CN115276950B - Processing method and device of private data and computing equipment - Google Patents

Processing method and device of private data and computing equipment Download PDF

Info

Publication number
CN115276950B
CN115276950B CN202210878336.2A CN202210878336A CN115276950B CN 115276950 B CN115276950 B CN 115276950B CN 202210878336 A CN202210878336 A CN 202210878336A CN 115276950 B CN115276950 B CN 115276950B
Authority
CN
China
Prior art keywords
ciphertext
polynomial
coefficient
data
privacy data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210878336.2A
Other languages
Chinese (zh)
Other versions
CN115276950A (en
Inventor
周启贤
罗赛男
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alipay Hangzhou Information Technology Co Ltd
Original Assignee
Alipay Hangzhou Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alipay Hangzhou Information Technology Co Ltd filed Critical Alipay Hangzhou Information Technology Co Ltd
Priority to CN202210878336.2A priority Critical patent/CN115276950B/en
Publication of CN115276950A publication Critical patent/CN115276950A/en
Application granted granted Critical
Publication of CN115276950B publication Critical patent/CN115276950B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/008Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F17/00Digital computing or data processing equipment or methods, specially adapted for specific functions
    • G06F17/10Complex mathematical operations
    • G06F17/16Matrix or vector computation, e.g. matrix-matrix or matrix-vector multiplication, matrix factorization
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N20/00Machine learning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Software Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Mathematical Analysis (AREA)
  • Computational Mathematics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Mathematical Optimization (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Databases & Information Systems (AREA)
  • Algebra (AREA)
  • Computer Hardware Design (AREA)
  • Artificial Intelligence (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Evolutionary Computation (AREA)
  • Medical Informatics (AREA)
  • Complex Calculations (AREA)

Abstract

The embodiment of the specification describes a method and a device for processing private data. According to the method of the embodiment, homomorphic encryption is considered to be respectively carried out on the privacy data of at least one dimension and the polynomial coefficients corresponding to the privacy data of each dimension, and finally privacy calculation is carried out according to the calculation rule of the plaintext polynomial in machine learning by using the obtained ciphertext coefficient and the ciphertext privacy data. Therefore, the privacy data and the polynomial coefficients are subjected to homomorphic encryption respectively, the polynomial calculation item by item is not needed, only the linear calculation between the ciphertext privacy data and the ciphertext coefficients is carried out, and the privacy calculation of the plaintext polynomial can be realized, so that the processing efficiency of the privacy data can be greatly improved.

Description

Processing method and device of private data and computing equipment
Technical Field
One or more embodiments of the present specification relate to the field of data security technology, and in particular, to a method and an apparatus for processing private data.
Background
There is a lot of data that needs to be privacy protected in various machine learning scenarios. For example, in the financial field, when a risk prediction model is constructed according to user data, it is required to ensure that data such as an account and transaction details of a user are not leaked; as another example, in the medical field, when modeling the medical data of each patient for subsequent disease prediction guidance, the medical data of the patient should be protected from privacy.
The privacy calculation is carried out on the privacy data to enable the data to be invisible, and the data function can be played on the premise that the privacy data are protected. However, in the field of machine learning, the privacy calculation of the privacy data can be reduced to the calculation of the ciphertext polynomial, which requires a large number of multiplications in the ciphertext domain, resulting in inefficient processing of the privacy data.
Disclosure of Invention
One or more embodiments of the present specification describe a method and an apparatus for processing private data, which can improve the efficiency of processing the private data.
According to a first aspect, there is provided a method of processing private data, comprising:
obtaining privacy data of at least one dimension;
obtaining a polynomial coefficient corresponding to the privacy data of each dimension;
homomorphic encryption is carried out on the polynomial coefficient to obtain a ciphertext coefficient;
homomorphic encryption is carried out on the privacy data of at least one dimension to obtain ciphertext privacy data;
and privacy calculation is carried out according to the rule of plaintext polynomial calculation in machine learning by utilizing the ciphertext privacy data and the ciphertext coefficient.
In one possible implementation, the calculation rule of the plaintext polynomial in the machine learning includes the following calculation formula:
Figure BDA0003763097850000021
wherein f (x) is used to characterize the plaintext polynomial, x i For characterizing the privacy data of the ith dimension, a i And n is used for representing the highest dimensionality of the privacy data in the plaintext polynomial.
In a possible implementation manner, the homomorphic encrypting the polynomial coefficient to obtain a ciphertext coefficient includes:
assembling each polynomial coefficient into a column vector of size n +1 rows; wherein n is the highest dimensionality of the private data in the plaintext polynomial;
generating a first public key for homomorphically encrypting the polynomial coefficient;
and encrypting the column vector by using the first public key to obtain the ciphertext coefficient.
In one possible implementation, the generating a first public key for homomorphically encrypting the polynomial coefficient includes:
generating the first public key using the following calculation:
Figure BDA0003763097850000022
wherein PK is used to characterize the first public key, P m Is a first reversible matrix of the first order,and the reversible matrix in the private key for decrypting the ciphertext coefficient is a reciprocal matrix, I is a first identity matrix, and T and A are random matrices.
In a possible implementation manner, the encrypting the column vector by using the first public key to obtain the ciphertext coefficient includes:
calculating the ciphertext coefficient using the following calculation:
L c =PK·(vL)+e
wherein L is c The device is used for representing the ciphertext coefficient, PK is used for representing the first public key, L is used for representing the column vector, v is a preset positive integer, and e is a random error vector.
In a possible implementation manner, the homomorphic encrypting the privacy data of the at least one dimension to obtain ciphertext privacy data includes:
assembling the private data of each dimension into a row vector with the size of n +1 columns; wherein n is the highest dimensionality of the private data in the plaintext polynomial;
determining a first private key for decrypting ciphertext coefficients of the polynomial;
and encrypting the row vector by using the first private key to obtain the ciphertext privacy data.
In a possible implementation manner, the encrypting the row vector by using the first private key to obtain the ciphertext privacy data includes:
calculating the ciphertext privacy data using the following calculation:
Figure BDA0003763097850000031
wherein, X c For characterizing the ciphertext privacy data, P m 'is a second reversible matrix, and the reversible matrix in the private key for decrypting the ciphertext privacy data is a reciprocal matrix, I' is a second identity matrix, and T 'and a' are both random matrices.
According to a second aspect, there is provided an apparatus for processing private data, comprising: the system comprises an acquisition module, an encryption module and a privacy calculation module;
the acquisition module is configured to acquire privacy data of at least one dimension; obtaining a polynomial coefficient corresponding to the privacy data of each dimension;
the encryption module is configured to homomorphically encrypt the polynomial coefficient acquired by the acquisition module to obtain a ciphertext coefficient; and homomorphic encryption is carried out on the privacy data of at least one dimension to obtain ciphertext privacy data;
and the privacy calculation module is configured to perform privacy calculation according to a plaintext polynomial calculation rule in machine learning by using the ciphertext privacy data and the ciphertext coefficient obtained by the encryption module.
In one possible implementation manner, when homomorphic encrypting the polynomial coefficient to obtain a ciphertext coefficient, the encryption module is configured to perform the following operations:
assembling the polynomial coefficients into a column vector of size n +1 rows; wherein n is the highest dimensionality of the private data in the plaintext polynomial;
generating a first public key for homomorphically encrypting the polynomial coefficient;
and encrypting the column vector by using the first public key to obtain the ciphertext coefficient.
According to a third aspect, there is provided a computing device comprising: a memory having executable code stored therein, and a processor, the processor when executing the executable code implementing the method of any of the first aspects above.
According to the method and the device provided by the embodiment of the specification, when the privacy data are processed, at least one dimension of privacy data and a polynomial coefficient corresponding to each dimension of privacy data are obtained firstly. And then homomorphic encryption is respectively carried out on the acquired privacy data of at least one dimension and the polynomial coefficients corresponding to the privacy data of each dimension. And finally, the obtained ciphertext coefficient and ciphertext privacy data are utilized to realize privacy calculation according to a calculation rule of a plaintext polynomial in machine learning. Therefore, the privacy data and the polynomial coefficients are homomorphic encrypted respectively, the polynomial calculation does not need to be carried out item by item, only the linear calculation between the ciphertext privacy data and the ciphertext coefficients is carried out, the privacy calculation of the plaintext polynomial can be realized, and the processing efficiency of the privacy data can be greatly improved.
Drawings
In order to more clearly illustrate the embodiments of the present specification or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present specification, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 is a flowchart of a method for processing private data according to an embodiment of the present specification;
FIG. 2 is a flow diagram of a method for encrypting polynomial coefficients according to one embodiment of the present disclosure;
FIG. 3 is a flow diagram of a method of encrypting private data provided by one embodiment of the present description;
FIG. 4 is a flow diagram of another method for processing private data provided by one embodiment of the present description;
fig. 5 is a schematic diagram of a device for processing private data according to an embodiment of the present disclosure.
Detailed Description
As described above, privacy calculations are an important means for protecting privacy data. The privacy calculation can realize the invisible availability of the privacy data, and plays the role of the data to the greatest extent on the premise of protecting the data privacy, so that the method has important significance for protecting each sample data from being disclosed in the field of machine learning.
Privacy calculations performed on private data in the field of machine learning can be reduced to calculations on ciphertext polynomials. For example, the prediction process of ciphertext linear regression and logistic regression is the calculation of a ciphertext polynomial; for another example, the inference of the ciphertext neural network is essentially the computation of a ciphertext polynomial. However, the ciphertext polynomial is multiplicative, and the computation amount of the multiplication in the ciphertext domain is very large, which greatly affects the efficiency of the device for processing the private data.
Based on the scheme, the privacy data of multiple dimensions and the corresponding polynomial coefficients are converted into a form of ciphertext through homomorphic encryption respectively, and therefore polynomial calculation item by item is converted into linear calculation between the ciphertext of the privacy data and the ciphertext of the polynomial coefficients, and the processing efficiency of the privacy data is improved.
As shown in fig. 1, an embodiment of the present specification provides a method for processing private data, which may include the following steps:
step 101: obtaining privacy data of at least one dimension;
step 103: obtaining a polynomial coefficient corresponding to the privacy data of each dimension;
step 105: homomorphic encryption is carried out on the polynomial coefficient to obtain a ciphertext coefficient;
step 107: homomorphic encryption is carried out on the privacy data of at least one dimension to obtain ciphertext privacy data;
step 109: and privacy calculation is carried out according to the rule of plaintext polynomial calculation in machine learning by using the ciphertext privacy data and the ciphertext coefficient.
In this embodiment of the present description, when processing the private data, first, the private data of at least one dimension and a polynomial coefficient corresponding to the private data of each dimension are obtained. And then homomorphic encryption is respectively carried out on the acquired privacy data of at least one dimension and the polynomial coefficients corresponding to the privacy data of each dimension. And finally, the obtained ciphertext coefficient and ciphertext privacy data are utilized to realize privacy calculation according to a calculation rule of a plaintext polynomial in machine learning. Therefore, the privacy data and the polynomial coefficients are homomorphic encrypted respectively, the polynomial calculation does not need to be carried out item by item, only the linear calculation between the ciphertext privacy data and the ciphertext coefficients is carried out, the privacy calculation of the plaintext polynomial can be realized, and the processing efficiency of the privacy data can be greatly improved.
The steps in FIG. 1 are described below with reference to specific examples.
First in step 101, privacy data of at least one dimension is obtained.
The private data may be sample data for machine learning, such as business data of the customer, transaction data of a financial account, medical data of the patient, and the like.
For plaintext polynomials, dimensions refer to different degrees of the private data. For example, when the private data is represented by x, x 1 、x 2 、x 3 ……x n I.e. privacy data of different dimensions. When obtaining the private data x, the values of the private data x in different dimensions are calculated in the plaintext field, namely, x is calculated respectively 1 、x 2 、x 3 ……x n Where n is the highest dimension of the private data in the plaintext polynomial.
For example, in the field of machine learning, privacy computation on privacy data can be reduced to computation on a polynomial, that is, a polynomial in machine learning can be represented by the following computation formula:
Figure BDA0003763097850000061
wherein f (x) is used to characterize the plaintext polynomial, x i For characterizing the privacy data of the ith dimension, a i And n is used for representing the highest dimensionality of the privacy data in the plaintext polynomial.
That is, when the polynomial for privacy calculation in machine learning is the polynomial described above, x and x should be acquired in acquiring privacy data in the present embodiment 2 、x 3 ……x n-1 、x n And privacy data of various dimensions. In particular, given the privacy data x of the original dimension, the different-dimension cryptographies can be obtained by calculating different power exponentsPrivate data [ x ] n ,x n-1 ,…,x,1]. In this way, since the power exponent is calculated in the plaintext domain, this embodiment provides a simpler and more efficient method than a process of calculating values of private data of different dimensions in the ciphertext domain after encrypting the private data.
Then, in step 103, polynomial coefficients corresponding to the private data of each dimension are obtained.
The polynomial coefficients corresponding to the private data of each dimension are determined by a plain text polynomial in machine learning. For example, following the above example, the polynomial to perform the calculation is
Figure BDA0003763097850000071
The coefficient corresponding to the private data of each dimension is a polynomial coefficient, namely [ a n ,a n-1 ,…,a 1 ,a 0 ]。
Further in step 105, homomorphic encryption is performed on the polynomial coefficient to obtain a ciphertext coefficient.
In this step, homomorphic encryption of the polynomial coefficients is considered. For example, as shown in fig. 2, the following steps may be implemented:
step 201: assembling the polynomial coefficients into a column vector of size n +1 rows; wherein n is the highest dimensionality of the private data in the plaintext polynomial;
step 203: generating a first public key for homomorphically encrypting the polynomial coefficient;
step 205: and encrypting the column vector by using the first public key to obtain a ciphertext coefficient.
In this embodiment, when homomorphic encrypting the polynomial coefficients, first, each polynomial coefficient may be assembled into a column vector with a size of n +1 rows, and then a first public key for homomorphic encrypting the polynomial coefficients is generated. The column vector of the polynomial coefficient can be encrypted by using the generated first public key to obtain a ciphertext coefficient. Therefore, by assembling each polynomial coefficient into a column vector and encrypting the column vector, the calculation of each polynomial can be simplified, and the calculation efficiency can be improved.
Step 201 is explained below.
Plaintext polynomial f (x) = a with highest dimension n for private data n x n +a n-1 x n-1 +…+a 1 x+a 0 In other words, the column vector obtained by assembling the polynomial coefficients is [ a ] n ,a n-1 ,…,a 1 ,a 0 ] T
It is noted that n is the highest dimension of the private data in the plaintext polynomial, and for terms below n dimensions, and not present in the plaintext polynomial, the coefficient of the plaintext polynomial is 0. For example, for plaintext polynomial f (x) =6x 4 +3x 2 X +6, there are no terms with dimension 3 in the polynomial, but the highest dimension of the private data is 4, then the column vector consisting of polynomial coefficients should contain 4+1=5 elements. Substantially, the polynomial coefficient of the polynomial in the term with dimension 3 is 0, and the column vector of the polynomial coefficient should be supplemented when constructing the column vector, so as to obtain the corresponding column vector [6,0,3, -1,6] T I.e. the polynomial coefficient with dimension 3 in the polynomial is 0.
Step 203 is explained below.
In this step, when generating the first public key for homomorphically encrypting the polynomial coefficient, the first public key may be generated by using the following calculation formula:
Figure BDA0003763097850000081
where PK is used to characterize the first public key, P m The first reversible matrix is a reversible matrix with a reversible matrix in a private key for decrypting the ciphertext coefficient, I is a first identity matrix, and T and A are random matrices.
For example, in generating the key, a set of parameters may first be generated, as follows:
a positive integer v, which may be predetermined, is typically a large integer, such as 10000;
an identity matrix I having a size according to a first to be generatedThe size of the public key is determined, for example, the identity matrix can be a three-dimensional matrix
Figure BDA0003763097850000082
The random error vector e, which is a very small noise value, may be an empirical value or may be obtained through statistics or experiments.
Random matrix T and random matrix a, which may be randomly generated by a computer. E.g. a randomly generated matrix
Figure BDA0003763097850000083
Matrix->
Figure BDA0003763097850000084
/>
A pair of reciprocal matrices P s And P m In which P is s ·P m That is, for example,
Figure BDA0003763097850000085
after obtaining the above parameters, the first public key can be output as
Figure BDA0003763097850000086
And the private key for decrypting the ciphertext coefficient is SK = [ I, T =]·P s
Step 205 is explained below.
In the above example, when the column vector is encrypted by the first public key to obtain the ciphertext coefficient, the formula L may be used c And (vL) + e, and encrypting the polynomial coefficient to obtain a ciphertext coefficient.
Wherein L is c The method is used for representing ciphertext coefficients, PK is used for representing a first public key, L is used for representing a row vector, v is a preset positive integer, and e is a random error vector.
It can be seen that, through the above steps 201-205, the polynomial coefficients can be assembled into a column vector, and encrypted by homomorphic encryption to be converted into a ciphertext vector of the coefficients. Therefore, when the polynomial is calculated, the condition that each item of ciphertext coefficient is used for calculating item by item is avoided, calculation can be realized by using the ciphertext vector to perform linear transformation, and the efficiency of privacy calculation can be greatly improved.
Further in step 107: and homomorphic encryption is carried out on the privacy data of at least one dimension to obtain ciphertext privacy data.
In this step, homomorphic encryption is considered to be performed on the acquired private data of at least one dimension. For example, as shown in fig. 3, the following steps may be implemented:
step 301: assembling the private data of each dimension into a row vector with the size of n +1 columns; wherein n is the highest dimensionality of the private data in the plaintext polynomial;
step 303: determining a first private key for decrypting the ciphertext coefficient of the polynomial;
step 305: and encrypting the row vector by using the first private key to obtain ciphertext privacy data.
In this embodiment, when performing homomorphic encryption on private data, first, private data of each dimension may be assembled into a row vector having a size of n +1 columns. And then determining a first private key for decrypting the polynomial coefficient, and further encrypting the assembled row vector by using the first private key to obtain ciphertext privacy data. Therefore, the scheme encrypts the private data of each dimensionality in the polynomial, and avoids performing complex multiplication calculation after encrypting the private data. For example, for an n-dimensional polynomial, if the polynomial calculation is performed after encryption, then for x n N-1 ciphertext multiplications are needed, which seriously restricts the computational efficiency of the system. While the scheme calculates x in the plaintext domain n It is a very simple and efficient calculation process.
Step 301 will be explained below.
Plaintext polynomial f (x) = a with highest dimension n for private data n x n +a n-1 x n-1 +…+a 1 x+a 0 In other words, a row vector obtained by assembling private data of each dimension is [ x ] n ,x n-1 ,…,x,1]。
It should be noted that n is the highest dimension of the private data in the plaintext polynomial, and for terms lower than n dimensions and not present in the plaintext polynomial, only the coefficients of the corresponding polynomial are 0, but the row vectors of the private data still need to be supplemented when assembling. For example, for a plaintext polynomial f (x) =6x 4 +3x 2 X +6, which is 0 x, although the privacy data of dimension 3 does not appear in the polynomial 3 When composing the private data of each dimension, the private data of dimension 3 should be supplemented, that is, the obtained row vector is [ x ] 4 ,x 3 ,x 2 ,x,1]That is, in the obtained column vector, the privacy data should traverse from the highest dimension n to dimension 0, thereby forming a row vector of n +1 columns of privacy data.
Step 303 is explained below.
In this step, reference may be made to the related description of 203, where the first private key for decrypting the ciphertext coefficient is SK = [ I, T =]·P s
Step 305 is explained below.
After the row vector and the first private key of the private data are obtained, the following calculation formula is considered to encrypt the row vector to obtain ciphertext private data:
Figure BDA0003763097850000101
wherein, X c For characterizing ciphertext privacy data, P m 'is a second reversible matrix, and the reversible matrix in the private key for decrypting the ciphertext privacy data is a reciprocal matrix, I' is a second identity matrix, and T 'and a' are both random matrices.
In this embodiment, the second invertible matrix P m ', the second identity matrix I', the random matrices T 'and a' may or may not be the same as the parameters used to encrypt the polynomial coefficients. For example, the second identity matrix may be the same as the first identity matrix, or may be two matrices having different sizes, such as
Figure BDA0003763097850000102
And &>
Figure BDA0003763097850000103
Two identity matrices. As another example, the second invertible matrix P m The first reversible matrix may be the same as or different from the first reversible matrix, but it is necessary to ensure that the reversible matrix in the second reversible matrix and the private key for decrypting the ciphertext privacy data is a reciprocal matrix, so as to ensure the accuracy in decrypting the ciphertext.
Therefore, the privacy data of all dimensions can be assembled into a row vector through the steps 301 to 305, and the row vector is encrypted through homomorphic encryption and then converted into a ciphertext vector of the privacy data. Therefore, when the polynomial is calculated, the polynomial calculation can be realized by performing linear transformation between the ciphertext vector of the coefficient and the ciphertext vector of the privacy data once, and the polynomial calculation for each item in the polynomial is avoided, so that the processing efficiency of the privacy data can be improved.
Finally, in step 109, the ciphertext privacy data and the ciphertext coefficients are used to perform privacy calculation according to the rule of plaintext polynomial calculation in machine learning.
In this embodiment, after the polynomial coefficients and the private data are encrypted, the private calculation may be performed according to the calculation rule of the polynomial. For example, for a polynomial
Figure BDA0003763097850000111
The calculation rule is the sum of the products of the coefficients of the calculation polynomial and the private data corresponding to each dimensionality. After the polynomial coefficients and the private data are assembled into vectors, linear transformation between the polynomial coefficients and the private data is calculated. I.e. the polynomial calculation under the ciphertext has Y c =X c ·L c Where Yc is a polynomial calculation value under the ciphertext, xc is ciphertext privacy data, and Lc is a ciphertext coefficient. The calculation is essentially linear transformation of two matrixes, and polynomial calculation is not carried out item by item, so that polynomial calculation of any degree is carried outThe conversion is a linear transformation operation, and the method is very efficient. And through the scheme, as long as the encryption scheme supports ciphertext addition and multiplication simultaneously, the method can be modified to support calculation of ciphertext polynomial of any times without losing calculation performance.
The following is to complete the polynomial f (x) = a n x n +a n-1 x n-1 +…+a 1 x+a 0 The present scheme will be further described with reference to the following calculation as an example. As shown in fig. 4, the following steps may be included:
step 401: generating a key for encrypting the polynomial coefficient;
in this step, a positive integer v, an identity matrix I, a random error vector e, a random matrix T and a random matrix a, and a reciprocal matrix P may be generated first s And P m For the parameters, see the description of step 203. Further, the private key SK = [ I, T ] for encryption and decryption may be output]·P s And a public key
Figure BDA0003763097850000112
Step 403: the polynomial coefficients in the polynomial are assembled into a column vector.
For example, the column vector for the polynomial coefficient constituted by the polynomial f (x) is [ a ] n ,a n-1 ,…,a 1 ,a 0 ] T . Where T characterizes the transpose of the vector.
Step 405: and encrypting the polynomial coefficient by using the public key PK to obtain a ciphertext vector of the coefficient.
In this step, the polynomial coefficients may be encrypted using the following calculation:
L c =Enc(L,PK,e)=PK·(vL)+e
step 407: and assembling the privacy data of each dimension into a row vector.
In the step, given an input x of private data, private data of each dimension is calculated in a plain text domain, and then the calculated private data of each dimension is assembled into a row vector [ x ] n ,x n-1 ,…,x,1]。
Step 409: and encrypting the private data to obtain a ciphertext vector of the private data.
In this step, a new set of key generation parameters is generated, and then ciphertext privacy data is obtained by the following calculation formula:
Figure BDA0003763097850000121
for a detailed description, refer to the description of step 305 above.
In this step, the new decryption key obtained at the same time is SK ' = [ I ', T ']·P s ′。
Step 411: and performing polynomial calculation in a ciphertext domain.
The above polynomial f (x) = a n x n +a n-1 x n-1 +…+a 1 x+a 0 Can be converted into Y c =X c ·L c And (4) calculating.
In addition, when decryption or correctness verification is performed on the process of calculating the ciphertext, the following processes can be performed:
Figure BDA0003763097850000122
Figure BDA0003763097850000131
finally, dividing the result by a positive integer v to obtain: a is n x n +a n-1 x n-1 +…+a 1 x+a 0 I.e., the final decrypted result, where e' is a very small noise,
Figure BDA0003763097850000132
obviously, the decryption result is a calculation result of the plaintext polynomial, that is, the calculation performance of the scheme has high accuracy and good reliability.
It should be noted that the processing method of the private data provided by the present disclosure is a very basic processing method, and therefore, a large number of application scenarios on the upper layer can be supported. That is to say, the field of machine learning is an application scenario of the processing scheme of private data provided by the scheme, and in some possible implementation manners, the scheme may also be applied to other application scenarios, for example, a calculation scenario conforming to a polynomial form may all perform data processing by using the scheme. And as long as the encryption scheme supports addition and multiplication at the same time, the encryption scheme can be transformed into a scheme supporting the calculation of ciphertext polynomial of any degree without losing the calculation performance.
As shown in fig. 5, an embodiment of the present specification provides a processing apparatus for privacy data, including: an acquisition module 501, an encryption module 502 and a privacy calculation module 503;
an obtaining module 501 configured to obtain privacy data of at least one dimension; obtaining a polynomial coefficient corresponding to the privacy data of each dimension;
the encryption module 502 is configured to homomorphically encrypt the polynomial coefficient acquired by the acquisition module 501 to obtain a ciphertext coefficient; homomorphic encryption is carried out on the privacy data of at least one dimension to obtain ciphertext privacy data;
the privacy calculation module 503 is configured to perform privacy calculation according to the rule of plaintext polynomial calculation in machine learning by using the ciphertext privacy data and the ciphertext coefficient obtained by the encryption module 502.
In one possible implementation, when the privacy calculation module 503 performs the privacy calculation, the calculation rule of the plaintext polynomial in machine learning includes the following calculation formula:
Figure BDA0003763097850000133
wherein f (x) is used to characterize the plaintext polynomial, x i For characterizing the privacy data of the ith dimension, a i And n is used for representing the highest dimensionality of the privacy data in the plaintext polynomial.
In one possible implementation, the encryption module 502, when homomorphically encrypting the polynomial coefficients to obtain ciphertext coefficients, is configured to perform the following operations:
assembling the polynomial coefficients into a column vector of size n +1 rows; wherein n is the highest dimensionality of the private data in the plaintext polynomial;
generating a first public key for homomorphically encrypting the polynomial coefficient;
and encrypting the column vector by using the first public key to obtain a ciphertext coefficient.
In one possible implementation, the encryption module 502, in generating the first public key that homomorphically encrypts the polynomial coefficient, is configured to generate the first public key using the following calculation:
Figure BDA0003763097850000141
where PK is used to characterize the first public key, P m The first reversible matrix is a reversible matrix with a reversible matrix in a private key for decrypting the ciphertext coefficient, I is a first identity matrix, and T and A are random matrices.
In one possible implementation, when the encryption module 502 encrypts the column vector by using the first public key to obtain the ciphertext coefficient, the encryption module is configured to calculate the ciphertext coefficient by using the following calculation formula:
L c =PK·(vL)+e
wherein L is c The method is used for representing ciphertext coefficients, PK is used for representing a first public key, L is used for representing a column vector, v is a preset positive integer, and e is a random error vector.
In one possible implementation manner, when homomorphic encrypting the privacy data of at least one dimension to obtain the ciphertext privacy data, the encryption module 502 is configured to perform the following operations:
assembling the private data of each dimension into a row vector with the size of n +1 columns; wherein n is the highest dimensionality of the private data in the plaintext polynomial;
determining a first private key for decrypting the ciphertext coefficients of the polynomial;
and encrypting the line vector by using the first private key to obtain ciphertext privacy data.
In one possible implementation, when encrypting the line vector with the first private key to obtain the ciphertext privacy data, the encryption module 502 is configured to calculate the ciphertext privacy data by using the following calculation formula:
Figure BDA0003763097850000151
wherein, X c For characterizing ciphertext privacy data, P m 'is a second reversible matrix, and the reversible matrix in the private key for decrypting the ciphertext privacy data is a reciprocal matrix, I' is a second identity matrix, and T 'and a' are both random matrices.
The present specification also provides a computer readable storage medium having stored thereon a computer program which, when executed in a computer, causes the computer to perform the method of any one of the embodiments of the specification.
The present specification also provides a computing device comprising a memory having stored therein executable code and a processor that, when executing the executable code, implements the method of any of the embodiments of the specification.
It is to be understood that the illustrated structure of the embodiments of the present specification does not constitute a specific limitation to the processing device of the private data. In other embodiments of the description, the processing means of the privacy data may comprise more or fewer components than shown, or some components may be combined, or some components may be split, or a different arrangement of components. The illustrated components may be implemented in hardware, software, or a combination of software and hardware.
For the information interaction, execution process, and other contents between the units in the apparatus, the specific contents may refer to the description in the method embodiment of the present specification because the same concept is based on the method embodiment of the present specification, and are not described herein again.
Those skilled in the art will recognize that in one or more of the examples described above, the functions described in this specification can be implemented in hardware, software, hardware, or any combination thereof. When implemented in software, the functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium.
The above-mentioned embodiments, the purpose, technical solutions and advantages described in the present specification are further described in detail, it should be understood that the above-mentioned embodiments are only specific embodiments of the present invention, and are not intended to limit the scope of the present invention, and any modifications, equivalent substitutions, improvements and the like made on the basis of the technical solutions of the present invention should be included in the scope of the present invention.

Claims (7)

1. The privacy data processing method comprises the following steps:
obtaining privacy data of at least one dimension;
obtaining a polynomial coefficient corresponding to the privacy data of each dimension;
homomorphic encryption is carried out on the polynomial coefficient to obtain a ciphertext coefficient;
homomorphic encryption is carried out on the privacy data of at least one dimension to obtain ciphertext privacy data;
performing privacy calculation according to a plaintext polynomial calculation rule in machine learning by using the ciphertext privacy data and the ciphertext coefficient;
the homomorphic encryption of the polynomial coefficient to obtain a ciphertext coefficient includes:
assembling the polynomial coefficients into a column vector of size n +1 rows; wherein n is the highest dimensionality of the private data in the plaintext polynomial; for terms below n-dimension, if not present in the plaintext polynomial, the coefficients of the plaintext polynomial for the terms below n-dimension are 0;
generating a first public key for homomorphically encrypting the polynomial coefficient;
encrypting the column vector by using the first public key to obtain the ciphertext coefficient;
the homomorphic encryption of the privacy data of the at least one dimension to obtain ciphertext privacy data includes:
assembling the private data of each dimension into a row vector with the size of n +1 columns;
determining a first private key for decrypting the ciphertext coefficients of the polynomial;
and encrypting the row vector by using the first private key to obtain the ciphertext privacy data.
2. The method of claim 1, wherein the calculation rule of the plaintext polynomial in the machine learning comprises the following calculation formula:
Figure DEST_PATH_IMAGE001
wherein the content of the first and second substances,
Figure 875493DEST_PATH_IMAGE002
for characterizing the plaintext polynomial,
Figure DEST_PATH_IMAGE003
for characterizing the privacy data of the ith dimension,
Figure 614910DEST_PATH_IMAGE004
and n is used for representing the highest dimensionality of the privacy data in the plaintext polynomial.
3. The method of claim 1, wherein the generating a first public key for homomorphically encrypting polynomial coefficients comprises:
generating the first public key using the following calculation:
Figure DEST_PATH_IMAGE005
wherein PK is used to characterize the first public key,
Figure 117698DEST_PATH_IMAGE006
the first reversible matrix is a reversible matrix with a reversible matrix in a private key for decrypting the ciphertext coefficient, I is a first identity matrix, and T and A are random matrices.
4. The method of claim 1, wherein the encrypting the column vector with the first public key results in the ciphertext coefficient, comprising:
calculating the ciphertext coefficient using the following calculation:
Figure DEST_PATH_IMAGE007
wherein the content of the first and second substances,
Figure 487631DEST_PATH_IMAGE008
for characterizing the ciphertext coefficients, PK for characterizing the first public key, L for characterizing the column vector,
Figure DEST_PATH_IMAGE009
is a positive integer which is preset in advance,
Figure 98872DEST_PATH_IMAGE010
is a random error vector.
5. The method of claim 1, wherein the encrypting the row vector with the first private key results in the ciphertext privacy data, comprising:
calculating the ciphertext privacy data using the following calculation:
Figure DEST_PATH_IMAGE011
wherein the content of the first and second substances,
Figure 641980DEST_PATH_IMAGE012
for characterizing the ciphertext privacy data,
Figure DEST_PATH_IMAGE013
is a second invertible matrix and is a reciprocal matrix to an invertible matrix of a private key that decrypts ciphertext privacy data, X is used to characterize the row vector, SK is used to characterize the first private key,
Figure 999274DEST_PATH_IMAGE014
and
Figure DEST_PATH_IMAGE015
are all random matrices.
6. A device for processing private data, comprising: the system comprises an acquisition module, an encryption module and a privacy calculation module;
the acquisition module is configured to acquire privacy data of at least one dimension; obtaining a polynomial coefficient corresponding to the privacy data of each dimension;
the encryption module is configured to homomorphically encrypt the polynomial coefficient acquired by the acquisition module to obtain a ciphertext coefficient; homomorphic encryption is carried out on the privacy data of at least one dimension to obtain ciphertext privacy data;
the privacy calculation module is configured to perform privacy calculation according to a plaintext polynomial calculation rule in machine learning by using the ciphertext privacy data and the ciphertext coefficient obtained by the encryption module;
when the encryption module homomorphically encrypts the polynomial coefficient to obtain a ciphertext coefficient, the encryption module is configured to execute the following operations:
assembling the polynomial coefficients into a column vector of size n +1 rows; wherein n is the highest dimensionality of the private data in the plaintext polynomial; for terms below n-dimension, if not present in the plaintext polynomial, the coefficients of the plaintext polynomial for the terms below n-dimension are 0;
generating a first public key for homomorphically encrypting the polynomial coefficient;
encrypting the column vector by using the first public key to obtain the ciphertext coefficient;
the encryption module is configured to perform the following operations when homomorphic encryption is performed on privacy data of at least one dimension to obtain ciphertext privacy data:
assembling the private data of each dimension into a row vector with the size of n +1 columns; wherein n is the highest dimensionality of the private data in the plaintext polynomial;
determining a first private key for decrypting the ciphertext coefficient of the polynomial;
and encrypting the line vector by using the first private key to obtain ciphertext privacy data.
7. A computing device comprising a memory having executable code stored therein and a processor that, when executing the executable code, implements the method of any of claims 1-5.
CN202210878336.2A 2022-07-25 2022-07-25 Processing method and device of private data and computing equipment Active CN115276950B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210878336.2A CN115276950B (en) 2022-07-25 2022-07-25 Processing method and device of private data and computing equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210878336.2A CN115276950B (en) 2022-07-25 2022-07-25 Processing method and device of private data and computing equipment

Publications (2)

Publication Number Publication Date
CN115276950A CN115276950A (en) 2022-11-01
CN115276950B true CN115276950B (en) 2023-03-28

Family

ID=83769352

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210878336.2A Active CN115276950B (en) 2022-07-25 2022-07-25 Processing method and device of private data and computing equipment

Country Status (1)

Country Link
CN (1) CN115276950B (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111723404A (en) * 2020-08-21 2020-09-29 支付宝(杭州)信息技术有限公司 Method and device for jointly training business model

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190386814A1 (en) * 2016-11-07 2019-12-19 Sherjil Ahmed Systems and Methods for Implementing an Efficient, Scalable Homomorphic Transformation of Encrypted Data with Minimal Data Expansion and Improved Processing Efficiency
US11196539B2 (en) * 2017-06-22 2021-12-07 Microsoft Technology Licensing, Llc Multiplication operations on homomorphic encrypted data
CN109359588B (en) * 2018-10-15 2021-02-09 电子科技大学 Novel privacy protection non-interactive K nearest neighbor classification method
WO2020117015A1 (en) * 2018-12-07 2020-06-11 주식회사 크립토랩 Operating device and method using multivariate packing
CN111245610B (en) * 2020-01-19 2022-04-19 浙江工商大学 Data privacy protection deep learning method based on NTRU homomorphic encryption
CN112468284A (en) * 2020-11-26 2021-03-09 东北大学 SHE-based secure outsourcing method

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111723404A (en) * 2020-08-21 2020-09-29 支付宝(杭州)信息技术有限公司 Method and device for jointly training business model

Also Published As

Publication number Publication date
CN115276950A (en) 2022-11-01

Similar Documents

Publication Publication Date Title
US11222138B2 (en) Privacy-preserving machine learning in the three-server model
Wang et al. Secure and practical outsourcing of linear programming in cloud computing
Atallah et al. Securely outsourcing linear algebra computations
KR101606317B1 (en) Encryption system, encryption method, encryption program and decryption device
EP2965462A1 (en) Privacy-preserving ridge regression using partially homomorphic encryption and masks
JP5762232B2 (en) Method and system for selecting the order of encrypted elements while protecting privacy
CN113434878B (en) Modeling and application method, device, equipment and storage medium based on federal learning
CN114696990B (en) Multi-party computing method, system and related equipment based on fully homomorphic encryption
US10211980B1 (en) Method for lattice-based decryption of data
CN110324135A (en) A kind of safely outsourced method of homomorphic cryptography matrix determinant based on cloud computing
US20240137206A1 (en) Methods and apparatuses for jointly processing data by two parties for data privacy protection
JP5448863B2 (en) KEY GENERATION DEVICE, KEY GENERATION METHOD, PROGRAM, AND RECORDING MEDIUM
CN109190395B (en) Fully homomorphic encryption method and system based on data transformation
Xu et al. Toward practical privacy-preserving linear regression
EP3633656B1 (en) Secret tampering detection system, secret tampering detection apparatus, secret tampering detection method, and program
WO2018008547A1 (en) Secret computation system, secret computation device, secret computation method, and program
CN115276950B (en) Processing method and device of private data and computing equipment
JP6933290B2 (en) Secret calculation device, secret calculation authentication system, secret calculation method, and program
CN116861477A (en) Data processing method, system, terminal and storage medium based on privacy protection
US10361855B2 (en) Computing a secure elliptic curve scalar multiplication using an unsecured and secure environment
US11343070B2 (en) System and method for performing a fully homomorphic encryption on a plain text
CN112995189A (en) Method for publicly verifying matrix multiplication correctness based on privacy protection
Pathak et al. Efficient Protocols for Principal Eigenvector Computation over Private Data.
Rath et al. Privacy-Preserving Outsourcing Algorithm for Solving Large Systems of Linear Equations
KR102337865B1 (en) Homomorphic encryption-based arithmetic operation system and arithmetic operation method using the same

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant