CN116305187B - Decision flow model calculation method and device based on hybrid encryption - Google Patents
Decision flow model calculation method and device based on hybrid encryption Download PDFInfo
- Publication number
- CN116305187B CN116305187B CN202310056382.9A CN202310056382A CN116305187B CN 116305187 B CN116305187 B CN 116305187B CN 202310056382 A CN202310056382 A CN 202310056382A CN 116305187 B CN116305187 B CN 116305187B
- Authority
- CN
- China
- Prior art keywords
- calculation
- data
- homomorphic encryption
- flow model
- decision flow
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 48
- 238000012821 model calculation Methods 0.000 title claims abstract description 25
- 238000004364 calculation method Methods 0.000 claims abstract description 142
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 52
- 238000005516 engineering process Methods 0.000 claims abstract description 16
- 239000003999 initiator Substances 0.000 claims description 22
- 238000004891 communication Methods 0.000 claims description 15
- 230000006870 function Effects 0.000 claims description 10
- 238000000586 desensitisation Methods 0.000 claims description 9
- 230000008569 process Effects 0.000 description 11
- 230000005540 biological transmission Effects 0.000 description 6
- 238000012545 processing Methods 0.000 description 3
- 230000006978 adaptation Effects 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000011143 downstream manufacturing Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000013528 artificial neural network Methods 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 238000007781 pre-processing Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/48—Program initiating; Program switching, e.g. by interrupt
- G06F9/4806—Task transfer initiation or dispatching
- G06F9/4843—Task transfer initiation or dispatching by program, e.g. task dispatcher, supervisor, operating system
- G06F9/4881—Scheduling strategies for dispatcher, e.g. round robin, multi-level priority queues
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- General Physics & Mathematics (AREA)
- Bioethics (AREA)
- Medical Informatics (AREA)
- Databases & Information Systems (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention provides a decision flow model calculation method based on mixed encryption, which comprises the steps of completing calculation operation by using homomorphic encryption calculation technology when the calculation operation is calculation operation supported by homomorphic encryption; when the calculation operation is a relational operation which cannot be supported by the homomorphic encryption algorithm, a calculation assistance request is sent to the data provider, and after the relational operation is locally completed by the data provider, result data is provided for the calculator through a symmetric encryption technology. By the method, the problem that homomorphic encryption cannot meet the requirement of privacy calculation of the decision flow model is solved, and complete support of privacy protection of the calculation operation of the decision flow model is realized.
Description
Technical Field
The invention relates to the technical field of data privacy protection, in particular to a decision flow model calculation method and device based on hybrid encryption.
Background
With the rapid development of cloud computing technology, more and more individuals or organization users upload data to a cloud server to participate in related computing, and cloud service providers also provide data processing services for other users. The data becomes a new productivity element, so that the data value is maximized, and meanwhile, the safety problems such as user privacy disclosure, network attack and the like are increased. Users do not want other users and cloud service providers to obtain their own personal information in a cloud computing environment. With the development of new fields such as blockchain and privacy calculation and the higher requirements on privacy protection, homomorphic encryption is applied to the richer data analysis field. The traditional decision flow calculation adopts an algorithm combining symmetric encryption and asymmetric encryption, so that the safety of the data transmission process is ensured. When ciphertext data is calculated to a central computing platform for multiparty computation, the ciphertext data is required to be decrypted firstly, the plaintext is calculated, and then encrypted and transmitted after the calculation is completed, so that the safety of data transmission and storage is realized, but the safety of a calculation process cannot be ensured, and the homomorphic encryption can effectively solve the problem. Unlike most scenarios where homomorphic encryption computation is applied in neural networks and machine learning models, computation in decision flow models involves not only common arithmetic operations such as addition, subtraction, multiplication, division, etc., but also relational operations such as inequality judgment, string matching, etc., which presents new challenges for how to apply homomorphic encryption in the decision flow computation process.
Disclosure of Invention
Aiming at the problems that the operation is rich in the calculation process of the decision flow model, and all operation operations cannot be independently met only by homomorphic encryption or single multiparty safety calculation, the invention provides a decision flow model calculation method based on hybrid encryption, which solves the problems that homomorphic encryption cannot meet the requirement of privacy calculation of the decision flow model. The method completes the decision flow model calculation of privacy protection under the condition that a computing platform provider, a data provider and a model provider are mutually not trusted.
The invention provides a decision flow model calculation method based on mixed encryption, which is applied to a communication system consisting of a task initiator, a calculator and at least one data provider, wherein the task initiator, the calculator and the at least one data provider are connected through communication interfaces, the at least one data provider provides raw data required by the calculation of the decision flow model, and the calculator provides a decision flow model calculation platform to realize the functions of model loading, task scheduling and homomorphic encryption calculation; the method comprises the following steps:
the task initiator sends a decision flow model to the calculator through the communication interface;
after receiving the task request, the calculator takes out a decision flow model from the model queue, and a task scheduler creates a corresponding calculation task;
after decryption is completed, the decision flow model separates a data flow and a calculation flow through an analysis program, requests data from a data provider through a data queue according to a data dependency relationship, obtains a symmetric encryption algorithm key for encrypting non-homomorphic encryption data through key negotiation between a database and a calculation task when the request passes, and sends a calculation assistance request to the data provider;
the data provider receives the calculation assistance request, accesses the database, takes out related data, encrypts the related data by using a homomorphic encryption algorithm, and performs calculation on relation operation which cannot be supported by the homomorphic encryption algorithm locally on the data provider, converts a calculation result into a Boolean value representing the calculation result, carries out confusion on the Boolean value by using a differential privacy technology, and finally encrypts the confused result by using the symmetric encryption algorithm through a data queue and returns the encrypted result to the calculator;
and the computing side executes homomorphic encryption operation, and after all the computing operations are completed, a computing result is returned to the task initiator through a result queue.
For the relational operation which cannot be supported by the homomorphic encryption algorithm, when the data provider locally completes the calculation, one or more of data desensitization, differential privacy and secret sharing are used for completing the related calculation operation.
The invention provides a decision flow model calculation method based on mixed encryption, which is applied to a calculator, wherein the calculator is connected with a task initiator and at least one data provider through a communication interface, the at least one data provider provides the original data required by the calculation of the decision flow model, and the calculator provides a decision flow model calculation platform to realize the functions of model loading, task scheduling and homomorphic encryption calculation; the method comprises the following steps:
receiving a decision flow model queue sent by the task initiator through the communication interface;
taking out a decision flow model from the model queue, and creating a corresponding calculation task by a task scheduler;
after decrypting the decision stream model, separating a data stream and a calculation stream through an analysis program, requesting data from a data provider through a data queue according to a data dependency relationship, obtaining a symmetric encryption algorithm key for encrypting non-homomorphic encryption data through key negotiation between a database and a calculation task when the request passes, and sending a calculation assistance request to the data provider;
receiving a result returned by the data provider, wherein the result is obtained by the data provider by performing calculation on the local part of the data provider according to relation operation which cannot be supported by a homomorphic encryption algorithm, converting the calculation result into a Boolean value representing the calculation result, mixing the Boolean value through a differential privacy technology, and finally encrypting the mixed result by the symmetrical encryption algorithm through a data queue;
and executing homomorphic encryption operation, and after all calculation operations are completed, sending calculation results to a task initiator through a result queue.
The invention provides a decision flow model calculation method based on mixed encryption, which is applied to at least one data provider, wherein the at least one data provider is connected with a task initiator and a calculator through a communication interface, the at least one data provider provides raw data required by the calculation of the decision flow model, and the calculator provides a decision flow model calculation platform to realize the functions of model loading, task scheduling and homomorphic encryption calculation; the method comprises the following steps:
after receiving a calculation assistance request, accessing a database, taking out related data, encrypting the related data by using a homomorphic encryption algorithm, performing calculation on a relational operation which cannot be supported by the homomorphic encryption algorithm on a local part of a data provider, converting a calculation result into a Boolean value representing the calculation result, mixing the Boolean value by a differential privacy technology, encrypting the mixed result by using a symmetric encryption algorithm through a data queue, and returning the mixed result to the calculation party;
the symmetric encryption algorithm is obtained by the computing party through key negotiation between the database and the computing task and used for encrypting the non-homomorphic encryption data.
In a fourth aspect, the present invention provides a decision flow model computing device based on hybrid encryption, which includes a processor and a readable storage medium, wherein the readable storage medium stores executable instructions capable of being executed by the processor, and the processor implements the decision flow model computing method of the present invention when executing the executable instructions.
According to the method provided by the invention, aiming at the calculation operation involved in the calculation process, the model is analyzed into homomorphic encryption calculation operation and non-homomorphic encryption calculation operation. For homomorphic encryption computing operation, homomorphic encryption computing technology is used, so that the aim of privacy protection is achieved; for the non-homomorphic encryption computing operation, related computing operation is completed by using methods including but not limited to data desensitization, differential privacy, secret sharing and the like, and the purpose of privacy protection is achieved by combining the traditional symmetric and asymmetric encryption algorithms. And the full support of the privacy protection decision flow model calculation operation is realized by mixing homomorphic encryption and other multiparty security calculation methods.
Compared with the prior art, the invention has the following advantages:
(1) Compared with the traditional decision flow model calculation, the method solves the risk of original data privacy disclosure in the decision flow model calculation based on homomorphic encryption technology.
(2) The data security is high, the original data related to arithmetic operation participates in the operation in a homomorphic encryption ciphertext mode, so that the privacy of the original data is ensured;
(3) The flexibility is high, the pre-calculation processing supports richer non-arithmetic operation while guaranteeing the data privacy, and the flexibility of the algorithm is greatly improved.
(4) The method supports multi-key homomorphic encryption algorithm, and can support a plurality of data providers to participate in model calculation at the same time, so that the requirement of multi-party security calculation is met.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below.
Fig. 1 is a schematic diagram of a system applying the method for calculating the decision flow model according to the present invention.
Detailed Description
In order to make the technical problems, technical solutions and advantages to be solved more apparent, the following detailed description will be given with reference to the accompanying drawings and specific embodiments.
The background of the invention is described first.
Decision making: the strategy or method used in decision making is the process of people's idea and decision making for various events. The method is a complex thinking operation process, and is a process of finally judging and concluding information collection, processing and integration.
Decision flow: also called rule flow, is mainly used for controlling the execution sequence of each decision rule so as to clearly and intuitively realize a large complex business rule. In practical applications, the decision flow is often composed of a plurality of nodes, and the nodes can calculate the information of the service object, and determine the branch downstream processing node of the flow according to the obtained calculation result, so as to process the service through the branch downstream processing node.
When a scientific decision is made by using computer assistance, a decision flow is modeled and calculated, and in practical application, the decision flow model involves data operation and logic operation, that is, calculation in the decision flow model involves common arithmetic operations such as addition, subtraction, multiplication, division and the like, and also involves relational operations such as inequality judgment, character string matching and the like.
Meanwhile, the decision flow needs the data of a plurality of nodes to carry out auxiliary decision, so the multi-party security calculation is involved. The traditional decision flow calculation adopts an algorithm combining symmetric encryption and asymmetric encryption, so that the safety of the data transmission process is ensured. When ciphertext data is calculated to a central computing platform for multiparty computation, the ciphertext data is required to be decrypted firstly, the plaintext is calculated, and then encrypted and transmitted after the calculation is completed, so that the safety of data transmission and storage is realized, but the safety of a calculation process cannot be ensured, and the homomorphic encryption can effectively solve the problem.
However, as described above, the computation in the decision flow model involves not only the usual arithmetic operations of addition, subtraction, multiplication, division, etc., but also relational operations of inequality judgment, string matching, etc., whereas homomorphic encryption does not support relational operations.
In order to solve the problem, the invention adopts a solution combining homomorphic encryption and multi-party secure computation. Firstly, the security of the original data participating in calculation in the processes of transmission, storage, calculation and the like can be ensured on the one hand by the homomorphic encryption technology, and arithmetic operation operations such as addition, subtraction, multiplication and the like under the homomorphic ciphertext can be completed; on the other hand, homomorphic encryption has the characteristic of supporting multi-key calculation, thereby supporting a calculation mode of participation of a plurality of data parties. And secondly, aiming at the operations such as relational operation, character matching operation and the like which cannot be supported by homomorphic encryption, the related operation is finished in advance at a data provider by a pre-calculation method, and then the processed calculation result data is sent to a calculation side platform again by utilizing multiparty security calculation methods such as data desensitization, differential privacy, secret sharing and the like, so that the privacy of the original data is ensured, all the operations required by the decision flow model operation can be completely supported, and the multiparty participation privacy calculation purpose of the decision flow model is achieved.
Taking a multiparty secure computing system as an example, the system comprises a task initiator, a computing party and at least one data provider, wherein the task initiator, the computing party and the at least one data provider are connected through a communication interface, and the whole system framework is shown in figure 1.
The calculation method comprises the following steps: the decision flow model computing platform is provided to provide functions including, but not limited to, model loading, model parsing, task scheduling, homomorphic encryption computing, and the like. The homomorphic encryption calculation function realizes the support of arithmetic operation of homomorphic encryption ciphertext; and the model analysis function is used for analyzing the decision flow model, separating the data access, homomorphic encryption operation, non-homomorphic encryption operation and other operations related in the algorithm, and taking charge of multiparty safe calculation scheduling in the algorithm.
A data provider: the data provider of the method can be either a single participant or a plurality of two or more participants, providing the raw data required for the decision flow model computation. The method also provides a pre-calculation function of the original data, realizes homomorphic encryption and decryption operations and the like of the original data, simultaneously carries out non-homomorphic encryption calculation operations, completes the pre-processing of the original data at a data provider, then realizes the support of the non-homomorphic encryption calculation operations through privacy protection technologies including but not limited to data desensitization, differential privacy, secret sharing and the like, and finally encrypts the result through a traditional symmetric or asymmetric encryption algorithm to realize data encryption transmission and storage.
The invention provides a decision flow model calculation method based on mixed encryption, which comprises the following steps:
step 1, a task initiator sends a decision flow model to a calculator through a communication interface.
The task initiator sends the decision flow model to be calculated to the calculator for calculation, and the decision flow model is sent in a communication interface in the form of a model queue for improving data throughput and performing distributed calculation.
And step 2, after receiving the task request, the calculator takes out the decision flow model from the model queue, and creates a corresponding calculation task by the task scheduler.
After receiving the task request, the computing side takes out the decision flow model from the model queue, and sends the decision flow model to the task scheduler, and the task scheduler creates corresponding computing tasks according to the loads of all computing units. Multiple computing tasks can exist at the same time, and the computing tasks can be independently completed, so that parallel computing is realized, and the computing efficiency is improved.
And 3, after decryption is completed, the decision flow model separates out a data flow and a calculation flow through an analysis program, requests data from a data provider through a data queue according to a data dependency relationship, obtains a symmetric encryption algorithm key for encrypting non-homomorphic encryption data through key negotiation between a database and a calculation task when the request passes, and sends a calculation assistance request to the data provider.
When each calculation task is executed, the decision flow model distributed to the calculation task is decrypted, then the decision flow model is analyzed through an analysis program, the data flow and the calculation flow are separated, each data provider participating in calculation is determined, the sequence of required data is determined according to the data providers and the data dependency relationship, and the data is requested to the data provider through a data queue.
In the data stream obtained by analysis, a part of data participates in calculation supporting homomorphic encryption, such as arithmetic operation operations of addition, subtraction, multiplication and the like which can be completed under homomorphic ciphertext, and a data provider can be requested to encrypt the part of data by using a homomorphic encryption mode.
And for the other part of data, the other part of data participates in the calculation which does not support homomorphic encryption, such as relation operation operations such as inequality judgment, character matching operation and the like which cannot be supported by homomorphic encryption, the data provider cannot be requested to encrypt in a homomorphic encryption mode, at the moment, when the data provider passes the request, each calculation unit further negotiates a secret key used for transmitting the homomorphic encryption data between the database and the calculation task, and sends a calculation assistance request to the data provider.
The calculation assisting request at least comprises data information which is requested and does not support homomorphic encryption calculation, relation operation information and an encryption mode of returned data. The encryption mode of the returned data comprises a symmetric encryption algorithm or an asymmetric encryption algorithm.
In an alternative embodiment, the encryption algorithm used to encrypt the non-homomorphic encrypted data may be a symmetric encryption algorithm such as AES.
And 4, after receiving the calculation assistance request, the data provider accesses the database, takes out related data, encrypts the related data by using a homomorphic encryption algorithm, and for the relational operation which cannot be supported by the homomorphic encryption algorithm, locally completes calculation on the data provider, converts a calculation result into a Boolean value representing the calculation result, carries out confusion on the Boolean value by using a differential privacy technology, and finally encrypts the confused result by using the symmetric encryption algorithm through a data queue and returns the encrypted result to the calculator.
After receiving the calculation assisting request sent by the calculator, the data provider accesses the corresponding database according to the requested data, takes out the related data and encrypts the related data by using a homomorphic encryption algorithm. And (3) carrying out local calculation on the data provider for the relation operation which cannot be supported by the homomorphic encryption algorithm, converting the calculation result into a Boolean value representing the calculation result, mixing the Boolean value through a differential privacy technology, encrypting the mixed result through a data queue by using the symmetric encryption algorithm and the secret key negotiated in the step (3), and returning the encrypted data to the calculation party.
For relational operation which cannot be supported by homomorphic encryption algorithm, when the data provider locally completes calculation, one or more of data desensitization, differential privacy and secret sharing can be further used for completing related calculation operation.
And step 5, the calculator executes homomorphic encryption operation, and after all calculation operations are completed, calculation results are returned to the task initiator through the result queue.
After receiving the data provided by the data provider through the data queue, the computing side can directly participate in the computing operation because the data returned by the data provider through homomorphic encryption supports homomorphic encryption operation, and the data returned by the data provider through non-homomorphic encryption is locally completed in the data provider, and the computing result can be obtained through the symmetric encryption algorithm and key decryption negotiated in the step 3 and directly participate in the subsequent operation, so that the problem that the relationship operation is not supported due to the use of homomorphic encryption in the decision flow model computing is solved. After all the calculation operations are completed, the calculation results are returned to the task initiator through the result queue.
According to the method provided by the invention, aiming at the calculation operation involved in the calculation process, the model is analyzed into homomorphic encryption calculation operation and non-homomorphic encryption calculation operation. For homomorphic encryption computing operation, homomorphic encryption computing technology is used, so that the aim of privacy protection is achieved; for the non-homomorphic encryption computing operation, related computing operation is completed by using methods including but not limited to data desensitization, differential privacy, secret sharing and the like, and the purpose of privacy protection is achieved by combining the traditional symmetric and asymmetric encryption algorithms. And the full support of the privacy protection decision flow model calculation operation is realized by mixing homomorphic encryption and other multiparty security calculation methods.
It is to be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above-described embodiments, the various steps or methods may be implemented in software or firmware stored in a memory and executed by a suitable instruction execution system.
Those of ordinary skill in the art will appreciate that all or part of the steps of implementing the method of the above-described embodiments may be implemented by a program to instruct related hardware (e.g., a processor), and the program may be stored in a computer readable storage medium, and the program when executed implements one or a combination of steps including the method embodiments.
While the foregoing is directed to the preferred embodiments of the present invention, it will be appreciated by those skilled in the art that various modifications and adaptations can be made without departing from the principles of the present invention, and such modifications and adaptations are intended to be comprehended within the scope of the present invention.
Claims (10)
1. The method is applied to a communication system consisting of a task initiator, a calculator and at least one data provider, wherein the task initiator, the calculator and the at least one data provider are connected through a communication interface, the at least one data provider provides raw data required by calculation of a decision flow model, and the calculator provides a decision flow model calculation platform to realize the functions of model loading, task scheduling and homomorphic encryption calculation; the method comprises the following steps:
the task initiator sends a decision flow model to the calculator through the communication interface;
after receiving the task request, the calculator takes out a decision flow model from the model queue, and a task scheduler creates a corresponding calculation task;
after decryption is completed, the decision flow model separates a data flow and a calculation flow through an analysis program, requests data from a data provider through a data queue according to a data dependency relationship, obtains a symmetric encryption algorithm key for encrypting non-homomorphic encryption data through key negotiation between a database and a calculation task when the request passes, and sends a calculation assistance request to the data provider;
the data provider receives the calculation assistance request, accesses the database, takes out related data, encrypts the related data by using a homomorphic encryption algorithm, and performs calculation on relation operation which cannot be supported by the homomorphic encryption algorithm locally on the data provider, converts a calculation result into a Boolean value representing the calculation result, carries out confusion on the Boolean value by using a differential privacy technology, and finally encrypts the confused result by using the symmetric encryption algorithm through a data queue and returns the encrypted result to the calculator;
and the computing side executes homomorphic encryption operation, and after all the computing operations are completed, a computing result is returned to the task initiator through a result queue.
2. The decision flow model computing method of claim 1, wherein for relational operation operations that homomorphic encryption algorithms cannot support, when the data provider locally completes the computation, one or more of data desensitization, differential privacy, secret sharing are used to complete the relevant computation operations.
3. The decision stream model calculation method according to claim 1, characterized in that the symmetric encryption algorithm is AES.
4. The method is applied to a calculator, the calculator is connected with a task initiator and at least one data provider through a communication interface, wherein the at least one data provider provides raw data required by calculation of a decision flow model, and the calculator provides a decision flow model calculation platform to realize calculation functions including model loading, task scheduling and homomorphic encryption; the method comprises the following steps:
receiving a decision flow model queue sent by the task initiator through the communication interface;
taking out a decision flow model from the model queue, and creating a corresponding calculation task by a task scheduler;
after decrypting the decision stream model, separating a data stream and a calculation stream through an analysis program, requesting data from a data provider through a data queue according to a data dependency relationship, obtaining a symmetric encryption algorithm key for encrypting non-homomorphic encryption data through key negotiation between a database and a calculation task when the request passes, and sending a calculation assistance request to the data provider;
receiving a result returned by the data provider, wherein the result is obtained by the data provider by performing calculation on the local part of the data provider according to relation operation which cannot be supported by a homomorphic encryption algorithm, converting the calculation result into a Boolean value representing the calculation result, mixing the Boolean value through a differential privacy technology, and finally encrypting the mixed result by the symmetrical encryption algorithm through a data queue;
and executing homomorphic encryption operation, and after all calculation operations are completed, sending calculation results to a task initiator through a result queue.
5. The decision flow model computing method of claim 4, wherein for relational operation operations that homomorphic encryption algorithms cannot support, when the data provider locally completes the computation, one or more of data desensitization, differential privacy, secret sharing are used to complete the relevant computation operations.
6. The decision stream model calculation method as recited in claim 4, wherein the symmetric encryption algorithm is AES.
7. The method is applied to at least one data provider, and the at least one data provider is connected with a task initiator and a calculator through a communication interface, wherein the at least one data provider provides raw data required by decision flow model calculation, and the calculator provides a decision flow model calculation platform to realize the functions of model loading, task scheduling and homomorphic encryption calculation; the method comprises the following steps:
after receiving a calculation assistance request, accessing a database, taking out related data, encrypting the related data by using a homomorphic encryption algorithm, performing calculation on a relational operation which cannot be supported by the homomorphic encryption algorithm on a local part of a data provider, converting a calculation result into a Boolean value representing the calculation result, mixing the Boolean value by a differential privacy technology, encrypting the mixed result by using a symmetric encryption algorithm through a data queue, and returning the mixed result to the calculation party;
the symmetric encryption algorithm is obtained by the computing party through key negotiation between the database and the computing task and used for encrypting the non-homomorphic encryption data.
8. The decision flow model computing method of claim 7, wherein for relational operation operations that homomorphic encryption algorithms cannot support, when the data provider locally completes the computation, one or more of data desensitization, differential privacy, secret sharing are used to complete the relevant computation operations.
9. The decision stream model calculation method as recited in claim 7, wherein the symmetric encryption algorithm is AES.
10. A hybrid encryption based decision flow model computing device comprising a processor and a readable storage medium storing executable instructions executable by the processor, the processor implementing the decision flow model computing method of any of claims 1-9 when executing the executable instructions.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310056382.9A CN116305187B (en) | 2023-01-14 | 2023-01-14 | Decision flow model calculation method and device based on hybrid encryption |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310056382.9A CN116305187B (en) | 2023-01-14 | 2023-01-14 | Decision flow model calculation method and device based on hybrid encryption |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116305187A CN116305187A (en) | 2023-06-23 |
| CN116305187B true CN116305187B (en) | 2023-09-01 |
Family
ID=86817622
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310056382.9A Active CN116305187B (en) | 2023-01-14 | 2023-01-14 | Decision flow model calculation method and device based on hybrid encryption |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116305187B (en) |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110008717A (en) * | 2019-02-26 | 2019-07-12 | 东北大学 | Support the decision tree classification service system and method for secret protection |
| CN111464282A (en) * | 2019-01-18 | 2020-07-28 | 百度在线网络技术(北京)有限公司 | Data processing method and device based on homomorphic encryption |
| CN113239336A (en) * | 2021-06-02 | 2021-08-10 | 西安电子科技大学 | Privacy protection biological characteristic authentication method based on decision tree |
| CN113935049A (en) * | 2021-08-25 | 2022-01-14 | 中国电子科技集团公司第三十研究所 | Fine particle data protection method based on security model |
| CN114003924A (en) * | 2021-09-30 | 2022-02-01 | 广东浪潮智慧计算技术有限公司 | Integrated fully homomorphic encryption implementation method, device and system |
| CN114629620A (en) * | 2022-04-02 | 2022-06-14 | 深圳市纽创信安科技开发有限公司 | Homomorphic encryption calculation method and system, homomorphic request, calculation and key system |
| CN114765529A (en) * | 2021-01-11 | 2022-07-19 | 国民技术股份有限公司 | Homomorphic encryption storage method and device for distributed data, electronic equipment and computer readable medium |
| CN115021900A (en) * | 2022-05-11 | 2022-09-06 | 电子科技大学 | Method for realizing comprehensive privacy protection of distributed gradient lifting decision tree |
| CN115085897A (en) * | 2022-05-23 | 2022-09-20 | 支付宝(杭州)信息技术有限公司 | Data processing method and device for protecting privacy and computer equipment |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US11750362B2 (en) * | 2019-09-17 | 2023-09-05 | Sap Se | Private decision tree evaluation using an arithmetic circuit |
-
2023
- 2023-01-14 CN CN202310056382.9A patent/CN116305187B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111464282A (en) * | 2019-01-18 | 2020-07-28 | 百度在线网络技术(北京)有限公司 | Data processing method and device based on homomorphic encryption |
| CN110008717A (en) * | 2019-02-26 | 2019-07-12 | 东北大学 | Support the decision tree classification service system and method for secret protection |
| CN114765529A (en) * | 2021-01-11 | 2022-07-19 | 国民技术股份有限公司 | Homomorphic encryption storage method and device for distributed data, electronic equipment and computer readable medium |
| CN113239336A (en) * | 2021-06-02 | 2021-08-10 | 西安电子科技大学 | Privacy protection biological characteristic authentication method based on decision tree |
| CN113935049A (en) * | 2021-08-25 | 2022-01-14 | 中国电子科技集团公司第三十研究所 | Fine particle data protection method based on security model |
| CN114003924A (en) * | 2021-09-30 | 2022-02-01 | 广东浪潮智慧计算技术有限公司 | Integrated fully homomorphic encryption implementation method, device and system |
| CN114629620A (en) * | 2022-04-02 | 2022-06-14 | 深圳市纽创信安科技开发有限公司 | Homomorphic encryption calculation method and system, homomorphic request, calculation and key system |
| CN115021900A (en) * | 2022-05-11 | 2022-09-06 | 电子科技大学 | Method for realizing comprehensive privacy protection of distributed gradient lifting decision tree |
| CN115085897A (en) * | 2022-05-23 | 2022-09-20 | 支付宝(杭州)信息技术有限公司 | Data processing method and device for protecting privacy and computer equipment |
Non-Patent Citations (1)
| Title |
|---|
| 面向新高考选科的推荐方法及隐私保护研究;陈洋洋;《中国优秀硕士学位论文全文数据库 信息科技辑》(第10期);I138-47 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116305187A (en) | 2023-06-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Zhang et al. | Reliable and privacy-preserving truth discovery for mobile crowdsensing systems | |
| Zheng et al. | Learning the truth privately and confidently: Encrypted confidence-aware truth discovery in mobile crowdsensing | |
| CN110008717B (en) | Decision tree classification service system and method supporting privacy protection | |
| CN112182644B (en) | Data processing method and device and electronic equipment | |
| WO2022237450A1 (en) | Secure multi-party computation method and apparatus, and device and storage medium | |
| Abadi et al. | A calculus for cryptographic protocols: The spi calculus | |
| CN113127916A (en) | Data set processing method, data processing device and storage medium | |
| Shen et al. | Multi-security-level cloud storage system based on improved proxy re-encryption | |
| CN114595835B (en) | Model training method and device based on federal learning, equipment and storage medium | |
| WO2020199785A1 (en) | Processing method and computing method for private data, and applicable device | |
| CN114239032A (en) | Multi-party data interaction method and system based on secure multi-party computation | |
| CN113609508A (en) | Block chain-based federal learning method, device, equipment and storage medium | |
| WO2024093426A1 (en) | Federated machine learning-based model training method and apparatus | |
| Patel et al. | Arithmetic and Boolean secret sharing MPC on FPGAs in the data center | |
| CN114124347A (en) | Safe multi-party computing method and system based on block chain | |
| CN116522366B (en) | Multiparty data processing method suitable for big data, storage medium and product | |
| CN116305187B (en) | Decision flow model calculation method and device based on hybrid encryption | |
| CN116743376A (en) | Multiparty secret sharing data privacy comparison method based on efficient ciphertext confusion technology | |
| CN116502732A (en) | Federal learning method and system based on trusted execution environment | |
| CN114944934B (en) | Federal learning method and system, first privacy computing platform and second privacy computing platform | |
| Sharma et al. | Privacy-preserving deep learning with SPDZ | |
| Liu et al. | ESA-FedGNN: Efficient secure aggregation for federated graph neural networks | |
| CN116681141A (en) | Federal learning method, terminal and storage medium for privacy protection | |
| CN115865311A (en) | Optimization method and system for efficient constant-round secure multi-party computing protocol | |
| CN114760602A (en) | Holographic communication method, device, system and computer readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |