CN111783129A - Data processing method and system for protecting privacy - Google Patents

Data processing method and system for protecting privacy Download PDF

Info

Publication number
CN111783129A
CN111783129A CN202010722137.3A CN202010722137A CN111783129A CN 111783129 A CN111783129 A CN 111783129A CN 202010722137 A CN202010722137 A CN 202010722137A CN 111783129 A CN111783129 A CN 111783129A
Authority
CN
China
Prior art keywords
data
party
fragment
private data
homomorphic ciphertext
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010722137.3A
Other languages
Chinese (zh)
Inventor
方文静
王力
周俊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alipay Hangzhou Information Technology Co Ltd
Original Assignee
Alipay Hangzhou Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alipay Hangzhou Information Technology Co Ltd filed Critical Alipay Hangzhou Information Technology Co Ltd
Priority to CN202010722137.3A priority Critical patent/CN111783129A/en
Publication of CN111783129A publication Critical patent/CN111783129A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The embodiment of the specification discloses a data processing method and a data processing system for protecting privacy. The device of the first party stores at least one first fragment of the private data, the device of the second party stores at least one second fragment of the private data, and the first fragment and the corresponding second fragment are subjected to first operation to obtain corresponding private data. The device of the second party receives a first homomorphic ciphertext of the first segment of the at least one private data from the device of the first party, and an encryption key of the first homomorphic ciphertext is a public key of the first party. The device of the second party performs homomorphic encryption on the second fragment of the at least one piece of private data by using the public key of the first party to obtain a first homomorphic ciphertext of the second fragment of the at least one piece of private data, and performs at least a first operation based on the first homomorphic ciphertext of the first fragment of the at least one piece of private data and the first homomorphic ciphertext of the second fragment of the at least one piece of private data to obtain the first homomorphic ciphertext of the target data.

Description

Data processing method and system for protecting privacy
Technical Field
The present disclosure relates to the field of information technologies, and in particular, to a data processing method and system for protecting privacy.
Background
In some scenarios, it is necessary to combine private data of multiple partners to complete a computing task, for example, combine sample data of multiple data providers to perform distributed model training. In order to protect data privacy of each party, private data of any partner can be split into a plurality of fragments, and each partner executes one fragment. In the multi-party joint calculation process, one or more calculation results (some calculation results can be regarded as private data if being disclosed with a risk of privacy disclosure) based on private data of each party can also be stored in each party in a form of fragments. The above computing mode for protecting data privacy is called secret sharing, and the core idea is to distribute input/output of the secret to a plurality of partners in a form of shard (share). In the secret sharing calculation process, frequent interaction is usually required among a plurality of partners, and the problems of large communication quantity and the like exist.
At present, it is desirable to provide a multi-party data privacy protection scheme with a small communication volume.
Disclosure of Invention
One of embodiments of the present specification provides a data processing method for protecting privacy, where a device of a first party stores a first fragment of at least one piece of privacy data, a device of a second party stores a second fragment of the at least one piece of privacy data, and a first operation is performed on the first fragment and the corresponding second fragment to obtain corresponding privacy data; the method is performed by an apparatus of the second party, comprising: receiving a first homomorphic ciphertext of a first segment of the at least one private data from a device of the first party, an encryption key of the first homomorphic ciphertext being a public key of the first party; homomorphic encryption is carried out on the second fragment of the at least one piece of private data by utilizing the public key of the first party to obtain a first homomorphic ciphertext of the second fragment of the at least one piece of private data; and at least performing the first operation based on the first homomorphic ciphertext of the first fragment of the at least one private data and the first homomorphic ciphertext of the second fragment of the at least one private data to obtain the first homomorphic ciphertext of the target data.
One of embodiments of the present specification provides a data processing system for protecting privacy, where a device of a first party stores a first fragment of at least one piece of privacy data, a device of a second party stores a second fragment of the at least one piece of privacy data, and a first operation is performed on the first fragment and the corresponding second fragment to obtain corresponding privacy data; the system is implemented on a device of the second party, comprising: a receiving module, configured to receive, from the device of the first party, a first homomorphic ciphertext of the first segment of the at least one piece of privacy data, where an encryption key of the first homomorphic ciphertext is a public key of the first party; the homomorphic encryption module is used for homomorphic encrypting the second fragment of the at least one piece of private data by using the public key of the first party to obtain a first homomorphic ciphertext of the second fragment of the at least one piece of private data; and the processing module is used for at least performing the first operation based on the first homomorphic ciphertext of the first fragment of the at least one private data and the first homomorphic ciphertext of the second fragment of the at least one private data to obtain the first homomorphic ciphertext of the target data.
One of the embodiments of the present specification provides a data processing apparatus for protecting privacy, including a processor and a storage device, where the storage device is configured to store instructions, and when the processor executes the instructions, the data processing apparatus implements a data processing method for protecting privacy according to any embodiment of the present specification.
Drawings
The present description will be further explained by way of exemplary embodiments, which will be described in detail by way of the accompanying drawings. These embodiments are not intended to be limiting, and in these embodiments like numerals are used to indicate like structures, wherein:
FIG. 1 is a schematic diagram of a two-party secure multiplication protocol involving a third party, according to some embodiments of the present description;
FIG. 2 is a schematic diagram of an application scenario of a multi-party data processing system in accordance with some embodiments of the present description;
FIG. 3 is an exemplary flow diagram of a data processing method for privacy protection according to some embodiments of the present description;
FIG. 4 is a block diagram of a data processing system to protect data privacy shown in accordance with some embodiments of the present description.
Detailed Description
In order to more clearly illustrate the technical solutions of the embodiments of the present disclosure, the drawings used in the description of the embodiments will be briefly described below. It is obvious that the drawings in the following description are only examples or embodiments of the present description, and that for a person skilled in the art, the present description can also be applied to other similar scenarios on the basis of these drawings without inventive effort. Unless otherwise apparent from the context, or otherwise indicated, like reference numbers in the figures refer to the same structure or operation.
It should be understood that "system", "device", "unit" and/or "module" as used herein is a method for distinguishing different components, elements, parts, portions or assemblies at different levels. However, other words may be substituted by other expressions if they accomplish the same purpose.
As used in this specification, the terms "a", "an" and/or "the" are not intended to be inclusive of the singular, but rather are intended to be inclusive of the plural, unless the context clearly dictates otherwise. In general, the terms "comprises" and "comprising" merely indicate that steps and elements are included which are explicitly identified, that the steps and elements do not form an exclusive list, and that a method or apparatus may include other steps or elements.
Flow charts are used in this description to illustrate operations performed by a system according to embodiments of the present description. It should be understood that the preceding or following operations are not necessarily performed in the exact order in which they are performed. Rather, the various steps may be processed in reverse order or simultaneously. Meanwhile, other operations may be added to the processes, or a certain step or several steps of operations may be removed from the processes.
Secret sharing is an important technology in information security, and plays an important role in multi-party security computing. The core idea of secret sharing is to distribute secret input/output (secret) in the form of shards (share) to multiple partners, wherein a shard obtained by any partner may be referred to as a local shard of the partner. Centralized processing of the privacy inputs of the parties can yield a series of computational results without regard to privacy disclosure. In the case of protecting the data privacy of each party, the secret-related calculation result (i.e. regarded as private data) occurring in the centralized processing needs to be divided into a plurality of pieces, in other words, the piece of the secret-related calculation result occurring in the centralized processing is actually calculated by any partner.
For example, assume that: the partner A holds a first fragment < a >1 of private data a and a first fragment < B >1 of private data B, the partner B holds a second fragment < a >2 of private data a and a second fragment < B >2 of private data B, the partner A obtains the first fragment < ab >1 of a B and the partner B obtains the second fragment < ab >2 of a B through secret sharing calculation.
a and the fragment thereof, b and the fragment thereof respectively satisfy the following relations:
a=<a>1+<a>2,b=<b>1+<b>2。
furthermore, a and b and the fragments thereof satisfy the following relations:
a*b =[<a>1+<a>2]*[<b>1+<b>2]=<a>1*<b>1+<a>1*<b>2+<a>2*<b>1+<a>2*<b>2
it can be seen that a can locally compute < a >1 < b >1, so < a >1 < b >1 can be part of < ab > 1. Similarly, B may compute < a >2 x < B >2 locally, so < a >2 x < B >2 may be part of < ab > 2. Neither < a >1 x < B >2 nor < a >2 x < B >1 can be computed locally on either of a and B, with the assistance of a third party (e.g., C in fig. 1), a can get one slice of < a >1 x < B >2 and one slice of < a >2 x < B >1, and B can get another slice of < a >1 x < B >2 and another slice of < a >2 x < B > 1.
FIG. 1 is a schematic diagram of a two-party secure multiplication protocol involving a third party, according to some embodiments of the present description. As shown in fig. 1, p and q are local data of a and B, respectively, and are not disclosed mutually, and a can obtain the first fragment C of pq with the assistance of the third party C1B A second fragment c of pq2. The detailed interaction process is described below:
and C randomly generating u to be sent to A and v to be sent to B. C calculating uv and splitting uv into a first fragment z to be sent to A1And a second fragment z to be sent to B2. I.e. u, v, z1、z2Satisfies uv = z1+z2
C will u and z1Send v and z to A2And sending the data to B.
A computes a-u (denoted as e) and sends e to B.
B calculates B-v (noted as f) and sends f to A.
A calculation of uf + z1As a first sub-slice c of ab1. B calculating eb + z2As a second fragment c of ab2. Wherein, c is satisfied1+ c2=uf+ eb+z1+ z2= u (b-v) + (a-u) b + uz = ab, i.e. c1+ c2=pq。
Referring to fig. 1, to compute the shards of pq, partner A, B participates in at least 3 data interactions. Then, to compute ab's fragment, partner A, B participates in at least 6 data interactions if it computes fragments of < a >1 × < b >2, < a >2 × < b >1 according to the secure multiplication protocol shown in fig. 1.
It follows that in some computing schemes based on secret sharing, there is a large amount of communication between the parties. In order to solve this problem, embodiments of the present disclosure provide a scheme for applying homomorphic encryption to secret sharing, and by converting fragmented data into homomorphic ciphertext, data transmission and reception amounts (i.e., communication amounts) between parties may be effectively reduced.
Homomorphic encryption is a cryptographic technique. The homomorphic encrypted data is processed to obtain an output, and then the output is decrypted, wherein the decryption result is the same as the output obtained by processing the unencrypted original data by the same method. In other words, the output resulting from processing the homomorphic encrypted data is the same as the homomorphic ciphertext of the output resulting from processing the unencrypted original data in the same way. This property of homomorphic encryption can be mathematically expressed as Enckey(f(x))=f(Enckey(x) The keys used for encryption are keys, the homomorphic encryption algorithms used for encryption are Enc (), and the methods used for processing data are f (). In some embodiments, the homomorphic encryption algorithms may include additive homomorphic encryption algorithms, multiplicative homomorphic encryption algorithms, and fully homomorphic encryption algorithms. The addition homomorphic encryption algorithm (such as RSA algorithm) may be applied to addition and subtraction operation, the multiplication homomorphic encryption algorithm (such as Paillier algorithm) may be applied to multiplication and division operation, and the full homomorphic encryption algorithm (such as Gentry algorithm) may be applied to various operations, such as addition, subtraction, multiplication and division, polynomial evaluation, exponential function evaluation, logarithmic function evaluation, trigonometric function evaluation, and the like. That is, the homomorphic encryption algorithm to be applied can be selected according to the operation involved.
FIG. 2 is a schematic diagram of an application scenario of a multi-party data processing system in accordance with some embodiments of the present description. System 100 may include two or more partner devices 110-1, 110-2, 110-3.
The devices of any two partners in the system 100 may cooperate to complete the data processing flow of both parties. The private data fragments held by the two parties can be encrypted by the public key of the same partner. For ease of representation, the partner that provides the public key for encryption may be referred to as the first party and the other party may be referred to as the second party.
The device of the first party can homomorphically encrypt the private data fragment held by the first party by using the public key of the first party and then send the encrypted private data fragment to the second party, and the second party cannot know the private data fragment held by the first party due to the fact that the private key of the first party does not exist. After obtaining the public key of the first party, the device of the second party may also homomorphically encrypt the private data fragment held by the device of the second party with the public key of the first party. Furthermore, the device of the second party may process the homomorphic ciphertexts corresponding to the pieces of the private data held by the two parties respectively.
For more details about the data processing flow completed by the device cooperation of the first party and the second party, reference may be made to fig. 3 and the related description thereof, which are not described herein again.
It is worth noting that the devices of the various partners joining the system 100 may install the same protocol that includes the processes that the first and second parties each need to perform. Any two partners operate the protocol with different identities (the first and second parties), and the data processing flow can be completed cooperatively.
Devices 110 may include various types of computing devices with information transceiving capabilities, such as smart phones, laptop computers, desktop computers, servers, and the like.
In some embodiments, the servers may be independent servers or groups of servers, which may be centralized or distributed. In some embodiments, the server may be regional or remote. In some embodiments, the server may execute on a cloud platform. For example, the cloud platform may include one or any combination of a private cloud, a public cloud, a hybrid cloud, a community cloud, a decentralized cloud, an internal cloud, and the like.
The network 120 connects the various components of the system so that communication can occur between the various components. The network between the various parts in the system may include wired networks and/or wireless networks. For example, network 120 may include a cable network, a wired network, a fiber optic network, a telecommunications network, an intranet, the internet, a Local Area Network (LAN), a Wide Area Network (WAN), a Wireless Local Area Network (WLAN), a Metropolitan Area Network (MAN), a Public Switched Telephone Network (PSTN), a bluetooth network, a ZigBee network (ZigBee), Near Field Communication (NFC), an intra-device bus, an intra-device line, a cable connection, and the like, or any combination thereof. The network connection between each two parts may be in one of the above-mentioned ways, or in a plurality of ways.
FIG. 3 is an exemplary flow diagram of a data processing method for privacy protection according to some embodiments of the present description. First, the description will be given of the expression in fig. 3: enc () represents the same homomorphic encryption algorithm adopted by the first party and the second party, and the homomorphic ciphertext obtained is integrally represented after plaintext is put in brackets; numerical subscripts may be used to distinguish between different private data, subscript a indicating correspondence with a first party and subscript B indicating correspondence with a second party, e.g., EncA() Representing an encryption key as public to a first partyKey PkAE.g., G1AIndicating private data G held by the first party1The first segment of (a); for example only, the private data may be split based on an addition operation (denoted by "+" in fig. 3). As shown in fig. 3, the process 300 may include:
in step 310, the device of the first party encrypts the first fragment of the at least one piece of private data by using the public key of the first party to obtain a first homomorphic ciphertext of the first fragment of the at least one piece of private data.
Step 320, the device of the first party sends the first homomorphic ciphertext of the first segment of the at least one privacy data to the device of the second party.
As shown in fig. 3, for any one of the private data GiThe first party holds private data GiFirst segment G ofiAThe device of the first party may utilize the public key Pk of the first partyAEncrypting the first slice GiAAnd the obtained first homomorphic ciphertext EncA(GiA) To the device of the second party.
In step 330, the device of the second party utilizes the public key Pk of the first partyAAnd encrypting the second fragment of the at least one privacy data to obtain a first homomorphic ciphertext of the second fragment of the at least one privacy data.
Similarly, for any private data GiThe second party holds private data GiSecond segment G ofiBThe second party's device may utilize the first party's public key PkAEncrypting the second slice GiBTo obtain a first homomorphic ciphertext EncA(GiB)。
In step 340, the device of the second party performs at least a first operation based on the first homomorphic ciphertext of the first segment of the at least one private data and the first homomorphic ciphertext of the second segment of the at least one private data to obtain the first homomorphic ciphertext of the target data.
The first operation is an operation associated with splitting of the private data, and specifically, the private data can be restored after the first operation is performed on each slice of the private data. In some embodiments, the first operation may be that of FIG. 3Shown as an addition operation. For example, privacy data GiAnd its segment GiA、GiBCan satisfy GiA+GiB=Gi
It is to be understood that the target data may be derived based on the at least one privacy data.
In some embodiments, the device of the second party may encrypt a first homomorphic ciphertext Enc of the target data (denoted as T)A(T) conversion to a second slice of target data (denoted as T)B) And a first slice (denoted as T) of the target dataA) First homomorphic ciphertext EncA(TA) And a first homomorphic ciphertext Enc of the first fragment of the target dataA(TA) Sent to the first party. Due to the first homomorphic ciphertext EncA(TA) The encryption key is a public key PkAThe device of the first party can use the public key PkAMatching private key SkADecrypting a first homomorphic ciphertext EncA(TA) Obtaining a first slice T of the target dataA. In some embodiments, the device of the second party may generate a random number as the second slice T of the target dataBCalculating EncA(-TB) And then calculates EncA(T)+EncA(-TB). In view of the properties of homomorphic encryption, EncA(T)+EncA(-TB)= EncA(T-TB)=EncA(TA) I.e. the first fragment T of the target data is available to the device of the second partyAFirst homomorphic ciphertext EncA(TA)。
When the at least one private data includes only one private data (assume G1) The target data may be the private data G1A first process (denoted as f) is performed1() Obtained result f)1(G1). The first processing may refer to various types of processing having a single input, for example, one of a rounding operation, an exponential operation, a logarithmic operation, and the like, and for example, a combination of a plurality of operation links, where a first operation link has a single input.
In particular, the second party's equipment may fragment the first fragmentG1AFirst homomorphic ciphertext EncA(G1A) And a second segment G1BFirst homomorphic ciphertext EncA(G1B) Performing a first operation, the computing device of the second party being able to obtain G in view of the properties of the homomorphic encryption1First homomorphic ciphertext EncA(G1). For example, when the first operation is an addition operation, the second party's device may calculate EncA(G1A)+EncA(G1B) Thereby obtaining privacy data G1First homomorphic ciphertext EncA(G1). Obtaining a first homomorphic ciphertext EncA(G1) Thereafter, the second party's device may pair EncA(G1) Performing a first process, a process result f obtained by the device of the second party being taken into account by the characteristics of the homomorphic encryption1(EncA(G1))=EncA(f1(G1) I.e. the second party's device can obtain f1(G1) The first homomorphic ciphertext of (1).
The first process may comprise one or more arithmetic elements, and when the second party's device processes to a point at which interaction with the first party's device is to occur, the first process may be considered complete, and the second party's device may obtain f at that time1(G1) Is converted into f1(G1) Second section of (a) and (f)1(G1) And f is the first homomorphic ciphertext of the first segment, and1(G1) The first homomorphic ciphertext of the first segment is sent to the device of the first party. Receive f1(G1) After the first homomorphic ciphertext of the first segment, the device of the first party may use the private key SkADecrypt to f1(G1) The first segment of (a). That is, the first party and the second party each obtain f1(G1) One slice of (2).
When the at least one private data includes two or more private data, the target data may be the second processing (denoted as f) of the two or more private data2() Obtained result f)2(G1,G2,...,GN). Wherein the second process may refer to various types of processes having more than two inputsFor example, one of a summation operation, a multiplication operation, a difference operation, a quotient operation, and the like, as well as a combination of a plurality of operational elements, a first one of which has at least two inputs.
In some embodiments, for each of the two or more private data (denoted as G)iI is not greater than N and N is not less than 2), the second party's equipment may fragment the first fragment GiAFirst homomorphic ciphertext EncA(GiA) And a second segment GiBFirst homomorphic ciphertext EncA(GiB) Performing a first operation, the computing device of the second party being able to obtain G in view of the properties of the homomorphic encryptioniFirst homomorphic ciphertext EncA(Gi). Thus, the device of the second party may obtain the first homomorphic cryptograms of the two or more private data, which are Enc respectivelyA(G1)、EncA(G2)、...、EncA(GN). After obtaining the first homomorphic ciphertext of the two or more private data, the device of the second party may perform a second process on the first homomorphic ciphertext of the two or more private data, and in view of the property of homomorphic encryption, a processing result f obtained by the device of the second party2(EncA(G1),EncA(G2),...,EncA(GN))=EncA(f2(G1,G2,...,GN) I.e. the second party's device can obtain f2(G1,G2,...,GN) The first homomorphic ciphertext of (1). Obtaining f2(G1,G2,...,GN) After the first homomorphic ciphertext, the second party's device may send f2(G1,G2,...,GN) Is converted into f2(G1,G2,...,GN) Second section of (a) and (f)2(G1,G2,...,GN) And f is the first homomorphic ciphertext of the first segment, and2(G1,G2,...,GN) The first homomorphic ciphertext of the first segment of (a) is sent to a device of the first party. Receive f2(G1,G2,...,GN) Of the first segment ofAfter a homomorphic ciphertext, the first party's device may use the private key SkADecrypt to f2(G1,G2,...,GN) The first segment of (a). That is, the first party and the second party each obtain f2(G1,G2,...,GN) One segment of (2).
In some embodiments, when the second process includes the first operation and the first operation satisfies the join law, the device of the second party may be based on the first homomorphic ciphertext EncA(G1A)、EncA(G2A)、...、EncA(GNA)、EncA(G1B)、EncA(G2B)、...、EncA(GNB) And performing a first operation to obtain a first homomorphic ciphertext of the target data. It should be understood that the target data herein may refer to both a result obtained by performing the first operation on at least a part of the two or more private data and an output obtained by further processing the result. Taking the addition operation as an example, the second party's device may encrypt the first homomorphic ciphertext EncA(G1A)、EncA(G2A)、...、EncA(GNA)、EncA(G1B)、EncA(G2B)、...、EncA(GNB) At least one part of the homomorphic ciphertexts (the number corresponding to the first homomorphic cipher text of the part is recorded as a set K) is summed, and the second party equipment can obtain the target data in view of the homomorphic ciphering characteristic and the combination law satisfied by the first operation
Figure 819568DEST_PATH_IMAGE003
First homomorphic ciphertext EncA(
Figure 212373DEST_PATH_IMAGE003
)。
By converting the fragment data into homomorphic ciphertext, the privacy data can be processed in a ciphertext form. Taking multiplication as an example, referring to the related description of the foregoing embodiment, the product fragment of two private data calculated according to the secure multiplication protocol shown in fig. 1 performs 6 times of data interaction, and the product fragment of two private data calculated according to the process 300 performs 2 times of data interaction, and the communication volume generated by each interaction between the two is basically not greatly different, so that the process 300 can effectively reduce the communication volume due to the small number of interactions. Verification shows that, compared to the secure multiplication protocol shown in fig. 1, the related calculation of the sparse matrix according to the process 300 can significantly reduce the communication amount generated in the calculation process, where the sparse matrix refers to the mathematical representation of the plurality of numerical private data.
In some secret sharing computing schemes, only certain operations are supported by being limited by the splitting mode of input/output (associated with specific operations), for example, the secure multiplication protocol shown in fig. 1 adopts the splitting mode based on addition operation, and only supports addition, subtraction, multiplication and division operations. The process 300 supports various processing on the private data in the form of homomorphic ciphertext, and the specific operation associated with splitting the private data/target data is not limited, and some secret sharing calculation schemes shown in fig. 1 only support addition, subtraction, multiplication, and division operations. In the aspect of privacy protection, the second party cannot decrypt the fragment data and the target data of the first party without a private key of the first party, the first party obtains a homomorphic ciphertext of the fragment of the target data, and the complete target data cannot be recovered so as to reversely deduce the fragment data of the second party. Therefore, on the premise of protecting the data privacy of each party, the fragment data is converted into the homomorphic ciphertext, so that various processing on the privacy data can be realized in the form of the ciphertext, and the communication quantity generated in the calculation process can be effectively reduced.
It should be noted that the above description of the flow is for illustration and description only and does not limit the scope of the application of the present specification. Various modifications and alterations to the flow may occur to those skilled in the art, given the benefit of this description. However, such modifications and variations are intended to be within the scope of the present description.
FIG. 4 is a block diagram of a data processing system to protect data privacy shown in accordance with some embodiments of the present description. The system 400 may be implemented on a device of the second party. As shown in fig. 4, the system 400 may include a receiving module 410, a homomorphic encryption module 420, and a processing module 430.
The receiving module 410 may be configured to receive, from a device of the first party, a first homomorphic ciphertext of the first segment of the at least one private data, an encryption key of the first homomorphic ciphertext being a public key of the first party.
The homomorphic encryption module 420 may be configured to homomorphically encrypt the second segment of the at least one privacy data using the public key of the first party to obtain a first homomorphic ciphertext of the second segment of the at least one privacy data.
The processing module 430 may be configured to perform at least the first operation based on the first homomorphic ciphertext of the first segment of the at least one private data and the first homomorphic ciphertext of the second segment of the at least one private data to obtain the first homomorphic ciphertext of the target data, where the target data is obtained based on the at least one private data.
In some embodiments, the processing module 430 may be further configured to convert the first homomorphic ciphertext of the target data into the second fragment of the target data and the first homomorphic ciphertext of the first fragment of the target data, and send the first homomorphic ciphertext of the first fragment of the target data to the first party's device, so that the first party's device can obtain the first fragment of the target data.
For more details on the system 400 and its modules, reference may be made to fig. 3 and its associated description.
It should be understood that the system and its modules shown in FIG. 4 may be implemented in a variety of ways. For example, in some embodiments, the system and its modules may be implemented in hardware, software, or a combination of software and hardware. Wherein the hardware portion may be implemented using dedicated logic; the software portions may be stored in a memory for execution by a suitable instruction execution system, such as a microprocessor or specially designed hardware. Those skilled in the art will appreciate that the methods and systems described above may be implemented using computer executable instructions and/or embodied in processor control code, such code being provided, for example, on a carrier medium such as a diskette, CD-or DVD-ROM, a programmable memory such as read-only memory (firmware), or a data carrier such as an optical or electronic signal carrier. The system and its modules in this specification may be implemented not only by hardware circuits such as very large scale integrated circuits or gate arrays, semiconductors such as logic chips, transistors, or programmable hardware devices such as field programmable gate arrays, programmable logic devices, etc., but also by software executed by various types of processors, for example, or by a combination of the above hardware circuits and software (e.g., firmware).
It should be noted that the above description of the system and its modules is for convenience only and should not limit the present disclosure to the illustrated embodiments. It will be appreciated by those skilled in the art that, given the teachings of the system, any combination of modules or sub-system configurations may be used to connect to other modules without departing from such teachings. For example, in some embodiments, the receiving module 410 and the homomorphic encryption module 420 may be different modules in a system, or one module may implement the functions of both modules. Such variations are within the scope of the present disclosure.
The beneficial effects that may be brought by the embodiments of the present description include, but are not limited to: (1) by converting the fragment data into homomorphic ciphertext, various processing on the private data can be realized in the form of the ciphertext; (2) by converting the fragment data into homomorphic ciphertext, the communication quantity generated in the calculation process can be effectively reduced; (3) the data privacy of all parties can be effectively protected in the data processing process. It is to be noted that different embodiments may produce different advantages, and in different embodiments, any one or combination of the above advantages may be produced, or any other advantages may be obtained.
Having thus described the basic concept, it will be apparent to those skilled in the art that the foregoing detailed disclosure is to be considered merely illustrative and not restrictive of the embodiments herein. Various modifications, improvements and adaptations to the embodiments described herein may occur to those skilled in the art, although not explicitly described herein. Such modifications, improvements and adaptations are proposed in the embodiments of the present specification and thus fall within the spirit and scope of the exemplary embodiments of the present specification.
Also, the description uses specific words to describe embodiments of the description. Reference throughout this specification to "one embodiment," "an embodiment," and/or "some embodiments" means that a particular feature, structure, or characteristic described in connection with at least one embodiment of the specification is included. Therefore, it is emphasized and should be appreciated that two or more references to "an embodiment" or "one embodiment" or "an alternative embodiment" in various places throughout this specification are not necessarily all referring to the same embodiment. Furthermore, some features, structures, or characteristics of one or more embodiments of the specification may be combined as appropriate.
Moreover, those skilled in the art will appreciate that aspects of the embodiments of the present description may be illustrated and described in terms of several patentable species or situations, including any new and useful combination of processes, machines, manufacture, or materials, or any new and useful improvement thereof. Accordingly, aspects of embodiments of the present description may be carried out entirely by hardware, entirely by software (including firmware, resident software, micro-code, etc.), or by a combination of hardware and software. The above hardware or software may be referred to as "data block," module, "" engine, "" unit, "" component, "or" system. Furthermore, aspects of the embodiments of the present specification may be represented as a computer product, including computer readable program code, embodied in one or more computer readable media.
The computer storage medium may comprise a propagated data signal with the computer program code embodied therewith, for example, on baseband or as part of a carrier wave. The propagated signal may take any of a variety of forms, including electromagnetic, optical, etc., or any suitable combination. A computer storage medium may be any computer-readable medium that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code located on a computer storage medium may be propagated over any suitable medium, including radio, cable, fiber optic cable, RF, or the like, or any combination of the preceding.
Computer program code required for operation of various portions of the embodiments of the present description may be written in any one or more programming languages, including an object oriented programming language such as Java, Scala, Smalltalk, Eiffel, JADE, Emerald, C + +, C #, VB.NET, Python, and the like, a conventional programming language such as C, VisualBasic, Fortran2003, Perl, COBOL2002, PHP, ABAP, a dynamic programming language such as Python, Ruby, and Groovy, or other programming languages, and the like. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or processing device. In the latter scenario, the remote computer may be connected to the user's computer through any network format, such as a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet), or in a cloud computing environment, or as a service, such as a software as a service (SaaS).
In addition, unless explicitly stated in the claims, the order of processing elements and sequences, use of numbers and letters, or use of other names in the embodiments of the present specification are not intended to limit the order of the processes and methods in the embodiments of the present specification. While various presently contemplated embodiments of the invention have been discussed in the foregoing disclosure by way of example, it is to be understood that such detail is solely for that purpose and that the appended claims are not limited to the disclosed embodiments, but, on the contrary, are intended to cover all modifications and equivalent arrangements that are within the spirit and scope of the embodiments herein. For example, although the system components described above may be implemented by hardware devices, they may also be implemented by software-only solutions, such as installing the described system on an existing processing device or mobile device.
Similarly, it should be noted that in the preceding description of embodiments of the specification, various features are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more embodiments of the invention. This method of disclosure, however, is not intended to imply that more features are required than are expressly recited in the claims. Indeed, the embodiments may be characterized as having less than all of the features of a single embodiment disclosed above.
For each patent, patent application publication, and other material, such as articles, books, specifications, publications, documents, etc., cited in this specification, the entire contents of each are hereby incorporated by reference into this specification. Except where the application history document does not conform to or conflict with the contents of the present specification, it is to be understood that the application history document, as used herein in the present specification or appended claims, is intended to define the broadest scope of the present specification (whether presently or later in the specification) rather than the broadest scope of the present specification. It is to be understood that the descriptions, definitions and/or uses of terms in the accompanying materials of this specification shall control if they are inconsistent or contrary to the descriptions and/or uses of terms in this specification.
Finally, it should be understood that the embodiments described herein are merely illustrative of the principles of the embodiments of the present disclosure. Other variations are possible within the scope of the embodiments of the present description. Thus, by way of example, and not limitation, alternative configurations of the embodiments of the specification can be considered consistent with the teachings of the specification. Accordingly, the embodiments of the present description are not limited to only those embodiments explicitly described and depicted herein.

Claims (6)

1. A data processing method for protecting privacy comprises the steps that a first party device stores at least one first fragment of private data, a second party device stores at least one second fragment of the private data, and the first fragment and the corresponding second fragment are subjected to first operation to obtain corresponding private data; the method is performed by an apparatus of the second party, comprising:
receiving a first homomorphic ciphertext of a first segment of the at least one private data from a device of the first party, an encryption key of the first homomorphic ciphertext being a public key of the first party;
homomorphic encryption is carried out on the second fragment of the at least one piece of private data by utilizing the public key of the first party to obtain a first homomorphic ciphertext of the second fragment of the at least one piece of private data;
and at least performing the first operation based on the first homomorphic ciphertext of the first fragment of the at least one private data and the first homomorphic ciphertext of the second fragment of the at least one private data to obtain the first homomorphic ciphertext of the target data.
2. The method of claim 1, wherein the at least one private data is a single private data, and the target data is a result of a first processing performed on the private data; the performing at least the first operation based on the first homomorphic ciphertext of the first segment of the at least one private data and the first homomorphic ciphertext of the second segment of the at least one private data includes:
performing the first operation on the first homomorphic ciphertext of the first segment of the private data and the first homomorphic ciphertext of the second segment of the private data to obtain the first homomorphic ciphertext of the private data;
and performing the first processing on the first homomorphic ciphertext of the private data to obtain the first homomorphic ciphertext of the target data.
3. The method of claim 1, wherein the at least one private data includes two or more private data, and the target data is a result of second processing performed on the two or more private data; the performing at least the first operation based on the first homomorphic ciphertext of the first segment of the at least one private data and the first homomorphic ciphertext of the second segment of the at least one private data includes:
for each of the two or more private data: performing the first operation on the first homomorphic ciphertext of the first segment of the private data and the first homomorphic ciphertext of the second segment of the private data to obtain the first homomorphic ciphertext of the private data;
and performing the second processing on the obtained first homomorphic ciphertext of the more than two private data to obtain the first homomorphic ciphertext of the target data.
4. The method of any of claims 1-3, further comprising:
and converting the first homomorphic ciphertext of the target data into a second fragment of the target data and a first homomorphic ciphertext of the first fragment of the target data, and sending the first homomorphic ciphertext of the first fragment of the target data to the first party equipment, so that the first party equipment can obtain the first fragment of the target data.
5. A data processing system for protecting privacy is disclosed, wherein a first party device stores at least one first fragment of privacy data, a second party device stores at least one second fragment of the privacy data, and the first fragment and the corresponding second fragment are subjected to a first operation to obtain corresponding privacy data; the system is implemented on a device of the second party, comprising:
a receiving module, configured to receive, from the device of the first party, a first homomorphic ciphertext of the first segment of the at least one piece of privacy data, where an encryption key of the first homomorphic ciphertext is a public key of the first party;
the homomorphic encryption module is used for homomorphic encrypting the second fragment of the at least one piece of private data by using the public key of the first party to obtain a first homomorphic ciphertext of the second fragment of the at least one piece of private data;
and the processing module is used for at least performing the first operation based on the first homomorphic ciphertext of the first fragment of the at least one private data and the first homomorphic ciphertext of the second fragment of the at least one private data to obtain the first homomorphic ciphertext of the target data.
6. A privacy preserving data processing apparatus comprising a processor and a storage device for storing instructions which, when executed by the processor, carry out the method of any one of claims 1 to 4.
CN202010722137.3A 2020-07-24 2020-07-24 Data processing method and system for protecting privacy Pending CN111783129A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010722137.3A CN111783129A (en) 2020-07-24 2020-07-24 Data processing method and system for protecting privacy

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010722137.3A CN111783129A (en) 2020-07-24 2020-07-24 Data processing method and system for protecting privacy

Publications (1)

Publication Number Publication Date
CN111783129A true CN111783129A (en) 2020-10-16

Family

ID=72764083

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010722137.3A Pending CN111783129A (en) 2020-07-24 2020-07-24 Data processing method and system for protecting privacy

Country Status (1)

Country Link
CN (1) CN111783129A (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112463332A (en) * 2020-12-01 2021-03-09 华控清交信息科技(北京)有限公司 Data processing method, ciphertext computing system and device for data processing
CN112685752A (en) * 2020-12-25 2021-04-20 联想(北京)有限公司 Data processing method and device based on block chain, electronic equipment and block chain
CN112818338A (en) * 2021-01-22 2021-05-18 支付宝(杭州)信息技术有限公司 Program running method and system
CN113535121A (en) * 2021-06-24 2021-10-22 复旦大学 Safe and efficient mathematical division calculation optimization method based on secret sharing protocol
CN114465713A (en) * 2022-04-12 2022-05-10 神州融安数字科技(北京)有限公司 Joint data analysis method and device for protecting privacy and storage medium
CN114912084A (en) * 2022-04-01 2022-08-16 西南大学 Block chain-based sensitive data security processing method and system
CN114944936A (en) * 2022-04-24 2022-08-26 华控清交信息科技(北京)有限公司 Privacy routing server, encryption protocol conversion method and machine readable storage medium
CN115085897A (en) * 2022-05-23 2022-09-20 支付宝(杭州)信息技术有限公司 Data processing method and device for protecting privacy and computer equipment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111160573A (en) * 2020-04-01 2020-05-15 支付宝(杭州)信息技术有限公司 Method and device for protecting business prediction model of data privacy joint training by two parties
CN111162896A (en) * 2020-04-01 2020-05-15 支付宝(杭州)信息技术有限公司 Method and device for data processing by combining two parties
CN111178549A (en) * 2020-04-10 2020-05-19 支付宝(杭州)信息技术有限公司 Method and device for protecting business prediction model of data privacy joint training by two parties
CN111177790A (en) * 2020-04-10 2020-05-19 支付宝(杭州)信息技术有限公司 Collaborative computing method, system and device for protecting data privacy of two parties
CN111385301A (en) * 2020-03-06 2020-07-07 湖南智慧政务区块链科技有限公司 Block chain data sharing encryption and decryption method, equipment and storage medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111385301A (en) * 2020-03-06 2020-07-07 湖南智慧政务区块链科技有限公司 Block chain data sharing encryption and decryption method, equipment and storage medium
CN111160573A (en) * 2020-04-01 2020-05-15 支付宝(杭州)信息技术有限公司 Method and device for protecting business prediction model of data privacy joint training by two parties
CN111162896A (en) * 2020-04-01 2020-05-15 支付宝(杭州)信息技术有限公司 Method and device for data processing by combining two parties
CN111178549A (en) * 2020-04-10 2020-05-19 支付宝(杭州)信息技术有限公司 Method and device for protecting business prediction model of data privacy joint training by two parties
CN111177790A (en) * 2020-04-10 2020-05-19 支付宝(杭州)信息技术有限公司 Collaborative computing method, system and device for protecting data privacy of two parties

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112463332A (en) * 2020-12-01 2021-03-09 华控清交信息科技(北京)有限公司 Data processing method, ciphertext computing system and device for data processing
CN112685752A (en) * 2020-12-25 2021-04-20 联想(北京)有限公司 Data processing method and device based on block chain, electronic equipment and block chain
CN112818338A (en) * 2021-01-22 2021-05-18 支付宝(杭州)信息技术有限公司 Program running method and system
CN113535121A (en) * 2021-06-24 2021-10-22 复旦大学 Safe and efficient mathematical division calculation optimization method based on secret sharing protocol
CN114912084A (en) * 2022-04-01 2022-08-16 西南大学 Block chain-based sensitive data security processing method and system
CN114465713A (en) * 2022-04-12 2022-05-10 神州融安数字科技(北京)有限公司 Joint data analysis method and device for protecting privacy and storage medium
CN114465713B (en) * 2022-04-12 2022-07-12 神州融安数字科技(北京)有限公司 Joint data analysis method and device for protecting privacy and storage medium
CN114944936A (en) * 2022-04-24 2022-08-26 华控清交信息科技(北京)有限公司 Privacy routing server, encryption protocol conversion method and machine readable storage medium
CN115085897A (en) * 2022-05-23 2022-09-20 支付宝(杭州)信息技术有限公司 Data processing method and device for protecting privacy and computer equipment

Similar Documents

Publication Publication Date Title
CN111783129A (en) Data processing method and system for protecting privacy
US10033708B2 (en) Secure computation using a server module
CN111371545B (en) Encryption method and system based on privacy protection
CN113162752B (en) Data processing method and device based on hybrid homomorphic encryption
CN109361510B (en) Information processing method supporting overflow detection and large integer operation and application
JP6363032B2 (en) Key change direction control system and key change direction control method
WO2015080896A1 (en) Server-aided private set intersection (psi) with data transfer
CN111555880B (en) Data collision method and device, storage medium and electronic equipment
JP6575532B2 (en) Encryption device, decryption device, encryption processing system, encryption method, decryption method, encryption program, and decryption program
CN114465708B (en) Privacy data processing method, device, system, electronic equipment and storage medium
WO2016112954A1 (en) Method and system for providing encrypted data
WO2021129470A1 (en) Polynomial-based system and method for fully homomorphic encryption of binary data
CN105099653A (en) Distributed data processing method, device and system
CN114614970A (en) Privacy data security processing method based on multi-calculator and homomorphic encryption
WO2014030706A1 (en) Encrypted database system, client device and server, method and program for adding encrypted data
CN113992325B (en) Private data sharing method and device
CN116561787A (en) Training method and device for visual image classification model and electronic equipment
CN112580071B (en) Data processing method and device
CN108599941A (en) Random asymmetries expand byte encryption of communicated data method
WO2015125293A1 (en) Cipher system and cipher program
CN106973070A (en) A kind of big data calculates trusteeship service security certification system and method
Rajesh et al. A Multi-Stage Partial Homomorphic Encryption Scheme for Secure Data Processing in Cloud Computing
Marquet et al. Secure key management for multi-party computation in mozaik
CN114499845A (en) Multi-party secure computing method, device and system
CN111885056A (en) Zero knowledge proving method and device based on block chain and electronic equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20201016

RJ01 Rejection of invention patent application after publication