CN114915455A - Ciphertext data transmission method and device for ciphertext data transmission - Google Patents
Ciphertext data transmission method and device for ciphertext data transmission Download PDFInfo
- Publication number
- CN114915455A CN114915455A CN202210434065.1A CN202210434065A CN114915455A CN 114915455 A CN114915455 A CN 114915455A CN 202210434065 A CN202210434065 A CN 202210434065A CN 114915455 A CN114915455 A CN 114915455A
- Authority
- CN
- China
- Prior art keywords
- data
- ciphertext
- ciphertext data
- original
- encryption protocol
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 71
- 230000005540 biological transmission Effects 0.000 title claims abstract description 62
- 238000004806 packaging method and process Methods 0.000 claims abstract description 16
- 230000004927 fusion Effects 0.000 claims description 30
- 238000013500 data storage Methods 0.000 claims description 22
- 238000012545 processing Methods 0.000 claims description 18
- 238000004364 calculation method Methods 0.000 claims description 13
- 230000011218 segmentation Effects 0.000 claims description 3
- 238000004422 calculation algorithm Methods 0.000 abstract description 13
- 230000003993 interaction Effects 0.000 description 15
- 238000004891 communication Methods 0.000 description 12
- 238000010586 diagram Methods 0.000 description 10
- 230000002452 interceptive effect Effects 0.000 description 8
- 230000008569 process Effects 0.000 description 8
- 230000006870 function Effects 0.000 description 7
- 238000005516 engineering process Methods 0.000 description 6
- 238000006243 chemical reaction Methods 0.000 description 4
- 238000004590 computer program Methods 0.000 description 4
- 230000003287 optical effect Effects 0.000 description 4
- 230000005236 sound signal Effects 0.000 description 4
- 239000012634 fragment Substances 0.000 description 3
- 230000001133 acceleration Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 230000010365 information processing Effects 0.000 description 2
- 238000007726 management method Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012549 training Methods 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 230000006978 adaptation Effects 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 238000004140 cleaning Methods 0.000 description 1
- 238000003384 imaging method Methods 0.000 description 1
- 230000000670 limiting effect Effects 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 230000036961 partial effect Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000002085 persistent effect Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 230000002829 reductive effect Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 230000001052 transient effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L47/00—Traffic control in data switching networks
- H04L47/10—Flow control; Congestion control
- H04L47/40—Flow control; Congestion control using split connections
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the invention provides a ciphertext data transmission method and device and a device for ciphertext data transmission. The method comprises the following steps: receiving a ciphertext data packet, wherein the ciphertext data packet is obtained by segmenting original ciphertext data according to a preset size for a data sending node and packaging the segmented data according to a predefined field; the predefined fields include at least: the data identification of the original ciphertext data, the number of data packets corresponding to the original ciphertext data and a ciphertext operation instruction corresponding to the original ciphertext data; judging whether all ciphertext data packets of the original ciphertext data have been received or not according to the data identification and the number of the data packets; and when all the ciphertext data packets of the original ciphertext data are determined to be received, executing a ciphertext operation instruction by using the original ciphertext data to obtain a ciphertext operation result. The embodiment of the invention can realize interconnection and intercommunication of heterogeneous privacy computing platforms and keep the flexibility and expandability of the realization of the respective algorithm of each privacy computing platform.
Description
Technical Field
The invention relates to the field of multi-party secure computing, in particular to a ciphertext data transmission method and device and a device for ciphertext data transmission.
Background
In the big data age, data has become an important strategic resource. However, in consideration of privacy protection, parties grasping data are not willing to share data, a data island phenomenon is formed, and data value is difficult to sufficiently mine.
The privacy computing technology aims to realize fusion computing of a plurality of data parties on the premise of protecting data privacy of a data owner, is beneficial to solving the problem of data island, and is widely concerned and rapidly developed.
Disclosure of Invention
The embodiment of the invention provides a ciphertext data transmission method and device and a ciphertext data transmission device, which can realize interconnection and intercommunication of heterogeneous privacy computing platforms and keep the flexibility and expandability of realization of respective algorithms of the privacy computing platforms.
In a first aspect, an embodiment of the present invention discloses a ciphertext data transmission method, which is applied to a data receiving node, and includes:
receiving a ciphertext data packet, wherein the ciphertext data packet is obtained by segmenting original ciphertext data according to a preset size by a data sending node and packaging the segmented data according to a predefined field; wherein the predefined fields include at least: the data identification of the original ciphertext data, the number of data packets corresponding to the original ciphertext data and a ciphertext operation instruction corresponding to the original ciphertext data;
judging whether all ciphertext data packets of the original ciphertext data have been received or not according to the data identification and the number of the data packets;
and when all the ciphertext data packets of the original ciphertext data are determined to be received, executing the ciphertext operation instruction by using the original ciphertext data to obtain a ciphertext operation result.
In a second aspect, an embodiment of the present invention discloses a ciphertext data transmission method, which is applied to a data sending node, and the method includes:
segmenting original ciphertext data to be transmitted according to a preset size, and packaging the segmented data according to a predefined field to obtain a ciphertext data packet corresponding to the original ciphertext data; wherein the predefined fields include at least: the data identification of the original ciphertext data, the number of data packets corresponding to the original ciphertext data and a ciphertext operation instruction corresponding to the original ciphertext data;
and sending the ciphertext data packet to a data receiving node.
In a third aspect, an embodiment of the present invention discloses a ciphertext data transmission apparatus, which is applied to a data receiving node, and includes:
the data receiving module is used for receiving a ciphertext data packet, the ciphertext data packet is obtained by segmenting original ciphertext data according to a preset size for a data sending node and packaging the segmented data according to a predefined field; wherein the predefined fields include at least: the data identification of the original ciphertext data, the number of data packets corresponding to the original ciphertext data and a ciphertext operation instruction corresponding to the original ciphertext data;
the data judgment module is used for judging whether all ciphertext data packets of the original ciphertext data have been received or not according to the data identification and the number of the data packets;
and the data operation module is used for executing the ciphertext operation instruction by using the original ciphertext data to obtain a ciphertext operation result when determining that all ciphertext data packets of the original ciphertext data have been received.
In a fourth aspect, an embodiment of the present invention discloses a ciphertext data transmission apparatus, which is applied to a data sending node, and includes:
the data segmentation module is used for segmenting original ciphertext data to be transmitted according to a preset size and packaging the segmented data according to a predefined field to obtain a ciphertext data packet corresponding to the original ciphertext data; wherein the predefined fields include at least: the data identification of the original ciphertext data, the number of data packets corresponding to the original ciphertext data and a ciphertext operation instruction corresponding to the original ciphertext data;
and the data sending module is used for sending the ciphertext data packet to a data receiving node.
In a fifth aspect, an embodiment of the present invention discloses an apparatus for ciphertext data transmission, including a memory, and one or more programs, where the one or more programs are stored in the memory and configured to be executed by one or more processors, the one or more programs including instructions for performing one or more of the ciphertext data transmission methods described above.
In a sixth aspect, embodiments of the present invention disclose a machine-readable storage medium having instructions stored thereon, which when executed by one or more processors of an apparatus, cause the apparatus to perform a ciphertext data transmission method as described in one or more of the preceding.
The embodiment of the invention has the following advantages:
the ciphertext data transmission method provided by the embodiment of the invention is used for transmitting ciphertext data based on the ciphertext data packet in the predefined format. And the data transmitting node divides the original ciphertext data to be transmitted according to a preset size, packs the data obtained by division according to a predefined format to obtain a ciphertext data packet in the predefined format and transmits the ciphertext data packet to the data receiving node. And after receiving the ciphertext data packet, the data receiving node judges whether all ciphertext data packets of the original ciphertext data to which the ciphertext data packet belongs are received completely according to the predefined field of the ciphertext data packet, and if the all ciphertext data packets are received completely, the original ciphertext data is used for executing a ciphertext operation instruction to obtain a ciphertext operation result. The data receiving node can also be used as a data sending node, and the ciphertext operation result is sent to the next hop node which needs to be calculated next step according to the method. After receiving the ciphertext data packet, the data receiving node processes and forwards the ciphertext data according to the predefined field carried by the ciphertext data packet without adding extra control logic, so that decoupling of a data plane and a control plane can be realized, and further decoupling of processing and transmission of the ciphertext data and algorithm logic of upper-layer application can be realized. Therefore, ciphertext data interaction among different privacy computing platforms does not need control surface participation, each privacy computing platform can regard other privacy computing platforms as data sources, different multi-party fusion computing task algorithms are flexibly designed and realized, on the basis of ensuring that each privacy computing platform is independent, a plurality of privacy computing platforms can collaboratively complete privacy computing tasks, interconnection and intercommunication of heterogeneous privacy computing platforms are realized, the internal technical architecture and resource scheduling of each privacy computing platform are not limited, and the flexibility and the expandability of algorithm realization of each privacy computing platform are kept.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments of the present invention will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without inventive labor.
FIG. 1 is a flowchart illustrating the steps of an embodiment of a ciphertext data transmission method of the present invention;
FIG. 2 is a block diagram of a multi-party fusion computing system in accordance with an example of the invention;
FIG. 3 is a flowchart illustrating steps of another embodiment of a method for transmitting ciphertext data of the present invention;
fig. 4 is a diagram illustrating an example of the structure of an embodiment of a ciphertext data transmission apparatus of the present invention;
fig. 5 is a diagram showing a configuration example of another embodiment of the ciphertext data transmission apparatus of the present invention;
FIG. 6 is a block diagram of an apparatus 800 for ciphertext data transmission of the present invention;
fig. 7 is a schematic diagram of a server in some embodiments of the invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The terms first, second and the like in the description and in the claims of the present invention are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It will be appreciated that the data so used may be interchanged under appropriate circumstances such that embodiments of the invention may be practiced other than those illustrated or described herein, and that the objects identified as "first," "second," etc. are generally a class of objects and do not limit the number of objects, e.g., a first object may be one or more. Furthermore, the term "and/or" as used in the specification and claims to describe an associative relationship of associated objects means that there may be three relationships, e.g., a and/or B, may mean: a exists alone, A and B exist simultaneously, and B exists alone. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship. The term "plurality" in the embodiments of the present invention means two or more, and other terms are similar thereto.
Referring to fig. 1, a flowchart illustrating steps of an embodiment of a ciphertext data transmission method of the present invention is shown, where the method is applicable to a data receiving node, and the method may include the following steps:
and 103, when all the ciphertext data packets of the original ciphertext data are determined to be received, executing the ciphertext operation instruction by using the original ciphertext data to obtain a ciphertext operation result.
The invention provides a format of a predefined ciphertext data packet, and ciphertext data transmission can be carried out between a data sending node and a data receiving node according to the ciphertext data packet of the predefined format. The ciphertext data packet of the predefined format comprises a predefined field, the predefined field comprising at least: the data identification of the original ciphertext data, the number of data packets corresponding to the original ciphertext data, and the ciphertext operation instruction corresponding to the original ciphertext data.
The data sending node and the data receiving node can be any two nodes which need to carry out ciphertext data interaction. And the data transmitting node divides original ciphertext data to be transmitted according to a preset size, packs the data obtained by division according to a predefined format, obtains a ciphertext data packet in the predefined format and transmits the ciphertext data packet to the data receiving node. After receiving the ciphertext data packet, the data receiving node processes and forwards the ciphertext data packet according to the predefined field carried by the ciphertext data packet without adding extra control logic. Therefore, the decoupling of the data plane and the control plane can be realized, and the decoupling of the processing and transmission of the ciphertext data and the algorithm logic of the upper application can be further realized.
In one example, the ciphertext data transmission method of the invention may be applied to a private computing platform. The privacy computing platform is a computing platform for protecting data privacy security, and for example, the privacy computing platform can be a multi-party security computing platform. The number of the privacy computing nodes contained in one privacy computing platform is not limited, and the number of the privacy computing nodes can be determined according to an encryption protocol supported by the privacy computing platform. For example, for a privacy computing platform that supports a (2,2) threshold secret sharing protocol, at least 2 privacy computing nodes may be included. As another example, for a privacy computing platform that supports a (2,4) threshold secret sharing protocol, at least 4 privacy computing nodes may be included. Each privacy computing node in the privacy computing platform may cooperatively execute a security computing task, where the security computing task may be a computer program code implemented by a preset programming language, and the privacy computing platform may implement a corresponding computing function by executing the computer program code. The secure computing task includes, but is not limited to: and data related operations such as calculation, cleaning, analysis, model training, storage, database query and the like of the data are realized based on the ciphertext. It is to be understood that the specific type of the secure computing task is not limited by the embodiments of the present invention. A secure computation task may include any type of mathematical computation, such as four arithmetic computations (e.g., addition, subtraction, multiplication, division), logical computations (e.g., and, or, xor), etc.
In the embodiment of the present invention, the data sending node and the data receiving node may be any two privacy computing nodes that need to perform ciphertext data interaction in the privacy computing platform.
In another example, the ciphertext data transmission method of the present invention may be applied to a multi-party fusion computing system. Referring to fig. 2, a schematic structural diagram of a multi-party fusion computing system according to an example of the present invention is shown, where the multi-party fusion computing system includes a first privacy computing platform, a second privacy computing platform, and a privacy routing server. The privacy routing server side comprises a control plane component and a data plane component, the control plane component is responsible for transmission and processing of control instructions, and the data plane component is responsible for transmission and processing of actual data. It will be appreciated that the control plane component and the data plane component shown in fig. 2, although abstracted as one node, in a particular implementation, both the control plane component and the data plane component shown in fig. 2 may comprise a distributed plurality of nodes. The solid line in fig. 2 represents the transmission of a data stream, and the broken line represents the transmission of a control stream.
The first privacy computing platform supports a first encryption protocol, the second privacy computing platform supports a second encryption protocol, and the privacy routing server side supports a preset general encryption protocol. The first encryption protocol and the second encryption protocol may be different encryption protocols. By the multiparty fusion computing system, multiparty fusion computing among a plurality of privacy computing platforms using different encryption protocols can be realized, and in the multiparty fusion computing process, ciphertext data of different privacy computing platforms under different encryption protocols can be converted through the privacy routing server.
The first privacy computing platform comprises a first privacy computing node, the second privacy computing platform comprises a second privacy computing node, and the privacy routing server comprises a privacy routing node. The first privacy computing node and the privacy routing node execute first cipher text-based interaction operation, and can convert first cipher text data under a first encryption protocol generated by a first privacy computing platform into intermediate cipher text data under a general encryption protocol of a privacy routing server; the privacy routing node and the second privacy computing node may convert the intermediate ciphertext data under the general encryption protocol into second ciphertext data under a second encryption protocol of the second privacy computing platform by performing a second interaction operation based on a ciphertext. Therefore, the second privacy computing platform can use the second ciphertext data to perform privacy computation, and then multi-party fusion computation between privacy computing platforms using different encryption protocols can be achieved.
In the embodiment of the invention, each privacy computing platform can directly carry out ciphertext data interaction with the privacy routing server side through the privacy computing node of the privacy computing platform. Furthermore, each privacy computing platform can also deploy a respective privacy routing client, and cipher text-based interactive operation is executed through the privacy routing client and the privacy routing server, so that the encryption protocol conversion of cipher text data is realized. For example, the first privacy computing platform may further deploy a first privacy routing client, and perform a first cipher-based interaction operation with the privacy routing node through the first privacy routing client; the second privacy computing platform may also deploy a second privacy routing client, and perform a second cipher-based interaction with the privacy routing node through the second privacy routing client. Therefore, each privacy computing platform only needs to be configured with a privacy routing client conforming to the self encryption protocol, the original functions of privacy computing nodes in the privacy computing platform are not changed, and the easy expandability of the multiparty fusion computing system can be realized.
In the embodiment of the present invention, the data sending node and the data receiving node may be any two nodes that need to perform ciphertext data interaction in a first privacy computing node, a second privacy computing node, a privacy routing node, and a privacy routing client in the multi-party fusion computing system.
In the multi-party fusion computing system, a first privacy computing platform refers to a party providing ciphertext data, and a second privacy computing platform refers to a party acquiring the ciphertext data. The embodiment of the invention does not limit the number of the privacy computing platforms accessed into the multi-party fusion computing system. For convenience of description, the embodiments of the present invention are described by taking two privacy computing platforms as shown in fig. 2 as an example.
It will be appreciated that embodiments of the present invention use a first privacy computing platform and a second privacy computing platform to identify two peer communicating entities. The first privacy computing platform and the second privacy computing platform respectively correspond to a ciphertext data sender and a ciphertext data receiver, and in specific implementation, the positions of the ciphertext data sender and the ciphertext data receiver can be interchanged.
In another example, the ciphertext data transmission method provided by the invention can be applied to a data storage platform. Ciphertext data under different encryption protocols can be stored in the data storage platform, and the data storage nodes in the data storage platform can convert the ciphertext data under one encryption protocol into ciphertext data under another encryption protocol through ciphertext-based interactive operation so as to provide the data demand party with the encrypted data under the unified encryption protocol.
In the embodiment of the present invention, the data sending node and the data receiving node may be any two data storage nodes that need to perform ciphertext data interaction in the data storage platform.
It should be noted that the application scenario of the ciphertext data transmission method of the present invention is not limited to the above-mentioned application scenario, and may also be applied to any other scenario requiring ciphertext data transmission.
And for the data sending node, when the size of the original ciphertext data to be sent exceeds a preset size, the data sending node divides the original ciphertext data according to the preset size. The preset size refers to the size of the ciphertext data packet in the predefined format, and the specific numerical value of the preset size is not limited in the embodiment of the invention.
In one example, assuming that original ciphertext data x to be transmitted by the data transmission node a exceeds a preset size, the original ciphertext data x is split according to the preset size, assuming that the original ciphertext data x is split into 10 parts, the 10 parts of data obtained by splitting are packed according to predefined fields, so as to obtain 10 ciphertext data packets, and the 10 ciphertext data packets have a uniform data format. Specifically, each of the 10 ciphertext data packets at least includes the following predefined fields: the data identification of the original ciphertext data, the number of data packets corresponding to the original ciphertext data, and a ciphertext operation instruction corresponding to the original ciphertext data.
In this example, the data identifier of the original ciphertext data is a data identifier of the original ciphertext data x, and is used to identify that the original ciphertext data to which the ciphertext data packet belongs is x. The number of data packets corresponding to the original ciphertext data is 10. And the ciphertext operation instruction corresponding to the original ciphertext data represents the ciphertext operation instruction participated by the original ciphertext data x. The data transmitting node a may sequentially transmit the 10 cipher text data packets to the data receiving node B.
Illustratively, assume that the ciphertext operation instruction is to perform a ciphertext plus 1 operation on original ciphertext data x. When receiving a ciphertext data packet of the 10 ciphertext data packets, the data receiving node B analyzes the ciphertext data packet to obtain a predefined field, and judges whether all ciphertext data packets of the original ciphertext data x have been received according to the data identifier and the number of the data packets in the predefined field. In specific implementation, the data receiving node can know which original ciphertext data the currently received ciphertext data packet belongs to according to the data identifier in the predefined field, and can further perform statistics on the ciphertext data packets with the same data identifier. Taking the above example as an example, when the data receiving node B determines that the number of ciphertext data packets corresponding to the data identifier of the received original ciphertext data x reaches 10, it may determine that all ciphertext data packets of the original ciphertext data x have been received, at this time, the original ciphertext data x may be obtained by assembling the 10 ciphertext data packets, and then the original ciphertext data x is used to execute the ciphertext operation instruction, and perform an operation of adding 1 to the original ciphertext data x, so as to obtain a ciphertext operation result.
Further, after the data receiving node obtains the ciphertext operation result through calculation, the data receiving node can also serve as a data sending node, and sends the ciphertext operation result to a next hop node which needs to be calculated next step.
In an optional embodiment of the present invention, the predefined field may further include: a source node identification, a destination node identification, and routing information, the method may further comprise:
step S11, determining a next hop node according to the source node identification, the target node identification and the routing information;
step S12, the ciphertext operation result is segmented according to the preset size, and the segmented data is packed according to the predefined field, so that a ciphertext data packet corresponding to the ciphertext operation result is obtained;
and step S13, sending the ciphertext data packet corresponding to the ciphertext operation result to the next hop node.
The source node identification may be used to identify the sending node of the original ciphertext data. The target node identification may be used to identify the receiving node of the original ciphertext data. The routing information may include path information between the original ciphertext data from the source node to the destination node. And determining the next hop node according to the source node identifier, the target node identifier and the routing information.
Still taking the above example as an example, the ciphertext data packet sent by the data sending node a and received by the data receiving node B may further include a source node identifier, a destination node identifier, and routing information. Illustratively, assuming that the source node is identified as node a and the destination node is identified as node D, the route information records the path from node a to node D as: node a- > node B- > node C- > node D. And after the data receiving node B executes the ciphertext operation instruction on the original data x to obtain a ciphertext operation result, determining that the next hop node is the node C according to the source node identifier, the target node identifier and the routing information. At this time, the data receiving node B may serve as a data sending node, segment the ciphertext operation result according to the preset size, and pack the segmented data according to the predefined field to obtain a ciphertext data packet corresponding to the ciphertext operation result; and sending the ciphertext data packet corresponding to the ciphertext operation result to the next hop node (node C). And the node C is used as a data receiving node and receives the ciphertext data packet corresponding to the ciphertext operation result sent by the node B.
In the embodiment of the invention, each node transmits ciphertext data in a predefined format and a storage-processing-forwarding mode. When a certain node receives a certain ciphertext data packet, firstly, judging whether all ciphertext data packets of original ciphertext data to which the ciphertext data packet belongs are received completely according to a predefined field of the ciphertext data packet, and if not, storing the received ciphertext data packet; if the original ciphertext data is received, the original ciphertext data can be assembled according to all ciphertext data packets of the original ciphertext data, so that the original ciphertext data can be used for executing a corresponding ciphertext operation instruction. After the ciphertext operation instruction is executed, the obtained ciphertext operation result is segmented according to a preset size, is packaged according to a predefined format, and is sent to the next hop node according to the routing information.
In an optional embodiment of the present invention, the ciphertext operation instruction may include at least two operands, and the executing the ciphertext operation instruction using the original ciphertext data when it is determined that all of the ciphertext data packets of the original ciphertext data have been received may include:
and executing the ciphertext operation instruction by using all operands required by the ciphertext operation instruction when all ciphertext data packets of each operand in the ciphertext operation instruction are determined to be received.
In the embodiment of the present invention, when the ciphertext operation instruction includes more than two operands, and when a data receiving node receives a ciphertext data packet, it first determines whether all ciphertext data packets of all original ciphertext data required by the ciphertext operation instruction have been received according to a predefined field of the ciphertext data packet, and if not, stores the currently received ciphertext data packet; if the receiving is finished, each original ciphertext data can be obtained by assembling all the ciphertext data packets of each received original ciphertext data, and the ciphertext operation instruction can be executed. In an example, assuming that a certain ciphertext operation instruction needs to use operands x and y, when it is determined that all ciphertext data packets of original ciphertext data x and all ciphertext data packets of original ciphertext data y are received, a data receiving node assembles all ciphertext data packets of the received original ciphertext data x to obtain original ciphertext data x, and assembles all ciphertext data packets of the received original ciphertext data y to obtain original ciphertext data y, so that the original ciphertext operation instruction can be executed by using the original ciphertext data x and the original ciphertext data y. After the ciphertext operation instruction is executed, the obtained ciphertext operation result is segmented according to a preset size, is packaged according to a predefined format, and is sent to the next hop node according to the routing information.
In an alternative embodiment of the invention, the at least two operands may be from at least two different data transmitting nodes, respectively.
In the embodiment of the invention, when each node receives a certain ciphertext data packet, the received ciphertext data packet is cached first until all ciphertext data packets of all original ciphertext data (possibly from a plurality of nodes) required by the current ciphertext operation instruction are received, then the current ciphertext operation instruction is executed, and then the ciphertext operation result obtained by executing the current ciphertext operation instruction is forwarded to the next hop node for executing the next operation. Therefore, the decoupling of the cryptograph data operation of the bottom layer and the calculation logic of the upper layer application is realized, and therefore, in the multi-party fusion calculation system, each privacy calculation platform can realize cross-platform data communication based on a data interface provided by the privacy routing server side, and the safety of the privacy data is ensured.
It should be noted that, in a specific implementation, the predefined field is not limited to the above listed types. In one example, a ciphertext data packet may include the following predefined fields: task identification, data packet quantity, source node identification, target node identification, encryption protocol, secret key, ciphertext operation instruction and routing information.
Wherein the task identifier can be used to identify the multiparty fused computing task. The data identification may be used to identify the original ciphertext data that was sliced. The data packet identifier may be used to identify a ciphertext data packet obtained by segmenting and packaging the original ciphertext data. The number of data packets may be used to identify the number of ciphertext data packets that the original ciphertext data contains. The source node identification may be used to identify the sending node of the original ciphertext data. The target node identification may be used to identify the receiving node of the original ciphertext data. The encryption protocol refers to the encryption protocol adopted by the original ciphertext data. The key refers to a key used by the original ciphertext data. The ciphertext operation instruction refers to an instruction in which the original ciphertext data participates. The routing information may include path information between the original ciphertext data from the source node to the destination node. Of course, the predefined field of the ciphertext data packet may further include a data shape (shape), a data type (type), data content, and the like.
In an optional embodiment of the present invention, the original ciphertext data conforms to a first encryption protocol, the ciphertext operation instruction is configured to convert the original ciphertext data that conforms to the first encryption protocol into a ciphertext operation result that conforms to a second encryption protocol, and the first encryption protocol and the second encryption protocol are different encryption protocols.
The ciphertext data transmission method can be applied to a multi-party fusion computing system. Each privacy computing platform in the multi-party converged computing system may own a respective data source. The data source may provide services of data storage, data provision, computation result storage, and the like. Each privacy computing platform carries out ciphertext computing on the basis of privacy data provided by a data source of the privacy computing platform to obtain ciphertext data of the privacy computing platform, and the interaction of the ciphertext data is realized through a privacy routing server side, so that a multiparty fusion computing task is cooperatively executed.
The private data may be any data that is not convenient to disclose, and may include, but is not limited to, data representing personal information of the user, or a trade secret, etc. The embodiment of the invention does not limit the task type of the multi-party fusion computing task. The multi-party fusion computing task includes, but is not limited to, any one or more of the following: privacy-preserving-based computational operations, privacy-preserving-based model training and prediction, privacy-preserving-based database query operations, and the like. Wherein the computing operations include, but are not limited to: digital computation such as addition, subtraction, multiplication and division, and logical computation such as AND, OR and NOT.
The original ciphertext data may be first ciphertext data that is supported by a first privacy computing platform in the multi-party fusion computing system, and the original ciphertext data conforms to a first encryption protocol that is supported by the first privacy computing platform. When a second privacy computing platform needs to execute a multiparty fusion computing task by using first ciphertext data of a first privacy computing platform, first ciphertext data under a first encryption protocol of the first privacy computing platform can be converted into second ciphertext data under a second encryption protocol supported by the second privacy computing platform through a privacy routing server. The ciphertext operation instruction is configured to convert the original ciphertext data (first ciphertext data) conforming to the first encryption protocol into a ciphertext operation result (second ciphertext data) conforming to a second encryption protocol.
In an optional embodiment of the present invention, the first encryption protocol may be a homomorphic encryption protocol, and the second encryption protocol may be a secret sharing protocol; alternatively, the first encryption protocol may be a secret sharing protocol and the second encryption protocol may be a homomorphic encryption protocol.
In a specific implementation, the principle of the secret sharing protocol is to divide a secret into several shares, each of which is called a shard, which are distributed to different users, and the secret can only be reconstructed if a specific subset of the users together provide their respective shares. The (t, n) threshold secret sharing protocol means that a secret is divided into n fragments and distributed to different users, the secret is easy to calculate when any t fragments are known, and the secret cannot be calculated when any fragments less than t are known. Further, the (t, n) threshold secret sharing protocol may include: (t, n) a summing threshold secret sharing protocol, (t, n) a multiplying threshold secret sharing protocol, and (t, n) a multiplying threshold secret sharing protocol. t and n are integers greater than or equal to 2, and n is greater than or equal to t.
The first encryption protocol may be any one of the above (t, n) threshold secret sharing protocols, and the second encryption protocol may be any one of the above (t, n) threshold secret sharing protocols.
The homomorphic encryption protocol is an encryption algorithm which uses an encryption function to perform addition and multiplication on a plaintext and then encrypts the plaintext, and performs corresponding operation on a ciphertext after encryption to obtain an equivalent result. An encryption function with homomorphic properties means that two plaintexts a, b satisfy
The encryption function of (1). Where c is an encryption function, d is a decryption function, an indicates an addition operation or a multiplication operation on the ciphertext domain,
representing an addition or multiplication over the plaintext field. When |, indicates an addition operation, it is referred to as an addition homomorphic encryption protocol; when |, indicates a multiplication operation, it is referred to as a multiply-homomorphic encryption protocol; when an |, includes both an addition operation and a multiplication operation, it is referred to as a fully homomorphic encryption protocol.
The first encryption protocol may be any one of the above homomorphic encryption protocols, and the second encryption protocol may be any one of the above homomorphic encryption protocols.
Further, the converting, by the privacy routing server, first ciphertext data of the first encryption protocol of the first privacy computing platform into second ciphertext data of the second encryption protocol supported by the second privacy computing platform may include: executing a first interactive operation based on a ciphertext with the privacy routing server through the first privacy computing platform, and converting first ciphertext data of the first privacy computing platform under a first encryption protocol into intermediate ciphertext data of the privacy routing server under a general encryption protocol; and executing second interactive operation based on a ciphertext through the privacy routing server and the second privacy computing platform, and converting the intermediate ciphertext data of the privacy routing server under the general encryption protocol into second ciphertext data of a second encryption protocol supported by the second privacy computing platform.
When the first interactive operation is executed, the ciphertext operation instruction in the predefined field of the ciphertext data packet received by each node participating in the first interactive operation may be an instruction for converting the first ciphertext data under the first encryption protocol into intermediate ciphertext data under the general encryption protocol. When the second interactive operation is executed, the ciphertext operation instruction in the predefined field of the ciphertext data packet received by each node participating in the second interactive operation may be an instruction for converting intermediate ciphertext data under a general encryption protocol into second ciphertext data under a second encryption protocol.
The general encryption protocol may be any encryption protocol, and preferably, the general encryption protocol may be a (2,2) threshold secret sharing protocol. Further, the (2,2) threshold secret sharing protocol may include any one of (2,2) a summing threshold secret sharing protocol, (2,2) a multiplying threshold secret sharing protocol, and (2,2) a multiplying threshold secret sharing protocol.
For example, the first encryption protocol may be a (3,3) add threshold secret sharing protocol, the second encryption protocol may be a homomorphic encryption protocol, and the universal encryption protocol may be a (2,2) add threshold secret sharing protocol. As another example, the first encryption protocol may be a (3,3) multiplicative threshold secret sharing protocol, the second encryption protocol may be a multiplicative homomorphic encryption protocol, and the general encryption protocol may be a (2,2) multiplicative threshold secret sharing protocol. As another example, the first encryption protocol may be a homomorphic encryption protocol, the second encryption protocol may be an encryption threshold secret sharing protocol, and the common encryption protocol may be a (2,2) encryption threshold secret sharing protocol. As another example, the first encryption protocol may be a (3,3) add threshold secret sharing protocol, the second encryption protocol may be a (2,2) add threshold secret sharing protocol, the universal encryption protocol may be a homomorphic encryption protocol, and so on. Of course, the first encryption protocol and/or the second encryption protocol and/or the general encryption protocol are not limited to the above-mentioned encryption protocols, and may also include protocols such as garbled circuit and inadvertent transmission.
In an alternative embodiment of the present invention, the common encryption protocol may be determined according to both the first encryption protocol and the second encryption protocol. For example, in a case that the first encryption protocol and the second encryption protocol are determined, the common encryption protocol adopted by the privacy routing server may be determined according to the first encryption protocol and the second encryption protocol. The following principles may be followed when selecting a generic encryption protocol: the conversion process from the first encryption protocol to the general encryption protocol and the conversion process from the general encryption protocol to the second encryption protocol are both simple and convenient, so that the calculation amount is reduced as much as possible, and the conversion efficiency is improved. Illustratively, the first encryption protocol supported by the first privacy computing platform is a (2,4) addition threshold secret sharing protocol, the second encryption protocol supported by the second privacy computing platform is a multiplicative homomorphic encryption protocol, and preferably, the general encryption protocol supported by the privacy routing server is a (2,2) multiplicative threshold secret sharing protocol.
In an optional embodiment of the present invention, the ciphertext operation instruction may include at least any one of the following: homomorphic encryption, secret sharing, ciphertext addition and data forwarding.
The embodiment of the invention does not limit the instruction type of the ciphertext operation instruction in the predefined field. The ciphertext operation instruction may be any instruction for performing privacy calculation on one or more original ciphertext data, or the ciphertext operation instruction may be an instruction for forwarding the original ciphertext data without performing any operation.
Referring to fig. 3, a flowchart illustrating steps of another embodiment of a ciphertext data transmission method of the present invention, which may be applied to a data sending node, may include the steps of:
301, segmenting original ciphertext data to be transmitted according to a preset size, and packaging the segmented data according to a predefined field to obtain a ciphertext data packet corresponding to the original ciphertext data; wherein the predefined fields include at least: the data identification of the original ciphertext data, the number of data packets corresponding to the original ciphertext data and a ciphertext operation instruction corresponding to the original ciphertext data;
and step 302, sending the ciphertext data packet to a data receiving node.
The operation steps executed by the data sending node in the process of transmitting the ciphertext data have been described in detail in the foregoing embodiments, and are not described herein again.
Optionally, the original ciphertext data conforms to a first encryption protocol, the ciphertext operation instruction is configured to convert the original ciphertext data that conforms to the first encryption protocol into a ciphertext operation result that conforms to a second encryption protocol, and the first encryption protocol and the second encryption protocol are different encryption protocols.
Optionally, the first encryption protocol is a homomorphic encryption protocol, and the second encryption protocol is a secret sharing protocol; or, the first encryption protocol is a secret sharing protocol, and the second encryption protocol is a homomorphic encryption protocol.
Optionally, the data sending node at least includes any one of the following: the system comprises a privacy computing node in a privacy computing platform, a data storage node in a data storage platform and a privacy routing node in a multi-party fusion computing system.
Optionally, the ciphertext operation instruction at least includes any one of the following: homomorphic encryption, secret sharing, ciphertext addition and data forwarding.
The ciphertext data transmission method provided by the embodiment of the invention is used for transmitting ciphertext data based on the ciphertext data packet in the predefined format. And the data transmitting node divides original ciphertext data to be transmitted according to a preset size, packs the data obtained by division according to a predefined format, obtains a ciphertext data packet in the predefined format and transmits the ciphertext data packet to the data receiving node. And after receiving the ciphertext data packet, the data receiving node judges whether all ciphertext data packets of the original ciphertext data to which the ciphertext data packet belongs are received completely according to the predefined field of the ciphertext data packet, and if the all ciphertext data packets are received completely, the original ciphertext data is used for executing a ciphertext operation instruction to obtain a ciphertext operation result. The data receiving node can also be used as a data sending node, and the ciphertext operation result is sent to a next hop node which needs to be calculated in the next step according to the method. After receiving the ciphertext data packet, the data receiving node processes and forwards the ciphertext data according to the predefined field carried by the ciphertext data packet without adding extra control logic, so that decoupling of a data plane and a control plane can be realized, and further decoupling of processing and transmission of the ciphertext data and algorithm logic of upper-layer application can be realized. Therefore, ciphertext data interaction among different privacy computing platforms does not need control surface participation, each privacy computing platform can regard other privacy computing platforms as data sources, different multi-party fusion computing task algorithms are flexibly designed and realized, on the basis of ensuring that each privacy computing platform is independent, a plurality of privacy computing platforms can collaboratively complete privacy computing tasks, interconnection and intercommunication of heterogeneous privacy computing platforms are realized, the internal technical architecture and resource scheduling of each privacy computing platform are not limited, and the flexibility and the expandability of algorithm realization of each privacy computing platform are kept.
It should be noted that, for simplicity of description, the method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present invention is not limited by the illustrated order of acts, as some steps may occur in other orders or concurrently in accordance with the embodiments of the present invention. Further, those skilled in the art will appreciate that the embodiments described in the specification are presently preferred and that no particular act is required to implement the invention.
Referring to fig. 4, a diagram illustrating a structure example of an embodiment of a ciphertext data transmission apparatus of the present invention, the ciphertext data transmission apparatus may be applied to a data receiving node, and the ciphertext data transmission apparatus may include:
the data receiving module 401 is configured to receive a ciphertext data packet, where the ciphertext data packet is obtained by segmenting original ciphertext data according to a preset size for a data sending node and packaging the segmented data according to a predefined field; wherein the predefined fields include at least: the data identification of the original ciphertext data, the number of data packets corresponding to the original ciphertext data and a ciphertext operation instruction corresponding to the original ciphertext data;
a data determining module 402, configured to determine whether all ciphertext data packets of the original ciphertext data have been received according to the data identifier and the number of data packets;
the data operation module 403 is configured to execute the ciphertext operation instruction by using the original ciphertext data when it is determined that all ciphertext data packets of the original ciphertext data have been received, so as to obtain a ciphertext operation result.
Optionally, the predefined field further comprises: source node identification, destination node identification, and routing information, the apparatus further comprising:
a next hop determining module, configured to determine a next hop node according to the source node identifier, the target node identifier, and the routing information;
the data processing module is used for segmenting the ciphertext operation result according to the preset size and packaging the segmented data according to the predefined field to obtain a ciphertext data packet corresponding to the ciphertext operation result;
and the data forwarding module is used for sending the ciphertext data packet corresponding to the ciphertext operation result to the next hop node.
Optionally, the ciphertext operation instruction includes at least two operands, and the data operation module is specifically configured to execute the ciphertext operation instruction by using all operands required by the ciphertext operation instruction when it is determined that all ciphertext data packets of each operand in the ciphertext operation instruction have been received.
Optionally, the at least two operands are from at least two different data sending nodes, respectively.
Optionally, the apparatus further comprises:
and the data caching module is used for storing the ciphertext data packets when determining that all ciphertext data packets of the original ciphertext data are not received.
Optionally, the original ciphertext data conforms to a first encryption protocol, the ciphertext operation instruction is used to convert the original ciphertext data conforming to the first encryption protocol into a ciphertext operation result conforming to a second encryption protocol, and the first encryption protocol and the second encryption protocol are different encryption protocols.
Optionally, the first encryption protocol is a homomorphic encryption protocol, and the second encryption protocol is a secret sharing protocol; or, the first encryption protocol is a secret sharing protocol, and the second encryption protocol is a homomorphic encryption protocol.
Optionally, the data receiving node includes at least any one of the following: the system comprises a privacy calculation node in a privacy calculation platform, a data storage node in a data storage platform and a privacy routing node in a multi-party fusion calculation system.
Optionally, the ciphertext operation instruction at least includes any one of the following: homomorphic encryption, secret sharing, ciphertext addition and data forwarding.
Referring to fig. 5, a diagram illustrating another example of the structure of an embodiment of the ciphertext data transmission apparatus of the present invention, the ciphertext data transmission apparatus may be applied to a data sending node, and the ciphertext data transmission apparatus may include:
the data segmentation module 501 is configured to segment original ciphertext data to be transmitted according to a preset size, and pack the segmented data according to a predefined field to obtain a ciphertext data packet corresponding to the original ciphertext data; wherein the predefined fields include at least: the data identification of the original ciphertext data, the number of data packets corresponding to the original ciphertext data and a ciphertext operation instruction corresponding to the original ciphertext data;
a data sending module 502, configured to send the ciphertext data packet to a data receiving node.
Optionally, the original ciphertext data conforms to a first encryption protocol, the ciphertext operation instruction is configured to convert the original ciphertext data that conforms to the first encryption protocol into a ciphertext operation result that conforms to a second encryption protocol, and the first encryption protocol and the second encryption protocol are different encryption protocols.
Optionally, the first encryption protocol is a homomorphic encryption protocol, and the second encryption protocol is a secret sharing protocol; or, the first encryption protocol is a secret sharing protocol, and the second encryption protocol is a homomorphic encryption protocol.
Optionally, the data sending node at least includes any one of the following: the system comprises a privacy computing node in a privacy computing platform, a data storage node in a data storage platform and a privacy routing node in a multi-party fusion computing system.
Optionally, the ciphertext operation instruction at least includes any one of the following: homomorphic encryption, secret sharing, ciphertext addition and data forwarding.
The ciphertext data transmission method provided by the embodiment of the invention is used for transmitting ciphertext data based on the ciphertext data packet in the predefined format. And the data transmitting node divides the original ciphertext data to be transmitted according to a preset size, packs the data obtained by division according to a predefined format to obtain a ciphertext data packet in the predefined format and transmits the ciphertext data packet to the data receiving node. And after receiving the ciphertext data packet, the data receiving node judges whether all ciphertext data packets of the original ciphertext data to which the ciphertext data packet belongs are received completely according to the predefined field of the ciphertext data packet, and if the all ciphertext data packets are received completely, the original ciphertext data is used for executing a ciphertext operation instruction to obtain a ciphertext operation result. The data receiving node can also be used as a data sending node, and the ciphertext operation result is sent to the next hop node which needs to be calculated next step according to the method. After receiving the ciphertext data packet, the data receiving node processes and forwards the ciphertext data according to the predefined field carried by the ciphertext data packet without adding extra control logic, so that decoupling of a data plane and a control plane can be realized, and further decoupling of processing and transmission of the ciphertext data and algorithm logic of upper-layer application can be realized. Therefore, ciphertext data interaction among different privacy computing platforms does not need control surface participation, each privacy computing platform can regard other privacy computing platforms as data sources, different multi-party fusion computing task algorithms are flexibly designed and realized, on the basis of ensuring that each privacy computing platform is independent, a plurality of privacy computing platforms can collaboratively complete privacy computing tasks, interconnection and intercommunication of heterogeneous privacy computing platforms are realized, the internal technical architecture and resource scheduling of each privacy computing platform are not limited, and the flexibility and the expandability of algorithm realization of each privacy computing platform are kept.
For the device embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, refer to the partial description of the method embodiment.
The embodiments in the present specification are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.
With regard to the apparatus in the above-described embodiment, the specific manner in which each module performs the operation has been described in detail in the embodiment related to the method, and will not be elaborated here.
An embodiment of the present invention provides an apparatus for ciphertext data transmission, including a memory, and one or more programs, where the one or more programs are stored in the memory, and configured to be executed by one or more processors, where the one or more programs include instructions for performing the ciphertext data transmission method described in the foregoing embodiments.
Fig. 6 is a block diagram illustrating an apparatus 800 for ciphertext data transmission, in accordance with an example embodiment. For example, the apparatus 800 may be a mobile phone, a computer, a digital broadcast terminal, a messaging device, a game console, a tablet device, a medical device, an exercise device, a personal digital assistant, and the like.
Referring to fig. 6, the apparatus 800 may include one or more of the following components: processing component 802, memory 804, power component 806, multimedia component 808, audio component 810, input/output (I/O) interface 812, sensor component 814, and communication component 816.
The processing component 802 generally controls overall operation of the device 800, such as operations associated with display, telephone calls, data communications, camera operations, and recording operations. The processing elements 802 may include one or more processors 820 to execute instructions to perform all or a portion of the steps of the methods described above. Further, the processing component 802 can include one or more modules that facilitate interaction between the processing component 802 and other components. For example, the processing component 802 can include a multimedia module to facilitate interaction between the multimedia component 808 and the processing component 802.
The memory 804 is configured to store various types of data to support operation at the device 800. Examples of such data include instructions for any application or method operating on device 800, contact data, phonebook data, messages, pictures, videos, and so forth. The memory 804 may be implemented by any type or combination of volatile or non-volatile memory devices such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disks.
The multimedia component 808 includes a screen that provides an output interface between the device 800 and a user. In some embodiments, the screen may include a Liquid Crystal Display (LCD) and a Touch Panel (TP). If the screen includes a touch panel, the screen may be implemented as a touch screen to receive an input signal from a user. The touch panel includes one or more touch sensors to sense touch, slide, and gestures on the touch panel. The touch sensor may not only sense the boundary of a touch or slide action, but also detect the duration and pressure associated with the touch or slide operation. In some embodiments, the multimedia component 808 includes a front facing camera and/or a rear facing camera. The front-facing camera and/or the rear-facing camera may receive external multimedia data when the device 800 is in an operating mode, such as a shooting mode or a video mode. Each front camera and rear camera may be a fixed optical lens system or have a focal length and optical zoom capability.
The audio component 810 is configured to output and/or input audio signals. For example, the audio component 810 includes a Microphone (MIC) configured to receive external audio signals when the apparatus 800 is in an operational mode, such as a call mode, a recording mode, and a voice information processing mode. The received audio signals may further be stored in the memory 804 or transmitted via the communication component 816. In some embodiments, audio component 810 also includes a speaker for outputting audio signals.
The I/O interface 812 provides an interface between the processing component 802 and peripheral interface modules, which may be keyboards, click wheels, buttons, etc. These buttons may include, but are not limited to: a home button, a volume button, a start button, and a lock button.
The sensor assembly 814 includes one or more sensors for providing various aspects of state assessment for the device 800. For example, the sensor assembly 814 may detect the open/closed state of the device 800, the relative positioning of components, such as a display and keypad of the apparatus 800, the sensor assembly 814 may also search for a change in the position of the apparatus 800 or a component of the apparatus 800, the presence or absence of user contact with the apparatus 800, orientation or acceleration/deceleration of the apparatus 800, and a change in the temperature of the apparatus 800. Sensor assembly 814 may include a proximity sensor configured to detect the presence of a nearby object without any physical contact. The sensor assembly 814 may also include a light sensor, such as a CMOS or CCD image sensor, for use in imaging applications. In some embodiments, the sensor assembly 814 may also include an acceleration sensor, a gyroscope sensor, a magnetic sensor, a pressure sensor, or a temperature sensor.
The communication component 816 is configured to facilitate communications between the apparatus 800 and other devices in a wired or wireless manner. The device 800 may access a wireless network based on a communication standard, such as WiFi, 2G or 3G, or a combination thereof. In an exemplary embodiment, the communication component 816 receives a broadcast signal or broadcast related information from an external broadcast management system via a broadcast channel. In an exemplary embodiment, the communication component 816 further includes a Near Field Communication (NFC) module to facilitate short-range communications. For example, the NFC module may be implemented based on radio frequency information processing (RFID) technology, infrared data association (IrDA) technology, Ultra Wideband (UWB) technology, Bluetooth (BT) technology, and other technologies.
In an exemplary embodiment, the apparatus 800 may be implemented by one or more Application Specific Integrated Circuits (ASICs), Digital Signal Processors (DSPs), Digital Signal Processing Devices (DSPDs), Programmable Logic Devices (PLDs), Field Programmable Gate Arrays (FPGAs), controllers, micro-controllers, microprocessors or other electronic components for performing the above-described methods.
In an exemplary embodiment, a non-transitory computer-readable storage medium comprising instructions, such as the memory 804 comprising instructions, executable by the processor 820 of the device 800 to perform the above-described method is also provided. For example, the non-transitory computer readable storage medium may be a ROM, a Random Access Memory (RAM), a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and the like.
Fig. 7 is a schematic diagram of a server in some embodiments of the invention. The server 1900 may vary widely by configuration or performance and may include one or more Central Processing Units (CPUs) 1922 (e.g., one or more processors) and memory 1932, one or more storage media 1930 (e.g., one or more mass storage devices) storing applications 1942 or data 1944. Memory 1932 and storage medium 1930 can be, among other things, transient or persistent storage. The program stored in the storage medium 1930 may include one or more modules (not shown), each of which may include a series of instructions operating on a server. Still further, a central processor 1922 may be provided in communication with the storage medium 1930 to execute a sequence of instruction operations in the storage medium 1930 on the server 1900.
The server 1900 may also include one or more power supplies 1926, one or more wired or wireless network interfaces 1950, one or more input-output interfaces 1958, one or more keyboards 1956, and/or one or more operating systems 1941, such as Windows Server, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM, etc.
A non-transitory computer-readable storage medium in which instructions, when executed by a processor of an apparatus (server or terminal), enable the apparatus to perform the ciphertext data transmission method shown in fig. 1 or 3.
A non-transitory computer-readable storage medium, wherein when instructions in the storage medium are executed by a processor of an apparatus (server or terminal), the apparatus is enabled to perform the description of the ciphertext data transmission method in the embodiment corresponding to fig. 1 or fig. 3, and therefore, the description thereof will not be repeated here. In addition, the beneficial effects of the same method are not described in detail. For technical details not disclosed in the computer program product or computer program embodiments referred to in the present application, reference is made to the description of the method embodiments of the present application.
Other embodiments of the invention will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. The invention is intended to cover any variations, uses, or adaptations of the invention following, in general, the principles of the invention and including such departures from the present disclosure as come within known or customary practice within the art to which the invention pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the invention being indicated by the following claims.
It will be understood that the invention is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the invention is limited only by the appended claims.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.
The present invention provides a ciphertext data transmission method, a ciphertext data transmission apparatus and a device for ciphertext data transmission, which have been described in detail above, and the present invention has been described in detail by applying specific examples, and the description of the above embodiments is only used to help understanding the method and the core idea of the present invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.
Claims (30)
1. A ciphertext data transmission method, applied to a data receiving node, the method comprising:
receiving a ciphertext data packet, wherein the ciphertext data packet is obtained by segmenting original ciphertext data according to a preset size by a data sending node and packaging the segmented data according to a predefined field; wherein the predefined fields include at least: the data identification of the original ciphertext data, the number of data packets corresponding to the original ciphertext data and a ciphertext operation instruction corresponding to the original ciphertext data;
judging whether all ciphertext data packets of the original ciphertext data have been received or not according to the data identification and the number of the data packets;
and when all the ciphertext data packets of the original ciphertext data are determined to be received, executing the ciphertext operation instruction by using the original ciphertext data to obtain a ciphertext operation result.
2. The method of claim 1, wherein the predefined fields further comprise: a source node identification, a destination node identification, and routing information, the method further comprising:
determining a next hop node according to the source node identifier, the target node identifier and the routing information;
segmenting the ciphertext operation result according to the preset size, and packaging segmented data according to the predefined field to obtain a ciphertext data packet corresponding to the ciphertext operation result;
and sending the ciphertext data packet corresponding to the ciphertext operation result to the next hop node.
3. The method of claim 1, wherein the ciphertext operation instruction comprises at least two operands, and wherein executing the ciphertext operation instruction using the original ciphertext data when it is determined that all of the ciphertext data packets of the original ciphertext data have been received comprises:
and executing the ciphertext operation instruction by using all operands required by the ciphertext operation instruction when all ciphertext data packets of each operand in the ciphertext operation instruction are determined to be received.
4. The method of claim 3, wherein the at least two operands are from at least two different data sending nodes, respectively.
5. The method of claim 1, further comprising:
and storing the ciphertext data packet when determining that all ciphertext data packets of the original ciphertext data are not received.
6. The method of claim 1, wherein the original ciphertext data conforms to a first encryption protocol, wherein the ciphertext operation instruction is configured to convert the original ciphertext data that conforms to the first encryption protocol into a ciphertext operation result that conforms to a second encryption protocol, and wherein the first encryption protocol and the second encryption protocol are different encryption protocols.
7. The method of claim 6, wherein the first encryption protocol is a homomorphic encryption protocol and the second encryption protocol is a secret sharing protocol; or, the first encryption protocol is a secret sharing protocol, and the second encryption protocol is a homomorphic encryption protocol.
8. The method according to any of claims 1 to 7, wherein the data receiving node comprises at least any of: the system comprises a privacy computing node in a privacy computing platform, a data storage node in a data storage platform and a privacy routing node in a multi-party fusion computing system.
9. The method according to any one of claims 1 to 7, wherein the ciphertext operation instruction comprises at least any one of: homomorphic encryption, secret sharing, ciphertext addition and data forwarding.
10. A ciphertext data transmission method, applied to a data sending node, includes:
segmenting original ciphertext data to be transmitted according to a preset size, and packaging the segmented data according to a predefined field to obtain a ciphertext data packet corresponding to the original ciphertext data; wherein the predefined fields include at least: the data identification of the original ciphertext data, the number of data packets corresponding to the original ciphertext data and a ciphertext operation instruction corresponding to the original ciphertext data;
and sending the ciphertext data packet to a data receiving node.
11. The method of claim 10, wherein the original ciphertext data conforms to a first encryption protocol, wherein the ciphertext operation instruction is configured to convert the original ciphertext data that conforms to the first encryption protocol into a ciphertext operation result that conforms to a second encryption protocol, and wherein the first encryption protocol and the second encryption protocol are different encryption protocols.
12. The method of claim 11, wherein the first encryption protocol is a homomorphic encryption protocol and the second encryption protocol is a secret sharing protocol; or, the first encryption protocol is a secret sharing protocol, and the second encryption protocol is a homomorphic encryption protocol.
13. The method according to any of claims 10 to 12, wherein the data transmitting node comprises at least any of: the system comprises a privacy computing node in a privacy computing platform, a data storage node in a data storage platform and a privacy routing node in a multi-party fusion computing system.
14. The method according to any one of claims 10 to 12, wherein the ciphertext operation instruction comprises at least any one of: homomorphic encryption, secret sharing, ciphertext addition and data forwarding.
15. An apparatus for transmitting ciphertext data, the apparatus being adapted to be used at a data receiving node, the apparatus comprising:
the data receiving module is used for receiving a ciphertext data packet, the ciphertext data packet is obtained by segmenting original ciphertext data according to a preset size for a data sending node and packaging the segmented data according to a predefined field; wherein the predefined fields include at least: the data identification of the original ciphertext data, the number of data packets corresponding to the original ciphertext data and a ciphertext operation instruction corresponding to the original ciphertext data;
the data judgment module is used for judging whether all ciphertext data packets of the original ciphertext data have been received or not according to the data identification and the data packet quantity;
and the data operation module is used for executing the ciphertext operation instruction by using the original ciphertext data to obtain a ciphertext operation result when determining that all ciphertext data packets of the original ciphertext data have been received.
16. The apparatus of claim 15, wherein the predefined fields further comprise: source node identification, destination node identification, and routing information, the apparatus further comprising:
a next hop determining module, configured to determine a next hop node according to the source node identifier, the target node identifier, and the routing information;
the data processing module is used for segmenting the ciphertext operation result according to the preset size and packaging the segmented data according to the predefined field to obtain a ciphertext data packet corresponding to the ciphertext operation result;
and the data forwarding module is used for sending the ciphertext data packet corresponding to the ciphertext operation result to the next hop node.
17. The apparatus of claim 15, wherein the ciphertext operation instruction comprises at least two operands, and wherein the data operation module is specifically configured to execute the ciphertext operation instruction using all operands required by the ciphertext operation instruction when determining that all ciphertext data packets for each operand in the ciphertext operation instruction have been received.
18. The apparatus of claim 17, wherein the at least two operands are from at least two different data sending nodes, respectively.
19. The apparatus of claim 15, further comprising:
and the data caching module is used for storing the ciphertext data packets when determining that all ciphertext data packets of the original ciphertext data are not received.
20. The apparatus of claim 15, wherein the original ciphertext data conforms to a first encryption protocol, wherein the ciphertext operation instruction is configured to convert the original ciphertext data that conforms to the first encryption protocol into a ciphertext operation result that conforms to a second encryption protocol, and wherein the first encryption protocol and the second encryption protocol are different encryption protocols.
21. The apparatus of claim 20, wherein the first encryption protocol is a homomorphic encryption protocol and the second encryption protocol is a secret sharing protocol; or, the first encryption protocol is a secret sharing protocol, and the second encryption protocol is a homomorphic encryption protocol.
22. The apparatus according to any of the claims 15 to 21, wherein the data receiving node comprises at least any of the following: the system comprises a privacy calculation node in a privacy calculation platform, a data storage node in a data storage platform and a privacy routing node in a multi-party fusion calculation system.
23. The method according to any one of claims 15 to 21, wherein the ciphertext operation instruction comprises at least any one of: homomorphic encryption, secret sharing, ciphertext addition and data forwarding.
24. An apparatus for transmitting ciphertext data, the apparatus being applied to a data sending node, the apparatus comprising:
the data segmentation module is used for segmenting original ciphertext data to be transmitted according to a preset size and packaging the segmented data according to a predefined field to obtain a ciphertext data packet corresponding to the original ciphertext data; wherein the predefined fields include at least: the data identification of the original ciphertext data, the number of data packets corresponding to the original ciphertext data and a ciphertext operation instruction corresponding to the original ciphertext data;
and the data sending module is used for sending the ciphertext data packet to a data receiving node.
25. The apparatus of claim 24, wherein the original ciphertext data conforms to a first encryption protocol, wherein the ciphertext operation instruction is configured to convert the original ciphertext data that conforms to the first encryption protocol into a ciphertext operation result that conforms to a second encryption protocol, and wherein the first encryption protocol and the second encryption protocol are different encryption protocols.
26. The apparatus of claim 25, wherein the first encryption protocol is a homomorphic encryption protocol and the second encryption protocol is a secret sharing protocol; or, the first encryption protocol is a secret sharing protocol, and the second encryption protocol is a homomorphic encryption protocol.
27. The apparatus according to any of claims 24 to 26, wherein the data sending node comprises at least any of: the system comprises a privacy computing node in a privacy computing platform, a data storage node in a data storage platform and a privacy routing node in a multi-party fusion computing system.
28. The apparatus according to any one of claims 24 to 26, wherein the ciphertext operation instruction comprises at least any one of: homomorphic encryption, secret sharing, ciphertext addition and data forwarding.
29. An apparatus for ciphertext data transmission, comprising a memory, and one or more programs, wherein the one or more programs are stored in the memory and configured to be executed by one or more processors, the one or more programs including instructions for performing the ciphertext data transmission method of any of claims 1-9 or 10-14.
30. A machine-readable storage medium having stored thereon instructions which, when executed by one or more processors of an apparatus, cause the apparatus to perform the ciphertext data transmission method of any of claims 1 to 9 or 10 to 14.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210434065.1A CN114915455A (en) | 2022-04-24 | 2022-04-24 | Ciphertext data transmission method and device for ciphertext data transmission |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210434065.1A CN114915455A (en) | 2022-04-24 | 2022-04-24 | Ciphertext data transmission method and device for ciphertext data transmission |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114915455A true CN114915455A (en) | 2022-08-16 |
Family
ID=82764373
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210434065.1A Pending CN114915455A (en) | 2022-04-24 | 2022-04-24 | Ciphertext data transmission method and device for ciphertext data transmission |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114915455A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117251871A (en) * | 2023-11-16 | 2023-12-19 | 支付宝(杭州)信息技术有限公司 | Data processing method and system for secret database |
Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105978909A (en) * | 2016-07-08 | 2016-09-28 | 北京炼石网络技术有限公司 | Transport layer encapsulation-based data transmission method, and data transmission apparatus and system |
| CN106603549A (en) * | 2016-12-28 | 2017-04-26 | 上海优刻得信息科技有限公司 | Data exchange method and system based on cryptograph |
| CN109644128A (en) * | 2016-06-30 | 2019-04-16 | 诺基亚技术有限公司 | Secure data processing |
| CN110858822A (en) * | 2018-08-23 | 2020-03-03 | 北京华为数字技术有限公司 | Media access control security protocol message transmission method and related device |
| CN111669270A (en) * | 2020-04-24 | 2020-09-15 | 江苏航天神禾科技有限公司 | Quantum encryption transmission method and device based on label switching |
| CN112333210A (en) * | 2021-01-04 | 2021-02-05 | 视联动力信息技术股份有限公司 | Method and equipment for realizing data communication function of video network |
| CN112615852A (en) * | 2020-12-16 | 2021-04-06 | 百度在线网络技术(北京)有限公司 | Data processing method, related device and computer program product |
| CN112632608A (en) * | 2020-12-23 | 2021-04-09 | 上海同态信息科技有限责任公司 | Cooperative processing method for private data based on numerical calculation |
| CN113032846A (en) * | 2021-05-20 | 2021-06-25 | 华控清交信息科技(北京)有限公司 | Data processing method and device and data processing device |
| CN113254956A (en) * | 2021-05-07 | 2021-08-13 | 华控清交信息科技(北京)有限公司 | Data processing method and device and data processing device |
| WO2021197037A1 (en) * | 2020-04-01 | 2021-10-07 | 支付宝(杭州)信息技术有限公司 | Method and apparatus for jointly performing data processing by two parties |
| CN114218592A (en) * | 2021-12-20 | 2022-03-22 | 平安壹钱包电子商务有限公司 | Sensitive data encryption and decryption method and device, computer equipment and storage medium |
| CN114285907A (en) * | 2021-12-03 | 2022-04-05 | 中国联合网络通信集团有限公司 | Data transmission method and device, electronic equipment and storage medium |
| CN114285675A (en) * | 2022-03-07 | 2022-04-05 | 杭州优云科技有限公司 | Message forwarding method and device |
| CN114327261A (en) * | 2021-12-06 | 2022-04-12 | 神州融安数字科技(北京)有限公司 | Data file storage method and data security agent |
-
2022
- 2022-04-24 CN CN202210434065.1A patent/CN114915455A/en active Pending
Patent Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109644128A (en) * | 2016-06-30 | 2019-04-16 | 诺基亚技术有限公司 | Secure data processing |
| CN105978909A (en) * | 2016-07-08 | 2016-09-28 | 北京炼石网络技术有限公司 | Transport layer encapsulation-based data transmission method, and data transmission apparatus and system |
| CN106603549A (en) * | 2016-12-28 | 2017-04-26 | 上海优刻得信息科技有限公司 | Data exchange method and system based on cryptograph |
| CN110858822A (en) * | 2018-08-23 | 2020-03-03 | 北京华为数字技术有限公司 | Media access control security protocol message transmission method and related device |
| WO2021197037A1 (en) * | 2020-04-01 | 2021-10-07 | 支付宝(杭州)信息技术有限公司 | Method and apparatus for jointly performing data processing by two parties |
| CN111669270A (en) * | 2020-04-24 | 2020-09-15 | 江苏航天神禾科技有限公司 | Quantum encryption transmission method and device based on label switching |
| CN112615852A (en) * | 2020-12-16 | 2021-04-06 | 百度在线网络技术(北京)有限公司 | Data processing method, related device and computer program product |
| CN112632608A (en) * | 2020-12-23 | 2021-04-09 | 上海同态信息科技有限责任公司 | Cooperative processing method for private data based on numerical calculation |
| CN112333210A (en) * | 2021-01-04 | 2021-02-05 | 视联动力信息技术股份有限公司 | Method and equipment for realizing data communication function of video network |
| CN113254956A (en) * | 2021-05-07 | 2021-08-13 | 华控清交信息科技(北京)有限公司 | Data processing method and device and data processing device |
| CN113032846A (en) * | 2021-05-20 | 2021-06-25 | 华控清交信息科技(北京)有限公司 | Data processing method and device and data processing device |
| CN114285907A (en) * | 2021-12-03 | 2022-04-05 | 中国联合网络通信集团有限公司 | Data transmission method and device, electronic equipment and storage medium |
| CN114327261A (en) * | 2021-12-06 | 2022-04-12 | 神州融安数字科技(北京)有限公司 | Data file storage method and data security agent |
| CN114218592A (en) * | 2021-12-20 | 2022-03-22 | 平安壹钱包电子商务有限公司 | Sensitive data encryption and decryption method and device, computer equipment and storage medium |
| CN114285675A (en) * | 2022-03-07 | 2022-04-05 | 杭州优云科技有限公司 | Message forwarding method and device |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117251871A (en) * | 2023-11-16 | 2023-12-19 | 支付宝(杭州)信息技术有限公司 | Data processing method and system for secret database |
| CN117251871B (en) * | 2023-11-16 | 2024-03-01 | 支付宝(杭州)信息技术有限公司 | Data processing method and system for secret database |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN114756886B (en) | Method and device for inquiring hiding trace | |
| CN114301594B (en) | Inadvertent transmission method, multi-party secure computing platform and device for inadvertent transmission | |
| CN114884645B (en) | Privacy calculation method and device and readable storage medium | |
| CN112688779B (en) | Data processing method and device and data processing device | |
| CN113449325B (en) | Data processing method and device and data processing device | |
| CN113014625B (en) | Task processing method and device for task processing | |
| CN115396100B (en) | Careless random disorganizing method and system based on secret sharing | |
| CN113254956A (en) | Data processing method and device and data processing device | |
| CN114969830B (en) | Privacy intersection method, system and readable storage medium | |
| CN113094744A (en) | Information processing method, service platform, device for information processing and multi-party secure computing system | |
| CN114915455A (en) | Ciphertext data transmission method and device for ciphertext data transmission | |
| CN112464257B (en) | Data detection method and device for data detection | |
| CN112307056A (en) | Data processing method and device and data processing device | |
| CN115617897B (en) | Data type conversion method and multi-party secure computing system | |
| CN115941181B (en) | Out-of-order secret sharing method, system and readable storage medium | |
| CN114885038B (en) | Encryption protocol conversion method, result acquisition node and privacy calculation node | |
| CN114448631B (en) | Multi-party security computing method, system and device for multi-party security computing | |
| CN116401423A (en) | Method, device, equipment and medium for determining median based on secure multiparty calculation | |
| CN112685747B (en) | Data processing method and device and data processing device | |
| CN114996752A (en) | Multiparty privacy intersection method and device and multiparty privacy intersection device | |
| CN112463332A (en) | Data processing method, ciphertext computing system and device for data processing | |
| CN114721913B (en) | Method and device for generating data flow graph | |
| CN112468290A (en) | Data processing method and device and data processing device | |
| CN114760367B (en) | Encryption protocol conversion method, first node and second node | |
| CN114969164B (en) | Data query method and device and readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |