CN112733161A - Device and method for federated learning ciphertext operation - Google Patents
Device and method for federated learning ciphertext operation Download PDFInfo
- Publication number
- CN112733161A CN112733161A CN202011628599.5A CN202011628599A CN112733161A CN 112733161 A CN112733161 A CN 112733161A CN 202011628599 A CN202011628599 A CN 202011628599A CN 112733161 A CN112733161 A CN 112733161A
- Authority
- CN
- China
- Prior art keywords
- modular
- multiplication
- modular multiplication
- exponentiation
- ciphertext
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims description 68
- 238000004364 calculation method Methods 0.000 claims abstract description 175
- 230000009467 reduction Effects 0.000 claims description 6
- 238000012545 processing Methods 0.000 abstract description 15
- 238000005516 engineering process Methods 0.000 abstract description 2
- 238000007792 addition Methods 0.000 description 35
- 230000008569 process Effects 0.000 description 25
- 239000013598 vector Substances 0.000 description 16
- 238000007726 management method Methods 0.000 description 13
- 239000011159 matrix material Substances 0.000 description 9
- 230000009466 transformation Effects 0.000 description 8
- 230000001131 transforming effect Effects 0.000 description 8
- 230000001276 controlling effect Effects 0.000 description 6
- 238000010586 diagram Methods 0.000 description 6
- 238000012549 training Methods 0.000 description 5
- 230000006872 improvement Effects 0.000 description 4
- 238000003672 processing method Methods 0.000 description 4
- 230000009286 beneficial effect Effects 0.000 description 3
- 230000002349 favourable effect Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000006243 chemical reaction Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000012804 iterative process Methods 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 238000013528 artificial neural network Methods 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000007418 data mining Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 238000013139 quantization Methods 0.000 description 1
- 230000001105 regulatory effect Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
Abstract
The application relates to a ciphertext operation device for federal learning in data processing and privacy protection technologies. The device comprises: the modular exponentiation modular multiplication multiplexing calculation module comprises at least one modular exponentiation modular multiplication multiplexing calculation engine, and is configured to switch between a modular exponentiation mode and a modular multiplication mode; and the management module is used for controlling the modular exponentiation modular multiplication multiplexing calculation module to finish ciphertext multiplication operation in the modular exponentiation operation mode and controlling the modular exponentiation modular multiplication multiplexing calculation module to finish ciphertext addition operation in the modular exponentiation operation mode. The modular multiplication computing unit is called for carrying out modular multiplication computation for multiple times under the modular exponentiation mode and the modular multiplication mode so as to complete the ciphertext multiplication operation and the ciphertext addition operation.
Description
Technical Field
The application relates to the technical field of data processing and privacy protection, in particular to a device and a method for federated learning ciphertext operation.
Background
With the development of big data analysis and artificial intelligence technology, the demand for high-quality tag data is increasing. For example, training neural networks and data mining require a large amount of labeled data. These tagged data often originate from application data generated and accumulated by daily life business activities. Application data is often distributed across different organizations and individuals, such as transaction data distributed across various financial institutions and medical diagnostic data distributed across various medical institutions. In addition, cross-industry and cross-domain application data are also dispersed, for example, social attribute data and e-commerce transaction data in the internet domain are controlled by different entities. For the purpose of protecting the business interests of the user, and also based on data security, user privacy protection, and non-equal consideration of policy and regulatory standards of each industry, organizations or individuals who grasp application data are often unwilling or do not have appropriate means to cooperate with each other, so that it is difficult for the application data grasped by the organizations or individuals to work together. This dilemma in data sharing and collaborative collaboration is referred to as data islanding. In order to solve the problem of cross-industry and cross-organization data cooperation, particularly the key problems of privacy protection and data security, a federal learning concept is provided. The federal learning refers to that each participant with data performs joint training of the encrypted data in an encryption mode on the premise that data resources do not need to be shared and the data cannot be output locally, so that a shared machine learning model is cooperatively optimized to realize multi-win cooperation.
In a federal learning application scenario, each participant having data generally encrypts original data in a homomorphic encryption manner, and then uses the encrypted secret data or ciphertext in joint network model training, gradient calculation, model parameter training and the like. Among them, the Paillier algorithm is a common addition homomorphic algorithm. The network model used for joint training often has a larger scale and more model parameters, so the related homomorphic encryption ciphertext operation also involves a large amount of high-latitude data such as the multiply-add operation of a one-dimensional ciphertext array and a two-dimensional ciphertext array, and the related modulus often has a larger bit width, for example 2048 bits, and also needs a large amount of large integer modular exponentiation operation and modular multiplication operation. These pose significant challenges to the computational performance of hardware and processing devices used for federated learning, and therefore there is a need for devices and methods for federated learning ciphertext operations that can efficiently handle the vast number of large integer modular exponentiations and modular multiplication operations.
Disclosure of Invention
The application aims to meet the requirement of efficiently processing massive large integer modular exponentiation and modular multiplication operations for the federal learning cryptograph operation, the device and the method for the federal learning cryptograph operation are used for realizing the modular exponentiation operation mode for the cryptograph multiplication operation and the modular multiplication operation mode for the cryptograph addition operation, and the operation efficiency of high-dimensional vectors and matrixes in the cryptograph operation process is improved by calling the same modular multiplication calculation unit for multiple times.
In a first aspect, an embodiment of the present application provides a ciphertext operation apparatus for federated learning. The device comprises: the modular exponentiation modular multiplication multiplexing calculation module comprises at least one modular exponentiation modular multiplication multiplexing calculation engine, and is configured to switch between a modular exponentiation mode and a modular multiplication mode; and the management module is used for controlling the modular exponentiation modular multiplication multiplexing calculation module to finish ciphertext multiplication operation in the modular exponentiation operation mode and controlling the modular exponentiation modular multiplication multiplexing calculation module to finish ciphertext addition operation in the modular exponentiation operation mode. Wherein the at least one modular exponentiation modular multiplication multiplexing calculation engine comprises a first parameter selector, a second parameter selector and a modular multiplication calculation unit. The modular multiplication calculating unit performs modular multiplication calculation according to the first parameter output by the first parameter selector and the second parameter output by the second parameter selector. The first parameter and the second parameter are configured to have different parameters in the modular exponentiation mode and the modular multiplication mode. The modular multiplication computing unit is called for carrying out modular multiplication computation for multiple times under the modular exponentiation mode and the modular multiplication mode so as to complete the ciphertext multiplication operation and the ciphertext addition operation.
The technical scheme described in the first aspect realizes the modular exponentiation operation mode for ciphertext multiplication operation and the modular multiplication operation mode for ciphertext addition operation, and is favorable for improving the operation efficiency of high-dimensional vectors and matrixes in the secret operation process by calling the same modular multiplication calculation unit for multiple times.
According to the first aspect, in a possible implementation manner, the modular exponentiation modular multiplication multiplexing computation module completing the ciphertext multiplication operation in the modular exponentiation mode includes: the modular exponentiation multiplexing computation module performs two modular multiplication computations when the current bit of the binarized exponentiation is a non-zero bit and performs one modular multiplication computation when the current bit of the binarized exponentiation is a zero bit. In this way, the calculation efficiency can be effectively improved by selecting the significant bit with the highest value of 1, and whether to execute the second modular multiplication calculation is judged according to whether the bit of the current bit of the power exponent after binarization is 1, so that the ciphertext multiplication operation can be converted into a plurality of modular multiplication calculations.
According to the first aspect, in a possible implementation manner, the two times of modular multiplication calculation include a first modular multiplication calculation and a second modular multiplication calculation, where the first modular multiplication calculation is to perform modular multiplication calculation on a modular multiplication result and a modulus of a first montgomery field to obtain a modular multiplication result of a second montgomery field, and the second modular multiplication calculation is to perform modular multiplication calculation on a modular multiplication result of the second montgomery field and a power base number of montgomery to obtain a modular multiplication result of a third montgomery field. Thus, the method is beneficial to converting the ciphertext multiplication operation into multiple modular multiplication operations.
According to the first aspect, in a possible implementation manner, the at least one modular exponentiation modular multiplication multiplexing computation engine includes a plurality of modular exponentiation modular multiplication multiplexing computation engines connected in parallel, and the plurality of modular exponentiation modular multiplication multiplexing computation engines perform parallel computation in the modular exponentiation mode to complete the ciphertext multiplication operation. Thus, the operation efficiency is improved through parallel computation.
According to the first aspect, in one possible implementation manner, the plurality of modular exponentiations and modular exponentiations share a modulus, and an exponentiation and a power base are distributed to the plurality of modular exponentiations and modular multiplications, wherein the exponentiation is plaintext data associated with the ciphertext multiplication operation, the modulus is key data associated with the ciphertext multiplication operation, and the power base is ciphertext data associated with the ciphertext multiplication operation. In this way, the operation efficiency is improved by sharing parameters and parallel computation in a plurality of modular exponentiation modular multiplication multiplexing computation engines.
According to the first aspect, in a possible implementation manner, the apparatus further includes: a Montgomery module, wherein the Montgomery module is configured to provide Montgomery operations; an obfuscation computation module, wherein the obfuscation computation module is configured to provide a modular multiplication operation of a Montgomery domain; a demotgomerization module, wherein the demotgomerization module is configured to provide a demotgomerization operation. The management module is further configured to selectively invoke a plurality of the Montgomerization module, the obfuscation calculation module, and the demotgomerization module. Therefore, by calling different modules and combinations, the combination of parallel operation and serial operation is realized, the operation efficiency of high-dimensional vectors and matrixes in the cryptographic operation process is improved, and the cryptographic operation in a more abundant form in a homomorphic cryptographic state can be realized.
According to the first aspect, in a possible implementation manner, the montgomery reduction module, the aliasing calculation module, and the demomorphization module each include a modular multiplication control unit and a modular multiplication calculation unit, which are configured to perform a modular multiplication operation on a corresponding montgomery reduction operation, an aliasing operation, and a demomorphy reduction operation, respectively. Therefore, by calling different modules and combinations, the combination of parallel operation and serial operation is realized, the operation efficiency of high-dimensional vectors and matrixes in the cryptographic operation process is improved, and the cryptographic operation in a more abundant form in a homomorphic cryptographic state can be realized.
According to the first aspect, in a possible implementation manner, the at least one modular exponentiation modular multiplication multiplexing computation engine includes a plurality of modular exponentiation modular multiplication multiplexing computation engines connected in parallel, the management module controls the plurality of modular exponentiation modular multiplication multiplexing computation engines to perform parallel operations, and the management module controls a plurality of the invoked montgomery block, the aliasing computation module, and the demomontgomery block to perform serial operations. Therefore, by calling different modules and combinations, the combination of parallel operation and serial operation is realized, the operation efficiency of high-dimensional vectors and matrixes in the cryptographic operation process is improved, and the cryptographic operation in a more abundant form in a homomorphic cryptographic state can be realized.
In a second aspect, embodiments of the present application provide an accelerator for federated learning-related privacy computations. The accelerator includes the ciphertext operation apparatus of any one of the first aspects.
The technical scheme described in the second aspect realizes the modular exponentiation operation mode for ciphertext multiplication operation and the modular multiplication operation mode for ciphertext addition operation, and is favorable for improving the operation efficiency of high-dimensional vectors and matrixes in the secret operation process by calling the same modular multiplication calculation unit for multiple times.
In a third aspect, an embodiment of the present application provides a method for ciphertext operation for federated learning. The method comprises the following steps: dividing a ciphertext operation formula in a homomorphic encryption state into a combination of ciphertext multiplication operation and ciphertext addition operation; performing the ciphertext multiplication operation through a modular exponentiation modular multiplication multiplexing calculation module in a modular exponentiation operation mode, wherein the modular exponentiation modular multiplication multiplexing calculation module comprises at least one modular exponentiation modular multiplication multiplexing calculation engine, and the modular exponentiation modular multiplication multiplexing calculation module is configured to be switched between the modular exponentiation operation mode and the modular multiplication operation mode; and performing the ciphertext addition operation through the modular exponentiation modular multiplication multiplexing calculation module in the modular multiplication operation mode. Wherein the at least one modular exponentiation modular multiplication multiplexing calculation engine comprises a first parameter selector, a second parameter selector and a modular multiplication calculation unit. The modular multiplication calculating unit performs modular multiplication calculation according to the first parameter output by the first parameter selector and the second parameter output by the second parameter selector. The first parameter and the second parameter are configured to have different parameters in the modular exponentiation mode and the modular multiplication mode. The modular multiplication computing unit is called for carrying out modular multiplication computation for multiple times under the modular exponentiation mode and the modular multiplication mode so as to complete the ciphertext multiplication operation and the ciphertext addition operation.
The technical scheme described in the third aspect realizes the modular exponentiation operation mode for ciphertext multiplication operation and the modular multiplication operation mode for ciphertext addition operation, and is favorable for improving the operation efficiency of high-dimensional vectors and matrixes in the secret operation process by calling the same modular multiplication calculation unit for multiple times.
Drawings
In order to explain the technical solutions in the embodiments or background art of the present application, the drawings used in the embodiments or background art of the present application will be described below.
Fig. 1 shows a schematic flow chart of a ciphertext operation method for federated learning provided in an embodiment of the present application.
Fig. 2 is a schematic flowchart illustrating a modular exponentiation mode of a ciphertext operation method of the processing method illustrated in fig. 1 according to an embodiment of the present application.
Fig. 3 is a schematic flowchart illustrating a modular multiplication mode of a ciphertext operation method of the processing method illustrated in fig. 1 according to an embodiment of the present application.
Fig. 4 shows a block diagram of a processing apparatus for federated learning ciphertext operation according to an embodiment of the present application.
Fig. 5 is a block diagram illustrating a structure of a modular exponentiation modular multiplication multiplexing calculation engine in the processing apparatus shown in fig. 4 according to an embodiment of the present application.
Fig. 6 is a block diagram illustrating a structure of a montgomery module in the processing apparatus shown in fig. 4 according to an embodiment of the present disclosure.
Detailed Description
The embodiment of the application provides a ciphertext operation device and method for federal learning. The device comprises: the modular exponentiation modular multiplication multiplexing calculation module comprises at least one modular exponentiation modular multiplication multiplexing calculation engine, and is configured to switch between a modular exponentiation mode and a modular multiplication mode; and the management module is used for controlling the modular exponentiation modular multiplication multiplexing calculation module to finish ciphertext multiplication operation in the modular exponentiation operation mode and controlling the modular exponentiation modular multiplication multiplexing calculation module to finish ciphertext addition operation in the modular exponentiation operation mode. Wherein the at least one modular exponentiation modular multiplication multiplexing calculation engine comprises a first parameter selector, a second parameter selector and a modular multiplication calculation unit. The modular multiplication calculating unit performs modular multiplication calculation according to the first parameter output by the first parameter selector and the second parameter output by the second parameter selector. The first parameter and the second parameter are configured to have different parameters in the modular exponentiation mode and the modular multiplication mode. The modular multiplication computing unit is called for carrying out modular multiplication computation for multiple times under the modular exponentiation mode and the modular multiplication mode so as to complete the ciphertext multiplication operation and the ciphertext addition operation. Therefore, the modular exponentiation operation mode for ciphertext multiplication operation and the modular multiplication operation mode for ciphertext addition operation are realized, and the same modular multiplication calculation unit is called for multiple times, so that the operation efficiency of high-dimensional vectors and matrixes in the cryptomorphic operation process is improved.
The embodiment of the application can be used in the following application scenarios: federal learning, privacy computation, Paillier encryption algorithm related to federal learning privacy computation or other homomorphic encryption algorithms, other application scenarios that require a large number of large integer modular multiplication operations and large bit-wide moduli, and the like.
The embodiments of the present application may be modified and improved according to specific application environments, and are not limited herein.
In order to make the technical field of the present application better understand, embodiments of the present application will be described below with reference to the accompanying drawings in the embodiments of the present application.
Referring to fig. 1, fig. 1 is a schematic flowchart illustrating a ciphertext operation method for federated learning according to an embodiment of the present application. As shown in fig. 1, the ciphertext operation method 100 may include the following steps.
Step S102: and splitting the ciphertext operation formula in the homomorphic encryption state into a combination of ciphertext multiplication operation and ciphertext addition operation, wherein the ciphertext multiplication operation is the multiplication of plaintext data and ciphertext data, and the ciphertext addition operation is the addition of the ciphertext data.
The ciphertext operation formula in the homomorphic encryption state can be firstly split into a plurality of basic forms, and then the plurality of basic forms can be further split into a combination of ciphertext multiplication operation and ciphertext addition operation. The ciphertext multiplication operation in the homomorphic encryption state is multiplication of plaintext data and ciphertext data, and is equivalent to performing modular exponentiation operation, referring to formula (1).
In the formula (1), the first and second groups,
represents an equivalent symbol; k denotes that the plaintext data is also a power exponent k; c represents that the ciphertext data is also a power base number C; mod represents a modulo operation; n indicates that the key data generated during encryption is also a modulus N. Formula (1) corresponds to ciphertext multiplication in a homomorphic encryption state, and can be realized by equivalent modular exponentiation according to a power exponent k, a power base number C and a modulus N.
The ciphertext addition operation in the homomorphic encryption state is the addition of two ciphertext data, and is equivalent to performing modular multiplication operation, referring to formula (2).
In the formula (2), the first and second groups,
represents an equivalent symbol; c1Representing first ciphertext data; c2Representing second ciphertext data; mod represents a modulo operation; n indicates that the key data generated during encryption is also a modulus N. Formula (2) corresponds to ciphertext encryption under homomorphic encryption stateA method operation performed by using the first ciphertext data C1And second ciphertext data C2And an equivalent modular multiplication operation of the modulus N.
Both formula (1) and formula (2) are based on the case where both plaintext data and ciphertext data are scalars. The above-mentioned several basic forms obtained by splitting the ciphertext operation formula in the homomorphic encryption state include a one-dimensional vector form and/or a two-dimensional matrix form of multiply-add operation, including, but not limited to, the addition of two ciphertext data both in the one-dimensional vector form or the two-dimensional matrix form, the addition of ciphertext data in the one-dimensional vector form and ciphertext data in the two-dimensional matrix form, and the multiplication of plaintext data in the one-dimensional vector form and ciphertext data in the two-dimensional matrix form; dot multiplication or inner product of plaintext data in a two-dimensional matrix form and ciphertext data in a two-dimensional matrix form; the cross product of plaintext data in the form of a two-dimensional matrix and ciphertext data in the form of a two-dimensional matrix is alternatively called an outer product. In addition, various possible combinations of these basic forms can also be used as the split basic forms, thereby covering various possible concrete expression forms of the ciphertext operation expression. These basic forms can be further divided into a combination of ciphertext multiplication operation shown in formula (1) and ciphertext addition operation shown in formula (2). For example, assuming that the ciphertext operation expression needs to perform point multiplication on plaintext data in an array form with a dimension N and ciphertext data in an array form with a dimension N, the operation can be split into a modular exponentiation operation shown in formula (1) of degree N and a modular multiplication operation shown in formula (2) of degree N-1. In this way, the ciphertext operation formula in the homomorphic encryption state is divided into the combination of ciphertext multiplication operation and ciphertext addition operation, so that parallel calculation by a plurality of modular exponentiation modular multiplication multiplexing calculation engines is facilitated.
Step S104: aiming at ciphertext multiplication, executing a modular exponentiation mode of a ciphertext operation method, taking a ciphertext C as an exponentiation base number, a plaintext k as an exponentiation exponent, and taking key data N generated in an encryption process as a modulus; aiming at ciphertext addition operation, executing a modular multiplication operation mode of a ciphertext operation method, taking each ciphertext as an addition object, and taking key data N generated in an encryption process as a modulus; the modular exponentiation operation mode and the modular multiplication operation mode of the ciphertext operation method are both subjected to parallel computation by a plurality of modular exponentiation modular multiplication multiplexing computation engines.
In step S102, the ciphertext operation formula in the homomorphic encryption state is split into a combination of ciphertext multiplication and ciphertext addition, so that the corresponding mode can be selectively executed according to the split result, thereby executing the modular exponentiation operation mode of the ciphertext operation method for the ciphertext multiplication operation or executing the modular multiplication operation mode of the ciphertext operation method for the ciphertext addition operation. And a plurality of modular exponentiation modular multiplication multiplexing calculation engines can be used for parallel calculation, so that the multiplexing efficiency and the operation speed are improved.
Step S106: and selectively calling a Montgomery conversion module, a confusion operation module or a demotgomery conversion module according to the ciphertext operation formula to obtain the final output of the ciphertext operation formula.
According to the specific form of the cryptograph operation formula, the Montgomery module, the confusion operation module or the Montgomery removal module can be selectively used for completing corresponding Montgomery, confusion calculation or Montgomery removal processing, and the Montgomery module, the confusion operation module or the Montgomery removal module can be selectively used for serial calculation while parallel calculation is performed through a plurality of modular power modular multiplication multiplexing calculation engines, so that the combination of parallel operation and serial operation is realized, the operation efficiency of high-dimensional vectors and matrixes in the cryptograph operation process is favorably improved, and the cryptograph operation in a more abundant form of homomorphic cryptograph can be realized.
Referring to fig. 2, fig. 2 is a schematic flowchart illustrating a modular exponentiation mode of a ciphertext operation method of the processing method shown in fig. 1 according to an embodiment of the present application. As shown in fig. 2, the modular exponentiation mode 200 of the ciphertext operation method includes the following steps.
Step S210: receiving the power exponent k and the modulus N calculated in the same batch, calculating an initial parameter u0 and a parameter R, sharing the common initial parameter u0, the parameter R and the modulus N to each parallel modular power and modular power multiplexing calculation engine, and distributing the power exponent k and the power base C to each modular power and modular power multiplexing calculation engine.
Each parallel modular exponentiation modular multiplication multiplexing calculation engine comprises a modular multiplication calculation module for performing modular multiplication calculation. The function of the modular multiplication calculating module refers to formula (3).
c=x y mod N (3)
In formula (3), x and y represent two parameters for the modular multiplication calculation; mod represents a modulo operation; n represents a modulus N; c represents the output result of the modular multiplication calculation.
In order to cooperatively call the modular multiplication computation modules included in the parallel modular exponentiation modular multiplication multiplexing computation engines for parallel computation, several parameters for parallel processing in the same batch need to be shared, including an initial parameter u0, a parameter R and a modulus N. Therefore, the common initial parameter u0, the parameter R and the modulus N need to be shared to each parallel modular exponentiation modular multiplication multiplexing computation engine. And simultaneously distributing the power exponent k and the power base number C to each modular exponentiation modular multiplication multiplexing calculation engine. In some cases, the power exponent k may also be shared; in some cases, the power exponent k corresponds to the power base C one-to-one and the power base C is distributed evenly to the respective modular power modular multiplication multiplexing calculation engines. Wherein, the initial parameter u0 and the parameter R are calculated by referring to the formulas (4) and (5).
u0=2nmod N (4)
R=22nmod N (5)
In equations (4) and (5), u0 represents the initial value of the Montgomery modular multiplication result u during the iteration of the square multiplication algorithm; r represents parameters needed for calculating Montgomerization of the power base number C; mod represents a modulo operation; n represents a modulus N; n denotes the actual bit width of the modulus N.
Step S212: and inputting the power bottom number C, the parameter R and the modulus N into a modular multiplication calculation module for modular multiplication calculation to obtain the Montgomery power bottom number MC.
In step S212, montgomery factorization of the power base number C is performed, the calculation process refers to formula (3) and selects the power base number C as the parameter x and the parameter R as the parameter y, and the output result of the modular multiplication calculation based on formula (3) is the montgomery factorized power base number MC.
Step S214: and inputting the Montgomery modular multiplication result u and the modulus N into a modular multiplication calculation module for modular multiplication calculation, and updating the Montgomery modular multiplication result u by using the obtained modular multiplication result, wherein the initial value of the Montgomery modular multiplication result u is an initial parameter u 0.
In step S214, a first modular multiplication calculation in the iterative process of the square multiplication algorithm is performed, the calculation process refers to formula (3) and selects montgomery modular multiplication result u as parameter x and selects montgomery power base MC as parameter y, and montgomery modular multiplication result u is updated based on the output result of the modular multiplication calculation of formula (3). When the first modular multiplication calculation is carried out in the first iteration, the initial value u0 of the Montgomery modular multiplication result u in the iteration process of the square multiplication algorithm is used as the parameter x for calculation.
Step S216: it is determined whether the bit value of the current highest bit of the binarized power exponent k is 1. If it is 1, step S218 is performed, and if it is not 1, step S210 is performed.
And judging whether to execute the second modular multiplication calculation according to whether the bit value of the current highest bit of the binarized power exponent k is 1 or not. Here, the power exponent k corresponds to the plaintext data k in the modular exponentiation mode 200 of the ciphertext operation method, and the second modular multiplication calculation is performed and step S218 is performed if the bit value of the current highest bit of the power exponent k is 1, and the second modular multiplication calculation is not performed and step S220 is performed if the bit value of the current highest bit of the power exponent k is not 1.
Step S218: and inputting the Montgomery modular multiplication result u, the Montgomery power base number MC and the modulus N into a modular multiplication calculation module for modular multiplication calculation, and updating the Montgomery modular multiplication result u by using the obtained modular multiplication result.
In step S218, a second modular multiplication in the iterative process of the square multiplication algorithm is performed, the calculation process refers to formula (3) and selects montgomery modular multiplication result u as parameter x and selects montgomery power base MC as parameter y, and montgomery modular multiplication result u is updated based on the output result of the modular multiplication calculation of formula (3).
Step S220: the binarized power exponent k is shifted by one bit toward the lowest bit.
In one possible embodiment, the binary power exponent k is shifted bit by bit from the most significant 1 (non-zero bit) to the least significant bit. In another possible embodiment, the bit-wise shift is started from the most significant bit (possibly zero or non-zero bits) of the binarized power exponent k to the least significant bit.
Step S222: it is determined whether all bits of the binarized power exponent k have been shifted. Step S224 is performed if all bits have been shifted, and step S214 is performed if there are more bits not shifted.
Therein, the binarized power exponent k is shifted bit by performing steps S214 to S222 in a loop until all bits of the binarized power exponent k have been shifted, that is, to the lowest bit. In addition, two or one modular multiplication calculations are performed on each bit depending on whether its value is 1 or 0, respectively. When all bits have been shifted, this means that the loop is over, otherwise, the process returns to step S214 to continue execution.
Step S224: and judging whether Montgomerization removal is needed or not according to the corresponding ciphertext operation formula. Step S226 is performed if demotgomerization is required, and step S228 is performed if demotgomerization is not required.
According to the specific form of the ciphertext operation formula, it can be determined whether to perform a demotgomerization operation, for example, when the ciphertext operation formula calculates the multiplication of the ciphertext vector and the plaintext number, the demotgomerization operation is performed.
Step S226: and inputting the positive integer 1, the Montgomery modular multiplication result u and the modulus N into a modular multiplication calculation module for modular multiplication calculation, and updating the Montgomery modular multiplication result u by using the obtained modular multiplication calculation result.
In step S226, a demomontgomery operation is performed, and the calculation process refers to formula (3) and selects a positive integer 1 as a parameter x and selects a montgomery modular multiplication result u as a parameter y, and updates the montgomery modular multiplication result u based on an output result of the modular multiplication calculation of formula (3).
Step S228: and outputting a Montgomery modular multiplication result u.
Thus, combining step S212 and step S226, montgomery to the power base C and montgomery to the montgomery modular multiplication result u can be realized by one modular multiplication. In this way, through square multiplication and Montgomery algorithm, the modular exponentiation equivalent to the ciphertext multiplication shown in formula (1) is converted into multiple modular exponentiations, through shifting the binarized power exponent k to the lowest bit by one bit in each iteration process, and performing two times or one time of modular multiplication calculation according to the value 1 or 0 of each bit respectively, and through the selection of the input parameter x and the parameter y of each modular multiplication calculation and the updating of the Montgomery modular multiplication result u by using the modular multiplication result, the efficient modular exponentiation calculation through a plurality of parallel modular exponentiation modular multiplication multiplexing calculation engines is realized. Further, the modular exponentiation calculation can be realized by square multiplication calculation based on the Montgomery domain and large digital multiplication calculation based on the Montgomery domain, so that the overall calculation power can be improved by utilizing the high parallel calculation and the pipelining characteristic of the FPGA. In addition, the operations of directly taking the modulus of the large integer can be avoided and replaced by multiplication, addition and shift operations, so that the operation complexity is reduced and the calculation efficiency is improved. In addition, when the large digital-to-analog multiplication calculation based on the Montgomery domain is used for realizing, the bit width, the pipeline number and/or the cycle number can be configured, so that the bit width, the pipeline number and/or the cycle number can be adjusted under the condition that FPGA resources, device levels, the pipeline number and main frequency factors are considered, and therefore the optimal performance improvement ratio is realized.
Referring to fig. 3, fig. 3 is a schematic flowchart illustrating a modular multiplication mode of a ciphertext operation method of the processing method shown in fig. 1 according to an embodiment of the present disclosure. As shown in fig. 3, the modular multiplication mode 300 of the ciphertext operation method includes the following steps.
Step S310: receiving the modulus N calculated in the same batch, calculating an initial parameter u0 and a parameter R, and sharing the common initial parameter u0, the parameter R and the modulus N to each parallel modular exponentiation modular multiplication multiplexing calculation engine.
Each parallel modular exponentiation modular multiplication multiplexing calculation engine comprises a modular multiplication calculation module for performing modular multiplication calculation. In order to cooperatively call the modular exponentiation modular multiplication multiplexing computation modules included in the parallel modular exponentiation modular multiplication multiplexing computation engines to perform parallel computation, the common initial parameter u0, the parameter R and the modulus N need to be shared by the parallel modular exponentiation modular multiplication multiplexing computation engines. The initial parameter u0 and the parameter R are calculated by referring to the above equations (4) and (5).
Step S312: and Montgomery transformation is carried out on the first ciphertext C1, and the power base number C1, the parameter R and the modulus N are input into a modular multiplication calculation module to be subjected to modular multiplication calculation, so that the Montgomery transformed first ciphertext MC1 is obtained.
In step S312, montgomery transformation of the first ciphertext C1 is performed, the calculation process refers to formula (3) and selects the first ciphertext C1 as the parameter x and the parameter R as the parameter y, and the output result of the modular multiplication calculation based on formula (3) is montgomery transformed first ciphertext MC 1.
Step S314: and Montgomery transformation is carried out on the second ciphertext C2, and the power base number C2, the parameter R and the modulus N are input into a modular multiplication calculation module to be subjected to modular multiplication calculation, so that the Montgomery transformed second ciphertext MC2 is obtained.
In step S314, montgomery transformation of the second ciphertext C2 is performed, the calculation process refers to formula (3) and selects the second ciphertext C2 as the parameter x and the parameter R as the parameter y, and the output result of the modular multiplication calculation based on formula (3) is montgomery transformed second ciphertext MC 2.
Step S316: and inputting the Montgomery first ciphertext MC1, the Montgomery second ciphertext MC2 and the modulus N into a modular multiplication calculation module for modular multiplication calculation, and using the obtained modular multiplication calculation result as a Montgomery domain modular multiplication result v.
The calculation process refers to formula (3) and selects the montgomery first ciphertext MC1 as the parameter x and selects the montgomery second ciphertext MC2 as the parameter y, and the output result of the modular multiplication calculation based on formula (3) is a montgomery domain modular multiplication result v.
Step S318: and inputting the positive integer 1, the Montgomery domain modular multiplication result v and the modulus N into a modular multiplication calculation module for modular multiplication calculation, using the obtained modular multiplication calculation result as a modular multiplication result after the Montgomery domain is removed, and outputting the modular multiplication result after the Montgomery domain is removed.
In step S318, a demomontgomery operation is performed, the calculation process refers to formula (3) and selects a positive integer 1 as a parameter x and selects a montgomery domain modular multiplication result v as a parameter y, and an output result of the modular multiplication calculation based on formula (3) is a demomontgomery modular multiplication result. The modular multiplication result after the Montgomerization is the result of the equivalent modular multiplication operation added with the two ciphertext data in the homomorphic encryption state.
In this way, the modular multiplication equivalent to the ciphertext addition operation shown in the formula (2) is converted into multiple times of modular multiplication calculation, so that efficient modular multiplication operation is realized through a plurality of parallel modular exponentiation modular multiplication multiplexing calculation engines.
It should be understood that, when the ciphertext addition operation involves the addition of more than two ciphertext data, for example, the third ciphertext C3 is also involved, the montgomery transformation of the third ciphertext C3 is performed to obtain the montgomery transformed second ciphertext MC3, then the montgomery transformed domain modular multiplication result v obtained from the montgomery transformed first ciphertext MC1, the montgomery transformed second ciphertext MC2 and the modulus N and the montgomery transformed second ciphertext MC3 are input to the modular multiplication module in step S316, the modular multiplication is performed to obtain the montgomery domain modular multiplication result related to the third ciphertext C3, and the demomontgomery transformation operation is performed to obtain the addition result of the three ciphertexts C1, C2 and C3. Similarly, the modular multiplication mode 300 of the ciphertext operation method may also be generalized to include more ciphertext additions.
Referring to fig. 4, fig. 4 is a block diagram illustrating a structure of a ciphertext operation apparatus for federated learning according to an embodiment of the present application. As shown in fig. 4, the ciphertext operation apparatus 400 may include an interface circuit 402, a memory 404, a management module 406, a modular exponentiation modular multiplication multiplexing module 410, a montgomery block 420, an obfuscation module 430, and a demomontgomery block 440. Fig. 4 also shows data transfer relationships between the respective modules by connecting lines with arrows. The interface circuit 402 is used for data exchange between the cryptogram operation device 400 and the outside, and includes necessary components such as software and hardware interfaces, and is configured to receive input data and transmit the input data to the management module 406. The management module 406 has necessary components such as a CPU or a main processor, and thus has functions of controlling data distribution and memory read/write control. The management module 406 is coupled to the memory 404 and can control reading from and writing to the memory 404. The management module 406 also issues data to the Montgomery transformation module 420, receives data from the demotgomery transformation module 440, and communicates data to and from the modular exponentiation modular multiplication multiplexing computation module 410. The modular exponentiation modular multiplication multiplexing computation module 410 has three parallel modular exponentiation modular multiplication multiplexing computation engines 411, 412, 413. It should be understood that the modular exponentiation modular multiplication multiplexing calculation engines 411, 412, 413 are merely exemplary, and the modular exponentiation modular multiplication multiplexing calculation module 410 may include any other number of modular exponentiation modular multiplication multiplexing calculation engines in parallel. The modular exponentiation modular multiplication multiplexing computation module 410 may send the data to the confusion computation module 430. The obfuscation computation module 430 sends the data to the demotgomerization module 440.
With continued reference to FIG. 4, the Montgomery module 420 receives data from the management module 406 for processing and passes the processed data to the next-level obfuscation module 430. The obfuscation computation module 430 may receive data from the montgomery module 420 or may receive data directly from the management module 406 for processing and pass the processed data to the next level of the demomontgomery module 440. The montgomery transforming module 420, the aliasing calculating module 430 and the unmanaged transforming module 440 each include a modular multiplication control unit and a modular multiplication calculating unit for performing a modular multiplication operation on the corresponding montgomery transforming operation, the aliasing calculating operation and the unmanaged transforming operation respectively. It should be understood that the management module 406 has necessary control circuits built therein to perform the ciphertext operation method in the embodiments of fig. 1 to 3, and may selectively invoke the montgomery operation module 420, the confusion calculation module 430, and the unmanaged operation module 440, so as to implement a combination of parallel operation and serial operation, which is beneficial to improve the operation efficiency of high-dimensional vectors and matrices in the ciphertext operation process, and also to implement ciphertext operation in a more rich form in the homomorphic encryption state.
Referring to fig. 5, fig. 5 is a block diagram illustrating a structure of a modular exponentiation modular multiplication multiplexing calculation engine in the processing apparatus shown in fig. 4 according to an embodiment of the present application. The modular exponentiation modular multiplication multiplexing calculation engine 500 shown in fig. 5 may correspond to the modular exponentiation modular multiplication multiplexing calculation engines 411, 412, 413 in the processing apparatus shown in fig. 4. As shown in fig. 5, the modular exponentiation modular multiplication multiplexing calculation engine 500 includes a modular exponentiation control unit 510 and a modular multiplication calculation unit 520. The modular exponentiation control unit 510 includes a modulus N memory 511 for storing a modulus N, an R memory 512 for storing a parameter R, a power base C memory 513 for storing a power base C, a Montgomery power base MC memory 514 for storing a Montgomery power base MC, and a Montgomery modular multiplication result u memory 515 for storing a Montgomery modular multiplication result u.
With continued reference to fig. 5, the modular exponentiation modular multiplication multiplexing computation engine 500 of fig. 5 may perform the methods of fig. 2 and 3. The modular exponentiation modular multiplication multiplexing computation engine 500 further includes a parameter x selector 530 and a parameter y selector 540. Where the parameter x selector 530 receives three parameters from the modular exponentiation control unit 510: the power base C stored in the power base C memory 513, the montgomery modular multiplication result u stored in the montgomery modular multiplication result u memory 515, and a positive integer 1. The parameter y selector 540 receives three parameters from the modular exponentiation control unit 510: the parameter R stored in the R memory 512, the Montgomery modular multiplication result u stored in the Montgomery modular multiplication result u memory 515, and the Montgomery power base number MC stored in the Montgomery power base number MC memory 514. The modular exponentiation control unit 510 of the modular exponentiation multiplexing computation engine 500 selectively receives different inputs as the parameter x and the parameter y by controlling the parameter x selector 530 and the parameter y selector 540, and inputs the parameter x and the parameter y to the modular multiplication computation unit 520 for modular multiplication operation. In combination with the above formula (3), here, the parameter x selected by the parameter x selector 530 and the parameter y selected by the parameter y selector 540 correspond to the two parameters x and y used for the modular multiplication calculation in formula (3), respectively, and the modulus N stored in the modulus N memory 511 corresponds to the modulus N in formula (3), and the output result c of one modular multiplication calculation obtained by the calculation in formula (3) corresponds to the montgomery modular multiplication result u in fig. 5. The Montgomery modular multiplication result u calculated by the modular multiplication unit 520 according to the formula (3) is input to the modular exponentiation control unit 510 and used to update the Montgomery modular multiplication result u stored in the Montgomery modular multiplication result u memory 515. In this way, the parameter x selector 530 and the parameter y selector 540 are arranged to receive and select different parameter combinations, respectively, thereby being beneficial to improving the operation efficiency and flexibility.
With reference to fig. 2, fig. 3 and fig. 5 and formula (3), by flexibly configuring the parameter x selector 530 and the parameter y selector 540 of the modular exponentiation modular multiplication multiplexing calculation engine 500 to respectively receive and select different parameter combinations, both the modular exponentiation mode 200 of the ciphertext operation method shown in fig. 2 and the modular multiplication mode 300 of the ciphertext operation method shown in fig. 3 can be converted into multiple modular multiplication calculations, so that the modular multiplication unit 520 of the modular exponentiation modular multiplication multiplexing calculation engine 500 can be multiplexed. Moreover, efficient parallel computation can be performed by the plurality of parallel modular exponentiation modular multiplication multiplexing computation engines 500, and serial computation can be performed by selectively using a Montgomery module, a confusion operation module or a Montgomery removal module, so that the combination of parallel operation and serial operation is realized, the improvement of the operation efficiency of high-dimensional vectors and matrixes in the cryptographic operation process is facilitated, and the cryptographic operation in a more abundant form in a homomorphic cryptographic state can be realized. In addition, the ciphertext operation formula in the homomorphic encryption state is divided into a combination of ciphertext multiplication operation and ciphertext addition operation, the modular exponentiation operation mode 200 of the ciphertext operation method shown in fig. 2 is executed for the ciphertext multiplication operation, and the modular multiplication operation mode 300 of the ciphertext operation method shown in fig. 3 is executed for the ciphertext addition operation, so that homomorphic encryption ciphertext operation requirements related to the federal learning application scene can be efficiently and parallelly processed.
Referring to fig. 6, fig. 6 is a block diagram illustrating a montgomery module in the processing apparatus shown in fig. 4 according to an embodiment of the present disclosure. The montgomery transforming module 620 shown in fig. 6 corresponds to the montgomery transforming module 420 in the ciphertext operation apparatus 400 shown in fig. 4. As shown in fig. 6, the montgomery quantization module 620 includes a modular multiplication control unit 630 and a modular multiplication calculation unit 640. The modular multiplication control unit 630 inputs the parameter x1 and the parameter y1 and the modulus N to the modular multiplication calculating unit 640 to calculate a modular multiplication calculation result u 1. The modular multiplication control unit 630 includes a montgomery result memory, a modular exponentiation calculation result memory, a modulo N memory, and a calculation result memory (all not shown). The parameter x1 is fixed as the result of the modular exponentiation calculation stored in the modular exponentiation calculation result memory. The parameter y1 may be a Montgomerization result stored in the corresponding Montgomerization result storage or a modular exponentiation result stored in the modular exponentiation result storage. The result u1 of the modular multiplication calculation calculated by the modular multiplication calculation unit 640 is transferred to the modular multiplication control unit 630 and written in the calculation result memory.
It should be understood that the obfuscation calculating module 430 and the unmanaged montgomery module 440 in the ciphertext operation apparatus 400 shown in fig. 4 also have a structure similar to the montgomery module 620 shown in fig. 6. That is, each of the montgomery transforming module 420, the aliasing calculating module 430 and the demomorphing module 440 includes a modular multiplication control unit and a modular multiplication calculating unit for performing a modular multiplication operation on a corresponding montgomery transforming operation, an aliasing calculating operation and a demomorphed operation respectively. The montgomery module 420 and the demomontgomery module 440 generally need only call the respective modular multiplication unit to perform a single modular multiplication operation to complete the corresponding montgomery operation and demomontgomery operation. In order to complete the corresponding obfuscating operation, the obfuscating calculating module 430 only needs to call its own modular multiplication calculating unit to perform a single modular multiplication calculation in some cases, and needs to perform multiply-accumulate operations after performing multiple modular multiplication calculations in some cases, such as dense matrix operations.
The embodiments provided herein may be implemented in any one or combination of hardware, software, firmware, or solid state logic circuitry, and may be implemented in connection with signal processing, control, and/or application specific circuitry. Particular embodiments of the present application provide an apparatus or device that may include one or more processors (e.g., microprocessors, controllers, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs), etc.) that process various computer-executable instructions to control the operation of the apparatus or device. Particular embodiments of the present application provide an apparatus or device that can include a system bus or data transfer system that couples the various components together. A system bus can include any of a variety of different bus structures or combination of different bus structures, such as a memory bus or memory controller, a peripheral bus, a universal serial bus, and/or a processor or local bus that utilizes any of a variety of bus architectures. The devices or apparatuses provided in the embodiments of the present application may be provided separately, or may be part of a system, or may be part of other devices or apparatuses.
Particular embodiments provided herein may include or be combined with computer-readable storage media, such as one or more storage devices capable of providing non-transitory data storage. The computer-readable storage medium/storage device may be configured to store data, programmers and/or instructions that, when executed by a processor of an apparatus or device provided by embodiments of the present application, cause the apparatus or device to perform operations associated therewith. The computer-readable storage medium/storage device may include one or more of the following features: volatile, non-volatile, dynamic, static, read/write, read-only, random access, sequential access, location addressability, file addressability, and content addressability. In one or more exemplary embodiments, the computer-readable storage medium/storage device may be integrated into a device or apparatus provided in the embodiments of the present application or belong to a common system. The computer-readable storage medium/memory device may include optical, semiconductor, and/or magnetic memory devices, etc., and may also include Random Access Memory (RAM), flash memory, read-only memory (ROM), erasable programmable read-only memory (EPROM), electrically erasable programmable read-only memory (EEPROM), registers, a hard disk, a removable disk, a recordable and/or rewriteable Compact Disc (CD), a Digital Versatile Disc (DVD), a mass storage media device, or any other form of suitable storage media.
The above is an implementation manner of the embodiments of the present application, and it should be noted that the steps in the method described in the embodiments of the present application may be sequentially adjusted, combined, and deleted according to actual needs. In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments. It is to be understood that the embodiments of the present application and the structures shown in the drawings are not to be construed as particularly limiting the devices or systems concerned. In other embodiments of the present application, an apparatus or system may include more or fewer components than the specific embodiments and figures, or may combine certain components, or may separate certain components, or may have a different arrangement of components. Those skilled in the art will understand that various modifications and changes may be made in the arrangement, operation, and details of the methods and apparatus described in the specific embodiments without departing from the spirit and scope of the embodiments herein; without departing from the principles of embodiments of the present application, several improvements and modifications may be made, and such improvements and modifications are also considered to be within the scope of the present application.
Claims (17)
1. A ciphertext operation apparatus for federated learning, the apparatus comprising:
the modular exponentiation modular multiplication multiplexing calculation module comprises at least one modular exponentiation modular multiplication multiplexing calculation engine, and is configured to switch between a modular exponentiation mode and a modular multiplication mode; and
a management module, wherein the management module is used for controlling the modular exponentiation modular multiplication multiplexing computation module to complete ciphertext multiplication operation in the modular exponentiation mode and controlling the modular exponentiation modular multiplication multiplexing computation module to complete ciphertext addition operation in the modular exponentiation mode,
wherein the at least one modular exponentiation modular multiplication multiplexing calculation engine comprises a first parameter selector, a second parameter selector and a modular multiplication calculation unit,
wherein the modular multiplication calculating unit performs modular multiplication calculation according to the first parameter output by the first parameter selector and the second parameter output by the second parameter selector,
the first parameter and the second parameter are configured with different parameters in the modular exponentiation mode and the modular multiplication mode,
the modular multiplication computing unit is called for carrying out modular multiplication computation for multiple times under the modular exponentiation mode and the modular multiplication mode so as to complete the ciphertext multiplication operation and the ciphertext addition operation.
2. The apparatus of claim 1, wherein the modular exponentiation modular multiplication multiplexing computation module performing the ciphertext multiplication in the modular exponentiation mode comprises:
the modular exponentiation multiplexing computation module performs two modular multiplication computations when the current bit of the binarized exponentiation is a non-zero bit and performs one modular multiplication computation when the current bit of the binarized exponentiation is a zero bit.
3. The ciphertext operation apparatus of claim 2, wherein the two modular multiplication operations include a first modular multiplication operation and a second modular multiplication operation, wherein the first modular multiplication operation is a modular multiplication operation of a modular multiplication result and a modulus of a first montgomery field to obtain a modular multiplication result of a second montgomery field, and the second modular multiplication operation is a modular multiplication operation of a modular multiplication result and a power base number of the montgomery field to obtain a modular multiplication result of a third montgomery field.
4. The apparatus according to claim 1, wherein the at least one modular exponentiation modular multiplication multiplexing computation engine includes a plurality of modular exponentiation modular multiplication multiplexing computation engines connected in parallel, the plurality of modular exponentiation modular multiplication multiplexing computation engines performing parallel computations in the modular exponentiation mode to complete the ciphertext multiplication operation.
5. The ciphertext operation apparatus of claim 4, wherein the plurality of modular exponentiation and modular multiplication engines share a modulus, and wherein an exponentiation and a base of a power are distributed to the plurality of modular exponentiation and modular multiplication engines, wherein the exponentiation is plaintext data associated with the ciphertext multiplication operation, the modulus is key data associated with the ciphertext multiplication operation, and the base of a power is ciphertext data associated with the ciphertext multiplication operation.
6. The ciphertext operation apparatus of claim 1, wherein the apparatus further comprises:
a Montgomery module, wherein the Montgomery module is configured to provide Montgomery operations;
an obfuscation computation module, wherein the obfuscation computation module is configured to provide a modular multiplication operation of a Montgomery domain;
a demotgomerization module, wherein the demotgomerization module is configured to provide a demotgomerization operation,
the management module is further configured to selectively invoke a plurality of the Montgomerization module, the obfuscation calculation module, and the demotgomerization module.
7. The ciphertext operation apparatus of claim 6, wherein the Montgomery operation module, the obfuscation calculation module, and the demomorphization module each comprise a modular multiplication control unit and a modular multiplication calculation unit, and are configured to perform a modular multiplication operation on the Montgomery operation, the obfuscation operation, and the demomorphization operation respectively.
8. The apparatus according to claim 6, wherein the at least one modular exponentiation modular multiplication multiplexing computation engine includes a plurality of modular exponentiation modular multiplication multiplexing computation engines connected in parallel, the management module controls the plurality of modular exponentiation modular multiplication multiplexing computation engines to perform parallel operations, and the management module controls a plurality of the called Montgomery modules, the obfuscated computation module, and the demotgomery modules to perform serial operations.
9. An accelerator for federated learning-related privacy computation, characterized in that it comprises a ciphertext computing apparatus of any of claims 1-8.
10. A method for ciphertext operations for federated learning, the method comprising:
dividing a ciphertext operation formula in a homomorphic encryption state into a combination of ciphertext multiplication operation and ciphertext addition operation;
performing the ciphertext multiplication operation through a modular exponentiation modular multiplication multiplexing calculation module in a modular exponentiation operation mode, wherein the modular exponentiation modular multiplication multiplexing calculation module comprises at least one modular exponentiation modular multiplication multiplexing calculation engine, and the modular exponentiation modular multiplication multiplexing calculation module is configured to be switched between the modular exponentiation operation mode and the modular multiplication operation mode; and
performing the ciphertext addition operation through the modular exponentiation modular multiplication multiplexing calculation module in the modular multiplication operation mode,
wherein the at least one modular exponentiation modular multiplication multiplexing calculation engine comprises a first parameter selector, a second parameter selector and a modular multiplication calculation unit,
wherein the modular multiplication calculating unit performs modular multiplication calculation according to the first parameter output by the first parameter selector and the second parameter output by the second parameter selector,
the first parameter and the second parameter are configured with different parameters in the modular exponentiation mode and the modular multiplication mode,
the modular multiplication computing unit is called for carrying out modular multiplication computation for multiple times under the modular exponentiation mode and the modular multiplication mode so as to complete the ciphertext multiplication operation and the ciphertext addition operation.
11. The method of claim 10, wherein performing the ciphertext multiplication operation by the modular exponentiation modular multiplication computation module in the modular exponentiation mode comprises:
the modular exponentiation multiplexing computation module performs two modular multiplication computations when the current bit of the binarized exponentiation is a non-zero bit and performs one modular multiplication computation when the current bit of the binarized exponentiation is a zero bit.
12. The method according to claim 11, wherein the two modular multiplication calculations include a first modular multiplication calculation and a second modular multiplication calculation, wherein the first modular multiplication calculation is a modular multiplication calculation of a modular multiplication result and a modulus of a first montgomery field to obtain a modular multiplication result of a second montgomery field, and the second modular multiplication calculation is a modular multiplication calculation of a modular multiplication result and a power base number of the montgomery field to obtain a modular multiplication result of a third montgomery field.
13. The method of claim 10, wherein the at least one modular exponentiation modular multiplication computation engine comprises a plurality of modular exponentiation modular multiplication computation engines connected in parallel, the plurality of modular exponentiation modular multiplication computation engines performing parallel computations in the modular exponentiation mode to complete the ciphertext multiplication operation.
14. The method of claim 13, wherein the plurality of modular exponentiation modular multiplication engines share a modulus, and wherein an exponentiation and a base of the power are distributed to the plurality of modular exponentiation modular multiplication engines, wherein the exponentiation is plaintext data associated with the ciphertext multiplication operation, wherein the modulus is key data associated with the ciphertext multiplication operation, and wherein the base of the power is ciphertext data associated with the ciphertext multiplication operation.
15. The method of claim 10, further comprising:
selectively invoking a plurality of the Montgomerization modules, the obfuscating computation module, and the demotgomerization module,
wherein the Montgomerization module is configured to provide Montgomerization operations, the obfuscation calculation module is configured to provide modular multiplication operations of Montgomerized domains, and the Montgomerization module is configured to provide Montgomerization operations.
16. The method according to claim 15, wherein the montgomery reduction module, the aliasing calculation module, and the demomorphization module each comprise a modular multiplication control unit and a modular multiplication calculation unit for performing a modular multiplication on the corresponding montgomery reduction operation, the aliasing calculation, and the demomorphy reduction operation, respectively.
17. The method of claim 15, wherein the at least one modular exponentiation modular multiplication multiplexing computation engine comprises a plurality of modular exponentiation modular multiplication multiplexing computation engines connected in parallel, wherein the management module controls the plurality of modular exponentiations modular multiplication multiplexing computation engines to perform parallel operations, wherein the management module controls a plurality of the invoked montgomery modules, the obfuscated computation module, and the demomontgomery modules to perform serial operations.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011628599.5A CN112733161A (en) | 2020-12-30 | 2020-12-30 | Device and method for federated learning ciphertext operation |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011628599.5A CN112733161A (en) | 2020-12-30 | 2020-12-30 | Device and method for federated learning ciphertext operation |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112733161A true CN112733161A (en) | 2021-04-30 |
Family
ID=75608158
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011628599.5A Pending CN112733161A (en) | 2020-12-30 | 2020-12-30 | Device and method for federated learning ciphertext operation |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112733161A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113032848A (en) * | 2021-05-20 | 2021-06-25 | 华控清交信息科技(北京)有限公司 | Data processing method and chip for data processing |
| CN113656823A (en) * | 2021-10-14 | 2021-11-16 | 深圳致星科技有限公司 | Secret addition computing device and system for federal learning and privacy computing |
| CN113900828A (en) * | 2021-12-08 | 2022-01-07 | 深圳致星科技有限公司 | Special processor for federal learning, federal learning processing chip and chip |
| CN114327370A (en) * | 2022-03-10 | 2022-04-12 | 湖北芯擎科技有限公司 | Method and circuit for calculating MR value in Montgomery modular multiplication algorithm |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101216754A (en) * | 2007-12-27 | 2008-07-09 | 广州杰赛科技股份有限公司 | Modular multiplication processing method, data encryption and decryption processing method and device |
| CN109039640A (en) * | 2018-08-03 | 2018-12-18 | 广东工业大学 | A kind of encryption and decryption hardware system and method based on rsa cryptosystem algorithm |
| CN110049013A (en) * | 2019-03-14 | 2019-07-23 | 广东工业大学 | A kind of encrypting and deciphering system and working method based on SM2 and RSA cryptographic algorithms |
| CN111092718A (en) * | 2019-12-25 | 2020-05-01 | 北京天融信网络安全技术有限公司 | Encryption method and device and electronic equipment |
| CN112070222A (en) * | 2020-11-10 | 2020-12-11 | 深圳致星科技有限公司 | Processing architecture, accelerator and method for federal learning |
-
2020
- 2020-12-30 CN CN202011628599.5A patent/CN112733161A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101216754A (en) * | 2007-12-27 | 2008-07-09 | 广州杰赛科技股份有限公司 | Modular multiplication processing method, data encryption and decryption processing method and device |
| CN109039640A (en) * | 2018-08-03 | 2018-12-18 | 广东工业大学 | A kind of encryption and decryption hardware system and method based on rsa cryptosystem algorithm |
| CN110049013A (en) * | 2019-03-14 | 2019-07-23 | 广东工业大学 | A kind of encrypting and deciphering system and working method based on SM2 and RSA cryptographic algorithms |
| CN111092718A (en) * | 2019-12-25 | 2020-05-01 | 北京天融信网络安全技术有限公司 | Encryption method and device and electronic equipment |
| CN112070222A (en) * | 2020-11-10 | 2020-12-11 | 深圳致星科技有限公司 | Processing architecture, accelerator and method for federal learning |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113032848A (en) * | 2021-05-20 | 2021-06-25 | 华控清交信息科技(北京)有限公司 | Data processing method and chip for data processing |
| CN113032848B (en) * | 2021-05-20 | 2021-08-10 | 华控清交信息科技(北京)有限公司 | Data processing method and chip for data processing |
| CN113656823A (en) * | 2021-10-14 | 2021-11-16 | 深圳致星科技有限公司 | Secret addition computing device and system for federal learning and privacy computing |
| CN113656823B (en) * | 2021-10-14 | 2022-02-08 | 深圳致星科技有限公司 | Secret addition computing device and system for federal learning and privacy computing |
| CN113900828A (en) * | 2021-12-08 | 2022-01-07 | 深圳致星科技有限公司 | Special processor for federal learning, federal learning processing chip and chip |
| CN113900828B (en) * | 2021-12-08 | 2022-03-04 | 深圳致星科技有限公司 | Special processor for federal learning, federal learning processing chip and chip |
| CN114327370A (en) * | 2022-03-10 | 2022-04-12 | 湖北芯擎科技有限公司 | Method and circuit for calculating MR value in Montgomery modular multiplication algorithm |
| CN114327370B (en) * | 2022-03-10 | 2022-06-21 | 湖北芯擎科技有限公司 | Method and circuit for calculating MR value in Montgomery modular multiplication algorithm |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112070222B (en) | Processing device, accelerator and method for federal learning | |
| CN112733161A (en) | Device and method for federated learning ciphertext operation | |
| CN112865954B (en) | Accelerator, chip and system for Paillier decryption | |
| CN112988237B (en) | Paillier decryption system, chip and method | |
| CN101908958B (en) | Encryption processing device, method for building encryption process algorithm, encryption processing method, and information processing device | |
| CN111475854B (en) | Collaborative computing method and system for protecting data privacy of two parties | |
| CN112883408B (en) | Encryption and decryption system and chip for private calculation | |
| CN113468099B (en) | Reconfigurable computing device, processor and method | |
| JP2017515195A (en) | Solve digital logic constraint problems via adiabatic quantum computation | |
| CN114021734B (en) | Parameter calculation device, system and method for federal learning and privacy calculation | |
| US5751616A (en) | Memory-distributed parallel computer and method for fast fourier transformation | |
| CN107819569A (en) | The encryption method and terminal device of log-on message | |
| Vaidya | Privacy-preserving linear programming | |
| Hu et al. | Batch image encryption using generated deep features based on stacked autoencoder network | |
| CN108718231A (en) | A kind of full homomorphic cryptography method, apparatus and computer readable storage medium | |
| CN113761563B (en) | Data intersection calculation method and device and electronic equipment | |
| CN113946846B (en) | Ciphertext computing device and method for federal learning and privacy computing | |
| Schlor et al. | Multi-party computation enables secure polynomial control based solely on secret-sharing | |
| CN116861477A (en) | Data processing method, system, terminal and storage medium based on privacy protection | |
| CN113656823B (en) | Secret addition computing device and system for federal learning and privacy computing | |
| CN110800034A (en) | Secret calculation system, secret calculation device, secret calculation method, program, and recording medium | |
| US20210297233A1 (en) | System and method for performing a fully homomorphic encryption on a plain text | |
| WO2020169996A1 (en) | Matrix-based cryptographic methods and apparatus | |
| Boxer et al. | Efficient computation of the Euclidean distance transform | |
| CN113625994B (en) | Data processing method and processing core |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |