CN113162752A

CN113162752A - Data processing method and device based on hybrid homomorphic encryption

Info

Publication number: CN113162752A
Application number: CN202110453222.9A
Authority: CN
Inventors: 李武璐; 王雪; 霍昱光; 权纯
Original assignee: CCB Finetech Co Ltd
Current assignee: CCB Finetech Co Ltd
Priority date: 2021-04-26
Filing date: 2021-04-26
Publication date: 2021-07-23
Anticipated expiration: 2041-04-26
Also published as: CN113162752B

Abstract

The invention discloses a data processing method and device based on hybrid homomorphic encryption, and relates to the technical field of big data. The method comprises the following steps: a calculation application party sends a data calculation request to a trusted calculation platform, and the trusted calculation platform comprises a ciphertext calculation platform and a key conversion platform; the trusted computing platform generates a data authorization request and sends the data authorization request to a data provider; the data provider performs authorization verification, sends authorization information to the key conversion platform and sends authorization approval information to the ciphertext computing platform; the ciphertext computing platform performs homomorphic ciphertext operation on the ciphertext data according to the first function and sends a ciphertext operation result to the key conversion platform; the key conversion platform performs key conversion on the ciphertext operation result according to the second function and the encrypted symmetric key, and sends the key conversion result to the calculation application party; and the calculation application party decrypts the key conversion result. The implementation mode can realize the multi-party privacy protection calculation function, and has high safety and high efficiency.

Description

Data processing method and device based on hybrid homomorphic encryption

Technical Field

The invention relates to the technical field of computers, in particular to a data processing method and device based on hybrid homomorphic encryption.

Background

With the continuous popularization of cloud computing and big data technology, governments and enterprises accumulate and manage more and more data, and due to the requirements of data security and privacy, the phenomenon of data islanding is increasingly serious, wherein the data of each family is difficult to effectively share and cooperate. In order to effectively promote effective fusion and cooperation of data of each party, the private data joint operation of each party needs to be realized on the premise of protecting the privacy and safety of each family of data, and the private data joint operation comprises functional points such as privacy protection inquiry, privacy protection calculation and the like.

The traditional multi-party secure computing (MPC) scheme based on the garbled circuit and secret sharing can solve the application problem to some extent, but has the respective disadvantages:

1. the garbled circuit scheme needs to generate a corresponding garbled circuit for a specific operation function, has poor compatibility for a complex operation function, and has performance which is difficult to meet the application requirement;

2. the secret sharing scheme needs to perform disassembling and secret sharing operation on private data of the secret sharing scheme before each calculation, random number multiplexing can cause the safety of the scheme to be lowered, meanwhile, an operation function needs to be disclosed to each participant, and the reusable double-blind privacy retrieval is difficult to realize.

Disclosure of Invention

In view of this, embodiments of the present invention provide a data processing method and apparatus based on hybrid homomorphic encryption, which can implement a multi-party privacy protection calculation function, support double-blind privacy calculation and query, and have high security and high efficiency.

To achieve the above object, according to an aspect of an embodiment of the present invention, there is provided a data processing method based on hybrid homomorphic encryption.

A data processing method based on mixed homomorphic encryption comprises the following steps: a calculation applicant sends a data calculation request to a trusted calculation platform, wherein the data calculation request comprises a calculation function, a data provider identifier and a public key in an asymmetric key pair generated by the calculation applicant, and the trusted calculation platform comprises a ciphertext calculation platform and a key conversion platform; the trusted computing platform generates a data authorization request according to the data computing request and sends the data authorization request to a data provider, wherein the data authorization request comprises the public key; the data provider performs authorization verification, sends authorization information to the key conversion platform, and sends authorization approval information to the ciphertext computing platform, wherein the authorization information comprises an encrypted symmetric key, the encrypted symmetric key is obtained by performing asymmetric encryption on a symmetric key generated by the data provider by using the public key, and the authorization approval information comprises ciphertext data; the ciphertext computing platform performs homomorphic ciphertext operation on the ciphertext data according to a first function and sends a ciphertext operation result to the key conversion platform; the key conversion platform performs key conversion on the ciphertext operation result according to a second function and the encrypted symmetric key, and sends the key conversion result to the calculation application party; wherein the first function and the second function are obtained by decomposing the calculation function; and the calculation application party decrypts the key conversion result to obtain a data processing result.

Optionally, the first function and the second function are obtained by disassembling the calculation function by the calculation applicant; the step that the calculation application party sends the data calculation request to the trusted calculation platform comprises the following steps: the calculation application party disassembles the calculation function into a first function and a second function; generating a first data calculation request according to the first function, the data provider identification and a public key in an asymmetric key pair generated by the calculation applicant, and sending the first data calculation request to a ciphertext calculation platform; generating a second data calculation request according to the second function, the data provider identification and a public key in an asymmetric key pair generated by the calculation applicant, and sending the second data calculation request to a key conversion platform; and the steps that the trusted computing platform generates a data authorization request according to the data computing request and sends the data authorization request to a data provider comprise: the ciphertext computing platform generates a first data authorization request according to the first data computing request and sends the first data authorization request to a data provider; the key conversion platform generates a second data authorization request according to the second data calculation request and sends the second data authorization request to a data provider; and the step of performing authorization verification by the data provider comprises the following steps: and the data provider performs authorization verification according to the first data authorization request and the second data authorization request.

Optionally, before the trusted computing platform generates the data authorization request according to the data computation request, the method further includes: the ciphertext computing platform analyzes the first data computing request to determine that the first data computing request conforms to a corresponding specification; the key conversion platform parses the second data computation request to determine that the second data computation request complies with a corresponding specification.

Optionally, the first function and the second function are obtained by disassembling the computation function by the ciphertext computation platform; the step that the calculation application party sends the data calculation request to the trusted calculation platform comprises the following steps: the calculation application party sends a data calculation request to the ciphertext calculation platform; the steps that the trusted computing platform generates a data authorization request according to the data computing request and sends the data authorization request to a data provider comprise: the ciphertext computing platform generates a data authorization request according to the data computing request and sends the data authorization request to a data provider, wherein the data authorization request comprises a key conversion platform identifier; before the ciphertext computing platform performs homomorphic ciphertext operation on the ciphertext data according to the first function, the method further includes: the ciphertext computing platform disassembles the computing function to obtain a first function and a second function; and the step of sending the ciphertext operation result to the key conversion platform by the ciphertext computing platform further comprises: and the ciphertext computing platform sends the second function to the key conversion platform.

Optionally, before the trusted computing platform generates the data authorization request according to the data computation request, the method further includes: and the ciphertext computing platform analyzes the data computing request to determine that the data computing request conforms to the corresponding specification.

Optionally, the first function and the second function are decomposed by the calculation function in the following manner: for the

Wherein f is the calculation function, x₁,x₂,…,x_mTo input variables, g₁,g₂,…,g_mAs a first function, will

As a second function.

Optionally, the sending manner for sending the data authorization request to the data provider includes: a public mode and a private mode.

Optionally, if the sending mode is an open mode, then: the data authorization request also comprises the calculation function and the identification of the calculation applicant; the data provider carries out authorization verification according to the calculation function and the identification of the calculation applicant; wherein, if the data authorization request comprises a first data authorization request and a second data authorization request, the calculation function comprises the first function and the second function.

Optionally, if the sending method is the privacy mode, then: the data authorization request also comprises an identifier of the calculation applicant; and the data provider performs authorization verification according to the identification of the calculation applicant.

Optionally, the ciphertext data is obtained by performing symmetric homomorphic encryption on data by using a symmetric key generated by the data provider.

Optionally, the data provider records the data and the corresponding ciphertext data in a vector or a character string.

Optionally, the decrypting, by the calculation applicant, the key conversion result to obtain a data processing result includes: and the calculation application party performs asymmetric decryption on the key conversion result through a private key in the generated asymmetric key pair to obtain a data processing result.

Optionally, the symmetric homomorphic encryption algorithm used by the data provider and the asymmetric homomorphic encryption algorithm used by the computation applicant both support addition homomorphism and multiplication homomorphism at the same time, and are two types of fully homomorphic encryption algorithms.

According to another aspect of the embodiments of the present invention, there is provided a data processing apparatus based on hybrid homomorphic encryption.

A data processing apparatus based on hybrid homomorphic encryption, comprising: the request sending module is used for sending a data calculation request to a trusted calculation platform through a calculation applicant, wherein the data calculation request comprises a calculation function, a data provider identifier and a public key in an asymmetric key pair generated by the calculation applicant, and the trusted calculation platform comprises a ciphertext calculation platform and a key conversion platform; the authorization request module is used for generating a data authorization request according to the data computing request through the trusted computing platform and sending the data authorization request to a data provider, wherein the data authorization request comprises the public key; the authorization verification module is used for performing authorization verification through the data provider, sending authorization information to the key conversion platform and sending authorization approval information to the ciphertext computing platform, wherein the authorization information comprises an encrypted symmetric key, the encrypted symmetric key is obtained by asymmetrically encrypting a symmetric key generated by the data provider by using the public key, and the authorization approval information comprises ciphertext data; the homomorphic operation module is used for performing homomorphic ciphertext operation on the ciphertext data through the ciphertext computing platform according to a first function and sending a ciphertext operation result to the key conversion platform; the key conversion module is used for performing key conversion on the ciphertext operation result through the key conversion platform according to a second function and the encrypted symmetric key and sending the key conversion result to the calculation applicant; wherein the first function and the second function are obtained by decomposing the calculation function; and the result processing module is used for decrypting the key conversion result through the calculation application party to obtain a data processing result.

Optionally, the first function and the second function are obtained by disassembling the calculation function by the calculation applicant; the request sending module is further configured to: decomposing a calculation function into a first function and a second function by calculating an application party; generating a first data calculation request according to the first function, the data provider identification and a public key in an asymmetric key pair generated by the calculation applicant, and sending the first data calculation request to a ciphertext calculation platform; generating a second data calculation request according to the second function, the data provider identification and a public key in an asymmetric key pair generated by the calculation applicant, and sending the second data calculation request to a key conversion platform; and the authorization request module is further configured to: generating a first data authorization request according to the first data computing request through the ciphertext computing platform, and sending the first data authorization request to a data provider; generating a second data authorization request according to the second data calculation request through the key conversion platform, and sending the second data authorization request to a data provider; and the authorization verification module is further configured to: and performing authorization verification by the data provider according to the first data authorization request and the second data authorization request.

Optionally, the apparatus further includes a request parsing module, configured to: before the trusted computing platform generates a data authorization request according to the data computing request, analyzing the first data computing request through the ciphertext computing platform to determine that the first data computing request conforms to a corresponding specification; and analyzing the second data calculation request through the key conversion platform to determine that the second data calculation request conforms to the corresponding specification.

Optionally, the first function and the second function are obtained by disassembling the computation function by the ciphertext computation platform; the request sending module is further configured to: sending a data calculation request to the ciphertext calculation platform through a calculation application party; the authorization request module is further configured to: generating a data authorization request according to the data computing request through the ciphertext computing platform, and sending the data authorization request to a data provider, wherein the data authorization request comprises a key conversion platform identifier; and the device also comprises a function disassembling module used for: before homomorphic ciphertext operation is carried out on the ciphertext data through the ciphertext computing platform according to a first function, the computing function is disassembled to obtain a first function and a second function; and the homomorphic operation module is further configured to: and when the ciphertext operation result is sent to the key conversion platform through the ciphertext computing platform, the second function is also sent to the key conversion platform.

Optionally, the request parsing module is further configured to: and before the trusted computing platform generates a data authorization request according to the data computing request, analyzing the data computing request through the ciphertext computing platform to determine that the data computing request conforms to a corresponding specification.

As a second function.

Optionally, the result processing module is further configured to: and the computing application party asymmetrically decrypts the key conversion result through a private key in the generated asymmetric key pair to obtain a data processing result.

According to another aspect of the embodiments of the present invention, there is provided an electronic device for data processing based on hybrid homomorphic encryption.

A data processing electronic device based on hybrid homomorphic encryption, comprising: one or more processors; and the storage device is used for storing one or more programs, and when the one or more programs are executed by the one or more processors, the one or more processors implement the data processing method based on the hybrid homomorphic encryption provided by the embodiment of the invention.

According to yet another aspect of embodiments of the present invention, a computer-readable medium is provided.

A computer-readable medium, on which a computer program is stored, which, when executed by a processor, implements a data processing method based on hybrid homomorphic encryption provided by an embodiment of the present invention.

One embodiment of the above invention has the following advantages or benefits: sending a data calculation request to a trusted computing platform through a calculation application party, wherein the trusted computing platform comprises a ciphertext computing platform and a key conversion platform; the trusted computing platform generates a data authorization request and sends the data authorization request to a data provider; the data provider performs authorization verification, sends authorization information to the key conversion platform and sends authorization approval information to the ciphertext computing platform; the ciphertext computing platform performs homomorphic ciphertext operation on the ciphertext data according to the first function and sends a ciphertext operation result to the key conversion platform; the key conversion platform performs key conversion on the ciphertext operation result according to the second function and the encrypted symmetric key, and sends the key conversion result to the calculation application party; the technical scheme includes that a computing applicant decrypts a key conversion result to obtain a data processing result, data encryption and decryption are achieved by simultaneously using a symmetric homomorphic encryption algorithm and an asymmetric homomorphic encryption algorithm as cryptographic components of a system, a symmetric key and an asymmetric key are generated by a data provider and the computing applicant respectively, then a privacy computing task is completed by means of a trusted computing platform, the computing applicant cannot obtain data information except the computing result, the trusted computing platform cannot obtain any effective key to decrypt the data information, a cryptograph computing platform and a key conversion platform dual-server mechanism realize key conversion from the symmetric key to the asymmetric key in a cryptograph through homomorphic cryptographic properties, the computing task and a computing function are disassembled and redistributed through the dual-server platform, efficiency is not affected, and meanwhile, the threat of conspiracy attack on data security of any two nodes can be resisted, therefore, the multi-party privacy protection calculation function is realized, the privacy function is stronger, the communication cost is lower, the expansibility is higher, the efficiency and the size are better, and the safety is higher. Meanwhile, the invention only needs the user to upload the encrypted ciphertext data once, can support the data calculation tasks of multiple times and different calculation application parties, has no potential safety hazard caused by random number multiplexing, has higher efficiency, can effectively hide the operation function, and supports double-blind private calculation and query. In addition, the encryption scheme in the invention has small ciphertext expansion and better size.

Further effects of the above-mentioned non-conventional alternatives will be described below in connection with the embodiments.

Drawings

The drawings are included to provide a better understanding of the invention and are not to be construed as unduly limiting the invention. Wherein:

fig. 1 is a schematic diagram of main steps of a data processing method based on hybrid homomorphic encryption according to an embodiment of the present invention;

FIG. 2 is a schematic diagram of an implementation principle of a data processing method based on hybrid homomorphic encryption according to an embodiment of the present invention;

FIG. 3 is a schematic diagram of a data processing method based on hybrid homomorphic encryption according to another embodiment of the present invention;

FIG. 4 is a schematic diagram of the main blocks of a data processing apparatus based on hybrid homomorphic encryption according to an embodiment of the present invention;

FIG. 5 is an exemplary system architecture diagram in which embodiments of the present invention may be employed;

fig. 6 is a schematic block diagram of a computer system suitable for use in implementing a terminal device or server of an embodiment of the invention.

Detailed Description

Exemplary embodiments of the present invention are described below with reference to the accompanying drawings, in which various details of embodiments of the invention are included to assist understanding, and which are to be considered as merely exemplary. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the invention. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.

In describing embodiments of the invention, reference will be made to the following technical terms and their definitions:

symmetric encryption (Symmetric encryption): an encryption algorithm, which uses the same secret key to carry out encryption and decryption operations;

asymmetric encryption (asymmetry): an encryption algorithm, using different keys to perform encryption and decryption operations, wherein a public key (public key) is used to perform the encryption operation, and a private key (secret key) is used to perform the decryption operation;

digital signature (Digital signature): in the branch of the asymmetric password, a user generates a public and private key, the user reserves the private key, the user uses the private key to sign any message, a verifier can verify the validity of the signature by using the public key, and the digital signature realizes the authentication of identity and the verification of data integrity;

homomorphic encryption (Homomorphic encryption): a special encryption scheme can obtain a new ciphertext by directly operating the ciphertext on the premise of not decrypting, and realizes the operation on the corresponding plaintext. The homomorphic encryption is divided into semi-homomorphic encryption, partial homomorphic encryption and full homomorphic encryption;

privacy-preserving computation (Privacy-preserving computation): a two-party or multi-party secure computing system can realize common privacy computation on the premise that multiple parties do not disclose their secrets. Privacy protection calculation is divided into traditional multiparty security calculation (each party knows an arithmetic function), proxy privacy calculation (each party providing data does not know the arithmetic function), and the like;

trusted computing platform (Trusted computing platform): a calculation task bearer in agent privacy calculation needs to assume that a calculation platform really fulfills a given calculation task, colludes with any calculation applicant and data provider, actively tampers data or illegally sends data, and each participating node needs to completely trust the calculation platform.

By analyzing the privacy-preserving computing scheme involved in the prior art, the inventors found that:

the current multi-party privacy protection calculation scheme based on the confusion circuit and secret sharing has more communication rounds, low efficiency, difficult multiplexing of random numbers, need to upload privacy data again before executing operation every time, and overhigh communication cost. In addition, the operation function is difficult to be effectively hidden, and the double-blind privacy query function is difficult to realize;

for the privacy calculation scheme using the asymmetric homomorphic password, only the asymmetric homomorphic algorithm can be used for encrypting the privacy data, the expansion size of the ciphertext is large, potential defects of single service user and data leakage can be caused, and the practical application scene is difficult to meet.

Specifically, traditional encryption algorithms such as RSA (public key cryptosystem), Pallier (a public key encryption algorithm) and the like support homomorphic operations of multiplication and addition respectively, but cannot support ciphertext operations of multiplication and addition simultaneously. In 2009, Gentry proposed the first homomorphic encryption algorithm based on the ideal lattice problem, and any ciphertext operation for addition and multiplication can be realized using Bootstrapping (Bootstrapping), but it is not efficient. After that, BV, BGV, BFV, CKKS and other fully homomorphic encryption schemes are proposed successively, and the safety and the efficiency are obviously improved. Furthermore, there are also (homomorphic) encryption schemes proposed that are based on symmetric encryption, again based on the difficulties of lattice problems and ideal lattice problems.

At present, a privacy calculation scheme can be constructed by using asymmetric homomorphic encryption, namely, a data owner encrypts privacy information by using a platform public key (or a public key of a calculation applicant) and uploads the privacy information to a calculation platform, the calculation platform executes ciphertext operation of a calculation function, and a plaintext (ciphertext) result of the function operation is returned. For the former (encrypted uploading by using a platform public key), the platform can decrypt the private data information of each party, which is not beneficial to the data security of each party; for the latter (encrypted uploading by using a public key of a computing applicant), the data uploading can only serve the computing task of the applicant, but cannot serve other applicants, when other applicants propose similar privacy computing requirements, the data owner needs to encrypt and upload the privacy information by using a new public key again, the efficiency is low, and in addition, the private data of the owner is encrypted by using a private key of another person, and the data security regulations are difficult to meet.

In order to meet the application requirements of privacy protection data query and multi-party data calculation, the invention provides a data processing method based on mixed homomorphic encryption, and a symmetric and asymmetric homomorphic encryption scheme is used at the same time, so that a multi-party privacy calculation scheme with stronger function, higher privacy, better efficiency and size is constructed, reusable double-blind privacy retrieval can be supported, the privacy of a calculation function can be effectively protected, meanwhile, a data calculation platform cannot decrypt any privacy information, and the data processing method has the efficiency of actual floor application.

The data processing method based on the mixed homomorphic encryption is realized based on a structured data processing platform based on the mixed homomorphic encryption technology, wherein the mixed homomorphic encryption technology is the encryption technology which simultaneously utilizes a symmetric homomorphic encryption algorithm and an asymmetric homomorphic encryption algorithm as password components of a system. The data processing platform mainly comprises three main nodes, namely a computing applicant, a trusted computing platform and a data provider, wherein the trusted computing platform comprises a ciphertext computing platform and a key conversion platform. Wherein:

calculating an application party: the data of each party is needed to be used for privacy calculation and corresponding calculation results are obtained. The calculation application party can be a certain data provider or other jointless points;

a data provider: the method comprises the steps of mastering private data of a user for private calculation, encrypting the private data, uploading the encrypted private data to a trusted calculation platform, and performing ciphertext operation calculation and calculation result output by the trusted calculation platform;

the ciphertext computing platform: the calculation task undertaker in the proxy privacy calculation needs to assume that the ciphertext calculation platform really fulfills the established calculation task, does not carry out collusion with any calculation application party and data provider, does not actively tamper data or illegally send data, and each participating node needs to completely trust the ciphertext calculation platform. The ciphertext computing platform receives the computing function provided by the computing applicant, performs ciphertext computing operation, and then sends a ciphertext operation result to the key conversion platform;

a key conversion platform: the system is responsible for receiving authorization information such as an authorization key and the like sent by a data provider, receiving a ciphertext operation result sent by a ciphertext computing platform, executing key conversion and finishing trusted computing to obtain an operation result which can be decrypted by a computing applicant, and then sending the key conversion result to the computing applicant.

The implementation principle of the hybrid homomorphic encryption algorithm is first described below. Assuming a symmetric cipher scheme, the symmetric key is K, and the symmetric encryption and decryption algorithms are (E)_K，D_K) (ii) a In the asymmetric cryptographic scheme, the public key is PK, the private key is SK, and the asymmetric encryption and decryption algorithm is (Enc)_PK，Dec_SK) (ii) a The calculation function for data processing is f.

In the original homomorphic cryptographic algorithm (Gen, Enc)_PK，Dec_SK) Based on (E), the symmetric cryptographic scheme is reused_K，D_K) Firstly, generating asymmetric public and private keys and an operation key (PK, SK, EVK), then generating a symmetric key K, and then encrypting the symmetric key K by using an asymmetric encryption algorithm to obtain

Finally, publish the public key information (

EVK)。

Encryption operation h.enc (m): encrypting the plaintext information m by using a symmetric key K and a symmetric encryption algorithm to obtain a ciphertext c ═ E_K(m)；

Homomorphic ciphertext operation H.Eval (f; c)₁,…,c_n): use of

And an EVK, and a method for producing the same,

order to

Computing

To obtain Enc_PK(f(m₁,…,m_n))；

Decryption operation h.dec (c): let f be Id, calculate

Then, m ═ Dec is calculated_SK(c′)。

The invention uses the thought of the mixed homomorphic encryption scheme for reference, a data provider and a calculation applicant respectively generate a symmetric key and an asymmetric key, and then completes the calculation task of the private data by a ciphertext calculation platform and a key conversion platform which are included by a trusted calculation platform.

Fig. 1 is a schematic diagram of main steps of a data processing method based on hybrid homomorphic encryption according to an embodiment of the present invention. As shown in fig. 1, the data processing method based on hybrid homomorphic encryption according to the embodiment of the present invention mainly includes the following steps S101 to S106.

Step S101: the method comprises the steps that a calculation applicant sends a data calculation request to a trusted calculation platform, the data calculation request comprises a calculation function, a data provider identifier and a public key in an asymmetric key pair generated by the calculation applicant, and the trusted calculation platform comprises a ciphertext calculation platform and a key conversion platform;

step S102: the trusted computing platform generates a data authorization request according to the data computing request, and sends the data authorization request to a data provider, wherein the data authorization request comprises a public key;

step S103: the data provider performs authorization verification, sends authorization information to the key conversion platform, and sends authorization approval information to the ciphertext computing platform, wherein the authorization information comprises an encrypted symmetric key, the encrypted symmetric key is obtained by asymmetrically encrypting a symmetric key generated by the data provider by using a public key, and the authorization approval information comprises ciphertext data;

step S104: the ciphertext computing platform performs homomorphic ciphertext operation on the ciphertext data according to the first function and sends a ciphertext operation result to the key conversion platform;

step S105: the key conversion platform performs key conversion on the ciphertext operation result according to the second function and the encrypted symmetric key, and sends the key conversion result to the calculation application party; wherein, the first function and the second function are obtained by disassembling a calculation function;

step S106: and the calculation application party decrypts the key conversion result to obtain a data processing result.

According to one embodiment of the invention, the first function and the second function are obtained by disassembling the calculation function by a calculation applicant;

the step that the calculation application party sends the data calculation request to the trusted calculation platform comprises the following steps: the calculation application party disassembles the calculation function into a first function and a second function; generating a first data calculation request according to the first function, the data provider identification and a public key in an asymmetric key pair generated by the calculation applicant, and sending the first data calculation request to a ciphertext calculation platform; generating a second data calculation request according to the second function, the data provider identification and a public key in an asymmetric key pair generated by the calculation applicant, and sending the second data calculation request to a key conversion platform;

and the steps that the trusted computing platform generates a data authorization request according to the data computing request and sends the data authorization request to a data provider comprise: the ciphertext computing platform generates a first data authorization request according to the first data computing request and sends the first data authorization request to a data provider; the key conversion platform generates a second data authorization request according to the second data calculation request and sends the second data authorization request to a data provider;

and the step of performing authorization verification by the data provider comprises the following steps: and the data provider performs authorization verification according to the first data authorization request and the second data authorization request.

In an embodiment of the present invention, before the generating, by the trusted computing platform, a data authorization request according to the data computation request, the method may further include: the ciphertext computing platform analyzes the first data computing request to determine that the first data computing request conforms to a corresponding specification; the key conversion platform parses the second data computation request to determine that the second data computation request complies with a corresponding specification.

In this embodiment, the data calculation request includes a first data calculation request sent by the calculation applicant to the ciphertext calculation platform and a second data calculation request sent by the calculation applicant to the key conversion platform. When parsing the data calculation request, for example, a data source is determined according to the data provider identifier, a data field to be operated is determined according to a calculation function, and then, whether the data calculation request meets a corresponding specification is determined according to the data source and the data field to be operated, for example: the financial industry computing applicant can only apply for the computing of financial data, and the like. And if the data calculation request does not meet the corresponding specification, prompting the calculation applicant to modify.

According to another embodiment of the invention, after the data calculation request complies with the respective specification, a data authorization request is generated from the data calculation request for requesting calculation authorization from the relevant data provider. In an embodiment of the present invention, a sending manner for sending the data authorization request to the data provider includes: a public mode and a private mode. If the sending mode is the open mode, then: the data authorization request also comprises the calculation function and the identification of the calculation applicant; the data provider carries out authorization verification according to the calculation function and the identification of the calculation applicant; wherein, if the data authorization request comprises a first data authorization request and a second data authorization request, the calculation function comprises the first function and the second function. If the sending mode is the privacy mode, then: the data authorization request also comprises an identifier of the calculation applicant; and the data provider performs authorization verification according to the identification of the calculation applicant.

According to one embodiment of the invention, the first function and the second function are decomposed from the calculation function by:

for the

As a second function.

In an embodiment of the present invention, the ciphertext data is obtained by performing symmetric homomorphic encryption on data using a symmetric key generated by the data provider. The data provider generates own symmetric key, and then uses the own symmetric key to symmetrically encrypt own data to obtain ciphertext data. And the data provider can record the data and the corresponding ciphertext data in a vector or character string form so as to represent the corresponding relationship between the multiple data and the corresponding ciphertext data.

According to one embodiment of the present invention, the calculating that the applicant decrypts the key conversion result to obtain the data processing result includes: and the calculation application party performs asymmetric decryption on the key conversion result through a private key in the generated asymmetric key pair to obtain a data processing result. The symmetric homomorphic encryption algorithm used by the data provider and the asymmetric homomorphic encryption algorithm used by the calculation applicant both support addition homomorphic and multiplication homomorphic at the same time, and are two types of fully homomorphic encryption algorithms. Therefore, even if the encryption algorithm or the decryption algorithm is obtained, a complete encryption and decryption scheme cannot be obtained, and data privacy is better protected.

The following describes a specific implementation flow of the data processing method based on hybrid homomorphic encryption according to an embodiment of the present invention. Wherein, the symmetric encryption and decryption algorithm is (E, D), and the asymmetric encryption and decryption algorithm is (Enc, Dec). Fig. 2 is a schematic diagram of an implementation principle of a data processing method based on hybrid homomorphic encryption according to an embodiment of the present invention. As shown in fig. 2, in this embodiment, the following stages are mainly included.

1. Data preparation phase

Each data provider B_jGenerating its own symmetric homomorphic key K_jUsing its own symmetric homomorphic key K_jRespectively encrypting own data x containing privacy_j＝(x_j,1,…,x_j,n) To obtain ciphertext data c_j＝(c_j,1,…,c_j,n) Wherein

i is 1 to n. Then, submitting the ciphertext information c of the user to the trusted computing platform_jAnd writing the data and the ciphertext data into a vector form to represent the corresponding relationship between the multiple data and the corresponding ciphertext data. Other data providers B_j′And performing similar operation, generating a symmetric key, encrypting the data containing the privacy of the symmetric key to obtain ciphertext data, and submitting the ciphertext data to a ciphertext computing platform.

2. Computing application phase

A calculation application party (also called a calculation demand party) generates a public and private key pair (PK, SK) of an asymmetric homomorphic password, and then submits a data calculation request to a trusted calculation platform, wherein the data calculation request comprises required calculation function information, mainly comprising information such as calculation data sources and fields, a calculation function expression f and the like, and the information is converged and processed by the trusted calculation platform. The source of the computing data is represented by, for example, a data provider identifier. Specifically, before a calculation application party generates a data calculation request, a calculation function f is decomposed into a first function and a second function; then, generating a first data calculation request according to the first function, the data provider identification and a public key in an asymmetric key pair generated by the calculation applicant, and sending the first data calculation request to a ciphertext calculation platform; and generating a second data calculation request according to the second function, the data provider identification and the public key in the asymmetric key pair generated by the calculation applicant, and sending the second data calculation request to the key conversion platform. In an embodiment of the present invention, the first function and the second function are decomposed by a calculation function in the following manner:based on the characteristics of the calculation function f, the calculation function f is disassembled according to the data of each data provider as a basic independent variable unit, specifically to

Wherein f is a calculation function, x₁,x₂,…,x_mTo input variables, g₁,g₂,…,g_mAs a first function, will

As a second function.

3. Compute authorization phase

After the trusted computing platform analyzes and analyzes the computing function information of the computing applicant, if the requirement meets the corresponding specification (for example, the computing demander in the financial industry can only apply for computing the financial data), the trusted computing platform applies for computing authorization to the related data provider. When applying for computing authorization, a data authorization request can be generated and relevant information is sent to the data provider. Specifically, a ciphertext computing platform generates a first data authorization request according to a first data computing request, and sends the first data authorization request to a data provider; and the key conversion platform generates a second data authorization request according to the second data calculation request and sends the second data authorization request to the data provider. In this embodiment, the data authorization request includes a first data authorization request and a second data authorization request. When a data authorization request is sent to a data provider, the sending mode comprises two modes, namely a public mode and a private mode. Wherein the content of the first and second substances,

1) mode for disclosure: the ciphertext computing platform included in the trusted computing platform directly sends the first function, the identification of the computing applicant and the public key PK of the computing applicant to the data provider B_jThe key conversion platform directly sends the second function, the calculation applicant identification and the public key PK of the calculation applicant to the data provider B_jData provider B_jAnd verifying whether the calculation is authorized according to the first function, the second function and the identity of the calculation applicant. If the verification passes, calculating the encryption symmetrySecret key

Then send

Sending the authorization agreement information to a cipher text computing platform as authorization information, wherein the authorization agreement information comprises cipher text data;

2) the privacy mode is as follows: the cryptograph computing platform and the key conversion platform which are included in the trusted computing platform respectively directly send the computing applicant identification and the public key PK to the data provider B_jData provider B_jAnd verifying whether the calculation is authorized according to the identity of the calculation applicant. If the verification passes, then calculate

Then send

And sending the authorization agreement information to a cipher text computing platform as authorization information, wherein the authorization agreement information comprises cipher text data.

4. Computation execution phase

The ciphertext computing platform acquires ciphertext data c submitted by each data provider₁,…c_mThen, according to a first function g₁,g₂,…,g_mAnd executing homomorphic ciphertext operation:

then the obtained ciphertext operation result is obtained

And sending the key to a key conversion platform.

5. Key conversion phase

The key conversion platform operates the result according to the ciphertext

And a second function

Performing key conversion:

and then sending the key conversion result c' to the calculation applicant.

6. Result acquisition phase

After obtaining the key conversion result c', the calculation applicant executes asymmetric decryption according to an asymmetric decryption algorithm to obtain a calculation result f (x)₁,…,x_m)＝Dec_PK(c'), namely: the result of this data processing.

In an embodiment of the present invention, before obtaining the ciphertext data of the data provider, the method further includes: and receiving and storing the ciphertext data submitted by the data provider. When ciphertext data of a data provider is acquired, the ciphertext data is searched for and acquired from the stored ciphertext data. In addition, the invention can also not receive and store the ciphertext data submitted by the data provider in advance, and when the ciphertext data of the data provider needs to be acquired, a request is sent to the data provider to acquire the ciphertext data. In the specific implementation, an appropriate scheme can be flexibly selected according to the specific implementation requirement, and the present invention is not limited to this.

According to another embodiment of the invention, the first function and the second function are obtained by disassembling the calculation function by the ciphertext calculation platform;

the step that the calculation application party sends the data calculation request to the trusted calculation platform comprises the following steps: the calculation application party sends a data calculation request to the ciphertext calculation platform; the steps that the trusted computing platform generates a data authorization request according to the data computing request and sends the data authorization request to a data provider comprise: the ciphertext computing platform generates a data authorization request according to the data computing request and sends the data authorization request to a data provider, wherein the data authorization request comprises a key conversion platform identifier;

before the ciphertext computing platform performs homomorphic ciphertext operation on the ciphertext data according to the first function, the method further includes: the ciphertext computing platform disassembles the computing function to obtain a first function and a second function;

and the step of sending the ciphertext operation result to the key conversion platform by the ciphertext computing platform further comprises: and the ciphertext computing platform sends the second function to the key conversion platform.

In another embodiment of the present invention, before the generating, by the trusted computing platform, the data authorization request according to the data computing request, the method further includes: and the ciphertext computing platform analyzes the data computing request to determine that the data computing request conforms to the corresponding specification.

The following describes a specific implementation flow of a data processing method based on hybrid homomorphic encryption according to another embodiment of the present invention. Wherein, the symmetric encryption and decryption algorithm is (E, D), and the asymmetric encryption and decryption algorithm is (Enc, Dec). Fig. 3 is a schematic diagram of an implementation principle of a data processing method based on hybrid homomorphic encryption according to another embodiment of the present invention. As shown in fig. 3, in this embodiment, the following stages are mainly included.

1. Data preparation phase

i is 1 to n. Then, submitting the ciphertext information c of the user to the trusted computing platform_jAnd writing the data and the ciphertext data into a vector form to represent the plurality of data and the corresponding ciphertext numberAccording to the corresponding relationship. Other data providers B_j′And performing similar operation, generating a symmetric key, encrypting the data containing the privacy of the symmetric key to obtain ciphertext data, and submitting the ciphertext data to a ciphertext computing platform.

2. Computing application phase

A calculation application party (also called a calculation demand party) generates a public and private key pair (PK, SK) of an asymmetric homomorphic password, and then submits a data calculation request to a ciphertext calculation platform, wherein the data calculation request comprises required calculation function information, mainly comprising information such as a calculation data source and field, a calculation function expression f and the like, and the ciphertext calculation platform performs summation processing. The source of the computing data is represented by, for example, a data provider identifier.

3. Compute authorization phase

After the ciphertext computing platform analyzes and analyzes the computing function information of the computing applicant, if the requirement meets the corresponding specification (for example, the computing demander in the financial industry can only apply for computing the financial data), the ciphertext computing platform applies for computing authorization to the related data provider. Specifically, when applying for computational authorization, a data authorization request may be generated and related information sent to the data provider. When generating the data authorization request, the data authorization request needs to be written to the key conversion platform identification. In this case, the transmission method includes two modes, namely, a public mode and a private mode. Wherein the content of the first and second substances,

1) mode for disclosure: and the ciphertext computing platform computes the function and the identifier of the application party. The identification of the key conversion platform and the public key PK of the calculation applicant are directly sent to the data provider B_jData provider B_jAnd verifying whether the calculation is authorized according to the function f and the identity of the calculation applicant. If the verification is passed, calculating the encrypted symmetric key

Then send

Sending the authorization information to the key conversion platform as authorization information, and then sending the authorization approval information to the ciphertext computing platform, whereinThe authorization agreement information may include ciphertext data;

2) the privacy mode is as follows: the trusted computing platform directly sends the computing applicant identification, the key conversion platform identification and the public key PK to the data provider B_jData provider B_jAnd verifying whether the calculation is authorized according to the identity of the calculation applicant. If the verification passes, then calculate

Then send

And sending the authorization agreement information to the cryptograph computing platform as authorization information, wherein the authorization agreement information can comprise cryptograph data.

4. Function disassembling stage

According to the characteristics of the calculation function f, the ciphertext calculation platform can disassemble f according to the data of each data provider as a basic independent variable unit. In particular, for

As a second function.

5. Computation execution phase

then theThe obtained ciphertext operation result

And sending the key to a key conversion platform.

6. Key conversion phase

The key conversion platform operates the result according to the ciphertext

And a second function

Performing key conversion:

and then sending the key conversion result c' to the calculation applicant.

7. Result acquisition phase

After obtaining the ciphertext conversion result c', the calculation application side executes asymmetric decryption according to an asymmetric decryption algorithm to obtain a calculation result f (x)₁,…,x_m)＝Dec_PK(c'), namely: the result of this data processing.

The data processing method based on the hybrid homomorphic encryption described in the above steps S101 to S106 has high data security, because the computing application party cannot acquire data information other than the operation result, and the trusted computing platform cannot acquire any valid key to decrypt the data information. Moreover, the computation application party and any single server (ciphertext computation platform or key conversion platform) can not recover any plaintext data information, and the security for resisting the collusion of two nodes is realized. In an actual system, the key conversion node and the ciphertext computing node can be managed separately and physically isolated, or corresponding trusted hardware environments are deployed to avoid all servers from being broken, so that the data security of the system is guaranteed. The scheme structure realizes a multi-party privacy protection calculation function, can realize calculation function privacy and source data privacy, has higher efficiency, and can resist the influence of attack of any two nodes on data security.

Fig. 4 is a schematic diagram of main blocks of a data processing apparatus based on hybrid homomorphic encryption according to an embodiment of the present invention. As shown in fig. 4, the data processing apparatus 400 based on hybrid homomorphic encryption according to the embodiment of the present invention mainly includes a request sending module 401, an authorization request module 402, an authorization verification module 403, a homomorphic operation module 404, a key conversion module 405, and a result processing module 406.

A request sending module 401, configured to send a data calculation request to a trusted computing platform through a calculation applicant, where the data calculation request includes a calculation function, a data provider identifier, and a public key in an asymmetric key pair generated by the calculation applicant, and the trusted computing platform includes a ciphertext computing platform and a key transformation platform;

an authorization request module 402, configured to generate, by the trusted computing platform, a data authorization request according to the data computing request, and send the data authorization request to a data provider, where the data authorization request includes the public key;

an authorization verification module 403, configured to perform authorization verification by the data provider, send authorization information to the key conversion platform, and send authorization approval information to the ciphertext computing platform, where the authorization information includes an encrypted symmetric key, the encrypted symmetric key is obtained by performing asymmetric encryption on a symmetric key generated by the data provider by using the public key, and the authorization approval information includes ciphertext data;

a homomorphic operation module 404, configured to perform homomorphic ciphertext operation on the ciphertext data through the ciphertext computing platform according to a first function, and send a ciphertext operation result to the key conversion platform;

a key conversion module 405, configured to perform key conversion on the ciphertext operation result according to a second function and the encrypted symmetric key through the key conversion platform, and send the key conversion result to the computing applicant; wherein the first function and the second function are obtained by decomposing the calculation function;

and the result processing module 406 is configured to decrypt the key conversion result through the calculation applicant to obtain a data processing result.

According to an embodiment of the present invention, the first function and the second function are obtained by disassembling the calculation function by the calculation applicant;

the request sending module 401 may further be configured to: decomposing a calculation function into a first function and a second function by calculating an application party; generating a first data calculation request according to the first function, the data provider identification and a public key in an asymmetric key pair generated by the calculation applicant, and sending the first data calculation request to a ciphertext calculation platform; generating a second data calculation request according to the second function, the data provider identification and a public key in an asymmetric key pair generated by the calculation applicant, and sending the second data calculation request to a key conversion platform;

also, the authorization request module 402 may be further configured to: generating a first data authorization request according to the first data computing request through the ciphertext computing platform, and sending the first data authorization request to a data provider; generating a second data authorization request according to the second data calculation request through the key conversion platform, and sending the second data authorization request to a data provider;

and, the authorization verification module 403 may also be used to: and performing authorization verification by the data provider according to the first data authorization request and the second data authorization request.

According to an embodiment of the present invention, the data processing apparatus 400 based on hybrid homomorphic encryption further comprises a request parsing module (not shown in the figure) for: before the trusted computing platform generates a data authorization request according to the data computing request, analyzing the first data computing request through the ciphertext computing platform to determine that the first data computing request conforms to a corresponding specification; and analyzing the second data calculation request through the key conversion platform to determine that the second data calculation request conforms to the corresponding specification.

According to another embodiment of the present invention, the first function and the second function are obtained by disassembling the computation function by the ciphertext computation platform;

the request sending module 401 may further be configured to: sending a data calculation request to the ciphertext calculation platform through a calculation application party;

the authorization request module 402 may also be configured to: generating a data authorization request according to the data computing request through the ciphertext computing platform, and sending the data authorization request to a data provider, wherein the data authorization request comprises a key conversion platform identifier;

moreover, the data processing apparatus 400 based on hybrid homomorphic encryption further includes a function disassembling module (not shown in the figure) for: before homomorphic ciphertext operation is carried out on the ciphertext data through the ciphertext computing platform according to a first function, the computing function is disassembled to obtain a first function and a second function;

and, the homomorphic operation module 404 may be further configured to: and when the ciphertext operation result is sent to the key conversion platform through the ciphertext computing platform, the second function is also sent to the key conversion platform.

According to another embodiment of the present invention, the request parsing module (not shown in the figure) may be further configured to: and before the trusted computing platform generates a data authorization request according to the data computing request, analyzing the data computing request through the ciphertext computing platform to determine that the data computing request conforms to a corresponding specification.

According to a further embodiment of the invention, the first function and the second function are decomposed from the calculation function by:

for the

As a second function.

According to another embodiment of the present invention, the sending means for sending the data authorization request to the data provider comprises: a public mode and a private mode.

According to another embodiment of the present invention, if the transmission mode is the open mode, then: the data authorization request also comprises the calculation function and the identification of the calculation applicant; the data provider carries out authorization verification according to the calculation function and the identification of the calculation applicant; wherein, if the data authorization request comprises a first data authorization request and a second data authorization request, the calculation function comprises the first function and the second function.

According to another embodiment of the present invention, if the sending method is the privacy mode, then: the data authorization request also comprises an identifier of the calculation applicant; and the data provider performs authorization verification according to the identification of the calculation applicant.

According to an embodiment of the present invention, the ciphertext data is obtained by performing symmetric homomorphic encryption on data using a symmetric key generated by the data provider.

According to one embodiment of the invention, the data provider records the data and the corresponding ciphertext data in a vector or a character string.

According to yet another embodiment of the invention, the result processing module 406 may be further configured to: and the computing application party asymmetrically decrypts the key conversion result through a private key in the generated asymmetric key pair to obtain a data processing result.

According to another embodiment of the present invention, the symmetric homomorphic encryption algorithm used by the data provider and the asymmetric homomorphic encryption algorithm used by the computation applicant support both additive homomorphism and multiplicative homomorphism, and are two types of fully homomorphic encryption algorithms.

According to the technical scheme of the embodiment of the invention, a data calculation request is sent to a trusted computing platform through a calculation application party, and the trusted computing platform comprises a ciphertext computing platform and a key conversion platform; the trusted computing platform generates a data authorization request and sends the data authorization request to a data provider; the data provider performs authorization verification, sends authorization information to the key conversion platform and sends authorization approval information to the ciphertext computing platform; the ciphertext computing platform performs homomorphic ciphertext operation on the ciphertext data according to the first function and sends a ciphertext operation result to the key conversion platform; the key conversion platform performs key conversion on the ciphertext operation result according to the second function and the encrypted symmetric key, and sends the key conversion result to the calculation application party; the technical scheme includes that a computing applicant decrypts a key conversion result to obtain a data processing result, data encryption and decryption are achieved by simultaneously using a symmetric homomorphic encryption algorithm and an asymmetric homomorphic encryption algorithm as cryptographic components of a system, a symmetric key and an asymmetric key are generated by a data provider and the computing applicant respectively, then a privacy computing task is completed by means of a trusted computing platform, the computing applicant cannot obtain data information except the computing result, the trusted computing platform cannot obtain any effective key to decrypt the data information, a cryptograph computing platform and a key conversion platform dual-server mechanism realize key conversion from the symmetric key to the asymmetric key in a cryptograph through homomorphic cryptographic properties, the computing task and a computing function are disassembled and redistributed through the dual-server platform, efficiency is not affected, and meanwhile, the threat of conspiracy attack on data security of any two nodes can be resisted, therefore, the multi-party privacy protection calculation function is realized, the privacy function is stronger, the communication cost is lower, the expansibility is higher, the efficiency and the size are better, and the safety is higher. Meanwhile, the invention only needs the user to upload the encrypted ciphertext data once, can support the data calculation tasks of multiple times and different calculation application parties, has no potential safety hazard caused by random number multiplexing, has higher efficiency, can effectively hide the operation function, and supports double-blind private calculation and query. In addition, the encryption scheme in the invention has small ciphertext expansion and better size.

In conclusion, the invention is a data calculation scheme based on a hybrid homomorphic encryption technology, which is a multi-party data calculation scheme that comprehensively uses a symmetric homomorphic encryption scheme and an asymmetric homomorphic encryption scheme, and has the advantages of stronger privacy function, lower communication cost, higher expansibility, and better efficiency and size.

Fig. 5 illustrates an exemplary system architecture 500 of a hybrid homomorphic encryption based data processing method or a hybrid homomorphic encryption based data processing apparatus to which embodiments of the present invention may be applied.

As shown in fig. 5, the system architecture 500 may include

terminal devices

501, 502, 503, a network 504, and a server 505. The network 504 serves to provide a medium for communication links between the

terminal devices

501, 502, 503 and the server 505. Network 504 may include various connection types, such as wired, wireless communication links, or fiber optic cables, to name a few.

The user may use the

terminal devices

501, 502, 503 to interact with a server 505 over a network 504 to receive or send messages or the like. The

terminal devices

501, 502, 503 may have various communication client applications installed thereon, such as a data encryption application, a data decryption application, a search application, an instant messaging tool, etc. (for example only).

The

terminal devices

501, 502, 503 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smart phones, tablet computers, laptop portable computers, desktop computers, and the like.

The server 505 may be a server providing various services, such as a background management server (for example only) providing cryptographic support for raw data containing privacy submitted by users using the

terminal devices

501, 502, 503. The background management server may generate a data authorization request according to the data calculation request for data such as the received data calculation request, send the data authorization request to the data provider to enable the data provider to perform processing such as authentication and authorization, and feed back a processing result (for example, an authentication and authorization result — just an example) to the terminal device.

It should be noted that the data processing method based on hybrid homomorphic encryption provided by the embodiment of the present invention is generally executed by the server 505, and accordingly, the data processing apparatus based on hybrid homomorphic encryption is generally disposed in the server 505.

It should be understood that the number of terminal devices, networks, and servers in fig. 5 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.

Referring now to FIG. 6, a block diagram of a computer system 600 suitable for use with a terminal device or server implementing an embodiment of the invention is shown. The terminal device or the server shown in fig. 6 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present invention.

As shown in fig. 6, the computer system 600 includes a Central Processing Unit (CPU)601 that can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM)602 or a program loaded from a storage section 608 into a Random Access Memory (RAM) 603. In the RAM 603, various programs and data necessary for the operation of the system 600 are also stored. The CPU 601, ROM 602, and RAM 603 are connected to each other via a bus 604. An input/output (I/O) interface 605 is also connected to bus 604.

The following components are connected to the I/O interface 605: an input portion 606 including a keyboard, a mouse, and the like; an output portion 607 including a display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage section 608 including a hard disk and the like; and a communication section 609 including a network interface card such as a LAN card, a modem, or the like. The communication section 609 performs communication processing via a network such as the internet. The driver 610 is also connected to the I/O interface 605 as needed. A removable medium 611 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 610 as necessary, so that a computer program read out therefrom is mounted in the storage section 608 as necessary.

In particular, according to the embodiments of the present disclosure, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network through the communication section 609, and/or installed from the removable medium 611. The computer program performs the above-described functions defined in the system of the present invention when executed by the Central Processing Unit (CPU) 601.

It should be noted that the computer readable medium shown in the present invention can be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present invention, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present invention, however, a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.

The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.

The units or modules described in the embodiments of the present invention may be implemented by software, or may be implemented by hardware. The described units or modules may also be provided in a processor, and may be described as: a processor comprises a request sending module, an authorization request module, an authorization verification module, a homomorphic operation module, a key conversion module and a result processing module. The names of these units or modules do not in some cases constitute a limitation on the units or modules themselves, and for example, the request sending module may also be described as a "module for sending a data computation request to a trusted computing platform by a computation applicant".

As another aspect, the present invention also provides a computer-readable medium that may be contained in the apparatus described in the above embodiments; or may be separate and not incorporated into the device. The computer readable medium carries one or more programs which, when executed by a device, cause the device to comprise: a calculation applicant sends a data calculation request to a trusted calculation platform, wherein the data calculation request comprises a calculation function, a data provider identifier and a public key in an asymmetric key pair generated by the calculation applicant, and the trusted calculation platform comprises a ciphertext calculation platform and a key conversion platform; the trusted computing platform generates a data authorization request according to the data computing request and sends the data authorization request to a data provider, wherein the data authorization request comprises the public key; the data provider performs authorization verification, sends authorization information to the key conversion platform, and sends authorization approval information to the ciphertext computing platform, wherein the authorization information comprises an encrypted symmetric key, the encrypted symmetric key is obtained by performing asymmetric encryption on a symmetric key generated by the data provider by using the public key, and the authorization approval information comprises ciphertext data; the ciphertext computing platform performs homomorphic ciphertext operation on the ciphertext data according to a first function and sends a ciphertext operation result to the key conversion platform; the key conversion platform performs key conversion on the ciphertext operation result according to a second function and the encrypted symmetric key, and sends the key conversion result to the calculation application party; wherein the first function and the second function are obtained by decomposing the calculation function; and the calculation application party decrypts the key conversion result to obtain a data processing result.

The above-described embodiments should not be construed as limiting the scope of the invention. Those skilled in the art will appreciate that various modifications, combinations, sub-combinations, and substitutions can occur, depending on design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims

1. A data processing method based on mixed homomorphic encryption is characterized by comprising the following steps:

a calculation applicant sends a data calculation request to a trusted calculation platform, wherein the data calculation request comprises a calculation function, a data provider identifier and a public key in an asymmetric key pair generated by the calculation applicant, and the trusted calculation platform comprises a ciphertext calculation platform and a key conversion platform;

the trusted computing platform generates a data authorization request according to the data computing request and sends the data authorization request to a data provider, wherein the data authorization request comprises the public key;

the data provider performs authorization verification, sends authorization information to the key conversion platform, and sends authorization approval information to the ciphertext computing platform, wherein the authorization information comprises an encrypted symmetric key, the encrypted symmetric key is obtained by performing asymmetric encryption on a symmetric key generated by the data provider by using the public key, and the authorization approval information comprises ciphertext data;

the ciphertext computing platform performs homomorphic ciphertext operation on the ciphertext data according to a first function and sends a ciphertext operation result to the key conversion platform;

the key conversion platform performs key conversion on the ciphertext operation result according to a second function and the encrypted symmetric key, and sends the key conversion result to the calculation application party; wherein the first function and the second function are obtained by decomposing the calculation function;

and the calculation application party decrypts the key conversion result to obtain a data processing result.

2. The data processing method according to claim 1, wherein the first function and the second function are obtained by disassembling the calculation function by the calculation applicant;

the step that the calculation application party sends the data calculation request to the trusted calculation platform comprises the following steps:

the calculation application party disassembles the calculation function into a first function and a second function;

generating a first data calculation request according to the first function, the data provider identification and a public key in an asymmetric key pair generated by the calculation applicant, and sending the first data calculation request to a ciphertext calculation platform;

generating a second data calculation request according to the second function, the data provider identification and a public key in an asymmetric key pair generated by the calculation applicant, and sending the second data calculation request to a key conversion platform;

and the steps that the trusted computing platform generates a data authorization request according to the data computing request and sends the data authorization request to a data provider comprise:

the ciphertext computing platform generates a first data authorization request according to the first data computing request and sends the first data authorization request to a data provider;

the key conversion platform generates a second data authorization request according to the second data calculation request and sends the second data authorization request to a data provider;

and the step of performing authorization verification by the data provider comprises the following steps:

and the data provider performs authorization verification according to the first data authorization request and the second data authorization request.

3. The data processing method of claim 2, wherein before the trusted computing platform generating the data authorization request according to the data computing request, further comprising:

the ciphertext computing platform analyzes the first data computing request to determine that the first data computing request conforms to a corresponding specification;

the key conversion platform parses the second data computation request to determine that the second data computation request complies with a corresponding specification.

4. The data processing method according to claim 1, wherein the first function and the second function are obtained by disassembling the computation function by the ciphertext computation platform;

the calculation application party sends a data calculation request to the ciphertext calculation platform;

the steps that the trusted computing platform generates a data authorization request according to the data computing request and sends the data authorization request to a data provider comprise:

the ciphertext computing platform generates a data authorization request according to the data computing request and sends the data authorization request to a data provider, wherein the data authorization request comprises a key conversion platform identifier;

before the ciphertext computing platform performs homomorphic ciphertext operation on the ciphertext data according to the first function, the method further includes:

the ciphertext computing platform disassembles the computing function to obtain a first function and a second function;

and the step of sending the ciphertext operation result to the key conversion platform by the ciphertext computing platform further comprises:

and the ciphertext computing platform sends the second function to the key conversion platform.

5. The data processing method of claim 4, wherein before the trusted computing platform generating the data authorization request according to the data computing request, further comprising:

and the ciphertext computing platform analyzes the data computing request to determine that the data computing request conforms to the corresponding specification.

6. The data processing method according to any of claims 1 to 4, wherein the first function and the second function are decomposed from the computation function by:

for the

As a second function.

7. The data processing method according to any one of claims 1 to 4, wherein the sending mode for sending the data authorization request to the data provider comprises: a public mode and a private mode.

8. The data processing method of claim 7, wherein if the transmission mode is an open mode, then:

the data authorization request also comprises the calculation function and the identification of the calculation applicant;

the data provider carries out authorization verification according to the calculation function and the identification of the calculation applicant;

wherein, if the data authorization request comprises a first data authorization request and a second data authorization request, the calculation function comprises the first function and the second function.

9. The data processing method of claim 7, wherein if the sending mode is a privacy mode, then:

the data authorization request also comprises an identifier of the calculation applicant;

and the data provider performs authorization verification according to the identification of the calculation applicant.

10. The data processing method according to claim 1, wherein the ciphertext data is obtained by performing symmetric homomorphic encryption on data using a symmetric key generated by the data provider.

11. The data processing method of claim 10, wherein the data provider records the data and the corresponding ciphertext data in a vector or a string.

12. The data processing method of claim 1, wherein the decrypting the key transformation result by the computation applicant to obtain a data processing result comprises:

and the calculation application party performs asymmetric decryption on the key conversion result through a private key in the generated asymmetric key pair to obtain a data processing result.

13. The data processing method according to claim 1, wherein the symmetric homomorphic encryption algorithm used by the data provider and the asymmetric homomorphic encryption algorithm used by the computation applicant support both additive homomorphism and multiplicative homomorphism, and are two types of fully homomorphic encryption algorithms.

14. A data processing apparatus based on hybrid homomorphic encryption, comprising:

the request sending module is used for sending a data calculation request to a trusted calculation platform through a calculation applicant, wherein the data calculation request comprises a calculation function, a data provider identifier and a public key in an asymmetric key pair generated by the calculation applicant, and the trusted calculation platform comprises a ciphertext calculation platform and a key conversion platform;

the authorization request module is used for generating a data authorization request according to the data computing request through the trusted computing platform and sending the data authorization request to a data provider, wherein the data authorization request comprises the public key;

the authorization verification module is used for performing authorization verification through the data provider, sending authorization information to the key conversion platform and sending authorization approval information to the ciphertext computing platform, wherein the authorization information comprises an encrypted symmetric key, the encrypted symmetric key is obtained by asymmetrically encrypting a symmetric key generated by the data provider by using the public key, and the authorization approval information comprises ciphertext data;

the homomorphic operation module is used for performing homomorphic ciphertext operation on the ciphertext data through the ciphertext computing platform according to a first function and sending a ciphertext operation result to the key conversion platform;

the key conversion module is used for performing key conversion on the ciphertext operation result through the key conversion platform according to a second function and the encrypted symmetric key and sending the key conversion result to the calculation applicant; wherein the first function and the second function are obtained by decomposing the calculation function;

and the result processing module is used for decrypting the key conversion result through the calculation application party to obtain a data processing result.

15. An electronic device for data processing based on hybrid homomorphic encryption, comprising:

one or more processors;

a storage device for storing one or more programs,

when executed by the one or more processors, cause the one or more processors to implement the method of any one of claims 1-13.

16. A computer-readable medium, on which a computer program is stored, which, when being executed by a processor, carries out the method according to any one of claims 1-13.