CN116170131B - Ciphertext processing method, ciphertext processing device, storage medium and trusted execution device - Google Patents

Ciphertext processing method, ciphertext processing device, storage medium and trusted execution device Download PDF

Info

Publication number
CN116170131B
CN116170131B CN202310425295.6A CN202310425295A CN116170131B CN 116170131 B CN116170131 B CN 116170131B CN 202310425295 A CN202310425295 A CN 202310425295A CN 116170131 B CN116170131 B CN 116170131B
Authority
CN
China
Prior art keywords
user
ciphertext
homomorphic
key
conversion
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202310425295.6A
Other languages
Chinese (zh)
Other versions
CN116170131A (en
Inventor
李雪雷
李茹杨
赵雅倩
李仁刚
刘广庆
张亚强
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Inspur Beijing Electronic Information Industry Co Ltd
Original Assignee
Inspur Beijing Electronic Information Industry Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Inspur Beijing Electronic Information Industry Co Ltd filed Critical Inspur Beijing Electronic Information Industry Co Ltd
Priority to CN202310425295.6A priority Critical patent/CN116170131B/en
Publication of CN116170131A publication Critical patent/CN116170131A/en
Application granted granted Critical
Publication of CN116170131B publication Critical patent/CN116170131B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/008Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • H04L9/0897Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Abstract

The application relates to the technical field of homomorphic encryption, and discloses a ciphertext processing method, a ciphertext processing device, a storage medium and trusted execution equipment, wherein the ciphertext processing method comprises the following steps: acquiring a first homomorphic ciphertext obtained after homomorphic encryption of first data by a first user; the first homomorphic ciphertext comprises a first user private key parameter; obtaining a conversion key obtained by a first user and a second user through a key negotiation mode, and converting a first homomorphic ciphertext through a mode of converting a first user private key parameter in the first homomorphic ciphertext into a second user private key parameter by using the conversion key to obtain a converted homomorphic ciphertext; the homomorphic ciphertext after conversion comprises a second user private key parameter; and sending the converted homomorphic ciphertext to a second user so that the second user carries out homomorphic calculation on the converted homomorphic ciphertext and a second homomorphic ciphertext obtained after the second user carries out homomorphic encryption on second data. The homomorphic calculation between homomorphic ciphertexts of different users can be realized.

Description

Ciphertext processing method, ciphertext processing device, storage medium and trusted execution device
Technical Field
The present invention relates to the field of homomorphic encryption technologies, and in particular, to a ciphertext processing method, apparatus, storage medium, and trusted execution device.
Background
Homomorphic encryption (HE, homomorphic Encryption) refers to a data result obtained by performing homomorphic encryption on original data, performing a specific operation (homomorphic calculation) on the obtained ciphertext, and then performing homomorphic decryption on the calculation result to obtain a plaintext equivalent to the original plaintext data and directly performing the same calculation. Homomorphic encryption is used as an advanced method with highest security in the privacy computing technology, can encrypt after data acquisition, and protects and enhances the privacy security of data in subsequent homomorphic computation. However, the homomorphic calculation process is implemented based on the same user, that is, the same user uses the same key to perform homomorphic encryption, and data encrypted by different users using different keys cannot be directly homomorphic calculated.
Therefore, how to implement homomorphic computation between homomorphic ciphertexts of different users is a technical problem to be solved by those skilled in the art.
Disclosure of Invention
In view of the above, the present invention aims to provide a ciphertext processing method, apparatus, storage medium, and trusted execution device, which can implement homomorphic computation between homomorphic ciphers of different users. The specific scheme is as follows:
The first aspect of the present application provides a ciphertext processing method, including:
acquiring a first homomorphic ciphertext obtained after homomorphic encryption of first data by a first user; the first homomorphic ciphertext comprises a first user private key parameter;
obtaining a conversion key obtained by the first user and the second user through a key negotiation mode, and converting the first homomorphic ciphertext through a mode of converting a first user private key parameter in the first homomorphic ciphertext into a second user private key parameter by using the conversion key to obtain a converted homomorphic ciphertext; the homomorphic ciphertext after conversion comprises a second user private key parameter;
and sending the converted homomorphic ciphertext to the second user, so that the second user carries out homomorphic calculation on the converted homomorphic ciphertext and a second homomorphic ciphertext obtained after the second user carries out homomorphic encryption on second data.
Optionally, the conversion key includes a first conversion key of the first user and a second conversion key of the second user; the first conversion key is a first logical operation result of the first user private key parameter and the intermediate conversion key, and the second conversion key is a second logical operation result of the second user private key parameter and the intermediate conversion key.
Optionally, the intermediate conversion key is a key determined by a key negotiation manner when the second user sends an authorization request to the first user.
Optionally, the obtaining the conversion key obtained by the first user and the second user through a key negotiation mode includes:
if the first user and the second user can determine the intermediate conversion key through a key negotiation mode, acquiring the first conversion key obtained by carrying out logic operation on a first user private key parameter and the intermediate conversion key and the second conversion key obtained by carrying out logic operation on a second user private key parameter and the intermediate conversion key;
if the first user and the second user cannot determine the intermediate conversion key in a key negotiation mode, directly acquiring a first user private key parameter as the first conversion key, and directly acquiring a second user private key parameter as the second conversion key.
Optionally, the intermediate conversion key is a third logical operation result of the first private key packet and the second private key packet; the first private key package is obtained by carrying out logic operation on a first user private key parameter and a random factor by the first user, and the second private key package is obtained by carrying out logic operation on a second user private key parameter and the random factor by the second user;
Correspondingly, the first conversion key is a key expression which is obtained by carrying out logic operation on the first user private key parameter and the third logic operation result and only comprises the second user private key parameter and the random factor;
the second conversion key is a key expression which is obtained by carrying out logic operation on the second user private key parameter and the third logic operation result and only comprises the first user private key parameter and the random factor.
Optionally, the generation formula of the intermediate conversion key is:
tk 12 =F(s 1 ,s 2 ,r 1 ,r 2
wherein F is a key generation function, the logical operation corresponding to F is addition or subtraction, s 1 S is a first user private key parameter 2 R is the second user private key parameter 1 And r 2 Is a random factor.
Optionally, the converting the first homomorphic ciphertext by converting the first user private key parameter in the first homomorphic ciphertext into the second user private key parameter by using the conversion key includes:
constructing a ciphertext conversion relation with a private key parameter elimination relation by using the first homomorphic ciphertext, the first conversion key and the second conversion key;
and converting the first user private key parameter in the first homomorphic secret into a second user private key parameter based on the ciphertext conversion relation.
Optionally, after the obtaining the conversion key obtained by the first user and the second user through the key negotiation method, the method further includes:
acquiring authentication information;
judging whether the second user is the user authorized by the first user according to the authentication information, and if so, executing the step of converting the first homomorphic ciphertext in a mode of converting the first user private key parameter in the first homomorphic ciphertext into the second user private key parameter by utilizing the conversion key.
Optionally, the authentication information is a digital signature obtained by signing the first synchronous ciphertext by using the intermediate conversion key;
the step of judging whether the second user is a user authorized by the first user according to the authentication information comprises the following steps:
and verifying the digital signature by using the intermediate conversion key, and if the verification passes, judging that the second user is the user authorized by the first user.
Optionally, the conversion key and the authentication information are stored in a trusted execution environment in the trusted execution device;
obtaining the conversion key and the authentication information includes:
the conversion key and the authentication information are acquired from the trusted execution environment.
Optionally, the ciphertext processing method further includes:
constructing a security authentication information table in the trusted execution environment, and storing the conversion key and the authentication information by utilizing the security authentication information table; the security authentication information table also stores the first homomorphic ciphertext and an authentication mode.
Optionally, the ciphertext processing method further includes:
and initializing the trusted execution device according to the trusted environment basic specification to construct the trusted execution environment.
Optionally, the trusted execution environment is divided into a common computing area and a trusted computing area.
Optionally, the conversion key and the authentication information are stored in the trusted computing area.
Optionally, the determining, according to the authentication information, whether the second user is a user authorized by the first user includes:
and executing the step of judging whether the second user is the user authorized by the first user according to the authentication information in the trusted computing area.
Optionally, the obtaining the first homomorphic ciphertext obtained after the first user homomorphic encrypts the first data includes:
acquiring the first homomorphic ciphertext obtained by the first user after homomorphic encryption of the first data by using a homomorphic encryption algorithm from the first user;
Correspondingly, the second homomorphic ciphertext is obtained by homomorphic encryption of the second data by the second user through the homomorphic encryption algorithm.
Optionally, the first homomorphic ciphertext is obtained by homomorphic encrypting the first encoded data of the first data by the first user through the homomorphic encryption algorithm; the first coded data is coded data which is obtained after the first user executes coding operation on the first data and accords with homomorphic encryption input data format.
Optionally, after the second user performs homomorphic calculation on the homomorphic ciphertext after conversion and the second homomorphic ciphertext obtained after the second user performs homomorphic encryption on the second data, the method further includes:
and the second user homomorphic decrypts the ciphertext obtained after homomorphic calculation to obtain a decrypted plaintext.
Optionally, the second user homomorphic decrypts the ciphertext obtained after homomorphic calculation, and after obtaining the decrypted plaintext, the method further includes:
the second user executes decoding operation on the decrypted plaintext to obtain corresponding decoded data; the decoded data is consistent with the result of directly performing the same calculation as the homomorphic calculation on the first data and the second data.
A second aspect of the present application provides a trusted execution device comprising a processor and a memory; wherein the memory is configured to store a computer program that is loaded and executed by the processor to implement the aforementioned ciphertext processing method.
Optionally, the processor is built with a trusted execution environment comprising a common computing area and a trusted computing area.
A third aspect of the present application provides a ciphertext processing apparatus, comprising:
the ciphertext acquisition module is used for acquiring a first homomorphic ciphertext obtained after homomorphic encryption of the first data by the first user; the first homomorphic ciphertext comprises a first user private key parameter;
the key acquisition and ciphertext conversion module is used for acquiring a conversion key obtained by the first user and the second user in a key negotiation mode, and converting the first homomorphic ciphertext in a mode of converting a first user private key parameter in the first homomorphic ciphertext into a second user private key parameter by utilizing the conversion key to obtain a converted homomorphic ciphertext; the homomorphic ciphertext after conversion comprises a second user private key parameter;
and the ciphertext sending module is used for sending the converted homomorphic ciphertext to the second user so that the second user can homomorphic calculate the converted homomorphic ciphertext and the second homomorphic ciphertext obtained by homomorphic encryption of the second data by the second user.
A fourth aspect of the present application provides a computer-readable storage medium having stored therein computer-executable instructions that, when loaded and executed by a processor, implement the foregoing ciphertext processing method.
In the application, a first homomorphic ciphertext obtained after homomorphic encryption of first data by a first user is obtained; the first homomorphic ciphertext comprises a first user private key parameter; then obtaining a conversion key obtained by the first user and the second user through a key negotiation mode, and converting the first homomorphic ciphertext through a mode of converting a first user private key parameter in the first homomorphic ciphertext into a second user private key parameter by using the conversion key to obtain a converted homomorphic ciphertext; the homomorphic ciphertext after conversion comprises a second user private key parameter; and finally, the converted homomorphic ciphertext is sent to the second user, so that the second user carries out homomorphic calculation on the converted homomorphic ciphertext and a second homomorphic ciphertext obtained after the second user carries out homomorphic encryption on second data. Therefore, the homomorphic ciphertext of one user is converted into the homomorphic ciphertext which can be homomorphically calculated by the other user in a ciphertext conversion mode, so that the user with data ownership is not required to execute complex calculation and management, and homomorphic calculation among homomorphic ciphers of different users is realized.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are required to be used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only embodiments of the present invention, and that other drawings can be obtained according to the provided drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flowchart of a ciphertext processing method provided in the present application;
FIG. 2 is a schematic diagram of a specific ciphertext processing method provided in the present application;
fig. 3 is a schematic structural diagram of a ciphertext processing apparatus provided in the present application;
fig. 4 is a block diagram of a trusted execution device provided in the present application.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The homomorphic calculation process in the existing homomorphic encryption technology is realized based on the same user, namely the same user uses the same secret key to encrypt homomorphic, and data encrypted by different users using different secret keys cannot realize direct homomorphic calculation. Aiming at the technical defects, the ciphertext processing scheme converts homomorphic ciphertext of one user into homomorphic ciphertext which can be homomorphically calculated by another user in a ciphertext conversion mode, so that a data ownership user does not need to execute complex calculation and management, and homomorphism calculation among homomorphism ciphertext of different users is realized.
Fig. 1 is a flowchart of a ciphertext processing method according to an embodiment of the present application. Referring to fig. 1, the ciphertext processing method includes:
s11: acquiring a first homomorphic ciphertext obtained after homomorphic encryption of first data by a first user; the first homomorphic ciphertext includes a first user private key parameter.
In this embodiment, a first homomorphic ciphertext obtained by homomorphic encrypting first data by a first user is first obtained. The first homomorphic ciphertext comprises a first user private key parameter. Further, the first homomorphic ciphertext is ciphertext obtained by homomorphic encryption of the first data by the first user through a homomorphic encryption algorithm. It should be noted that, in order to improve the reliability of homomorphic computing, the ciphertext processing steps in the above step S11 and the following embodiments may be performed in a trusted execution environment, where the trusted execution environment may be provided by a trusted execution device, and the trusted execution device is a computing device independent of the first user and the second user, and mainly provides a trusted execution environment to perform trusted computing.
It can be understood that the homomorphic encryption key pair includes a private key (denoted as sk) and a public key (denoted as pk), the key pair needs to be generated in advance, and specifically, the user public parameter p, the private key sk, the public key pk and other system public parameters para required in the subsequent stage can be generated for the system according to the homomorphic encryption algorithm. The arrays S, a and e are randomly selected, the private key of the system user U is set as sk, and the public key pk is set. The first user is denoted as U here 1 、U 1 Is a private key sk of (1) 1 Is (1, s) 1 ),U 1 Private key pk of (a) 1 Is (b, a), wherein b= -as 1 +e, here s 1 Is a first user private key parameter. Similarly, the second user may be represented as U 2 The other parameters are expressed in the same manner. The first user U 1 For the first data (plaintext m) according to homomorphic encryption algorithm 1 ) The first homomorphic ciphertext output after the encryption operation is executed is:
C 1 =v·pk 1 +(m 1 +e 0 ,e 1 )=(-vas 1 +ve+ m 1 +e 0 ,va+e 1
wherein v, e 0 、e 1 Is a random factor.
S12: obtaining a conversion key obtained by the first user and the second user through a key negotiation mode, and converting the first homomorphic ciphertext through a mode of converting a first user private key parameter in the first homomorphic ciphertext into a second user private key parameter by using the conversion key to obtain a converted homomorphic ciphertext; the converted homomorphic ciphertext includes a second user private key parameter.
In this embodiment, a conversion key obtained by the first user and the second user through a key negotiation manner is further obtained, and the first homomorphic ciphertext is converted by converting a first user private key parameter in the first homomorphic ciphertext into a second user private key parameter by using the conversion key, so as to obtain a converted homomorphic ciphertext. Under the trusted execution environment, the trusted execution device acquires the conversion key and executes ciphertext conversion. Similarly, the homomorphic ciphertext after conversion contains a second user private key parameter, and specifically, the second homomorphic ciphertext is obtained by homomorphic encrypting the second data by the second user through the homomorphic encryption algorithm. In this embodiment, the result of ciphertext conversion is that the converted homomorphic ciphertext does not include the first user private key parameter, but only includes the second user private key parameter, that is, the first user private key parameter in the first homomorphic ciphertext is converted into the second user private key parameter, so that the converted homomorphic ciphertext is equivalent to the data obtained by homomorphic encryption of the first data by the second user, and thus homomorphic calculation can be performed.
In this embodiment, the conversion key includes a first conversion key of the first user and a second conversion key of the second user; the first conversion key is a logical operation result of the first user private key parameter and the intermediate conversion key, and the second conversion key is a logical operation result of the second user private key parameter and the intermediate conversion key. The logic operation may be addition, subtraction, multiplication, division, etc., and this embodiment is not limited thereto, and the intermediate conversion key is denoted as tk ij (i, j represents a user), for example, the first conversion key may ultimately be represented as s 1 -tk 12 The second conversion key may ultimately be denoted s 2 -tk 12 . Further, the intermediate conversion key is a key determined by a key negotiation mode when the second user sends an authorization request to the first user, that is, the intermediate conversion key is generated in a data authorization use stage. Of course, the intermediate transfer key may also be issued by a third party authority like a private key, in such a way that the intermediate transfer key is transmitted from the second user to the first userAnd triggering a key generated by a third party mechanism when sending an authorization request, wherein the third party mechanism can be a trusted mechanism such as a bank.
It should be specifically noted that, to avoid the security hidden trouble caused by the disclosure of the private key, the first user U 1 And a second user U 2 When the key agreement is carried out to determine the intermediate conversion key, the private key is not shared out, but a private key package is further generated, and the intermediate conversion key is determined by sharing the private key package, so that direct sharing of the private key can be avoided. That is, the intermediate conversion key is a third logical operation result of a first private key packet and a second private key packet, where the first private key packet is obtained by performing a logical operation on a first user private key parameter and a random factor by the first user, and the second private key packet is obtained by performing a logical operation on a second user private key parameter and a random factor by the second user. On the basis, the first conversion key is a key expression which is obtained by carrying out logic operation on the first user private key parameter and the third logic operation result and only comprises the second user private key parameter and the random factor; the second conversion key is a key expression which is obtained by carrying out logic operation on the second user private key parameter and the third logic operation result and only comprises the first user private key parameter and the random factor. That is, the purpose of performing the logical operation on the first user private key parameter and the third logical operation result is to eliminate the first user private key parameter, so that the first conversion key only includes the second user private key parameter and the key expression of the random factor. Similarly, the purpose of performing the logical operation on the second user private key parameter and the third logical operation result is to eliminate the second user private key parameter, so that the second conversion key only includes the key expression of the first user private key parameter and the random factor. This is the basis for the implementation of the subsequent ciphertext conversion.
For example, when the first user U 1 Authorizing a second user U 2 Obtaining ciphertext C 1 When the use rights such as decryption and calculation of (a) are used, the two parties generate a shared intermediate conversion key tk through a secure form such as key negotiation 12 Generation formula of intermediate conversion keyThe following are provided:
tk 12 =F(s 1 ,s 2 ,r 1 ,r 2
wherein F is a key generation function, the logical operation corresponding to F is addition or subtraction, r 1 And r 2 Is a random factor.
When the third logical operation corresponding to F is addition:
tk 12 =F(s 1 ,s 2 ,r 1 ,r 2 )=(s 1 + r 1 )+(s 2 + r 2
wherein s is 1 + r 1 I.e. the first private key package s 2 + r 2 I.e. the second private key package, where F is such that the third logical operation results in the second logical operation will be s 1 + r 1 Sum s 2 + r 2 The result of the addition is performed.
Under this example, in order to include only the second user private key parameter in the first conversion key, the key expression of the first conversion key can only be s 1 -tk 12 . Likewise, in order to make the second conversion key contain only the first user private key parameter, the key expression of the second conversion key can be s only 2 -tk 12 . The present embodiment does not limit each logical operation, as long as the corresponding first conversion key and second conversion key can be obtained. For example, when tk 12 =F’(s 1 ,s 2 ,r 1 ,r 2 )=(s 2 + r 2 )-(s 1 + r 1 ) The key expression of the first conversion key is s 1 +tk 12 The key expression of the second conversion key is s 2 +tk 12
In this embodiment, if the first user and the second user can determine the intermediate conversion key through a key negotiation manner, the first conversion key obtained by performing a logical operation on a first user private key parameter and the intermediate conversion key obtained by performing a logical operation on a second user private key parameter and the intermediate conversion key are obtainedAnd performing logic operation to obtain the second conversion key. If the first user and the second user cannot determine the intermediate conversion key in a key negotiation mode, directly acquiring a first user private key parameter as the first conversion key, and directly acquiring a second user private key parameter as the second conversion key. Under the architecture of a third party institution, if the first user and the second user can determine the intermediate conversion key through a key negotiation mode, acquiring the first conversion key and the second conversion key from the third party institution; the first conversion key is obtained by carrying out logic operation on the first user private key parameter and the intermediate conversion key by the third party mechanism, and the second conversion key is obtained by carrying out logic operation on the second user private key parameter and the intermediate conversion key by the third party mechanism. If the first user and the second user cannot obtain the intermediate conversion key through a key negotiation mode, acquiring the first conversion key and the second conversion key from the third party mechanism; the third party authority directly uses a first user private key parameter as the first conversion key and uses a second user private key parameter as the second conversion key. I.e. when the participants cannot achieve a secure key agreement, another tk ij For 0, the participant securely shares the respective private key with the trusted execution device.
On the basis, before ciphertext conversion is carried out, a ciphertext conversion relation with a private key parameter elimination relation is constructed by utilizing the first homomorphic ciphertext, the first conversion key and the second conversion key, and then the first user private key parameter in the first homomorphic ciphertext is converted into the second user private key parameter based on the ciphertext conversion relation. The ciphertext conversion relation in this embodiment may be constructed as follows:
-vas 1 +ve+m 1 +e 0 +(va+e)(s 1 -tk 12 )-(va+e)(s 2 -tk 12
the relation after simplifying the ciphertext conversion relation is as follows:
-vas 2 +ve+ m 1 +e 0 +e s 1 +e s 2
will e s = e 0 + e s 1 +e s 2 Viewed as noise disturbance term (negligible), the final transformation is as follows:
-vas 2 +ve+ m 1 +e s
finally, the-va 2 +ve+m+e s Replacement C 1 Medium-va 1 +ve+m+e 0 And obtaining the homomorphic ciphertext after conversion.
It should be noted here that, for the authorized user group U J (j= { J, j+1,., j+n-1}, n being the number of users in the authorized user group), the conversion key generation function expands as:
tk 12 =F(s i ,s j ,s j+1 ,...,s j+n-1 ,r j ,r j+1 ,...,r j+n-1
for the authorized user group, the embodiment further designs a conversion method between homomorphic ciphertexts encrypted by different keys based on the trusted execution environment, generates a shared conversion key in the data authorization use stage, and safely stores the key in the trusted execution device, wherein the conversion key can convert all homomorphic ciphertexts with the same version/security level into homomorphic ciphertexts which can be decrypted/calculated by the authorized user group in batches in the trusted execution environment of the trusted execution device, thus greatly reducing the calculation and management burden of data ownership users, and improving the user friendliness and practicability of data sharing analysis and use.
S13: and sending the converted homomorphic ciphertext to the second user, so that the second user carries out homomorphic calculation on the converted homomorphic ciphertext and a second homomorphic ciphertext obtained after the second user carries out homomorphic encryption on second data.
In this embodiment, after ciphertext conversion, the converted homomorphic ciphertext may be sent to the second user, so that the second user performs homomorphic calculation on the converted homomorphic ciphertext and a second homomorphic ciphertext obtained after the second user performs homomorphic encryption on second data.
In the embodiment of the application, a first homomorphic ciphertext obtained after homomorphic encryption of first data by a first user is obtained; the first homomorphic ciphertext comprises a first user private key parameter; then obtaining a conversion key obtained by the first user and the second user through a key negotiation mode, and converting the first homomorphic ciphertext through a mode of converting a first user private key parameter in the first homomorphic ciphertext into a second user private key parameter by using the conversion key to obtain a converted homomorphic ciphertext; the homomorphic ciphertext after conversion comprises a second user private key parameter; and finally, the converted homomorphic ciphertext is sent to the second user, so that the second user carries out homomorphic calculation on the converted homomorphic ciphertext and a second homomorphic ciphertext obtained after the second user carries out homomorphic encryption on second data. According to the method and the device for the homomorphic ciphertext, the homomorphic ciphertext of one user is converted into the homomorphic ciphertext which can be subjected to homomorphic calculation by the other user, so that the user with data ownership does not need to execute complex calculation and management, and homomorphic calculation among the homomorphic ciphers of different users is achieved.
Fig. 2 is a flowchart of a specific ciphertext processing method according to an embodiment of the present application. Referring to fig. 2, the ciphertext processing method includes:
s21: acquiring a first homomorphic ciphertext obtained by the first user after homomorphic encryption of first data by using a homomorphic encryption algorithm from the first user; the first homomorphic ciphertext includes a first user private key parameter.
In this embodiment, for the specific process of step S21, reference may be made to the corresponding content disclosed in the foregoing embodiment, and no further description is given here. It should be added that, before the first user performs homomorphic encryption, the first user also needs to perform an encoding operation on the first data, so that the obtained first encoded data conforms to the homomorphic encryption input data format. The first homomorphic ciphertext is obtained by homomorphic encryption of first coded data of the first data by the first user through the homomorphic encryption algorithm; the first coded data is coded data which is obtained after the first user executes coding operation on the first data and accords with homomorphic encryption input data format. The data of the system user U is encoded into a plaintext which meets the encryption input requirement according to the homomorphic encryption algorithm.
S22: and acquiring the conversion key and the authentication information obtained by the first user and the second user through a key negotiation mode from a trusted execution environment in the trusted execution device.
In this embodiment, the conversion key and the authentication information obtained by the first user and the second user through the key negotiation mode need to be obtained from the trusted execution environment in the trusted execution device. The trusted execution environment is to construct a safe area in the processor of the trusted execution device by a software and hardware method, so that the confidentiality and the integrity of the program and the data loaded in the trusted execution environment are ensured. Specifically, the trusted execution device may be initialized according to a trusted environment basic specification to construct the trusted execution environment, where the conversion key and the authentication information are stored in the trusted execution device. Further, the trusted execution environment is divided into a public computing area and a trusted computing area, and the conversion key and the authentication information are stored in the trusted computing area.
Namely initializing the trusted execution device according to the basic specification of the trusted environment, setting a public computing area and a trusted computing area, and safely storing the conversion key into the storage device of the trusted computing area, and simultaneously initializing the conversion key, the ciphertext, the authentication information (signature/version/security level and the like) and the like. In this embodiment, a secure authentication information table may be further constructed in the trusted execution environment, and the conversion key and the authentication information may be stored by using the secure authentication information table, where the secure authentication information table further stores the first homomorphic ciphertext and the authentication method. The following table is an example of a secure authentication information table:
Figure SMS_1
S23: and judging whether the second user is the user authorized by the first user according to the authentication information, if so, converting the first homomorphic ciphertext by converting the first user private key parameter in the first homomorphic ciphertext into the second user private key parameter by using the conversion key to obtain a converted homomorphic ciphertext.
In this embodiment, after the conversion key and the authentication information are obtained, whether the second user is the user authorized by the first user is determined according to the authentication information, and if so, the first homomorphic ciphertext is converted by converting the first user private key parameter in the first homomorphic secret into the second user private key parameter by using the conversion key, so as to obtain the converted homomorphic ciphertext. Wherein the step of determining whether the second user is a user authorized by the first user based on the authentication information is performed in the trusted computing zone. That is, the trusted execution environment authenticates the authenticity of the message through the message authentication function, and if it passes the verification, the trusted execution environment reads the conversion key, and then the trusted execution environment converts the ciphertext of the first user into the ciphertext of the second user.
In this embodiment, the authentication information may be a digital signature obtained by signing the first synchronous ciphertext with the intermediate conversion key, where the authentication mode is a signature (as shown in the table above). And when verification is carried out, the digital signature is checked by utilizing the intermediate conversion key, and if the check passes, the second user is judged to be the user authorized by the first user. After receiving the ciphertext conversion request of the authorized user, the trusted execution device firstly inquires a security authentication information table in the trusted execution environment, and if authentication information (signature) passes verification, ciphertext conversion is executed, otherwise, the trusted execution device exits.
S24: and sending the converted homomorphic ciphertext to the second user, so that the second user carries out homomorphic calculation on the converted homomorphic ciphertext and a second homomorphic ciphertext obtained by carrying out homomorphic encryption on second data by the second user, and carries out homomorphic decryption on the ciphertext obtained by carrying out homomorphic calculation to obtain a decrypted plaintext.
In this embodiment, regarding the specific process of step S24, reference may be made to the corresponding content disclosed in the foregoing embodiment, and no further description is given here. It is to be added that after obtaining the decrypted plaintext, decoding operation is required to be executed on the decrypted plaintext to obtain corresponding decoded data; the decoded data is consistent with the result of directly performing the same calculation as the homomorphic calculation on the first data and the second data.
Referring to fig. 3, the embodiment of the application further correspondingly discloses a ciphertext processing apparatus, which includes:
the ciphertext obtaining module 11 is configured to obtain a first homomorphic ciphertext obtained by homomorphic encrypting the first data by the first user; the first homomorphic ciphertext comprises a first user private key parameter;
the key obtaining and ciphertext converting module 12 is configured to obtain a conversion key obtained by the first user and the second user through a key negotiation manner, and convert the first homomorphic ciphertext by converting a first user private key parameter in the first homomorphic ciphertext into a second user private key parameter by using the conversion key, so as to obtain a converted homomorphic ciphertext; the homomorphic ciphertext after conversion comprises a second user private key parameter;
and the ciphertext sending module 13 is configured to send the converted homomorphic ciphertext to the second user, so that the second user performs homomorphic calculation on the converted homomorphic ciphertext and a second homomorphic ciphertext obtained after the second user performs homomorphic encryption on second data.
In the embodiment of the application, a first homomorphic ciphertext obtained after homomorphic encryption of first data by a first user is obtained; the first homomorphic ciphertext comprises a first user private key parameter; then obtaining a conversion key obtained by the first user and the second user through a key negotiation mode, and converting the first homomorphic ciphertext through a mode of converting a first user private key parameter in the first homomorphic ciphertext into a second user private key parameter by using the conversion key to obtain a converted homomorphic ciphertext; the homomorphic ciphertext after conversion comprises a second user private key parameter; and finally, the converted homomorphic ciphertext is sent to the second user, so that the second user carries out homomorphic calculation on the converted homomorphic ciphertext and a second homomorphic ciphertext obtained after the second user carries out homomorphic encryption on second data. According to the method and the device for homomorphic ciphertext conversion, homomorphic ciphertext of one user is converted into homomorphic ciphertext which can be subjected to homomorphic calculation by the other user, so that complex calculation and management are not required to be performed by a data ownership user, and homomorphic calculation among homomorphic ciphers of different users is achieved.
In some embodiments, the ciphertext processing apparatus further comprises:
the authentication information acquisition module is used for acquiring authentication information;
and the authentication module is used for judging whether the second user is a user authorized by the first user according to the authentication information, and if so, executing the step of converting the first synchronous ciphertext in a mode of converting the first user private key parameter in the first synchronous ciphertext into the second user private key parameter by utilizing the conversion key.
In some embodiments, the conversion key in the ciphertext processing apparatus comprises a first conversion key of the first user and a second conversion key of the second user; the first conversion key is a first logical operation result of the first user private key parameter and the intermediate conversion key, and the second conversion key is a second logical operation result of the second user private key parameter and the intermediate conversion key.
In some embodiments, the intermediate conversion key in the ciphertext processing apparatus is a key that is determined by a key agreement manner when the second user sends an authorization request to the first user.
In some embodiments, the ciphertext obtaining module 11 specifically includes:
The first obtaining unit is used for obtaining the first conversion key obtained by carrying out logic operation on a first user private key parameter and the intermediate conversion key and obtaining the second conversion key obtained by carrying out logic operation on a second user private key parameter and the intermediate conversion key if the first user and the second user can determine the intermediate conversion key through a key negotiation mode;
and the second acquisition unit is used for directly acquiring a first user private key parameter as the first conversion key and directly acquiring a second user private key parameter as the second conversion key if the first user and the second user cannot determine the intermediate conversion key in a key negotiation mode.
In some specific embodiments, the intermediate conversion key in the ciphertext processing apparatus is a third logical operation result of a first private key package and a second private key package; the first private key package is obtained by carrying out logic operation on a first user private key parameter and a random factor by the first user, and the second private key package is obtained by carrying out logic operation on a second user private key parameter and the random factor by the second user;
Correspondingly, the first conversion key is a key expression which is obtained by carrying out logic operation on the first user private key parameter and the third logic operation result and only comprises the second user private key parameter and the random factor;
the second conversion key is a key expression which is obtained by carrying out logic operation on the second user private key parameter and the third logic operation result and only comprises the first user private key parameter and the random factor.
In some embodiments, the generation formula of the intermediate conversion key in the ciphertext processing apparatus is:
tk 12 =F(s 1 ,s 2 ,r 1 ,r 2
wherein F is a key generation function, the logical operation corresponding to F is addition or subtraction, s 1 S is a first user private key parameter 2 R is the second user private key parameter 1 And r 2 Is a random factor.
In some embodiments, the key acquisition and ciphertext conversion module 12 may further comprise:
the relation construction submodule is used for constructing a ciphertext conversion relation with a private key parameter elimination relation by utilizing the first homomorphic ciphertext, the first conversion key and the second conversion key;
and the conversion sub-module is used for converting the first user private key parameter in the first homomorphic secret into the second user private key parameter based on the ciphertext conversion relation.
In some embodiments, the authentication information is a digital signature obtained by signing the first synchronous ciphertext with the intermediate conversion key;
the authentication module is specifically configured to check the digital signature by using the intermediate conversion key, and if the check passes, determine that the second user is a user authorized by the first user.
In some embodiments, the conversion key and the authentication information in the ciphertext processing apparatus are stored in a trusted execution environment in the trusted execution device.
In some specific embodiments, the ciphertext processing apparatus further comprises:
the table construction module is used for constructing a safety authentication information table in the trusted execution environment and storing the conversion key and the authentication information by utilizing the safety authentication information table; the security authentication information table also stores the first homomorphic ciphertext and an authentication mode;
and the initialization module is used for initializing the trusted execution device according to the trusted environment basic specification so as to construct the trusted execution environment.
In some embodiments, the trusted execution environment in the ciphertext processing apparatus is divided into a common computing area and a trusted computing area, and the conversion key and the authentication information are stored in the trusted computing area.
In some embodiments, the authentication module is specifically configured to perform the step of determining, in the trusted computing area, whether the second user is a user authorized by the first user based on the authentication information.
In some embodiments, the ciphertext obtaining module 11 is further configured to:
acquiring the first homomorphic ciphertext obtained by the first user after homomorphic encryption of the first data by using a homomorphic encryption algorithm from the first user;
correspondingly, the second homomorphic ciphertext is obtained by homomorphic encrypting the second data by the second user through the homomorphic encryption algorithm;
the first homomorphic ciphertext is obtained by homomorphic encryption of first coded data of the first data by the first user through the homomorphic encryption algorithm; the first coded data is coded data which is obtained after the first user executes coding operation on the first data and accords with homomorphic encryption input data format.
In some embodiments, the ciphertext processing apparatus further comprises:
the decryption module is used for homomorphic decryption of the ciphertext obtained after homomorphic calculation by the second user to obtain decrypted plaintext;
The decoding module is used for decoding the decrypted plaintext by the second user to obtain corresponding decoded data, and the decoded data is consistent with the result obtained by directly executing the same calculation as the homomorphic calculation on the first data and the second data.
Further, the embodiment of the application also provides a trusted execution device. Fig. 4 is a block diagram of an electronic device 20, according to an exemplary embodiment, and the contents of the diagram should not be construed as limiting the scope of use of the present application in any way.
Fig. 4 is a schematic structural diagram of a trusted execution device 20 according to an embodiment of the present application. The trusted execution device 20 may specifically include: at least one processor 21, at least one memory 22, a power supply 23, a communication interface 24, an input output interface 25, and a communication bus 26. Wherein the memory 22 is used for storing a computer program, which is loaded and executed by the processor 21 for realizing at least the following steps:
acquiring a first homomorphic ciphertext obtained after homomorphic encryption of first data by a first user; the first homomorphic ciphertext comprises a first user private key parameter;
obtaining a conversion key obtained by the first user and the second user through a key negotiation mode, and converting the first homomorphic ciphertext through a mode of converting a first user private key parameter in the first homomorphic ciphertext into a second user private key parameter by using the conversion key to obtain a converted homomorphic ciphertext; the homomorphic ciphertext after conversion comprises a second user private key parameter;
And sending the converted homomorphic ciphertext to the second user, so that the second user carries out homomorphic calculation on the converted homomorphic ciphertext and a second homomorphic ciphertext obtained after the second user carries out homomorphic encryption on second data.
As can be seen, the trusted execution device in the embodiment of the present application first obtains a first homomorphic ciphertext obtained after the first user homomorphic encrypts the first data; the first homomorphic ciphertext comprises a first user private key parameter; then obtaining a conversion key obtained by the first user and the second user through a key negotiation mode, and converting the first homomorphic ciphertext through a mode of converting a first user private key parameter in the first homomorphic ciphertext into a second user private key parameter by using the conversion key to obtain a converted homomorphic ciphertext; the homomorphic ciphertext after conversion comprises a second user private key parameter; and finally, the converted homomorphic ciphertext is sent to the second user, so that the second user carries out homomorphic calculation on the converted homomorphic ciphertext and a second homomorphic ciphertext obtained after the second user carries out homomorphic encryption on second data. The embodiment of the application fuses the trusted execution technology and the homomorphic encryption technology, and the trusted execution equipment converts the homomorphic ciphertext of one user into the homomorphic ciphertext which can be homomorphic calculated by the other user in a secure environment in a ciphertext conversion mode, so that the user with data ownership is not required to execute complex calculation and management, and homomorphic calculation among the homomorphic ciphers of different users is realized.
Optionally, the conversion key includes a first conversion key of the first user and a second conversion key of the second user; the first conversion key is a first logical operation result of the first user private key parameter and the intermediate conversion key, and the second conversion key is a second logical operation result of the second user private key parameter and the intermediate conversion key.
Optionally, the intermediate conversion key is a key determined by a key negotiation manner when the second user sends an authorization request to the first user.
Optionally, the obtaining the conversion key obtained by the first user and the second user through a key negotiation mode includes:
if the first user and the second user can determine the intermediate conversion key through a key negotiation mode, acquiring the first conversion key obtained by carrying out logic operation on a first user private key parameter and the intermediate conversion key and the second conversion key obtained by carrying out logic operation on a second user private key parameter and the intermediate conversion key;
if the first user and the second user cannot determine the intermediate conversion key in a key negotiation mode, directly acquiring a first user private key parameter as the first conversion key, and directly acquiring a second user private key parameter as the second conversion key.
Optionally, the intermediate conversion key is a third logical operation result of the first private key packet and the second private key packet; the first private key package is obtained by carrying out logic operation on a first user private key parameter and a random factor by the first user, and the second private key package is obtained by carrying out logic operation on a second user private key parameter and the random factor by the second user;
correspondingly, the first conversion key is a key expression which is obtained by carrying out logic operation on the first user private key parameter and the third logic operation result and only comprises the second user private key parameter and the random factor;
the second conversion key is a key expression which is obtained by carrying out logic operation on the second user private key parameter and the third logic operation result and only comprises the first user private key parameter and the random factor.
Optionally, the generation formula of the intermediate conversion key is:
tk 12 =F(s 1 ,s 2 ,r 1 ,r 2
wherein F is a key generation function, the logical operation corresponding to F is addition or subtraction, s 1 S is a first user private key parameter 2 R is the second user private key parameter 1 And r 2 Is a random factor.
Optionally, the converting the first homomorphic ciphertext by converting the first user private key parameter in the first homomorphic ciphertext into the second user private key parameter by using the conversion key includes:
Constructing a ciphertext conversion relation with a private key parameter elimination relation by using the first homomorphic ciphertext, the first conversion key and the second conversion key;
and converting the first user private key parameter in the first homomorphic secret into a second user private key parameter based on the ciphertext conversion relation.
Optionally, after the obtaining the conversion key obtained by the first user and the second user through the key negotiation method, the method further includes:
acquiring authentication information;
judging whether the second user is the user authorized by the first user according to the authentication information, and if so, executing the step of converting the first homomorphic ciphertext in a mode of converting the first user private key parameter in the first homomorphic ciphertext into the second user private key parameter by utilizing the conversion key.
Optionally, the authentication information is a digital signature obtained by signing the first synchronous ciphertext by using the intermediate conversion key;
the step of judging whether the second user is a user authorized by the first user according to the authentication information comprises the following steps:
and verifying the digital signature by using the intermediate conversion key, and if the verification passes, judging that the second user is the user authorized by the first user.
Optionally, the conversion key and the authentication information are stored in a trusted execution environment in the trusted execution device;
obtaining the conversion key and the authentication information includes:
the conversion key and the authentication information are acquired from the trusted execution environment.
Optionally, the ciphertext processing method further includes:
constructing a security authentication information table in the trusted execution environment, and storing the conversion key and the authentication information by utilizing the security authentication information table; the security authentication information table also stores the first homomorphic ciphertext and an authentication mode.
Optionally, the ciphertext processing method further includes:
and initializing the trusted execution device according to the trusted environment basic specification to construct the trusted execution environment.
Optionally, the trusted execution environment is divided into a common computing area and a trusted computing area.
Optionally, the conversion key and the authentication information are stored in the trusted computing area.
Optionally, the determining, according to the authentication information, whether the second user is a user authorized by the first user includes:
and executing the step of judging whether the second user is the user authorized by the first user according to the authentication information in the trusted computing area.
Optionally, the obtaining the first homomorphic ciphertext obtained after the first user homomorphic encrypts the first data includes:
acquiring the first homomorphic ciphertext obtained by the first user after homomorphic encryption of the first data by using a homomorphic encryption algorithm from the first user;
correspondingly, the second homomorphic ciphertext is obtained by homomorphic encryption of the second data by the second user through the homomorphic encryption algorithm.
Optionally, the first homomorphic ciphertext is obtained by homomorphic encrypting the first encoded data of the first data by the first user through the homomorphic encryption algorithm; the first coded data is coded data which is obtained after the first user executes coding operation on the first data and accords with homomorphic encryption input data format.
Optionally, after the second user performs homomorphic calculation on the homomorphic ciphertext after conversion and the second homomorphic ciphertext obtained after the second user performs homomorphic encryption on the second data, the method further includes:
and the second user homomorphic decrypts the ciphertext obtained after homomorphic calculation to obtain a decrypted plaintext.
Optionally, the second user homomorphic decrypts the ciphertext obtained after homomorphic calculation, and after obtaining the decrypted plaintext, the method further includes:
The second user executes decoding operation on the decrypted plaintext to obtain corresponding decoded data; the decoded data is consistent with the result of directly performing the same calculation as the homomorphic calculation on the first data and the second data.
In this embodiment, the power supply 23 is configured to provide an operating voltage for each hardware device on the trusted execution device 20; the communication interface 24 can create a data transmission channel between the trusted execution device 20 and an external device, and the communication protocol to be followed is any communication protocol applicable to the technical solution of the present application, which is not specifically limited herein; the input/output interface 25 is used for acquiring external input data or outputting external output data, and the specific interface type thereof may be selected according to the specific application requirement, which is not limited herein.
The memory 22 may be a carrier for storing resources, such as a read-only memory, a random access memory, a magnetic disk, or an optical disk, and the resources stored thereon may include an operating system 221, a computer program 222, data 223, and the like, and the storage may be temporary storage or permanent storage.
The operating system 221 is used for managing and controlling various hardware devices on the trusted execution device 20 and the computer program 222, so as to implement the operation and processing of the processor 21 on the massive data 223 in the memory 22, which may be Windows Server, netware, unix, linux, etc. The computer program 222 may further include a computer program that can be used to perform other specific tasks in addition to the computer program that can be used to perform the ciphertext processing methods performed by the trusted execution device 20 as disclosed in any of the previous embodiments. The data 223 may include a first homomorphic ciphertext collected by the electronic device 20.
Further, the embodiment of the application also discloses a storage medium, wherein the storage medium stores a computer program, and when the computer program is loaded and executed by a processor, at least the following steps are realized:
acquiring a first homomorphic ciphertext obtained after homomorphic encryption of first data by a first user; the first homomorphic ciphertext comprises a first user private key parameter;
obtaining a conversion key obtained by the first user and the second user through a key negotiation mode, and converting the first homomorphic ciphertext through a mode of converting a first user private key parameter in the first homomorphic ciphertext into a second user private key parameter by using the conversion key to obtain a converted homomorphic ciphertext; the homomorphic ciphertext after conversion comprises a second user private key parameter;
and sending the converted homomorphic ciphertext to the second user, so that the second user carries out homomorphic calculation on the converted homomorphic ciphertext and a second homomorphic ciphertext obtained after the second user carries out homomorphic encryption on second data.
Optionally, the conversion key includes a first conversion key of the first user and a second conversion key of the second user; the first conversion key is a first logical operation result of the first user private key parameter and the intermediate conversion key, and the second conversion key is a second logical operation result of the second user private key parameter and the intermediate conversion key.
Optionally, the intermediate conversion key is a key determined by a key negotiation manner when the second user sends an authorization request to the first user.
Optionally, the obtaining the conversion key obtained by the first user and the second user through a key negotiation mode includes:
if the first user and the second user can determine the intermediate conversion key through a key negotiation mode, acquiring the first conversion key obtained by carrying out logic operation on a first user private key parameter and the intermediate conversion key and the second conversion key obtained by carrying out logic operation on a second user private key parameter and the intermediate conversion key;
if the first user and the second user cannot determine the intermediate conversion key in a key negotiation mode, directly acquiring a first user private key parameter as the first conversion key, and directly acquiring a second user private key parameter as the second conversion key.
Optionally, the intermediate conversion key is a third logical operation result of the first private key packet and the second private key packet; the first private key package is obtained by carrying out logic operation on a first user private key parameter and a random factor by the first user, and the second private key package is obtained by carrying out logic operation on a second user private key parameter and the random factor by the second user;
Correspondingly, the first conversion key is a key expression which is obtained by carrying out logic operation on the first user private key parameter and the third logic operation result and only comprises the second user private key parameter and the random factor;
the second conversion key is a key expression which is obtained by carrying out logic operation on the second user private key parameter and the third logic operation result and only comprises the first user private key parameter and the random factor.
Optionally, the generation formula of the intermediate conversion key is:
tk 12 =F(s 1 ,s 2 ,r 1 ,r 2
wherein F is a key generation function, and F corresponds to logic operationS is addition or subtraction 1 S is a first user private key parameter 2 R is the second user private key parameter 1 And r 2 Is a random factor.
Optionally, the converting the first homomorphic ciphertext by converting the first user private key parameter in the first homomorphic ciphertext into the second user private key parameter by using the conversion key includes:
constructing a ciphertext conversion relation with a private key parameter elimination relation by using the first homomorphic ciphertext, the first conversion key and the second conversion key;
and converting the first user private key parameter in the first homomorphic secret into a second user private key parameter based on the ciphertext conversion relation.
Optionally, after the obtaining the conversion key obtained by the first user and the second user through the key negotiation method, the method further includes:
acquiring authentication information;
judging whether the second user is the user authorized by the first user according to the authentication information, and if so, executing the step of converting the first homomorphic ciphertext in a mode of converting the first user private key parameter in the first homomorphic ciphertext into the second user private key parameter by utilizing the conversion key.
Optionally, the authentication information is a digital signature obtained by signing the first synchronous ciphertext by using the intermediate conversion key;
the step of judging whether the second user is a user authorized by the first user according to the authentication information comprises the following steps:
and verifying the digital signature by using the intermediate conversion key, and if the verification passes, judging that the second user is the user authorized by the first user.
Optionally, the conversion key and the authentication information are stored in a trusted execution environment in the trusted execution device;
obtaining the conversion key and the authentication information includes:
the conversion key and the authentication information are acquired from the trusted execution environment.
Optionally, the ciphertext processing method further includes:
constructing a security authentication information table in the trusted execution environment, and storing the conversion key and the authentication information by utilizing the security authentication information table; the security authentication information table also stores the first homomorphic ciphertext and an authentication mode.
Optionally, the ciphertext processing method further includes:
and initializing the trusted execution device according to the trusted environment basic specification to construct the trusted execution environment.
Optionally, the trusted execution environment is divided into a common computing area and a trusted computing area.
Optionally, the conversion key and the authentication information are stored in the trusted computing area.
Optionally, the determining, according to the authentication information, whether the second user is a user authorized by the first user includes:
and executing the step of judging whether the second user is the user authorized by the first user according to the authentication information in the trusted computing area.
Optionally, the obtaining the first homomorphic ciphertext obtained after the first user homomorphic encrypts the first data includes:
acquiring the first homomorphic ciphertext obtained by the first user after homomorphic encryption of the first data by using a homomorphic encryption algorithm from the first user;
Correspondingly, the second homomorphic ciphertext is obtained by homomorphic encryption of the second data by the second user through the homomorphic encryption algorithm.
Optionally, the first homomorphic ciphertext is obtained by homomorphic encrypting the first encoded data of the first data by the first user through the homomorphic encryption algorithm; the first coded data is coded data which is obtained after the first user executes coding operation on the first data and accords with homomorphic encryption input data format.
Optionally, after the second user performs homomorphic calculation on the homomorphic ciphertext after conversion and the second homomorphic ciphertext obtained after the second user performs homomorphic encryption on the second data, the method further includes:
and the second user homomorphic decrypts the ciphertext obtained after homomorphic calculation to obtain a decrypted plaintext.
Optionally, the second user homomorphic decrypts the ciphertext obtained after homomorphic calculation, and after obtaining the decrypted plaintext, the method further includes:
the second user executes decoding operation on the decrypted plaintext to obtain corresponding decoded data; the decoded data is consistent with the result of directly performing the same calculation as the homomorphic calculation on the first data and the second data.
In this specification, each embodiment is described in a progressive manner, and each embodiment is mainly described in a different point from other embodiments, so that the same or similar parts between the embodiments are referred to each other. For the device disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and the relevant points refer to the description of the method section.
Finally, it is further noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The ciphertext processing method, the ciphertext processing device, the storage medium and the trusted execution device provided by the invention are described in detail, and specific examples are applied to the description of the principle and the implementation of the invention, and the description of the above examples is only used for helping to understand the method and the core idea of the invention; meanwhile, as those skilled in the art will have variations in the specific embodiments and application scope in accordance with the ideas of the present invention, the present description should not be construed as limiting the present invention in view of the above.

Claims (21)

1. A ciphertext processing method, comprising:
acquiring a first homomorphic ciphertext obtained after homomorphic encryption of first data by a first user; the first homomorphic ciphertext comprises a first user private key parameter;
obtaining a conversion key obtained by the first user and the second user through a key negotiation mode, and converting the first homomorphic ciphertext through a mode of converting a first user private key parameter in the first homomorphic ciphertext into a second user private key parameter by using the conversion key to obtain a converted homomorphic ciphertext; the homomorphic ciphertext after conversion comprises a second user private key parameter;
Sending the converted homomorphic ciphertext to the second user, so that the second user carries out homomorphic calculation on the converted homomorphic ciphertext and a second homomorphic ciphertext obtained after the second user carries out homomorphic encryption on second data;
the obtaining the conversion key obtained by the first user and the second user through a key negotiation mode comprises the following steps: if the first user and the second user can determine the intermediate conversion key through a key negotiation mode, a first conversion key obtained by carrying out logic operation on a first user private key parameter and the intermediate conversion key and a second conversion key obtained by carrying out logic operation on a second user private key parameter and the intermediate conversion key are obtained; if the first user and the second user cannot determine the intermediate conversion key in a key negotiation mode, directly acquiring a first user private key parameter as a first conversion key, and directly acquiring a second user private key parameter as a second conversion key;
the converting the first homomorphic ciphertext by converting the first user private key parameter in the first homomorphic ciphertext into the second user private key parameter by using the conversion key includes: constructing a ciphertext conversion relation with a private key parameter elimination relation by using the first homomorphic ciphertext, the first conversion key and the second conversion key; and converting the first user private key parameter in the first homomorphic secret into a second user private key parameter based on the ciphertext conversion relation.
2. The ciphertext processing method of claim 1, wherein the conversion key comprises a first conversion key of the first user and a second conversion key of the second user; the first conversion key is a first logical operation result of the first user private key parameter and the intermediate conversion key, and the second conversion key is a second logical operation result of the second user private key parameter and the intermediate conversion key.
3. The ciphertext processing method of claim 2, wherein the intermediate conversion key is a key determined by a key agreement manner when the second user sends an authorization request to the first user.
4. The ciphertext processing method of claim 2 wherein the intermediate conversion key is a third logical operation result of the first private key package and the second private key package; the first private key package is obtained by carrying out logic operation on a first user private key parameter and a random factor by the first user, and the second private key package is obtained by carrying out logic operation on a second user private key parameter and the random factor by the second user;
correspondingly, the first conversion key is a key expression which is obtained by carrying out logic operation on the first user private key parameter and the third logic operation result and only comprises the second user private key parameter and the random factor;
The second conversion key is a key expression which is obtained by carrying out logic operation on the second user private key parameter and the third logic operation result and only comprises the first user private key parameter and the random factor.
5. The ciphertext processing method of claim 4, wherein the intermediate conversion key has a generation formula of:
tk 12 =F(s 1 ,s 2 ,r 1 ,r 2
wherein F is a key generation function, the logical operation corresponding to F is addition or subtraction, s 1 S is a first user private key parameter 2 R is the second user private key parameter 1 And r 2 Is a random factor.
6. The ciphertext processing method of claim 2, wherein after the obtaining the conversion key obtained by the first user and the second user by the key negotiation method, further comprises:
acquiring authentication information;
judging whether the second user is the user authorized by the first user according to the authentication information, and if so, executing the step of converting the first homomorphic ciphertext in a mode of converting the first user private key parameter in the first homomorphic ciphertext into the second user private key parameter by utilizing the conversion key.
7. The ciphertext processing method of claim 6, wherein the authentication information is a digital signature obtained by signing the first homomorphic ciphertext with the intermediate conversion key;
The step of judging whether the second user is a user authorized by the first user according to the authentication information comprises the following steps:
and verifying the digital signature by using the intermediate conversion key, and if the verification passes, judging that the second user is the user authorized by the first user.
8. The ciphertext processing method of claim 6, wherein the conversion key and the authentication information are stored in a trusted execution environment in a trusted execution device;
obtaining the conversion key and the authentication information includes:
the conversion key and the authentication information are acquired from the trusted execution environment.
9. The ciphertext processing method of claim 8, further comprising:
constructing a security authentication information table in the trusted execution environment, and storing the conversion key and the authentication information by utilizing the security authentication information table; the security authentication information table also stores the first homomorphic ciphertext and an authentication mode.
10. The ciphertext processing method of claim 8, further comprising:
and initializing the trusted execution device according to the trusted environment basic specification to construct the trusted execution environment.
11. The ciphertext processing method of claim 8, wherein the trusted execution environment is divided into a common computing area and a trusted computing area.
12. The ciphertext processing method of claim 11, wherein the conversion key and the authentication information are stored in the trusted computing zone.
13. The ciphertext processing method of claim 9, wherein the determining whether the second user is a user authorized by the first user based on the authentication information comprises:
the step of determining whether the second user is a user authorized by the first user based on the authentication information is performed in a trusted computing area.
14. The ciphertext processing method according to any one of claims 1 to 13, wherein the obtaining a first homomorphic ciphertext obtained by homomorphically encrypting first data by a first user comprises:
acquiring the first homomorphic ciphertext obtained by the first user after homomorphic encryption of the first data by using a homomorphic encryption algorithm from the first user;
correspondingly, the second homomorphic ciphertext is obtained by homomorphic encryption of the second data by the second user through the homomorphic encryption algorithm.
15. The ciphertext processing method of claim 14 wherein the first homomorphic ciphertext is obtained by the first user homomorphic encrypting first encoded data of the first data using the homomorphic encryption algorithm; the first coded data is coded data which is obtained after the first user executes coding operation on the first data and accords with homomorphic encryption input data format.
16. The ciphertext processing method according to any one of claims 1 to 13, wherein after the second user homomorphic calculating the converted homomorphic ciphertext and a second homomorphic ciphertext obtained by homomorphic encrypting second data by the second user, further comprising:
and the second user homomorphic decrypts the ciphertext obtained after homomorphic calculation to obtain a decrypted plaintext.
17. The ciphertext processing method of claim 16, wherein the second user homomorphically decrypting the homomorphically calculated ciphertext to obtain decrypted plaintext, further comprising:
the second user executes decoding operation on the decrypted plaintext to obtain corresponding decoded data; the decoded data is consistent with the result of directly performing the same calculation as the homomorphic calculation on the first data and the second data.
18. A trusted execution device, the trusted execution device comprising a processor and a memory; wherein the memory is for storing a computer program that is loaded and executed by the processor to implement the ciphertext processing method of any one of claims 1 to 17.
19. The trusted execution device of claim 18, wherein the processor builds a trusted execution environment comprising a common computing area and a trusted computing area.
20. A ciphertext processing apparatus, comprising:
the ciphertext acquisition module is used for acquiring a first homomorphic ciphertext obtained after homomorphic encryption of the first data by the first user; the first homomorphic ciphertext comprises a first user private key parameter;
the key acquisition and ciphertext conversion module is used for acquiring a conversion key obtained by the first user and the second user in a key negotiation mode, and converting the first homomorphic ciphertext in a mode of converting a first user private key parameter in the first homomorphic ciphertext into a second user private key parameter by utilizing the conversion key to obtain a converted homomorphic ciphertext; the homomorphic ciphertext after conversion comprises a second user private key parameter;
The ciphertext sending module is used for sending the converted homomorphic ciphertext to the second user so that the second user can homomorphic calculate the converted homomorphic ciphertext and the second homomorphic ciphertext obtained by homomorphic encryption of the second data by the second user;
the key acquisition and ciphertext conversion module specifically further comprises: the first obtaining unit is used for obtaining a first conversion key obtained by carrying out logic operation on a first user private key parameter and the intermediate conversion key and a second conversion key obtained by carrying out logic operation on a second user private key parameter and the intermediate conversion key if the first user and the second user can determine the intermediate conversion key through a key negotiation mode; the second obtaining unit is used for directly obtaining a first user private key parameter as a first conversion key and directly obtaining a second user private key parameter as a second conversion key if the first user and the second user cannot determine the intermediate conversion key in a key negotiation mode; the key acquisition and ciphertext conversion module specifically further comprises: the relation construction submodule is used for constructing a ciphertext conversion relation with a private key parameter elimination relation by utilizing the first homomorphic ciphertext, the first conversion key and the second conversion key; and the conversion sub-module is used for converting the first user private key parameter in the first homomorphic secret into the second user private key parameter based on the ciphertext conversion relation.
21. A computer readable storage medium storing computer executable instructions which when loaded and executed by a processor implement the ciphertext processing method of any one of claims 1 to 17.
CN202310425295.6A 2023-04-20 2023-04-20 Ciphertext processing method, ciphertext processing device, storage medium and trusted execution device Active CN116170131B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310425295.6A CN116170131B (en) 2023-04-20 2023-04-20 Ciphertext processing method, ciphertext processing device, storage medium and trusted execution device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310425295.6A CN116170131B (en) 2023-04-20 2023-04-20 Ciphertext processing method, ciphertext processing device, storage medium and trusted execution device

Publications (2)

Publication Number Publication Date
CN116170131A CN116170131A (en) 2023-05-26
CN116170131B true CN116170131B (en) 2023-07-14

Family

ID=86416616

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310425295.6A Active CN116170131B (en) 2023-04-20 2023-04-20 Ciphertext processing method, ciphertext processing device, storage medium and trusted execution device

Country Status (1)

Country Link
CN (1) CN116170131B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113162752A (en) * 2021-04-26 2021-07-23 建信金融科技有限责任公司 Data processing method and device based on hybrid homomorphic encryption
CN113612597A (en) * 2021-07-26 2021-11-05 京东科技控股股份有限公司 Data calculation method, device and system and electronic equipment
CN114020842A (en) * 2021-11-04 2022-02-08 长春理工大学 Data sharing method and device based on homomorphic encryption technology
WO2022082893A1 (en) * 2020-10-22 2022-04-28 香港中文大学(深圳) Privacy blockchain-based internet of vehicles protection method, and mobile terminal

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2022082893A1 (en) * 2020-10-22 2022-04-28 香港中文大学(深圳) Privacy blockchain-based internet of vehicles protection method, and mobile terminal
CN113162752A (en) * 2021-04-26 2021-07-23 建信金融科技有限责任公司 Data processing method and device based on hybrid homomorphic encryption
CN113612597A (en) * 2021-07-26 2021-11-05 京东科技控股股份有限公司 Data calculation method, device and system and electronic equipment
CN114020842A (en) * 2021-11-04 2022-02-08 长春理工大学 Data sharing method and device based on homomorphic encryption technology

Also Published As

Publication number Publication date
CN116170131A (en) 2023-05-26

Similar Documents

Publication Publication Date Title
CN108292402B (en) Determination of a common secret and hierarchical deterministic keys for the secure exchange of information
US11271730B2 (en) Systems and methods for deployment, management and use of dynamic cipher key systems
CN111314089B (en) SM 2-based two-party collaborative signature method and decryption method
CN111079128B (en) Data processing method and device, electronic equipment and storage medium
US6292896B1 (en) Method and apparatus for entity authentication and session key generation
CN111355745A (en) Cross-domain identity authentication method based on edge computing network architecture
CN109274502B (en) Method and device for creating public key encryption and key signature and readable storage medium
KR102432356B1 (en) Apparatus and method for generating key, apparatus and method for encryption
EP3673610B1 (en) Computer-implemented system and method for highly secure, high speed encryption and transmission of data
CN114726546B (en) Digital identity authentication method, device, equipment and storage medium
CA2819211C (en) Data encryption
US20200235915A1 (en) Computer-implemented system and method for highly secure, high speed encryption and transmission of data
CN113468582A (en) Anti-quantum computing encryption communication method
KR100984275B1 (en) Method for generating secure key using certificateless public key in insecure communication channel
CN116346336B (en) Key distribution method based on multi-layer key generation center and related system
CN115102689B (en) Two-party cooperative S box generation method, encryption method and storage medium
CN116170131B (en) Ciphertext processing method, ciphertext processing device, storage medium and trusted execution device
Mohammed et al. Advancing Cloud Image Security via AES Algorithm Enhancement Techniques
WO2021245931A1 (en) Concealed information processing device, encryption device, encryption method, and encryption program
Arora et al. Handling Secret Key Compromise by Deriving Multiple Asymmetric Keys based on Diffie-Hellman Algorithm
JP2012019327A (en) Identity certification system, verification device, identity certification method
CN116866029B (en) Random number encryption data transmission method, device, computer equipment and storage medium
Surya et al. Single sign on mechanism using attribute based encryption in distributed computer networks
CN115460020B (en) Data sharing method, device, equipment and storage medium
WO2024057538A1 (en) Server, authentication system, authentication method and program

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant