WO2021068444A1 - Data processing method and device, computer apparatus, and storage medium - Google Patents

Data processing method and device, computer apparatus, and storage medium Download PDF

Info

Publication number
WO2021068444A1
WO2021068444A1 PCT/CN2020/076140 CN2020076140W WO2021068444A1 WO 2021068444 A1 WO2021068444 A1 WO 2021068444A1 CN 2020076140 W CN2020076140 W CN 2020076140W WO 2021068444 A1 WO2021068444 A1 WO 2021068444A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
ciphertext
preset
client
operator
Prior art date
Application number
PCT/CN2020/076140
Other languages
French (fr)
Chinese (zh)
Inventor
唐虹刚
李升林
谢翔
孙立林
Original Assignee
云图技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 云图技术有限公司 filed Critical 云图技术有限公司
Publication of WO2021068444A1 publication Critical patent/WO2021068444A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/008Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption

Definitions

  • This application relates to the field of artificial intelligence technology, and in particular to a data processing method, device, computer equipment, and storage medium.
  • the server can process the target data sent by the client according to the trained deep learning model to obtain the processing result.
  • the server can perform diagnosis processing on the medical image data sent by the client according to the trained diagnosis model, so as to obtain the diagnosis result.
  • the aforementioned medical image data may often involve user privacy, and the aforementioned methods are prone to leakage of user privacy data during specific data processing.
  • the embodiments of the present application provide a data processing method, device, computer equipment, and storage medium to provide a data processing method that can protect user privacy.
  • the embodiment of the application provides a data processing method, including: receiving a data processing request sent by a client, wherein the data processing request carries ciphertext data, and the ciphertext data is processed by the client using a homomorphic encryption algorithm on the target data.
  • the convolution operator in the preset model is called to perform the convolution operation on the ciphertext data to obtain the ciphertext feature data; combine the ciphertext feature data with the preset
  • the preset operator in the model is sent to the agent, where the agent is used to call the preset operator with the client according to the preset MPC protocol to process the ciphertext feature data to obtain the ciphertext processing result; wherein, the preset The model is compatible with the preset MPC protocol and is used to perform preset processing on ciphertext data under data encryption; the agent includes one of the following: a secure container running on the client, a virtual machine running on the client, A computer that establishes a local area network connection with the client.
  • the embodiment of the present application also provides a data processing method, which is applied to the agent, and includes: receiving the ciphertext feature data sent by the server and the preset operator in the preset model, wherein the ciphertext feature data is preset by the server according to The MPC protocol calls the convolution operator in the preset model to perform convolution operation on the ciphertext data.
  • the ciphertext data is obtained by encrypting the target data by the client using a homomorphic encryption algorithm; according to the preset MPC protocol Call the preset operator in the preset model to process the ciphertext feature data in cooperation with the client to obtain the ciphertext processing result; send the ciphertext processing result to the client; where the preset model is compatible with the preset MPC Protocol, used to perform preset processing on ciphertext data under data encryption; the agent includes one of the following: a secure container running on the client, a virtual machine running on the client, and establishing a local area network connection with the client Computer.
  • the embodiment of the present application also provides a data processing method, including: a client obtains target data, and encrypts the target data using a homomorphic encryption algorithm to obtain ciphertext data; the client sends a data processing request to the server, where the data The processing request carries the ciphertext data; in response to the data processing request, the server and the client call the convolution operator in the preset model according to the preset MPC protocol to perform the convolution operation on the ciphertext data to obtain the ciphertext feature data; The server sends the ciphertext feature data and the preset operator in the preset model to the agent; the agent calls the preset operator according to the preset MPC protocol to process the ciphertext feature data in cooperation with the client to obtain the ciphertext feature data Text processing result; the agent sends the ciphertext processing result to the client; the client decrypts the ciphertext processing result to obtain the plaintext processing result of the target data; among them, the preset model is compatible with the preset MPC protocol, which
  • An embodiment of the present application also provides a data processing device, including: a receiving module for receiving a data processing request sent by a client, wherein the data processing request carries ciphertext data, and the ciphertext data is homomorphic by the client
  • the encryption algorithm encrypts the target data and generates it
  • the convolution module is used to respond to the data processing request, according to the preset MPC protocol, call the convolution operator in the preset model to perform the convolution operation on the ciphertext data, and obtain the ciphertext data.
  • the sending module is used to send the cipher text feature data and the preset operator in the preset model to the agent, where the agent is used to call the preset operator pair with the client according to the preset MPC protocol
  • the ciphertext feature data is processed to obtain the ciphertext processing result; among them, the preset model is compatible with the preset MPC protocol, which is used to perform preset processing on the ciphertext data in the case of data encryption;
  • the agent includes one of the following: Run A secure container on the client, a virtual machine running on the client, and a computer that establishes a LAN connection with the client.
  • An embodiment of the present application further provides a computer device including a processor and a memory for storing executable instructions of the processor, and the processor implements the steps of the data processing method described in any of the foregoing embodiments when the processor executes the instructions.
  • the embodiments of the present application also provide a computer-readable storage medium on which computer instructions are stored, and when the instructions are executed, the steps of the data processing method described in any of the foregoing embodiments are implemented.
  • a data processing method uses a homomorphic encryption algorithm to encrypt target data to generate ciphertext data
  • the server receives a data processing request carrying ciphertext data sent by the client, and
  • the convolution operator in the preset model is called to perform the convolution operation on the ciphertext data to obtain the ciphertext feature data.
  • the server combines the ciphertext feature data with the preset model
  • the preset operator is sent to the agent, and the agent and the client call the preset operator according to the preset MPC protocol to process the ciphertext feature data, and obtain the ciphertext processing result.
  • the preset model is compatible with the preset MPC protocol, and is used to perform preset processing on the ciphertext data in the case of data encryption.
  • the target data is homomorphically encrypted to obtain the corresponding ciphertext data, so as to prevent the specific content of the target data from being leaked.
  • the server calls the convolution operator in the preset model compatible with the MPC protocol to perform the convolution operation on the ciphertext data according to the preset MPC protocol to obtain the ciphertext feature data, and combine the ciphertext feature data with the preset model
  • the preset operator of is sent to the agent, so that the agent and the client then call the preset operator in the preset model to perform specific processing on the ciphertext feature data according to the preset MPC protocol to obtain the ciphertext processing of the target data result. Realize that the target data can be specifically processed in the state of target data encryption, thereby effectively protecting data privacy.
  • the agent is a computer in the same local area network as the client or a secure container or virtual machine running on the client, it is more secure than directly having the server and the client perform ciphertext feature data.
  • Calculation, through the agent and the client according to the preset MPC protocol to call the preset operator to perform secure multi-party calculation of the ciphertext feature data which can effectively save the network bandwidth required for secure multi-party calculation, and greatly reduce the network delay. Effectively improve the efficiency of data processing.
  • Figure 1 shows a schematic diagram of an application scenario of a data processing method in some embodiments of the present application
  • Figure 2 shows a flowchart of a data processing method in some embodiments of the present application
  • Figure 3 shows a flowchart of a data processing method in some embodiments of the present application
  • Figure 4 shows a flowchart of a data processing method in some embodiments of the present application
  • Figure 5 shows a sequence diagram of a data processing method in some embodiments of the present application.
  • Fig. 6 shows a schematic diagram of a data processing device in some embodiments of the present application.
  • Fig. 7 shows a schematic diagram of a data processing device in some embodiments of the present application.
  • Fig. 8 shows a schematic diagram of a computer device in some embodiments of the present application.
  • FIG. 1 shows a schematic diagram of an application scenario of the data processing method in an embodiment of the present application.
  • the client can obtain target data.
  • the target data may be data to be processed.
  • the target data may include but is not limited to at least one of the following: face image data, medical image data, human body motion data, and so on.
  • the client can use the homomorphic encryption algorithm to encrypt the obtained target data to obtain ciphertext data.
  • the data encrypted by the homomorphic encryption algorithm is processed to obtain an output, and the output is decrypted, and the result is the same as the output result obtained by processing the unencrypted original data in the same method.
  • the client can send a data processing request to the server.
  • the data processing request may carry ciphertext data corresponding to the target data.
  • the server may call a convolution operator in the preset model to perform a convolution operation on the ciphertext data according to a preset MPC (Secure Multi-Party Computation) protocol to obtain the ciphertext feature data.
  • MPC Secure Multi-Party Computation
  • the server sends the ciphertext feature data and the preset operator in the preset model to the agent.
  • the agent and the client call the preset operator according to the preset MPC protocol to process the ciphertext feature data, and obtain the ciphertext processing result.
  • the preset operator may be an operator specified in the preset model.
  • the preset operator may include but is not limited to at least one of the following: an activation operator, a pooling operator, and a fully connected operator.
  • the preset model is on the server side.
  • the preset model can be compatible with the preset MPC protocol, and is used for preset processing of ciphertext data in the case of data encryption.
  • the preset MPC protocol can be used to implement the operations in the preset model when the input is ciphertext data, so as to complete the preset processing of the ciphertext data.
  • the preset model may include a trained preset deep learning model.
  • the preset model may be a trained convolutional neural network model.
  • the preset processing may include performing diagnosis processing on the ciphertext data obtained after homomorphic encryption of the medical image data.
  • the preset processing may include performing face recognition processing on the ciphertext data obtained after homomorphic encryption of the face image data.
  • the preset processing may include performing motion recognition processing on the ciphertext data obtained after homomorphic encryption of the human body motion data.
  • the data obtained after processing the first ciphertext feature data on the agent and the client may need to perform a convolution operation through the second convolutional layer.
  • the first ciphertext feature data may be obtained after the server calls the convolution operator of the first convolution layer to perform a convolution operation on the ciphertext data according to a preset MPC protocol. Therefore, the agent can send the processed data to the server.
  • the server invokes the convolution operator of the second convolution layer to perform a convolution operation on the received data according to the preset MPC protocol to obtain the second ciphertext feature data.
  • the server then sends the second ciphertext feature data to the agent, so that the agent and the client call the preset operator to process the second ciphertext feature data according to the preset MPC protocol, and so on, until the agent obtains the ciphertext feature data. Text processing results.
  • the agent can send the ciphertext processing result to the client.
  • the public key and private key generated by the homomorphic encryption algorithm are stored in the client. Among them, the public key is used to homomorphically encrypt the target data to obtain ciphertext data.
  • the private key is used to decrypt the received ciphertext processing result to obtain the plaintext processing result.
  • the client may be a client of a medical institution.
  • the client can obtain the patient's medical image data (for example, X-ray film data).
  • the client can use the homomorphic encryption algorithm to encrypt the X-ray film data to obtain the ciphertext X-ray film data.
  • the client sends a diagnosis request to the medical optical film diagnosis server.
  • the diagnosis request carries ciphertext X-ray film data.
  • the server may be a medical optical film diagnosis server.
  • the medical optical film diagnosis server calls the convolution operator in the preset deep learning model to perform the convolution operation on the ciphertext feature data according to the preset MPC protocol to obtain the ciphertext feature data.
  • the medical optical film diagnosis server sends the ciphertext feature data and the preset operator in the preset model to the agent.
  • the agent is a computer on the same intranet as the client or a secure container or virtual machine running on the client.
  • the agent and the client call the preset operator according to the preset MPC protocol to process the ciphertext feature data, so as to obtain the ciphertext diagnosis result.
  • the agent sends the ciphertext diagnosis result to the client.
  • the client decrypts the ciphertext diagnosis result, and obtains the plaintext diagnosis result of the X-ray film data.
  • the above-mentioned client can be a desktop computer, notebook, mobile phone terminal, PDA, etc., as long as it is a device that can homomorphically encrypt the target data and cooperate with the agent to perform preset processing on the ciphertext data.
  • the presentation form of the client This application is not limited.
  • the above-mentioned server can be a single server, a server cluster, or a cloud server, etc., as long as the device can perform convolution operations on ciphertext data according to the preset MPC protocol and preset model.
  • the specific The composition form of this application is also not limited.
  • the above-mentioned agent can be a computer that establishes a LAN connection with the client, a secure container running on the client, or a virtual machine running on the client, etc., as long as it can communicate with the server and can perform secure multi-party computing with the client. All are possible, and this application does not limit the presentation form of the agent.
  • Figure 2 shows a flowchart of a method in some embodiments of the present application, and the data processing method can be applied to the client.
  • this application provides method operation steps or device structures as shown in the following embodiments or drawings, the method or device may include more or less operation steps or module units based on conventional or no creative labor. .
  • the execution order of these steps or the module structure of the device is not limited to the execution order or module structure shown in the description of the embodiments of this application and the drawings.
  • the described method or module structure is applied to an actual device or terminal product, it can be executed sequentially or in parallel according to the method or module structure connection shown in the embodiments or drawings (for example, parallel processors or multi-threaded processing Environment, even distributed processing environment).
  • the data processing method may include the following steps:
  • Step S201 Receive a data processing request sent by a client, where the data processing request carries ciphertext data, and the ciphertext data is generated by the client after encrypting target data using a homomorphic encryption algorithm.
  • the client can obtain the target data.
  • the target data is the data to be processed.
  • the client uses a homomorphic encryption algorithm to encrypt the target data to obtain ciphertext data.
  • the client can use a homomorphic encryption algorithm to generate a public key and a private key, and then use the public key to encrypt the target data to obtain ciphertext data.
  • the client can send a data processing request to the server.
  • the data processing request carries ciphertext data.
  • the data processing request may also carry the public key generated by the homomorphic encryption algorithm.
  • the server receives the data processing request sent by the client.
  • Step S202 In response to the data processing request, according to the preset MPC protocol, the convolution operator in the preset model is called to perform a convolution operation on the ciphertext data to obtain the ciphertext feature data.
  • Step S203 Send the ciphertext feature data and the preset operator in the preset model to the agent, where the agent is used to call the preset operator with the client according to the preset MPC protocol to process the ciphertext feature data , Get the ciphertext processing result.
  • the server calls the convolution operator in the preset model to perform a convolution operation on the ciphertext data according to the preset MPC protocol to obtain the ciphertext feature data.
  • the server sends the obtained ciphertext feature data and the preset operator in the preset model to the agent.
  • the agent and the client call the preset operator according to the preset MPC protocol to process the ciphertext feature data, and obtain the ciphertext processing result.
  • the preset model is compatible with the preset MPC protocol, which is used to perform preset processing on ciphertext data in the case of data encryption;
  • the agent includes one of the following: a secure container running on the client, and a secure container running on the client A virtual machine, a computer that establishes a LAN connection with the client.
  • the preset model may be a trained deep learning model.
  • the deep learning model can be obtained by training with a large amount of plaintext data.
  • the floating-point data in the trained deep learning model is converted into integer data.
  • the preset MPC protocol can be used to implement various operations in the preset model when the input is ciphertext data, so as to realize the preset processing of ciphertext data.
  • the ciphertext processing result can be sent to the client.
  • the client can decrypt the ciphertext processing result according to the private key generated by the homomorphic encryption algorithm to obtain the plaintext processing result of the target data.
  • the target data is homomorphically encrypted to obtain the corresponding ciphertext data, so as to prevent the specific content of the target data from being leaked.
  • the server calls the convolution operator in the preset model compatible with the MPC protocol to perform the convolution operation on the ciphertext data according to the preset MPC protocol to obtain the ciphertext feature data, and combine the ciphertext feature data with the preset model
  • the preset operator of is sent to the agent, so that the agent and the client then call the preset operator in the preset model to perform specific processing on the ciphertext feature data according to the preset MPC protocol to obtain the ciphertext processing of the target data result.
  • the agent is a computer in the same local area network as the client or a secure container or virtual machine running on the client, it is more secure than directly having the server and the client perform ciphertext feature data.
  • Calculation, through the agent and the client according to the preset MPC protocol to call the preset operator to perform secure multi-party calculation of the ciphertext feature data which can effectively save the network bandwidth required for secure multi-party calculation, and greatly reduce the network delay. Effectively improve the efficiency of data processing.
  • the agent and the client call the preset operator according to the preset MPC protocol to process the ciphertext feature data
  • the obtained data that needs to be convolved is returned to the server.
  • the server performs a convolution operation on the received data and sends the obtained data to the agent, and so on until the ciphertext processing result is obtained.
  • the agent and the client may further include: corresponding to the data processing request
  • the transaction events are uploaded to the blockchain network for storage on the chain.
  • the server may be notified that the preset processing of the ciphertext data has been completed.
  • the server uploads the transaction event data corresponding to the data processing request to the blockchain network for on-chain storage.
  • the transaction event data may include data related to calculations performed by the server in response to the data processing request.
  • the target data may include but is not limited to at least one of the following: face image data, medical image data, and human body motion data.
  • the preset processing when the target data includes medical image data, the preset processing may include performing diagnosis processing on the medical image data.
  • the preset processing may include face recognition processing.
  • the target data includes human body motion data, the preset processing includes motion recognition processing.
  • invoking the convolution operator in the preset model to perform the convolution operation on the ciphertext data to obtain the ciphertext feature data may include: according to the preset MPC protocol With the homomorphic addition and multiplication characteristics of, the convolution operator in the preset model is called to perform the convolution operation on the ciphertext data to obtain the ciphertext feature data.
  • the preset model may be a trained convolutional neural network model.
  • Convolutional neural network models generally include: convolutional layer, excitation layer, pooling layer and fully connected layer. Among them, the number of each layer can be one or more.
  • the convolution layer may include a convolution operator for extracting features of the data.
  • the server After receiving the data processing request sent by the client, the server calls the convolution operator in the preset model to perform a private convolution operation on the ciphertext data according to the preset MPC protocol to obtain the ciphertext feature data.
  • the plaintext feature data obtained after decrypting the ciphertext feature data obtained by performing the privacy convolution operation on the ciphertext data is the same as the feature data obtained by directly performing the plaintext convolution operation on the plaintext data.
  • homomorphic encryption allows operations to be performed on the ciphertext, and the corresponding operations will be mapped to the plaintext.
  • the homomorphic encryption can be refined into the following two homomorphic encryption algorithms:
  • the convolution operation on the plaintext data is to multiply the corresponding elements in the plaintext data matrix and the convolution operator matrix and then sum them.
  • the convolution operation on the ciphertext data is obtained by multiplying the powers of the corresponding elements of the convolution operator matrix of the elements in the ciphertext data matrix.
  • a 3 ⁇ 3 is a plaintext data matrix
  • C 3 ⁇ 3 is a convolution operator matrix
  • a 3 ⁇ 3 is a ciphertext data matrix.
  • the plaintext convolution operation and privacy convolution operation are as follows:
  • FIG. 3 shows a flowchart of a data processing method provided by an embodiment of the present application.
  • the foregoing data processing method may include the following steps:
  • Step S301 Receive the ciphertext feature data and the preset operator in the preset model sent by the server.
  • the server may receive the data processing request sent by the client.
  • the data processing request may carry ciphertext data.
  • the ciphertext data can be obtained by encrypting the target data by the client using a homomorphic encryption algorithm.
  • the server may call the convolution operator in the preset model according to the preset MPC protocol in response to the data processing request to perform a convolution operation on the ciphertext data to obtain the ciphertext feature data.
  • the server sends the generated ciphertext feature data and the preset operator in the preset model to the agent.
  • the agent includes one of the following: a secure container running on the client, a virtual machine running on the client, and a computer that establishes a local area network connection with the client.
  • Step S302 Call the preset operator in the preset model according to the preset MPC protocol to process the ciphertext feature data in cooperation with the client to obtain the ciphertext processing result.
  • Step S303 Send the ciphertext processing result to the client.
  • the agent can call the preset operator in the preset model according to the preset MPC protocol, and cooperate with the client to process the ciphertext feature data to obtain the ciphertext processing result .
  • the preset model is compatible with the preset MPC protocol, and is used to perform preset processing on the ciphertext data in the case of data encryption.
  • the preset model may be a trained deep learning model.
  • the deep learning model can be obtained by training using a large amount of plaintext data.
  • the floating-point data in the trained deep learning model is converted into integer data.
  • the preset MPC protocol can be used to implement various operations in the preset model when the input is ciphertext data, so as to realize the preset processing of ciphertext data.
  • the agent After obtaining the ciphertext processing result, the agent sends the ciphertext processing result to the client.
  • the target data is homomorphically encrypted to obtain the corresponding ciphertext data, so as to prevent the specific content of the target data from being leaked.
  • the server calls the convolution operator in the preset model compatible with the MPC protocol to perform the convolution operation on the ciphertext data according to the preset MPC protocol to obtain the ciphertext feature data, and combine the ciphertext feature data with the preset model
  • the preset operator of is sent to the agent, so that the agent and the client then call the preset operator in the preset model to perform specific processing on the ciphertext feature data according to the preset MPC protocol to obtain the ciphertext processing of the target data result.
  • the agent is a computer in the same local area network as the client or a secure container or virtual machine running on the client, it is more secure than directly having the server and the client perform ciphertext feature data.
  • Calculation, through the agent and the client according to the preset MPC protocol to call the preset operator to perform secure multi-party calculation of the ciphertext feature data which can effectively save the network bandwidth required for secure multi-party calculation, and greatly reduce the network delay. Effectively improve the efficiency of data processing.
  • the client after sending the ciphertext processing result to the client, it may further include: the client decrypts the ciphertext processing result to obtain the plaintext processing result. Specifically, the client can decrypt the ciphertext processing result according to the private key obtained by the homomorphic encryption algorithm to obtain the plaintext processing result of the target data. Through the above method, the plaintext processing result of the target data can be revealed on the client.
  • the client may further include: the client obtains the verification result, where the verification result is used to indicate whether the plaintext processing result is correct; the client The verification result and the ciphertext processing result are sent to the blockchain network for on-chain storage.
  • the client obtains the verification result of the plaintext processing result.
  • the verification result may be obtained after the business personnel verify the plaintext processing result.
  • the verification result can also be inferred by the application in the client based on the target data and the plaintext processing result.
  • the verification result is used to indicate whether the plaintext processing result is correct.
  • the client sends the verification result and the ciphertext processing result to the blockchain network for on-chain storage, which is convenient for subsequent query, traceability, billing, verification, etc.
  • the client may send the data processing resource data to the contract account of the blockchain network.
  • the resource data may be fees that need to be paid for data processing, such as currency or Bitcoin.
  • the blockchain network determines whether the verification result is correct. When it is determined that the verification result is correct, the blockchain network sends the resource data in the contract account to the server's account.
  • calling the preset operator in the preset model according to the preset MPC protocol to process the ciphertext feature data in cooperation with the client to obtain the ciphertext processing result may include: The activation operator in the MPC protocol and the preset operator cooperates with the client to activate the ciphertext feature data to obtain the first activation data and the second activation data; according to the preset MPC protocol and the preset operator
  • the pooling operator of the client cooperates with the client to perform the pooling operation on the first activation data and the second activation data to obtain the first pooling data and the second pooling data; according to the preset MPC protocol and the preset operator
  • the fully connected operator cooperates with the client to perform a fully connected operation on the first pooled data and the second pooled data to obtain the ciphertext processing data.
  • the preset model may be a trained convolutional neural network model.
  • Convolutional neural network models generally include: convolutional layer, excitation layer, pooling layer and fully connected layer. Among them, the number of each layer can be one or more.
  • the convolution layer may include a convolution operator for extracting features of the data.
  • the excitation layer can include activation operators to add non-linear factors to simulate more subtle changes.
  • the pooling layer may include a pooling operator, which is used to compress the input features. On the one hand, the feature map is reduced and the network calculation complexity is simplified. On the other hand, the feature compression is performed to extract the main features.
  • the fully connected layer may include a fully connected operator, which is used to connect all the features, send the output value to the classifier, and obtain the processing result.
  • a fully connected operator which is used to connect all the features, send the output value to the classifier, and obtain the processing result.
  • the operation corresponding to the paper operator requires more computing resources, so it can be completed on the server side.
  • the agent and the client can call the activation operator, the pooling operator and the fully connected operator according to a preset protocol to perform secure multi-party calculations.
  • the preset operator may include but is not limited to at least one of the following: an activation operator, a pooling operator, and a fully connected operator.
  • the server After the server calls the convolution operator to perform the convolution operation on the ciphertext data according to the preset MPC protocol to obtain the ciphertext feature data, the server sends the ciphertext feature data and the preset operator to the agent.
  • the agent can call the activation operator in the preset operator according to the preset MPC protocol, and cooperate with the client to activate the ciphertext feature data to obtain the first activation data and the second activation data.
  • the first activation data is held by the agent
  • the second activation data is held by the client.
  • the agent performs a homomorphic encryption to secret sharing operation on the ciphertext feature data to obtain the first ciphertext data and the second ciphertext data.
  • the agent sends the first ciphertext data to the client.
  • the client decrypts the first ciphertext data to obtain the first plaintext data.
  • the agent converts the activation operator into a Boolean circuit and obtains the truth table of each circuit gate of the Boolean circuit. Then the agent selects two evenly distributed strings as labels for each door, which are used to represent 0 or 1 respectively. After that, the agent randomly generates a first random number, and generates a first label according to the second ciphertext data and the first random number. After replacing the truth table with the first label as input, the agent obtains the label table. For each circuit gate, the agent uses the tag table to encrypt, and generates a first encryption circuit (GC, Garbled Circuit).
  • GC Garbled Circuit
  • the agent sends the first encryption circuit to the client.
  • the client performs an inadvertent transfer (OT, Oblivious Transfer) to the first plaintext data to obtain the second label.
  • the client decrypts the first encryption circuit according to the second tag to obtain activation data.
  • Activation data is also feature data, which is used to characterize the features after adding nonlinear factors, and can simulate more subtle feature changes. Then, since the subsequent pooling operation is implemented through secure multi-party computing, the activation data can be secretly shared, so that the first activation data can be obtained on the agent side and the second activation data can be obtained on the client side.
  • the activation data is the sum of the first activation data and the second activation data. That is, the agent and the client perform secure multi-party calculation on the ciphertext feature data according to the preset MPC protocol and activation operator to obtain the first activation data and the second activation data.
  • the agent After the agent obtains the first activation data and the client obtains the second activation data, the agent calls the pooling operator in the preset operator according to the preset MPC protocol, and cooperates with the client to compare the first activation data and the second activation data. Activate the data to perform a pooling operation to obtain the first pooled data and the second pooled data.
  • the first pooled data can be held by the agent.
  • the second pooled data can be held by the client.
  • the agent converts the pooling operator into a Boolean circuit.
  • the agent randomly generates a second random number.
  • the agent generates a third label according to the first activation function and the random number.
  • the agent uses the third label as input to replace the truth table of the Boolean circuit to obtain the label table.
  • the agent uses the tag table to encrypt each gate of the Boolean circuit to generate a second encryption circuit.
  • the agent sends the second encryption circuit to the client.
  • the client inadvertently transmits the second activation data to obtain the fourth tag.
  • the client uses the fourth tag to decrypt the second encryption circuit to obtain pooled data.
  • Pooled data also belongs to feature data, which is the feature data obtained after the feature is compressed, which can characterize the main feature. After that, since the subsequent full connection operation is implemented through secure multi-party computing, the pooled data can be secretly shared, so that the agent obtains the first pooled data and the client obtains the second pooled data.
  • the pooled data is the sum of the first pooled data and the second pooled data. That is, the agent and the client can perform secure multi-party calculation on the first activation data and the second activation data according to the preset MPC protocol and pooling operator to obtain the first pooling data and the second pooling data.
  • the agent After the agent obtains the first pooled data and the client obtains the second pooled data, the agent performs the secret sharing to homomorphic encryption operation on the first pooled data, and the client performs secret sharing to the second pooled data. State encryption operation, so as to obtain pooled data on the agent side. Then the obtained pooled data is flattened into a one-dimensional array. The agent side multiplies each element in the one-dimensional array with the weight value on the connection line (that is, the element in the fully connected operator), adds and outputs the result, and obtains the ciphertext processing result.
  • the server cooperates with the client to perform a full connection operation on the first pooled data and the second pooled data according to the preset MPC protocol and the full connection operator in the preset operator to obtain the ciphertext processing data.
  • the agent sends the obtained ciphertext processing result to the client.
  • the client uses the private key of the homomorphic encryption algorithm to decrypt the ciphertext processing result to obtain the plaintext processing result of the target data.
  • the agent and the client call the activation operator, the pooling operator and the fully connected operator in the preset operator according to the preset MPC protocol to perform secure multi-party calculation of the ciphertext feature data ,
  • the ciphertext processing result is obtained, and the ciphertext data is processed or inferred through the preset model when the input is ciphertext, which can effectively protect the user's data privacy.
  • the activation operator, the pooling operator, and the fully connected operator are all calculated by the agent and the client according to the preset MPC protocol, but the application is not limited to this.
  • the calculation of operators that occupy more computing resources may be calculated by the server and the client according to a preset MPC protocol, such as an average pooling operator.
  • FIG. 4 shows a flowchart of a data processing method provided in an embodiment of the present application. As shown in Figure 4, the method may include:
  • step S401 the client obtains the target data, and encrypts the target data using a homomorphic encryption algorithm to obtain ciphertext data.
  • Step S402 The client sends a data processing request to the server, where the data processing request carries ciphertext data.
  • Step S403 In response to the data processing request, the server and the client call the convolution operator in the preset model to perform a convolution operation on the ciphertext data according to the preset MPC protocol to obtain the ciphertext feature data.
  • step S404 the server sends the ciphertext feature data and the preset operator in the preset model to the agent.
  • step S405 the agent invokes a preset operator according to the preset MPC protocol to process the ciphertext feature data in cooperation with the client to obtain the ciphertext processing result.
  • step S406 the agent sends the ciphertext processing result to the client.
  • step S407 the client decrypts the ciphertext processing result to obtain the plaintext processing result of the target data.
  • the target data is homomorphically encrypted to obtain the corresponding ciphertext data, so as to prevent the specific content of the target data from being leaked.
  • the server calls the convolution operator in the preset model compatible with the MPC protocol to perform the convolution operation on the ciphertext data according to the preset MPC protocol to obtain the ciphertext feature data, and combine the ciphertext feature data with the preset model
  • the preset operator of is sent to the agent, so that the agent and the client then call the preset operator in the preset model to perform specific processing on the ciphertext feature data according to the preset MPC protocol to obtain the ciphertext processing of the target data
  • the client can decrypt the ciphertext processing result to obtain the plaintext processing result of the target data.
  • the agent is a computer in the same local area network as the client or a secure container or virtual machine running on the client, it is more secure than directly having the server and the client perform ciphertext feature data.
  • Calculation, through the agent and the client according to the preset MPC protocol to call the preset operator to perform secure multi-party calculation of the ciphertext feature data which can effectively save the network bandwidth required for secure multi-party calculation, and greatly reduce the network delay. Effectively improve the efficiency of data processing.
  • the agent and the client may also include: the server will contact the data processing request
  • the corresponding transaction event is uploaded to the blockchain network for storage on the chain.
  • the target data may include but is not limited to at least one of the following: face image data, medical image data, and human body motion data.
  • the preset processing may include performing diagnosis processing on the medical image data.
  • the server calls the convolution operator in the preset model to perform the convolution operation on the ciphertext data according to the preset MPC protocol to obtain the ciphertext feature data, which may include: the server according to the preset MPC
  • the homomorphic addition and multiplication features in the protocol call the convolution operator in the preset model to perform the convolution operation on the ciphertext data to obtain the ciphertext feature data.
  • the client may further include: the client obtains the verification result, where the verification result is used to indicate whether the plaintext processing result is correct; the client The verification result and the ciphertext processing result are sent to the blockchain network for on-chain storage.
  • the agent invokes the preset operator according to the preset MPC protocol to process the ciphertext feature data in cooperation with the client to obtain the ciphertext processing result, which may include: according to the preset MPC protocol
  • the activation operator in the preset operator cooperates with the client to activate the ciphertext feature data to obtain the first activation data and the second activation data; according to the preset MPC protocol and the pooling in the preset operator Operator, cooperates with the client to perform pooling operations on the first activation data and the second activation data to obtain the first pooled data and the second pooled data; according to the preset MPC protocol and the full connection in the preset operator
  • the operator cooperates with the client to perform a full connection operation on the first pooled data and the second pooled data to obtain the ciphertext processing data.
  • Fig. 5 shows a sequence diagram of the data processing method in this specific embodiment. As shown in Figure 5, the data processing method may include the following steps:
  • Step 1 The client obtains the target data, and encrypts the target data using a homomorphic encryption algorithm to obtain the ciphertext data corresponding to the target data;
  • Step 2 The client sends a data processing request to the server, where the data processing request carries ciphertext data;
  • Step 3 The client mortgages the fee to the contract account of the blockchain network
  • Step 4 The server invokes the convolution operator in the preset model to perform a private convolution operation on the ciphertext data according to the preset MPC protocol to obtain the ciphertext feature data;
  • Step 5 The server sends the ciphertext feature data and the preset operator in the preset model to the agent;
  • Step 6 The agent and the client call the activation operator in the preset operator according to the preset MPC protocol to perform secure multi-party calculation on the ciphertext feature data, and obtain the first activation data at the agent and the second activation at the client.
  • Activation data
  • Step 7 The agent and the client call the pooling operator in the preset operator according to the preset MPC protocol to perform a secure multi-party calculation on the first activation data and the second activation data, and obtain the first pooling data at the agent. And get the second pooled data on the client;
  • Step 8 The agent and the client call the full connection operator in the preset model according to the preset MPC protocol to perform the full connection operation on the first pooled data and the second pooled data, and the ciphertext processing is obtained on the agent side. result;
  • Step 9 The agent sends the ciphertext processing result to the client;
  • Step 10 The server sends the transaction event data corresponding to the data processing request to the blockchain network for storage on the chain;
  • Step 11 The client uses the private key of the homomorphic encryption algorithm to decrypt the ciphertext processing result to obtain the plaintext processing result of the target data;
  • Step 12 The client obtains the verification result, where the verification result is used to indicate whether the plaintext processing result of the target data is correct;
  • Step 13 The client sends the plaintext processing result and the verification result to the blockchain network for storage on the chain;
  • Step 14 The blockchain network determines whether the verification result is correct
  • Step 15 In the case where it is determined that the verification result is correct, the blockchain network transfers the fees in the contract account to the server's account;
  • Step 16 In the case where it is determined that the verification result is incorrect, the blockchain network transfers the fees in the contract account to the client's account.
  • the ciphertext data is obtained by homomorphic encryption of the target data, which facilitates subsequent direct processing of the ciphertext data, and prevents the specific content of the target data from being leaked.
  • the server calls the convolution operator in the preset model to perform the convolution operation on the ciphertext data according to the preset MPC protocol, obtains the ciphertext feature data, and sends the ciphertext feature data and the preset operator in the preset model to Agent side.
  • the agent and the client call the activation operator, pooling operator and fully connected operator in the preset operator according to the preset MPC protocol, and perform preset processing on the ciphertext feature data to obtain the ciphertext processing result of the target data , which realizes the processing of data when the input is ciphertext data, which can effectively protect data privacy.
  • the server sends the data corresponding to this transaction event to the blockchain network for storage on the chain, so as to facilitate subsequent query, retrieval, verification, etc.
  • the agent sends the ciphertext processing result to the client, and the client decrypts the ciphertext processing result to obtain the plaintext processing result of the target data.
  • the client obtains the verification result of the plaintext processing result, and sends the ciphertext processing result and the verification result to the blockchain network for on-chain storage, which can further protect the privacy of the processing result and facilitate subsequent queries and backtracking.
  • the blockchain network determines that the verification result is correct, the cost of the client's mortgage in the contract account is transferred to the server's account.
  • the blockchain network determines that the verification result is wrong, the cost of the client's mortgage to the contract account is returned to the client's account. In this way, the billing and clearing problem of the business can be effectively solved.
  • the agent is a computer in the same local area network as the client or a secure container or virtual machine running on the client, it is more secure than directly having the server and the client perform ciphertext feature data.
  • Calculation, through the agent and the client according to the preset MPC protocol to call the preset operator to perform secure multi-party calculation of the ciphertext feature data which can effectively save the network bandwidth required for secure multi-party calculation, and greatly reduce the network delay. Effectively improve the efficiency of data processing.
  • an embodiment of the present application also provides a data processing device located on the server side, as described in the following embodiment. Since the problem-solving principle of the data processing device is similar to that of the data processing method, the implementation of the data processing device can refer to the implementation of the data processing method, and the repetition will not be repeated.
  • the term "unit” or "module” can be a combination of software and/or hardware that implements a predetermined function.
  • the devices described in the following embodiments are preferably implemented by software, implementation by hardware or a combination of software and hardware is also possible and conceived.
  • Fig. 6 is a structural block diagram of a data processing device according to an embodiment of the present application. As shown in Fig. 6, it includes: a receiving module 601, a convolution module 602, and a sending module 603. The structure is described below.
  • the receiving module 601 is configured to receive a data processing request sent by the client, where the data processing request carries ciphertext data, and the ciphertext data is generated by the client after encrypting the target data using a homomorphic encryption algorithm;
  • the convolution module 602 is configured to respond to the data processing request and call the convolution operator in the preset model to perform a convolution operation on the ciphertext data according to the preset MPC protocol to obtain the ciphertext feature data;
  • the sending module 603 is used to send the ciphertext feature data and the preset operator in the preset model to the agent, where the agent is used to call the preset operator to the ciphertext feature data according to the preset MPC protocol with the client. Perform processing to obtain the ciphertext processing result; among them, the preset model is compatible with the preset MPC protocol, and is used to perform preset processing on the ciphertext data in the case of data encryption; the agent includes one of the following: running on the client A secure container, a virtual machine running on the client, and a computer that establishes a local area network connection with the client.
  • the data processing device may further include a storage module, and the storage module may be used for: invoking a preset operator on the agent side and the client side according to a preset MPC protocol to process the ciphertext feature data, After the ciphertext processing result is obtained, the transaction event corresponding to the data processing request is uploaded to the blockchain network for storage on the chain.
  • the target data may include at least one of the following: face image data, medical image data, and human body motion data.
  • the preset processing may include performing diagnosis processing on the medical image data.
  • the convolution module may be specifically used to: according to the homomorphic addition and multiplication characteristics in the preset MPC protocol, call the convolution operator in the preset model to perform convolution operations on the ciphertext data, Obtain ciphertext feature data.
  • an embodiment of the present application also provides a data processing device located at the agent end, as described in the following embodiment. Since the problem-solving principle of the data processing device is similar to that of the data processing method, the implementation of the data processing device can refer to the implementation of the data processing method, and the repetition will not be repeated.
  • the term "unit” or "module” can be a combination of software and/or hardware that implements a predetermined function.
  • the devices described in the following embodiments are preferably implemented by software, implementation by hardware or a combination of software and hardware is also possible and conceived.
  • Fig. 7 is a structural block diagram of a data processing device according to an embodiment of the present application. As shown in Fig. 7, it includes: a receiving module 701, a processing module 702, and a sending module 703. The structure is described below.
  • the receiving module 701 is configured to receive the ciphertext feature data sent by the server and the preset operator in the preset model, where the ciphertext feature data is encrypted by the server calling the convolution operator in the preset model according to the preset MPC protocol.
  • the text data is obtained by convolution operation, and the cipher text data is obtained by encrypting the target data by the client using a homomorphic encryption algorithm;
  • the processing die hole 702 is used to call the preset operator in the preset model according to the preset MPC protocol to process the ciphertext feature data in cooperation with the client to obtain the ciphertext processing result;
  • the sending module 703 is used to send the ciphertext processing result to the client;
  • the preset model is compatible with the preset MPC protocol, and is used to perform preset processing on the ciphertext data in the case of data encryption;
  • the agent includes one of the following : A secure container running on the client, a virtual machine running on the client, and a computer that establishes a LAN connection with the client.
  • the client after sending the ciphertext processing result to the client, it may further include: the client decrypts the ciphertext processing result to obtain the plaintext processing result.
  • the client may further include: the client obtains the verification result, where the verification result is used to indicate whether the plaintext processing result is correct; the client The verification result and the ciphertext processing result are sent to the blockchain network for on-chain storage.
  • the processing die hole can be specifically used to: according to the preset MPC protocol and the activation operator in the preset operator, cooperate with the client to perform an activation operation on the ciphertext feature data to obtain the first activation Data and second activation data; according to the preset MPC protocol and the pooling operator in the preset operator, cooperate with the client to perform a pooling operation on the first activation data and the second activation data to obtain the first pooled data And the second pooled data; according to the preset MPC protocol and the fully connected operator in the preset operator, cooperate with the client to perform the fully connected operation on the first pooled data and the second pooled data to obtain ciphertext processing data.
  • the embodiments of the present application achieve the following technical effects: by homomorphically encrypting the target data, the corresponding ciphertext data is obtained, and the specific content of the target data is prevented from being leaked. Further, the server calls the convolution operator in the preset model compatible with the MPC protocol to perform the convolution operation on the ciphertext data according to the preset MPC protocol to obtain the ciphertext feature data, and combine the ciphertext feature data with the preset model The preset operator of is sent to the agent, so that the agent and the client then call the preset operator in the preset model to perform specific processing on the ciphertext feature data according to the preset MPC protocol to obtain the ciphertext processing of the target data result.
  • the agent is a computer in the same local area network as the client or a secure container or virtual machine running on the client, it is more secure than directly having the server and the client perform ciphertext feature data.
  • Calculation, through the agent and the client according to the preset MPC protocol to call the preset operator to perform secure multi-party calculation of the ciphertext feature data which can effectively save the network bandwidth required for secure multi-party calculation, and greatly reduce the network delay. Effectively improve the efficiency of data processing.
  • the embodiment of the present application also provides a computer device.
  • the computer device may specifically include an input device 81 and a processor. 82.
  • Memory 83 is used to store processor executable instructions.
  • the processor 82 implements the steps of the data processing method described in any of the foregoing embodiments when executing the instructions.
  • the input device may specifically be one of the main devices for information exchange between the user and the computer system.
  • the input device may include a keyboard, a mouse, a camera, a scanner, a light pen, a handwriting input board, a voice input device, etc.; the input device is used to input raw data and programs for processing these numbers into the computer.
  • the input device can also obtain and receive data transmitted from other modules, units, and devices.
  • the processor can be implemented in any suitable way.
  • the processor may take the form of a microprocessor or a processor and a computer readable medium, logic gates, switches, application specific integrated circuits ( Application Specific Integrated Circuit, ASIC), programmable logic controller and embedded microcontroller form, etc.
  • the memory may specifically be a memory device used to store information in modern information technology.
  • the memory can include multiple levels. In a digital system, as long as it can store binary data, it can be a memory; in an integrated circuit, a circuit with a storage function without a physical form is also called a memory, such as RAM, FIFO, etc.; In the system, storage devices in physical form are also called memory, such as memory sticks, TF cards, and so on.
  • the embodiment of the present application also provides a computer storage medium based on a data processing method, the computer storage medium stores computer program instructions, and when the computer program instructions are executed, the data processing method described in any of the above embodiments is implemented A step of.
  • the above-mentioned storage medium includes, but is not limited to, random access memory (Random Access Memory, RAM), read-only memory (Read-Only Memory, ROM), cache (Cache), and hard disk (Hard Disk Drive, HDD). Or memory card (Memory Card).
  • the memory can be used to store computer program instructions.
  • the network communication unit may be an interface set up in accordance with a standard stipulated by the communication protocol and used for network connection communication.
  • modules or steps of the embodiments of the present application described above can be implemented by a general computing device, and they can be concentrated on a single computing device or distributed among multiple computing devices.
  • they can be implemented by the program code executable by the computing device, so that they can be stored in the storage device for execution by the computing device, and in some cases, they can be different from here
  • the steps shown or described are performed in the order of, or they are respectively fabricated into individual integrated circuit modules, or multiple modules or steps of them are fabricated into a single integrated circuit module to achieve. In this way, the embodiments of the present application are not limited to any specific combination of hardware and software.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Databases & Information Systems (AREA)
  • Medical Informatics (AREA)
  • Computing Systems (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Telephonic Communication Services (AREA)

Abstract

A data processing method and device, a computer apparatus, and a storage medium. The method comprises: receiving a data processing request sent by a client (S201); in response to the data processing request, calling, according to a preset MPC protocol, a convolution operator in a preset model to perform a convolution operation on ciphertext feature data, and obtaining ciphertext feature data (S202); and sending the ciphertext feature data and a preset operator in the preset model to an agent (S203), wherein the agent and the client call, according to the preset MPC protocol, the preset operator to process the ciphertext feature data, and obtaining a ciphertext processing result. The method enables processing of inputted ciphertext data, thereby effectively protecting data privacy, and saving bandwidth resources.

Description

数据处理方法、装置、计算机设备和存储介质Data processing method, device, computer equipment and storage medium
本申请要求2019年10月11日递交的申请号为201910962389.0、发明名称为“数据处理方法、装置、计算机设备和存储介质”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of the Chinese patent application with the application number 201910962389.0 and the invention title of "data processing method, device, computer equipment and storage medium" filed on October 11, 2019, the entire content of which is incorporated into this application by reference .
技术领域Technical field
本申请涉及人工智能技术领域,特别涉及一种数据处理方法、装置、计算机设备和存储介质。This application relates to the field of artificial intelligence technology, and in particular to a data processing method, device, computer equipment, and storage medium.
背景技术Background technique
在一些应用场景下,服务器可以根据训练好的深度学习模型对客户端发送的目标数据进行处理,以得到处理结果。例如,服务器可以根据训练好的诊断模型对客户端发送的医疗影像数据进行诊断处理,从而得到诊断结果。其中,上述医疗影像数据往往可能会涉及到用户隐私,上述方法在进行具体数据处理的过程中容易出现用户隐私数据的泄露。In some application scenarios, the server can process the target data sent by the client according to the trained deep learning model to obtain the processing result. For example, the server can perform diagnosis processing on the medical image data sent by the client according to the trained diagnosis model, so as to obtain the diagnosis result. Among them, the aforementioned medical image data may often involve user privacy, and the aforementioned methods are prone to leakage of user privacy data during specific data processing.
因此,亟需一种能够在保护用户数据隐私的情况下对数据进行处理的方法。Therefore, there is an urgent need for a method that can process data while protecting user data privacy.
发明内容Summary of the invention
本申请实施例提供了一种数据处理方法、装置、计算机设备和存储介质,以提供一种能够保护用户隐私的数据处理方法。The embodiments of the present application provide a data processing method, device, computer equipment, and storage medium to provide a data processing method that can protect user privacy.
本申请实施例提供了一种数据处理方法,包括:接收客户端发送的数据处理请求,其中,数据处理请求中携带有密文数据,密文数据由客户端利用同态加密算法对目标数据进行加密后生成;响应于数据处理请求,根据预设的MPC协议,调用预设模型中的卷积算子对密文数据进行卷积操作,得到密文特征数据;将密文特征数据和预设模型中的预设算子发送至代理端,其中,代理端用于与客户端根据预设的MPC协议调用预设算子对密文特征数据进行处理,得到密文处理结果;其中,预设模型兼容预设的MPC协议,用于在数据加密的情况下对密文数据进行预设处理;代理端包括以下之一:运行在客户端上的安全容器、运行在客户端上的虚拟机、与客户端建立局域网连接的计算机。The embodiment of the application provides a data processing method, including: receiving a data processing request sent by a client, wherein the data processing request carries ciphertext data, and the ciphertext data is processed by the client using a homomorphic encryption algorithm on the target data. Generated after encryption; in response to the data processing request, according to the preset MPC protocol, the convolution operator in the preset model is called to perform the convolution operation on the ciphertext data to obtain the ciphertext feature data; combine the ciphertext feature data with the preset The preset operator in the model is sent to the agent, where the agent is used to call the preset operator with the client according to the preset MPC protocol to process the ciphertext feature data to obtain the ciphertext processing result; wherein, the preset The model is compatible with the preset MPC protocol and is used to perform preset processing on ciphertext data under data encryption; the agent includes one of the following: a secure container running on the client, a virtual machine running on the client, A computer that establishes a local area network connection with the client.
本申请实施例还提供了一种数据处理方法,应用于代理端,包括:接收服务器发送的密文特征数据和预设模型中的预设算子,其中,密文特征数据由服务器根据预设的MPC协议调用预设模型中的卷积算子对密文数据进行卷积操作得到的,密文数据由客户端利用同态加密算法对目标数据进行加密后得到的;根据预设的MPC协议调用预设模型中的预设算子,以与客户端配合对密文特征数据进行处理,得到密文处理结果;将密文处理结果发送至客户端;其中,预设模型兼容预设的MPC协议,用于在数据加密的情况下对密文数据进行预设处理;代理端包括以下之一: 运行在客户端上的安全容器、运行在客户端上的虚拟机、与客户端建立局域网连接的计算机。The embodiment of the present application also provides a data processing method, which is applied to the agent, and includes: receiving the ciphertext feature data sent by the server and the preset operator in the preset model, wherein the ciphertext feature data is preset by the server according to The MPC protocol calls the convolution operator in the preset model to perform convolution operation on the ciphertext data. The ciphertext data is obtained by encrypting the target data by the client using a homomorphic encryption algorithm; according to the preset MPC protocol Call the preset operator in the preset model to process the ciphertext feature data in cooperation with the client to obtain the ciphertext processing result; send the ciphertext processing result to the client; where the preset model is compatible with the preset MPC Protocol, used to perform preset processing on ciphertext data under data encryption; the agent includes one of the following: a secure container running on the client, a virtual machine running on the client, and establishing a local area network connection with the client Computer.
本申请实施例还提供了一种数据处理方法,包括:客户端获取目标数据,并利用同态加密算法对目标数据进行加密,得到密文数据;客户端向服务器发送数据处理请求,其中,数据处理请求中携带有密文数据;响应于数据处理请求,服务器与客户端根据预设的MPC协议调用预设模型中的卷积算子对密文数据进行卷积操作,得到密文特征数据;服务器将密文特征数据和预设模型中的预设算子发送至代理端;代理端根据预设的MPC协议调用预设算子,以与客户端配合对密文特征数据进行处理,得到密文处理结果;代理端将密文处理结果发送至客户端;客户端对密文处理结果进行解密,得到目标数据的明文处理结果;其中,预设模型兼容预设的MPC协议,用于在数据加密的情况下对密文数据进行预设处理;代理端包括以下之一:运行在客户端上的安全容器、运行在客户端上的虚拟机、与客户端建立局域网连接的计算机。The embodiment of the present application also provides a data processing method, including: a client obtains target data, and encrypts the target data using a homomorphic encryption algorithm to obtain ciphertext data; the client sends a data processing request to the server, where the data The processing request carries the ciphertext data; in response to the data processing request, the server and the client call the convolution operator in the preset model according to the preset MPC protocol to perform the convolution operation on the ciphertext data to obtain the ciphertext feature data; The server sends the ciphertext feature data and the preset operator in the preset model to the agent; the agent calls the preset operator according to the preset MPC protocol to process the ciphertext feature data in cooperation with the client to obtain the ciphertext feature data Text processing result; the agent sends the ciphertext processing result to the client; the client decrypts the ciphertext processing result to obtain the plaintext processing result of the target data; among them, the preset model is compatible with the preset MPC protocol, which is used in the data The ciphertext data is pre-processed in the case of encryption; the agent includes one of the following: a secure container running on the client, a virtual machine running on the client, and a computer that establishes a local area network connection with the client.
本申请实施例还提供了一种数据处理装置,包括:接收模块,用于接收客户端发送的数据处理请求,其中,数据处理请求中携带有密文数据,密文数据由客户端利用同态加密算法对目标数据进行加密后生成;卷积模块,用于响应于数据处理请求,根据预设的MPC协议,调用预设模型中的卷积算子对密文数据进行卷积操作,得到密文特征数据;发送模块,用于将密文特征数据和预设模型中的预设算子发送至代理端,其中,代理端用于与客户端根据预设的MPC协议调用预设算子对密文特征数据进行处理,得到密文处理结果;其中,预设模型兼容预设的MPC协议,用于在数据加密的情况下对密文数据进行预设处理;代理端包括以下之一:运行在客户端上的安全容器、运行在客户端上的虚拟机、与客户端建立局域网连接的计算机。An embodiment of the present application also provides a data processing device, including: a receiving module for receiving a data processing request sent by a client, wherein the data processing request carries ciphertext data, and the ciphertext data is homomorphic by the client The encryption algorithm encrypts the target data and generates it; the convolution module is used to respond to the data processing request, according to the preset MPC protocol, call the convolution operator in the preset model to perform the convolution operation on the ciphertext data, and obtain the ciphertext data. Text feature data; the sending module is used to send the cipher text feature data and the preset operator in the preset model to the agent, where the agent is used to call the preset operator pair with the client according to the preset MPC protocol The ciphertext feature data is processed to obtain the ciphertext processing result; among them, the preset model is compatible with the preset MPC protocol, which is used to perform preset processing on the ciphertext data in the case of data encryption; the agent includes one of the following: Run A secure container on the client, a virtual machine running on the client, and a computer that establishes a LAN connection with the client.
本申请实施例还提供一种计算机设备,包括处理器以及用于存储处理器可执行指令的存储器,所述处理器执行所述指令时实现上述任意实施例中所述的数据处理方法的步骤。An embodiment of the present application further provides a computer device including a processor and a memory for storing executable instructions of the processor, and the processor implements the steps of the data processing method described in any of the foregoing embodiments when the processor executes the instructions.
本申请实施例还提供一种计算机可读存储介质,其上存储有计算机指令,所述指令被执行时实现上述任意实施例中所述的数据处理方法的步骤。The embodiments of the present application also provide a computer-readable storage medium on which computer instructions are stored, and when the instructions are executed, the steps of the data processing method described in any of the foregoing embodiments are implemented.
在本申请实施例中,提供了一种数据处理方法,客户端利用同态加密算法对目标数据进行加密后生成密文数据,服务器接收客户端发送的携带有密文数据的数据处理请求,并响应于数据处理请求,根据预设的MPC协议,调用预设模型中的卷积算子对密文数据进行卷积操作,得到密文特征数据,服务器将密文特征数据和预设模型中的预设算子发送至代理端,代理端与客户端根据预设的MPC协议调用预设算子对密文特征数据进行处理,得到密文处理结果。其中,预设模型兼容预设的MPC协议,用于在数据加密的情况下对密文数据进行预设处理。上述方案中,通过对目标数据进行同态加密,得到对应的密文数据,避免目标数据的具体内容遭到泄漏。进一步,服务器根据预设的MPC协议调用能够兼容MPC协议的预设模型中的卷积算子对密文数据进行卷积操作,得到密文特征数据,并将密文特征数据和预设模型中的预设算子发送至代理端,使得代理端和客户端再根据预设的MPC协议调用预设模型中的预设算子对密文特征数据进行具体的处理,得到目标数据的密文处理结果。实现了能在目标数据加密的状态下,对目标数据进行具体 处理,从而有效地保护了数据隐私。更进一步地,由于代理端是与客户端处于同一局域网中的计算机或者是运行于客户端上的安全容器或虚拟机,因此,相比于直接由服务器与客户端对密文特征数据进行安全多方计算,通过代理端与客户端根据预设的MPC协议调用预设算子对密文特征数据进行安全多方计算,可以有效节省安全多方计算所需的网络带宽,同时极大地降低网络延时,进而有效提高数据处理的效率。In the embodiment of the present application, a data processing method is provided. The client uses a homomorphic encryption algorithm to encrypt target data to generate ciphertext data, and the server receives a data processing request carrying ciphertext data sent by the client, and In response to the data processing request, according to the preset MPC protocol, the convolution operator in the preset model is called to perform the convolution operation on the ciphertext data to obtain the ciphertext feature data. The server combines the ciphertext feature data with the preset model The preset operator is sent to the agent, and the agent and the client call the preset operator according to the preset MPC protocol to process the ciphertext feature data, and obtain the ciphertext processing result. Among them, the preset model is compatible with the preset MPC protocol, and is used to perform preset processing on the ciphertext data in the case of data encryption. In the above solution, the target data is homomorphically encrypted to obtain the corresponding ciphertext data, so as to prevent the specific content of the target data from being leaked. Further, the server calls the convolution operator in the preset model compatible with the MPC protocol to perform the convolution operation on the ciphertext data according to the preset MPC protocol to obtain the ciphertext feature data, and combine the ciphertext feature data with the preset model The preset operator of is sent to the agent, so that the agent and the client then call the preset operator in the preset model to perform specific processing on the ciphertext feature data according to the preset MPC protocol to obtain the ciphertext processing of the target data result. Realize that the target data can be specifically processed in the state of target data encryption, thereby effectively protecting data privacy. Furthermore, since the agent is a computer in the same local area network as the client or a secure container or virtual machine running on the client, it is more secure than directly having the server and the client perform ciphertext feature data. Calculation, through the agent and the client according to the preset MPC protocol to call the preset operator to perform secure multi-party calculation of the ciphertext feature data, which can effectively save the network bandwidth required for secure multi-party calculation, and greatly reduce the network delay. Effectively improve the efficiency of data processing.
附图说明Description of the drawings
此处所说明的附图用来提供对本申请的进一步理解,构成本申请的一部分,并不构成对本申请的限定。在附图中:The drawings described here are used to provide a further understanding of the application, constitute a part of the application, and do not constitute a limitation to the application. In the attached picture:
图1示出了本申请一些实施例中的数据处理方法的应用场景示意图;Figure 1 shows a schematic diagram of an application scenario of a data processing method in some embodiments of the present application;
图2示出了本申请一些实施例中的数据处理方法的流程图;Figure 2 shows a flowchart of a data processing method in some embodiments of the present application;
图3示出了本申请一些实施例中的数据处理方法的流程图;Figure 3 shows a flowchart of a data processing method in some embodiments of the present application;
图4示出了本申请一些实施例中的数据处理方法的流程图;Figure 4 shows a flowchart of a data processing method in some embodiments of the present application;
图5示出了本申请一些实施例中的数据处理方法的顺序图;Figure 5 shows a sequence diagram of a data processing method in some embodiments of the present application;
图6示出了本申请一些实施例中的数据处理装置的示意图;Fig. 6 shows a schematic diagram of a data processing device in some embodiments of the present application;
图7示出了本申请一些实施例中的数据处理装置的示意图;Fig. 7 shows a schematic diagram of a data processing device in some embodiments of the present application;
图8示出了本申请一些实施例中的计算机设备的示意图。Fig. 8 shows a schematic diagram of a computer device in some embodiments of the present application.
具体实施方式Detailed ways
下面将参考若干示例性实施方式来描述本申请的原理和精神。应当理解,给出这些实施方式仅仅是为了使本领域技术人员能够更好地理解进而实现本申请,而并非以任何方式限制本申请的范围。相反,提供这些实施方式是为了使本申请公开更加透彻和完整,并且能够将本公开的范围完整地传达给本领域的技术人员。The principle and spirit of the present application will be described below with reference to several exemplary embodiments. It should be understood that these embodiments are only provided to enable those skilled in the art to better understand and then implement the application, but not to limit the scope of the application in any way. On the contrary, these embodiments are provided to make the disclosure of the present application more thorough and complete, and to fully convey the scope of the present disclosure to those skilled in the art.
本领域的技术人员知道,本申请的实施方式可以实现为一种系统、装置设备、方法或计算机程序产品。因此,本申请公开可以具体实现为以下形式,即:完全的硬件、完全的软件(包括固件、驻留软件、微代码等),或者硬件和软件结合的形式。Those skilled in the art know that the implementation manners of this application can be implemented as a system, apparatus, method, or computer program product. Therefore, the disclosure of the present application can be specifically implemented in the following forms, namely: complete hardware, complete software (including firmware, resident software, microcode, etc.), or a combination of hardware and software.
本申请一些实施例提供了一种数据处理方法,图1示出了本申请一实施例中的数据处理方法的应用场景示意图。如图1所示,客户端可以获取目标数据。其中,目标数据可以是待处理的数据。例如,目标数据可以包括但不限于以下至少之一:人脸图像数据、医疗影像数据、人体动作数据等。客户端可以利用同态加密算法对获得的目标数据进行加密,得到密文数据。其中,对经过同态加密算法加密的数据进行处理得到一个输出,将这一输出进行解密,其结果与用同一方法处理未加密的原始数据得到的输出结果是一样的。Some embodiments of the present application provide a data processing method, and FIG. 1 shows a schematic diagram of an application scenario of the data processing method in an embodiment of the present application. As shown in Figure 1, the client can obtain target data. Among them, the target data may be data to be processed. For example, the target data may include but is not limited to at least one of the following: face image data, medical image data, human body motion data, and so on. The client can use the homomorphic encryption algorithm to encrypt the obtained target data to obtain ciphertext data. Among them, the data encrypted by the homomorphic encryption algorithm is processed to obtain an output, and the output is decrypted, and the result is the same as the output result obtained by processing the unencrypted original data in the same method.
客户端可以向服务器发送数据处理请求。其中,数据处理请求中可以携带有目标数据对应的 密文数据。服务器可以响应于数据处理请求,根据预设的MPC(Secure Multi-Party Computation,安全多方计算)协议调用预设模型中的卷积算子对密文数据进行卷积操作,得到密文特征数据。The client can send a data processing request to the server. Among them, the data processing request may carry ciphertext data corresponding to the target data. In response to the data processing request, the server may call a convolution operator in the preset model to perform a convolution operation on the ciphertext data according to a preset MPC (Secure Multi-Party Computation) protocol to obtain the ciphertext feature data.
服务器将密文特征数据和预设模型中的预设算子发送至代理端。代理端与客户端根据预设的MPC协议调用预设算子对密文特征数据进行处理,得密文处理结果。其中,预设算子可以是预设模型中指定的算子。例如,预设算子可以包括但不限于以下至少之一:激活算子、池化算子和全连接算子。其中,预设模型在服务器端。预设模型可以兼容预设的MPC协议,用于在数据加密的情况下对密文数据进行预设处理。换句话说,预设的MPC协议可以用于在输入为密文数据的情况下实现预设模型中的操作,从而完成对密文数据的预设处理。其中,预设模型可以包括训练好的预设深度学习模型。例如,预设模型可以为训练好的卷积神经网络模型。在目标数据为医疗影像数据的情况下,预设处理可以包括在对医疗影像数据进行同态加密后得到的密文数据进行诊断处理。在目标数据为人脸图像数据的情况下,预设处理可以包括在对人脸图像数据进行同态加密后得到的密文数据进行人脸识别处理。在目标数据为人体动作数据的情况下,预设处理可以包括在对人体动作数据进行同态加密后得到的密文数据进行动作识别处理。The server sends the ciphertext feature data and the preset operator in the preset model to the agent. The agent and the client call the preset operator according to the preset MPC protocol to process the ciphertext feature data, and obtain the ciphertext processing result. Wherein, the preset operator may be an operator specified in the preset model. For example, the preset operator may include but is not limited to at least one of the following: an activation operator, a pooling operator, and a fully connected operator. Among them, the preset model is on the server side. The preset model can be compatible with the preset MPC protocol, and is used for preset processing of ciphertext data in the case of data encryption. In other words, the preset MPC protocol can be used to implement the operations in the preset model when the input is ciphertext data, so as to complete the preset processing of the ciphertext data. Among them, the preset model may include a trained preset deep learning model. For example, the preset model may be a trained convolutional neural network model. In the case where the target data is medical image data, the preset processing may include performing diagnosis processing on the ciphertext data obtained after homomorphic encryption of the medical image data. In the case where the target data is face image data, the preset processing may include performing face recognition processing on the ciphertext data obtained after homomorphic encryption of the face image data. In the case where the target data is human body motion data, the preset processing may include performing motion recognition processing on the ciphertext data obtained after homomorphic encryption of the human body motion data.
对于预设模型包括多个卷积层的情况下,在代理端和客户端对第一密文特征数据进行处理后得到的数据可能需要通过第二卷积层进行卷积操作。其中,第一密文特征数据可以为服务器根据预设的MPC协议调用第一卷积层的卷积算子对密文数据进行卷积操作后得到的。因此,代理端可以将处理得到的数据发送至服务器。服务器根据预设的MPC协议调用第二卷积层的卷积算子对接收到的数据进行卷积操作,得到第二密文特征数据。服务器再将第二密文特征数据发送至代理端,使得代理端与客户端根据预设的MPC协议调用预设算子对第二密文特征数据进行处理,以此类推,直至代理端得到密文处理结果。In the case where the preset model includes multiple convolutional layers, the data obtained after processing the first ciphertext feature data on the agent and the client may need to perform a convolution operation through the second convolutional layer. The first ciphertext feature data may be obtained after the server calls the convolution operator of the first convolution layer to perform a convolution operation on the ciphertext data according to a preset MPC protocol. Therefore, the agent can send the processed data to the server. The server invokes the convolution operator of the second convolution layer to perform a convolution operation on the received data according to the preset MPC protocol to obtain the second ciphertext feature data. The server then sends the second ciphertext feature data to the agent, so that the agent and the client call the preset operator to process the second ciphertext feature data according to the preset MPC protocol, and so on, until the agent obtains the ciphertext feature data. Text processing results.
在代理端得到密文处理结果之后,代理端可以将密文处理结果发送至客户端。客户端中存储有同态加密算法生成的公钥和私钥。其中,公钥用于对目标数据进行同态加密,得到密文数据。私钥用于对接收到的密文处理结果进行解密,得到明文处理结果。After the ciphertext processing result is obtained by the agent, the agent can send the ciphertext processing result to the client. The public key and private key generated by the homomorphic encryption algorithm are stored in the client. Among them, the public key is used to homomorphically encrypt the target data to obtain ciphertext data. The private key is used to decrypt the received ciphertext processing result to obtain the plaintext processing result.
下面举一个具体的应用场景为例进行说明。客户端可以为医疗机构的客户端。客户端可以获取患者的医疗影像数据(例如,X光片数据)。客户端可以利用同态加密算法对X光片数据进行加密,得到密文X光片数据。客户端向医疗光片诊断服务器发送诊断请求。其中,诊断请求中携带有密文X光片数据。服务器可以为医疗光片诊断服务器。医疗光片诊断服务器根据预设的MPC协议调用预设深度学习模型中的卷积算子对密文特征数据进行卷积操作,得到密文特征数据。医疗光片诊断服务器将密文特征数据和预设模型中的预设算子发送至代理端。其中,代理端为与客户端处于同一内网中的计算机或者运行在客户端上的安全容器或虚拟机。代理端与客户端根据预设的MPC协议调用预设算子对密文特征数据进行处理,从而得到密文诊断结果。代理端将密文诊断结果发送至客户端。客户端对密文诊断结果进行解密,得到X光片数据的明文诊断结果。Take a specific application scenario as an example for description. The client may be a client of a medical institution. The client can obtain the patient's medical image data (for example, X-ray film data). The client can use the homomorphic encryption algorithm to encrypt the X-ray film data to obtain the ciphertext X-ray film data. The client sends a diagnosis request to the medical optical film diagnosis server. Among them, the diagnosis request carries ciphertext X-ray film data. The server may be a medical optical film diagnosis server. The medical optical film diagnosis server calls the convolution operator in the preset deep learning model to perform the convolution operation on the ciphertext feature data according to the preset MPC protocol to obtain the ciphertext feature data. The medical optical film diagnosis server sends the ciphertext feature data and the preset operator in the preset model to the agent. Among them, the agent is a computer on the same intranet as the client or a secure container or virtual machine running on the client. The agent and the client call the preset operator according to the preset MPC protocol to process the ciphertext feature data, so as to obtain the ciphertext diagnosis result. The agent sends the ciphertext diagnosis result to the client. The client decrypts the ciphertext diagnosis result, and obtains the plaintext diagnosis result of the X-ray film data.
其中,上述客户端可以是台式电脑、笔记本、手机终端、PDA等,只要是可以对目标数据进行同态加密以及配合代理端对密文数据进行预设处理的设备都可以,对于客户端的呈现形式,本申请不作限定。上述服务器为可以是单一的服务器,也可以是服务器集群,或者是云服务器等都可以,只要可以根据预设的MPC协议和预设模型对密文数据进行卷积操作的设备都可以,具体的组成形式本申请也不作限定。上述代理端可以是与客户端建立局域网连接的计算机、运行在客户端上的安全容器或者运行在客户端上的虚拟机等,只要可以与服务器进行通信并且能够与客户端进行安全多方计算的设备都可以,对于代理端的呈现形式,本申请也不作限定。Among them, the above-mentioned client can be a desktop computer, notebook, mobile phone terminal, PDA, etc., as long as it is a device that can homomorphically encrypt the target data and cooperate with the agent to perform preset processing on the ciphertext data. The presentation form of the client , This application is not limited. The above-mentioned server can be a single server, a server cluster, or a cloud server, etc., as long as the device can perform convolution operations on ciphertext data according to the preset MPC protocol and preset model. The specific The composition form of this application is also not limited. The above-mentioned agent can be a computer that establishes a LAN connection with the client, a secure container running on the client, or a virtual machine running on the client, etc., as long as it can communicate with the server and can perform secure multi-party computing with the client. All are possible, and this application does not limit the presentation form of the agent.
图2示出了本申请一些实施例中方法的流程图,该数据处理方法可以应用于客户端。虽然本申请提供了如下述实施例或附图所示的方法操作步骤或装置结构,但基于常规或者无需创造性的劳动在所述方法或装置中可以包括更多或者更少的操作步骤或模块单元。在逻辑性上不存在必要因果关系的步骤或结构中,这些步骤的执行顺序或装置的模块结构不限于本申请实施例描述及附图所示的执行顺序或模块结构。所述的方法或模块结构的在实际中的装置或终端产品应用时,可以按照实施例或者附图所示的方法或模块结构连接进行顺序执行或者并行执行(例如并行处理器或者多线程处理的环境,甚至分布式处理环境)。Figure 2 shows a flowchart of a method in some embodiments of the present application, and the data processing method can be applied to the client. Although this application provides method operation steps or device structures as shown in the following embodiments or drawings, the method or device may include more or less operation steps or module units based on conventional or no creative labor. . In steps or structures where there is no necessary causal relationship logically, the execution order of these steps or the module structure of the device is not limited to the execution order or module structure shown in the description of the embodiments of this application and the drawings. When the described method or module structure is applied to an actual device or terminal product, it can be executed sequentially or in parallel according to the method or module structure connection shown in the embodiments or drawings (for example, parallel processors or multi-threaded processing Environment, even distributed processing environment).
具体地,如图2所示,本申请一些实施例提供的数据处理方法可以包括以下步骤:Specifically, as shown in FIG. 2, the data processing method provided by some embodiments of the present application may include the following steps:
步骤S201,接收客户端发送的数据处理请求,其中,数据处理请求中携带有密文数据,密文数据由客户端利用同态加密算法对目标数据进行加密后生成。Step S201: Receive a data processing request sent by a client, where the data processing request carries ciphertext data, and the ciphertext data is generated by the client after encrypting target data using a homomorphic encryption algorithm.
客户端可以获取目标数据。其中,目标数据是待处理的数据。客户端利用同态加密算法对目标数据进行加密,得到密文数据。具体地,客户端可以利用同态加密算法生成公钥和私钥,然后利用公钥对目标数据进行加密,得到密文数据。客户端可以向服务器发送数据处理请求。其中,数据处理请求中携带有密文数据。在其他实施例中,数据处理请求中还可以携带有同态加密算法生成的公钥。服务器接收客户端发送的数据处理请求。The client can obtain the target data. Among them, the target data is the data to be processed. The client uses a homomorphic encryption algorithm to encrypt the target data to obtain ciphertext data. Specifically, the client can use a homomorphic encryption algorithm to generate a public key and a private key, and then use the public key to encrypt the target data to obtain ciphertext data. The client can send a data processing request to the server. Among them, the data processing request carries ciphertext data. In other embodiments, the data processing request may also carry the public key generated by the homomorphic encryption algorithm. The server receives the data processing request sent by the client.
步骤S202,响应于数据处理请求,根据预设的MPC协议,调用预设模型中的卷积算子对密文数据进行卷积操作,得到密文特征数据。Step S202: In response to the data processing request, according to the preset MPC protocol, the convolution operator in the preset model is called to perform a convolution operation on the ciphertext data to obtain the ciphertext feature data.
步骤S203,将密文特征数据和预设模型中的预设算子发送至代理端,其中,代理端用于与客户端根据预设的MPC协议调用预设算子对密文特征数据进行处理,得到密文处理结果。Step S203: Send the ciphertext feature data and the preset operator in the preset model to the agent, where the agent is used to call the preset operator with the client according to the preset MPC protocol to process the ciphertext feature data , Get the ciphertext processing result.
服务器响应于数据处理请求,根据预设的MPC协议,调用预设模型中的卷积算子对密文数据进行卷积操作,得到密文特征数据。服务器将得到的密文特征数据和预设模型中的预设算子发送至代理端。代理端与客户端根据预设的MPC协议调用预设算子对密文特征数据进行处理,得到密文处理结果。其中,预设模型兼容预设的MPC协议,用于在数据加密的情况下对密文数据进行预设处理;代理端包括以下之一:运行在客户端上的安全容器、运行在客户端上的虚拟机、与客户端建立局域网连接的计算机。In response to the data processing request, the server calls the convolution operator in the preset model to perform a convolution operation on the ciphertext data according to the preset MPC protocol to obtain the ciphertext feature data. The server sends the obtained ciphertext feature data and the preset operator in the preset model to the agent. The agent and the client call the preset operator according to the preset MPC protocol to process the ciphertext feature data, and obtain the ciphertext processing result. Among them, the preset model is compatible with the preset MPC protocol, which is used to perform preset processing on ciphertext data in the case of data encryption; the agent includes one of the following: a secure container running on the client, and a secure container running on the client A virtual machine, a computer that establishes a LAN connection with the client.
其中,预设模型可以是训练好的深度学习模型。其中,该深度学习模型可以是利用大量明文 数据训练得到的。为了与预设的MPC协议兼容,将训练好的深度学习模型中的浮点型数据转化为整型数据。换句话说,预设的MPC协议可以用于在输入为密文数据的情况下实现预设模型中的各种操作,从而实现对密文数据的预设处理。在代理端得到密文处理结果之后,可以将密文处理结果发送至客户端。客户端可以根据同态加密算法生成的私钥对密文处理结果进行解密,得到目标数据的明文处理结果。Among them, the preset model may be a trained deep learning model. Among them, the deep learning model can be obtained by training with a large amount of plaintext data. In order to be compatible with the preset MPC protocol, the floating-point data in the trained deep learning model is converted into integer data. In other words, the preset MPC protocol can be used to implement various operations in the preset model when the input is ciphertext data, so as to realize the preset processing of ciphertext data. After obtaining the ciphertext processing result at the agent, the ciphertext processing result can be sent to the client. The client can decrypt the ciphertext processing result according to the private key generated by the homomorphic encryption algorithm to obtain the plaintext processing result of the target data.
上述实施例中的数据处理方法,通过对目标数据进行同态加密,得到对应的密文数据,避免目标数据的具体内容遭到泄漏。进一步,服务器根据预设的MPC协议调用能够兼容MPC协议的预设模型中的卷积算子对密文数据进行卷积操作,得到密文特征数据,并将密文特征数据和预设模型中的预设算子发送至代理端,使得代理端和客户端再根据预设的MPC协议调用预设模型中的预设算子对密文特征数据进行具体的处理,得到目标数据的密文处理结果。实现了能在目标数据加密的状态下,对目标数据进行具体处理,从而有效地保护了数据隐私。更进一步地,由于代理端是与客户端处于同一局域网中的计算机或者是运行于客户端上的安全容器或虚拟机,因此,相比于直接由服务器与客户端对密文特征数据进行安全多方计算,通过代理端与客户端根据预设的MPC协议调用预设算子对密文特征数据进行安全多方计算,可以有效节省安全多方计算所需的网络带宽,同时极大地降低网络延时,进而有效提高数据处理的效率。In the data processing method in the foregoing embodiment, the target data is homomorphically encrypted to obtain the corresponding ciphertext data, so as to prevent the specific content of the target data from being leaked. Further, the server calls the convolution operator in the preset model compatible with the MPC protocol to perform the convolution operation on the ciphertext data according to the preset MPC protocol to obtain the ciphertext feature data, and combine the ciphertext feature data with the preset model The preset operator of is sent to the agent, so that the agent and the client then call the preset operator in the preset model to perform specific processing on the ciphertext feature data according to the preset MPC protocol to obtain the ciphertext processing of the target data result. Realize that the target data can be specifically processed in the state of target data encryption, thereby effectively protecting data privacy. Furthermore, since the agent is a computer in the same local area network as the client or a secure container or virtual machine running on the client, it is more secure than directly having the server and the client perform ciphertext feature data. Calculation, through the agent and the client according to the preset MPC protocol to call the preset operator to perform secure multi-party calculation of the ciphertext feature data, which can effectively save the network bandwidth required for secure multi-party calculation, and greatly reduce the network delay. Effectively improve the efficiency of data processing.
在本申请一些实施例中,在预设模型包含多个卷积层的情况下,在代理端与客户端根据预设的MPC协议调用预设算子对密文特征数据处理的过程中,可以将得到的需要进行卷积操作的数据返回给服务器。服务器对接收到的数据进行卷积操作,并将得到的数据发送至代理端,如此循环直至得到密文处理结果。In some embodiments of the present application, when the preset model includes multiple convolutional layers, when the agent and the client call the preset operator according to the preset MPC protocol to process the ciphertext feature data, The obtained data that needs to be convolved is returned to the server. The server performs a convolution operation on the received data and sends the obtained data to the agent, and so on until the ciphertext processing result is obtained.
在本申请一些实施例中,在代理端与客户端根据预设的MPC协议调用预设算子对密文特征数据进行处理,得到密文处理结果之后,还可以包括:将与数据处理请求对应的交易事件上传至区块链网络进行上链存储。In some embodiments of the present application, after the agent and the client call the preset operator according to the preset MPC protocol to process the ciphertext feature data, and obtain the ciphertext processing result, it may further include: corresponding to the data processing request The transaction events are uploaded to the blockchain network for storage on the chain.
示例性地,在代理端与客户端配合完成对密文数据的处理之后,可以通知服务器已完成对密文数据的预设处理。服务器响应于该通知将数据处理请求对应的交易事件数据上传至区块链网络进行上链存储。其中,交易事件数据可以包括服务器响应于数据处理请求所执行的计算相关的数据。通过上述方式,将交易事件数据上传至区块链网络进行上链存储,便于后续查询回溯。Exemplarily, after the agent and the client cooperate to complete the processing of the ciphertext data, the server may be notified that the preset processing of the ciphertext data has been completed. In response to the notification, the server uploads the transaction event data corresponding to the data processing request to the blockchain network for on-chain storage. The transaction event data may include data related to calculations performed by the server in response to the data processing request. Through the above method, the transaction event data is uploaded to the blockchain network for on-chain storage, which is convenient for subsequent query and backtracking.
在本申请一些实施例中,目标数据可以包括但不限于以下至少之一:人脸图像数据、医疗影像数据和人体动作数据。在本申请一些实施例中,在目标数据包括医疗影像数据时,预设处理可以包括对医疗影像数据进行诊断处理。在目标数据包括人脸图像数据时,预设处理可以包括人脸识别处理。在目标数据包括人体动作数据时,预设处理包括动作识别处理。上述实施例仅是示例性的,本申请可以处理的目标数据以及可以执行的预设处理不限于此。In some embodiments of the present application, the target data may include but is not limited to at least one of the following: face image data, medical image data, and human body motion data. In some embodiments of the present application, when the target data includes medical image data, the preset processing may include performing diagnosis processing on the medical image data. When the target data includes face image data, the preset processing may include face recognition processing. When the target data includes human body motion data, the preset processing includes motion recognition processing. The above-mentioned embodiments are only exemplary, and the target data that can be processed by this application and the preset processing that can be performed are not limited thereto.
在本申请一些实施例中,根据预设的MPC协议,调用预设模型中的卷积算子对密文数据进行卷积操作,得到密文特征数据,可以包括:根据预设的MPC协议中的同态加法和乘法特性, 调用预设模型中的卷积算子对密文数据进行卷积操作,得到密文特征数据。In some embodiments of the present application, according to the preset MPC protocol, invoking the convolution operator in the preset model to perform the convolution operation on the ciphertext data to obtain the ciphertext feature data may include: according to the preset MPC protocol With the homomorphic addition and multiplication characteristics of, the convolution operator in the preset model is called to perform the convolution operation on the ciphertext data to obtain the ciphertext feature data.
具体地,预设模型可以为训练好的卷积神经网络模型。卷积神经网络模型一般可以包括:卷积层、激励层、池化层和全连接层。其中,每一层的数目可以为一个或多个。其中,卷积层可以包括卷积算子,用于提取数据的特征。服务器在接收到客户端发送的数据处理请求之后,根据预设的MPC协议调用预设模型中的卷积算子对密文数据进行隐私卷积操作,得到密文特征数据。其中,对密文数据进行隐私卷积操作后得到的密文特征数据进行解密后得到的明文特征数据与直接对明文数据进行明文卷积操作后得到的特征数据相同。其中,同态加密允许对密文执行操作,相应的操作将映射到明文,同态加密可以细化为以下两种同态加密算法:Specifically, the preset model may be a trained convolutional neural network model. Convolutional neural network models generally include: convolutional layer, excitation layer, pooling layer and fully connected layer. Among them, the number of each layer can be one or more. Among them, the convolution layer may include a convolution operator for extracting features of the data. After receiving the data processing request sent by the client, the server calls the convolution operator in the preset model to perform a private convolution operation on the ciphertext data according to the preset MPC protocol to obtain the ciphertext feature data. Among them, the plaintext feature data obtained after decrypting the ciphertext feature data obtained by performing the privacy convolution operation on the ciphertext data is the same as the feature data obtained by directly performing the plaintext convolution operation on the plaintext data. Among them, homomorphic encryption allows operations to be performed on the ciphertext, and the corresponding operations will be mapped to the plaintext. The homomorphic encryption can be refined into the following two homomorphic encryption algorithms:
1)同态加法1) Homomorphic addition
已知C1=Enc(m1),C2=Enc(m2),那么C1·C2=Enc(m1+m2);Given that C1=Enc(m1), C2=Enc(m2), then C1·C2=Enc(m1+m2);
2)同态乘法2) Homomorphic multiplication
已知C1=Enc(m1),t1,那么(C1) t1=Enc(m1·t1),这里也可以利用同态加法推导出来。 Given that C1=Enc(m1), t1, then (C1) t1 =Enc(m1·t1), which can also be derived by homomorphic addition.
对明文数据进行卷积操作是明文数据矩阵与卷积算子矩阵中的对应元素相乘后求和。对密文数据进行卷积操作是密文数据矩阵中的元素的卷积算子矩阵的对应元素的次方再相乘得到。示例性地,A 3×3为明文数据矩阵,C 3×3为卷积算子矩阵;a 3×3为密文数据矩阵。明文卷积操作和隐私卷积操作如下所示: The convolution operation on the plaintext data is to multiply the corresponding elements in the plaintext data matrix and the convolution operator matrix and then sum them. The convolution operation on the ciphertext data is obtained by multiplying the powers of the corresponding elements of the convolution operator matrix of the elements in the ciphertext data matrix. Exemplarily, A 3×3 is a plaintext data matrix, C 3×3 is a convolution operator matrix; a 3×3 is a ciphertext data matrix. The plaintext convolution operation and privacy convolution operation are as follows:
Figure PCTCN2020076140-appb-000001
Figure PCTCN2020076140-appb-000001
Figure PCTCN2020076140-appb-000002
Figure PCTCN2020076140-appb-000002
本申请一些实施例还提供了一种数据处理方法,该数据处理方法可以应用于代理端。图3示出了本申请实施例提供的数据处理方法的流程图。Some embodiments of the present application also provide a data processing method, which can be applied to an agent. Fig. 3 shows a flowchart of a data processing method provided by an embodiment of the present application.
如图3所示,上述数据处理方法可以包括以下步骤:As shown in Figure 3, the foregoing data processing method may include the following steps:
步骤S301,接收服务器发送的密文特征数据和预设模型中的预设算子。Step S301: Receive the ciphertext feature data and the preset operator in the preset model sent by the server.
具体地,服务器可以接收客户端发送的数据处理请求。其中,数据处理请求中可以携带有密文数据。密文数据可以由客户端利用同态加密算法对目标数据进行加密后得到的。服务器可以响应于数据处理请求根据预设的MPC协议调用预设模型中的卷积算子对密文数据进行卷积操作得到密文特征数据。服务器将生成的密文特征数据和预设模型中的预设算子发送至代理端。其中,代理端包括以下之一:运行在客户端上的安全容器、运行在客户端上的虚拟机、与客户端建立局域网连接的计算机。Specifically, the server may receive the data processing request sent by the client. Among them, the data processing request may carry ciphertext data. The ciphertext data can be obtained by encrypting the target data by the client using a homomorphic encryption algorithm. The server may call the convolution operator in the preset model according to the preset MPC protocol in response to the data processing request to perform a convolution operation on the ciphertext data to obtain the ciphertext feature data. The server sends the generated ciphertext feature data and the preset operator in the preset model to the agent. Among them, the agent includes one of the following: a secure container running on the client, a virtual machine running on the client, and a computer that establishes a local area network connection with the client.
步骤S302,根据预设的MPC协议调用预设模型中的预设算子,以与客户端配合对密文特征数据进行处理,得到密文处理结果。Step S302: Call the preset operator in the preset model according to the preset MPC protocol to process the ciphertext feature data in cooperation with the client to obtain the ciphertext processing result.
步骤S303,将密文处理结果发送至客户端。Step S303: Send the ciphertext processing result to the client.
代理端接收到密文特征数据和预设算子之后,可以根据预设的MPC协议调用预设模型中的预设算子,与客户端配合对密文特征数据进行处理,得到密文处理结果。其中,预设模型兼容预设的MPC协议,用于在数据加密的情况下对密文数据进行预设处理。其中,预设模型可以是训练好的深度学习模型。其中,该深度学习模型可以是利用大量明文数据训练得到的。为了与预设的MPC协议兼容,将训练好的深度学习模型中的浮点型数据转化为整型数据。换句话说,预设的MPC协议可以用于在输入为密文数据的情况下实现预设模型中的各种操作,从而实现对密文数据的预设处理。在得到密文处理结果之后,代理端将密文处理结果发送至客户端。After receiving the ciphertext feature data and the preset operator, the agent can call the preset operator in the preset model according to the preset MPC protocol, and cooperate with the client to process the ciphertext feature data to obtain the ciphertext processing result . Among them, the preset model is compatible with the preset MPC protocol, and is used to perform preset processing on the ciphertext data in the case of data encryption. Among them, the preset model may be a trained deep learning model. Among them, the deep learning model can be obtained by training using a large amount of plaintext data. In order to be compatible with the preset MPC protocol, the floating-point data in the trained deep learning model is converted into integer data. In other words, the preset MPC protocol can be used to implement various operations in the preset model when the input is ciphertext data, so as to realize the preset processing of ciphertext data. After obtaining the ciphertext processing result, the agent sends the ciphertext processing result to the client.
上述实施例中的数据处理方法,通过对目标数据进行同态加密,得到对应的密文数据,避免目标数据的具体内容遭到泄漏。进一步,服务器根据预设的MPC协议调用能够兼容MPC协议的预设模型中的卷积算子对密文数据进行卷积操作,得到密文特征数据,并将密文特征数据和预设模型中的预设算子发送至代理端,使得代理端和客户端再根据预设的MPC协议调用预设模型中的预设算子对密文特征数据进行具体的处理,得到目标数据的密文处理结果。实现了能在目标数据加密的状态下,对目标数据进行具体处理,从而有效地保护了数据隐私。更进一步地,由于代理端是与客户端处于同一局域网中的计算机或者是运行于客户端上的安全容器或虚拟机,因此,相比于直接由服务器与客户端对密文特征数据进行安全多方计算,通过代理端与客户端根据预设的MPC协议调用预设算子对密文特征数据进行安全多方计算,可以有效节省安全多方计算所需的网络带宽,同时极大地降低网络延时,进而有效提高数据处理的效率。In the data processing method in the foregoing embodiment, the target data is homomorphically encrypted to obtain the corresponding ciphertext data, so as to prevent the specific content of the target data from being leaked. Further, the server calls the convolution operator in the preset model compatible with the MPC protocol to perform the convolution operation on the ciphertext data according to the preset MPC protocol to obtain the ciphertext feature data, and combine the ciphertext feature data with the preset model The preset operator of is sent to the agent, so that the agent and the client then call the preset operator in the preset model to perform specific processing on the ciphertext feature data according to the preset MPC protocol to obtain the ciphertext processing of the target data result. Realize that the target data can be specifically processed in the state of target data encryption, thereby effectively protecting data privacy. Furthermore, since the agent is a computer in the same local area network as the client or a secure container or virtual machine running on the client, it is more secure than directly having the server and the client perform ciphertext feature data. Calculation, through the agent and the client according to the preset MPC protocol to call the preset operator to perform secure multi-party calculation of the ciphertext feature data, which can effectively save the network bandwidth required for secure multi-party calculation, and greatly reduce the network delay. Effectively improve the efficiency of data processing.
在本申请一些实施例中,在将密文处理结果发送至客户端之后,还可以包括:客户端对密文处理结果进行解密,得到明文处理结果。具体地,客户端可以根据同态加密算法得到的私钥对密文处理结果进行解密,得到目标数据的明文处理结果。通过上述方式,可以在客户端揭示目标数据的明文处理结果。In some embodiments of the present application, after sending the ciphertext processing result to the client, it may further include: the client decrypts the ciphertext processing result to obtain the plaintext processing result. Specifically, the client can decrypt the ciphertext processing result according to the private key obtained by the homomorphic encryption algorithm to obtain the plaintext processing result of the target data. Through the above method, the plaintext processing result of the target data can be revealed on the client.
在本申请一些实施例中,在客户端对密文处理结果进行解密,得到明文处理结果之后,还可以包括:客户端获取验证结果,其中,验证结果用于表明明文处理结果是否正确;客户端将验证结果和密文处理结果发送至区块链网络进行上链存储。In some embodiments of the present application, after the client decrypts the ciphertext processing result to obtain the plaintext processing result, it may further include: the client obtains the verification result, where the verification result is used to indicate whether the plaintext processing result is correct; the client The verification result and the ciphertext processing result are sent to the blockchain network for on-chain storage.
具体地,客户端在对密文处理结果进行解密得到明文处理结果之后,客户端获取明文处理结果的验证结果。其中,验证结果可以是业务人员对明文处理结果进行验证后得到的。验证结果也可以是由客户端中的应用程序根据目标数据和明文处理结果后推理得到的。验证结果用于表明明文处理结果是否正确。客户端将验证结果和密文处理结果发送至区块链网络进行上链存储,便于后续查询、追溯、计费、求证等。Specifically, after the client decrypts the ciphertext processing result to obtain the plaintext processing result, the client obtains the verification result of the plaintext processing result. Among them, the verification result may be obtained after the business personnel verify the plaintext processing result. The verification result can also be inferred by the application in the client based on the target data and the plaintext processing result. The verification result is used to indicate whether the plaintext processing result is correct. The client sends the verification result and the ciphertext processing result to the blockchain network for on-chain storage, which is convenient for subsequent query, traceability, billing, verification, etc.
在本申请一些实施例中,在客户端向服务器发送数据处理请求之前/同时/之后,客户端可以 将数据处理的资源数据发送至区块链网络的合约账户中。其中,资源数据可以是数据处理所需要支付的费用,例如,货币或者比特币等。在客户端将密文处理结果和验证结果发送至区块链网络进行上链存储之后,区块链网络确定验证结果是否为正确。在确定验证结果为正确的情况下,区块链网络将合约账户中的资源数据发送至服务器的账户中。通过上述方式,可以解决业务的计费清算的问题。In some embodiments of the present application, before/while/after the client sends a data processing request to the server, the client may send the data processing resource data to the contract account of the blockchain network. Among them, the resource data may be fees that need to be paid for data processing, such as currency or Bitcoin. After the client sends the ciphertext processing result and the verification result to the blockchain network for on-chain storage, the blockchain network determines whether the verification result is correct. When it is determined that the verification result is correct, the blockchain network sends the resource data in the contract account to the server's account. Through the above method, the problem of service billing and settlement can be solved.
在本申请一些实施例中,根据预设的MPC协议调用预设模型中的预设算子,以与客户端配合对密文特征数据进行处理,得到密文处理结果,可以包括:根据预设的MPC协议和预设算子中的激活算子,与客户端配合对密文特征数据进行激活操作,得到第一激活数据和第二激活数据;根据预设的MPC协议和预设算子中的池化算子,与客户端配合对第一激活数据和第二激活数据进行池化操作,得到第一池化数据和第二池化数据;根据预设的MPC协议和预设算子中的全连接算子,与客户端配合对第一池化数据和第二池化数据进行全连接操作,得到密文处理数据。In some embodiments of the present application, calling the preset operator in the preset model according to the preset MPC protocol to process the ciphertext feature data in cooperation with the client to obtain the ciphertext processing result, which may include: The activation operator in the MPC protocol and the preset operator cooperates with the client to activate the ciphertext feature data to obtain the first activation data and the second activation data; according to the preset MPC protocol and the preset operator The pooling operator of the client cooperates with the client to perform the pooling operation on the first activation data and the second activation data to obtain the first pooling data and the second pooling data; according to the preset MPC protocol and the preset operator The fully connected operator cooperates with the client to perform a fully connected operation on the first pooled data and the second pooled data to obtain the ciphertext processing data.
其中,预设模型可以为训练好的卷积神经网络模型。卷积神经网络模型一般可以包括:卷积层、激励层、池化层和全连接层。其中,每一层的数目可以为一个或多个。其中,卷积层可以包括卷积算子,用于提取数据的特征。激励层可以包括激活算子,用于加入非线性因素,以模拟更细微的变化。池化层可以包括池化算子,用于对输入的特征进行压缩,一方面使特征图变小,简化网络计算复杂度,另一方面进行特征压缩,提取主要特征。全连接层可以包括全连接算子,用于连接所有的特征,将输出值送给分类器,得到处理结果。其中,卷子算子对应的操作需要占用较多的计算资源,因此可以在服务器端完成。对于占用计算资源较少的激励、池化和全连接操作,可以由代理端与客户端根据预设的协议调用激活算子、池化算子和全连接算子进行安全多方计算来实现。预设算子可以包括但不限于以下至少之一:激活算子、池化算子和全连接算子。Among them, the preset model may be a trained convolutional neural network model. Convolutional neural network models generally include: convolutional layer, excitation layer, pooling layer and fully connected layer. Among them, the number of each layer can be one or more. Among them, the convolution layer may include a convolution operator for extracting features of the data. The excitation layer can include activation operators to add non-linear factors to simulate more subtle changes. The pooling layer may include a pooling operator, which is used to compress the input features. On the one hand, the feature map is reduced and the network calculation complexity is simplified. On the other hand, the feature compression is performed to extract the main features. The fully connected layer may include a fully connected operator, which is used to connect all the features, send the output value to the classifier, and obtain the processing result. Among them, the operation corresponding to the paper operator requires more computing resources, so it can be completed on the server side. For incentives, pooling and fully connected operations that occupy less computing resources, the agent and the client can call the activation operator, the pooling operator and the fully connected operator according to a preset protocol to perform secure multi-party calculations. The preset operator may include but is not limited to at least one of the following: an activation operator, a pooling operator, and a fully connected operator.
在服务器根据预设的MPC协议调用卷积算子对密文数据进行卷积操作得到密文特征数据之后,服务器将密文特征数据和预设算子发送至代理端。在得到密文特征数据之后,代理端可以根据预设的MPC协议调用预设算子中的激活算子,与客户端配合对密文特征数据进行激活操作,得到第一激活数据和第二激活数据。其中,第一激活数据由代理端持有,第二激活数据由客户端持有。具体地,代理端对密文特征数据执行同态加密转秘密共享操作,得到第一密文数据和第二密文数据。代理端将第一密文数据发送至客户端。客户端对第一密文数据进行解密,得到第一明文数据。代理端将激活算子转化为布尔电路,并得出该布尔电路每个电路门的真值表。然后代理端为每个门选择两个均匀分布的字符串作为标签,分别用来表示0或1。之后,代理端随机生成第一随机数,并根据第二密文数据和第一随机数生成第一标签。将第一标签作为输入替换真值表后,代理端获得标签表。对于每个电路门,代理端使用标签表进行加密,生成第一加密电路(GC,Garbled Circuit)。代理端将第一加密电路发送至客户端。客户端对第一明文数据进行不经意传输(OT,Oblivious Transfer),得到第二标签。客户端根据第二标签对第一加密电路进行解密,得到激活数据。激活数据也属于特征数据,用于表征加入非线性因素之后的特征,可以模拟更细微 的特征变化。然后,由于后续池化操作通过安全多方计算实现,因此可以对激活数据进行秘密共享,从而在代理端得到第一激活数据,在客户端得到第二激活数据。激活数据为第一激活数据与第二激活数据之和。即,代理端与客户端根据预设的MPC协议和激活算子对密文特征数据进行安全多方计算,得到第一激活数据和第二激活数据。After the server calls the convolution operator to perform the convolution operation on the ciphertext data according to the preset MPC protocol to obtain the ciphertext feature data, the server sends the ciphertext feature data and the preset operator to the agent. After obtaining the ciphertext feature data, the agent can call the activation operator in the preset operator according to the preset MPC protocol, and cooperate with the client to activate the ciphertext feature data to obtain the first activation data and the second activation data. Among them, the first activation data is held by the agent, and the second activation data is held by the client. Specifically, the agent performs a homomorphic encryption to secret sharing operation on the ciphertext feature data to obtain the first ciphertext data and the second ciphertext data. The agent sends the first ciphertext data to the client. The client decrypts the first ciphertext data to obtain the first plaintext data. The agent converts the activation operator into a Boolean circuit and obtains the truth table of each circuit gate of the Boolean circuit. Then the agent selects two evenly distributed strings as labels for each door, which are used to represent 0 or 1 respectively. After that, the agent randomly generates a first random number, and generates a first label according to the second ciphertext data and the first random number. After replacing the truth table with the first label as input, the agent obtains the label table. For each circuit gate, the agent uses the tag table to encrypt, and generates a first encryption circuit (GC, Garbled Circuit). The agent sends the first encryption circuit to the client. The client performs an inadvertent transfer (OT, Oblivious Transfer) to the first plaintext data to obtain the second label. The client decrypts the first encryption circuit according to the second tag to obtain activation data. Activation data is also feature data, which is used to characterize the features after adding nonlinear factors, and can simulate more subtle feature changes. Then, since the subsequent pooling operation is implemented through secure multi-party computing, the activation data can be secretly shared, so that the first activation data can be obtained on the agent side and the second activation data can be obtained on the client side. The activation data is the sum of the first activation data and the second activation data. That is, the agent and the client perform secure multi-party calculation on the ciphertext feature data according to the preset MPC protocol and activation operator to obtain the first activation data and the second activation data.
在代理端得到第一激活数据且客户端得到第二激活数据之后,代理端根据预设的MPC协议调用预设算子中的池化算子,与客户端配合对第一激活数据和第二激活数据进行池化操作,得到第一池化数据和第二池化数据。其中,第一池化数据可以由代理端持有。第二池化数据可以由客户端持有。具体地,代理端将池化算子转换为布尔电路。代理端随机生成第二随机数。代理端根据第一激活函数和随机数生成第三标签。代理端将第三标签作为输入替换布尔电路的真值表,得到标签表。代理端对布尔电路的每个门使用标签表进行加密,生成第二加密电路。代理端将第二加密电路发送至客户端。客户端对第二激活数据进行不经意传输,得到第四标签。客户端使用第四标签解密第二加密电路,得到池化数据。池化数据也属于特征数据,是对特征进行压缩后得到的特征数据,可以表征主要特征。之后,由于后续全连接操作通过安全多方计算实现,因此可以对池化数据进行秘密共享,使得代理端获取第一池化数据,客户端获得第二池化数据。池化数据为第一池化数据与第二池化数据之和。即,代理端与客户端可以根据预设的MPC协议和池化算子对第一激活数据和第二激活数据进行安全多方计算,得到第一池化数据和第二池化数据。After the agent obtains the first activation data and the client obtains the second activation data, the agent calls the pooling operator in the preset operator according to the preset MPC protocol, and cooperates with the client to compare the first activation data and the second activation data. Activate the data to perform a pooling operation to obtain the first pooled data and the second pooled data. Among them, the first pooled data can be held by the agent. The second pooled data can be held by the client. Specifically, the agent converts the pooling operator into a Boolean circuit. The agent randomly generates a second random number. The agent generates a third label according to the first activation function and the random number. The agent uses the third label as input to replace the truth table of the Boolean circuit to obtain the label table. The agent uses the tag table to encrypt each gate of the Boolean circuit to generate a second encryption circuit. The agent sends the second encryption circuit to the client. The client inadvertently transmits the second activation data to obtain the fourth tag. The client uses the fourth tag to decrypt the second encryption circuit to obtain pooled data. Pooled data also belongs to feature data, which is the feature data obtained after the feature is compressed, which can characterize the main feature. After that, since the subsequent full connection operation is implemented through secure multi-party computing, the pooled data can be secretly shared, so that the agent obtains the first pooled data and the client obtains the second pooled data. The pooled data is the sum of the first pooled data and the second pooled data. That is, the agent and the client can perform secure multi-party calculation on the first activation data and the second activation data according to the preset MPC protocol and pooling operator to obtain the first pooling data and the second pooling data.
在代理端获得第一池化数据且客户端获得第二池化数据之后,代理端对第一池化数据执行秘密共享转同态加密操作,客户端对第二池化数据执行秘密共享转同态加密操作,从而在代理端得到池化数据。然后将得到的池化数据拍平为一维数组。代理端将一维数组中的每一个元素与连接线上的权重值(即,全连接算子中的元素)相乘后相加并输出,得到密文处理结果。即,服务端根据预设的MPC协议和预设算子中的全连接算子,与客户端配合对第一池化数据和第二池化数据进行全连接操作,得到密文处理数据。代理端将得到的密文处理结果发送至客户端。客户端利用同态加密算法的私钥对密文处理结果进行解密,得到目标数据的明文处理结果。After the agent obtains the first pooled data and the client obtains the second pooled data, the agent performs the secret sharing to homomorphic encryption operation on the first pooled data, and the client performs secret sharing to the second pooled data. State encryption operation, so as to obtain pooled data on the agent side. Then the obtained pooled data is flattened into a one-dimensional array. The agent side multiplies each element in the one-dimensional array with the weight value on the connection line (that is, the element in the fully connected operator), adds and outputs the result, and obtains the ciphertext processing result. That is, the server cooperates with the client to perform a full connection operation on the first pooled data and the second pooled data according to the preset MPC protocol and the full connection operator in the preset operator to obtain the ciphertext processing data. The agent sends the obtained ciphertext processing result to the client. The client uses the private key of the homomorphic encryption algorithm to decrypt the ciphertext processing result to obtain the plaintext processing result of the target data.
上述实施例的数据处理方法中,代理端和客户端根据预设的MPC协议,调用预设算子中的激活算子、池化算子和全连接算子对密文特征数据进行安全多方计算,得到密文处理结果,实现了在输入为密文的情况下通过预设模型对密文数据进行处理或推理,可以有效保护用户的数据隐私。In the data processing method of the above embodiment, the agent and the client call the activation operator, the pooling operator and the fully connected operator in the preset operator according to the preset MPC protocol to perform secure multi-party calculation of the ciphertext feature data , The ciphertext processing result is obtained, and the ciphertext data is processed or inferred through the preset model when the input is ciphertext, which can effectively protect the user's data privacy.
上述实施例中的数据处理方法中激活算子、池化算子和全连接算子均由代理端与客户端根据预设的MPC协议来计算,但本申请不限于此。在本申请另一些实施例中,对于占用计算资源比较多的算子的计算可以由服务器与客户端根据预设的MPC协议来计算,例如平均池化算子等。In the data processing method in the foregoing embodiment, the activation operator, the pooling operator, and the fully connected operator are all calculated by the agent and the client according to the preset MPC protocol, but the application is not limited to this. In some other embodiments of the present application, the calculation of operators that occupy more computing resources may be calculated by the server and the client according to a preset MPC protocol, such as an average pooling operator.
本申请一些实施例还提供了一种数据处理方法。图4示出了本申请实施例中提供的数据处理方法的流程图。如图4所示,该方法可以包括:Some embodiments of the application also provide a data processing method. Fig. 4 shows a flowchart of a data processing method provided in an embodiment of the present application. As shown in Figure 4, the method may include:
步骤S401,客户端获取目标数据,并利用同态加密算法对目标数据进行加密,得到密文数 据。In step S401, the client obtains the target data, and encrypts the target data using a homomorphic encryption algorithm to obtain ciphertext data.
步骤S402,客户端向服务器发送数据处理请求,其中,数据处理请求中携带有密文数据。Step S402: The client sends a data processing request to the server, where the data processing request carries ciphertext data.
步骤S403,响应于数据处理请求,服务器与客户端根据预设的MPC协议调用预设模型中的卷积算子对密文数据进行卷积操作,得到密文特征数据。Step S403: In response to the data processing request, the server and the client call the convolution operator in the preset model to perform a convolution operation on the ciphertext data according to the preset MPC protocol to obtain the ciphertext feature data.
步骤S404,服务器将密文特征数据和预设模型中的预设算子发送至代理端。In step S404, the server sends the ciphertext feature data and the preset operator in the preset model to the agent.
步骤S405,代理端根据预设的MPC协议调用预设算子,以与客户端配合对密文特征数据进行处理,得到密文处理结果。In step S405, the agent invokes a preset operator according to the preset MPC protocol to process the ciphertext feature data in cooperation with the client to obtain the ciphertext processing result.
步骤S406,代理端将密文处理结果发送至客户端。In step S406, the agent sends the ciphertext processing result to the client.
步骤S407,客户端对密文处理结果进行解密,得到目标数据的明文处理结果。In step S407, the client decrypts the ciphertext processing result to obtain the plaintext processing result of the target data.
上述实施例中的数据处理方法,通过对目标数据进行同态加密,得到对应的密文数据,避免目标数据的具体内容遭到泄漏。进一步,服务器根据预设的MPC协议调用能够兼容MPC协议的预设模型中的卷积算子对密文数据进行卷积操作,得到密文特征数据,并将密文特征数据和预设模型中的预设算子发送至代理端,使得代理端和客户端再根据预设的MPC协议调用预设模型中的预设算子对密文特征数据进行具体的处理,得到目标数据的密文处理结果,客户端可以对密文处理结果进行解密,得到目标数据的明文处理结果。实现了能在目标数据加密的状态下,对目标数据进行具体处理,从而有效地保护了数据隐私。更进一步地,由于代理端是与客户端处于同一局域网中的计算机或者是运行于客户端上的安全容器或虚拟机,因此,相比于直接由服务器与客户端对密文特征数据进行安全多方计算,通过代理端与客户端根据预设的MPC协议调用预设算子对密文特征数据进行安全多方计算,可以有效节省安全多方计算所需的网络带宽,同时极大地降低网络延时,进而有效提高数据处理的效率。In the data processing method in the foregoing embodiment, the target data is homomorphically encrypted to obtain the corresponding ciphertext data, so as to prevent the specific content of the target data from being leaked. Further, the server calls the convolution operator in the preset model compatible with the MPC protocol to perform the convolution operation on the ciphertext data according to the preset MPC protocol to obtain the ciphertext feature data, and combine the ciphertext feature data with the preset model The preset operator of is sent to the agent, so that the agent and the client then call the preset operator in the preset model to perform specific processing on the ciphertext feature data according to the preset MPC protocol to obtain the ciphertext processing of the target data As a result, the client can decrypt the ciphertext processing result to obtain the plaintext processing result of the target data. Realize that the target data can be specifically processed in the state of target data encryption, thereby effectively protecting data privacy. Furthermore, since the agent is a computer in the same local area network as the client or a secure container or virtual machine running on the client, it is more secure than directly having the server and the client perform ciphertext feature data. Calculation, through the agent and the client according to the preset MPC protocol to call the preset operator to perform secure multi-party calculation of the ciphertext feature data, which can effectively save the network bandwidth required for secure multi-party calculation, and greatly reduce the network delay. Effectively improve the efficiency of data processing.
在本申请一些实施例中,在代理端与客户端根据预设的MPC协议调用预设算子对密文特征数据进行处理,得到密文处理结果之后,还可以包括:服务器将与数据处理请求对应的交易事件上传至区块链网络进行上链存储。In some embodiments of the present application, after the agent and the client call a preset operator according to the preset MPC protocol to process the ciphertext feature data, and after obtaining the ciphertext processing result, it may also include: the server will contact the data processing request The corresponding transaction event is uploaded to the blockchain network for storage on the chain.
在本申请一些实施例中,目标数据可以包括但不限于以下至少之一:人脸图像数据、医疗影像数据和人体动作数据。In some embodiments of the present application, the target data may include but is not limited to at least one of the following: face image data, medical image data, and human body motion data.
在本申请一些实施例中,在目标数据包括医疗影像数据时,预设处理可以包括对医疗影像数据进行诊断处理。In some embodiments of the present application, when the target data includes medical image data, the preset processing may include performing diagnosis processing on the medical image data.
在本申请一些实施例中,服务器根据预设的MPC协议,调用预设模型中的卷积算子对密文数据进行卷积操作,得到密文特征数据,可以包括:服务器根据预设的MPC协议中的同态加法和乘法特性,调用预设模型中的卷积算子对密文数据进行卷积操作,得到密文特征数据。In some embodiments of the present application, the server calls the convolution operator in the preset model to perform the convolution operation on the ciphertext data according to the preset MPC protocol to obtain the ciphertext feature data, which may include: the server according to the preset MPC The homomorphic addition and multiplication features in the protocol call the convolution operator in the preset model to perform the convolution operation on the ciphertext data to obtain the ciphertext feature data.
在本申请一些实施例中,在客户端对密文处理结果进行解密,得到明文处理结果之后,还可以包括:客户端获取验证结果,其中,验证结果用于表明明文处理结果是否正确;客户端将验证结果和密文处理结果发送至区块链网络进行上链存储。In some embodiments of the present application, after the client decrypts the ciphertext processing result to obtain the plaintext processing result, it may further include: the client obtains the verification result, where the verification result is used to indicate whether the plaintext processing result is correct; the client The verification result and the ciphertext processing result are sent to the blockchain network for on-chain storage.
在本申请一些实施例中,代理端根据预设的MPC协议调用预设算子,以与客户端配合对密文特征数据进行处理,得到密文处理结果,可以包括:根据预设的MPC协议和预设算子中的激活算子,与客户端配合对密文特征数据进行激活操作,得到第一激活数据和第二激活数据;根据预设的MPC协议和预设算子中的池化算子,与客户端配合对第一激活数据和第二激活数据进行池化操作,得到第一池化数据和第二池化数据;根据预设的MPC协议和预设算子中的全连接算子,与客户端配合对第一池化数据和第二池化数据进行全连接操作,得到密文处理数据。In some embodiments of the present application, the agent invokes the preset operator according to the preset MPC protocol to process the ciphertext feature data in cooperation with the client to obtain the ciphertext processing result, which may include: according to the preset MPC protocol The activation operator in the preset operator cooperates with the client to activate the ciphertext feature data to obtain the first activation data and the second activation data; according to the preset MPC protocol and the pooling in the preset operator Operator, cooperates with the client to perform pooling operations on the first activation data and the second activation data to obtain the first pooled data and the second pooled data; according to the preset MPC protocol and the full connection in the preset operator The operator cooperates with the client to perform a full connection operation on the first pooled data and the second pooled data to obtain the ciphertext processing data.
下面结合一个具体实施例对上述方法进行说明,然而,值得注意的是,该具体实施例仅是为了更好地说明本申请,并不构成对本申请的不当限定。The above method will be described below in conjunction with a specific embodiment. However, it is worth noting that this specific embodiment is only for better describing the application, and does not constitute an improper limitation of the application.
图5示出了该具体实施例中的数据处理方法的顺序图。如图5所示,该数据处理方法可以包括以下步骤:Fig. 5 shows a sequence diagram of the data processing method in this specific embodiment. As shown in Figure 5, the data processing method may include the following steps:
步骤1,客户端获取目标数据,并利用同态加密算法对目标数据进行加密,得到目标数据对应的密文数据;Step 1. The client obtains the target data, and encrypts the target data using a homomorphic encryption algorithm to obtain the ciphertext data corresponding to the target data;
步骤2,客户端向服务器发送数据处理请求,其中,数据处理请求中携带有密文数据;Step 2: The client sends a data processing request to the server, where the data processing request carries ciphertext data;
步骤3,客户端将费用抵押至区块链网络的合约账户中;Step 3. The client mortgages the fee to the contract account of the blockchain network;
步骤4,服务器根据预设的MPC协议调用预设模型中的卷积算子对密文数据进行隐私卷积操作,得到密文特征数据;Step 4: The server invokes the convolution operator in the preset model to perform a private convolution operation on the ciphertext data according to the preset MPC protocol to obtain the ciphertext feature data;
步骤5,服务器将密文特征数据和预设模型中的预设算子发送至代理端;Step 5. The server sends the ciphertext feature data and the preset operator in the preset model to the agent;
步骤6,代理端与客户端根据预设的MPC协议调用预设算子中的激活算子对密文特征数据进行安全多方计算,在代理端得到第一激活数据,并且在客户端得到第二激活数据;Step 6. The agent and the client call the activation operator in the preset operator according to the preset MPC protocol to perform secure multi-party calculation on the ciphertext feature data, and obtain the first activation data at the agent and the second activation at the client. Activation data;
步骤7,代理端和客户端根据预设的MPC协议调用预设算子中的池化算子对第一激活数据和第二激活数据进行安全多方计算,在代理端得到第一池化数据,并且在客户端得到第二池化数据;Step 7. The agent and the client call the pooling operator in the preset operator according to the preset MPC protocol to perform a secure multi-party calculation on the first activation data and the second activation data, and obtain the first pooling data at the agent. And get the second pooled data on the client;
步骤8,代理端和客户端根据预设的MPC协议调用预设模型中的全连接算子对上述第一池化数据和第二池化数据进行全连接操作,在代理端端得到密文处理结果;Step 8. The agent and the client call the full connection operator in the preset model according to the preset MPC protocol to perform the full connection operation on the first pooled data and the second pooled data, and the ciphertext processing is obtained on the agent side. result;
步骤9,代理端将密文处理结果发送至客户端;Step 9. The agent sends the ciphertext processing result to the client;
步骤10,服务器将与数据处理请求对应的交易事件数据发送至区块链网络进行上链存储;Step 10: The server sends the transaction event data corresponding to the data processing request to the blockchain network for storage on the chain;
步骤11,客户端利用同态加密算法的私钥对密文处理结果进行解密,得到目标数据的明文处理结果;Step 11. The client uses the private key of the homomorphic encryption algorithm to decrypt the ciphertext processing result to obtain the plaintext processing result of the target data;
步骤12,客户端获取验证结果,其中,验证结果用于表明目标数据的明文处理结果是否正确;Step 12. The client obtains the verification result, where the verification result is used to indicate whether the plaintext processing result of the target data is correct;
步骤13,客户端将明文处理结果和验证结果发送至区块链网络进行上链存储;Step 13. The client sends the plaintext processing result and the verification result to the blockchain network for storage on the chain;
步骤14,区块链网络确定验证结果是否为正确;Step 14. The blockchain network determines whether the verification result is correct;
步骤15,在确定验证结果为正确的情况下,区块链网络将合约账户中的费用转至服务器的 账户中;Step 15. In the case where it is determined that the verification result is correct, the blockchain network transfers the fees in the contract account to the server's account;
步骤16,在确定验证结果为不正确的情况下,区块链网络将合约账户中的费用转至客户端的账户中。Step 16. In the case where it is determined that the verification result is incorrect, the blockchain network transfers the fees in the contract account to the client's account.
上述实施例中的数据处理方法,通过对目标数据进行同态加密,得到密文数据,便于后续直接对密文数据进行处理,避免目标数据的具体内容遭到泄漏。服务器根据预设的MPC协议调用预设模型中的卷积算子对密文数据进行卷积操作,得到密文特征数据,并将密文特征数据和预设模型中的预设算子发送至代理端。代理端和客户端根据预设的MPC协议调用预设算子中的激活算子、池化算子和全连接算子,对密文特征数据进行预设处理,得到目标数据的密文处理结果,实现了在输入为密文数据的情况下对数据进行处理,可以有效保护数据隐私。之后,服务器将此次交易事件对应的数据发送至区块链网络进行上链存储,以便于后续查询、检索、求证等。代理端将密文处理结果发送至客户端,客户端对密文处理结果进行解密,即可得到目标数据的明文处理结果。客户端获取明文处理结果的验证结果,并将密文处理结果和验证结果发送至区块链网络进行上链存储,可以进一步保护处理结果的隐私,而且便于后续进行查询和回溯。而且在区块链网络确定验证结果为正确的情况下,将客户端抵押至合约账户中的费用转至服务器的账户中。在区块链网络确定验证结果为错误的情况下,将客户端抵押至合约账户中的费用返回至客户端的账户。这样,可以有效解决业务的计费清算问题。更进一步地,由于代理端是与客户端处于同一局域网中的计算机或者是运行于客户端上的安全容器或虚拟机,因此,相比于直接由服务器与客户端对密文特征数据进行安全多方计算,通过代理端与客户端根据预设的MPC协议调用预设算子对密文特征数据进行安全多方计算,可以有效节省安全多方计算所需的网络带宽,同时极大地降低网络延时,进而有效提高数据处理的效率。In the data processing method in the foregoing embodiment, the ciphertext data is obtained by homomorphic encryption of the target data, which facilitates subsequent direct processing of the ciphertext data, and prevents the specific content of the target data from being leaked. The server calls the convolution operator in the preset model to perform the convolution operation on the ciphertext data according to the preset MPC protocol, obtains the ciphertext feature data, and sends the ciphertext feature data and the preset operator in the preset model to Agent side. The agent and the client call the activation operator, pooling operator and fully connected operator in the preset operator according to the preset MPC protocol, and perform preset processing on the ciphertext feature data to obtain the ciphertext processing result of the target data , Which realizes the processing of data when the input is ciphertext data, which can effectively protect data privacy. After that, the server sends the data corresponding to this transaction event to the blockchain network for storage on the chain, so as to facilitate subsequent query, retrieval, verification, etc. The agent sends the ciphertext processing result to the client, and the client decrypts the ciphertext processing result to obtain the plaintext processing result of the target data. The client obtains the verification result of the plaintext processing result, and sends the ciphertext processing result and the verification result to the blockchain network for on-chain storage, which can further protect the privacy of the processing result and facilitate subsequent queries and backtracking. And in the case that the blockchain network determines that the verification result is correct, the cost of the client's mortgage in the contract account is transferred to the server's account. In the case that the blockchain network determines that the verification result is wrong, the cost of the client's mortgage to the contract account is returned to the client's account. In this way, the billing and clearing problem of the business can be effectively solved. Furthermore, since the agent is a computer in the same local area network as the client or a secure container or virtual machine running on the client, it is more secure than directly having the server and the client perform ciphertext feature data. Calculation, through the agent and the client according to the preset MPC protocol to call the preset operator to perform secure multi-party calculation of the ciphertext feature data, which can effectively save the network bandwidth required for secure multi-party calculation, and greatly reduce the network delay. Effectively improve the efficiency of data processing.
基于同一发明构思,本申请实施例中还提供了一种数据处理装置,位于服务器端,如下面的实施例所述。由于数据处理装置解决问题的原理与数据处理方法相似,因此数据处理装置的实施可以参见数据处理方法的实施,重复之处不再赘述。以下所使用的,术语“单元”或者“模块”可以实现预定功能的软件和/或硬件的组合。尽管以下实施例所描述的装置较佳地以软件来实现,但是硬件,或者软件和硬件的组合的实现也是可能并被构想的。图6是本申请实施例的数据处理装置的一种结构框图,如图6所示,包括:接收模块601、卷积模块602和发送模块603,下面对该结构进行说明。Based on the same inventive concept, an embodiment of the present application also provides a data processing device located on the server side, as described in the following embodiment. Since the problem-solving principle of the data processing device is similar to that of the data processing method, the implementation of the data processing device can refer to the implementation of the data processing method, and the repetition will not be repeated. As used below, the term "unit" or "module" can be a combination of software and/or hardware that implements a predetermined function. Although the devices described in the following embodiments are preferably implemented by software, implementation by hardware or a combination of software and hardware is also possible and conceived. Fig. 6 is a structural block diagram of a data processing device according to an embodiment of the present application. As shown in Fig. 6, it includes: a receiving module 601, a convolution module 602, and a sending module 603. The structure is described below.
接收模块601用于接收客户端发送的数据处理请求,其中,数据处理请求中携带有密文数据,密文数据由客户端利用同态加密算法对目标数据进行加密后生成;The receiving module 601 is configured to receive a data processing request sent by the client, where the data processing request carries ciphertext data, and the ciphertext data is generated by the client after encrypting the target data using a homomorphic encryption algorithm;
卷积模块602用于响应于数据处理请求,根据预设的MPC协议,调用预设模型中的卷积算子对密文数据进行卷积操作,得到密文特征数据;The convolution module 602 is configured to respond to the data processing request and call the convolution operator in the preset model to perform a convolution operation on the ciphertext data according to the preset MPC protocol to obtain the ciphertext feature data;
发送模块603用于将密文特征数据和预设模型中的预设算子发送至代理端,其中,代理端用于与客户端根据预设的MPC协议调用预设算子对密文特征数据进行处理,得到密文处理结果; 其中,预设模型兼容预设的MPC协议,用于在数据加密的情况下对密文数据进行预设处理;代理端包括以下之一:运行在客户端上的安全容器、运行在客户端上的虚拟机、与客户端建立局域网连接的计算机。The sending module 603 is used to send the ciphertext feature data and the preset operator in the preset model to the agent, where the agent is used to call the preset operator to the ciphertext feature data according to the preset MPC protocol with the client. Perform processing to obtain the ciphertext processing result; among them, the preset model is compatible with the preset MPC protocol, and is used to perform preset processing on the ciphertext data in the case of data encryption; the agent includes one of the following: running on the client A secure container, a virtual machine running on the client, and a computer that establishes a local area network connection with the client.
在本申请一些实施例中,数据处理装置还可以包括存储模块,所述存储模块可以用于:在代理端与客户端根据预设的MPC协议调用预设算子对密文特征数据进行处理,得到密文处理结果之后,将与数据处理请求对应的交易事件上传至区块链网络进行上链存储。In some embodiments of the present application, the data processing device may further include a storage module, and the storage module may be used for: invoking a preset operator on the agent side and the client side according to a preset MPC protocol to process the ciphertext feature data, After the ciphertext processing result is obtained, the transaction event corresponding to the data processing request is uploaded to the blockchain network for storage on the chain.
在本申请一些实施例中,目标数据可以包括以下至少之一:人脸图像数据、医疗影像数据和人体动作数据。In some embodiments of the present application, the target data may include at least one of the following: face image data, medical image data, and human body motion data.
在本申请一些实施例中,在目标数据包括医疗影像数据时,预设处理可以包括对医疗影像数据进行诊断处理。In some embodiments of the present application, when the target data includes medical image data, the preset processing may include performing diagnosis processing on the medical image data.
在本申请一些实施例中,卷积模块可以具体用于:根据预设的MPC协议中的同态加法和乘法特性,调用预设模型中的卷积算子对密文数据进行卷积操作,得到密文特征数据。In some embodiments of the present application, the convolution module may be specifically used to: according to the homomorphic addition and multiplication characteristics in the preset MPC protocol, call the convolution operator in the preset model to perform convolution operations on the ciphertext data, Obtain ciphertext feature data.
基于同一发明构思,本申请实施例中还提供了一种数据处理装置,位于代理端,如下面的实施例所述。由于数据处理装置解决问题的原理与数据处理方法相似,因此数据处理装置的实施可以参见数据处理方法的实施,重复之处不再赘述。以下所使用的,术语“单元”或者“模块”可以实现预定功能的软件和/或硬件的组合。尽管以下实施例所描述的装置较佳地以软件来实现,但是硬件,或者软件和硬件的组合的实现也是可能并被构想的。图7是本申请实施例的数据处理装置的一种结构框图,如图7所示,包括:接收模块701、处理模块702和发送模块703,下面对该结构进行说明。Based on the same inventive concept, an embodiment of the present application also provides a data processing device located at the agent end, as described in the following embodiment. Since the problem-solving principle of the data processing device is similar to that of the data processing method, the implementation of the data processing device can refer to the implementation of the data processing method, and the repetition will not be repeated. As used below, the term "unit" or "module" can be a combination of software and/or hardware that implements a predetermined function. Although the devices described in the following embodiments are preferably implemented by software, implementation by hardware or a combination of software and hardware is also possible and conceived. Fig. 7 is a structural block diagram of a data processing device according to an embodiment of the present application. As shown in Fig. 7, it includes: a receiving module 701, a processing module 702, and a sending module 703. The structure is described below.
接收模块701用于接收服务器发送的密文特征数据和预设模型中的预设算子,其中,密文特征数据由服务器根据预设的MPC协议调用预设模型中的卷积算子对密文数据进行卷积操作得到的,密文数据由客户端利用同态加密算法对目标数据进行加密后得到的;The receiving module 701 is configured to receive the ciphertext feature data sent by the server and the preset operator in the preset model, where the ciphertext feature data is encrypted by the server calling the convolution operator in the preset model according to the preset MPC protocol. The text data is obtained by convolution operation, and the cipher text data is obtained by encrypting the target data by the client using a homomorphic encryption algorithm;
处理模孔702用于根据预设的MPC协议调用预设模型中的预设算子,以与客户端配合对密文特征数据进行处理,得到密文处理结果;The processing die hole 702 is used to call the preset operator in the preset model according to the preset MPC protocol to process the ciphertext feature data in cooperation with the client to obtain the ciphertext processing result;
发送模块703用于将密文处理结果发送至客户端;其中,预设模型兼容预设的MPC协议,用于在数据加密的情况下对密文数据进行预设处理;代理端包括以下之一:运行在客户端上的安全容器、运行在客户端上的虚拟机、与客户端建立局域网连接的计算机。The sending module 703 is used to send the ciphertext processing result to the client; the preset model is compatible with the preset MPC protocol, and is used to perform preset processing on the ciphertext data in the case of data encryption; the agent includes one of the following : A secure container running on the client, a virtual machine running on the client, and a computer that establishes a LAN connection with the client.
在本申请一些实施例中,在将密文处理结果发送至客户端之后,还可以包括:客户端对密文处理结果进行解密,得到明文处理结果。In some embodiments of the present application, after sending the ciphertext processing result to the client, it may further include: the client decrypts the ciphertext processing result to obtain the plaintext processing result.
在本申请一些实施例中,在客户端对密文处理结果进行解密,得到明文处理结果之后,还可以包括:客户端获取验证结果,其中,验证结果用于表明明文处理结果是否正确;客户端将验证结果和密文处理结果发送至区块链网络进行上链存储。In some embodiments of the present application, after the client decrypts the ciphertext processing result to obtain the plaintext processing result, it may further include: the client obtains the verification result, where the verification result is used to indicate whether the plaintext processing result is correct; the client The verification result and the ciphertext processing result are sent to the blockchain network for on-chain storage.
在本申请一些实施例中,处理模孔可以具体用于:根据预设的MPC协议和预设算子中的激 活算子,与客户端配合对密文特征数据进行激活操作,得到第一激活数据和第二激活数据;根据预设的MPC协议和预设算子中的池化算子,与客户端配合对第一激活数据和第二激活数据进行池化操作,得到第一池化数据和第二池化数据;根据预设的MPC协议和预设算子中的全连接算子,与客户端配合对第一池化数据和第二池化数据进行全连接操作,得到密文处理数据。In some embodiments of the present application, the processing die hole can be specifically used to: according to the preset MPC protocol and the activation operator in the preset operator, cooperate with the client to perform an activation operation on the ciphertext feature data to obtain the first activation Data and second activation data; according to the preset MPC protocol and the pooling operator in the preset operator, cooperate with the client to perform a pooling operation on the first activation data and the second activation data to obtain the first pooled data And the second pooled data; according to the preset MPC protocol and the fully connected operator in the preset operator, cooperate with the client to perform the fully connected operation on the first pooled data and the second pooled data to obtain ciphertext processing data.
从以上的描述中,可以看出,本申请实施例实现了如下技术效果:通过对目标数据进行同态加密,得到对应的密文数据,避免目标数据的具体内容遭到泄漏。进一步,服务器根据预设的MPC协议调用能够兼容MPC协议的预设模型中的卷积算子对密文数据进行卷积操作,得到密文特征数据,并将密文特征数据和预设模型中的预设算子发送至代理端,使得代理端和客户端再根据预设的MPC协议调用预设模型中的预设算子对密文特征数据进行具体的处理,得到目标数据的密文处理结果。实现了能在目标数据加密的状态下,对目标数据进行具体处理,从而有效地保护了数据隐私。更进一步地,由于代理端是与客户端处于同一局域网中的计算机或者是运行于客户端上的安全容器或虚拟机,因此,相比于直接由服务器与客户端对密文特征数据进行安全多方计算,通过代理端与客户端根据预设的MPC协议调用预设算子对密文特征数据进行安全多方计算,可以有效节省安全多方计算所需的网络带宽,同时极大地降低网络延时,进而有效提高数据处理的效率。From the above description, it can be seen that the embodiments of the present application achieve the following technical effects: by homomorphically encrypting the target data, the corresponding ciphertext data is obtained, and the specific content of the target data is prevented from being leaked. Further, the server calls the convolution operator in the preset model compatible with the MPC protocol to perform the convolution operation on the ciphertext data according to the preset MPC protocol to obtain the ciphertext feature data, and combine the ciphertext feature data with the preset model The preset operator of is sent to the agent, so that the agent and the client then call the preset operator in the preset model to perform specific processing on the ciphertext feature data according to the preset MPC protocol to obtain the ciphertext processing of the target data result. Realize that the target data can be specifically processed in the state of target data encryption, thereby effectively protecting data privacy. Furthermore, since the agent is a computer in the same local area network as the client or a secure container or virtual machine running on the client, it is more secure than directly having the server and the client perform ciphertext feature data. Calculation, through the agent and the client according to the preset MPC protocol to call the preset operator to perform secure multi-party calculation of the ciphertext feature data, which can effectively save the network bandwidth required for secure multi-party calculation, and greatly reduce the network delay. Effectively improve the efficiency of data processing.
本申请实施方式还提供了一种计算机设备,具体可以参阅图8所示的基于本申请实施例提供的数据处理方法的计算机设备组成结构示意图,所述计算机设备具体可以包括输入设备81、处理器82、存储器83。其中,所述存储器83用于存储处理器可执行指令。所述处理器82执行所述指令时实现上述任意实施例中所述的数据处理方法的步骤。The embodiment of the present application also provides a computer device. For details, please refer to the schematic diagram of the structure of the computer device based on the data processing method provided by the embodiment of the present application shown in FIG. 8. The computer device may specifically include an input device 81 and a processor. 82. Memory 83. Wherein, the memory 83 is used to store processor executable instructions. The processor 82 implements the steps of the data processing method described in any of the foregoing embodiments when executing the instructions.
在本实施方式中,所述输入设备具体可以是用户和计算机系统之间进行信息交换的主要装置之一。所述输入设备可以包括键盘、鼠标、摄像头、扫描仪、光笔、手写输入板、语音输入装置等;输入设备用于把原始数据和处理这些数的程序输入到计算机中。所述输入设备还可以获取接收其他模块、单元、设备传输过来的数据。所述处理器可以按任何适当的方式实现。例如,处理器可以采取例如微处理器或处理器以及存储可由该(微)处理器执行的计算机可读程序代码(例如软件或固件)的计算机可读介质、逻辑门、开关、专用集成电路(Application Specific Integrated Circuit,ASIC)、可编程逻辑控制器和嵌入微控制器的形式等等。所述存储器具体可以是现代信息技术中用于保存信息的记忆设备。所述存储器可以包括多个层次,在数字系统中,只要能保存二进制数据的都可以是存储器;在集成电路中,一个没有实物形式的具有存储功能的电路也叫存储器,如RAM、FIFO等;在系统中,具有实物形式的存储设备也叫存储器,如内存条、TF卡等。In this embodiment, the input device may specifically be one of the main devices for information exchange between the user and the computer system. The input device may include a keyboard, a mouse, a camera, a scanner, a light pen, a handwriting input board, a voice input device, etc.; the input device is used to input raw data and programs for processing these numbers into the computer. The input device can also obtain and receive data transmitted from other modules, units, and devices. The processor can be implemented in any suitable way. For example, the processor may take the form of a microprocessor or a processor and a computer readable medium, logic gates, switches, application specific integrated circuits ( Application Specific Integrated Circuit, ASIC), programmable logic controller and embedded microcontroller form, etc. The memory may specifically be a memory device used to store information in modern information technology. The memory can include multiple levels. In a digital system, as long as it can store binary data, it can be a memory; in an integrated circuit, a circuit with a storage function without a physical form is also called a memory, such as RAM, FIFO, etc.; In the system, storage devices in physical form are also called memory, such as memory sticks, TF cards, and so on.
在本实施方式中,该计算机设备具体实现的功能和效果,可以与其它实施方式对照解释,在此不再赘述。In this embodiment, the specific functions and effects implemented by the computer device can be explained in comparison with other embodiments, and will not be repeated here.
本申请实施方式中还提供了一种基于数据处理方法的计算机存储介质,所述计算机存储介质 存储有计算机程序指令,在所述计算机程序指令被执行时实现上述任意实施例中所述数据处理方法的步骤。The embodiment of the present application also provides a computer storage medium based on a data processing method, the computer storage medium stores computer program instructions, and when the computer program instructions are executed, the data processing method described in any of the above embodiments is implemented A step of.
在本实施方式中,上述存储介质包括但不限于随机存取存储器(Random Access Memory,RAM)、只读存储器(Read-Only Memory,ROM)、缓存(Cache)、硬盘(Hard Disk Drive,HDD)或者存储卡(Memory Card)。所述存储器可以用于存储计算机程序指令。网络通信单元可以是依照通信协议规定的标准设置的,用于进行网络连接通信的接口。In this embodiment, the above-mentioned storage medium includes, but is not limited to, random access memory (Random Access Memory, RAM), read-only memory (Read-Only Memory, ROM), cache (Cache), and hard disk (Hard Disk Drive, HDD). Or memory card (Memory Card). The memory can be used to store computer program instructions. The network communication unit may be an interface set up in accordance with a standard stipulated by the communication protocol and used for network connection communication.
在本实施方式中,该计算机存储介质存储的程序指令具体实现的功能和效果,可以与其它实施方式对照解释,在此不再赘述。In this embodiment, the specific functions and effects realized by the program instructions stored in the computer storage medium can be explained in comparison with other embodiments, and will not be repeated here.
显然,本领域的技术人员应该明白,上述的本申请实施例的各模块或各步骤可以用通用的计算装置来实现,它们可以集中在单个的计算装置上,或者分布在多个计算装置所组成的网络上,可选地,它们可以用计算装置可执行的程序代码来实现,从而,可以将它们存储在存储装置中由计算装置来执行,并且在某些情况下,可以以不同于此处的顺序执行所示出或描述的步骤,或者将它们分别制作成各个集成电路模块,或者将它们中的多个模块或步骤制作成单个集成电路模块来实现。这样,本申请实施例不限制于任何特定的硬件和软件结合。Obviously, those skilled in the art should understand that the modules or steps of the embodiments of the present application described above can be implemented by a general computing device, and they can be concentrated on a single computing device or distributed among multiple computing devices. Optionally, they can be implemented by the program code executable by the computing device, so that they can be stored in the storage device for execution by the computing device, and in some cases, they can be different from here The steps shown or described are performed in the order of, or they are respectively fabricated into individual integrated circuit modules, or multiple modules or steps of them are fabricated into a single integrated circuit module to achieve. In this way, the embodiments of the present application are not limited to any specific combination of hardware and software.
应该理解,以上描述是为了进行图示说明而不是为了进行限制。通过阅读上述描述,在所提供的示例之外的许多实施方式和许多应用对本领域技术人员来说都将是显而易见的。因此,本申请的范围不应该参照上述描述来确定,而是应该参照前述权利要求以及这些权利要求所拥有的等价物的全部范围来确定。It should be understood that the above description is for illustration and not for limitation. By reading the above description, many implementations and many applications beyond the examples provided will be obvious to those skilled in the art. Therefore, the scope of this application should not be determined with reference to the above description, but should be determined with reference to the foregoing claims and the full scope of equivalents possessed by these claims.
以上所述仅为本申请的优选实施例而已,并不用于限制本申请,对于本领域的技术人员来说,本申请实施例可以有各种更改和变化。凡在本申请的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本申请的保护范围之内。The foregoing descriptions are only preferred embodiments of the present application, and are not intended to limit the present application. For those skilled in the art, the embodiments of the present application may have various modifications and changes. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of this application shall be included in the protection scope of this application.

Claims (13)

  1. 一种数据处理方法,其特征在于,包括:A data processing method, characterized in that it comprises:
    接收客户端发送的数据处理请求,其中,所述数据处理请求中携带有密文数据,所述密文数据由所述客户端利用同态加密算法对目标数据进行加密后生成;Receiving a data processing request sent by a client, where the data processing request carries ciphertext data, and the ciphertext data is generated by the client after encrypting target data using a homomorphic encryption algorithm;
    响应于所述数据处理请求,根据预设的MPC协议,调用预设模型中的卷积算子对所述密文数据进行卷积操作,得到密文特征数据;In response to the data processing request, according to a preset MPC protocol, call a convolution operator in a preset model to perform a convolution operation on the ciphertext data to obtain ciphertext feature data;
    将所述密文特征数据和所述预设模型中的预设算子发送至代理端,其中,所述代理端用于与所述客户端根据所述预设的MPC协议调用所述预设算子对所述密文特征数据进行处理,得到密文处理结果;The ciphertext feature data and the preset operator in the preset model are sent to the agent, where the agent is used to call the preset with the client according to the preset MPC protocol The operator processes the ciphertext feature data to obtain a ciphertext processing result;
    其中,所述预设模型兼容所述预设的MPC协议,用于在数据加密的情况下对密文数据进行预设处理;所述代理端包括以下之一:运行在所述客户端上的安全容器、运行在所述客户端上的虚拟机、与所述客户端建立局域网连接的计算机。Wherein, the preset model is compatible with the preset MPC protocol, and is used to perform preset processing on the ciphertext data in the case of data encryption; the agent includes one of the following: running on the client A secure container, a virtual machine running on the client, and a computer that establishes a local area network connection with the client.
  2. 根据权利要求1所述的方法,其特征在于,在所述代理端与所述客户端根据所述预设的MPC协议调用所述预设算子对所述密文特征数据进行处理,得到密文处理结果之后,还包括:The method according to claim 1, wherein the agent and the client call the preset operator according to the preset MPC protocol to process the ciphertext feature data to obtain the ciphertext feature data. After the document processing results, it also includes:
    将与所述数据处理请求对应的交易事件上传至区块链网络进行上链存储。Upload the transaction event corresponding to the data processing request to the blockchain network for on-chain storage.
  3. 根据权利要求1所述的方法,其特征在于,所述目标数据包括以下至少之一:人脸图像数据、医疗影像数据和人体动作数据。The method according to claim 1, wherein the target data includes at least one of the following: face image data, medical image data, and human body motion data.
  4. 根据权利要求3所述的方法,其特征在于,在所述目标数据包括医疗影像数据时,所述预设处理包括对所述医疗影像数据进行诊断处理。The method according to claim 3, wherein when the target data includes medical image data, the preset processing includes performing diagnostic processing on the medical image data.
  5. 根据权利要求1所述的方法,其特征在于,根据预设的MPC协议,调用预设模型中的卷积算子对所述密文数据进行卷积操作,得到密文特征数据,包括:The method according to claim 1, wherein, according to a preset MPC protocol, calling a convolution operator in a preset model to perform a convolution operation on the ciphertext data to obtain ciphertext feature data, comprising:
    根据所述预设的MPC协议中的同态加法和乘法特性,调用所述预设模型中的卷积算子对所述密文数据进行卷积操作,得到密文特征数据。According to the homomorphic addition and multiplication characteristics in the preset MPC protocol, the convolution operator in the preset model is called to perform a convolution operation on the ciphertext data to obtain ciphertext feature data.
  6. 一种数据处理方法,其特征在于,应用于代理端,包括:A data processing method, which is characterized in that it is applied to an agent, and includes:
    接收服务器发送的密文特征数据和预设模型中的预设算子,其中,所述密文特征数据由所述服务器根据预设的MPC协议调用所述预设模型中的卷积算子对密文数据进行卷积操作得到的,所述密文数据由客户端利用同态加密算法对目标数据进行加密后得到的;Receive the ciphertext feature data sent by the server and the preset operator in the preset model, wherein the ciphertext feature data is invoked by the server according to the preset MPC protocol to the convolution operator pair in the preset model The ciphertext data is obtained by performing a convolution operation, and the ciphertext data is obtained after the client encrypts the target data using a homomorphic encryption algorithm;
    根据预设的MPC协议调用所述预设模型中的预设算子,以与所述客户端配合对所述密文特征数据进行处理,得到密文处理结果;Calling a preset operator in the preset model according to a preset MPC protocol to process the ciphertext feature data in cooperation with the client to obtain a ciphertext processing result;
    将所述密文处理结果发送至所述客户端;Sending the ciphertext processing result to the client;
    其中,所述预设模型兼容所述预设的MPC协议,用于在数据加密的情况下对密文数据进行预设处理;所述代理端包括以下之一:运行在所述客户端上的安全容器、运行在所述客户端上 的虚拟机、与所述客户端建立局域网连接的计算机。Wherein, the preset model is compatible with the preset MPC protocol, and is used to perform preset processing on the ciphertext data in the case of data encryption; the agent includes one of the following: running on the client A secure container, a virtual machine running on the client, and a computer that establishes a local area network connection with the client.
  7. 根据权利要求6所述的方法,其特征在于,在将所述密文处理结果发送至所述客户端之后,还包括:The method according to claim 6, wherein after sending the ciphertext processing result to the client, the method further comprises:
    所述客户端对所述密文处理结果进行解密,得到明文处理结果。The client decrypts the ciphertext processing result to obtain the plaintext processing result.
  8. 根据权利要求7所述的方法,其特征在于,在所述客户端对所述密文处理结果进行解密,得到明文处理结果之后,还包括:The method according to claim 7, wherein after the client decrypts the ciphertext processing result to obtain the plaintext processing result, the method further comprises:
    所述客户端获取验证结果,其中,所述验证结果用于表明所述明文处理结果是否正确;The client obtains a verification result, where the verification result is used to indicate whether the plaintext processing result is correct;
    所述客户端将所述验证结果和所述密文处理结果发送至区块链网络进行上链存储。The client sends the verification result and the ciphertext processing result to the blockchain network for uploading storage.
  9. 根据权利要求6所述的方法,其特征在于,根据预设的MPC协议调用所述预设模型中的预设算子,以与所述客户端配合对所述密文特征数据进行处理,得到密文处理结果,包括:The method according to claim 6, wherein the preset operator in the preset model is called according to the preset MPC protocol to cooperate with the client to process the ciphertext feature data to obtain The results of ciphertext processing, including:
    根据所述预设的MPC协议和所述预设算子中的激活算子,与所述客户端配合对所述密文特征数据进行激活操作,得到第一激活数据和第二激活数据;According to the preset MPC protocol and the activation operator in the preset operator, cooperate with the client to perform an activation operation on the ciphertext feature data to obtain first activation data and second activation data;
    根据所述预设的MPC协议和所述预设算子中的池化算子,与所述客户端配合对所述第一激活数据和所述第二激活数据进行池化操作,得到第一池化数据和第二池化数据;According to the preset MPC protocol and the pooling operator in the preset operator, cooperate with the client to perform a pooling operation on the first activation data and the second activation data to obtain the first Pooled data and second pooled data;
    根据所述预设的MPC协议和所述预设算子中的全连接算子,与所述客户端配合对所述第一池化数据和所述第二池化数据进行全连接操作,得到密文处理数据。According to the preset MPC protocol and the fully connected operator in the preset operator, cooperate with the client to perform a fully connected operation on the first pooled data and the second pooled data to obtain Encrypted processing data.
  10. 一种数据处理方法,其特征在于,包括:A data processing method, characterized in that it comprises:
    客户端获取目标数据,并利用同态加密算法对所述目标数据进行加密,得到密文数据;The client obtains the target data, and encrypts the target data using a homomorphic encryption algorithm to obtain ciphertext data;
    所述客户端向服务器发送数据处理请求,其中,所述数据处理请求中携带有所述密文数据;The client sends a data processing request to the server, wherein the data processing request carries the ciphertext data;
    响应于所述数据处理请求,所述服务器与所述客户端根据预设的MPC协议调用预设模型中的卷积算子对所述密文数据进行卷积操作,得到密文特征数据;In response to the data processing request, the server and the client invoke a convolution operator in a preset model according to a preset MPC protocol to perform a convolution operation on the ciphertext data to obtain ciphertext feature data;
    所述服务器将所述密文特征数据和所述预设模型中的预设算子发送至代理端;The server sends the ciphertext feature data and the preset operator in the preset model to the agent;
    所述代理端根据所述预设的MPC协议调用所述预设算子,以与所述客户端配合对所述密文特征数据进行处理,得到密文处理结果;The agent terminal invokes the preset operator according to the preset MPC protocol to process the ciphertext feature data in cooperation with the client to obtain a ciphertext processing result;
    所述代理端将所述密文处理结果发送至所述客户端;Sending the ciphertext processing result to the client by the agent;
    所述客户端对所述密文处理结果进行解密,得到所述目标数据的明文处理结果;The client decrypts the ciphertext processing result to obtain the plaintext processing result of the target data;
    其中,所述预设模型兼容所述预设的MPC协议,用于在数据加密的情况下对密文数据进行预设处理;所述代理端包括以下之一:运行在所述客户端上的安全容器、运行在所述客户端上的虚拟机、与所述客户端建立局域网连接的计算机。Wherein, the preset model is compatible with the preset MPC protocol, and is used to perform preset processing on the ciphertext data in the case of data encryption; the agent includes one of the following: running on the client A secure container, a virtual machine running on the client, and a computer that establishes a local area network connection with the client.
  11. 一种数据处理装置,其特征在于,包括:A data processing device, characterized in that it comprises:
    接收模块,用于接收客户端发送的数据处理请求,其中,所述数据处理请求中携带有密文数据,所述密文数据由所述客户端利用同态加密算法对目标数据进行加密后生成;The receiving module is configured to receive a data processing request sent by a client, wherein the data processing request carries ciphertext data, and the ciphertext data is generated by the client after encrypting target data using a homomorphic encryption algorithm ;
    卷积模块,用于响应于所述数据处理请求,根据预设的MPC协议,调用预设模型中的卷积 算子对所述密文数据进行卷积操作,得到密文特征数据;The convolution module is configured to respond to the data processing request and call the convolution operator in the preset model to perform the convolution operation on the ciphertext data according to the preset MPC protocol to obtain the ciphertext feature data;
    发送模块,用于将所述密文特征数据和所述预设模型中的预设算子发送至代理端,其中,所述代理端用于与所述客户端根据所述预设的MPC协议调用所述预设算子对所述密文特征数据进行处理,得到密文处理结果;The sending module is configured to send the ciphertext feature data and the preset operators in the preset model to the agent, where the agent is used to communicate with the client according to the preset MPC protocol Calling the preset operator to process the ciphertext feature data to obtain a ciphertext processing result;
    其中,所述预设模型兼容所述预设的MPC协议,用于在数据加密的情况下对密文数据进行预设处理;所述代理端包括以下之一:运行在所述客户端上的安全容器、运行在所述客户端上的虚拟机、与所述客户端建立局域网连接的计算机。Wherein, the preset model is compatible with the preset MPC protocol, and is used to perform preset processing on the ciphertext data in the case of data encryption; the agent includes one of the following: running on the client A secure container, a virtual machine running on the client, and a computer that establishes a local area network connection with the client.
  12. 一种计算机设备,其特征在于,包括处理器以及用于存储处理器可执行指令的存储器,所述处理器执行所述指令时实现权利要求1至5中任一项所述方法的步骤。A computer device, characterized by comprising a processor and a memory for storing executable instructions of the processor, and the processor implements the steps of the method according to any one of claims 1 to 5 when the processor executes the instructions.
  13. 一种计算机可读存储介质,其上存储有计算机指令,其特征在于,所述指令被执行时实现权利要求1至5中任一项所述方法的步骤。A computer-readable storage medium having computer instructions stored thereon, characterized in that, when the instructions are executed, the steps of the method according to any one of claims 1 to 5 are realized.
PCT/CN2020/076140 2019-10-11 2020-02-21 Data processing method and device, computer apparatus, and storage medium WO2021068444A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201910962389.0A CN110750801B (en) 2019-10-11 2019-10-11 Data processing method, data processing device, computer equipment and storage medium
CN201910962389.0 2019-10-11

Publications (1)

Publication Number Publication Date
WO2021068444A1 true WO2021068444A1 (en) 2021-04-15

Family

ID=69278006

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/076140 WO2021068444A1 (en) 2019-10-11 2020-02-21 Data processing method and device, computer apparatus, and storage medium

Country Status (2)

Country Link
CN (1) CN110750801B (en)
WO (1) WO2021068444A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115118535A (en) * 2022-05-25 2022-09-27 成都吉胜科技有限责任公司 Internet bar distributed parallel charging method and system based on cyclic responsibility chain

Families Citing this family (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110765473A (en) * 2019-10-11 2020-02-07 矩阵元技术(深圳)有限公司 Data processing method, data processing device, computer equipment and storage medium
CN110750801B (en) * 2019-10-11 2022-06-10 矩阵元技术(深圳)有限公司 Data processing method, data processing device, computer equipment and storage medium
CN111401273B (en) * 2020-03-19 2022-04-29 支付宝(杭州)信息技术有限公司 User feature extraction system and device for privacy protection
CN111310734A (en) * 2020-03-19 2020-06-19 支付宝(杭州)信息技术有限公司 Face recognition method and device for protecting user privacy
CN111414646B (en) * 2020-03-20 2024-03-29 矩阵元技术(深圳)有限公司 Data processing method and device for realizing privacy protection
WO2021203260A1 (en) * 2020-04-08 2021-10-14 云图技术有限公司 Node matching method, apparatus, device and system
WO2021223104A1 (en) * 2020-05-06 2021-11-11 云图技术有限公司 System testing method and apparatus
CN111726225B (en) * 2020-06-10 2022-12-02 暨南大学 Outsourcing privacy protection intersection calculation method based on secret sharing
CN111737755B (en) * 2020-07-31 2020-11-13 支付宝(杭州)信息技术有限公司 Joint training method and device for business model
CN112699391B (en) * 2020-12-31 2023-06-06 青岛海尔科技有限公司 Target data sending method and privacy computing platform
CN114764501A (en) * 2021-01-15 2022-07-19 阿里巴巴集团控股有限公司 Data processing method, device and system
CN113206832B (en) * 2021-03-31 2022-12-06 华控清交信息科技(北京)有限公司 Data processing method and device and data processing device
CN113254956A (en) * 2021-05-07 2021-08-13 华控清交信息科技(北京)有限公司 Data processing method and device and data processing device
CN114826546A (en) * 2022-04-02 2022-07-29 支付宝(杭州)信息技术有限公司 Transaction data processing method and device
CN116800906B (en) * 2023-08-22 2023-11-07 北京电子科技学院 Ciphertext convolutional neural network image classification method based on mode component homomorphism

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103812638A (en) * 2014-01-22 2014-05-21 北京工业大学 Method for extracting speed up robust feature (SURF) image features of encryption domain
US20160323098A1 (en) * 2015-04-28 2016-11-03 United States Government As Represented By The Secretary Of The Navy System and Method for High-Assurance Data Storage and Processing based on Homomorphic Encryption
CN110175461A (en) * 2019-05-08 2019-08-27 矩阵元技术(深圳)有限公司 Implementation method, device, computer equipment and the storage medium of multi-party computations
CN110750801A (en) * 2019-10-11 2020-02-04 矩阵元技术(深圳)有限公司 Data processing method, data processing device, computer equipment and storage medium

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101475747B1 (en) * 2014-01-22 2014-12-23 고려대학교 산학협력단 Method for an outsourcing multi-party computation using homomorphic encryption
CN104883580B (en) * 2015-06-03 2020-12-11 合肥工业大学 Video security convolution computing system and method based on homomorphic encryption
CN110537191A (en) * 2017-03-22 2019-12-03 维萨国际服务协会 Secret protection machine learning
US20190244138A1 (en) * 2018-02-08 2019-08-08 Apple Inc. Privatized machine learning using generative adversarial networks
CN110084063B (en) * 2019-04-23 2022-07-15 中国科学技术大学 Gradient descent calculation method for protecting private data

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103812638A (en) * 2014-01-22 2014-05-21 北京工业大学 Method for extracting speed up robust feature (SURF) image features of encryption domain
US20160323098A1 (en) * 2015-04-28 2016-11-03 United States Government As Represented By The Secretary Of The Navy System and Method for High-Assurance Data Storage and Processing based on Homomorphic Encryption
CN110175461A (en) * 2019-05-08 2019-08-27 矩阵元技术(深圳)有限公司 Implementation method, device, computer equipment and the storage medium of multi-party computations
CN110750801A (en) * 2019-10-11 2020-02-04 矩阵元技术(深圳)有限公司 Data processing method, data processing device, computer equipment and storage medium

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115118535A (en) * 2022-05-25 2022-09-27 成都吉胜科技有限责任公司 Internet bar distributed parallel charging method and system based on cyclic responsibility chain
CN115118535B (en) * 2022-05-25 2023-08-25 成都吉胜科技有限责任公司 Internet bar distributed parallel charging method and system based on cyclic responsibility chain

Also Published As

Publication number Publication date
CN110750801B (en) 2022-06-10
CN110750801A (en) 2020-02-04

Similar Documents

Publication Publication Date Title
WO2021068444A1 (en) Data processing method and device, computer apparatus, and storage medium
WO2021068445A1 (en) Data processing method and apparatus, computer device, and storage medium
US20220092216A1 (en) Privacy-preserving machine learning in the three-server model
US11222138B2 (en) Privacy-preserving machine learning in the three-server model
US11902413B2 (en) Secure machine learning analytics using homomorphic encryption
CN110945550B (en) Processing and storing blockchain data in a trusted execution environment
US9158925B2 (en) Server-aided private set intersection (PSI) with data transfer
CN112288097A (en) Federal learning data processing method and device, computer equipment and storage medium
US10608811B2 (en) Private set intersection encryption techniques
CN110569227B (en) Model parameter determination method and device and electronic equipment
US20190305943A1 (en) Digital asset transfer system for secure digital asset transactions
CN111428887B (en) Model training control method, device and system based on multiple computing nodes
US10885203B2 (en) Encrypted data exchange
US20200044832A1 (en) System and method for quantum resistant public key encryption
US20220368537A1 (en) Robust state synchronization for stateful hash-based signatures
Alemami et al. Cloud data security and various cryptographic algorithms
WO2023020216A1 (en) Extremum determination method and apparatus based on secure multi-party computation, device, and storage medium
CN109981576A (en) Key migration method and apparatus
CN114039785A (en) Data encryption, decryption and processing method, device, equipment and storage medium
Liu et al. Privacy-preserving collaborative analytics on medical time series data
JP2023114996A (en) Correlation coefficient acquisition method, apparatus, electronic device and storage medium
CN113645294B (en) Message acquisition method and device, computer equipment and message transmission system
WO2022068359A1 (en) Encryption method and apparatus for compressing ciphertext of information, and device and medium
CN116743376A (en) Multiparty secret sharing data privacy comparison method based on efficient ciphertext confusion technology
CN117349685A (en) Clustering method, system, terminal and medium for communication data

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20874867

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20874867

Country of ref document: EP

Kind code of ref document: A1