1. To improve the computational efficiency, a reveal function may be called to convert the data m and n into plaintext data, and the calculation of p = m + n is performed at the plaintext side of the participant 1. In this example, the first data includes m and n, and the designated plaintext end is the plaintext end of participant 1.
In an optional embodiment of the present invention, the computing task may further include a second conversion instruction for second data, and the method may further include:
and when the second conversion instruction is executed, converting the privacy type of the second data into a ciphertext type.
The embodiment of the invention also provides an interface for converting the plaintext data into the ciphertext data. The second conversion instruction is used for displaying and calling an interface for converting plaintext data into ciphertext data, and converting second data into ciphertext data.
In one example, the interface that converts plaintext data into ciphertext data is a to _ fuse function. Assuming that the second data is plaintext data d2, the second conversion instruction may be d2. When the d2.to _ fuse () is executed, the plaintext/ciphertext hybrid computing system converts the privacy type of the second data d2 into the ciphertext type, that is, encrypts the data d2, and converts the data d2 from plaintext data into ciphertext data.
In the embodiment of the invention, the plaintext and ciphertext mixed computing system can implicitly convert plaintext data into ciphertext data according to actual computing requirements so as to ensure the privacy and safety of the data. In addition, in order to ensure that data privacy is not leaked, an interface for converting plaintext data into ciphertext data can be called, and the plaintext data can be converted into the ciphertext data.
In an optional embodiment of the invention, the method may further comprise:
sending the second data converted into the ciphertext type as result data to a result receiver appointed by the second conversion instruction; or
And sending the second data converted into the ciphertext type as calculation data to a ciphertext end appointed by the second conversion instruction for calculation.
In this embodiment of the present invention, the second data is data to be converted into a ciphertext type. The second data may be result data which needs to be sent to a designated result receiving party, or the second data may be calculation data which needs to be sent to a designated ciphertext end to participate in calculation.
In an optional embodiment of the invention, the method may further comprise:
step S21, respectively performing security audit on the codes of the computing task through each participant of the computing task;
step S22, for any participant, when the participant determines that code segments leaking self data exist in the codes of the computing task, refusing to participate in executing the computing task, and sending prompt information.
The embodiment of the invention provides an interface for converting ciphertext data into plaintext data, and the ciphertext data can be converted into the plaintext data by calling a reveal function. When data is converted from a ciphertext type to a plaintext type, a risk of data privacy disclosure may be brought about. In order to avoid the occurrence of data privacy leakage caused by unreasonable reveal function call, each participant of the computing task respectively performs security audit on the code of the computing task, and when any participant detects that the code of the computing task has a risk of leaking data of the participant, the participant can refuse to participate in executing the computing task.
In one example, c = a + b needs to be calculated in a certain calculation task, where data a belongs to party 1, data b belongs to party 2, and a, b, and c are all ciphertext data. If the code segment d = c.recent (), is also included in the calculation task, and the participant 2 can obtain the decrypted d, the participant 2 can reversely deduce the plaintext data of a according to a = c-b. Thus, data a of party 1 is exposed to party 2, and data a of party 1 risks privacy disclosure.
In the process of performing security audit on the code of the computing task, the participant 1 detects that the code segment d = c. reveal () leaks self data, and the participant 1 can refuse to participate in executing the computing task and send prompt information to prompt a user to modify the code of the computing task, so that the code of the computing task meets the security specification.
In another example, data A, B, C data pertains to participant 1, participant 2, and participant 3, respectively. For calculation task D = a.sum () + b.sum () + c.sum (). Even if D is converted into plaintext and sent to any participant, each participant can execute the calculation task after safety audit to determine that the conversion does not cause the risk of privacy leakage of data of the participant.
The calculation process of the present invention is illustrated by a specific application example. The calculation task is assumed to be a statistical analysis of the tabular data of the two parties. In this example, the raw code for the computing task is as follows:
import ppandas
df1= ppandas.read_csv(input_path1)
df2= ppandas.read_csv(input_path2)
join_df=df1.merge(df2, on='id', how='inner')
result=join_df['assets_1', 'assets_2'].sum()
result.save(output_path)
the ppandas is a predefined general calculation function library, and the ppandas contains plaintext data and a general calculation function for the plaintext data.
Line 1 shows referencing the generic computation function library ppandas.
Lines 2 and 3 indicate that general table data df1 and df2 are read from paths input _ path1 and input _ path2, respectively, using the general computation function read _ csv in ppandas. Wherein the general table data df1 includes two columns of 'id' and 'assets _ 1'; the general table data df2 includes two columns of 'id' and 'assets _ 2'. Here the user does not need to perceive df1 and df2 as being specifically plaintext data or ciphertext data.
If the user is not sure if df1 and df2 are ciphertext data and worry about the risk of privacy leakage in the following calculations, line 2 and line 3 in the above original code may be replaced with the following statements:
df1= ppandas.read_csv(input_path1). to_fuse ()
df2= ppandas.read_csv(input_path2). to_fuse ()
the replaced lines 2 and 3 represent that, regardless of whether df1 and df2 are ciphertext data, df1 and df2 are converted into ciphertext data by calling a to _ fuse () function to ensure that df1 and df2 are ciphertext data.
Line 4 shows that the general calculation function merge is used to merge general table data df1 and df2 according to the 'id' column to obtain new general table data join _ df.
Row 5 indicates that the sum of values in the 'assets _ 1' column and the 'assets _ 2' column in the general-purpose table data join _ df is counted, and the result is saved into the general-purpose scalar data result.
To improve the computational efficiency, line 4 of the original code can be replaced by the following statements:
join_df=df1.merge(df2, on='id', how='inner').reveal()
line 4 after the substitution indicates that join _ df is converted from ciphertext data to plaintext data attributed to both participants. Then, the calculation of the 5 th row can sum two columns at the plaintext ends of the two participants respectively, and then perform ciphertext summation on the two results, so that the improvement in calculation efficiency can be obtained compared with the case that the two columns are summed respectively based on the ciphertext and then the two results are subjected to ciphertext summation.
Line 6 shows that the generic scalar data result is saved to path output _ path using the generic computation function save.
Furthermore, the save function can also be used as an interface for converting ciphertext data into plaintext data, and converts the ciphertext data into plaintext data at the end where output _ path is located.
In summary, the embodiment of the present invention defines the data type common to the plaintext data and the plaintext data, and the calculation function common to the plaintext data and the plaintext data in the plaintext and ciphertext hybrid calculation system. The plaintext and ciphertext mixed computing system can receive a computing task issued by a user, wherein the computing task comprises a general computing function to be executed, and computing data of the general computing function conforms to a predefined general data type. And the clear text and ciphertext mixed computing system automatically determines a target computing function conforming to the privacy type and an execution end corresponding to the target computing function according to the privacy type of the computing data, and executes the target computing function through the execution end. In the whole calculation process, a user does not need to perceive whether the calculation data is plaintext data or ciphertext data, and does not need to specify a specific plaintext calculation function or ciphertext calculation function. Therefore, the learning cost of the user for learning the plaintext calculation function library and the ciphertext calculation function library can be reduced. In addition, the clear text and ciphertext mixed computing system can automatically select the target computing function and the corresponding execution end which accord with the privacy type according to the privacy type of the computing data, can avoid the situation that a user is unfamiliar with two computing function libraries to cause selection of a wrong function library, can ensure the privacy safety of the data, and can also ensure the computing efficiency of a computing task.
It should be noted that, for simplicity of description, the method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present invention is not limited by the illustrated order of acts, as some steps may occur in other orders or concurrently in accordance with the embodiments of the present invention. Further, those skilled in the art will appreciate that the embodiments described in the specification are presently preferred and that no particular act is required to implement the invention.
Device embodiment
Referring to fig. 2, a block diagram of an embodiment of a data processing apparatus according to the present invention is shown, where the apparatus is applicable to a plaintext/ciphertext hybrid computing system, and the apparatus may specifically include:
a task receiving module 201, configured to receive a computing task, where the computing task includes a general computing function;
a type determining module 202, configured to determine a privacy type of computation data participating in the generic computation function, where the privacy type includes a plaintext type or a ciphertext type, and the computation data conforms to a predefined generic data type;
a target determining module 203, configured to determine, according to the privacy type, a target calculation function that meets the privacy type and an execution end corresponding to the target calculation function, where the target calculation function includes a plaintext calculation function or a ciphertext calculation function;
and the task execution module 204 is configured to execute the target computing function through the execution end.
Optionally, the execution end includes a plaintext end or a ciphertext end, and the task execution module includes:
the first execution submodule is used for calling the plaintext calculation function through the plaintext terminal and carrying out plaintext calculation on the calculation data of the plaintext type; or
And the second execution submodule is used for calling the ciphertext calculation function through the ciphertext end to perform ciphertext calculation on the calculation data of the ciphertext type.
Optionally, the computing task further includes a first conversion instruction for the first data, and the apparatus further includes:
and the first conversion module is used for converting the privacy type of the first data into a plaintext type when the first conversion instruction is executed.
Optionally, the apparatus further comprises:
the first sending module is used for sending the first data converted into the plaintext type as result data to a result receiver appointed by the first conversion instruction; or
And the second sending module is used for sending the first data converted into the plaintext type as calculation data to a plaintext end appointed by the first conversion instruction for calculation.
Optionally, the apparatus further comprises:
the safety auditing module is used for respectively carrying out safety auditing on codes of the computing task through each participant of the computing task;
and the task rejection module is used for rejecting any participant to participate in executing the computing task and sending prompt information when the participant determines that code segments which leak own data exist in the codes of the computing task.
Optionally, the computing task further includes a second conversion instruction for second data, and the apparatus further includes:
and the second conversion module is used for converting the privacy type of the second data into the ciphertext type when the second conversion instruction is executed.
Optionally, the apparatus further comprises:
the third sending module is used for sending the second data converted into the ciphertext type as result data to a result receiver appointed by the second conversion instruction; or
And the fourth sending module is used for sending the second data converted into the ciphertext type as calculation data to the ciphertext end appointed by the second conversion instruction for calculation.
Optionally, the generic computation function includes at least two computation data, and the target determination module includes:
the information acquisition submodule is used for acquiring the privacy type and the attribution information of each piece of calculation data in the at least two pieces of calculation data;
the data conversion sub-module is used for converting the privacy type of each piece of calculation data in the at least two pieces of calculation data into a ciphertext type if the privacy types of the at least two pieces of calculation data are determined to be plaintext types and each piece of calculation data belongs to different participants;
and the target determining submodule is used for determining the target calculation function as a ciphertext calculation function and determining the execution end of the target calculation function as a ciphertext end.
Optionally, the generic data type includes any one of: a general scalar data type, a general array data type, a general table data type.
Optionally, the execution end includes one of a single plaintext end, a multi-party plaintext end, and a ciphertext end.
The embodiment of the invention defines the data type common to the plaintext data and the calculation function common to the plaintext data and the plaintext data in the plaintext and ciphertext mixed calculation system. The plaintext and ciphertext mixed computing system can receive a computing task issued by a user, wherein the computing task comprises a general computing function to be executed, and computing data of the general computing function conforms to a predefined general data type. And the clear text and ciphertext mixed computing system automatically determines a target computing function conforming to the privacy type and an execution end corresponding to the target computing function according to the privacy type of the computing data, and executes the target computing function through the execution end. In the whole calculation process, a user does not need to perceive whether the calculation data is plaintext data or ciphertext data, and does not need to specify a specific plaintext calculation function or ciphertext calculation function. Therefore, the learning cost of the user for learning the plaintext calculation function library and the ciphertext calculation function library can be reduced. In addition, the clear text and ciphertext mixed computing system can automatically select the target computing function and the corresponding execution end which accord with the privacy type according to the privacy type of the computing data, can avoid the situation that a user is unfamiliar with two computing function libraries to cause selection of a wrong function library, can ensure the privacy safety of the data, and can also ensure the computing efficiency of a computing task.
For the device embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, refer to the partial description of the method embodiment.
The embodiments in the present specification are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.
With regard to the apparatus in the above-described embodiment, the specific manner in which each module performs the operation has been described in detail in the embodiment related to the method, and will not be elaborated here.
The embodiment of the invention provides a device for data processing, which is applied to a plaintext and ciphertext hybrid computing system, and comprises a memory and more than one program, wherein the more than one program is stored in the memory, and the more than one program is configured to be executed by more than one processor and comprises instructions for:
receiving a computing task, wherein the computing task comprises a general computing function;
determining a privacy type of the calculation data participating in the general calculation function, wherein the privacy type comprises a plaintext type or a ciphertext type, and the calculation data conforms to a predefined general data type;
according to the privacy type, determining a target calculation function which accords with the privacy type and an execution end corresponding to the target calculation function, wherein the target calculation function comprises a plaintext calculation function or a ciphertext calculation function;
and executing the target calculation function through the execution end.
Optionally, the executing end includes a plaintext end or a ciphertext end, and the executing end executes the target computation function, including:
calling the plaintext calculation function through the plaintext end to perform plaintext calculation on the calculation data of the plaintext type; or
And calling the ciphertext calculation function through the ciphertext end to perform ciphertext calculation on the calculation data of the ciphertext type.
Optionally, also included in the computing task is a first transformation instruction for first data, the device also configured to execute, by one or more processors, the one or more programs including instructions for:
and when the first conversion instruction is executed, converting the privacy type of the first data into a plaintext type.
Optionally, the device is also configured to execute the one or more programs by one or more processors including instructions for:
sending the first data converted into the plaintext type as result data to a result receiver appointed by the first conversion instruction; or
And sending the first data converted into the plaintext type as calculation data to a plaintext end appointed by the first conversion instruction for calculation.
Optionally, the device is also configured to execute the one or more programs by one or more processors including instructions for:
respectively performing security audit on codes of the computing task through each participant of the computing task;
and for any participant, when the participant determines that code segments which leak self data exist in the codes of the computing task, refusing to participate in executing the computing task, and sending prompt information.
Optionally, the computing task further includes a second conversion instruction for second data, and the method further includes:
and when the second conversion instruction is executed, converting the privacy type of the second data into a ciphertext type.
Optionally, the device is also configured to execute the one or more programs by one or more processors including instructions for:
sending the second data converted into the ciphertext type as result data to a result receiver appointed by the second conversion instruction; or
And sending the second data converted into the ciphertext type as calculation data to a ciphertext end appointed by the second conversion instruction for calculation.
Optionally, the general computation function includes at least two pieces of computation data, and determining, according to the privacy type, a target computation function that conforms to the privacy type and an execution end corresponding to the target computation function includes:
obtaining the privacy type and attribution information of each piece of calculation data in the at least two pieces of calculation data;
if the privacy types of the at least two pieces of calculation data are determined to be plaintext types and each piece of calculation data belongs to different participants, converting the privacy type of each piece of calculation data in the at least two pieces of calculation data into a ciphertext type;
and determining that the target calculation function is a ciphertext calculation function, and determining that the execution end of the target calculation function is a ciphertext end.
Optionally, the generic data type includes any one of: a general scalar data type, a general array data type, a general table data type.
Optionally, the execution end includes one of a single plaintext end, a multi-party plaintext end, and a ciphertext end.
Fig. 3 is a block diagram illustrating an apparatus 800 for data processing in accordance with an example embodiment. For example, the apparatus 800 may be a mobile phone, a computer, a digital broadcast terminal, a messaging device, a game console, a tablet device, a medical device, an exercise device, a personal digital assistant, and the like.
Referring to fig. 3, the apparatus 800 may include one or more of the following components: processing component 802, memory 804, power component 806, multimedia component 808, audio component 810, input/output (I/O) interface 812, sensor component 814, and communication component 816.
The processing component 802 generally controls overall operation of the device 800, such as operations associated with display, telephone calls, data communications, camera operations, and recording operations. The processing elements 802 may include one or more processors 820 to execute instructions to perform all or a portion of the steps of the methods described above. Further, the processing component 802 can include one or more modules that facilitate interaction between the processing component 802 and other components. For example, the processing component 802 can include a multimedia module to facilitate interaction between the multimedia component 808 and the processing component 802.
The memory 804 is configured to store various types of data to support operation at the device 800. Examples of such data include instructions for any application or method operating on device 800, contact data, phonebook data, messages, pictures, videos, and so forth. The memory 804 may be implemented by any type or combination of volatile or non-volatile memory devices such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disks.
Power components 806 provide power to the various components of device 800. The power components 806 may include a power management system, one or more power supplies, and other components associated with generating, managing, and distributing power for the apparatus 800.
The multimedia component 808 includes a screen that provides an output interface between the device 800 and a user. In some embodiments, the screen may include a Liquid Crystal Display (LCD) and a Touch Panel (TP). If the screen includes a touch panel, the screen may be implemented as a touch screen to receive an input signal from a user. The touch panel includes one or more touch sensors to sense touch, slide, and gestures on the touch panel. The touch sensor may not only sense the boundary of a touch or slide action, but also detect the duration and pressure associated with the touch or slide operation. In some embodiments, the multimedia component 808 includes a front facing camera and/or a rear facing camera. The front-facing camera and/or the rear-facing camera may receive external multimedia data when the device 800 is in an operating mode, such as a shooting mode or a video mode. Each front camera and rear camera may be a fixed optical lens system or have a focal length and optical zoom capability.
The audio component 810 is configured to output and/or input audio signals. For example, the audio component 810 includes a Microphone (MIC) configured to receive external audio signals when the apparatus 800 is in an operational mode, such as a call mode, a recording mode, and a voice information processing mode. The received audio signals may further be stored in the memory 804 or transmitted via the communication component 816. In some embodiments, audio component 810 also includes a speaker for outputting audio signals.
The I/O interface 812 provides an interface between the processing component 802 and peripheral interface modules, which may be keyboards, click wheels, buttons, etc. These buttons may include, but are not limited to: a home button, a volume button, a start button, and a lock button.
The sensor assembly 814 includes one or more sensors for providing various aspects of state assessment for the device 800. For example, the sensor assembly 814 may detect the open/closed state of the device 800, the relative positioning of the components, such as a display and keypad of the apparatus 800, the sensor assembly 814 may also detect a change in position of the apparatus 800 or a component of the apparatus 800, the presence or absence of user contact with the apparatus 800, orientation or acceleration/deceleration of the apparatus 800, and a change in temperature of the apparatus 800. Sensor assembly 814 may include a proximity sensor configured to detect the presence of a nearby object without any physical contact. The sensor assembly 814 may also include a light sensor, such as a CMOS or CCD image sensor, for use in imaging applications. In some embodiments, the sensor assembly 814 may also include an acceleration sensor, a gyroscope sensor, a magnetic sensor, a pressure sensor, or a temperature sensor.
The communication component 816 is configured to facilitate communications between the apparatus 800 and other devices in a wired or wireless manner. The device 800 may access a wireless network based on a communication standard, such as WiFi, 2G or 3G, or a combination thereof. In an exemplary embodiment, the communication component 816 receives a broadcast signal or broadcast related information from an external broadcast management system via a broadcast channel. In an exemplary embodiment, the communication component 816 further includes a Near Field Communication (NFC) module to facilitate short-range communications. For example, the NFC module may be implemented based on radio frequency information processing (RFID) technology, infrared data association (IrDA) technology, Ultra Wideband (UWB) technology, Bluetooth (BT) technology, and other technologies.
In an exemplary embodiment, the apparatus 800 may be implemented by one or more Application Specific Integrated Circuits (ASICs), Digital Signal Processors (DSPs), Digital Signal Processing Devices (DSPDs), Programmable Logic Devices (PLDs), Field Programmable Gate Arrays (FPGAs), controllers, micro-controllers, microprocessors or other electronic components for performing the above-described methods.
In an exemplary embodiment, a non-transitory computer-readable storage medium comprising instructions, such as the memory 804 comprising instructions, executable by the processor 820 of the device 800 to perform the above-described method is also provided. For example, the non-transitory computer readable storage medium may be a ROM, a Random Access Memory (RAM), a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and the like.
Fig. 4 is a schematic diagram of a server in some embodiments of the invention. The server 1900 may vary widely by configuration or performance and may include one or more Central Processing Units (CPUs) 1922 (e.g., one or more processors) and memory 1932, one or more storage media 1930 (e.g., one or more mass storage devices) storing applications 1942 or data 1944. Memory 1932 and storage medium 1930 can be, among other things, transient or persistent storage. The program stored in the storage medium 1930 may include one or more modules (not shown), each of which may include a series of instructions operating on a server. Still further, a central processor 1922 may be provided in communication with the storage medium 1930 to execute a series of instruction operations in the storage medium 1930 on the server 1900.
The server 1900 may also include one or more power supplies 1926, one or more wired or wireless network interfaces 1950, one or more input-output interfaces 1958, one or more keyboards 1956, and/or one or more operating systems 1941, such as Windows Server, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM, etc.
A non-transitory computer-readable storage medium in which instructions, when executed by a processor of an apparatus (server or terminal), enable the apparatus to perform the data processing method shown in fig. 1.
A non-transitory computer readable storage medium in which instructions, when executed by a processor of an apparatus (server or terminal), enable the apparatus to perform a data processing method, the method comprising: receiving a computing task, wherein the computing task comprises a general computing function; determining a privacy type of the calculation data participating in the general calculation function, wherein the privacy type comprises a plaintext type or a ciphertext type, and the calculation data conforms to a predefined general data type; according to the privacy type, determining a target calculation function which accords with the privacy type and an execution end corresponding to the target calculation function, wherein the target calculation function comprises a plaintext calculation function or a ciphertext calculation function; and executing the target calculation function through the execution end.
Other embodiments of the invention will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This invention is intended to cover any variations, uses, or adaptations of the invention following, in general, the principles of the invention and including such departures from the present disclosure as come within known or customary practice within the art to which the invention pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the invention being indicated by the following claims.
It will be understood that the invention is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the invention is limited only by the appended claims.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.
The data processing method, the data processing apparatus and the apparatus for data processing provided by the present invention are described in detail above, and specific examples are applied herein to illustrate the principles and embodiments of the present invention, and the description of the above embodiments is only used to help understand the method and the core idea of the present invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.

Claims (22)

1. A data processing method is applied to a plain text and ciphertext hybrid computing system, and comprises the following steps:
receiving a computing task, wherein the computing task comprises a general computing function; the general calculation function is used for providing a general function interface for plaintext data and ciphertext data;
determining a privacy type of the calculation data participating in the general calculation function, wherein the privacy type comprises a plaintext type or a ciphertext type, and the calculation data conforms to a predefined general data type;
according to the privacy type, determining a target calculation function which accords with the privacy type and an execution end corresponding to the target calculation function, wherein the target calculation function comprises a plaintext calculation function or a ciphertext calculation function;
and executing the target calculation function through the execution end.
2. The method of claim 1, wherein the execution end comprises a plaintext end or a ciphertext end, and wherein executing the target computation function by the execution end comprises:
calling the plaintext calculation function through the plaintext end to perform plaintext calculation on the calculation data of the plaintext type; or
And calling the ciphertext calculation function through the ciphertext end to perform ciphertext calculation on the calculation data of the ciphertext type.
3. The method of claim 1, further comprising a first transformation instruction for the first data in the computing task, the method further comprising:
and when the first conversion instruction is executed, converting the privacy type of the first data into a plaintext type.
4. The method of claim 3, further comprising:
sending the first data converted into the plaintext type as result data to a result receiver appointed by the first conversion instruction; or
And sending the first data converted into the plaintext type as calculation data to a plaintext end appointed by the first conversion instruction for calculation.
5. The method of claim 1, further comprising:
respectively performing security audit on codes of the computing task through each participant of the computing task;
and for any participant, when the participant determines that code segments which leak self data exist in the codes of the computing task, refusing to participate in executing the computing task, and sending prompt information.
6. The method of claim 1, further comprising a second transformation instruction for second data in the computing task, the method further comprising:
and when the second conversion instruction is executed, converting the privacy type of the second data into a ciphertext type.
7. The method of claim 6, further comprising:
sending the second data converted into the ciphertext type as result data to a result receiver appointed by the second conversion instruction; or
And sending the second data converted into the ciphertext type as calculation data to a ciphertext end appointed by the second conversion instruction for calculation.
8. The method according to claim 1, wherein the generic computation function includes at least two computation data, and the determining, according to the privacy type, a target computation function that conforms to the privacy type and an execution end corresponding to the target computation function includes:
obtaining the privacy type and attribution information of each piece of calculation data in the at least two pieces of calculation data;
if the privacy types of the at least two pieces of calculation data are determined to be plaintext types and each piece of calculation data belongs to different participants, converting the privacy type of each piece of calculation data in the at least two pieces of calculation data into a ciphertext type;
and determining that the target calculation function is a ciphertext calculation function, and determining that the execution end of the target calculation function is a ciphertext end.
9. The method of claim 1, wherein the generic data type comprises any one of: a general scalar data type, a general array data type, a general table data type.
10. The method of claim 1, wherein the executing end comprises one of a single plaintext end, a multi-party plaintext end, and a ciphertext end.
11. A data processing apparatus, applied to a plaintext and ciphertext hybrid computing system, the apparatus comprising:
the task receiving module is used for receiving a computing task, and the computing task comprises a general computing function; the general calculation function is used for providing a general function interface for plaintext data and ciphertext data;
the type determining module is used for determining the privacy type of the computing data participating in the general computing function, the privacy type comprises a plaintext type or a ciphertext type, and the computing data conforms to a predefined general data type;
the target determination module is used for determining a target calculation function which accords with the privacy type and an execution end corresponding to the target calculation function according to the privacy type, wherein the target calculation function comprises a plaintext calculation function or a ciphertext calculation function;
and the task execution module is used for executing the target calculation function through the execution end.
12. The apparatus of claim 11, wherein the execution end comprises a plaintext end or a ciphertext end, and the task execution module comprises:
the first execution submodule is used for calling the plaintext calculation function through the plaintext terminal and carrying out plaintext calculation on the calculation data of the plaintext type; or
And the second execution submodule is used for calling the ciphertext calculation function through the ciphertext end to perform ciphertext calculation on the calculation data of the ciphertext type.
13. The apparatus of claim 11, wherein the computing task further comprises a first conversion instruction for the first data, the apparatus further comprising:
and the first conversion module is used for converting the privacy type of the first data into a plaintext type when the first conversion instruction is executed.
14. The apparatus of claim 13, further comprising:
the first sending module is used for sending the first data converted into the plaintext type as result data to a result receiver appointed by the first conversion instruction; or
And the second sending module is used for sending the first data converted into the plaintext type as calculation data to a plaintext end appointed by the first conversion instruction for calculation.
15. The apparatus of claim 11, further comprising:
the safety auditing module is used for respectively carrying out safety auditing on codes of the computing task through each participant of the computing task;
and the task rejection module is used for rejecting any participant to participate in executing the computing task and sending prompt information when the participant determines that code segments which leak own data exist in the codes of the computing task.
16. The apparatus of claim 11, wherein the computing task further comprises a second conversion instruction for second data, the apparatus further comprising:
and the second conversion module is used for converting the privacy type of the second data into the ciphertext type when the second conversion instruction is executed.
17. The apparatus of claim 16, further comprising:
the third sending module is used for sending the second data converted into the ciphertext type as result data to a result receiver appointed by the second conversion instruction; or
And the fourth sending module is used for sending the second data converted into the ciphertext type as calculation data to the ciphertext end appointed by the second conversion instruction for calculation.
18. The apparatus of claim 11, wherein the generic computation function includes at least two computation data, and wherein the goal determination module includes:
the information acquisition submodule is used for acquiring the privacy type and the attribution information of each piece of calculation data in the at least two pieces of calculation data;
the data conversion sub-module is used for converting the privacy type of each piece of calculation data in the at least two pieces of calculation data into a ciphertext type if the privacy types of the at least two pieces of calculation data are determined to be plaintext types and each piece of calculation data belongs to different participants;
and the target determining submodule is used for determining the target calculation function as a ciphertext calculation function and determining the execution end of the target calculation function as a ciphertext end.
19. The apparatus of claim 11, wherein the generic data type comprises any one of: a general scalar data type, a general array data type, a general table data type.
20. The apparatus of claim 11, wherein the execution end comprises one of a single plaintext end, a multi-party plaintext end, and a ciphertext end.
21. A device for data processing, applied to a plaintext and ciphertext hybrid computing system, the device comprising a memory, and one or more programs, wherein the one or more programs are stored in the memory and configured to be executed by one or more processors, and the one or more programs comprise instructions for performing the data processing method according to any one of claims 1 to 10.
22. A machine-readable medium having stored thereon instructions which, when executed by one or more processors of an apparatus, cause the apparatus to perform a data processing method as claimed in any one of claims 1 to 10.
CN202111001704.7A 2021-08-30 2021-08-30 Data processing method and device and data processing device Active CN113449325B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111001704.7A CN113449325B (en) 2021-08-30 2021-08-30 Data processing method and device and data processing device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111001704.7A CN113449325B (en) 2021-08-30 2021-08-30 Data processing method and device and data processing device

Publications (2)

Publication Number Publication Date
CN113449325A CN113449325A (en) 2021-09-28
CN113449325B true CN113449325B (en) 2021-11-23

Family

ID=77818999

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111001704.7A Active CN113449325B (en) 2021-08-30 2021-08-30 Data processing method and device and data processing device

Country Status (1)

Country Link
CN (1) CN113449325B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113849837B (en) * 2021-09-29 2024-01-02 支付宝(杭州)信息技术有限公司 Training method, device and equipment for security model and data processing method
CN114338021B (en) * 2022-03-15 2022-07-19 阿里云计算有限公司 Ciphertext mixed operation method and device
CN115544550B (en) * 2022-11-22 2023-02-07 华控清交信息科技(北京)有限公司 Data supervision method, system, device and readable storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111949998A (en) * 2020-05-11 2020-11-17 华控清交信息科技(北京)有限公司 Object detection and request method, data processing system, device and storage medium
CN112182644A (en) * 2020-09-11 2021-01-05 华控清交信息科技(北京)有限公司 Data processing method and device and electronic equipment
CN112347486A (en) * 2020-11-30 2021-02-09 山东浪潮商用系统有限公司 Code vulnerability examination method and device for realizing privacy protection and readable medium

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2011013148A1 (en) * 2009-07-28 2011-02-03 Telecom Italia S.P.A. Symmetric-key encryption method and cryptographic system employing the method
CN109241016B (en) * 2018-08-14 2020-07-07 阿里巴巴集团控股有限公司 Multi-party security calculation method and device and electronic equipment

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111949998A (en) * 2020-05-11 2020-11-17 华控清交信息科技(北京)有限公司 Object detection and request method, data processing system, device and storage medium
CN112182644A (en) * 2020-09-11 2021-01-05 华控清交信息科技(北京)有限公司 Data processing method and device and electronic equipment
CN112347486A (en) * 2020-11-30 2021-02-09 山东浪潮商用系统有限公司 Code vulnerability examination method and device for realizing privacy protection and readable medium

Also Published As

Publication number Publication date
CN113449325A (en) 2021-09-28

Similar Documents

Publication Publication Date Title
CN113449325B (en) Data processing method and device and data processing device
CN115396101B (en) Secret sharing based careless disorganizing method and system
CN113392422B (en) Data processing method and device and data processing device
CN115396100B (en) Careless random disorganizing method and system based on secret sharing
CN114840568B (en) Ciphertext sorting method and device and ciphertext sorting device
CN114969830B (en) Privacy intersection method, system and readable storage medium
CN113315631A (en) Data processing method and device and data processing device
CN113094744A (en) Information processing method, service platform, device for information processing and multi-party secure computing system
CN115085912A (en) Ciphertext computing method and device for ciphertext computing
CN112307056A (en) Data processing method and device and data processing device
CN112464257B (en) Data detection method and device for data detection
CN115941181B (en) Out-of-order secret sharing method, system and readable storage medium
CN114885038B (en) Encryption protocol conversion method, result acquisition node and privacy calculation node
CN112685747B (en) Data processing method and device and data processing device
CN114996752A (en) Multiparty privacy intersection method and device and multiparty privacy intersection device
CN112580064B (en) Data processing method and device and data processing device
CN112668036B (en) Data processing method and device and data processing device
CN112468290B (en) Data processing method and device and data processing device
CN114915455A (en) Ciphertext data transmission method and device for ciphertext data transmission
CN112583764B (en) Data processing method and device and data processing device
CN113139205A (en) Secure computing method, general computing engine, device for secure computing and secure computing system
CN112861145A (en) Data processing method and device and data processing device
CN113392421B (en) Data processing method and device and data processing device
CN112711744A (en) Processing method and device for computing task and processing device for computing task
CN112668015B (en) Data processing method and device and data processing device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant