CN114647857A

CN114647857A - Data processing method, device, equipment, storage medium and program product

Info

Publication number: CN114647857A
Application number: CN202011506998.4A
Authority: CN
Inventors: 陈振南; 陈瑞钦; 黄启军
Original assignee: WeBank Co Ltd
Current assignee: WeBank Co Ltd
Priority date: 2020-12-18
Filing date: 2020-12-18
Publication date: 2022-06-21

Abstract

The invention discloses a data processing method, a device, equipment, a storage medium and a program product, wherein the method comprises the following steps: receiving encrypted data sent by a second party in the multiple parties, and determining local data used for operation with the encrypted data; splitting the encrypted data into a plurality of first subdata, and splitting the local data into a plurality of second subdata; performing homomorphic addition operation and/or semi-homomorphic multiplication operation in parallel according to the first subdata and the second subdata through a plurality of threads to obtain an encrypted operation result; and outputting the encrypted operation result so that the participant who acquires the operation result decrypts the operation result to obtain a plaintext result. The invention can quickly and accurately determine the operation result of the homomorphic ciphertext, shorten the time spent by the ciphertext operation, improve the operation efficiency and meet the processing requirement of the homomorphic ciphertext operation.

Description

Data processing method, device, equipment, storage medium and program product

Technical Field

The present invention relates to the field of data processing technologies, and in particular, to a data processing method, apparatus, device, storage medium, and program product.

Background

Secure Multi-Party computing (SMC) is used to solve the problem of privacy-preserving collaborative computing among a group of untrusted parties. The multiple participants can realize the cooperative computation of the business data by utilizing the safe multi-party computation under the condition of not disclosing the respective business data.

The multi-party security computation is widely applied to privacy protection machine learning, namely, the privacy protection machine learning system is constructed, so that a plurality of participants who possess data can jointly train one or more models, and the data of any party cannot be revealed to other participants. Under the condition that private data are not leaked, task performance of local models of participants is improved, and a data island is broken.

In order to ensure the privacy protection effect, the participants need to encrypt the data and then perform interactive computation, and because the ciphertext data participating in the computation is large, the time spent in ciphertext computation is long, and the efficiency is low.

Disclosure of Invention

The invention mainly aims to provide a data processing method, a data processing device, data processing equipment, a data processing storage medium and a data processing program product, and aims to improve the efficiency of ciphertext calculation.

In order to achieve the above object, the present invention provides a data processing method applied to a first participant of a plurality of participants performing multi-party secure computation, the method including:

receiving encrypted data sent by a second party in the multiple parties, and determining local data used for operation with the encrypted data;

splitting the encrypted data into a plurality of first subdata, and splitting the local data into a plurality of second subdata;

performing homomorphic addition operation and/or semi-homomorphic multiplication operation in parallel according to the first subdata and the second subdata through a plurality of threads to obtain an encrypted operation result;

and outputting the encrypted operation result so that the participant who acquires the operation result decrypts the operation result to obtain a plaintext result.

Optionally, the method further includes:

determining the number of threads contained in each thread block;

determining the number of threads required by the encrypted data according to the number of bits of the encrypted data and the number of processable bits of each thread;

determining the number of the required thread blocks according to the number of threads required by the encrypted data and the number of threads contained in each thread block;

correspondingly, the method for performing homomorphic addition operation and/or semi-homomorphic multiplication operation on a plurality of first subdata and second subdata in parallel through a plurality of threads comprises the following steps:

and calling the corresponding number of thread blocks according to the number of the required thread blocks, and performing homomorphic addition operation and/or semi-homomorphic multiplication operation on the plurality of first subdata and second subdata in parallel through a plurality of threads in the called thread blocks.

Optionally, the local data is encrypted local data used for homomorphic addition operation with the encrypted data;

correspondingly, the homomorphic addition operation is performed in parallel according to the plurality of first subdata and the plurality of second subdata through a plurality of threads, and the homomorphic addition operation comprises the following steps:

allocating a thread for each first subdata, wherein the thread is used for calculating a homomorphic addition result of the first subdata and second subdata of corresponding bits;

multiplying first subdata and second subdata corresponding to the threads in a Montgomery domain through each thread, and then performing modulus on the square of a public key to obtain a homomorphic addition result of the first subdata and the second subdata;

and determining the homomorphic addition result of the encrypted data and the local data according to the homomorphic addition result of the first subdata and the second subdata obtained by each thread.

Optionally, the local data is local data used for performing a semi-homomorphic multiplication operation with the encrypted data; the encrypted data is split into a first number of first subdata, and the local data is split into a second number of second subdata;

correspondingly, through a plurality of threads, performing semi-homomorphic multiplication operation in parallel according to a plurality of first subdata and second subdata, including:

traversing the first amount of first subdata and the second amount of second subdata to obtain a third amount of data pairs, wherein each data pair comprises one first subdata and one second subdata, and the third amount is the product of the first amount and the second amount;

allocating a thread to each data pair;

calculating the power of N of first subdata in a corresponding data pair and performing modulus on the square of a public key through each thread to obtain a semi-homomorphic multiplication result of the first subdata and second subdata; when the second subdata is not larger than a preset value, the N is the second subdata, and when the second subdata is larger than the preset value, the N is a difference value between the second subdata and a public key;

and obtaining semi-homomorphic multiplication results of the first subdata and the second subdata according to each thread, and determining the semi-homomorphic multiplication results of the encrypted data and the local data.

Optionally, receiving encrypted data sent by a second party of the multiple parties includes:

if the first participant is a data operator in the multiple participants, receiving encrypted data sent by a data provider in the multiple participants;

the method further comprises the following steps:

if the first participant is a data provider, splitting data to be calculated, which is stored locally, into a plurality of third subdata;

performing encryption operation on the plurality of third subdata in parallel through a plurality of threads to obtain encrypted data to be calculated;

sending the encrypted data to be calculated to other participants so that the other participants perform homomorphic ciphertext operation according to the encrypted data to be calculated to obtain an encrypted operation result;

the method further comprises the following steps:

if the first party is a party with a private key, acquiring an encrypted operation result from other parties, and splitting the acquired encrypted operation result into a plurality of fourth subdata;

and carrying out decryption operation on the plurality of fourth subdata in parallel through a plurality of threads to obtain decrypted operation results.

Optionally, the performing, by using a plurality of threads, an encryption operation on the plurality of third subdata in parallel to obtain encrypted data to be calculated includes:

allocating a thread for each third subdata;

multiplying the corresponding third subdata with the public key through each thread, adding one to the multiplication result, and then performing modulus operation on the square of the public key to obtain an encryption result corresponding to the third subdata;

and obtaining the encrypted data to be calculated according to the encryption result corresponding to the plurality of third subdata.

Optionally, the decrypting the fourth sub-data in parallel through a plurality of threads to obtain a decrypted operation result includes:

allocating a thread for each fourth subdata;

performing exponentiation operation on corresponding fourth subdata according to a private key through each thread, and calculating a decryption result corresponding to the fourth subdata according to an exponentiation result and a public key;

and obtaining a decrypted operation result according to the decryption results corresponding to the plurality of fourth subprograms.

Optionally, if the data to be calculated is floating-point data, splitting the data to be calculated, which is stored locally, into a plurality of third subdata, where the splitting includes:

converting the floating-point data into integer data;

the integer data obtained by conversion is subjected to complementation on the public key to obtain encoded data;

splitting the coded data to obtain a plurality of third subdata;

correspondingly, after obtaining the decrypted operation result, the method further includes:

and processing the decrypted operation result according to the attribute information of the floating point type data and the public key to obtain the decrypted operation result of the floating point type.

The present invention also provides a data processing apparatus applied to a first party of a plurality of parties performing a multi-party security computation, the apparatus comprising:

the receiving module is used for receiving encrypted data sent by a second party in the multiple parties and determining local data used for operating with the encrypted data;

the splitting module is used for splitting the encrypted data into a plurality of first subdata and splitting the local data into a plurality of second subdata;

the operation module is used for carrying out homomorphic addition operation and/or semi-homomorphic multiplication operation in parallel according to the first subdata and the second subdata through a plurality of threads to obtain an encrypted operation result;

and the output module is used for outputting the encrypted operation result so that the participant who acquires the operation result decrypts the operation result to obtain a plaintext result.

The present invention also provides a data processing apparatus, comprising: memory, a processor and a data processing program stored on the memory and executable on the processor, which when executed by the processor implements the steps of the data processing method according to any of the preceding claims.

The invention also provides a computer readable storage medium having stored thereon a data processing program which, when executed by a processor, implements the steps of the data processing method as claimed in any one of the preceding claims.

The invention also provides a computer program product comprising a computer program which, when executed by a processor, implements the method of any one of the preceding claims.

According to the invention, the encrypted data sent by the second party is received by the first party, the local data used for operating the encrypted data is determined, the encrypted data is split into the first sub-data and the second sub-data, homomorphic addition operation and/or semi-homomorphic multiplication operation are carried out in parallel according to the first sub-data and the second sub-data through the threads, and the encrypted operation result is obtained and output.

Drawings

Fig. 1 is a schematic view of an application scenario provided in an embodiment of the present invention;

fig. 2 is a schematic diagram of another application scenario provided in the embodiment of the present invention;

fig. 3 is a schematic flow chart of a data processing method according to an embodiment of the present invention;

FIG. 4 is a schematic diagram of data splitting according to an embodiment of the present invention;

fig. 5 is a schematic diagram of a hardware architecture corresponding to a data processing method according to an embodiment of the present invention;

fig. 6 is a schematic diagram of a ciphertext processing flow according to an embodiment of the present invention;

FIG. 7 is an interaction diagram of multiple participants provided by an embodiment of the present invention;

fig. 8 is a schematic structural diagram of a data processing apparatus according to an embodiment of the present invention;

fig. 9 is a schematic structural diagram of a data processing apparatus according to an embodiment of the present invention.

The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.

Detailed Description

Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.

The technical scheme provided by the embodiment of the invention can be applied to any scene of carrying out multiparty security calculation based on homomorphic encryption, including but not limited to model training and the like.

Two specific application scenarios for model training are given below. It should be noted that the embodiment of the present invention may also be applied to any other scenario that requires encryption and then performs interactive computation, for example, jointly computing an agreement function, determining a numerical value of service data among multiple parties, and the like, in the case of protecting privacy.

Fig. 1 is a schematic view of an application scenario provided in an embodiment of the present invention. As shown in fig. 1, party a, party B, and party C may collectively implement the training of the model. The participator B has sample data, the participator A can train the model according to the encrypted sample data of the participator B, and the participator C has a public key and a private key and can decrypt the data.

First, participant C sends the public key to participant a and participant B, and the private key is stored by participant C itself and is not sent to other participants.

And then, the participant B encrypts the sample data or the sample characteristics of the participant B according to the public key and transmits the encrypted sample data or the encrypted sample characteristics to the participant A. The participator A encrypts data, such as target variables and the like, of the participator A according to the public key, and trains the model according to the encrypted target variables and the encrypted sample data or sample characteristics acquired from the participator B to obtain a corresponding training result, wherein the training result can be weight information, gradient information or a corresponding loss value and the like of the model.

And the participant A sends the training result to the participant C, the participant C decrypts the training result according to the public key and the private key, and determines whether the current model meets the convergence condition according to the decrypted result, if so, the model obtained by the current training is taken as a final model, and if not, the participant A is informed to continue training the model until the model converges.

Fig. 2 is a schematic view of another application scenario provided in the embodiment of the present invention. As shown in fig. 2, party a and party B together implement the training of the model. Party B has a public key and a private key, party B sends the public key to party a while party B has sample data.

The participant B may encrypt the sample data or the sample characteristics according to the public key, and send the encrypted sample data or the encrypted sample characteristics to the participant a. The participator A can encrypt data such as target variables and the like according to the public key, train the model according to the encrypted target variables and the encrypted sample data, feed back the training result to the participator B, and the participator B can decrypt the training result according to the private key and the public key to determine whether the model is converged or not and inform the participator A to train the model further under the condition of non-convergence until the model is converged.

Two optional scene architectures are given above, on this basis, the number, functions and the like of the participants can be adjusted, and only the model training under the condition of protecting privacy can be realized by a plurality of participants.

The trained model may be any type of model, including but not limited to a neural network model, a decision tree, a random forest, etc. The trained model can be applied to any domain.

In one example, the sample data may be medical image data, and a model trained by the sample data may be used to predict a lesion according to a medical image.

In another example, the sample data may be user asset data owned by a bank, and a model trained by the sample data may be used for predicting the credit of the user.

The encryption in the embodiment of the present invention may specifically refer to homomorphic encryption, the homomorphic encrypted data is calculated to obtain a calculation result, and then the calculation result is decrypted, so that a final plaintext result is the same as a result obtained by processing unencrypted original data by the same calculation method.

In some technologies, homomorphic encryption can be implemented in a CPU based on a GMP majority algorithm library, and since the CPU can only process 32-bit or 64-bit data at a time, the encrypted data is generally large, for example, the CPU processes two 1024-bit ciphertext data additions, and needs to perform iterative solution in a serial manner, which is inefficient.

In order to solve the problem, in the embodiment of the present invention, after the encrypted data is obtained, the encrypted data may be split into a plurality of sub-data, and the split sub-data is subjected to homomorphic addition operation or semi-homomorphic multiplication operation in parallel through a plurality of threads, so that an operation result can be obtained quickly, the task time is shortened, the operation efficiency is improved, and the processing requirement of homomorphic ciphertext operation is met.

Fig. 3 is a flowchart illustrating a data processing method according to an embodiment of the present invention. The execution subject of the method provided by the embodiment may be a first participant in a plurality of participants participating in multiparty security computation. As shown in fig. 3, the method may include:

step 301, receiving encrypted data sent by a second party of the multiple parties, and determining local data for performing an operation with the encrypted data.

The encrypted data sent by the second party and the local data of the first party can be data for performing multi-party security calculation.

Optionally, the multi-party security computation may be used to train a model, the encrypted data sent by the second party may be encrypted sample data, and the local data of the first party may include a target variable corresponding to the sample data, a parameter of the model, such as a weight value, and the like.

In one example, the model is used for predicting whether the user is overdue, the sample data may include transaction records, asset data and the like of the user, and the target variable may be used for representing whether the user is overdue, for example, 1 represents overdue, and 0 represents no overdue, so that the training of the overdue prediction model of the user may be realized by using the data of the first participant and the second participant.

Step 302, splitting the encrypted data into a plurality of first subdata, and splitting the local data into a plurality of second subdata.

The number of bits of the split first sub-data and the split second sub-data may be related to the processing capability of the thread of the first party. Optionally, the first sub data and the second sub data have the same bit number, and are less than or equal to the processable bit number of each thread.

For example, each thread in the first participant may process 8 bits, 32 bits, or 64 bits of data, and the first sub data and the second sub data may be 8 bits, 32 bits, or 64 bits, or the number of bits of the first sub data and the second sub data may be less than 8 bits, 32 bits, or 64 bits.

Fig. 4 is a schematic diagram of data splitting according to an embodiment of the present invention. As shown in fig. 4, the encrypted data/local data is 1100110001010101, and has 16 bits, each thread can process 8 bits of data, so that the data can be split into 2 sub-data, and each sub-data has 8 bits, which are 11001100 and 01010101, respectively.

It should be noted that the splitting described in the embodiment of the present invention refers to splitting data into multiple sub-data, and there are many specific implementation manners of splitting, for example, after the encrypted data is obtained, a pointer position of the data may be determined, and by adding pointers corresponding to multiple sub-data, the data may be split, and the multiple sub-data are not necessarily stored separately.

And 303, performing homomorphic addition operation and/or semi-homomorphic multiplication operation in parallel according to the plurality of first subdata and the plurality of second subdata through a plurality of threads to obtain an encrypted operation result.

Wherein each thread can process at least one first sub data and at least one second sub data. The operations executable by each thread may include homomorphic addition and/or semi-homomorphic multiplication, and each thread may perform at least one homomorphic addition operation and may also perform at least one semi-homomorphic multiplication operation. Each thread can perform homomorphic addition and/or semi-homomorphic multiplication operation on the first sub data and the second sub data, and can also perform addition and/or multiplication operation on data obtained after the addition and/or multiplication operation.

In this embodiment, the local data used for performing the operation with the encrypted data may be the original local data or the encrypted local data.

Specifically, the homomorphic addition in the embodiment of the present invention may refer to an addition operation performed on two encrypted data; the semi-homomorphic multiplication can be a multiplication operation of one piece of encrypted data and one piece of plaintext data.

Correspondingly, in this step, when homomorphic addition operation is required, the two data to be added may be two data encrypted by the same public key; when a semi-homomorphic multiplication operation needs to be performed, one of the two multiplied data can be encrypted data, and the other can be unencrypted plaintext data.

In one example, the second party may encrypt the transaction record and the asset data of the user by using a public key, and send the encrypted data and the ID of the user to the first party, and the first party may encrypt the locally stored target variable by using the public key to obtain an encrypted target variable, where the encrypted target variable is used for performing homomorphic encryption operation.

In this example, the first participant may implement training of the model according to the above data, and the specific operation process may refer to any existing process that can implement training of the model, and the final operation result may be determined through multiple homomorphic additions and/or semi-homomorphic multiplications.

And step 304, outputting the encrypted operation result, so that the participant who acquires the operation result decrypts the operation result to obtain a plaintext result.

Because the first party does not have the private key, the encrypted operation result can only be sent to other parties for processing. The other party may be a party having a private key, e.g. may be the second party, or may be a party other than the first and second parties, e.g. a co-party having a private key.

The participant who obtains the encrypted operation result can decrypt the operation result according to the public key and the private key to obtain the operation result of the plaintext, and further determines the result of the multi-party security calculation according to the operation result.

Under the scene of model training, the result of multi-party safety calculation can be whether the model obtained by current training is converged, if not, the first participant repeatedly executes the steps and continues to train the model until the model is converged, and the finally obtained converged model can be used for realizing the functions of prediction and the like.

In other alternative implementations, the multi-party security computation is used to implement functions other than model training, such as solving the millionaire problem, and accordingly, the final result may be the comparison of the first party and the second party.

In the data processing method provided by this embodiment, the first party may receive encrypted data sent by the second party, determine local data used for performing operation with the encrypted data, split the encrypted data into a plurality of first sub-data, split the local data into a plurality of second sub-data, and perform homomorphic addition operation and/or semi-homomorphic multiplication operation in parallel according to the plurality of first sub-data and the plurality of second sub-data through a plurality of threads to obtain and output an encrypted operation result, so that a ciphertext can be processed in parallel based on the plurality of threads, an operation result of a homomorphic ciphertext can be determined quickly and accurately, time consumed by ciphertext operation is shortened, operation efficiency is improved, and a processing requirement of homomorphic ciphertext operation is met.

Based on the technical solution provided by the above embodiment, optionally, the multiple threads may be multiple threads of a Graphics Processing Unit (GPU). The GPU may obtain data from a Central Processing Unit (CPU).

Fig. 5 is a schematic diagram of a hardware architecture corresponding to a data processing method according to an embodiment of the present invention. As shown in fig. 5, each of the participants, for example, the first participant and the second participant, may be provided with a GPU and a CPU, where the CPU may be used to implement data interaction, and the GPU may perform data operation according to data acquired from the CPU.

By the hardware architecture, efficient homomorphic calculation operators based on GPU parallel calculation can be realized. Alternatively, multiple threads may be operated in parallel by invoking thread blocks in the GPU.

Optionally, the number of threads included in each thread block may be determined, then the number of threads needed by the encrypted data is determined according to the number of bits of the encrypted data and the number of processable bits of each thread, and then the number of needed thread blocks is determined according to the number of threads needed by the encrypted data and the number of threads included in each thread block.

Correspondingly, performing homomorphic addition operation and/or semi-homomorphic multiplication operation on a plurality of first subdata and second subdata in parallel through a plurality of threads may include: and calling the corresponding number of thread blocks according to the number of the required thread blocks, and performing homomorphic addition operation and/or semi-homomorphic multiplication operation on the plurality of first subdata and second subdata in parallel through a plurality of threads in the called thread blocks.

For example, in a GPU, one thread may process 32-bit or 64-bit or other number of bits of data. Taking 32 bits as an example, 32 threads can process 32 int32 (i.e. 1024 bits), and if the count 1024 bits of data are to be processed, 32 × count threads can be started to process.

Alternatively, each thread block (block) may comprise 512 threads (threads). The number of bits of the split first sub data or the split second sub data may be consistent with the processable number of bits of each thread, for example, each thread may process 32 bits, and the split sub data may also be 32 bits.

The number of threads required for the encrypted data may be determined according to the number of bits of the encrypted data and the number of processable bits of each thread, for example, if the encrypted data is 1024 bits, then 1024/32-32 threads are required for each data.

According to the number of threads needed by the encrypted data and the number of threads contained in each thread block, the number of the needed thread blocks can be determined.

Specifically, when there are a plurality of encrypted data, the number of encrypted data that can be processed by each thread block may be determined according to the number of threads required by each encrypted data and the number of threads included in each thread block, and is recorded as teamprock. For example, teamplock 512/32 16 indicates that each thread block can process 16 encrypted data, that is, 16 1024 bits of data.

And adding the total number count of the encrypted data to be processed and the number teamPerBlock of the encrypted data which can be processed by each thread block, subtracting one from the obtained addition result, and then dividing the addition result by the teamPerBlock to obtain the number of the required thread blocks.

For example, if 16 1024-bit data needs to be processed, (16+ 16-1)/16-1 thread blocks are required, and if 17 1024-bit data needs to be processed, (17+ 16-1)/16-2 thread blocks are required.

By the method, the thread blocks required by processing the data can be determined quickly and accurately, the encrypted data can be processed quickly by utilizing the parallel computing performance of the GPU through calling the thread blocks, the steps are simple and convenient, and the development cost is effectively saved.

Fig. 6 is a schematic diagram of a ciphertext processing flow according to an embodiment of the present invention. As shown in fig. 6, to implement the encryption calculation, the following processing flows may be performed in sequence: the method comprises the steps of key generation, GPU floating point encoding, a GPU encryption operator, a GPU addition operator, a GPU multiplication operator, a GPU decryption operator, GPU floating point decoding and the like.

Alternatively, besides performing addition and multiplication operations, parallel processing by multiple threads may be adopted, and other processing procedures such as encryption and decryption may also be performed by multiple threads in parallel. For a specific implementation method for determining the number of the thread blocks and the number of the threads, reference may be made to the foregoing scheme, which is not described herein again.

Optionally, each of the above processing flows may be executed by one participant, or may be executed by a plurality of participants, for example, some of the participants execute an addition operator and a multiplication operator, and the other participants execute a decryption operator.

Fig. 7 is an interaction diagram of multiple participants according to an embodiment of the present invention. As shown in fig. 7, the plurality of participants may include a data provider, a data operator, and a collaborator.

The data provider can encrypt the data and then send the encrypted data to the data operator. When encryption is performed, processing flows such as key generation, GPU floating point encoding, GPU encryption operator, and the like may be executed.

The data operation party may be a first party in the foregoing embodiment, perform operation according to the acquired encrypted data, and send an operation result to the collaborating party. During operation, processing procedures such as a GPU addition operator and a GPU multiplication operator may be performed.

After the cooperative party obtains the operation result, the cooperative party can decrypt the operation result to obtain a plaintext result. The plaintext result can be obtained by executing processing procedures such as a GPU decryption operator and GPU floating point coding.

On the basis, any participant can be used as a data provider, a data operator and a collaborator. Therefore, the above-described functions of encryption, calculation, decryption, and the like can be integrated in one participant.

The same participant may have different identities during different model training processes. For example, when training a first model, a first participant provides sample data for model training, and thus can serve as a data provider, and a second participant can serve as a data operator; in training the second model, the second participant may act as a data provider and the first participant may act as a data operator, in contrast.

Optionally, the receiving, by the first party, the encrypted data sent by the second party of the multiple parties in the above embodiment may include: and if the first participant is a data calculator among the participants, receiving the encrypted data sent by a data provider among the participants. That is, when the first party is the data operator, the operations of steps 301 to 304 described above are performed.

If the first participant is a data provider, splitting the data to be calculated, which is stored locally, into a plurality of third subdata; performing encryption operation on the plurality of third subdata in parallel through a plurality of threads to obtain encrypted data to be calculated; and sending the encrypted data to be calculated to other participants so that the other participants perform homomorphic ciphertext operation according to the encrypted data to be calculated to obtain an encrypted operation result. That is, the operations of parallel addition and multiplication are performed by the other participants according to the encrypted data sent by the first participant.

If the first party is a party with a private key, the encrypted operation result can be obtained from other parties, and the obtained encrypted operation result is split into a plurality of fourth subdata; and carrying out decryption operation on the plurality of fourth subdata in parallel through a plurality of threads to obtain a decrypted operation result.

The participant with the private key may be the above-mentioned collaborator, or may be another participant such as a data provider, that is, the data provider may encrypt data and send the encrypted data to the data operator, or decrypt the operation result to obtain a plaintext result.

By executing different operations when the first party is different in identity, the first party can have the capacity of ciphertext operation and the capacities of encryption and decryption, and application requirements under different scenes are met.

The above-described respective processing flows are described in detail below by way of specific examples. Optionally, the scheme in this embodiment may be implemented based on a CGBN parallel computation large number operation library.

Next, key generation will be described first.

Optionally, the encryption in the embodiment of the present invention may refer to encryption based on a Paillier algorithm. In generating the key, two 1024-bit large prime numbers p, q, which are independent of each other and equal in length, can be randomly selected, that is, they satisfy:

gcd(pq,(p-1)(q-1))＝1

the public and private keys are then calculated by the following formula:

n＝pq

g＝n+1

λ＝lcm(p-1,q-1)

μ＝(L(g^λmod n²))^-1

here, gcd is the greatest common divisor, lcm is the least common multiple, l (x) ═ x-1)/n, the public key is (n, g), the private key is (λ, μ), and the key generation only needs to be calculated once, and thus can be completed in the CPU.

By the method, Paillier keys can be generated, the Paillier meets the characteristics of addition homomorphism, multiplication semihomomorphism and the like, and the encryption operation of multi-party secure computation can be efficiently and accurately realized.

GPU floating point encoding (encode) is described below.

The floating point coding is used for converting floating point type data into integer type data. Optionally, if the data to be calculated is floating-point data, splitting the data to be calculated, which is stored locally, into a plurality of third sub-data, which may include: converting the floating-point data into integer data; modulus is carried out on the integer data obtained by conversion to the public key to obtain coded data; and splitting the coded data to obtain a plurality of third subdata.

Since GPU big data can only be computed for unsigned integer, floating point data needs to be encoded into unsigned integer in advance, which can be computed by the following formula:

encode(x)＝x·base^exp％n

where x is the decimal of the floating-point data, i.e. the data of mantissa bits, base is the conversion base number, typically 2, exp is the conversion exponent, typically the data of exponent bits of the floating-point data. x base^expData for integer,% represents a remainder on n, where n is the public key. encode (x) is data obtained after encoding.

By the method, the floating-point data can be converted into integer data, so that the data can be correctly processed by the GPU, the converted data does not exceed n, and the efficiency of data operation can be effectively improved.

The following describes the GPU cryptographic operator.

The GPU encryption operator is used for realizing encryption operation on data. Optionally, performing an encryption operation on the multiple third subdata in parallel through multiple threads to obtain encrypted data to be computed, where the encryption operation includes: allocating a thread for each third subdata; multiplying the corresponding third subdata with the public key through each thread, adding one to the multiplication result, and then performing modulus operation on the square of the public key to obtain an encryption result corresponding to the third subdata; and obtaining the encrypted data to be calculated according to the encryption result corresponding to the plurality of third subdata.

During encryption, the plaintext m is encrypted by a public key to obtain a ciphertext c, and the ciphertext c can be specifically calculated by the following formula:

c＝g^m·rⁿ mod n²

wherein r is a random number. There is a simplification here in that, taking g ═ n +1, without taking into account the confusion r, one can obtain:

c＝(n+1)^mmod n²

from newton's binomial expansion, one can obtain:

c＝(m·n+1)mod n²

therefore, when the third subdata needs to be encrypted, the third subdata may be multiplied by the public key, the multiplication result is added with one, and then the square of the public key is modulo, so as to obtain the encryption result corresponding to the third subdata, and the encryption results are combined according to the encryption results corresponding to the plurality of third subdata, so as to obtain the encrypted data to be calculated.

Specifically, for each plaintext to be encrypted, the plaintext may be multiplied by a public key n, and the obtained ciphertext may be modulo the square of n after adding 1, so as to obtain a final encryption result.

By the method, the encryption operation of the data can be realized in parallel by utilizing a plurality of threads, and the encryption efficiency is effectively improved. In addition, under the condition of not considering the confusion random number, the encryption is realized by directly multiplying the plaintext and the public key, so that the calculation complexity of the encryption is effectively simplified, and the efficiency is further improved.

The following describes the GPU addition operator.

Wherein, the addition operator is used for realizing the addition operation of the encrypted data. Optionally, the local data of the first participant may be encrypted local data used for homomorphic addition operation with the encrypted data.

Correspondingly, performing homomorphic addition operation in parallel according to the plurality of first subdata and the plurality of second subdata through the plurality of threads may include: allocating a thread for each first subdata, wherein the thread is used for calculating a homomorphic addition result of the first subdata and second subdata of corresponding bits; multiplying first subdata and second subdata corresponding to the threads in a Montgomery domain through each thread, and then performing modulus on the square of a public key to obtain a homomorphic addition result of the first subdata and the second subdata; and determining the homomorphic addition result of the encrypted data and the local data according to the homomorphic addition result of the first subdata and the second subdata obtained by each thread.

The corresponding bits may mean that the added first sub-data and second sub-data are located at the same position, for example, both are the upper 32 bits of the data before splitting, or both are the bottom 32 bits of the data before splitting, so as to ensure the accuracy of the addition operation.

Optionally, when homomorphic addition operation is performed, two ciphertexts are multiplied by each other to obtain a modulus n²After decryption, it is equal to the addition of the corresponding two plaintexts, the following is the proving equation:

wherein D represents decryption, E represents encryption, m₁And m₂For two plaintexts, the corresponding ciphertexts are respectively c₁And c₂，r₁And r₂Is two random numbers and n is a public key. As can be seen from the above equation, calculating the sum of two ciphertexts is equal to calculating c₁·c₂mod n²I.e. calculating the multiplication modulo n of the two ciphertexts²。

In order to increase the calculation speed, montgomery multiplication module may be used in the calculation. Specifically, c can be called first by calling the cgbn _ bn2mont function₁And c₂Converting into number in Montgomery coordinate, and calculating multiplication result modulo n²And after calculation, the data is converted into the data in the normal domain from the Montgomery domain.

After the homomorphic addition results of the first subdata and the second subdata are obtained by each thread, the homomorphic addition results can be combined to determine the homomorphic addition result of the encrypted data and the local data.

Specifically, whether corresponding carry information exists or not can be determined through each thread based on broadcast information, corresponding homomorphic addition results are updated and stored according to the carry information, and homomorphic addition results corresponding to the multiple threads form homomorphic addition results of the encrypted data and the local data.

In a simple example, the two added data are 64 bits respectively, the two added data can be split into upper 32-bit sub data and lower 32-bit sub data respectively, the upper 32 bits are processed through one thread to obtain homomorphic addition results of the two upper 32-bit sub data, the lower 32 bits are processed through another thread to obtain homomorphic addition results of the two lower 32-bit sub data, and since a carry may be generated after the addition, the homomorphic addition results of the upper 32 bits can be updated and stored according to carry information.

The carry information can be sent through the broadcast information, the broadcast information can contain the carry information of each thread, and each thread can perform corresponding carry operation according to the broadcast after receiving the broadcast information.

By the method, homomorphic addition operation can be quickly realized by utilizing a plurality of threads. In addition, when the homomorphic addition result is calculated, the corresponding homomorphic addition result can be calculated based on the Montgomery domain by using the multiplication result of the two ciphertexts and the public key, and the efficiency of homomorphic addition operation is further improved.

The GPU multiplier is explained below.

Wherein the multiplier is used for realizing semi-homomorphic multiplication operation. Optionally, the local data of the first participant may be local data used for performing a semi-homomorphic multiplication operation with the encrypted data, and the local data may be unencrypted plaintext data to implement the semi-homomorphic multiplication operation.

The encrypted data is split into a first number of first sub-data, and the local data is split into a second number of second sub-data.

Correspondingly, performing, by using multiple threads, a semi-homomorphic multiplication operation in parallel according to multiple first subdata and multiple second subdata may include: traversing the first amount of first subdata and the second amount of second subdata to obtain a third amount of data pairs, wherein each data pair comprises one first subdata and one second subdata, and the third amount is the product of the first amount and the second amount; allocating a thread for each data pair; calculating the power of N of first subdata in a corresponding data pair and performing modulus on the square of a public key through each thread to obtain a semi-homomorphic multiplication result of the first subdata and second subdata; and obtaining semi-homomorphic multiplication results of the first subdata and the second subdata according to each thread, and determining the semi-homomorphic multiplication results of the encrypted data and the local data.

And when the second subdata is not larger than a preset value, the N is the second subdata, and when the second subdata is larger than the preset value, the N is a difference value between the second subdata and the public key.

Optionally, the preset value may be a boundary point between positive and negative values of the data, which is generally one third of the public key. Specifically, the calculated data is obtained by integer coding the original data, and if the coded data is not greater than the preset value, the original data is a positive value, and power-mode operation can be directly performed; if the encoded data is larger than the preset value, the negative value of the original data is indicated, and the negative value and the public key can be subtracted to perform power modulus operation. Specifically, the following proof procedure can be referred to.

In calculating the product of k and m, the ciphertext E (m, r)₁) Decrypting after k times of the power, namely obtaining a product m of the corresponding plaintext, wherein the specific proving process can refer to the following formula:

thus, g can be calculated^kmmod n²To determine the corresponding semi-homomorphic multiplication result.

Optionally, in calculating g^km mod n²When k is greater than

Is equivalent to g^(-1)(n-k)m mod n²The inverse operation can be performed to realize the calculation acceleration.

Specifically, since g is n +1, the binomial expansion is due to

n-r is 2 or more^n-rIs n²Multiple of (d), modulo n²Is 0, so there are:

g^m(k-n)mod n²≡g^mkmod n²

therefore, g can be used^m(k-n)mod n²To calculate a semi-homomorphic multiplication result.

In actual computation, consider a cirher₁Is the first subdata, plain is the second subdata, n²Is the square of the public key n, when the second sub-data plain is not more than the preset value (one third of n), directly calculates

That is, n is calculated as the power of the second subdata of the first subdata²And performing modulus obtaining to obtain a semi-homomorphic multiplication result of the first subdata and the second subdata. When the second sub-data plain is larger than the preset value, a semi-homomorphic multiplication result of the first sub-data and the second sub-data can be obtained based on the inverse operation.

Optionally, when performing semi-homomorphic multiplication, data may also be converted into a montgomery domain for processing, so as to further improve the processing efficiency of semi-homomorphic multiplication.

In this embodiment, in order to implement multi-thread parallel processing, a first amount of the first sub-data and a second amount of the second sub-data may be traversed to obtain a third amount of data pairs, and threads may be allocated according to the data pairs.

In a simple example, when performing semi-homomorphic multiplication on the encrypted data and the local data, the encrypted data and the local data are both 64 bits, and are split into 2 first sub-data and 2 second sub-data, where each sub-data has 32 bits.

Then, 2 × 2 — 4 threads are required to perform parallel processing, each thread processing a thread pair, where the first thread processes the upper 32 bits of the encrypted data and the upper 32 bits of the local data, the second thread processes the upper 32 bits of the encrypted data and the lower 32 bits of the local data, the third thread processes the lower 32 bits of the encrypted data and the upper 32 bits of the local data, and the fourth thread processes the lower 32 bits of the encrypted data and the lower 32 bits of the local data.

After each thread obtains the semi-homomorphic multiplication result of the corresponding subdata, the semi-homomorphic multiplication result of the encrypted data and the local data can be determined according to the semi-homomorphic multiplication result obtained by each thread.

Optionally, the results obtained by the four threads may be added to obtain a semi-homomorphic multiplication result of the encrypted data and the local data. When adding, the multiplication result of the two upper 32-bit sub data can be shifted to the left by 64 bits relative to the multiplication result of the two lower 32-bit sub data; the multiplication result of the upper 32-bit sub data and the lower 32-bit sub data may be shifted left by 32 bits with respect to the multiplication result of the two lower 32-bit sub data.

By the method, the semi-homomorphic multiplication operation can be quickly realized through parallel processing of a plurality of threads, different operations can be executed according to the size of the second subdata during calculation, and the efficiency of the semi-homomorphic multiplication can be further improved.

The GPU decryption operator is explained below.

And the decryption operator is used for carrying out decryption operation on the data. Optionally, performing, by using multiple threads, a decryption operation on the multiple fourth sub-data in parallel to obtain a decrypted operation result, which may include: allocating a thread to each fourth subdata; performing exponentiation operation on corresponding fourth subdata according to a private key through each thread, and calculating a decryption result corresponding to the fourth subdata according to an exponentiation result and a public key; and obtaining a decrypted operation result according to the decryption results corresponding to the plurality of fourth subprograms.

Specifically, the decryption may refer to the following formula:

the content of each symbol may refer to the foregoing formula, and is not described herein again. During decryption, an exponentiation operation is performed, that is, the power of the private key of the fourth subdata is solved, and then a corresponding plaintext is obtained through further calculation according to an exponentiation result. By the method, the data can be quickly decrypted by parallel processing of a plurality of threads.

GPU floating point decoding (decode) is described below.

The floating point decoding is used for converting integer data into floating point data. After the decrypted operation result is obtained, the decrypted operation result may be processed according to the attribute information of the floating-point type data and the public key, so as to obtain the decrypted operation result of the floating-point type. The attribute information of the floating-point data may include conversion exponent, conversion base number, and the like. Specifically, the following formula can be referred to:

wherein x is the decrypted operation result, decode (x) represents the decoded floating-point data, and the meanings of other symbols in the formula can refer to the formula, which is not described herein again.

By the method, the operation result of homomorphic addition operation and/or semi-homomorphic multiplication operation can be converted into floating point data, so that the finally obtained data can meet the output requirement, and the output adaptability of homomorphic operation is improved.

Through the content of each part, the dense state operation based on the GPU parallel computation can be realized, and the task time is shortened. Further, the present invention also provides practical experimental results obtained by using the above-described scheme.

Specifically, an Intel Xeon (R) Gold 6132CPU @2.5GHz and a TeslaV100GPU are adopted for testing, and the processing performance of the CPU serial computing scheme and the scheme is compared: in the encryption operation, the CPU is expressed as 15.3kops (thousand operations/second), the scheme is expressed as 20kops, and the promotion is 1.3 times; in the homomorphic addition operation, the CPU is represented as 114.20kops, the scheme is represented as 2200kops, and 20X is increased; in the semi-homomorphic multiplication operation, the CPU is represented as 93.49kops, the scheme is represented as 313kops, and the promotion is 3.3X; in the decryption operation, the CPU is represented as 56.6kops, and the scheme is represented as 58kops, which is raised by 1X.

The experimental results show that the efficiency of the dense-state operation can be effectively improved by using the scheme disclosed in the embodiment of the invention, and the method has obvious progress.

On the basis of the technical solutions provided in the foregoing embodiments, optionally, the processing flow may be implemented based on Python. Specifically, each processing operation can be packaged into a corresponding Python operator, such as an encryption operator, an addition operator, a multiplication operator, a decryption operator and the like, and the corresponding operator is directly called in actual use, so that the interface is simple, secondary development is supported, the development difficulty is effectively reduced, and the development efficiency is improved.

Fig. 8 is a schematic structural diagram of a data processing apparatus according to an embodiment of the present invention. The apparatus may be applied to a first participant of a plurality of participants conducting a multi-party security computation. As shown in fig. 8, the data processing apparatus may include:

a receiving module 801, configured to receive encrypted data sent by a second participant in the multiple participants, and determine local data used for performing an operation with the encrypted data;

a splitting module 802, configured to split the encrypted data into a plurality of first subdata, and split the local data into a plurality of second subdata;

the processing module 803 is configured to perform homomorphic addition operation and/or semi-homomorphic multiplication operation according to the plurality of first subdata and the plurality of second subdata in parallel through the plurality of threads to obtain an encrypted operation result;

an output module 804, configured to output the encrypted operation result, so that a party that obtains the operation result decrypts the operation result to obtain a plaintext result.

The data processing apparatus provided in this embodiment may receive, by a first party, encrypted data sent by a second party, determine local data used for performing an operation with the encrypted data, split the encrypted data into a plurality of first sub-data, split the local data into a plurality of second sub-data, and perform homomorphic addition operation and/or semi-homomorphic multiplication operation in parallel according to the plurality of first sub-data and the plurality of second sub-data through a plurality of threads to obtain and output an encrypted operation result, so that a ciphertext may be processed in parallel based on the plurality of threads, an operation result of a homomorphic ciphertext may be determined quickly and accurately, time consumed by the ciphertext operation is shortened, operation efficiency is improved, and a processing requirement of the homomorphic ciphertext operation is met.

In one possible implementation, the splitting module 802 is further configured to:

determining the number of threads contained in each thread block;

correspondingly, when the processing module 803 performs homomorphic addition operation and/or semi-homomorphic multiplication operation on the plurality of first subdata and the plurality of second subdata in parallel through the plurality of threads, it is specifically configured to:

In a possible implementation manner, the local data is encrypted local data used for performing homomorphic addition operation with the encrypted data;

correspondingly, when the processing module 803 performs homomorphic addition operation in parallel according to the plurality of first subdata and the plurality of second subdata through the plurality of threads, the processing module is specifically configured to:

allocating a thread for each first subdata, wherein the thread is used for calculating a homomorphic addition result of the first subdata and second subdata of a corresponding bit;

In a possible implementation manner, the local data is local data used for performing a semi-homomorphic multiplication operation with the encrypted data; the encrypted data is split into a first number of first subdata, and the local data is split into a second number of second subdata;

correspondingly, when the processing module 803 performs a semi-homomorphic multiplication operation in parallel according to the plurality of first subdata and the plurality of second subdata through the plurality of threads, the processing module is specifically configured to:

traversing the first subdata with the first quantity and the second subdata with the second quantity to obtain a third quantity of data pairs, wherein each data pair comprises one first subdata and one second subdata, and the third quantity is the product of the first quantity and the second quantity;

allocating a thread to each data pair;

In a possible implementation manner, when receiving the encrypted data sent by the second party of the multiple parties, the receiving module 801 is specifically configured to:

the processing module 803 is further configured to:

if the first participant is a data provider, splitting the data to be calculated, which is stored locally, into a plurality of third subdata;

the processing module 803 is further configured to:

In a possible implementation manner, when the processing module 803 performs an encryption operation on the plurality of third subdata in parallel through a plurality of threads to obtain encrypted data to be calculated, the processing module is specifically configured to:

allocating a thread for each third subdata;

In a possible implementation manner, when the processing module 803 performs a decryption operation on the plurality of fourth sub-data in parallel through a plurality of threads to obtain a decrypted operation result, the processing module is specifically configured to:

allocating a thread to each fourth subdata;

In a possible implementation manner, if the data to be calculated is floating-point data, when the data to be calculated stored locally is split into a plurality of third sub-data, the processing module 803 is specifically configured to:

converting the floating-point data into integer data;

the integer data obtained by conversion is subjected to residue-taking on the public key to obtain encoded data;

splitting the coded data to obtain a plurality of third subdata;

correspondingly, the processing module 803 is further configured to: and after the decrypted operation result is obtained, processing the decrypted operation result according to the attribute information of the floating-point data and the public key to obtain the decrypted operation result of the floating-point type.

The data processing apparatus provided in any of the foregoing embodiments is configured to execute the technical solution of any of the foregoing method embodiments, and the implementation principle and the technical effect are similar, which are not described herein again.

Fig. 9 is a schematic structural diagram of a data processing apparatus according to an embodiment of the present invention. As shown in fig. 9, the apparatus may include: a memory 901, a processor 902 and a data processing program stored on the memory 901 and executable on the processor 902, the data processing program, when executed by the processor 902, implementing the steps of the data processing method according to any of the preceding embodiments.

Alternatively, the memory 901 may be separate or integrated with the processor 902.

For the implementation principle and the technical effect of the device provided by this embodiment, reference may be made to the foregoing embodiments, and details are not described here.

An embodiment of the present invention further provides a computer-readable storage medium, where a data processing program is stored on the computer-readable storage medium, and when the data processing program is executed by a processor, the data processing program implements the steps of the data processing method according to any of the foregoing embodiments.

An embodiment of the present invention further provides a computer program product, which includes a computer program, and when the computer program is executed by a processor, the computer program implements the method described in any of the foregoing embodiments.

In the several embodiments provided in the present invention, it should be understood that the disclosed apparatus and method may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the modules is only one logical functional division, and other divisions may be realized in practice, for example, a plurality of modules may be combined or integrated into another system, or some features may be omitted, or not executed.

The integrated module implemented in the form of a software functional module may be stored in a computer-readable storage medium. The software functional module is stored in a storage medium and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device) or a processor to execute some steps of the methods according to the embodiments of the present invention.

It should be understood that the Processor may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of a method disclosed in connection with the present invention may be embodied directly in a hardware processor, or in a combination of the hardware and software modules within the processor.

The memory may comprise a high-speed RAM memory, and may further comprise a non-volatile storage NVM, such as at least one disk memory, and may also be a usb disk, a removable hard disk, a read-only memory, a magnetic or optical disk, etc.

The storage medium may be implemented by any type or combination of volatile or non-volatile memory devices, such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disks. A storage media may be any available media that can be accessed by a general purpose or special purpose computer.

An exemplary storage medium is coupled to the processor such the processor can read information from, and write information to, the storage medium. Of course, the storage medium may also be integral to the processor. The processor and the storage medium may reside in an Application Specific Integrated Circuits (ASIC). Of course, the processor and the storage medium may reside as discrete components in an electronic device or host device.

It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.

The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.

Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal device (such as a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present invention.

The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.

Claims

1. A data processing method for use by a first one of a plurality of parties performing a multi-party security computation, the method comprising:

2. The method of claim 1, further comprising:

determining the number of threads contained in each thread block;

determining the number of threads required by the encrypted data according to the number of bits of the encrypted data and the processable number of bits of each thread;

3. The method of claim 1, wherein the local data is encrypted local data for homomorphic addition with the encrypted data;

4. The method of claim 1, wherein the local data is local data for semi-homomorphic multiplication with the encrypted data; the encrypted data is split into a first number of first subdata, and the local data is split into a second number of second subdata;

allocating a thread to each data pair;

5. The method of any of claims 1-4, wherein receiving encrypted data sent by a second party of the plurality of parties comprises:

the method further comprises the following steps:

6. The method of claim 5, wherein performing an encryption operation on the third sub-data in parallel through a plurality of threads to obtain encrypted data to be computed comprises:

allocating a thread for each third subdata;

7. The method of claim 5, wherein performing a decryption operation on the plurality of fourth sub-data in parallel through a plurality of threads to obtain a decrypted operation result comprises:

allocating a thread to each fourth subdata;

performing exponentiation operation on corresponding fourth subdata according to a private key through each thread, and calculating a decryption result corresponding to the fourth subdata according to the exponentiation result and a public key;

8. The method of claim 5, wherein if the data to be computed is floating-point data, splitting the locally stored data to be computed into a plurality of third sub-data, comprising:

converting the floating-point data into integer data;

splitting the coded data to obtain a plurality of third subdata;

9. A data processing apparatus for application to a first one of a plurality of parties performing a multi-party secure computation, the apparatus comprising:

10. A data processing apparatus, characterized in that the data processing apparatus comprises: memory, a processor and a data processing program stored on the memory and executable on the processor, the data processing program, when executed by the processor, implementing the steps of the data processing method according to any one of claims 1 to 8.

11. A computer-readable storage medium, on which a data processing program is stored, which when executed by a processor implements the steps of the data processing method according to any one of claims 1 to 8.

12. A computer program product comprising a computer program, characterized in that the computer program realizes the method of any of claims 1-8 when executed by a processor.