CN112580071B - Data processing method and device - Google Patents
Data processing method and device Download PDFInfo
- Publication number
- CN112580071B CN112580071B CN202011447531.7A CN202011447531A CN112580071B CN 112580071 B CN112580071 B CN 112580071B CN 202011447531 A CN202011447531 A CN 202011447531A CN 112580071 B CN112580071 B CN 112580071B
- Authority
- CN
- China
- Prior art keywords
- ciphertext
- preset
- plaintext
- sub
- bit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000003672 processing method Methods 0.000 title abstract description 11
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 121
- 238000012545 processing Methods 0.000 claims abstract description 75
- 238000006243 chemical reaction Methods 0.000 claims abstract description 71
- 238000000034 method Methods 0.000 claims abstract description 27
- 239000002131 composite material Substances 0.000 claims description 14
- 150000001875 compounds Chemical class 0.000 claims description 6
- 238000005516 engineering process Methods 0.000 abstract description 6
- 230000007246 mechanism Effects 0.000 abstract description 6
- 238000012360 testing method Methods 0.000 description 9
- 230000008569 process Effects 0.000 description 5
- 238000013329 compounding Methods 0.000 description 4
- 238000012986 modification Methods 0.000 description 4
- 230000004048 modification Effects 0.000 description 4
- 238000004364 calculation method Methods 0.000 description 3
- 230000004075 alteration Effects 0.000 description 2
- 238000004590 computer program Methods 0.000 description 2
- 239000000470 constituent Substances 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/27—Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/04—Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Databases & Information Systems (AREA)
- Finance (AREA)
- General Engineering & Computer Science (AREA)
- Economics (AREA)
- General Business, Economics & Management (AREA)
- Development Economics (AREA)
- Computing Systems (AREA)
- Marketing (AREA)
- Strategic Management (AREA)
- Technology Law (AREA)
- Data Mining & Analysis (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a data processing method and a device, wherein the method comprises the following steps: the first participant obtains a second public key and a second ciphertext from the second participant; the first party encrypts the first plaintext data of the first party according to the second public key and the preset encryption algorithm to obtain a third ciphertext; and the first party obtains a first ciphertext processing result based on conversion operation of preset operation under the preset encryption algorithm according to the second public key, the second ciphertext and the third ciphertext. When the method is applied to the financial science and technology (Fintech), the first ciphertext processing result can be obtained without a third party mechanism, and the problem of credibility does not exist.
Description
Technical Field
The invention relates to the field of blockchains (blockchain) in the field of financial science and technology (Fintech), in particular to a data processing method and device.
Background
With the development of computer technology, more and more technologies are applied in the financial field, and the traditional financial industry is gradually changing to the financial technology (Fintech), but due to the requirements of safety and real-time performance of the financial industry, the requirements on the technologies (blockchain BlockChain, big data, distributed, etc.) are also higher. Financial institutions have many users who, in some scenarios, may use ciphertext to process data.
At present, the data processing mode under the ciphertext mode is that users submit ciphertext to a centralized mechanism for processing. For example, the user A, B submits the respective ciphertext to the centralization authority C, the centralization authority C grasps the private keys of a and B, and the C decrypts the A, B ciphertext to obtain the plaintext, and the plaintext processing result is obtained. And encrypting the encrypted data to obtain ciphertext, and sending the processing results of the ciphertext back to A and B. However, in the manner of processing the ciphertext according to the third party mechanism, not only the cost is increased, but also the reliability problem exists, such as the privacy exposure risk of the private keys and the plaintext of a and B, the privacy security of the privacy exposure risk depends on C, and a and B cannot determine whether the C has fraudulent activity or not, and cannot determine whether the C transmits the processing result of the true ciphertext to a and B. Therefore, this is a problem to be solved.
Disclosure of Invention
The invention provides a data processing method and device, which solve the problem of credibility of a centralization mechanism in the prior art.
In a first aspect, the present invention provides a data processing method, including:
The first participant obtains a second public key and a second ciphertext from the second participant; the second ciphertext is obtained by encrypting second plaintext data according to a second public key by the second party according to a preset encryption algorithm;
The first party encrypts the first plaintext data of the first party according to the second public key and the preset encryption algorithm to obtain a third ciphertext;
The first party obtains a first ciphertext processing result based on conversion operation of preset operation under the preset encryption algorithm according to the second public key, the second ciphertext and the third ciphertext;
the preset operation is a composite logic operation to be executed on the first plaintext data and the second plaintext data; the compound logical operation is formed by compounding all logical operations; the preset encryption algorithm has the encryption characteristics of each logical operation.
In the above manner, after the first participant obtains the first ciphertext and the second ciphertext obtained according to the preset encryption algorithm, the first ciphertext processing result can be obtained directly based on the conversion operation of the preset operation under the preset encryption algorithm by adopting the preset encryption algorithm, that is, the ciphertext can be directly operated under the condition of not decrypting, and the function equivalent to the plaintext operation is realized on the premise of ensuring the data privacy of the participant, so that the first ciphertext processing result can be obtained without the help of a third party mechanism, and the reliability problem does not exist.
Optionally, the preset operation specifically includes: after obtaining the plaintext operation result of each bit of the plaintext through the first sub-preset operation, executing a second sub-preset operation on the plaintext operation result of each bit of the plaintext;
The first sub-preset operation and the second sub-preset operation are: any one of the logic operations or the composite logic operation of the logic operations; the bit numbers of the first plaintext data and the second plaintext data are the same;
The conversion operation specifically comprises the following steps: after obtaining the ciphertext result of each bit of the ciphertext through the first sub-conversion operation, executing a second sub-conversion operation on the ciphertext result of each bit of the ciphertext;
The first and second sub-conversion operations are: under the preset encryption algorithm, the logic operation of any one of the logic operations or the logic operation of the composite logic operation of the logic operations is performed; the second ciphertext and the third ciphertext have the same bit number.
In the method, the preset operation is disassembled into the first sub-preset operation and the second sub-preset operation, the first sub-preset operation is firstly performed to obtain the plaintext operation result of each bit, and then the second sub-preset operation is performed on the plaintext operation result of each bit, so that the operation efficiency can be improved, the conversion operation can also be disassembled into the first sub-conversion operation and the second sub-conversion operation, the first sub-conversion operation can also be performed to obtain the ciphertext result of each bit, and then the second sub-conversion operation is performed on the ciphertext result of each bit, so that the operation efficiency can be improved.
Optionally, the first sub-preset operation specifically includes:
m_ri is the ith bit of the first plaintext data, m_si is the ith bit of the second plaintext data, Representing exclusive or logic operations;
the first sub-conversion operation specifically includes:
wherein enc_and represents a ciphertext conversion operation;
the second sub-preset operation and the second sub-conversion operation are AND logic operations.
In the above method, byAnd calculating the ciphertext result of each bit, and performing AND logic operation, thereby improving the operation efficiency.
Optionally, the first sub-preset operation specifically includes:
m_sj is the j-th bit of the first plaintext data, and m_rj is the j-th bit of the second plaintext data; m_si is the i-th bit of the first plaintext data, and m_ri is the i-th bit of the second plaintext data; k is the number of bits of the first plaintext data and the second plaintext data;
represents a non-logical operation, ∈represents an AND logical operation,/> Representing exclusive or logic operations;
the first sub-conversion operation specifically includes:
Wherein enc_and represents a ciphertext conversion operation, enc represents a preset encryption algorithm, AND pi represents a successive product operation;
the second sub-preset operation and the second sub-conversion operation are both OR logic operations.
In the mode, the ciphertext result of each bit is calculated through the formula, and then OR logic operation is carried out, so that the operation efficiency is improved.
Optionally, the first party encrypts the first plaintext data according to the first public key of the first party according to the preset encryption algorithm to obtain a first ciphertext;
The first party sends the first ciphertext and the first public key to the second party, so that the second party encrypts the second plaintext data according to the first public key to obtain a fourth ciphertext, and obtains a second ciphertext processing result based on the conversion operation according to the first public key, the first ciphertext and the fourth ciphertext.
In the above manner, the first party sends the first ciphertext and the first public key to the second party, so that the second party encrypts the first ciphertext and the fourth ciphertext according to the same first public key.
Optionally, the first participant obtains the second ciphertext processing result from the second participant;
and the first party decrypts the second ciphertext processing result according to a preset decryption algorithm of the preset encryption algorithm to obtain a second plaintext processing result.
Under the mode, the first participant does not need to calculate, and the second ciphertext processing result is directly obtained from the second participant.
Optionally, the first participant decrypts the first ciphertext processing result according to a preset decryption algorithm of the preset encryption algorithm to obtain a first plaintext processing result.
In the above manner, the first participant decrypts the first ciphertext processing result, so that direct calculation through plaintext data is avoided, the first plaintext processing result can be directly obtained, a final first plaintext processing result can be obtained, and privacy security in the process of obtaining the first plaintext processing result is improved.
In a second aspect, the present invention provides a data processing apparatus comprising:
the acquisition module is used for acquiring a second public key and a second ciphertext from a second participant; the second ciphertext is obtained by encrypting second plaintext data according to a second public key by the second party according to a preset encryption algorithm;
The encryption module is used for encrypting the first plaintext data of the first participant according to the second public key and the preset encryption algorithm to obtain a third ciphertext;
the processing module is used for obtaining a first ciphertext processing result based on conversion operation of preset operation under the preset encryption algorithm according to the second public key, the second ciphertext and the third ciphertext;
the preset operation is a composite logic operation to be executed on the first plaintext data and the second plaintext data; the compound logical operation is formed by compounding all logical operations; the preset encryption algorithm has the encryption characteristics of each logical operation.
Optionally, the preset operation specifically includes: after obtaining the plaintext operation result of each bit of the plaintext through the first sub-preset operation, executing a second sub-preset operation on the plaintext operation result of each bit of the plaintext;
The first sub-preset operation and the second sub-preset operation are: any one of the logic operations or the composite logic operation of the logic operations; the bit numbers of the first plaintext data and the second plaintext data are the same;
The conversion operation specifically comprises the following steps: after obtaining the ciphertext result of each bit of the ciphertext through the first sub-conversion operation, executing a second sub-conversion operation on the ciphertext result of each bit of the ciphertext;
The first and second sub-conversion operations are: under the preset encryption algorithm, the logic operation of any one of the logic operations or the logic operation of the composite logic operation of the logic operations is performed; the second ciphertext and the third ciphertext have the same bit number.
Optionally, the first sub-preset operation specifically includes:
m_ri is the ith bit of the first plaintext data, m_si is the ith bit of the second plaintext data, Representing exclusive or logic operations;
the first sub-conversion operation specifically includes:
wherein enc_and represents a ciphertext conversion operation;
the second sub-preset operation and the second sub-conversion operation are AND logic operations.
Optionally, the first sub-preset operation specifically includes:
m_sj is the j-th bit of the first plaintext data, and m_rj is the j-th bit of the second plaintext data; m_si is the i-th bit of the first plaintext data, and m_ri is the i-th bit of the second plaintext data; k is the number of bits of the first plaintext data and the second plaintext data;
represents a non-logical operation, ∈represents an AND logical operation,/> Representing exclusive or logic operations;
the first sub-conversion operation specifically includes:
Wherein enc_and represents a ciphertext conversion operation, enc represents a preset encryption algorithm, AND pi represents a successive product operation;
the second sub-preset operation and the second sub-conversion operation are both OR logic operations.
Optionally, the acquiring module is further configured to: encrypting the first plaintext data according to a first public key of a first participant according to the preset encryption algorithm to obtain a first ciphertext; the processing module is further configured to: and sending the first ciphertext and the first public key to the second party, so that the second party encrypts the second plaintext data according to the first public key to obtain a fourth ciphertext, and obtaining a second ciphertext processing result based on the conversion operation according to the first public key, the first ciphertext and the fourth ciphertext.
Optionally, the acquiring module is further configured to: acquiring the second ciphertext processing result from the second participant;
The processing module is further configured to:
And decrypting the second ciphertext processing result according to a preset decryption algorithm of the preset encryption algorithm to obtain a second plaintext processing result.
Optionally, the processing module is further configured to:
and decrypting the first ciphertext processing result according to a preset decryption algorithm of the preset encryption algorithm to obtain a first plaintext processing result.
The advantages of the foregoing second aspect and the advantages of the foregoing optional apparatuses of the second aspect may refer to the advantages of the foregoing first aspect and the advantages of the foregoing optional methods of the first aspect, and will not be described herein.
In a third aspect, the present invention provides a computer device comprising a program or instructions which, when executed, is operable to perform the above-described first aspect and the respective alternative methods of the first aspect.
In a fourth aspect, the present invention provides a storage medium comprising a program or instructions which, when executed, is adapted to carry out the above-described first aspect and the respective alternative methods of the first aspect.
These and other aspects of the invention will be more readily apparent from the following description of the embodiments.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed in the description of the embodiments will be briefly described below, it will be apparent that the drawings in the following description are only some embodiments of the present invention, and that other drawings can be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic flow chart corresponding to a data processing method according to an embodiment of the present invention;
Fig. 2 is a schematic structural diagram of a data processing apparatus according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be described in further detail below with reference to the accompanying drawings, and it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The terms appearing in the present application are first listed below.
P, q: and presetting a private key of an encryption algorithm for large prime numbers (e.g. prime numbers larger than 2-128).
N: presetting a public key of an encryption algorithm.
R: a random number.
C: ciphertext.
Gen: presetting a key generation algorithm corresponding to an encryption algorithm.
Enc: an encryption algorithm is preset.
Dec: presetting a decryption algorithm corresponding to an encryption algorithm.
Enc_and: presetting an AND encryption algorithm of an encryption algorithm.
Dec_and: presetting an encryption algorithm and a decryption algorithm.
K: the length of the string.
The preset encryption algorithm has the encryption characteristics of the logic operations, and in one possible scenario of the preset encryption algorithm, the encryptor encrypts one bit data b according to the encryption and decryption modes of the preset encryption algorithm:
Key generation Gen: private key (p, q), public key n is private key multiplied by n=p×q. Wherein p and q are large prime numbers modulo 4 and 3.
Encryption Enc: a selects a random number r, and calculates c=enc (b) =c=r 2·(n-1)b mod n.
Decryption Dec: for ciphertext C, calculate
Where mod represents a modulo operation.
And (3) presetting an encryption algorithm and an encryption algorithm:
the sum encryption algorithm of the preset encryption algorithm is used for presetting the sum property of the encryption algorithm. The ciphertext under the preset encryption algorithm can be directly generated by the ciphertext of the preset encryption algorithm. The generation process is as follows:
the existing bit b is according to the ciphertext c=enc (b) obtained by the preset encryption algorithm, AND the ciphertext enc_and (b) = (c_1, c_2, …, c_s) of the preset encryption algorithm of the bit b. Wherein s can be s.gtoreq.30.
1. S random bits r_1, r_2, …, r_s are selected.
2. If the random bit r_i=1, let c_i=enc (0).
Let c_i=enc (0) c (n-1) mod n if the random bit r_i=0.
Wherein c is ciphertext obtained by the bit b according to a preset encryption algorithm, and n is a public key of the preset encryption algorithm.
The nature of the preset encryption algorithm:
1. Exclusive OR
Given ciphertext Enc (b 1) of b1, ciphertext Enc (b 2) of b2, then b1 exclusive or b2 (i.e.: ) Ciphertext of (C)
Namely: the ciphertext obtained by the exclusive OR of the two plaintext bits according to the preset encryption algorithm is equal to the multiplication of the two ciphertext obtained by the two plaintext bits according to the preset encryption algorithm.
2. Non-:
known ciphertext Enc (b) of b, then not The ciphertext of (1-b) is Enc (b) ×n-1.
Namely: the plaintext bit is taken as the ciphertext obtained according to the preset encryption algorithm after the non-taking, and is equal to the ciphertext obtained by the plaintext bit according to the preset encryption algorithm multiplied by (the public key-1 of the preset encryption algorithm).
3. And (U):
the and-used preset encryption algorithm is the and ciphertext of the preset encryption algorithm.
Let b1 AND b2 (i.e., b1 n b 2) AND ciphertext be (c_1, c_1', c_2', …, c_s) AND b2 AND enc_and (b 2) = (c_1 ', c_2', …, c_s ') be enc_and (b 1) = (c_1, c_2, …, c_s).
Namely: the two plaintext bits take ciphertext of a preset encryption algorithm after the two plaintext bits are multiplied by corresponding bits of the ciphertext of the preset encryption algorithm of the two plaintext bits.
Ciphertext equality test:
the two message plaintext m1, m2 are encrypted by using the same public key, two ciphertext c1, c2 are obtained, and the ciphertext equality test means that whether the two plaintext m1, m2 are identical or not is judged by the two ciphertext c1, c 2.
During the operation of a financial institution (banking institution, insurance institution or securities institution) in doing business (e.g. loan business, deposit business, etc. of a bank), there are many users of the financial institution, and in some cases, data processing is performed in the form of ciphertext. At present, the data processing mode under the ciphertext mode is that users submit ciphertext to a centralized mechanism for processing. However, in the manner of processing ciphertext according to a third party authority, not only is the cost increased, but there is also a reliability problem. This situation does not meet the requirements of financial institutions such as banks, and cannot guarantee efficient operation of various businesses of the financial institutions. To this end, as shown in fig. 1, the present application provides a data processing method.
Step 101: the first party obtains a second public key and a second ciphertext from the second party.
The second ciphertext is obtained by encrypting the second plaintext data according to a second public key by the second party according to a preset encryption algorithm.
Step 102: and the first party encrypts the first plaintext data of the first party according to the second public key and the preset encryption algorithm to obtain a third ciphertext.
Step 103: and the first party obtains a first ciphertext processing result based on conversion operation of preset operation under the preset encryption algorithm according to the second public key, the second ciphertext and the third ciphertext.
The preset operation is a composite logic operation to be executed on the first plaintext data and the second plaintext data; the compound logical operation is formed by compounding all logical operations; the preset encryption algorithm has the encryption characteristics of each logical operation.
It should be noted that the preset encryption algorithm has the encryption characteristics of each logical operation. For example, if the encryption algorithm has an and encryption characteristic, a non-encryption characteristic, and an xor encryption characteristic, the logical operations may be at least one of an and logical operation, a non-logical operation, and an xor logical operation.
In an alternative embodiment (hereinafter referred to as a bit-based embodiment), the preset operation is specifically: after the plaintext operation result of each bit of the plaintext is obtained through the first sub-preset operation, a second sub-preset operation is executed on the plaintext operation result of each bit of the plaintext.
It should be noted that, the preset operation actually satisfies that each bit may be operated first to obtain a result of each bit, and then based on the result of each bit, an overall result is operated, thereby implementing the slicing operation.
The first sub-preset operation and the second sub-preset operation are: any one of the logic operations or the composite logic operation of the logic operations; the first plaintext data and the second plaintext data have the same number of bits.
The conversion operation specifically comprises the following steps: after the ciphertext result of each bit of the ciphertext is obtained through the first sub-conversion operation, a second sub-conversion operation is performed on the ciphertext result of each bit of the ciphertext.
The first and second sub-conversion operations are: under the preset encryption algorithm, the logic operation of any one of the logic operations or the logic operation of the composite logic operation of the logic operations is performed; the second ciphertext and the third ciphertext have the same bit number.
One possible scenario for an implementation based on bit operations is as follows:
The first sub-preset operation specifically comprises the following steps:
m_ri is the ith bit of the first plaintext data, m_si is the ith bit of the second plaintext data, Representing exclusive or logic operations;
the first sub-conversion operation specifically includes:
Wherein enc_and represents a ciphertext conversion operation, n being the second public key;
the second sub-preset operation and the second sub-conversion operation are AND logic operations.
Another possible scenario for an implementation based on bit operations is as follows:
The first sub-preset operation specifically comprises the following steps:
m_sj is the j-th bit of the first plaintext data, and m_rj is the j-th bit of the second plaintext data; m_si is the i-th bit of the first plaintext data, and m_ri is the i-th bit of the second plaintext data; k is the number of bits of the first plaintext data and the second plaintext data;
represents a non-logical operation, ∈represents an AND logical operation,/> Representing exclusive or logic operations;
the first sub-conversion operation specifically includes:
Wherein enc_and represents a ciphertext conversion operation, enc represents a preset encryption algorithm, AND pi represents a successive product operation;
the second sub-preset operation and the second sub-conversion operation are both OR logic operations.
In an alternative implementation manner, the first party encrypts the first plaintext data according to the first public key of the first party according to the preset encryption algorithm to obtain a first ciphertext; the first party sends the first ciphertext and the first public key to the second party.
In the above embodiment, the second party may encrypt the second plaintext data according to the first public key to obtain a fourth ciphertext, and obtain, according to the first public key, the first ciphertext, and the fourth ciphertext, a second ciphertext processing result based on the conversion operation.
In the above manner, the first party sends the first ciphertext and the first public key to the second party, so that the second party encrypts the first ciphertext and the fourth ciphertext according to the same first public key.
Further, in the above embodiment, the following steps may be further performed:
the first participant obtains the second ciphertext processing result from the second participant; and the first party decrypts the second ciphertext processing result according to a preset decryption algorithm of the preset encryption algorithm to obtain a second plaintext processing result.
Under the mode, the first participant does not need to calculate, and the second ciphertext processing result is directly obtained from the second participant.
Further, an alternative embodiment is as follows:
And the first party decrypts the first ciphertext processing result according to a preset decryption algorithm of the preset encryption algorithm to obtain a first plaintext processing result.
In the above manner, the first participant decrypts the first ciphertext processing result, so that direct calculation through plaintext data is avoided, the first plaintext processing result can be directly obtained, a final first plaintext processing result can be obtained, and privacy security in the process of obtaining the first plaintext processing result is improved.
The scheme uses the above property of the preset encryption algorithm to judge whether the plaintext contained in the two ciphertext meets a certain relationship or not on the premise of not decrypting the two bit string ciphertexts. The preset operation can be any logic operation, and each logic operation can be a complete logic set formed by exclusive or logic operation, non-logic operation and AND logic operation. The logical operation in the complete logical set can form any logical operation, the complete logical set can also be OR logical operation, NOT logical operation and AND logical operation, and through the combination of the three logical operations, the corresponding conversion operation is arranged in the preset encryption algorithm, so that any logical function can be theoretically completed. The method theoretically supports all ciphertext operations and is universal.
The method of steps 101 to 103 is applicable to any ciphertext logic operation, and the data processing method shown in fig. 1 will be described in detail below by taking ciphertext equality test as an example.
In general, the participants in the ciphertext equality test are any plurality of owners of plaintext data, the plaintext data owned by the participants are in the form of character strings with any length k, and each character in the character strings is 0 or 1. Firstly, participants encrypt data owned by the participants by using a preset encryption algorithm, then mutually send own ciphertext to the other side, and finally each participant can self-judge whether the own ciphertext and received plaintext data corresponding to the ciphertext are the same or not by using own private key under the preset encryption algorithm. The following example illustrates two participants R, S. The scheme has two stages in total, and the specific flow of each stage will be explained in detail below.
In the first stage, each participant encrypts data using a preset encryption algorithm:
Step 1-1: each participant initializes its own public and private keys under a preset encryption algorithm.
The first participant R selects two large prime numbers p1, q1, p1 and q1 with the modulo 4 surplus 3 as a private key sk1 under a preset encryption algorithm; the first participant multiplies p1, q1 to obtain n1=p1×q1, n1 as a public key pk1 (first public key) under a preset encryption algorithm.
The second participant S selects the large prime numbers p2, q2, p2 and q2 of the two modulo 4 surplus 3 as a private key sk2 under a preset encryption algorithm; the second participant multiplies p2, q2 to obtain n2=p2×q2, n2 as a public key pk2 (second public key) under the preset encryption algorithm.
Step 1-2: each participant encrypts its own data using its public key under its preset encryption algorithm.
The first participant R and the second participant S respectively use public keys (first public keys) pk_r and pk_s under the preset encryption algorithm of the first participant R and the second participant S, encrypt data first plaintext data m_r and second plaintext data m_s of the first participant R and the second participant S by using the preset encryption algorithm to obtain ciphertext first ciphertext c_r and second ciphertext c_s, wherein the data m_r and m_s are character strings with the length of k.
Step 1-3: the first participant R sends the public key pk_r and the ciphertext c_r under the preset encryption algorithm of itself to S. The second participant S sends the public key pk_s and the ciphertext c_s under its own preset encryption algorithm to the first participant R.
In the second stage, the first participant R performs ciphertext equality test, and S obtains a test result:
Now R, S possess respectively: the method comprises the steps of self ciphertext, ciphertext of the other party and a public key of the other party under a preset encryption algorithm. Either party may perform ciphertext equivalent tests locally, and the flow of the test performed by the first participant R is described herein. First, the comparison process in the clear will be described. In the plaintext, R needs to determine whether two plaintext bit strings are equal, and needs to compare the two bit strings bit by bit, so R needs to calculate the following result (i.e. the preset operation is as follows):
wherein m_ri, m_si represent the ith bit of R, S plain data m_r, m_s, respectively, Representing i from bit 1 to bit k.
The preset operation F is corresponding to the operation on the ciphertext, R needs to calculate the ciphertext Res of F, where,
The calculation steps of R are as follows:
Step (2-1): the first participant R encrypts its first plaintext data m_r by using the second public key pks of the second participant S to obtain a third ciphertext c_r '=enc_pks (m_r), where c_r' is a number of length k, and the ith number is Enc (m_ri).
Step (2-2): r calculates Enc (1-m_ri) =enc (m_ri) × (n-1) using the non-nature of the preset encryption algorithm.
Step (2-3): r uses the exclusive or property of a preset encryption algorithm to calculate
Step (2-4): r uses the AND encryption algorithm of the preset encryption algorithm to calculate
Step (2-5): r calculates the ciphertext Res of the F function,
Step (2-6): r sends the ciphertext result Res to S.
Step (2-7): s decrypts Res, i.e., S calculates Dec (Res). If the decryption obtains 1, the corresponding plaintext in the S ciphertext is equal to the corresponding plaintext in the R ciphertext; if the decryption obtains 0, the corresponding plaintext in the S ciphertext is unequal to the corresponding plaintext in the R ciphertext. Thus S obtains the ciphertext equal test result.
It should be noted that R may also decrypt itself to calculate Dec (Res).
If R desires to calculate the ciphertext processing result from S, S may be executed with reference to steps (2-1) to (2-6), and step (2-7) is executed from R.
It should be noted that the above stage introduces implementation of the comparison function F under ciphertext, where F may be a preset operation formed by combining any of the logic operations. For example, if it is necessary to determine the size relationship of two ciphertexts corresponding to plaintext under ciphertext, then F may be designed to:
By utilizing the property of a preset encryption algorithm, the operation in the function F can be realized through the encrypted ciphertext, and the R carries out corresponding conversion operation under the ciphertext to obtain a comparison result ciphertext. S, decryption to obtain a comparison result. Therefore, the size relation of the two ciphertexts corresponding to the plaintext is judged under the condition that the two ciphertexts are not decrypted by the R and the S.
By analogy, any logical operation relation (such as AND, XOR and non-constituent compound logical operation) between plaintext data is adopted, after the plaintext data is encrypted, a participant can directly perform corresponding conversion operation on ciphertext under the condition of not decrypting, and the function equivalent to the plaintext operation is realized on the premise of ensuring the privacy of the participant data.
As shown in fig. 2, the present invention provides a data processing apparatus including:
an obtaining module 201, configured to obtain a second public key and a second ciphertext from a second party; the second ciphertext is obtained by encrypting second plaintext data according to a second public key by the second party according to a preset encryption algorithm;
the encryption module 202 is configured to encrypt, according to the second public key and the preset encryption algorithm, the first plaintext data of the first party to obtain a third ciphertext;
The processing module 203 is configured to obtain a first ciphertext processing result based on a conversion operation of a preset operation under the preset encryption algorithm according to the second public key, the second ciphertext, and the third ciphertext;
the preset operation is a composite logic operation to be executed on the first plaintext data and the second plaintext data; the compound logical operation is formed by compounding all logical operations; the preset encryption algorithm has the encryption characteristics of each logical operation.
Optionally, the preset operation specifically includes: after obtaining the plaintext operation result of each bit of the plaintext through the first sub-preset operation, executing a second sub-preset operation on the plaintext operation result of each bit of the plaintext;
The first sub-preset operation and the second sub-preset operation are: any one of the logic operations or the composite logic operation of the logic operations; the bit numbers of the first plaintext data and the second plaintext data are the same;
The conversion operation specifically comprises the following steps: after obtaining the ciphertext result of each bit of the ciphertext through the first sub-conversion operation, executing a second sub-conversion operation on the ciphertext result of each bit of the ciphertext;
The first and second sub-conversion operations are: under the preset encryption algorithm, the logic operation of any one of the logic operations or the logic operation of the composite logic operation of the logic operations is performed; the second ciphertext and the third ciphertext have the same bit number.
Optionally, the first sub-preset operation specifically includes:
m_ri is the ith bit of the first plaintext data, m_si is the ith bit of the second plaintext data, Representing exclusive or logic operations;
the first sub-conversion operation specifically includes:
wherein enc_and represents a ciphertext conversion operation;
the second sub-preset operation and the second sub-conversion operation are AND logic operations.
Optionally, the first sub-preset operation specifically includes:
m_sj is the j-th bit of the first plaintext data, and m_rj is the j-th bit of the second plaintext data; m_si is the i-th bit of the first plaintext data, and m_ri is the i-th bit of the second plaintext data; k is the number of bits of the first plaintext data and the second plaintext data;
represents a non-logical operation, ∈represents an AND logical operation,/> Representing exclusive or logic operations;
the first sub-conversion operation specifically includes:
Wherein enc_and represents a ciphertext conversion operation, enc represents a preset encryption algorithm, AND pi represents a successive product operation;
the second sub-preset operation and the second sub-conversion operation are both OR logic operations.
Optionally, the obtaining module 201 is further configured to: encrypting the first plaintext data according to a first public key of a first participant according to the preset encryption algorithm to obtain a first ciphertext; the processing module 203 is further configured to: and sending the first ciphertext and the first public key to the second party, so that the second party encrypts the second plaintext data according to the first public key to obtain a fourth ciphertext, and obtaining a second ciphertext processing result based on the conversion operation according to the first public key, the first ciphertext and the fourth ciphertext.
Optionally, the obtaining module 201 is further configured to: acquiring the second ciphertext processing result from the second participant;
The processing module 203 is further configured to:
And decrypting the second ciphertext processing result according to a preset decryption algorithm of the preset encryption algorithm to obtain a second plaintext processing result.
Optionally, the processing module 203 is further configured to:
and decrypting the first ciphertext processing result according to a preset decryption algorithm of the preset encryption algorithm to obtain a first plaintext processing result.
Based on the same inventive concept, the embodiments of the present invention also provide a computer device including a program or an instruction, when the program or the instruction is executed, the data processing method and any optional method provided by the embodiments of the present invention are executed.
Based on the same inventive concept, the embodiments of the present invention also provide a computer readable storage medium including a program or instructions, which when executed, perform a data processing method and any optional method as provided in the embodiments of the present invention.
It will be appreciated by those skilled in the art that embodiments of the present invention may be provided as a method, or as a computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. It is therefore intended that the following claims be interpreted as including the preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various modifications and variations can be made to the present invention without departing from the spirit or scope of the invention. Thus, it is intended that the present invention also include such modifications and alterations insofar as they come within the scope of the appended claims or the equivalents thereof.
Claims (10)
1. A method of data processing, comprising:
The first participant obtains a second public key and a second ciphertext from the second participant; the second ciphertext is obtained by encrypting second plaintext data according to a second public key by the second party according to a preset encryption algorithm;
The first party encrypts the first plaintext data of the first party according to the second public key and the preset encryption algorithm to obtain a third ciphertext;
The first party obtains a first ciphertext processing result based on conversion operation of preset operation of the preset encryption algorithm according to the second public key, the second ciphertext and the third ciphertext;
The preset operation is specifically as follows: after obtaining the plaintext operation result of each bit of the plaintext through the first sub-preset operation, executing a second sub-preset operation on the plaintext operation result of each bit of the plaintext; the first sub-preset operation and the second sub-preset operation are: any one of the logic operations or the composite logic operation of the logic operations; the bit numbers of the first plaintext data and the second plaintext data are the same; the preset encryption algorithm has the characteristics of encryption, non-encryption and exclusive or encryption; each logical operation is at least one of AND logical operation, NOT logical operation and XOR logical operation.
2. The method of claim 1, wherein,
The conversion operation specifically comprises the following steps: after obtaining the ciphertext result of each bit of the ciphertext through the first sub-conversion operation, executing a second sub-conversion operation on the ciphertext result of each bit of the ciphertext;
The first and second sub-conversion operations are: any one of the logic operations or a compound logic operation of the logic operations; the second ciphertext and the third ciphertext have the same bit number.
3. The method of claim 2, wherein the first sub-preset operation is specifically:
(1-m_ri)⊕m_si;
m_ri is the ith bit of the first plaintext data, m_si is the ith bit of the second plaintext data, and is denoted exclusive OR logic operation;
the first sub-conversion operation specifically includes:
Enc_AND((1-m_ri)⊕m_si);
wherein enc_and represents a ciphertext conversion operation;
the second sub-preset operation and the second sub-conversion operation are AND logic operations.
4. The method of claim 2, wherein the first sub-preset operation is specifically:
m_sj is the j-th bit of the first plaintext data, and m_rj is the j-th bit of the second plaintext data; m_si is the i-th bit of the first plaintext data, and m_ri is the i-th bit of the second plaintext data; k is the number of bits of the first plaintext data and the second plaintext data;
wherein ∈represents a logical operation, Λ represents a logical operation, and ∈represents an exclusive-or logical operation;
the first sub-conversion operation specifically includes:
Wherein enc_and represents a ciphertext conversion operation, enc represents a preset encryption algorithm, AND pi represents a successive product operation;
the second sub-preset operation and the second sub-conversion operation are both OR logic operations.
5. The method of any one of claims 1 to 4, further comprising:
The first party encrypts the first plaintext data according to a first public key of the first party according to the preset encryption algorithm to obtain a first ciphertext;
The first party sends the first ciphertext and the first public key to the second party, so that the second party encrypts the second plaintext data according to the first public key to obtain a fourth ciphertext, and obtains a second ciphertext processing result based on the conversion operation according to the first public key, the first ciphertext and the fourth ciphertext.
6. The method as recited in claim 5, further comprising:
The first participant obtains the second ciphertext processing result from the second participant;
and the first party decrypts the second ciphertext processing result according to a preset decryption algorithm of the preset encryption algorithm to obtain a second plaintext processing result.
7. The method of any one of claims 1 to 4, further comprising:
And the first party decrypts the first ciphertext processing result according to a preset decryption algorithm of the preset encryption algorithm to obtain a first plaintext processing result.
8. A data processing apparatus, comprising:
the acquisition module is used for acquiring a second public key and a second ciphertext from a second participant; the second ciphertext is obtained by encrypting second plaintext data according to a second public key by the second party according to a preset encryption algorithm;
the encryption module is used for encrypting the first plaintext data of the first participant according to the second public key and the preset encryption algorithm to obtain a third ciphertext;
The processing module is used for obtaining a first ciphertext processing result based on conversion operation of preset operation of the preset encryption algorithm according to the second public key, the second ciphertext and the third ciphertext;
The preset operation is specifically as follows: after obtaining the plaintext operation result of each bit of the plaintext through the first sub-preset operation, executing a second sub-preset operation on the plaintext operation result of each bit of the plaintext; the first sub-preset operation and the second sub-preset operation are: any one of the logic operations or the composite logic operation of the logic operations; the bit numbers of the first plaintext data and the second plaintext data are the same; the preset encryption algorithm has the characteristics of encryption, non-encryption and exclusive or encryption; each logical operation is at least one of AND logical operation, NOT logical operation and XOR logical operation.
9. A computer device comprising a program or instructions which, when executed, performs the method of any of claims 1 to 7.
10. A computer readable storage medium comprising a program or instructions which, when executed, performs the method of any of claims 1 to 7.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011447531.7A CN112580071B (en) | 2020-12-09 | 2020-12-09 | Data processing method and device |
| PCT/CN2021/129756 WO2022121607A1 (en) | 2020-12-09 | 2021-11-10 | Data processing method and apparatus |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011447531.7A CN112580071B (en) | 2020-12-09 | 2020-12-09 | Data processing method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112580071A CN112580071A (en) | 2021-03-30 |
| CN112580071B true CN112580071B (en) | 2024-05-14 |
Family
ID=75131006
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011447531.7A Active CN112580071B (en) | 2020-12-09 | 2020-12-09 | Data processing method and device |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN112580071B (en) |
| WO (1) | WO2022121607A1 (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112580071B (en) * | 2020-12-09 | 2024-05-14 | 深圳前海微众银行股份有限公司 | Data processing method and device |
| CN115617897B (en) * | 2022-11-04 | 2023-03-14 | 华控清交信息科技(北京)有限公司 | Data type conversion method and multi-party secure computing system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108599951A (en) * | 2018-08-10 | 2018-09-28 | 北京奇虎科技有限公司 | Encryption method and device |
| CN111143862A (en) * | 2019-12-13 | 2020-05-12 | 支付宝(杭州)信息技术有限公司 | Data processing method, query method, device, electronic equipment and system |
| CN111931250A (en) * | 2019-07-11 | 2020-11-13 | 华控清交信息科技(北京)有限公司 | Multi-party safety computing integrated machine |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| DE19924986B4 (en) * | 1998-05-29 | 2006-03-23 | Hitachi, Ltd. | Encryption Conversion Device, Decryption Conversion Device, Cryptographic Communication System and Electronic Fee Collection Device |
| CN105099653A (en) * | 2014-05-20 | 2015-11-25 | 华为技术有限公司 | Distributed data processing method, device and system |
| CN111447059B (en) * | 2020-03-30 | 2023-04-28 | 南阳理工学院 | Ciphertext equivalent test method, ciphertext equivalent test device, electronic equipment, storage medium and ciphertext equivalent test system |
| CN112580071B (en) * | 2020-12-09 | 2024-05-14 | 深圳前海微众银行股份有限公司 | Data processing method and device |
-
2020
- 2020-12-09 CN CN202011447531.7A patent/CN112580071B/en active Active
-
2021
- 2021-11-10 WO PCT/CN2021/129756 patent/WO2022121607A1/en active Application Filing
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108599951A (en) * | 2018-08-10 | 2018-09-28 | 北京奇虎科技有限公司 | Encryption method and device |
| CN111931250A (en) * | 2019-07-11 | 2020-11-13 | 华控清交信息科技(北京)有限公司 | Multi-party safety computing integrated machine |
| CN111143862A (en) * | 2019-12-13 | 2020-05-12 | 支付宝(杭州)信息技术有限公司 | Data processing method, query method, device, electronic equipment and system |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2022121607A1 (en) | 2022-06-16 |
| CN112580071A (en) | 2021-03-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3268914B1 (en) | Determining a common secret for the secure exchange of information and hierarchical, deterministic cryptographic keys | |
| CN108199835B (en) | Multi-party combined private key decryption method | |
| CN111510281B (en) | Homomorphic encryption method and device | |
| Huang et al. | Achieving accountable and efficient data sharing in industrial internet of things | |
| CN106961336A (en) | A kind of key components trustship method and system based on SM2 algorithms | |
| US8180048B2 (en) | Method and system for computational transformation | |
| CN104685826A (en) | Input consistency verification for two-party secure function evaluation | |
| CN111783129A (en) | Data processing method and system for protecting privacy | |
| US20230224147A1 (en) | Generating shared private keys | |
| CN112580071B (en) | Data processing method and device | |
| EP2509050B1 (en) | Method for verifying the correct registration of an item of information | |
| CN112182660A (en) | Data sorting method and device | |
| CA2819211C (en) | Data encryption | |
| WO2023056763A1 (en) | Method and apparatus for sharing private data | |
| CN117370927A (en) | Safe multi-party computing fusion method and system based on block chain | |
| CN113159745B (en) | Block chain transaction privacy protection method based on full homomorphism | |
| CN116318696B (en) | Proxy re-encryption digital asset authorization method under condition of no initial trust of two parties | |
| CN116743358A (en) | Repudiation multi-receiver authentication method and system | |
| CN115361109B (en) | Homomorphic encryption method supporting bidirectional proxy re-encryption | |
| US6823070B1 (en) | Method for key escrow in a communication system and apparatus therefor | |
| WO2023072502A1 (en) | Generating shared keys | |
| CN114629620A (en) | Homomorphic encryption calculation method and system, homomorphic request, calculation and key system | |
| CN117917041A (en) | Generating a shared encryption key | |
| Zou et al. | A new digital signature primitive and its application in blockchain | |
| JP5103407B2 (en) | Encrypted numerical binary conversion system, encrypted numerical binary conversion method, encrypted numerical binary conversion program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |