CN115102688A - Data processing method, polynomial calculation method and electronic equipment - Google Patents

Data processing method, polynomial calculation method and electronic equipment Download PDF

Info

Publication number
CN115102688A
CN115102688A CN202211016455.3A CN202211016455A CN115102688A CN 115102688 A CN115102688 A CN 115102688A CN 202211016455 A CN202211016455 A CN 202211016455A CN 115102688 A CN115102688 A CN 115102688A
Authority
CN
China
Prior art keywords
ciphertext
data
homomorphic
encryption
ciphertext data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202211016455.3A
Other languages
Chinese (zh)
Other versions
CN115102688B (en
Inventor
秦体红
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Infosec Technologies Co Ltd
Original Assignee
Beijing Infosec Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Infosec Technologies Co Ltd filed Critical Beijing Infosec Technologies Co Ltd
Priority to CN202211016455.3A priority Critical patent/CN115102688B/en
Publication of CN115102688A publication Critical patent/CN115102688A/en
Application granted granted Critical
Publication of CN115102688B publication Critical patent/CN115102688B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/008Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Abstract

The embodiment of the application provides a data processing method, a polynomial calculation method and electronic equipment. Wherein the method comprises the following steps: determining an encryption parameter for homomorphic encryption of target data; acquiring an encryption layer corresponding to the target data; the encryption level is an Nth encryption level used for reflecting the Nth encryption of the target data, and N is not more than two; and homomorphic encryption is carried out on the target data based on the encryption parameters and the encryption levels to obtain ciphertext data corresponding to the target data. By adopting the technical scheme provided by the embodiment of the application, the encryption performance of homomorphic encryption of data can be well improved.

Description

Data processing method, polynomial calculation method and electronic equipment
Technical Field
The present application relates to the field of computer technologies, and in particular, to a data processing method, a polynomial calculation method, and an electronic device.
Background
With the wide application of cloud computing technology, especially a large number of electronic commerce transactions on a cloud computing server, how to safely and effectively protect user privacy and security becomes a hot spot in the field of current cryptography research. In order to ensure the safety in the data transmission process, the homomorphic encryption technology is widely applied. The homomorphic encryption technology is a cryptography technology based on the computation complexity theory of data full body, data which is subjected to homomorphic encryption is processed to obtain an output, the output is decrypted, and the result decrypted by the output is the same as the output result obtained by processing unencrypted original plaintext data by the same method.
In the existing homomorphic encryption technical scheme, the problems of low encryption performance and low calculation efficiency exist when ciphertext data obtained by homomorphic encryption is used for carrying out quadratic polynomial homomorphic calculation.
Disclosure of Invention
In view of the above, the present application provides a data processing method, a polynomial calculation method and an electronic device that solve the above problems or at least partially solve the above problems.
In a first embodiment of the present application, a data processing method is provided. The method comprises the following steps:
determining an encryption parameter for homomorphic encryption of target data;
acquiring an encryption layer corresponding to the target data; the encryption level is an Nth encryption level used for reflecting the Nth encryption of the target data, and N is not more than two;
and homomorphic encryption is carried out on the target data based on the encryption parameters and the encryption levels to obtain ciphertext data corresponding to the target data.
In a second embodiment of the present application, a data processing method is also provided. The method comprises the following steps:
acquiring first ciphertext data and second ciphertext data; the first ciphertext data and the second ciphertext data are obtained by homomorphically encrypting first target data and second target data respectively according to the data processing method provided in the first embodiment of the application;
determining an encryption level corresponding to first target data corresponding to the first ciphertext data and an encryption level corresponding to second target data corresponding to the second ciphertext data;
and homomorphic operation is carried out on the first ciphertext data and the second ciphertext data according to the encryption level corresponding to the first target data and the encryption level corresponding to the second target data.
In a third embodiment of the present application, a polynomial calculation method is also provided. The method comprises the following steps:
acquiring a target polynomial; wherein the target polynomial is a finite quadratic polynomial;
determining a plurality of terms contained in the target polynomial and operational relations among the plurality of terms;
according to the data processing method provided in the first embodiment of the present application, each item in the plurality of items is encrypted at a first level to obtain ciphertext data corresponding to each item;
performing homomorphic operation on ciphertext data corresponding to each item based on the operation relation among the items and the data processing method provided in the second embodiment of the application to obtain homomorphic operation results;
and determining the calculation result of the target polynomial according to the homomorphic operation result.
In a fourth embodiment of the present application, an electronic device is provided. The electronic device includes: a memory and a processor, wherein the memory is configured to store one or more computer programs; the processor is coupled to the memory, and configured to execute the one or more computer programs stored in the memory, so as to implement the steps in the data encryption method provided in the first embodiment of the present application, or implement the steps in the data operation method provided in the second embodiment of the present application, or implement the steps in the polynomial calculation method provided in the third embodiment of the present application.
In one technical scheme provided by the application, on the basis of determining an encryption parameter for homomorphic encryption of target data, an encryption level corresponding to the target data is obtained, wherein the encryption level is an Nth encryption level used for reflecting the Nth encryption of the target data, and N is not more than two; and then homomorphic encryption is carried out on the target data based on the encryption parameters and the encryption parameters so as to obtain ciphertext data corresponding to the target data. By using the technical scheme to perform homomorphic encryption on the target data, the encryption performance of homomorphic encryption of the data can be well improved.
In another technical solution provided by the present application, first ciphertext data and second ciphertext data are obtained, where the first ciphertext data and the second ciphertext data are obtained by performing homomorphic encryption on first target data and second target data respectively according to a data processing method provided by a first embodiment of the present application; then, further determining an encryption level corresponding to first target data corresponding to the first ciphertext data and an encryption level corresponding to second target data corresponding to the second ciphertext data; and performing homomorphic operation on the first ciphertext data and the second ciphertext data according to the encryption hierarchy corresponding to the first target data and the encryption hierarchy corresponding to the second target data. By using the technical scheme, the ciphertext data (such as the first ciphertext data and the second ciphertext data) with better encryption performance can be obtained, and the calculation efficiency among the ciphertext data can be effectively improved.
In another technical solution provided by the present application, after a target polynomial which is a finite quadratic polynomial is obtained, a plurality of terms included in the target polynomial and an operation relationship between the plurality of terms are determined; according to the data processing method provided by the first embodiment of the application, each item in the plurality of items is encrypted for the first level, so that ciphertext data corresponding to each item is obtained; further, based on the operation relationship among the plurality of terms and the data processing method provided in the first embodiment of the present application, homomorphic operation is performed on the ciphertext data corresponding to each term to obtain a corresponding homomorphic operation result, so that the calculation result of the target polynomial is determined according to the homomorphic operation result. The technical scheme provided by the embodiment can effectively improve the encryption performance of each item in the quadratic polynomial, and simultaneously realize the privacy calculation of the quadratic polynomial, and the calculation efficiency is high.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings required to be utilized in the description of the embodiments or the prior art are briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present application, and other drawings can be obtained according to the drawings without creative efforts for those skilled in the art.
Fig. 1 is a schematic diagram of a homomorphic encryption principle provided in an embodiment of the present application;
fig. 2 is a schematic flowchart of a data processing method according to an embodiment of the present application;
fig. 3 is a schematic flowchart of a data processing method according to another embodiment of the present application;
fig. 4 is a schematic flowchart of a polynomial calculation method according to an embodiment of the present application;
FIG. 5 is a schematic diagram of a polynomial calculation provided in an embodiment of the present application;
fig. 6 is a schematic structural diagram of a data processing apparatus according to an embodiment of the present application;
fig. 7 is a schematic structural diagram of a data processing apparatus according to another embodiment of the present application;
FIG. 8 is a schematic structural diagram of a polynomial computing device according to an embodiment of the present application;
fig. 9 is a schematic structural diagram of an electronic device according to an embodiment of the application.
Detailed Description
With the wide application of cloud computing technology, especially a large number of electronic commerce transactions on a cloud computing server, how to safely and effectively protect user privacy and security becomes a hotspot in the field of current cryptology research. If the data of the user is directly transmitted and stored in a clear text form, some sensitive data (such as user identity information) may be exposed to a cloud service provider, and a series of security problems are caused to the confidential data of the user. In order to ensure the safety in the data transmission process, the homomorphic encryption technology is widely applied. The data are encrypted by utilizing the homomorphic encryption technical scheme to obtain corresponding ciphertext data, and then the ciphertext data are sent to the cloud end, when a series of operations such as uploading, downloading, deleting, updating, retrieving, calculating and the like are carried out on the data at the cloud end, the ciphertext data are all the ciphertext data, so that the risks that the data are intercepted, copied, tampered or forged and the like in the transmission process can be avoided, and the risk that a data storage party leaks the data or is broken at a server end can also be avoided.
The high-performance data homomorphic encryption scheme is beneficial to improving the efficiency of artificial intelligence, privacy protection, safe multi-party computation and the like. At present, although various existing homomorphic encryption schemes are available, the problem of low encryption performance still exists. In addition, in the existing homomorphic encryption scheme, although the quadratic polynomial is calculated on the encrypted ciphertext data and the calculation efficiency is relatively high, compared with the standard public key encryption, the calculation efficiency is still far lower than that of the standard public key encryption.
In order to solve the above technical problem, embodiments of the present application provide a data processing method, a polynomial calculation method, and an electronic device. By utilizing the technical scheme provided by the application, the homomorphic encryption performance of the data can be effectively improved, and the calculation efficiency of the polynomial homomorphic calculation can also be effectively improved. In order to make the technical solutions better understood by those skilled in the art, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application.
In some of the flows described in the specification, claims, and above-described figures of the present application, a number of operations are included that occur in a particular order, and these operations may be performed out of order or in parallel as they occur herein. The sequence numbers of the operations, e.g., 101, 102, etc., are merely used to distinguish between the various operations, and the sequence numbers themselves do not represent any order of execution. Additionally, the flows may include more or fewer operations, and the operations may be performed sequentially or in parallel. It should be noted that, the descriptions of "first", "second", etc. in this document are used for distinguishing different messages, devices, modules, etc., and do not represent a sequential order, nor do they limit the types of "first" and "second". In the present application, the term "or/and" is only one kind of association relationship describing the associated object, and means that three relationships may exist, for example: a or/and B, which means that A can exist independently, A and B can exist simultaneously, and B can exist independently; the "/" character in this application generally indicates that the objects associated with each other are in an "or" relationship. It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a good or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such good or system. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a commodity or system that includes the element. In addition, the embodiments described below are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Before the methods provided by the embodiments of the present application are introduced, for the convenience of understanding the present solution, a detailed description of homomorphic encryption is provided.
Homomorphic Encryption (HE) refers to an Encryption algorithm meeting the Homomorphic operation property of ciphertext, that is, after data is Homomorphic encrypted to obtain corresponding ciphertext data, specific calculation is performed on the ciphertext data, and the plaintext obtained by performing corresponding Homomorphic decryption on the calculation result of the ciphertext data is equivalent to directly performing the same calculation on the plaintext data, so that the data can be calculated and invisible. The effect of implementing homomorphic encryption can be seen from the principle diagram of homomorphic encryption shown in fig. 1.
In specific implementation, if one Homomorphic Encryption algorithm supports any form of calculation on ciphertext data, the algorithm is called Fully Homomorphic Encryption (FHE); if partial form calculation of ciphertext data is supported, such as only addition, only multiplication, or limited addition and multiplication, it is called semi-Homomorphic Encryption (swe) or Partial Homomorphic Encryption (PHE). In general, since any computation is constructed by addition and multiplication, if the encryption algorithm satisfies both addition homomorphism and multiplication homomorphism, it can be said that it satisfies full homomorphism. In the technical solution of homomorphic data encryption provided in this embodiment, homomorphic data encryption satisfies both addition homomorphism and multiplication homomorphism, that is, homomorphic data encryption in this solution satisfies full homomorphism.
The following specifically describes the method provided in the embodiments of the present application.
The executing bodies of the methods provided in the following embodiments may be respectively corresponding apparatuses, for example, the executing body of the data processing scheme provided in an embodiment may be its corresponding data processing apparatus. The apparatus may be hardware integrated on an electronic device, and may also be application software installed in the electronic device, and may also be tool software embedded in an operating system of the device, and the like, which is not limited in this embodiment of the present application. The electronic equipment can be a client or a server with a logic operation function; the client can be any terminal device such as a mobile phone, a tablet computer and an intelligent wearable device, the server can be a common server, a cloud end or a virtual server, and the embodiment of the application is not particularly limited to this.
Fig. 2 is a schematic flowchart illustrating a data processing method according to an embodiment of the present application. The data processing method is mainly used for realizing homomorphic encryption of target data to be encrypted so as to improve the encryption performance of homomorphic encryption of the data. As shown in fig. 2, the data processing method includes the steps of:
101. determining an encryption parameter for homomorphic encryption of target data;
102. acquiring an encryption layer corresponding to the target data; the encryption level is an Nth encryption level used for reflecting the Nth encryption of the target data, and N is not more than two;
103. and homomorphic encryption is carried out on the target data based on the encryption parameters and the encryption levels to obtain ciphertext data corresponding to the target data.
In the foregoing 101, the type of the target data may be audio and video data in an audio and video transmission process, or may also be text data, picture data, and the like in a file information transmission process, which is not limited herein. The specific type of the target data may be determined according to an application scenario of data encryption.
Further, in the present embodiment, an SM9 identity cryptographic algorithm (hereinafter referred to as SM9 algorithm) may be used to determine the encryption parameters for homomorphic encryption of the target data. The SM9 algorithm is a cryptographic algorithm based on a bilinear pairing structure on an elliptic curve point group, and comprises four functions of digital signature, public key encryption, key encapsulation and key exchange; wherein bilinear pairings refer to grouping two addition cycles (i.e., G) 1 And G 2 ) Joint mapping to another multiply Loop group G T A mapping of (2). In elliptic cryptography applications, a bilinear pair is a mapping that maps two elliptic curve cyclic point groups onto one multiplicative cyclic group, with the requirement of linearity invariance. Suppose there are two additive cyclic groups, i.e. G 1 And G 2 And a multiplication loop group G T Wherein G is 1 、G 2 And G T The number of elements is prime M, P 1 And P 2 Are each G 1 And G 2 The generator of (2). Bilinear pair e is the mapping G 1 ×G 2 →G T Which satisfies the following conditions:
1) bilinear: for any F e G 1 And D ∈ G 2 For any natural numbers a and b, the following equations hold: e ([ a ]]F,[b]D )=e( F,D ) ab Wherein, the]Calculating a sign for a scalar multiplication on a group, the scalar multiplication being a scalar multiplication by a vector (the product being a vector);
2) non-degradability: e (P) 1 ,P 2 )≠1;
3) Calculability: for any F e G 1 And D ∈ G 2 There is a method to efficiently calculate e (F, D) ≠ 1.
And if each element in the G can be expressed as the square power of P, the G is called a cyclic group generated by the P, and the P is called a generator of the group G and is marked as the P belongs to the G.
The above SM9 algorithm requires the use of system parameters (G) 1 、G 2 、G T 、e、P 1 、P 2 ) It can be chosen with a Key Generation Center (KGC); wherein, KGC is a trusted authority in SM9 cryptosystem, which is mainly used to select SM9 algorithm system parameters, generate master key (master private key) and generate private key, etc., and the key generation center is provided with a key of [1, n-1 ]]And a corresponding primary public key Ppub = [ s ]) to a randomly selected integer type of the master private key s]P。
Based on the above description of the SM9 algorithm, in the present embodiment, the encryption parameters for homomorphic encryption of the target data can be determined by the SM9 algorithm, in particular, through the key generation center. Specifically, in a specific implementation technical solution, the determining 101 "the encryption parameter for homomorphic encrypting the target data" may include the following steps:
1011. acquiring respective generating elements of the two addition cycle groups;
1012. determining a homomorphic private key;
1013. determining a homomorphic public key based on the generator and the homomorphic private key;
1014. determining a plurality of elements contained in a multiplication cycle group by using the homomorphic public key and the generator; wherein the two addition cycle groups and the multiplication cycle group satisfy a bilinear mapping.
In 1011 to 1012, the generator and the homomorphic private key of each of the two addition round groups are selectively generated by a Key Generation Center (KGC). In specific implementation, the homomorphic private key includes two private keys, i.e. a first private key and a second private key, and can be generated randomly as two random integers, such as a random integer s 1 And s 2 Two private keys included as homomorphic private keys, e.g. random integer s 1 As the first private key contained in the homomorphic private key, a random integer s 2 A second private key comprised as a homomorphic private key. Wherein s is 1 And s 2 ∈Z r ,Z r Is a finite field of modulo r.
1013, the determined homomorphic public key corresponds to the homomorphic private keyTwo public keys, a first public key and a second public key, are also included. In one embodiment, two addition rounds are provided including a first addition round G 1 And a second addition cyclic group G 2 The first public key may be based on the first addition cyclic group G 1 First generator P of 1 And a first private key S of the homomorphic private keys 1 Determined, and the second public key may be based on the second addition cycle G 2 Second generator P of (2) 2 And a second private key S of the homomorphic private keys 2 And (4) determining. Specifically, let the first public key be Q 1 The second public key is Q 2 Then, the calculation expression form of the first public key and the second public key is as follows: q 1 =[s 1 ]P 1 ,Q 2 =[s 2 ]P 2
In 1014, a plurality of elements included in the multiplication loop group can be obtained by performing bilinear mapping calculation on the generator and the homomorphic public key. Specifically, the step 1013 mentioned above, determining the plurality of elements included in the multiplication cycle group includes the following steps:
for the first addition cycle group G 1 First generator P of 1 And a second addition cyclic group G 2 Second generator P of 2 Performing bilinear mapping calculation to obtain a first element in the multiplication cyclic group;
for the first addition cycle group G 1 First generator P of 1 With a second public key Q of the homomorphic public keys 2 Carrying out bilinear mapping calculation to obtain a second element in the multiplication cyclic group;
for the first public key Q in the homomorphic public key 1 And a second addition cyclic group G 2 Second generator P of (2) 2 Carrying out bilinear mapping calculation to obtain a third element in the multiplication cyclic group;
for the first public key Q in the homomorphic public key 1 With a second public key Q 2 And carrying out bilinear mapping calculation to obtain a fourth element in the multiplication cyclic group.
The method comprises the following steps: the number of the plurality of elements included in the multiplication loop group is four, that is, the first element, the second element, the third element, and the fourth element. In particular, the amount of the solvent to be used,let the first element, the second element, the third element and the fourth element be g 1 、g 2 、g 3 And g 4 Then, the calculation expression form of the four elements included in the multiplication cycle group may be specifically as follows:
g 1 =e( P 1 ,P 2 )=g, g 2 =e( P 1 ,Q 2 )=g s2
g 3 =e( Q 1 ,P 2 )=g s1 , g 4 =e( Q 1 ,Q 2 )=g s1s2
it should be added that, besides the homomorphic private key is hidden, some other parameters, such as the generator of the addition cyclic group, the homomorphic public key, and multiple elements included in the multiplication cyclic group, may be published to the outside for use in decryption computation analysis.
In 102, the purpose of obtaining the encryption hierarchy corresponding to the target data is to: and subsequently, according to the encryption level corresponding to the target data, performing homomorphic encryption processing on the target data by using different parameters in the determined encryption parameters so as to improve the encryption performance of homomorphic encryption on the target data. The encryption level is an Nth encryption level used for reflecting the Nth encryption of the target data, N is an integer and is more than 0 and less than or equal to 2, namely the value of N is 1 and 2. For example, if the encryption hierarchy is a first encryption hierarchy, the reflection is that the encryption processing of the first hierarchy is performed on the target data; if the encryption level is the second encryption level, the second-level encryption processing is performed on the target data, and the target data is the data which has been subjected to the one-level encryption processing.
After the encryption level corresponding to the target data is obtained, if the encryption level is the first encryption level, homomorphic encryption can be performed on the target data by using homomorphic public keys in the encryption parameters and respective generating elements of the two addition cycle groups; if the encryption level is the second encryption level, the target data may be encrypted using a plurality of elements included in the multiplication loop group in the encryption parameter. That is, in a specific implementation technical solution, the "performing homomorphic encryption on the target data based on the encryption parameter and the encryption hierarchy to obtain ciphertext data corresponding to the target data" in the above 103 may specifically include:
1031. under the condition that the encryption hierarchy is a first encryption hierarchy, homomorphic encryption is carried out on the target data based on the generator and the homomorphic public key to obtain the ciphertext data;
1032. and under the condition that the encryption hierarchy is a second encryption hierarchy, homomorphic encryption is carried out on the target data based on the plurality of elements to obtain the ciphertext data.
1031, as can be seen from the above description related to step 101, the homomorphic public key includes a first public key Q 1 And a second public key Q 2 The two addition cycle groups include a first addition cycle group G 1 And a second addition cyclic group G 2 And the first addition cycle group G 1 Is the first generator P 1 A second addition cyclic group G 2 Is the second generator P 2 In specific implementation, when the encryption hierarchy is the first encryption hierarchy, the first public key Q is included based on the homomorphic public key 1 And a second public key Q 2 And a first addition cycle group G 1 First generator P of 1 A second generator P of a second addition cycle group 2 And performing homomorphic encryption on the target data to further obtain corresponding ciphertext data. In particular, it may be based on the first public key Q 1 And a first generator P 1 Performing homomorphic encryption on the target data to obtain first ciphertext data; based on the second public key Q 2 And a second generator P 2 Performing homomorphic encryption on the target data to obtain second ciphertext data; and obtaining ciphertext data corresponding to the target data based on the first ciphertext data and the second ciphertext data.
That is, the step 1031 of homomorphically encrypting the target data based on the generator and the homomorphic public key to obtain the ciphertext data may specifically include the following steps:
10311. encrypting the target data based on a first public key in the homomorphic public key and a first generator of the first addition cycle group to obtain first ciphertext data
10312. Encrypting the target data based on a second public key in the homomorphic public key and a second generator of the second addition cyclic group to obtain second ciphertext data
10313. And determining ciphertext data corresponding to the target data based on the first ciphertext data and the second ciphertext data.
In specific implementation, the target data may be encrypted based on the first random number, the first public key and the first generator on the basis of randomly generating the first random number and the second random number to obtain first ciphertext data; and processing the target data based on the second random number, the second public key and the second generator to obtain second ciphertext data, and determining ciphertext data corresponding to the target data based on the obtained first ciphertext data and the second ciphertext data. In particular, the amount of the solvent to be used,
the obtaining of the first ciphertext data may be as follows: encrypting the target data by using the first generator, the first public key and the first random number to obtain a first ciphertext; determining a second ciphertext based on the first random number and the first generator; and determining first ciphertext data according to the first ciphertext and the second ciphertext.
The obtaining of the second ciphertext data may be as follows: encrypting the target data by using the second generator, the second public key and the second random number to obtain a third ciphertext; determining a fourth ciphertext based on the second random number and the second generator; and determining second ciphertext data according to the third ciphertext and the fourth ciphertext.
Respectively recording the ciphertext data corresponding to the target data as C N=1 The first ciphertext data is C 11 The second ciphertext data is C 12 And a first ciphertext c 1 The second ciphertext is c 2 And the third ciphertext is c 3 The fourth ciphertext is c 4 Then, the expression form of the ciphertext data C corresponding to the target data may be as follows:
C N=1 = Enc( Enc Q1 (m),Enc Q2 (m) ) =(C 1 ,C 2 )=(c 1 ,c 2 ,c 3 ,c 4
where Enc denotes an encryption operator, C 11 =(c 1 ,c 2 ),C 12 =(c 3 ,c 4 ) N =1 indicates that the encryption level corresponding to the target data is the first encryption level.
About c 1 ,c 2 ,c 3 And c 4 The specific calculation of (a) will be described in detail hereinafter, and will not be described in detail herein.
Based on the content related to step 1031, in the above 1031, "homomorphic encrypting the target data based on the generator and the homomorphic public key to obtain the ciphertext data" may specifically be implemented by:
s11, generating a first random number and a second random number;
s12, encrypting the target data by using the first random number, the first generator of the first addition cyclic group and the first public key to obtain a first ciphertext;
s13, determining a second ciphertext according to the first random number and the first generator;
s14, encrypting the target data by using the second random number, the second generator of the second addition cycle group and the second public key to obtain a third ciphertext;
s15, determining a fourth ciphertext based on the second random number and the second generator;
s16, determining the ciphertext data according to the first ciphertext, the second ciphertext, the third ciphertext and the fourth ciphertext.
In S11, the first random number and the second random number are generated in the finite field Z r Random integer of (1). For convenience of description, the first random number is denoted as r 1 The second random number is r 2 ,r 1 、r 2 ∈Z r (ii) a And in the following detailed description of the above-mentioned S12-S16, the above-mentioned first generator and second generator will be describedAnd carrying out the matching of the identifiers respectively adopted when the element, the second public key and the first public key are generated.
In S12, the scalar quantity of the target data and the first generator P may be calculated first 1 A first random number r 1 Scalar of (2) and a first public key Q 1 After that, the sum of the first product value and the second product value is used as the first ciphertext c 1 . If the target data is m, then: c. C 1 =[m]P 1 +[r 1 ]Q 1
In S13, the first random number r may be set 1 Scalar of (2) and a first generator P 1 As the second ciphertext c 2 . I.e. c 2 =[r 1 ]P 1
In S14, referring to step S12, similarly, the scalar of the target data m and the second generator P can be calculated first 2 A second random number r, a second product value of 2 Scalar and second public key Q 2 After that, the sum of the first product value and the second product value is used as a third ciphertext c 3 . Namely: c. C 3 =[m]P 2 +[r 2 ]Q 2
In S15, the second random number r may be set 2 Scalar of (2) and a second generator P 2 As a fourth ciphertext c 4 . Namely: c. C 4 =[r 2 ]P 2
In S16, the first ciphertext c is used 1 And a second ciphertext c 2 And a third ciphertext c 3 And a fourth ciphertext c 4 And determining ciphertext data C corresponding to the target data N=1 Can be characterized as follows:
C N=1 =(c 1 ,c 2 ,c 3 ,c 4 )=([m]P 1 +[r 1 ]Q 1 ,[r 1 ]P 1 ,[m]P 2 +[r 2 ]Q 2 ,[r 2 ]P 2
1032 above, according to the above description related to step 101, the number of the plurality of elements included in the multiplication loop group isFour, in particular the first element g 1 A second element g 2 A third element g 3 And a fourth element g 4 . In this step, when the encryption hierarchy corresponding to the target data is the second encryption hierarchy (i.e., N = 2), that is, based on the first element g 1 A second element g 2 A third element g 3 And a fourth element g 4 The target data is homomorphic encrypted to obtain ciphertext data corresponding to the target data, and for convenience of description, the ciphertext data corresponding to the target data obtained in this case is denoted as C N=2 . In an embodiment, 1032 "performing homomorphic encryption on the target data based on the multiple elements to obtain the ciphertext data" may specifically be implemented by:
s21, generating a third random number, a fourth random number and a fifth random number;
s22, encrypting the target data by using the first element, the fourth element and the fifth random number to obtain a fifth ciphertext;
s23, determining a sixth ciphertext according to the second element and the third random number;
s24, determining a seventh ciphertext according to the third element and the fourth random number;
s25, determining an eighth ciphertext based on the first element, the third random number, the fourth random number, and the fifth random number;
and S26, determining the ciphertext data according to the fifth ciphertext, the sixth ciphertext, the seventh ciphertext and the eighth ciphertext.
In S21, the randomly generated third random number, fourth random number, and fifth random number are random integers in the finite field Zr. For convenience of description, the third random number is denoted as r 3 The fourth random number is r 4 And the fifth random number is r 5 ,r 3 、r 4 、r 5 Belongs to Zr. And in the following detailed description of the above-mentioned S22-S26, the above-mentioned target data is referred to as m.
In the above step S22, the target data m may be used asIs a first element g 1 To the power of a fifth random number r 5 As a power of the fourth element, and then the first element g 1 M to the power of and a fourth element g 4 R of 5 The product value of the power is used as the fifth ciphertext. Let the fifth ciphertext be c 5 And then: c. C 5 =(
Figure 743711DEST_PATH_IMAGE001
)。
In S23, the third random number r may be used 3 As a second element g 2 To the power of, a second element g 2 R of 3 The power of which is the sixth ciphertext. Take the sixth ciphertext as c 6 Then: c. C 6 =
Figure 856023DEST_PATH_IMAGE002
In S24, the fourth random number r may be used 4 As a third element g 3 Power of, a third element g 3 R of 4 The power of which is the seventh ciphertext. Take the seventh ciphertext as c 7 Then: c. C 7 =
Figure 909299DEST_PATH_IMAGE003
In S25, the third random number r may be calculated first 3 And a fourth random number r 4 A sum of (d), the sum and a fifth random number r 5 The difference between the first and second elements is raised to the power of the first element, and the first element g is then raised to the power of the second element 1 Raised to the power of the difference value as the eighth ciphertext. Let the eighth ciphertext be c 8 And then: c. C 8 =
Figure 903799DEST_PATH_IMAGE004
In the above step S26, the fifth ciphertext c is obtained 5 And a sixth ciphertext c 6 And a seventh ciphertext c 7 And the eighth ciphertext c 8 And determining ciphertext data C corresponding to the target data N=2 Can be characterized as follows:
C N=2 =(c 5 ,c 6 ,c 7 ,c 8 )=(
Figure 451455DEST_PATH_IMAGE005
Figure 152695DEST_PATH_IMAGE002
Figure 127604DEST_PATH_IMAGE003
Figure 609401DEST_PATH_IMAGE004
according to the technical scheme provided by the embodiment, on the basis of determining the encryption parameter for homomorphic encryption of the target data, the encryption level corresponding to the target data is also obtained, wherein the encryption level is the Nth encryption level used for reflecting the Nth encryption of the target data, and N is not more than two; and then homomorphic encryption is carried out on the target data based on the encryption parameters and the encryption parameters so as to obtain ciphertext data corresponding to the target data. By using the scheme, the homomorphic encryption is carried out on the target data, and the encryption performance of the homomorphic encryption of the data can be well improved.
Further, for the ciphertext data corresponding to the obtained target data, the embodiment further provides a scheme of decrypting the ciphertext data by using a private key included in the homomorphic key to recover the corresponding target data from the ciphertext data. As can be seen from the above description related to step 101, the homomorphic private key includes two private keys, i.e., a first private key and a second private key. The decryption scheme provided in this embodiment may specifically include the following steps:
104. when the ciphertext data is obtained by homomorphically encrypting the target data based on the generator and the homomorphic public key, decrypting the ciphertext data by using the first private key or the second private key;
105. and when the ciphertext data is obtained by homomorphically encrypting the target data based on the plurality of elements, decrypting the ciphertext data by using the first private key and the second private key.
In the above step 104, as can be seen from the above description related to the above step 1031, the ciphertext data is obtained by homomorphically encrypting the target data based on the producer and the homomorphic public key, that is, the encryption hierarchy corresponding to the target data corresponding to the ciphertext data is the first encryption hierarchy (i.e., N = 1). Under the condition that the encryption hierarchy corresponding to the target data is the first encryption hierarchy, homomorphic encryption is carried out on the target data based on the generator and the homomorphic public key, and the obtained ciphertext data corresponding to the target data is ciphertext data C N=1 And ciphertext data C N=1 The expression format of (a) is as follows:
C N=1 =(c 1 ,c 2 ,c 3 ,c 4 )=([m]P 1 +[r 1 ]Q 1 ,[r 1 ]P 1 ,[m]P 2 +[r 2 ]Q 2 ,[r 2 ]P 2
wherein, c 1 、c 2 、c 3 、c 4 Respectively representing the first ciphertext, the second ciphertext, the third ciphertext, and the fourth ciphertext described above, m representing the target data, P 1 Denotes a first generator, Q 1 Denotes a first public key, r 1 And r 2 Respectively representing a first random number and a second random number.
From the above-shown ciphertext data C N=1 As can be seen, ciphertext data C N=1 Containing the first ciphertext c 1 And a second ciphertext c 2 And a third ciphertext c 3 And a fourth ciphertext c 4 Of the four ciphertexts, only the first cipher text c 1 And a third ciphertext c 3 Is carrying the target data m, and a second ciphertext c 2 And a fourth ciphertext c 4 Then the target data m, here the second ciphertext c, is not carried 2 And a fourth ciphertext c 4 It plays a role of confusion. Therefore, it is right to the ciphertext data C N=1 When decrypting to recover the corresponding target data, the first ciphertext c may be decrypted by using the corresponding private key 1 Or a third ciphertext c 3 And (6) decrypting.
For example, to the first ciphertext c 1 Decrypting to recover the target datam is an example, since c 1 =[m]P 1 +[r 1 ]Q 1 Wherein Q is 1 =[s 1 ]P 1 ,s 1 Represents the first private key, thereby c 1 =[m]P 1 +[r 1 ][s 1 ]P 1 (ii) a And due to c 2 =[r 1 ]P 1 Therefore, the method can be simplified as follows: [ m ] of]P 1 =c 1 -[s 1 ]c 2 And then the target data m is: m = log p1 (c 1 -[s 1 ]c 2 ) Based on this equation, the first private key s can be utilized 1 Obtaining target data m = log by solving an Elliptic Curve Discrete Logarithm Problem (ECDLP) problem p1 (c 1 -[s 1 ]c 2 ). Specifically, when the ECDLP problem is solved, the algorithm Pollard rho can be used, but is not limited to, and in the solving process, discrete logarithms can be solved by means of a table look-up method to recover the target data m.
For another example, to the third ciphertext c 3 Decryption is performed to recover the target data m, since c 3 = [m]P 2 +[r 2 ]Q 2 Wherein Q is 2 =[s 2 ]P 2 ,s 2 Represents a second private key, thereby 3 =[m]P 2 +[r 2 ][s 2 ]P 2 (ii) a And due to c 4 =[r 2 ]P 2 Therefore, the method can be simplified as follows: [ m ] of]P 2 =c 3 -[s 2 ]c 4 And the target data m is: m = log p2 (c 3 -[s 2 ]c 4 ) Based on this equation, a second private key s can be utilized 2 The target data m is obtained by solving the ECDLP problem. For the solution of the ECDLP problem, see above for a related matter.
In the above 105, according to the above description related to the above step 1032, the ciphertext data is obtained by homomorphically encrypting the target data based on multiple elements, that is, the encryption level corresponding to the target data corresponding to the ciphertext data is the second encryption level (i.e., N = 2). Under the condition that the encryption level corresponding to the target data is the second encryption level, homomorphic encryption is carried out on the target data based on a plurality of elements, and the obtained result isThe ciphertext data corresponding to the target data is ciphertext data C N=2 And ciphertext data C N=2 The expression format of (a) is as follows:
C N=2 =(c 5 ,c 6 ,c 7 ,c 8 )=(
Figure 944437DEST_PATH_IMAGE001
Figure 562500DEST_PATH_IMAGE006
Figure 973889DEST_PATH_IMAGE003
Figure 615086DEST_PATH_IMAGE007
wherein, c 1 、c 2 、c 3 、c 4 Respectively represent the fifth ciphertext, the sixth ciphertext, the seventh ciphertext, and the eighth ciphertext described above; g is a radical of formula 1 、g 2 、g 3 、g 4 Respectively representing the first element, the second element, the third element and the fourth element included in the multiplication loop group described above; m is the target data, r 3 、r 4 And r 5 Respectively represent the third random number, the fourth random number, and the fifth random number described above.
From the above-shown ciphertext data C N=2 As can be seen, ciphertext data C N=2 Containing the fifth ciphertext c 5 And a sixth ciphertext c 6 And a seventh ciphertext c 7 And an eighth ciphertext c 8 Of the four ciphertexts, only the fifth cipher text c 5 Is carrying the target data m, and a sixth ciphertext c 6 The seventh ciphertext c 7 And an eighth ciphertext c 8 Then the target data m, here the sixth ciphertext c, is not carried 6 The seventh ciphertext c 7 And an eighth ciphertext c 8 It plays a role of confusion. Therefore, it is right to the ciphertext data C N=2 When decrypting to recover the corresponding target data m, the corresponding private key may be utilized for the fifth ciphertext c 5 And performing decryption. Specifically, from c 5 =
Figure 504545DEST_PATH_IMAGE001
Obtaining g 1 m =c 5 /
Figure 242694DEST_PATH_IMAGE008
In combination with the above c 6 =
Figure 811603DEST_PATH_IMAGE002
,c 7 =
Figure 940096DEST_PATH_IMAGE003
,c 8 =
Figure 429983DEST_PATH_IMAGE004
And specific expressions corresponding to g 1-g 4 (see the corresponding contents above), can simplify g 1 m =c 5 /
Figure 225901DEST_PATH_IMAGE009
Obtaining:
Figure 713514DEST_PATH_IMAGE010
wherein s is 1 、s 2 Respectively representing a first private key s and a second private key, based on the reduced expression 1 And a first private key s 2 Obtaining target data m = log by solving the ECDLP problem g1 (g 1 m ). For the solution of the ECDLP problem, see the corresponding above.
With the data processing scheme provided in fig. 2 described above, the ciphertext data obtained by homomorphically encrypting the target data supports computation, such as multiplication, addition, and the like, on the ciphertext data. In addition, when the target data corresponds to different encryption levels, the ciphertext data obtained by homomorphically encrypting the target data will also have different specific calculation methods when participating in calculations in the form of addition, multiplication, and the like. The application also provides a data processing method aiming at the calculation of the ciphertext data. Specifically, fig. 3 shows a flow chart of a number processing method provided by the present application for calculation of ciphertext data, and as shown in fig. 3, the data processing method includes the following steps:
201. acquiring first ciphertext data and second ciphertext data; the first ciphertext data is obtained by performing homomorphic encryption on the first target data by using the data processing method embodiment provided by the present application and shown in fig. 2, and the second ciphertext data is obtained by performing homomorphic encryption on the second target data by using the data processing method embodiment provided by the present application and shown in fig. 2;
202. determining an encryption level corresponding to first target data corresponding to the first ciphertext data and an encryption level corresponding to second target data corresponding to the second ciphertext data;
203. and homomorphic operation is carried out on the first ciphertext data and the second ciphertext data according to the encryption level corresponding to the first target data and the encryption level corresponding to the second target data.
In the above 201, the target data (such as the first target data and the second target data) may be audio/video data, text data, picture data, and the like, and is not limited herein. The specific type of the target data may be determined according to an application scenario of data encryption. How to perform homomorphic encryption on the first target data and the second target data respectively through the data processing method provided in the embodiment of the present application shown in fig. 2 above to obtain corresponding first ciphertext data and second ciphertext data may refer to corresponding contents provided in the embodiments above, which is not described in detail here.
In the above 202, considering that when ciphertext data obtained by homomorphically encrypting target data is subjected to different encryption hierarchies corresponding to the target data, and when the ciphertext data participates in calculations such as addition and multiplication, the calculation methods adopted correspondingly will be different, here, an encryption hierarchy corresponding to first target data corresponding to first ciphertext data and an encryption hierarchy corresponding to second target data corresponding to second ciphertext data are determined, and the purpose is to: in order to select the adaptive calculation mode subsequently, homomorphic operation, such as homomorphic addition operation, is performed on the first ciphertext data and the second ciphertext data. It should be added that, in the embodiment, only when the encryption hierarchy corresponding to the first target data is the same as the encryption hierarchy corresponding to the second target data, the homomorphic operation can be subsequently performed on the first ciphertext data and the second ciphertext data.
In 203, the homomorphic operation performed on the first ciphertext data and the second ciphertext data includes at least one of: homomorphic addition operation and homomorphic multiplication operation; in addition, the number of ciphertexts included in the first cipher text data is the same as the data amount of the ciphertexts included in the second cipher text data, and specifically, as can be seen from the contents described above in connection with the data processing method provided in fig. 2, the number of the ciphertexts included in the first cipher text data and the number of the ciphertexts included in the second cipher text data are both 4 ciphertexts. And when homomorphic operation is performed on the first ciphertext data and the second ciphertext data, corresponding homomorphic operation is performed on the ciphertext in the first ciphertext data and the ciphertext in the second ciphertext data in the corresponding relationship according to the corresponding relationship between the ciphertext in the first ciphertext data and the ciphertext in the second ciphertext data, so that a homomorphic operation result of the first ciphertext data and the second ciphertext data is obtained. On the basis of this, the method is suitable for the production,
in a specific implementation technical solution, the "performing homomorphic addition operation on the first ciphertext data and the second ciphertext data according to the encryption hierarchy corresponding to the first target data and the encryption hierarchy corresponding to the second target data" in 203 may specifically include:
2031. when the encryption hierarchy corresponding to the first target data and the encryption hierarchy corresponding to the second target data are both the first encryption hierarchy, according to the corresponding relation between the ciphertext in the first ciphertext data and the ciphertext in the second ciphertext data, adding the ciphertext in the first ciphertext data and the ciphertext in the second ciphertext data which have the corresponding relation;
2032. and when the encryption hierarchy corresponding to the first target data and the encryption hierarchy corresponding to the second target data are both the second encryption hierarchy, performing dot product operation on the ciphertext in the first ciphertext data and the ciphertext in the second ciphertext data which have a corresponding relationship according to the corresponding relationship between the ciphertext in the first ciphertext data and the ciphertext in the second ciphertext data.
To facilitate understanding of the above steps 2031 to 2032, an example will be given. Assuming that the first target data m is m, the first ciphertext data corresponding to the first target data m obtained by homomorphically encrypting the first target data m is X, and X = Enc (N, m) = (X) 1 ,x 2 ,x 3 ,x 4 ) Where N denotes an encryption hierarchy corresponding to the first target data, x 1 、x 2 、x 3 And x 4 Is four ciphertexts included in the first cipher text data X; and the second target data is m ', and the second ciphertext data corresponding to the second target data m ' obtained by homomorphically encrypting the second target data m ' is Y, and Y = Enc (N ', m ') = (Y) 1 ,y 2 ,y 3 ,y 4 ) Where N' represents the encryption hierarchy corresponding to the second target data, y 1 、y 2 、y 3 And y 4 Is the four ciphertexts included in the second cipher text data Y. In addition, there is a corresponding relationship between the ciphertext in the first ciphertext data X and the two ciphertexts with the same ciphertext sorting position in the second ciphertext data Y, for example, the ciphertext X in the first ciphertext data 1 And ciphertext y in the second ciphertext data 1 There is a correspondence relationship, ciphertext x in the first ciphertext data 2 And ciphertext y in the second ciphertext data 2 There is a correspondence, and so on. In specific implementation, the homomorphic addition operation process of the first ciphertext data X and the second ciphertext data Y is as follows:
when the encryption hierarchy N corresponding to the first target data m and the encryption hierarchy N ' corresponding to the second target data m ' are both the first encryption hierarchy (i.e., N = N ' = 1), according to the correspondence between the ciphertext in the first ciphertext data X and the ciphertext in the second ciphertext data Y, the ciphertexts X in the first ciphertext data X having a correspondence are each set 1 And ciphertext Y of second ciphertext data Y 1 Performing addition operation to obtain the first secret with corresponding relationshipCiphertext X in text data X 2 And ciphertext Y in the second ciphertext data Y 2 Performing addition operation to obtain ciphertext X in the first ciphertext data X with corresponding relation 3 And ciphertext Y of second ciphertext data Y 3 Adding the first ciphertext data X and corresponding to the first ciphertext data X 4 And ciphertext Y in the second ciphertext data Y 4 And performing addition operation to obtain a homomorphic addition operation result of homomorphic addition operation on the first ciphertext data X and the second ciphertext data Y. That is, the representation form of the homomorphic addition result of the first ciphertext data X and the second ciphertext data Y may be as follows:
X+Y =( x 1 ,x 2 ,x 3 ,x 4 )+( y 1 ,y 2 ,y 3 ,y 4 )
=( x 1 +y 1 ,x 2 +y 2 ,x 3 +y 3 ,x 4 +y 4 ) Wherein N = N' =1
When the encryption hierarchy N corresponding to the first target data m and the encryption hierarchy N ' corresponding to the second target data m ' are both the second encryption hierarchy (i.e., N = N ' = 2), the ciphertext X in the first ciphertext data X having a correspondence relationship is respectively encrypted according to the correspondence relationship between the ciphertext in the first ciphertext data X and the ciphertext in the second ciphertext data Y 1 And ciphertext Y in the second ciphertext data Y 1 Performing dot product operation to obtain ciphertext X in the first ciphertext data X with corresponding relation 2 And ciphertext Y in the second ciphertext data Y 2 Performing dot product operation to obtain ciphertext X in the first ciphertext data X with corresponding relation 3 And ciphertext Y of second ciphertext data Y 3 Performing dot product operation and corresponding ciphertext X in first ciphertext data X 4 And ciphertext Y in the second ciphertext data Y 4 And performing dot product operation to obtain a homomorphic addition operation result of homomorphic addition operation on the first ciphertext data X and the second ciphertext data Y. That is, the representation form of the homomorphic addition result of the first ciphertext data X and the second ciphertext data Y may be as follows:
X+Y =( x 1 ,x 2 ,x 3 ,x 4 )+( y 1 ,y 2 ,y 3 ,y 4 )
=( x 1 ∙y 1 ,x 2 ∙y 2 ,x 3 ∙y 3 ,x 4 ∙y 4 ) Wherein N = N' =2
In another specific implementation technical solution, the "performing homomorphic multiplication operation on the first ciphertext data and the second ciphertext data according to the encryption hierarchy corresponding to the first target data and the encryption hierarchy corresponding to the second target data" in 203 may specifically include:
2031' determining whether the encryption level corresponding to the first target data and the encryption level corresponding to the second target data are both the first encryption level;
2032' and when it is determined that both the first and second cryptographs are the first encryption hierarchy, homomorphic multiplication is performed on the first cryptograph data and the second cryptograph data by using the first two cryptographs positioned at the front in the first cryptograph data and the second two cryptographs positioned at the back in the second cryptograph data.
In specific implementation, in this embodiment, only when it is determined that the encryption hierarchy corresponding to the first target data and the encryption hierarchy corresponding to the second target data are both the first encryption hierarchy, homomorphic multiplication can be performed on the first ciphertext data and the second ciphertext data; on the contrary, if it is determined that the encryption hierarchy corresponding to at least any one of the encryption hierarchy corresponding to the first target data and the encryption hierarchy corresponding to the second target data is not the first encryption hierarchy, homomorphic multiplication processing cannot be performed on the first ciphertext data and the second ciphertext data. That is, the step 203 may further include:
2033' if it is determined that both of the first and second ciphertext levels are not the first encryption level, performing no homomorphic multiplication on the first ciphertext data and the second ciphertext data.
In 2032', when it is determined that the encryption hierarchy corresponding to the first target data and the encryption hierarchy corresponding to the second target data are both the first encryption hierarchy, a bilinear mapping calculation method may be used to perform homomorphic multiplication on the first ciphertext data and the second ciphertext data by using the first ciphertext located in the first ciphertext data and the second ciphertext located in the second ciphertext data to obtain a homomorphic multiplication result. Specifically, in an implementable technical solution, in the 2032', the homomorphic multiplication operation is performed on the first ciphertext data and the second ciphertext data by using the first two ciphertexts with the front positions in the first ciphertext data and the second two ciphertexts with the rear positions in the second ciphertext data, which may be implemented by specifically adopting the following steps:
20321. performing bilinear mapping calculation on one ciphertext in the first ciphertext data with the first ciphertext data at the front position and the second ciphertext data at the rear position in the second ciphertext data;
20322. performing bilinear mapping calculation on the other ciphertext in the first ciphertext data with the last ciphertext in the second ciphertext data;
to facilitate understanding of the above steps 20321-20322, an example is given below. The first ciphertext data X and the second ciphertext data Y assumed when the examples listed above for steps 2031-2032 are accepted, wherein X = (X =) 1 ,x 2 ,x 3 ,x 4 ),Y=( y 1 ,y 2 ,y 3 ,y 4 ). The first two ciphertexts with the front positions in the first cipher text data X are cipher texts X 1 And ciphertext x 2 And the last two ciphertexts positioned in the second ciphertext data Y are the ciphertexts Y 3 And ciphertext y 4 Specifically, when the homomorphic multiplication operation is performed on the first ciphertext data X and the second ciphertext data Y, the ciphertext X is obtained 1 Respectively with ciphertext y 3 And ciphertext y 4 Performing bilinear mapping calculation, and further, converting the ciphertext x 2 Respectively with ciphertext y 3 And ciphertext y 4 And carrying out bilinear mapping calculation. Remembering ciphertext x 1 Respectively with ciphertext y 3 And ciphertext y 4 The calculation result obtained by bilinear mapping calculation is the first calculation result, and the ciphertext x is processed 2 Respectively with ciphertext y 3 And ciphertext y 4 If the calculation result obtained by performing bilinear mapping calculation is the second calculation result, the homomorphic multiplication result of the first ciphertext data X and the second ciphertext data Y is determined by the first calculation result and the second calculation result. Specifically, the representation form of the homomorphic multiplication result of the first ciphertext data X and the second ciphertext data Y may be as follows:
X*Y =( x 1 ,x 2 ,x 3 ,x 4 )*( y 1 ,y 2 ,y 3 ,y 4 )
=( e(x 1 ,y 3 ),e(x 1 ,y 4 ),e(x 2 ,y 3 ),e(x 2 ,y 4 ) ) ,N=N'=1
wherein, e (x) 1 ,y 3 ) And e (x) 1 ,y 4 ) To be ciphertext x 1 Respectively with ciphertext y 3 And ciphertext y 4 A first calculation result, e (x), obtained by performing a bilinear mapping calculation 2 ,y 3 ) And e (x) 2 ,y 4 ) To encrypt the ciphertext x 2 Respectively with ciphertext y 3 And ciphertext y 4 And carrying out bilinear mapping calculation to obtain a second calculation result.
In the technical scheme provided by this embodiment, first ciphertext data and second ciphertext data are obtained, where the first ciphertext data and the second ciphertext data are obtained by performing homomorphic encryption on first target data and second target data respectively according to a data processing method provided by an embodiment of the present application and shown in fig. 2 above; then, further determining an encryption level corresponding to first target data corresponding to the first ciphertext data and an encryption level corresponding to second target data corresponding to the second ciphertext data; and performing homomorphic operation on the first ciphertext data and the second ciphertext data according to the encryption hierarchy corresponding to the first target data and the encryption hierarchy corresponding to the second target data. By the aid of the scheme, ciphertext data (namely the first ciphertext data and the second ciphertext data) with good encryption performance can be obtained, and calculation efficiency among the ciphertext data can be effectively improved.
In order to ensure the correctness of the homomorphic operation result obtained by homomorphic operation on the first ciphertext data and the second ciphertext data, the correctness of the homomorphic operation result can be verified. In the verification process, the homomorphic operation result can be decrypted to obtain a decryption result; then, directly performing calculation processing corresponding to homomorphic operation on the first target data and the second target data to obtain corresponding calculation results, for example, if the homomorphic operation is homomorphic addition operation, directly performing addition operation on the first target data and the second target data; and finally, comparing the decryption result with the calculation result, if the decryption result is consistent (namely same) with the calculation result, judging that the homomorphic operation result is correct, otherwise, if the decryption result is inconsistent with the calculation result, judging that the homomorphic operation result is incorrect. Based on this, the method provided by this embodiment may further include the following steps:
204. performing calculation processing corresponding to the homomorphic operation on the first target data and the second target data to obtain a calculation result;
205. decrypting the obtained homomorphic operation result to obtain a decryption result; the homomorphic operation result is obtained by homomorphic operation on the first ciphertext data and the second ciphertext data;
206. comparing the decryption result with the calculation result;
207. judging that the homomorphic operation result is correct under the condition that the decryption result is consistent with the calculation result; and under the condition that the decryption result is inconsistent with the calculation result, judging that the homomorphic operation result is incorrect.
In order to facilitate understanding of the homomorphic operation result verification process described in the foregoing 204 to 205, the following describes an example of a process of performing homomorphic operation on the first ciphertext data and the second ciphertext data and verifying the obtained homomorphic operation result, which are described above in relation to step 203. In particular, the amount of the solvent to be used,
while still accepting the example recited above with respect to steps 2031-2032, it is assumed that the first target data m, the second target data m', and the first ciphertext data X, the second ciphertext data Y,wherein, X = (X) 1 ,x 2 ,x 3 ,x 4 ),Y=( y 1 ,y 2 ,y 3 ,y 4 ). For convenience of description, it is assumed herein that the same random numbers are used when homomorphic encryption is performed on the first target data m and the second target data m' to obtain the corresponding first ciphertext data X and second ciphertext data Y, respectively. Based on this, in combination with the above-described homomorphic encryption of the target data to obtain the corresponding content of the ciphertext data (i.e., the content related to fig. 2), when the encryption hierarchy corresponding to each of the first target data m and the second target data m 'is the first encryption hierarchy, the specific expression form of the first ciphertext data X and the second ciphertext data Y obtained by homomorphic encryption of the first target data m and the second target data m' is as follows:
X=( x 1 ,x 2 ,x 3 ,x 4 )=([m]P 1 +[r 1 ]Q 1 ,[r 1 ]P 1 ,[m]P 2 +[r 2 ]Q 2 ,[r 2 ]P 2
Y=( y 1 ,y 2 ,y 3 ,y 4 )=([m']P 1 +[r 1 ]Q 1 ,[r 1 ]P 1 ,[m']P 2 +[r 2 ]Q 2 ,[r 2 ]P 2
further, in this case, based on the content described above in relation to step 2031, the homomorphic addition result obtained by homomorphic adding the first ciphertext data X and the second ciphertext data Y is as follows:
X+Y=( x 1 +y 1 ,x 2 +y 2 ,x 3 +y 3 ,x 4 +y 4 )
here, let us note x 1 +y 1 = h 11 ,x 2 +y 2 = h 12 ,x 3 +y 3 = h 13 ,x 4 +y 4 = h 14 And then:
X+Y=( h 11 ,h 12 ,h 13 ,h 14 )
={ ([m]+[m'] )P 1 +2[r 1 ]Q 1 ,2[r 1 ]P 1 ,( [m]+[m'] )P 2 +2[r 2 ]Q 2 ,2[r 2 ]P 2 }
as can be seen from the homomorphic addition result shown above, only h contained in the homomorphic addition result 11 And h 13 The first target data m and the second target data m' are carried, so that when the homomorphic addition operation result is decrypted, the corresponding private key can be used for h 11 Or h 13 And performing decryption. Here to address h 11 Perform decryption as an example, from h 11 =([m]+[m'])P 1 +2[r 1 ]Q 1 ,Q 1 =[s 1 ]P 1 ,s 1 Is a first private key, thus h 11 =( [m]+[m'] )P 1 +2[r 1 ][s 1 ]P 1 (ii) a And due to h 12 =2[r 1 ]P 1 To this end h can be simplified 11 Obtaining: ([ m)]+[m'] )P 1 =h 11 -[s 1 ]h 12 Based on this equation, the first private key s can be utilized 1 The corresponding decryption result (i.e., m + m') is obtained by solving the ECDLP problem. If the decryption result is the same as the calculation result obtained by directly adding the first target data m and the second target data m', the homomorphic addition result obtained by homomorphic adding the first ciphertext data X and the second ciphertext data Y is correct; on the contrary, if the decryption result is not consistent with the calculation result obtained by directly adding the first target data m and the second target data m', it indicates that the homomorphic addition result obtained by homomorphic adding the first ciphertext data X and the second ciphertext data Y is wrong.
Still further, in this case, based on the content described above in relation to step 2032', the homomorphic multiplication result obtained by homomorphic multiplication of the first ciphertext data X and the second ciphertext data Y is as follows:
X*Y =( x 1 ,x 2 ,x 3 ,x 4 )*( y 1 ,y 2 ,y 3 ,y 4 )
=( e(x 1 ,y 3 ),e(x 1 ,y 4 ),e(x 2 ,y 3 ),e(x 2 ,y 4 ) )
recording: e (x) 1 ,y 3 )= h 213 ,e(x 1 ,y 4 )= h 214 ,e(x 2 ,y 3 )= h 223 ,e(x 2 ,y 4 )= h 224 Then:
Figure 391620DEST_PATH_IMAGE011
synthesis of the above h 213 、h 214 、h 223 And h 224 Can be simplified by the expression of 213 Obtaining:
Figure 872149DEST_PATH_IMAGE012
namely:
Figure 522573DEST_PATH_IMAGE013
based on g obtained above mm' Can utilize the first private key s 1 And a second private key, which obtains a corresponding decryption result (i.e., mm') by solving the ECDLP problem. If the decryption result is consistent with the calculation result obtained by directly performing the multiplication operation on the first target data m and the second target data m', the homomorphic multiplication result obtained by performing the homomorphic multiplication operation on the first ciphertext data X and the second ciphertext data Y is correct; on the contrary, if the decryption result is not consistent with the calculation result obtained by directly multiplying the first target data m and the second target data m', it indicates that the homomorphic multiplication result obtained by homomorphic multiplying the first ciphertext data X and the second ciphertext data Y is wrong.
Under the condition that the encryption levels corresponding to the first target data m and the second target data m 'are both the second encryption levels, in this case, the first ciphertext data X and the second ciphertext data Y obtained by homomorphic encrypting the first target data m and the second target data m' respectively have the following specific expression forms:
Figure 181087DEST_PATH_IMAGE014
based on the above-mentioned content related to step 2032, in this case, only the homomorphic addition operation can be performed on the first ciphertext data X and the second ciphertext data Y, and specifically, the homomorphic multiplication result obtained by performing the homomorphic addition operation on the first ciphertext data X and the second ciphertext data Y is as follows:
X+Y =( x 5 ,x 6 ,x 7 ,x 8 )+( y 5 ,y 6 ,y 7 ,y 8 )
=( x 5 ∙y 5 ,x 6 ∙y 6 ,x 7 ∙y 7 ,x 8 ∙y 8 )
recording: x is the number of 5 ∙y 5 =h 5 ,x 6 ∙y 6 =h 6 ,x 7 ∙y 7 =h 7 ,x 8 ∙y 8 =h 8
Combining the specific representation forms of the first ciphertext data X and the second ciphertext data Y, it is easy to see that only X in the homomorphic multiplication result is included in the homomorphic multiplication result 5 ∙y 5 Carries the first target data m and the second target data m', so that when the homomorphic multiplication result is decrypted, the corresponding private key can be used for x 5 ∙y 5 Decryption is performed. Specifically, from
Figure 815331DEST_PATH_IMAGE015
Based on this formula, in combination with h 6 、h 7 And h 8 Can be simplified by the specific expression form of (not specifically shown in the embodiment) 5 Obtaining:
Figure 99551DEST_PATH_IMAGE016
wherein s is 1 、s 2 Respectively representing a first private key s and a second private key, based on the reduced expression 1 And a first private key s 2 The corresponding decryption result (i.e., m + m') is obtained by solving the ECDLP problem. If the decryption result is consistent with the calculation result obtained by directly adding the first target data m and the second target data m', the homomorphic addition result obtained by homomorphic adding the first ciphertext data X and the second ciphertext data Y is correct; on the contrary, if the decryption result is not consistent with the calculation result obtained by directly adding the first target data m and the second target data m', it indicates that the homomorphic addition result obtained by homomorphic adding the first ciphertext data X and the second ciphertext data Y is wrong.
Based on the related content of homomorphic operation on ciphertext data (that is, the related content to fig. 3) described above, an embodiment of the present application further provides a polynomial calculation method, which is provided to implement the privacy calculation of a polynomial. Specifically, fig. 4 shows a schematic flowchart of a polynomial computing method provided in an embodiment of the present application, and as shown in fig. 4, the polynomial computing method includes the following steps:
301. acquiring a target polynomial; wherein the target polynomial is a finite quadratic polynomial;
302. determining a plurality of terms contained in the target polynomial and operational relations among the plurality of terms;
303. according to the data processing method provided by the embodiment of the present application shown in fig. 2, each item in the plurality of items is encrypted at a first level to obtain ciphertext data corresponding to each item;
304. based on the operation relationship among the multiple items and the data processing method provided by the embodiment of the present application shown in fig. 3 above, homomorphic operation is performed on ciphertext data corresponding to each item to obtain a homomorphic operation result;
305. and determining the calculation result of the target polynomial according to the homomorphic operation result.
In 301 to 302, the target polynomial is a finite quadratic polynomial; the second-order polynomial is a polynomial in which the number of terms of the polynomial exceeds 1 and the highest power is 2. Specifically, the target multiple items aref (z, w), the expression form of the target polynomial can be as follows:
Figure 338902DEST_PATH_IMAGE017
wherein, the first and the second end of the pipe are connected with each other,z i w i is a target polynomialf (z, w) contain terms, and the operational relationship between different terms includes addition operation and multiplication operation.
For a specific implementation of the aforementioned 303, performing the first-level encryption on each item in the multiple items included in the target polynomial, reference may be made to corresponding contents in the foregoing embodiments, and details are not described here again. It can be known by combining the corresponding contents of the above embodiments that, here, each item in the plurality of items is encrypted at the first level, that is, the encryption level corresponding to each item in the plurality of items is the first encryption level, in this case, each item is encrypted homomorphically according to the content related to step 1031 described above, so as to obtain ciphertext data corresponding to each item.
In 304, the plurality of items may be grouped based on the operation relationship among the plurality of items to obtain at least one group item; then, according to the data processing method provided in the embodiment of the present application and shown in fig. 3, homomorphic operation is performed on the ciphertext data corresponding to the items included in each group of items, so as to obtain homomorphic operation results corresponding to each group of items, and then the calculation result of the target polynomial is determined according to the homomorphic operation results corresponding to each group of items. Based on this, in an embodiment, the aforementioned 304 "performing homomorphic operation on ciphertext data corresponding to each item to obtain a homomorphic operation result based on the operation relationship among the plurality of items and the data processing method provided in the embodiment of the present application shown in fig. 3 above" may specifically include:
3041. grouping the items based on the operational relationship among the items to obtain at least one group item; wherein the at least one group item comprises one or more group items of: the number of terms is not less than two, the operational relationship among the terms is a first group of terms of addition operation, the number of terms is equal to two, the operational relationship among the terms is a second group of terms of multiplication operation, and the number of terms is equal to a third group of terms of one;
3042. according to the data processing method provided by the embodiment of the present application and shown in fig. 3 above, homomorphic addition operation is performed on ciphertext data corresponding to multiple items in the first group of items, so as to obtain homomorphic operation results corresponding to the first group of items;
3043. according to the data processing method provided by the embodiment of the present application shown in fig. 3, homomorphic multiplication operation is performed on ciphertext data corresponding to two items in the second group of items, so as to obtain homomorphic operation results corresponding to the second group of items;
3044. taking the ciphertext data corresponding to one item in the third group of items as a homomorphic operation result corresponding to the third group of items;
wherein, the operation relation among the at least one group of terms is addition operation.
For better understanding of the descriptions 3041 to 3044, the following will take over the target polynomials 301 to 302f (z, w) and assuming a polynomial to the targetf (z, w) each of a plurality of items contained (i.e.z i w i ) After the first-level encryption is carried out, the first-level encryption is obtainedz i w i The ciphertext data are Enc (z i )、Enc(w i ) The description is given by way of example.
Example one, based on a target polynomialf The operational relationship between a plurality of terms contained in (z, w) for the target polynomialf (z, w) comprises a plurality of items grouped such that each of the n group items is two items (i.e., each of the n group items is a group of two items)z i w i ) And the operational relationship between the two terms is the set of terms of the multiplication operation, i.e., each of the n set of terms is the second set of terms. Remember n group itemsThe expression form of the ith group item in (c) is-z i , w i N group items are specifically: {z 1 , w 1 }、{ z 2 , w 2 }、.......、{ z i , w i }、.......、{ z n-1 , w n-1 }、{ z n , w n }; wherein, the operation relation among the n group terms is addition operation; as described in the above step 3043, the (i) th group item is mappedz i , w i The ciphertext data corresponding to two items in (i.e., the two items in)z i Item-corresponding ciphertext data Enc (z i ) Andw i item-corresponding ciphertext data Enc (w i ) Carrying out homomorphic multiplication operation to obtain the ith group itemz i ,w i The corresponding homomorphic operation resultsf zwi Is expressed in the form of:f zwi =Enc(z i )*Enc(w i ). About the pair of ciphertext data Enc (z i ) And ciphertext data Enc (w i ) For a specific operation procedure for performing homomorphic multiplication, see the description above in connection with step 2032'.
Example two, assume a target polynomialf The specific expression form of (z, w) is as follows:f (z, w) =1+2+3 × 5. Based on the target polynomialf The operational relationship between the plurality of terms (i.e. 1,2, 3, 5) included in (z, w) is applied to the objective polynomialf (z, w) the plurality of items contained in the (z, w) are grouped to obtain two groups of items, namely {1,2} and {3,5}, and the operational relationship between the two groups of items of {1,2} and {3,5} is addition operation; the operation relation between two items 1 and 2 in the {1,2} group item is addition operation, and the operation relation between two items 3 and 5 in the {3,5} group item is multiplication operation. According to the description of the above step 3042, homomorphic addition operation is performed on the ciphertext data corresponding to two items 1 and 2 in {1,2} (i.e., ciphertext data Enc (1) and ciphertext data Enc (2)), so as to obtain homomorphic operation results corresponding to {1,2} group itemsf 12 Is expressed in the form of:f 12 = Enc (1) + Enc (2); and performing homomorphic multiplication operation on the ciphertext data (namely the ciphertext data Enc (3) and the ciphertext data Enc (5)) corresponding to the two items 3 and 5 in the {3,5} group according to the content described in the step 3043 to obtain homomorphic operation results corresponding to the {3,5} group itemf 35 Is expressed in the form of:f 35 = Enc (3) × Enc (5). The specific process related to homomorphic addition operation on the ciphertext data Enc (1 and the ciphertext data Enc (2)) may refer to the content described above in connection with step 2031, and the specific process related to homomorphic multiplication operation on the ciphertext data Enc (3) and the ciphertext data Enc (5) may refer to the content described above in connection with step 2032'.
Example three, assume target polynomialf The specific expression form of (z, w) is as follows:f (z, w) =1+3 × 5+4 × 6, based on the target polynomialf The operational relationship between the plurality of terms (i.e., 1, 3,5, 4, 6) included in (z, w) is applied to the objective polynomialf The operation relationships among the three groups of terms, namely {1}, {3,5} and {4,6}, {1}, {3,5}, and {4,6} are addition operations, and the operation relationships among two terms included in each of the two groups of terms {3,5} and {4,6} are multiplication operations. Wherein, the ciphertext data Enc (1) corresponding to one item (namely 1) in the group of items {1} is the homomorphic operation result corresponding to the group of items {1}f 1 I.e. byf 1 = Enc (1). According to the description of the above step 3043, homomorphic multiplication operation is performed on the ciphertext data corresponding to two items, namely, ciphertext data Enc (3) and ciphertext data Enc (5), of {3,5} and on the ciphertext data corresponding to two items, namely, ciphertext data Enc (4) and ciphertext data Enc (6), of {4,6} to obtain homomorphic operation results corresponding to {3,5} group itemsf 35 Is expressed in the form of:f 35 homomorphic operation result corresponding to group item of = Enc (3) × Enc (5) {4,6}, andf 46 is expressed in the form of:f 46 = Enc (4) × Enc (6). With respect to the respective cryptograph data Enc (3) and Enc (5), homomorphic multiplication is performed toAnd the specific operation process of performing homomorphic multiplication operation on the ciphertext data Enc (4) and the ciphertext data Enc (6), which may be referred to as described above in connection with step 2032'.
In an implementation manner, the determining 305 "the calculation result of the target polynomial according to the homomorphic operation result" may specifically include:
3051. according to the data processing method provided by the embodiment of the present application and shown in fig. 3 above, homomorphic addition operation is performed on homomorphic operation results corresponding to each group item in the at least one group item, so as to obtain a group item addition homomorphic operation result;
3052. according to the data processing method provided by the embodiment of the present application shown in fig. 2, a second-level encryption is performed on the group item addition homomorphic operation result to obtain ciphertext data corresponding to the group item addition homomorphic operation result;
3053. and taking ciphertext data corresponding to the homomorphic operation result of the group item addition as a calculation result of the target polynomial.
In order to better understand the contents described in the above 3051-3053, the following description will be given by taking an example one of the contents listed in the above description for the steps 3041-3044 as an example.
For example, according to the data processing method provided in an embodiment of the present application illustrated in FIG. 3 above, a front pagez 1 , w 1 }、{ z 2 , w 2 }、...、{ z i , w i }、...、{ z n-1 , w n-1 Anz n , w n Homomorphic addition operation is carried out on homomorphic operation results corresponding to each group item in the n group items, and the obtained group item addition homomorphic operation result F zw_1 The expression of (A) is as follows:
F zw_1 =Enc(z 1 )*Enc(w 2 )+Enc(z 2 )*Enc(w 2 )+.......+Enc(z n )*Enc(w n )
=f zw1 +f zw2 +....+f zwn
namely:
Figure 230635DEST_PATH_IMAGE018
related to thef zw1f zw2 、....、f zwn The specific process of performing the homomorphic addition operation may refer to the content related to step 2031 described above, and will not be described in detail here.
Further, in the data processing method provided by an embodiment of the present application as shown in fig. 2 above, the homomorphic operation result F is added to the set of items zw_1 Performing second-level encryption to obtain ciphertext data Enc (F) corresponding to the group of addition homomorphic operation results zw_1 ) Thereafter, the ciphertext data Enc (F) zw_1 ) Is a target polynomialf (z, w) calculation results. Result F of homomorphic operation on addition of pair terms zw_1 The specific implementation process of the second-level encryption may refer to the content related to step 1032 described above, and is not described in detail here.
It should be noted here that: note Enc (F) zw_1 )=F zw_2 Then utilize the corresponding private key pair F zw_2 The decryption result obtained by decryption is compared with the corresponding private key pair F zw_2 The decryption result obtained by decrypting is the same. Namely, the method comprises the following steps:
Dec( F zw_2 )=Dec( F zw_1 ) Where Dec denotes the decryption operator.
In another implementation, the aforementioned 305 "determining the calculation result of the target polynomial according to the homomorphic operation result" may specifically include:
3051', according to the data processing method provided in the embodiment of the present application and shown in fig. 2, performing second-level encryption on homomorphic operation results corresponding to each group item in the at least one group item to obtain ciphertext data corresponding to the homomorphic operation results corresponding to each group item;
3052', according to the data processing method provided in the embodiment of the present application and shown in fig. 3, performing homomorphic addition operation on ciphertext data corresponding to homomorphic operation results corresponding to each group of items to obtain a group item addition homomorphic operation result;
3053' and using the result of the set term addition homomorphic operation as the calculation result of the target polynomial.
In order to better understand the contents described in 3051 '-3053', the following example is given to illustrate the example two listed above with respect to the contents described in steps 3041-3044.
In example two above, the target polynomialf The homomorphic operation result corresponding to the (z, w) =1+2+3 × 5, {1,2} group entry isf 12 And the homomorphic operation result corresponding to the {3,5} group entry isf 35 Wherein, in the process,f 12 =Enc(1)+Enc(2),f 35 = Enc (3) × Enc (5). Referring to fig. 5, in the data processing method according to the embodiment of the present application shown in fig. 2, the homomorphic operation results are respectively processedf 12 Homomorphic operation resultsf 35 After the second layer of encryption is performed, a homomorphic operation result is obtainedf 12 Corresponding ciphertext data Enc (f 12 ) And homomorphic operation resultsf 35 Corresponding ciphertext data Enc (f 35 ). Further, according to the data processing method provided in an embodiment of the present application shown in fig. 3, the ciphertext data Enc (c)f 12 ) And ciphertext data Enc (f 35 ) Performing homomorphic addition operation to obtain homomorphic operation result F (12_35)_2 Is a target polynomialf (z, w) =1+2+3 × 5 calculation result. Wherein, F (12_35)_2 =Enc( f 12 )+Enc( f 35 )。
On the result of homomorphic operationf 12 Homomorphic operation resultf 35 The specific implementation of the second level of encryption may be as described above in connection with step 1032. And about the pair of ciphertext data Enc (f 12 ) And ciphertext data Enc (f 35 ) The specific implementation of performing the homomorphic addition operation may refer to the content described above in connection with step 2032.
According to the technical scheme provided by the embodiment, after the target polynomial which is a limited quadratic polynomial is obtained, a plurality of terms contained in the target polynomial and an operational relationship among the terms are determined; and according to the data processing method provided by the embodiment of the present application shown in fig. 2, each item in the plurality of items is encrypted for the first level, so as to obtain ciphertext data corresponding to each item; further, based on the operation relationship among the plurality of terms and the data processing method provided in the embodiment of the present application as shown in fig. 3, homomorphic operation is performed on the ciphertext data corresponding to each term to obtain a corresponding homomorphic operation result, so as to determine the calculation result of the target polynomial according to the homomorphic operation result. The scheme provided by the embodiment can effectively improve the encryption performance of each item in the quadratic polynomial, and simultaneously realizes the privacy calculation of the quadratic polynomial, and the calculation efficiency is high. In addition, for the quadratic polynomial, homomorphic addition ciphertext data calculation and homomorphic multiplication ciphertext data calculation of any degree can be calculated, in other words, ciphertext data corresponding to a term in the quadratic polynomial can participate in homomorphic addition calculation and homomorphic multiplication calculation of any degree.
Fig. 6 shows a block diagram of a data processing apparatus according to an embodiment of the present application. As shown in fig. 6, the data processing apparatus includes: a determining module 41, an obtaining module 42 and an encrypting module 43; wherein, the first and the second end of the pipe are connected with each other,
a determining module 41, configured to determine an encryption parameter for homomorphic encryption of target data;
an obtaining module 42, configured to obtain an encryption hierarchy corresponding to the target data; the encryption level is an Nth encryption level used for reflecting the Nth encryption of the target data, and N is not more than two;
and an encryption module 43, configured to perform homomorphic encryption on the target data based on the encryption parameter and the encryption hierarchy to obtain ciphertext data corresponding to the target data.
Further, when the determining module 41 is configured to determine an encryption parameter for homomorphic encryption of the target data, it is specifically configured to: acquiring respective generating elements of the two addition cycle groups; determining a homomorphic private key; determining a homomorphic public key based on the generator and the homomorphic private key; determining a plurality of elements contained in a multiplication cycle group by using the homomorphic public key and the generator; wherein the two addition cyclic groups and the multiplication cyclic group satisfy a bilinear mapping.
Further, the encryption module 43, when configured to perform homomorphic encryption on the target data based on the encryption parameter and the encryption hierarchy to obtain ciphertext data corresponding to the target data, is specifically configured to: under the condition that the encryption hierarchy is a first encryption hierarchy, homomorphic encryption is carried out on the target data based on the generator and the homomorphic public key to obtain the ciphertext data; and under the condition that the encryption hierarchy is a second encryption hierarchy, homomorphic encryption is carried out on the target data based on the plurality of elements to obtain the ciphertext data.
Further, the homomorphic public key includes a first public key and a second public key, and the two addition cyclic groups include a first addition cyclic group and a second addition cyclic group; and, the encryption module 43, when configured to perform homomorphic encryption on the target data based on the generator and the homomorphic public key to obtain the ciphertext data, is specifically configured to: generating a first random number and a second random number; encrypting the target data by using the first random number, the first generator of the first addition cycle group and the first public key to obtain a first ciphertext; determining a second ciphertext based on the first random number and the first generator; encrypting the target data by using the second random number, a second generator of the second addition cycle group and the second public key to obtain a third ciphertext; determining a fourth ciphertext based on the second random number and the second generator; and determining the ciphertext data according to the first ciphertext, the second ciphertext, the third ciphertext and the fourth ciphertext.
Further, the plurality of elements include: a first element, a second element, a third element, and a fourth element; accordingly, the encryption module 43, when configured to perform homomorphic encryption on the target data based on the multiple elements to obtain the ciphertext data, is specifically configured to: generating a third random number, a fourth random number and a fifth random number; encrypting the target data by using the first element, the fourth element and the fifth random number to obtain a fifth ciphertext; determining a sixth ciphertext based on the second element and the third random number; determining a seventh ciphertext based on the third element and the fourth random number; determining an eighth ciphertext based on the first element, the third nonce, the fourth nonce, and the fifth nonce; and determining the ciphertext data according to the fifth ciphertext, the sixth ciphertext, the seventh ciphertext and the eighth ciphertext.
Further, the homomorphic private key comprises a first private key and a second private key; and, the data processing apparatus provided by this embodiment further includes: a decryption module, configured to decrypt the ciphertext data using the first private key or the second private key when the ciphertext data is obtained by homomorphically encrypting the target data based on the generator and the homomorphic public key; and when the ciphertext data is obtained by homomorphically encrypting the target data based on the plurality of elements, decrypting the ciphertext data by using the first private key and the second private key.
Here, it should be noted that: the data processing apparatus provided in the foregoing embodiment may implement the technical solution described in the foregoing data processing method embodiment shown in fig. 2, and the specific implementation principle of each module or unit may refer to the corresponding content in the foregoing data processing method embodiment shown in fig. 2, and is not described herein again.
Fig. 7 shows a block diagram of a data processing apparatus according to another embodiment of the present application. As shown in fig. 7, the data processing apparatus includes: an acquisition module 51, a determination module 52 and an operation module 53; wherein, the first and the second end of the pipe are connected with each other,
an obtaining module 51, configured to obtain first ciphertext data and second ciphertext data; the first ciphertext data and the second ciphertext data are obtained by performing homomorphic encryption on first target data and second target data respectively according to the data processing method provided in an embodiment of the present application and shown in fig. 2;
a determining module 52, configured to determine an encryption hierarchy corresponding to first target data corresponding to the first ciphertext data and an encryption hierarchy corresponding to second target data corresponding to the second ciphertext data;
and an operation module 53, configured to perform homomorphic operation on the first ciphertext data and the second ciphertext data according to the encryption hierarchy corresponding to the first target data and the encryption hierarchy corresponding to the second target data.
Further, the homomorphic operation includes at least one of: homomorphic addition operation and homomorphic multiplication operation; the number of ciphertexts contained in the first ciphertext data is the same as that of the ciphertexts contained in the second ciphertext data, and the two ciphertexts with the same ciphertext sequencing position in the first ciphertext data and the second ciphertext data have a corresponding relation; and when the operation module 53 is configured to perform homomorphic addition operation on the first ciphertext data and the second ciphertext data according to the encryption hierarchy corresponding to the first target data and the encryption hierarchy corresponding to the second target data, the operation module is specifically configured to: when the encryption hierarchy corresponding to the first target data and the encryption hierarchy corresponding to the second target data are both the first encryption hierarchy, according to the corresponding relation between the ciphertext in the first ciphertext data and the ciphertext in the second ciphertext data, adding the ciphertext in the first ciphertext data and the ciphertext in the second ciphertext data which have the corresponding relation; and when the encryption hierarchy corresponding to the first target data and the encryption hierarchy corresponding to the second target data are both the second encryption hierarchy, performing dot product operation on the ciphertext in the first ciphertext data and the ciphertext in the second ciphertext data, which have a corresponding relationship, according to the corresponding relationship between the ciphertext in the first ciphertext data and the ciphertext in the second ciphertext data.
Further, the operation module 53 is configured to perform homomorphic multiplication on the first encrypted data and the second encrypted data according to the encryption hierarchy corresponding to the first target data and the encryption hierarchy corresponding to the second target data, and includes: determining whether the encryption layer corresponding to the first target data and the encryption layer corresponding to the second target data are both the first encryption layer; and when the first encryption hierarchy is determined, performing homomorphic multiplication operation on the first ciphertext data and the second ciphertext data by using the first two ciphertexts with the front positions in the first ciphertext data and the second two ciphertexts with the rear positions in the second ciphertext data.
Further, the operation module 53 is specifically configured to, when being configured to perform homomorphic multiplication on the first ciphertext data and the second ciphertext data by using the first two ciphertexts with the front positions in the first ciphertext data and the second two ciphertexts with the rear positions in the second ciphertext data, perform: performing bilinear mapping calculation on one ciphertext in the first ciphertext data with the first ciphertext data at the front position and the second ciphertext data at the rear position in the second ciphertext data; and performing bilinear mapping calculation on the other ciphertext in the first ciphertext data and the last ciphertext in the first ciphertext data.
Further, the operation module 53 is further configured to perform different homomorphic multiplication operations on the first ciphertext data and the second ciphertext data when it is determined that both of the first ciphertext hierarchy and the second ciphertext hierarchy are not the first encryption hierarchy.
Here, it should be noted that: the data processing apparatus provided in the foregoing embodiment may implement the technical solution described in the data processing method embodiment shown in fig. 3, and the specific implementation principle of each module or unit may refer to the corresponding content in the data processing method embodiment shown in fig. 3, and is not described herein again.
Fig. 8 shows a block diagram of a polynomial computing device according to an embodiment of the present application. As shown in fig. 8, the polynomial computing device includes: the device comprises an acquisition module 61, a determination module 62, an encryption module 63 and an operation module 64; wherein the content of the first and second substances,
an obtaining module 61, configured to obtain a target polynomial; wherein the target polynomial is a finite quadratic polynomial;
a determining module 62, configured to determine a plurality of terms included in the target polynomial and an operational relationship among the plurality of terms;
an encryption module 63, configured to perform first-level encryption on each item in the multiple items according to the data processing method provided in an embodiment of the present application shown in fig. 2, to obtain ciphertext data corresponding to each item;
an operation module 64, configured to perform homomorphic operation on ciphertext data corresponding to each item based on the operation relationship among the multiple items and the data processing method provided in another embodiment of the present application shown in fig. 3, so as to obtain a homomorphic operation result;
the determining module 62 is further configured to determine a calculation result of the target polynomial according to the homomorphic operation result.
Further, the operational relationship includes at least one of the following: addition operation and multiplication operation; and the number of the first and second groups,
the operation module 64 is specifically configured to, when configured to perform homomorphic operation on ciphertext data corresponding to each item based on the operation relationship among the plurality of items and the data processing method provided in another embodiment of the present application and shown in fig. 3, to obtain a homomorphic operation result: grouping the items according to the operational relationship among the items to obtain at least one group item; wherein the at least one group item comprises one or more group items of: the number of terms is not less than two, the operational relationship among the terms is a first group of terms of addition operation, the number of terms is equal to two, the operational relationship among the terms is a second group of terms of multiplication operation, and the number of terms is equal to a third group of terms of one; according to the data processing method provided in another embodiment of the present application shown in fig. 3, homomorphic addition operation is performed on ciphertext data corresponding to a plurality of items in the first group of items, so as to obtain homomorphic operation results corresponding to the first group of items; according to the data processing method provided by another embodiment of the present application shown in fig. 3, homomorphic multiplication operation is performed on ciphertext data corresponding to two items in the second group of items, so as to obtain homomorphic operation results corresponding to the second group of items; taking the ciphertext data corresponding to one item in the third group of items as a homomorphic operation result corresponding to the third group of items; wherein, the operation relation among at least one group of terms is addition operation.
Further, the determining module 62, when configured to determine the calculation result of the target polynomial according to the homomorphic operation result, is specifically configured to: according to the data processing method provided by another embodiment of the present application shown in fig. 3, homomorphic addition operation is performed on homomorphic operation results corresponding to each group item in the at least one group item, so as to obtain a group item addition homomorphic operation result; according to the data processing method provided in another embodiment of the present application shown in fig. 2, a second-level encryption is performed on the result of the group item addition homomorphic operation to obtain ciphertext data corresponding to the result of the group item addition homomorphic operation; and taking ciphertext data corresponding to the homomorphic operation result of the group item addition as a calculation result of the target polynomial.
Further, the determining module 62, when configured to determine the calculation result of the target polynomial according to the homomorphic operation result, is specifically configured to: according to the data processing method provided in another embodiment of the present application shown in fig. 2, a second-level encryption is performed on homomorphic operation results corresponding to each group of items in the at least one group of items, so as to obtain ciphertext data corresponding to the homomorphic operation results corresponding to each group of items; according to the data processing method provided in another embodiment of the present application shown in fig. 3, homomorphic addition operation is performed on ciphertext data corresponding to homomorphic operation results corresponding to each group of items, so as to obtain a group item addition homomorphic operation result; and taking the homomorphic operation result of the group term addition as the calculation result of the target polynomial.
Here, it should be noted that: the polynomial computing apparatus provided in the foregoing embodiment may implement the technical solution described in the polynomial computing method embodiment shown in fig. 4, and the specific implementation principle of each module or unit may refer to the corresponding content in the polynomial computing method embodiment shown in fig. 3, which is not described herein again.
Fig. 9 is a schematic structural diagram of an electronic device according to an embodiment of the present application. As shown in fig. 9, the electronic device includes a memory 71 and a processor 72. Wherein the memory 71 is configured to store one or more computer instructions; the processor 72 is coupled to the memory 71, and is used for one or more computer instructions (such as computer instructions implementing data storage logic) to implement the steps in the data processing method or the polynomial calculation method provided in the embodiments of the present application.
The memory 71 may be implemented by any type or combination of volatile or non-volatile memory devices, such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disks.
Further, as shown in fig. 9, the electronic device further includes: communication components 73, a display 74, power components 75, and audio components 76. Only some of the components are schematically shown in fig. 9, and the electronic device is not meant to include only the components shown in fig. 9.
Yet another embodiment of the present application provides a computer program product (not shown in any figure of the drawings). The computer program product comprises computer programs or instructions which, when executed by a processor, cause the processor to carry out the steps in the above-described method embodiments.
Accordingly, the present application further provides a computer-readable storage medium storing a computer program, where the computer program can implement the method steps or functions provided by the foregoing embodiments when executed by a computer.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. With this understanding in mind, the above-described technical solutions may be embodied in the form of a software product, which can be stored in a computer-readable storage medium such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solutions of the present application, and not to limit the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions in the embodiments of the present application.

Claims (16)

1. A data processing method, comprising:
determining an encryption parameter for homomorphic encryption of target data;
acquiring an encryption layer corresponding to the target data; the encryption level is an Nth encryption level used for reflecting the Nth encryption of the target data, and N is not more than two;
and homomorphic encryption is carried out on the target data based on the encryption parameters and the encryption levels to obtain ciphertext data corresponding to the target data.
2. The method of claim 1, wherein determining encryption parameters for homomorphic encryption of target data comprises:
acquiring respective generating elements of the two addition cycle groups;
determining a homomorphic private key;
determining a homomorphic public key based on the generator and the homomorphic private key;
determining a plurality of elements contained in a multiplication cycle group by using the homomorphic public key and the generator; wherein the two addition cycle groups and the multiplication cycle group satisfy a bilinear mapping.
3. The method according to claim 2, wherein homomorphic encrypting the target data based on the encryption parameter and the encryption hierarchy to obtain ciphertext data corresponding to the target data comprises:
under the condition that the encryption hierarchy is a first encryption hierarchy, homomorphic encryption is carried out on the target data based on the generator and the homomorphic public key to obtain the ciphertext data;
and under the condition that the encryption hierarchy is a second encryption hierarchy, homomorphic encryption is carried out on the target data based on the plurality of elements to obtain the ciphertext data.
4. The method of claim 3, wherein the homomorphic public key comprises a first public key and a second public key, and the two addition rounds comprise a first addition round and a second addition round; and
homomorphic encryption is performed on the target data based on the generator and the homomorphic public key to obtain the ciphertext data, and the homomorphic encryption method comprises the following steps:
generating a first random number and a second random number;
encrypting the target data by using the first random number, the first generator of the first addition cycle group and the first public key to obtain a first ciphertext;
determining a second ciphertext based on the first random number and the first generator;
encrypting the target data by using the second random number, the second generator of the second addition cycle group and the second public key to obtain a third ciphertext;
determining a fourth ciphertext based on the second random number and the second generator;
and determining the ciphertext data according to the first ciphertext, the second ciphertext, the third ciphertext and the fourth ciphertext.
5. The method of claim 3, wherein the plurality of elements comprises: a first element, a second element, a third element, and a fourth element; and
performing homomorphic encryption on the target data based on the plurality of elements to obtain the ciphertext data, including:
generating a third random number, a fourth random number and a fifth random number;
encrypting the target data by using the first element, the fourth element and the fifth random number to obtain a fifth ciphertext;
determining a sixth ciphertext based on the second element and the third random number;
determining a seventh ciphertext based on the third element and the fourth random number;
determining an eighth ciphertext based on the first element, the third nonce, the fourth nonce, and the fifth nonce;
and determining the ciphertext data according to the fifth ciphertext, the sixth ciphertext, the seventh ciphertext and the eighth ciphertext.
6. The method of any of claims 3 to 4, wherein the homomorphic private key comprises a first private key and a second private key; and
the method further comprises the following steps:
when the ciphertext data is obtained by homomorphically encrypting the target data based on the generator and the homomorphic public key, decrypting the ciphertext data by using the first private key or the second private key;
and when the ciphertext data is obtained by homomorphically encrypting the target data based on the plurality of elements, decrypting the ciphertext data by using the first private key and the second private key.
7. A data processing method, comprising:
acquiring first ciphertext data and second ciphertext data; the first ciphertext data and the second ciphertext data are obtained by performing homomorphic encryption on first target data and second target data respectively according to the data processing method of any one of claims 1 to 6;
determining an encryption level corresponding to first target data corresponding to the first ciphertext data and an encryption level corresponding to second target data corresponding to the second ciphertext data;
and homomorphic operation is carried out on the first ciphertext data and the second ciphertext data according to the encryption level corresponding to the first target data and the encryption level corresponding to the second target data.
8. The method of claim 7, wherein the homomorphic operation comprises at least one of: homomorphic addition operation and homomorphic multiplication operation; the number of ciphertexts contained in the first ciphertext data is the same as that of the ciphertexts contained in the second ciphertext data, and the two ciphertexts with the same ciphertext sequencing position in the first ciphertext data and the second ciphertext data have a corresponding relation; and the number of the first and second groups,
according to the encryption hierarchy corresponding to the first target data and the encryption hierarchy corresponding to the second target data, homomorphic addition operation is carried out on the first ciphertext data and the second ciphertext data, and the homomorphic addition operation method comprises the following steps:
when the encryption hierarchy corresponding to the first target data and the encryption hierarchy corresponding to the second target data are both the first encryption hierarchy, according to the corresponding relation between the ciphertext in the first ciphertext data and the ciphertext in the second ciphertext data, adding the ciphertext in the first ciphertext data and the ciphertext in the second ciphertext data which have the corresponding relation;
and when the encryption hierarchy corresponding to the first target data and the encryption hierarchy corresponding to the second target data are both the second encryption hierarchy, performing dot product operation on the ciphertext in the first ciphertext data and the ciphertext in the second ciphertext data, which have a corresponding relationship, according to the corresponding relationship between the ciphertext in the first ciphertext data and the ciphertext in the second ciphertext data.
9. The method of claim 8, wherein performing a homomorphic multiplication operation on the first encrypted data and the second encrypted data according to the encryption hierarchy corresponding to the first target data and the encryption hierarchy corresponding to the second target data comprises:
determining whether the encryption layer corresponding to the first target data and the encryption layer corresponding to the second target data are both the first encryption layer;
and when the first encryption level is determined, performing homomorphic multiplication operation on the first ciphertext data and the second ciphertext data by using the first two ciphertexts with the front positions in the first ciphertext data and the second two ciphertexts with the rear positions in the second ciphertext data.
10. The method of claim 9, wherein performing homomorphic multiplication on the first ciphertext data and the second ciphertext data using a first two ciphertexts with a first position in the first ciphertext data and a second two ciphertexts with a second position in the second ciphertext data comprises:
performing bilinear mapping calculation on one ciphertext in the first ciphertext data with the first ciphertext data at the front position and the second ciphertext data at the rear position in the second ciphertext data;
and performing bilinear mapping calculation on the other ciphertext in the first ciphertext data and the last ciphertext in the first ciphertext data.
11. The method of claim 9, further comprising:
and when the situation that the first encryption hierarchy is not the first encryption hierarchy is determined, performing different homomorphic multiplication operation processing on the first ciphertext data and the second ciphertext data.
12. A polynomial computing method comprising:
acquiring a target polynomial; wherein the target polynomial is a finite quadratic polynomial;
determining a plurality of terms contained in the target polynomial and operational relations among the plurality of terms;
the data processing method according to any one of claims 1 to 6, wherein each item in the plurality of items is encrypted for the first level to obtain ciphertext data corresponding to each item;
homomorphic operation is performed on ciphertext data corresponding to each item based on the operation relation among the items and the data processing method according to any one of claims 7 to 11, and homomorphic operation results are obtained;
and determining the calculation result of the target polynomial according to the homomorphic operation result.
13. The method of claim 12, wherein the operational relationship comprises at least one of: addition operation and multiplication operation; and the number of the first and second groups,
based on the operational relationship among the plurality of items and the data processing method according to any one of claims 7 to 11, homomorphic operation is performed on ciphertext data corresponding to each item to obtain a homomorphic operation result, including:
grouping the items according to the operational relationship among the items to obtain at least one group item; wherein the content of the first and second substances,
the at least one group item comprises one or more of the following group items: the number of terms is not less than two, the operational relationship among the terms is a first group of terms of addition operation, the number of terms is equal to two, the operational relationship among the terms is a second group of terms of multiplication operation, and the number of terms is equal to a third group of terms of one;
the data processing method according to any one of claims 7 to 11, performing homomorphic addition operation on ciphertext data corresponding to a plurality of items in the first group of items to obtain homomorphic operation results corresponding to the first group of items;
the data processing method according to any one of claims 7 to 11, performing homomorphic multiplication operation on ciphertext data corresponding to two items in the second group of items to obtain homomorphic operation results corresponding to the second group of items;
taking the ciphertext data corresponding to one item in the third group of items as a homomorphic operation result corresponding to the third group of items;
wherein, the operation relation among the at least one group item is addition operation.
14. The method of claim 13, wherein determining the result of the objective polynomial calculation based on the homomorphic operation result comprises:
the data processing method according to any one of claims 7 to 11, wherein homomorphic addition operation is performed on homomorphic operation results corresponding to each group item in the at least one group item, so as to obtain a group item addition homomorphic operation result;
the data processing method according to any one of claims 1 to 6, wherein a second-level encryption is performed on the group item addition homomorphic operation result to obtain ciphertext data corresponding to the group item addition homomorphic operation result;
and using the ciphertext data corresponding to the homomorphic operation result of the item group addition as the calculation result of the target polynomial.
15. The method of claim 13, wherein determining the result of the target polynomial calculation based on the homomorphic operation result comprises:
the data processing method according to any one of claims 1 to 6, wherein the homomorphic operation results corresponding to each group item in the at least one group item are encrypted at a second level to obtain ciphertext data corresponding to the homomorphic operation results corresponding to each group item;
the data processing method according to any one of claims 7 to 11, wherein homomorphic addition operation is performed on ciphertext data corresponding to homomorphic operation results corresponding to each group of items to obtain a group item addition homomorphic operation result;
and taking the homomorphic operation result of the group term addition as the calculation result of the target polynomial.
16. An electronic device, comprising: a memory and a processor, wherein,
the memory for storing one or more computer programs;
the processor, coupled to the memory, configured to execute the one or more computer programs stored in the memory, so as to implement the steps in the data processing method of any one of the preceding claims 1 to 6, or implement the steps in the data processing method of any one of the preceding claims 7 to 11, or implement the steps in the polynomial computing method of any one of the preceding claims 12 to 15.
CN202211016455.3A 2022-08-24 2022-08-24 Data processing method, polynomial calculation method and electronic equipment Active CN115102688B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211016455.3A CN115102688B (en) 2022-08-24 2022-08-24 Data processing method, polynomial calculation method and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211016455.3A CN115102688B (en) 2022-08-24 2022-08-24 Data processing method, polynomial calculation method and electronic equipment

Publications (2)

Publication Number Publication Date
CN115102688A true CN115102688A (en) 2022-09-23
CN115102688B CN115102688B (en) 2022-11-22

Family

ID=83300774

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211016455.3A Active CN115102688B (en) 2022-08-24 2022-08-24 Data processing method, polynomial calculation method and electronic equipment

Country Status (1)

Country Link
CN (1) CN115102688B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115549891A (en) * 2022-11-24 2022-12-30 北京信安世纪科技股份有限公司 Homomorphic encryption method, homomorphic decryption method, homomorphic calculation method and equipment
CN115664651A (en) * 2022-10-20 2023-01-31 牛津(海南)区块链研究院有限公司 SM 9-based online and offline encryption and decryption method, system, equipment and medium
CN115982747A (en) * 2023-03-20 2023-04-18 建信金融科技有限责任公司 Secure multiparty multiplication method, device, equipment, medium and product thereof

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10075288B1 (en) * 2014-02-28 2018-09-11 The Governing Council Of The University Of Toronto Systems, devices, and processes for homomorphic encryption
CN109643504A (en) * 2016-08-30 2019-04-16 三菱电机株式会社 Encryption system, encryption method and encipheror
CN112822014A (en) * 2021-04-22 2021-05-18 北京信安世纪科技股份有限公司 Data processing method and device, electronic equipment and storage medium
US20210243005A1 (en) * 2018-07-04 2021-08-05 Shenzhen University Fully homomorphic encryption method and device and computer readable storage medium
US20220045851A1 (en) * 2020-08-07 2022-02-10 Bank Of America Corporation System for secure data transmission using fully homomorphic encryption
CN114584278A (en) * 2022-02-14 2022-06-03 北京信安世纪科技股份有限公司 Data homomorphic encryption method and device and data transmission method and device
CN114884645A (en) * 2022-07-11 2022-08-09 华控清交信息科技(北京)有限公司 Privacy calculation method and device and readable storage medium

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10075288B1 (en) * 2014-02-28 2018-09-11 The Governing Council Of The University Of Toronto Systems, devices, and processes for homomorphic encryption
CN109643504A (en) * 2016-08-30 2019-04-16 三菱电机株式会社 Encryption system, encryption method and encipheror
US20210243005A1 (en) * 2018-07-04 2021-08-05 Shenzhen University Fully homomorphic encryption method and device and computer readable storage medium
US20220045851A1 (en) * 2020-08-07 2022-02-10 Bank Of America Corporation System for secure data transmission using fully homomorphic encryption
CN112822014A (en) * 2021-04-22 2021-05-18 北京信安世纪科技股份有限公司 Data processing method and device, electronic equipment and storage medium
CN114584278A (en) * 2022-02-14 2022-06-03 北京信安世纪科技股份有限公司 Data homomorphic encryption method and device and data transmission method and device
CN114884645A (en) * 2022-07-11 2022-08-09 华控清交信息科技(北京)有限公司 Privacy calculation method and device and readable storage medium

Non-Patent Citations (6)

* Cited by examiner, † Cited by third party
Title
CHENGJIN LIU 等: "Efficient and Privacy-Preserving Logistic Regression Scheme based on Leveled Fully Homomorphic Encryption", 《IEEE INFOCOM 2022 - IEEE CONFERENCE ON COMPUTER COMMUNICATIONS WORKSHOPS (INFOCOM WKSHPS)》 *
MIN ZHAO E 等: "Homomorphic Encryption Technology for Cloud Computing", 《8TH INTERNATIONAL CONGRESS OF INFORMATION AND COMMUNICATION TECHNOLOGY, ICICT 2019 HTTPS://DOI.ORG/10.1016/J.PROCS.2019.06.012》 *
ZAINAB HIKMAT MAHMOOD 等: "New Fully Homomorphic Encryption Scheme Based on Multistage Partial Homomorphic Encryption Applied in Cloud Computing", 《2018 1ST ANNUAL INTERNATIONAL CONFERENCE ON INFORMATION AND SCIENCES (AICIS)》 *
李宗育 等: "同态加密技术及其在云计算隐私保护中的应用", 《软件学报(2018年第7期)》 *
熊枫: "SM9私钥分割生成及协同密码计算研究", 《中国优秀硕士学位论文全文数据库 信息科技辑 2021年第08期》 *
秦体红 等: "高性能密码适用性分析", 《信息安全与通信保密(2019年第11期)》 *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115664651A (en) * 2022-10-20 2023-01-31 牛津(海南)区块链研究院有限公司 SM 9-based online and offline encryption and decryption method, system, equipment and medium
CN115664651B (en) * 2022-10-20 2024-03-08 牛津(海南)区块链研究院有限公司 SM 9-based online and offline encryption and decryption method, system, equipment and medium
CN115549891A (en) * 2022-11-24 2022-12-30 北京信安世纪科技股份有限公司 Homomorphic encryption method, homomorphic decryption method, homomorphic calculation method and equipment
CN115549891B (en) * 2022-11-24 2023-03-10 北京信安世纪科技股份有限公司 Homomorphic encryption method, homomorphic decryption method, homomorphic calculation method and equipment
CN115982747A (en) * 2023-03-20 2023-04-18 建信金融科技有限责任公司 Secure multiparty multiplication method, device, equipment, medium and product thereof
CN115982747B (en) * 2023-03-20 2023-07-14 建信金融科技有限责任公司 Secure multiparty multiplication method based on communication between participant and trusted third party

Also Published As

Publication number Publication date
CN115102688B (en) 2022-11-22

Similar Documents

Publication Publication Date Title
Liu et al. An efficient privacy-preserving outsourced calculation toolkit with multiple keys
US11895231B2 (en) Adaptive attack resistant distributed symmetric encryption
Perlner et al. Quantum resistant public key cryptography: a survey
US8429408B2 (en) Masking the output of random number generators in key generation protocols
CN115102688B (en) Data processing method, polynomial calculation method and electronic equipment
JP5190142B2 (en) A new trapdoor one-way function on an elliptic curve and its application to shorter signatures and asymmetric encryption
NZ535698A (en) An cryptosystem involving generating an isogeny that maps points from one elliptic curve onto another elliptic curve and publishing a public key corresponding to the isogeny
JP2002543478A (en) Public key signing method and system
CN115549891B (en) Homomorphic encryption method, homomorphic decryption method, homomorphic calculation method and equipment
US11804960B2 (en) Distributed symmetric encryption
CN108985102A (en) Data integrity verification method, device, system and storage medium
Hodowu et al. An enhancement of data security in cloud computing with an implementation of a two-level cryptographic technique, using AES and ECC algorithm
Huang et al. Block-Level Message-Locked Encryption with Polynomial Commitment for IoT Data.
Heninger RSA, DH, and DSA in the Wild
CN111817853B (en) Signcryption algorithm for post-quantum security
Ugwuoke et al. Secure fixed-point division for homomorphically encrypted operands
EP2395698B1 (en) Implicit certificate generation in the case of weak pseudo-random number generators
CN114362912A (en) Identification password generation method based on distributed key center, electronic device and medium
Parwekar et al. Public auditing: cloud data storage
CN109495478B (en) Block chain-based distributed secure communication method and system
WO2021222272A1 (en) Adaptive attack resistant distributed symmetric encryption
CN115865348B (en) Data encryption method, homomorphic calculation method and equipment
Mohapatra Signcryption schemes with forward secrecy based on elliptic curve cryptography
Bene et al. Public Key Infrastructure in the Post-Quantum Era
Fouotsa et al. InSIDH: a Simplification of SiGamal.

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant