CN115589281A - Decryption method, related device and storage medium - Google Patents

Decryption method, related device and storage medium Download PDF

Info

Publication number
CN115589281A
CN115589281A CN202211205793.1A CN202211205793A CN115589281A CN 115589281 A CN115589281 A CN 115589281A CN 202211205793 A CN202211205793 A CN 202211205793A CN 115589281 A CN115589281 A CN 115589281A
Authority
CN
China
Prior art keywords
ciphertext
fragment
key
decryption
multiplication
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211205793.1A
Other languages
Chinese (zh)
Inventor
请求不公布姓名
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Real AI Technology Co Ltd
Original Assignee
Beijing Real AI Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Real AI Technology Co Ltd filed Critical Beijing Real AI Technology Co Ltd
Priority to CN202211205793.1A priority Critical patent/CN115589281A/en
Publication of CN115589281A publication Critical patent/CN115589281A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/008Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the application relates to the field of data processing, and provides a decryption method, a related device and a storage medium, wherein the decryption method comprises the following steps: the method comprises the steps that a first device participating in secret sharing generates one or more ciphertext fragments of a ciphertext and sends a second ciphertext fragment to a second device participating in secret sharing, and the second device holds a key for decrypting the ciphertext; receiving a first key fragment of a second device, and performing secret sharing operation on the first ciphertext fragment and the first key fragment to obtain first decryption information, wherein the first key fragment is generated by the second device based on a key; receiving second decryption information of the second device, wherein the second decryption information is obtained by the second device through secret sharing operation on the second ciphertext fragment and the second key fragment; and decrypting the target plaintext based on the first decryption information and the second decryption information. According to the embodiment of the application, the ciphertext decryption is realized through secret sharing operation of the data information fragments, the leakage of complete data information is avoided, and the safety and the privacy of data are improved.

Description

Decryption method, related device and storage medium
Technical Field
The embodiment of the application relates to the field of data processing, in particular to a decryption method, a related device and a storage medium.
Background
In Homomorphic Encryption (Homomorphic Encryption), a function of processing encrypted data is provided. In homomorphic encryption, the operation result obtained by executing the operation on the original data in the homomorphic encryption state is equivalent to the operation result obtained by executing the same operation on the original data in the unencrypted state. That is to say, the homomorphic encrypted data can be processed, the content of any original data is not leaked in the data processing process, and the decryption is performed after the data processing is completed, so that the result of performing the same processing on the original data is obtained.
Compared with the data storage security concerned by a general encryption scheme, the homomorphic encryption is more concerned about the security and privacy of the data processing process.
At present, the homomorphic encryption technology is applied to a multi-party interaction scene, and the following problems exist: the multi-party equipment participating in interaction respectively holds the secret key and the ciphertext, data security is guaranteed in order to avoid data leakage, and the two parties do not want the other party to acquire the information held by the other party. In short, it is the device B that holds the ciphertext that needs to obtain the key to decrypt the ciphertext, but the device a that holds the key does not want the device B to obtain the key. If the device a holds the ciphertext and the key at the same time, the data security of the device B is affected, and the risk of data leakage exists.
Disclosure of Invention
The embodiment of the application provides a decryption method, a related device and a storage medium, which can realize a ciphertext decryption process through secret sharing operation on data information fragments, effectively avoid leakage of complete data information, reduce related security risks caused by data leakage, and greatly improve the security and privacy of data information.
In a first aspect, an embodiment of the present application provides a decryption method, where the method is applied to a first device participating in secret sharing, where the first device holds a ciphertext obtained through a homomorphic encryption process, and the method includes:
generating one or more ciphertext fragments of the ciphertext;
sending a second ciphertext fragment to a second device participating in secret sharing, wherein the second device holds a key for decrypting the ciphertext;
receiving a first key fragment of the second device, and performing secret sharing operation on a first ciphertext fragment and the first key fragment to obtain first decryption information, wherein the first key fragment is generated by the second device based on the key;
receiving second decryption information of the second device, wherein the second decryption information is obtained by the second device through secret sharing operation on the second ciphertext fragment and the second secret key fragment;
and decrypting the target plaintext based on the first decryption information and the second decryption information.
In a second aspect, an embodiment of the present application provides a decryption method, where the method is applied to a second device participating in secret sharing, where the second device holds a key for decrypting a homomorphic encrypted ciphertext, and the method includes:
generating one or more key fragments of the key;
sending a first key fragment to a first device participating in secret sharing, wherein the first device holds a ciphertext obtained through homomorphic encryption processing;
receiving a second ciphertext fragment of the first device, and performing secret sharing operation on the second ciphertext fragment and a second key fragment to obtain second decryption information, wherein the second ciphertext fragment is generated by the first device based on the ciphertext;
and sending the second decryption information to the first device, so that the first device decrypts a target plaintext based on the second decryption information and the first key fragment.
In a third aspect, an embodiment of the present application provides a decryption apparatus having a function of implementing a decryption method corresponding to the first aspect. The functions can be realized by hardware, and the functions can also be realized by executing corresponding software by hardware. The hardware or software includes one or more modules corresponding to the above functions, which may be software and/or hardware.
In one embodiment, the apparatus is adapted to a first device participating in secret sharing, the first device holding a ciphertext obtained through a homomorphic encryption process. The device includes:
a processing module configured to generate one or more ciphertext fragments of the ciphertext;
a transceiver module configured to transmit a second ciphertext fragment to a second device participating in secret sharing, where the second device holds a key for decrypting the ciphertext;
the transceiver module is further configured to receive a first key fragment of the second device;
the processing module is further configured to perform secret sharing operation on a first ciphertext fragment and the first key fragment to obtain first decryption information, wherein the key fragment is generated by the second device based on the key;
the transceiver module is further configured to receive second decryption information of the second device, where the second decryption information is obtained by the second device through secret sharing operation on the second ciphertext fragment and the second key fragment;
the processing module is further configured to decrypt a target plaintext based on the first decryption information and the second decryption information.
In a fourth aspect, an embodiment of the present application provides a decryption apparatus having a function of implementing a decryption method corresponding to the second aspect. The functions can be realized by hardware, and the functions can also be realized by executing corresponding software by hardware. The hardware or software includes one or more modules corresponding to the above functions, which may be software and/or hardware.
In one embodiment, the apparatus is adapted to a second device participating in secret sharing, the second device holding a key for decrypting a homomorphic encrypted ciphertext, the apparatus comprising:
a processing module configured to generate one or more key slices of the key;
the device comprises a receiving and sending module, a sending and receiving module and a sending and receiving module, wherein the receiving and sending module is configured to send a first key fragment to a first device participating in secret sharing, and the first device holds a ciphertext obtained through homomorphic encryption processing;
the transceiver module is further configured to receive a second ciphertext fragment of the first device;
the processing module is further configured to perform secret sharing operation on the second ciphertext fragment and a second key fragment to obtain second decryption information, wherein the second ciphertext fragment is generated by the first device based on the ciphertext;
the transceiver module is further configured to send the second decryption information to the first device, so that the first device decrypts a target plaintext based on the second decryption information and the first key fragment.
In a fifth aspect, an embodiment of the present application provides a computing device, including a memory, a processor, and a computer program stored on the memory and executable on the processor, wherein the processor implements the decryption method described in the first aspect or the second aspect when executing the computer program.
In a sixth aspect, embodiments of the present application provide a computer-readable storage medium, which includes instructions that, when executed on a computer, cause the computer to perform the decryption method described in the first aspect or the second aspect.
Compared with the prior art, in the embodiment of the application, the first device and the second device participate in secret sharing, the first device holds the ciphertext obtained through homomorphic encryption processing, and the second device holds the key for decrypting the ciphertext. The first device generates one or more ciphertext fragments of the ciphertext and sends the second ciphertext fragment to the second device, so that the second device obtains second decryption information by performing secret sharing operation on the second ciphertext fragment and the second key fragment. The first device receives a first key fragment generated by the second device based on the key, and performs secret sharing operation on the first ciphertext fragment and the first key fragment to obtain first decryption information. And finally, decrypting the target plaintext based on the first decryption information and the second decryption information. The embodiment of the application provides a ciphertext decryption mode based on secret sharing, and compared with a mode that decryption is performed by directly acquiring complete data information (such as a ciphertext or a secret key) held by an opposite side in the prior art, the ciphertext decryption process can be realized through secret sharing operation through data information fragments held by the opposite side, such as ciphertext fragments or secret key fragments, and since the data information fragments can not expose data information held by the data information fragments to the opposite side, leakage of the data information can be effectively avoided, related security risks caused by data leakage are reduced, and the security and privacy of the data information are greatly improved.
Drawings
Objects, features and advantages of embodiments of the present application will become apparent by reading the detailed description of embodiments of the present application with reference to the accompanying drawings. Wherein:
fig. 1 is a schematic diagram of a ciphertext decryption system using a decryption method in an embodiment of the present application;
FIG. 2 is a flowchart illustrating a decryption method according to an embodiment of the present application;
fig. 3 is a schematic flowchart of a process of acquiring decryption information according to an embodiment of the present application;
FIG. 4 is a schematic flow chart of a secret multiplication calculation in an embodiment of the present application;
FIG. 5 is a schematic diagram of a process for constructing a multiplication ternary array according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of a decryption apparatus according to an embodiment of the present application;
FIG. 7 is a schematic structural diagram of a computing device according to an embodiment of the present application;
fig. 8 is a schematic structural diagram of a mobile phone in an embodiment of the present application;
fig. 9 is a schematic structural diagram of a server in an embodiment of the present application.
In the drawings, the same or corresponding reference numerals indicate the same or corresponding parts.
Detailed Description
The terms "first," "second," and the like in the description and in the claims of the embodiments of the present application and in the drawings described above are used for distinguishing between similar elements (e.g., a first feature and a second feature each representing a different feature, and the like) and not necessarily for describing a particular sequential or chronological order. It will be appreciated that the data so used may be interchanged under appropriate circumstances such that the embodiments described herein may be practiced otherwise than as specifically illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or modules is not necessarily limited to those steps or modules explicitly listed, but may include other steps or modules not explicitly listed or inherent to such process, method, article, or apparatus, and such that a division of modules presented in an embodiment of the present application is merely a logical division that may be implemented in an actual implementation in another embodiment, e.g., a combination of modules may be integrated or integrated into another system, or some features may be omitted, or not implemented. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling between modules through some interfaces, and the communication connection may be an electrical connection or other similar forms, which are not limited in the embodiments of the present application. Moreover, the modules or sub-modules described as separate components may or may not be physically separated, may or may not be physical modules, or may be distributed in a plurality of circuit modules, and some or all of the modules may be selected according to actual needs to achieve the purpose of the embodiments of the present application.
The embodiment of the application provides a decryption method, which can be applied to a homomorphic encryption scene and relates to at least one service device, wherein the at least one service device comprises at least two decryption devices. For example, a service device includes a first decryption apparatus and a second decryption apparatus, where the first decryption apparatus and the second decryption apparatus are respectively configured to perform the steps of decrypting different stages of the ciphertext in the homomorphic encryption scenario. As another example, the two service apparatuses include at least two decryption devices, respectively. The first service device comprises a first decryption device, the second service device comprises a second decryption device, and the first decryption device and the second decryption device are respectively used for executing the steps of different stages of decryption of the ciphertext in the homomorphic encryption scene.
For example, the first decryption device and the second decryption device each generate a data information fragment, and share a part of the data information fragment, such as a ciphertext fragment of a ciphertext or a key fragment of a key for decrypting the ciphertext, to the opposite side, so that the opposite side obtains decryption information through secret sharing operation based on the data information held by the opposite side and the received data information fragment, and thus the target plaintext is restored through the decryption information obtained through respective calculation, and a ciphertext decryption process based on secret sharing is realized in a homomorphic encryption scene.
The first decryption device may be a server that generates one or more ciphertext fragments of a ciphertext, shares a second ciphertext fragment to a second device having a key, receives a first key fragment of the second device, performs secret sharing operation on the first ciphertext fragment and the first key fragment to obtain first decryption information, further receives second decryption information of the second device, and decrypts an application program of a target plaintext based on the first decryption information and the second decryption information, or generates one or more ciphertext fragments of the ciphertext, shares the second ciphertext fragment to the second device, receives the first key fragment of the second device, performs secret operation on the first ciphertext fragment and the first key fragment to obtain first decryption information, further receives second decryption information of the second device, and decrypts the application program of the target plaintext based on the first decryption information and the second decryption information. The second decryption device may share the first key fragment with a first device holding a ciphertext for generating one or more key fragments of the key, receive a second ciphertext fragment of the first device, and perform secret sharing operation on the second ciphertext fragment and the second key fragment to obtain second decryption information, where the second ciphertext fragment is generated by the first device based on the ciphertext and sends the second decryption information to an application program of the first device, or share the first key fragment with the first device holding the ciphertext for installing one or more key fragments generating the key, receive the second ciphertext fragment of the first device, and perform secret sharing operation on the second ciphertext fragment and the second key fragment to obtain second decryption information, where the second ciphertext fragment is generated by the first device based on the ciphertext and sends the second decryption information to a server of the application program of the first device.
It should be noted that the first key fragment, the second ciphertext fragment, the first key fragment, and the second key fragment described in the embodiment of the present application are all examples, and the number and the name of the data information fragments (including the ciphertext fragments and the key fragments) involved in the actual application are not limited in this way.
The scheme provided by the embodiment of the application relates to the technologies of Artificial Intelligence (AI), federal Learning (FL), machine Learning (ML) and the like, and is specifically explained by the following embodiments:
the AI is a theory, method, technique and application system that simulates, extends and expands human intelligence, senses the environment, acquires knowledge and uses the knowledge to obtain the best results using a digital computer or a machine controlled by a digital computer. In other words, artificial intelligence is a comprehensive technique of computer science that attempts to understand the essence of intelligence and produce a new intelligent machine that can react in a manner similar to human intelligence. Artificial intelligence is the research of the design principle and the realization method of various intelligent machines, so that the machines have the functions of perception, reasoning and decision making.
The AI technology is a comprehensive subject, and relates to the field of extensive technology, both hardware level technology and software level technology. The artificial intelligence infrastructure generally includes technologies such as sensors, dedicated artificial intelligence chips, cloud computing, distributed storage, big data processing technologies, operation/interaction systems, mechatronics, and the like. The artificial intelligence software technology mainly comprises a computer vision technology, a voice processing technology, a natural language processing technology, machine learning/deep learning and the like.
The core idea of the distributed machine Learning (FL) is that a global model based on virtual fusion data is constructed by performing distributed model training between a plurality of data sources having local data and only by exchanging model parameters or intermediate results without exchanging local individuals or sample data, so as to achieve balance between data privacy protection and data sharing calculation, that is, a new application paradigm of "data available invisible" and "data motionless model moving".
Machine Learning (ML) is a multi-domain cross discipline, and relates to a plurality of disciplines such as probability theory, statistics, approximation theory, convex analysis, algorithm complexity theory and the like. The method specially studies how a computer simulates or realizes the learning behavior of human beings so as to acquire new knowledge or skills and reorganize the existing knowledge structure to continuously improve the performance of the computer. Machine learning is the core of artificial intelligence, is the fundamental approach for computers to have intelligence, and is applied to all fields of artificial intelligence. Machine learning and deep learning generally include techniques such as artificial neural networks, belief networks, reinforcement learning, transfer learning, inductive learning, and formal education learning.
Secret sharing is a cryptography technology, which means that secret information is split in an appropriate manner to obtain a plurality of data information fragments (also called secret fragments), and the data information fragments are sent to different participants for management, so that the data information fragments are cooperatively calculated by a plurality of participants to complete a secret recovery process. Because a single participant cannot recover the secret information, all participants must be united to recover the secret information, and therefore, the privacy and the safety of the secret information are greatly protected.
In the prior art, the homomorphic encryption technology is applied to a multi-party interaction scene, and the following problems often exist: the multi-party equipment participating in interaction respectively holds the secret key and the ciphertext, data security is guaranteed in order to avoid data leakage, and the two parties do not want the other party to acquire the information held by the other party. In short, any party of the multi-party devices participating in the interaction obtains the complete data information of the opposite party device, and the security risk of data leakage is brought to the opposite party device.
Compared with the prior art in which a decryption mode needs to be performed by directly acquiring complete data information (such as a ciphertext or a key) held by the other party, in the embodiment of the application, a ciphertext decryption process can be realized through secret sharing operation through data information fragments (such as ciphertext fragments or key fragments) held by the other party, and since the data information fragments do not expose data information held by the data information fragments to the other party, leakage of the data information can be effectively avoided, related security risks caused by data leakage are reduced, and the security and privacy of the data information are greatly improved.
In some embodiments, the first decryption device and the second decryption device are deployed in an integrated manner, and referring to fig. 1, the decryption method provided in the embodiment of the present application may be implemented based on a ciphertext decryption system shown in fig. 1. The ciphertext decryption system may include a first device and a second device.
The first device may be a first decryption apparatus, and holds a ciphertext obtained through homomorphic encryption. The second device may be a second decryption apparatus holding a key for decrypting the homomorphic encrypted ciphertext. The first device and the second device respectively generate data information fragments, and share part of the data information fragments to the opposite side, such as ciphertext fragments of a ciphertext or key fragments of a key for decrypting the ciphertext, so that the opposite side obtains decryption information through secret sharing operation based on the data information held by the opposite side and the received data information fragments, a target plaintext is restored through the decryption information obtained through respective calculation, and a ciphertext decryption process based on secret sharing is realized in a homomorphic encryption scene.
The first device and the second device may each be an application, a server, or a terminal device, or the first device may be a terminal device and the second device may be a server.
It should be noted that the server according to the embodiment of the present application may be an independent physical server, may also be a server cluster or a distributed system formed by a plurality of physical servers, and may also be a cloud server that provides basic cloud computing services such as cloud service, a cloud database, cloud computing, a cloud function, cloud storage, network service, cloud communication, middleware service, domain name service, security service, CDN, and a big data and artificial intelligence platform.
The terminal device referred to in the embodiments of the present application may refer to a device providing voice and/or data connectivity to a user, a handheld device having a wireless connection function, or other processing device connected to a wireless modem. Such as mobile telephones (or "cellular" telephones) and computers with mobile terminals, such as portable, pocket, hand-held, computer-included, or vehicle-mounted mobile devices, that exchange voice and/or data with a radio access network. Examples of such devices include Personal Communication Service (PCS) phones, cordless phones, session Initiation Protocol (SIP) phones, wireless Local Loop (WLL) stations, and Personal Digital Assistants (PDA).
Referring to fig. 2, fig. 2 is a schematic flowchart of a decryption method according to an embodiment of the present application. In the embodiment of the present application, the number of devices participating in secret sharing may be two or more, and for convenience of description, two devices are taken as an example for description hereinafter. The method can be applied to the first device and the second device in a homomorphic encryption scene, and the first device and the second device cooperatively execute through a secret sharing technology. The decryption method comprises the following steps:
step S210, the first device generates one or more ciphertext fragments of the ciphertext.
Step S220, the first device sends the second ciphertext fragment to the second device.
In the embodiment of the application, the first device holds the ciphertext subjected to homomorphic encryption, and the second device holds a key for decrypting the homomorphic encrypted ciphertext. Wherein the homomorphic encryption includes partial homomorphic (partial homomorphic) encryption, somewhat homomorphic (somewhat homomorphic) encryption, and fully homomorphic (full homomorphic) encryption. Part of homomorphism is also called Shan Tongtai (single homomorphic), which means that the homomorphic encryption scheme can only carry out infinite homomorphic addition (additive-only) or infinite homomorphic multiplication (multiply-only) operations; the scheme of the somewhat homomorphic encryption can carry out any homomorphic operation on a ciphertext for a limited number of times, in other words, the scheme can carry out multiplication and addition, but can not homomorphically calculate any function; the fully homomorphic encryption scheme can perform any homomorphic operation on the ciphertext for an infinite number of times, that is, it can homomorphically calculate any function (of course, it also needs to be exact computable functions). In order to implement feature comparison calculation in a ciphertext state in a subsequent step, in the embodiment of the present application, when performing reconstruction encryption processing on a feature-segmented portion, point homomorphic encryption or fully homomorphic encryption (for example, CKKS) may be used, so as to implement matrix multiplication calculation or vector quantity product calculation in an encryption state (which simultaneously satisfies homomorphic multiplication and homomorphic addition).
In the embodiment of the application, the ciphertext held by the first device can be decrypted through the key held by the second device. In consideration of the security risk brought by directly transmitting data information such as a secret key or a ciphertext in the prior art, in the embodiment of the application, a secret sharing technology is adopted to divide the data information into data information fragments, so that a final target plaintext is decrypted through operation processing on the data information fragments.
For the first device, the ciphertext needs to be divided into a plurality of ciphertext fragments and sent to other devices participating in secret sharing in a homomorphic encryption scene, so that the plurality of ciphertext fragments are managed by the plurality of devices together, and the operation on the decryption information is completed.
In the embodiment of the present application, for convenience of description, a ciphertext fragment managed by a first device is referred to as a first ciphertext fragment of a ciphertext, and a ciphertext fragment shared with a second device and managed by the second device is referred to as a second ciphertext fragment of the ciphertext. In some embodiments, in step S210, the first device randomly generates first data as a first ciphertext fragment of the ciphertext, and further, the first device partitions a second ciphertext fragment from the ciphertext based on the first ciphertext fragment, thereby implementing partitioning of the ciphertext in the homomorphic encryption state. For example, the first device randomly generates an integer as the first ciphertext fragment of the ciphertext. And taking the difference between the ciphertext and the first ciphertext fragment as a second ciphertext fragment. Of course, the ciphertext fragment may also be obtained by other manners, which are not limited herein. It should be noted that, the order of obtaining the first ciphertext fragment and the second ciphertext fragment, and the number of ciphertext fragments into which the ciphertext can be divided are not limited herein. In step S220, the first device sends the second ciphertext fragment to the second device.
In one possible design, the first device may be a physical device deployed in a ciphertext decryption system, for example, in a face recognition scenario, the physical device may be a mobile phone with a camera, and after the physical device acquires a face image of a person to be recognized, the physical device acquires face features from the face image through a face recognition model deployed therein, and performs homomorphic encryption on the face features to obtain a face feature ciphertext (i.e., the ciphertext).
In one possible design, the physical device may also be a service device in a trusted execution environment, which refers to an execution environment trusted by a title party for obtaining a model of the original data, i.e. the title party of the model does not worry that the service device will obtain the model inversely based on the original data, whereby the physical device may obtain the original data for encrypting into the ciphertext from the service device in which the data collection apparatus is deployed by means of a wired or wireless connection.
In step S230, the second device generates one or more key fragments of the key.
Step S240, the second device sends the first key fragment to the first device.
In combination with the above description, in steps S230 to S240, similar to the first device, the second device may divide the plurality of key fragments from the key and send the key fragments to other devices participating in secret sharing in a homomorphic encryption scenario, so that the plurality of key fragments are managed by the plurality of devices together to complete the operation on the respective decrypted information. The key fragment is acquired in a manner similar to that of the ciphertext fragment, and is not expanded here.
Step S250, the first device receives the first key fragment of the second device, and performs secret sharing operation on the first ciphertext fragment and the first key fragment to obtain first decryption information.
In the embodiment of the present application, the secret sharing operation includes secret multiplication and secret addition.
To obtain the first decryption information, referring to fig. 3, in one possible design, the step S250 may be implemented as the following steps:
step S251, the first device performs secret multiplication on the first ciphertext vector element of the first ciphertext fragment and the vector element of the first key fragment respectively;
step S252, performing secret addition calculation on the second ciphertext vector element of the first ciphertext fragment and each multiplication result, and constructing the first decryption information based on each secret addition calculation result.
It should be noted that, the secret sharing operation of the ciphertext fragment and the key fragment is performed completely following the calculation rule of the secret sharing operation, regardless of the number and structure of data specifically included in the ciphertext fragment and the key fragment.
The following describes a calculation rule of the secret addition calculation with a specific example. Specifically, in the secret addition calculation, the storage side a (i.e., the second device) is assumed to store the key for the homomorphic encryption, and the key stored by the storage side a is assumed to be an N-dimensional vector, specifically expressed as s = { s = } i Where i is less than N. Suppose that storage B (i.e., the first device) stores the ciphertext that has been encrypted homomorphically, storage B's ciphertext is assumed to be two N-dimensional vectors (a, B).
Based on this, the ciphertext is represented as a = { a = i },b={b i }. Based on the above assumption, the decryption result of the plaintext m is m = { m i }. Assume that the decryption result is obtained in the following manner: m is i =a i +b i ·s i
Based on the above assumptions, representing data of the storage party A, B by x and y respectively, first, a data information fragment shared by both parties is needed, that is, a key fragment x 0 Key sharding x 1 And ciphertext fragment y 0 Ciphertext fragment y 1 Wherein x = x 0 +x 1 ,y=y 0 +y 1 . Further, the storage A fragments the key x 1 (i.e., the first key fragment) to the storage B, and the storage B transmits the ciphertext fragment y 0 (i.e., the second ciphertext fragment) to storage a.
On the basis, the specific flow of secret addition calculation is that the storage party A divides the key into x 0 (i.e., second key fragment) and ciphertext fragment y 0 Adding, the storage side B divides the key into x 1 And ciphertext fragment y 1 (i.e., the first ciphertext fragment) to obtain respective addition result components z 0 And z 1 From this, it is obtained that the sum of the addition result components is equal to that of each of the storages A, BSum of data, i.e. z 0 +z 1 = x + y. Therefore, secret addition calculation can be realized through data information fragmentation.
The calculation rule of the secret multiplication calculation is explained as a specific example below. In secret multiplication calculation, taking the secret multiplication calculation flow shown in fig. 4 as an example, an additional multiplication triplet for auxiliary calculation needs to be introduced: (i, j, k), wherein the components in the multiplication triplet satisfy the following algebraic relationship: k = i · j. Furthermore, the multiplication ternary array is stored in the auxiliary calculator C and is issued to the two parties of the storage party A, B in a secret sharing mode, so that the storage party A has i 0 ,j 0 ,k 0 The storage party B has i 1 ,j 1 ,k 1 . Wherein the multiplication ternary array satisfies the following relationship: i = i 0 +i 1 ,j=j 0 +j 1 ,k=k 0 +k 1
Alternatively, in one possible design, referring to fig. 5, before step S251, a multiplication ternary array may be pre-constructed for improving the computational efficiency. Specifically, the multiplication ternary array is constructed in advance by the following steps S510 to S530:
step S510, randomly generating a ternary array as an original ternary array;
step S520, dividing the original ternary array to obtain the first multiplication ternary array and the second multiplication ternary array, wherein the preset algebraic relation is that the sum of the first multiplication ternary array and the second multiplication ternary array is the original ternary array;
step S530, sending the second multiplication ternary array to a second device.
It should be noted that the multiplication ternary array may also be pre-constructed by the second device or the first device, or constructed by another third-party device and then distributed to the first device and the second device, and the above-described obtaining manner is only an example.
Continuing with the example above, assume that the first multiplication tuple is held by (i) in the example above for storage B 1 ,j 1 ,k 1 ) Suppose a second multiplication tripletThe array is held by (i) in the above example by storage A 0 ,j 0 ,k 0 )。
On the basis of the multiplication ternary array, the storage parties A, B respectively carry out calculation to obtain e 0 =x 0 -i 0 ,e 1 =x 1 -i 1 ,f 0 =y 0 -j 0 ,f 1 =y 1 -j 1 And e is stored by the storage side A 0 ,f 0 Sending the data to a storage party B, and the storage party B sends e 1 ,f 1 Sending the data to a storage party A; thus, both storage A and storage B store e 0 ,f 0 ,e 1 And f 1 (ii) a Thus, the storage side A and the storage side B can calculate e = e 0 +e 1 =(x 0 -i 0 )+(x 1 -i 1 )=(x 0 +x 1 )-(i 0 +i 1 ) = x-i; similarly, the two depositors can also calculate: f = y-j.
Next, the storage A needs to calculate the first multiplication component r 0 =-e·f+y 0 ·e+x 0 ·f+k 0 The memory B calculates a second multiplication component r 1 =y 1 ·e+x 1 ·f+k 1 And, based on the first multiplication component and the second multiplication component, restoring the multiplication result in such a way that r is 0 +r 1 =x·y。
Based on the secret multiplication principle, in particular, in one possible design, the step S251 may be implemented to include the following steps:
step S2511, the first device performs preset processing on the first ciphertext vector element, the vector elements of the key fragment, and a first multiplication ternary array obtained in advance, to obtain a first multiplication component;
step S2512, the first device receives a second multiplication component of the second device, where the second multiplication component is obtained by the second device based on a third ciphertext vector element of the ciphertext fragment, a vector element of the key fragment, and a second multiplication triplet, and the first multiplication triplet and the second multiplication triplet satisfy a preset algebraic relationship;
in step S2513, the first device performs reduction processing on the vector elements of the first multiplication components and the vector elements of the second multiplication components, respectively, to obtain the multiplication results.
Step S260, the second device receives the second ciphertext fragment of the first device, and performs secret sharing operation on the second ciphertext fragment and the second key fragment to obtain second decryption information.
Step S270, the second device sends the second decryption information to the first device.
In step S280, the first device receives the second decryption information of the second device.
In step S290, the first device decrypts a target plaintext based on the first decryption information and the second decryption information.
Similar to the first device performing step S250, the second device may obtain the second decryption information by using a secret sharing operation, which is not expanded here. And the second equipment sends the second decryption information to the first equipment, so that the first decryption information and the second decryption information can be restored to a target plaintext through the first equipment according to the inverse process of data information fragmentation and cutting in the secret sharing technology.
In an optional implementation manner of S290, the vector elements of the first decryption information and the vector elements of the second decryption information are respectively subjected to reduction processing; and constructing the target plaintext based on each reduction processing result.
Continuing the previous assumption, assume that storage A (i.e., the second device) is used to store the homomorphic encrypted key, assuming that storage A stores the key as s = { s = { s } i }. Assume that the storage B (i.e., the first device) stores the homomorphically encrypted ciphertext as two N-dimensional vectors (a, B), specifically denoted as a = { a = { i },b={b i }。
Based on the above assumptions, it is possible to, assuming target plaintext M the decryption result is M = { M = i }. Assume that the decryption result is obtained in the following manner: m is i =a i +b i ·s i . Based on this, the firstThe decryption information is calculated by secret sharing multiplication B for the storage party B i ·s i Then, a is calculated by using secret sharing addition i +b i ·s i The first decryption result m obtained B . The second decryption information is calculated by secret sharing multiplication b for the storage party A i ·s i Then, a is calculated by using secret sharing addition i +b i ·s i The second decryption result m obtained A . The storage party B receives the second decryption result m of the storage party A A And is based on m B And m A Calculate each m i And constructing a target plaintext M.
According to the decryption method, the first device and the second device participate in secret sharing, the first device holds the ciphertext obtained through homomorphic encryption processing, and the second device holds the key for decrypting the ciphertext. The first device generates one or more ciphertext fragments of the ciphertext and sends the second ciphertext fragment to the second device, so that the second device obtains second decryption information by performing secret sharing operation on the second ciphertext fragment and the second key fragment. The first device receives a first key fragment generated by the second device based on the key, and performs secret sharing operation on the first ciphertext fragment and the first key fragment to obtain first decryption information. And finally, decrypting the target plaintext based on the first decryption information and the second decryption information. The embodiment of the application provides a ciphertext decryption mode based on secret sharing, and compared with a mode that decryption is performed by directly acquiring complete data information (such as a ciphertext or a secret key) held by an opposite side in the prior art, the ciphertext decryption process can be realized through secret sharing operation through data information fragments held by the opposite side, such as ciphertext fragments or secret key fragments, and since the data information fragments can not expose data information held by the data information fragments to the opposite side, leakage of the data information can be effectively avoided, related security risks caused by data leakage are reduced, and the security and privacy of the data information are greatly improved.
Having described the method of the embodiment of the present application, next, a decryption apparatus of the embodiment of the present application is described with reference to fig. 6.
The decryption apparatus 60 in the embodiment of the present application can implement the steps of the decryption method in the embodiment corresponding to the first device in fig. 2. The functions implemented by the decryption device 60 may be implemented by hardware, or may be implemented by hardware executing corresponding software. The hardware or software includes one or more modules corresponding to the above functions, which may be software and/or hardware. The decryption apparatus 60 may include a transceiver module 601 and a processing module 602, and the processing module 602 and the transceiver module 601 may refer to operations executed in the embodiment corresponding to fig. 2, which are not described herein again. For example, the processing module 602 may be used to control the data transceiving operation of the transceiving module 601.
In some embodiments, the processing module 602 is configured to generate one or more ciphertext fragments of the ciphertext;
the transceiver module 601 is further configured to send a second ciphertext fragment to a second device participating in secret sharing, where the second device holds a key for decrypting the ciphertext;
the transceiver module 601 is further configured to receive a first key fragment of the second device;
the processing module 602 is configured to perform secret sharing operation on a first ciphertext fragment and the first key fragment to obtain first decryption information, where the first key fragment is generated by the second device based on the key;
the transceiver module 601 is further configured to receive second decryption information of the second device, where the second decryption information is obtained by the second device after performing secret sharing operation on the second ciphertext fragment and the second key fragment;
the processing module 602 is configured to decrypt a target plaintext based on the first decryption information and the second decryption information.
In some embodiments, the secret sharing operation includes a secret multiplication calculation and a secret addition calculation;
the processing module 602, when performing secret sharing operation on the first ciphertext fragment and the first key fragment to obtain the first decryption information, is configured to:
carrying out secret multiplication calculation on a first ciphertext vector element of the first ciphertext fragment and a vector element of the first key fragment respectively; and carrying out secret addition calculation on the second ciphertext vector element of the first ciphertext fragment and each multiplication calculation result, and constructing the first decryption information based on each secret addition calculation result.
In some embodiments, the processing module 602, when performing secret multiplication on the first ciphertext vector element of the first ciphertext fragment and the vector element of the first key fragment, is configured to:
presetting the first ciphertext vector element, the vector elements of the first key fragment and a first multiplication ternary array obtained in advance to obtain a first multiplication operation component; respectively restoring the vector elements of the first multiplication operation component and the vector elements of the second multiplication operation component to obtain each multiplication calculation result;
the transceiver module 601 is further configured to receive a second multiplication operation component of the second device, where the second multiplication operation component is obtained by the second device based on a third ciphertext vector element of the second ciphertext fragment, a vector element of the second key fragment, and a second multiplication triplet, and the first multiplication triplet and the second multiplication triplet satisfy a preset algebraic relationship.
In some embodiments, the processing module 602 is further configured to: randomly generating a ternary array as an original ternary array before secret multiplication calculation is carried out on a first ciphertext vector element of the first ciphertext fragment and a vector element of the first key fragment; dividing the original ternary array to obtain the first multiplication ternary array and the second multiplication ternary array, wherein the preset algebraic relation is that the sum of the first multiplication ternary array and the second multiplication ternary array is the original ternary array;
the transceiver module 601 is further configured to send the second multiplication ternary array to a second device.
In some embodiments, the processing module 602, decrypting the target plaintext based on the first decryption information and the second decryption information, is configured to:
respectively restoring the vector elements of the first decryption information and the vector elements of the second decryption information; and constructing the target plaintext based on each reduction processing result.
In some embodiments, the processing module 602, generating one or more ciphertext fragments of the ciphertext, is configured to:
randomly generating first data as a first ciphertext fragment of the ciphertext;
and segmenting a second ciphertext fragment from the ciphertext based on the first ciphertext fragment.
The decryption apparatus according to the embodiment of the present application may be applied to the first device in a homomorphic encryption scenario. In a homomorphic encryption scene, the first device and the second device participate in secret sharing, the first device holds a ciphertext obtained through homomorphic encryption processing, and the second device holds a key for decrypting the ciphertext. In the decryption device, a transceiver module sends a second ciphertext fragment to a second device participating in secret sharing, and the second device holds a key for decrypting the ciphertext; the transceiver module is used for receiving a first key fragment of the second device; the processing module performs secret sharing operation on the first ciphertext fragment and the first key fragment to obtain first decryption information, and the first key fragment is generated by the second device based on a key; receiving second decryption information of the second device, wherein the second decryption information is obtained by the second device through secret sharing operation on the second ciphertext fragment and the second key fragment; the processing module decrypts the target plaintext based on the first decryption information and the second decryption information. The embodiment of the application provides a ciphertext decryption mode based on secret sharing, and compared with a mode that decryption is performed by directly acquiring complete data information (such as a ciphertext or a secret key) held by an opposite side in the prior art, the ciphertext decryption process can be realized through secret sharing operation through data information fragments held by the opposite side, such as ciphertext fragments or secret key fragments, and since the data information fragments can not expose data information held by the data information fragments to the opposite side, leakage of the data information can be effectively avoided, related security risks caused by data leakage are reduced, and the security and privacy of the data information are greatly improved.
Next, with continuing reference to fig. 6, another decryption apparatus associated with the second device is further provided in the embodiments of the present application, and the decryption apparatus is described below.
The decryption apparatus 60 in the embodiment of the present application can implement the steps of the decryption method in the embodiment corresponding to the second device in fig. 2. The functions implemented by the decryption device 60 may be implemented by hardware, or may be implemented by hardware executing corresponding software. The hardware or software includes one or more modules corresponding to the above functions, which may be software and/or hardware. The decryption apparatus 60 may include a transceiver module 601 and a processing module 602, and the processing module 602 and the transceiver module 601 may refer to operations performed in the embodiment corresponding to fig. 2 for realizing functions of the transceiver module 601, which are not described herein again. For example, the processing module 602 may be used to control the data transceiving operation of the transceiving module 601.
In some embodiments, the processing module 602 is configured to generate one or more key fragments of the key;
the transceiver module 601 is configured to send a first key fragment to a first device participating in secret sharing, where the first device holds a ciphertext obtained through homomorphic encryption processing;
the transceiver module 601 is further configured to receive a second ciphertext fragment of the first device;
the processing module 602 is further configured to perform secret sharing operation on the second ciphertext fragment and a second key fragment to obtain second decryption information, where the second ciphertext fragment is generated by the first device based on the ciphertext;
the transceiver module 601 is further configured to send the second decryption information to the first device, so that the first device decrypts a target plaintext based on the second decryption information and the first key fragment.
The decryption apparatus of the embodiment of the application can be applied to the second device in the homomorphic encryption scene. In a homomorphic encryption scene, the first device and the second device participate in secret sharing, the first device holds a ciphertext obtained through homomorphic encryption processing, and the second device holds a key for decrypting the ciphertext. In the decryption device, a processing module generates one or more key fragments of a key; the receiving and transmitting module sends the first key fragment to a first device participating in secret sharing, and the first device holds a ciphertext obtained through homomorphic encryption processing; the receiving and transmitting module receives a second ciphertext fragment of the first device; the processing module performs secret sharing operation on the second ciphertext fragment and the second key fragment to obtain second decryption information, and the second ciphertext fragment is generated by the first device based on the ciphertext; and the transceiver module sends the second decryption information to the first device, so that the first device decrypts the target plaintext based on the second decryption information and the first key fragment. Compared with the prior art in which a decryption mode needs to be directly obtained for complete data information (such as a ciphertext or a secret key) held by the other party, the ciphertext decryption method based on secret sharing can achieve the ciphertext decryption process through secret sharing operation through data information fragments (such as ciphertext fragments or secret key fragments) held by the other party, and because the data information fragments do not expose data information held by the data information fragments to the other party, leakage of the data information can be effectively avoided, related security risks caused by data leakage are reduced, and the safety and privacy of the data information are greatly improved.
Having described the method and apparatus of the embodiments of the present application, a computer-readable storage medium of the embodiments of the present application is described, which may be an optical disc having a computer program (i.e., a program product) stored thereon, where the computer program, when executed by a processor, implements the steps described in the above method embodiments, for example, obtains a first feature; constructing a first ciphertext based on the first characteristic, wherein the first ciphertext is obtained by homomorphic encryption based on a first plaintext polynomial and a first preset key, the first preset key is constructed based on a key polynomial, and the first plaintext polynomial is constructed by taking each characteristic value in the first characteristic as a coefficient; acquiring a second ciphertext, wherein the second ciphertext is constructed based on a second characteristic, and the data structure of the second ciphertext is the same as that of the first ciphertext; constructing a first vector based on the first ciphertext and the second ciphertext; acquiring a second vector, and performing inner product calculation on the first vector and the second vector to obtain a target polynomial; and the target polynomial is used for acquiring the identification similarity of the second characteristic and the first characteristic associated with the target polynomial. The specific implementation of each step is not repeated here.
It should be noted that examples of the computer-readable storage medium may also include, but are not limited to, a phase change memory (PRAM), a Static Random Access Memory (SRAM), a Dynamic Random Access Memory (DRAM), other types of Random Access Memories (RAM), a Read Only Memory (ROM), an Electrically Erasable Programmable Read Only Memory (EEPROM), a flash memory, or other optical and magnetic storage media, which are not described in detail herein.
The decryption apparatus 60 in the embodiment of the present application is described above from the perspective of a modular functional entity, and the server and the terminal device that execute the decryption method in the embodiment of the present application are described below from the perspective of hardware processing.
It should be noted that, in the embodiment of the decryption apparatus of the present application, the entity device corresponding to the transceiver module 601 shown in fig. 6 may be an input/output unit, a transceiver, a radio frequency circuit, a communication module, an input/output (I/O) interface, and the like, and the entity device corresponding to the processing module 602 may be a processor. The decryption apparatus 60 shown in fig. 6 may have a structure as shown in fig. 7, when the decryption apparatus 60 shown in fig. 6 has a structure as shown in fig. 7, the processor and the transceiver in fig. 7 can implement the same or similar functions of the processing module 602 and the transceiver module 601 provided in the embodiment of the apparatus corresponding to the apparatus, and the memory in fig. 7 stores a computer program that the processor needs to call when executing the decryption method.
As shown in fig. 8, for convenience of description, only the portions related to the embodiments of the present application are shown, and details of the specific technology are not disclosed, please refer to the method portion of the embodiments of the present application. The terminal device may be any terminal device including a mobile phone, a tablet computer, a Personal Digital Assistant (PDA), a Point of Sales (POS), a vehicle-mounted computer, and the like, taking the terminal device as the mobile phone as an example:
fig. 8 is a block diagram illustrating a partial structure of a mobile phone related to a terminal device provided in an embodiment of the present application. Referring to fig. 8, the handset includes: radio Frequency (RF) circuit 1010, memory 1020, input unit 1030, display unit 1040, sensor 1050, audio circuit 1060, wireless fidelity (WiFi) module 1070, processor 1080, and power source 1090. Those skilled in the art will appreciate that the handset configuration shown in fig. 8 is not intended to be limiting and may include more or fewer components than those shown, or some components may be combined, or a different arrangement of components.
The following specifically describes each component of the mobile phone with reference to fig. 8:
RF circuit 1010 may be used for receiving and transmitting signals during information transmission and reception or during a call, and in particular, for processing downlink information of a base station after receiving the downlink information to processor 1080; in addition, the data for designing uplink is transmitted to the base station. In general, the RF circuit 1010 includes, but is not limited to, an antenna, at least one amplifier, a transceiver, a coupler, a Low Noise Amplifier (LNA), a duplexer, and the like. In addition, the RF circuitry 1010 may communicate with networks and other devices via wireless communications. The wireless communication may use any communication standard or protocol, including but not limited to global system for Mobile communications (GSM), general Packet Radio Service (GPRS), code Division Multiple Access (CDMA), wideband Code Division Multiple Access (WCDMA), long Term Evolution (LTE), email, short Messaging Service (SMS), and the like.
The memory 1020 can be used for storing software programs and modules, and the processor 1080 executes various functional applications and data processing of the mobile phone by operating the software programs and modules stored in the memory 1020. The memory 1020 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required by at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may store data (such as audio data, a phonebook, etc.) created according to the use of the cellular phone, and the like. Further, the memory 1020 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device.
The input unit 1030 may be used to receive input numeric or character information and generate key signal inputs related to user settings and function control of the cellular phone. Specifically, the input unit 1030 may include a touch panel 1031 and other input devices 1032. The touch panel 1031, also referred to as a touch screen, may collect touch operations by a user (e.g., operations by a user on or near the touch panel 1031 using any suitable object or accessory such as a finger, a stylus, etc.) and drive corresponding connection devices according to a preset program. Alternatively, the touch panel 1031 may include two parts, a touch detection device and a touch controller. The touch detection device detects the touch direction of a user, detects a signal brought by touch operation and transmits the signal to the touch controller; the touch controller receives touch information from the touch sensing device, converts the touch information into touch point coordinates, and sends the touch point coordinates to the processor 1080, and can receive and execute commands sent by the processor 1080. In addition, the touch panel 1031 may be implemented by various types such as a resistive type, a capacitive type, an infrared ray, and a surface acoustic wave. The input unit 1030 may include other input devices 1032 in addition to the touch panel 1031. In particular, other input devices 1032 may include, but are not limited to, one or more of a physical keyboard, function keys (e.g., volume control keys, switch keys, etc.), a track ball, a mouse, a joystick, and the like.
The display unit 1040 may be used to display information input by a user or information provided to the user and various menus of the cellular phone. The display unit 1040 may include a display panel 1041, and optionally, the display panel 1041 may be configured in the form of a Liquid Crystal Display (LCD), an Organic Light-Emitting Diode (OLED), or the like. Further, the touch panel 1031 can cover the display panel 1041, and when the touch panel 1031 detects a touch operation on or near the touch panel 1031, the touch operation is transferred to the processor 1080 to determine the type of the touch event, and then the processor 1080 provides a corresponding visual output on the display panel 1041 according to the type of the touch event. Although in fig. 8, the touch panel 1031 and the display panel 1041 are two separate components to implement the input and output functions of the mobile phone, in some embodiments, the touch panel 1031 and the display panel 1041 may be integrated to implement the input and output functions of the mobile phone.
The handset may also include at least one sensor 1050, such as a light sensor, motion sensor, and other sensors. Specifically, the light sensor may include an ambient light sensor and a proximity sensor, wherein the ambient light sensor may adjust the brightness of the display panel 1041 according to the brightness of ambient light, and the proximity sensor may turn off the display panel 1041 and/or the backlight when the mobile phone moves to the ear. As one of the motion sensors, the accelerometer sensor can detect the magnitude of acceleration in each direction (generally, three axes), can detect the magnitude and direction of gravity when stationary, and can be used for applications of recognizing the gesture of the mobile phone (such as horizontal and vertical screen switching, related games, magnetometer gesture calibration), vibration recognition related functions (such as pedometer and tapping), and the like; as for other sensors such as a gyroscope, a barometer, a hygrometer, a thermometer, and an infrared sensor, which can be configured on the mobile phone, further description is omitted here.
Audio circuitry 1060, speaker 1061, and microphone 1062 may provide an audio interface between a user and a cell phone. The audio circuit 1060 can transmit the electrical signal converted from the received audio data to the speaker 1061, and the electrical signal is converted into a sound signal by the speaker 1061 and output; on the other hand, the microphone 1062 converts the collected sound signal into an electrical signal, which is received by the audio circuit 1060 and converted into audio data, which is then processed by the audio data output processor 1080 and then sent to, for example, another cellular phone via the RF circuit 1010, or output to the memory 1020 for further processing.
WiFi belongs to short-distance wireless transmission technology, and the mobile phone can help the user to send and receive e-mail, browse web pages, access streaming media, etc. through the WiFi module 1070, which provides wireless broadband internet access for the user. Although fig. 8 shows the WiFi module 1070, it is understood that it does not belong to the essential constitution of the handset, and can be omitted entirely as needed within the scope not changing the essence of the invention.
The processor 1080 is a control center of the mobile phone, connects various parts of the whole mobile phone by using various interfaces and lines, and executes various functions of the mobile phone and processes data by operating or executing software programs and/or modules stored in the memory 1020 and calling data stored in the memory 1020, thereby integrally monitoring the mobile phone. Optionally, processor 1080 may include one or more processing units; optionally, processor 1080 may integrate an application processor, which primarily handles operating systems, user interfaces, application programs, etc., and a modem processor, which primarily handles wireless communications. It is to be appreciated that the modem processor described above may not be integrated into processor 1080.
The handset also includes a power source 1090 (e.g., a battery) for powering the various components, which may optionally be logically coupled to the processor 1080 via a power management system to manage charging, discharging, and power consumption via the power management system.
Although not shown, the mobile phone may further include a camera, a bluetooth module, etc., which are not described herein.
In the embodiment of the present application, the processor 1080 included in the mobile phone further has a method flow of controlling the above-mentioned obtaining of the target polynomial based on the first feature of the input executed by the decryption device.
Fig. 9 is a schematic diagram of a server 1100 according to an embodiment of the present application, where the server 1100 may have a relatively large difference due to different configurations or performances, and may include one or more Central Processing Units (CPUs) 1122 (e.g., one or more processors) and a memory 1132, and one or more storage media 1130 (e.g., one or more mass storage devices) for storing applications 1142 or data 1144. Memory 1132 and storage media 1130 may be, among other things, transient storage or persistent storage. The program stored on the storage medium 1130 may include one or more modules (not shown), each of which may include a series of instruction operations for the server. Still further, the central processor 1122 may be provided in communication with the storage medium 1130 to execute a sequence of instruction operations in the storage medium 1130 on the server 1100.
The Server 1100 may also include one or more power supplies 1120, one or more wired or wireless network interfaces 1150, one or more input-output interfaces 1158, and/or one or more operating systems 1141, such as Windows Server, mac OS X, unix, linux, freeBSD, etc.
The steps performed by the server in the above embodiment may be based on the structure of the server 1100 shown in fig. 9. For example, the steps performed by the decryption apparatus 60 shown in fig. 9 in the above-described embodiment may be based on the server configuration shown in fig. 9. For example, the central processor 1122, by calling instructions in the memory 1132, performs the following operations:
generating one or more ciphertext fragments of the ciphertext;
sending a second ciphertext fragment to a second device participating in secret sharing through an input-output interface 1158, where the second device holds a key for decrypting the ciphertext;
receiving a first key fragment of the second device through an input/output interface 1158, and performing secret sharing operation on a first ciphertext fragment and the first key fragment to obtain first decryption information, where the key fragment is generated by the second device based on the key;
receiving second decryption information of the second device through an input/output interface 1158, where the second decryption information is obtained by the second device through secret sharing operation on the second ciphertext fragment and the second key fragment;
and decrypting out the target plaintext based on the first decryption information and the second decryption information.
Alternatively, the central processing unit 1122, by calling the instructions in the memory 1132, performs the following operations:
generating one or more key fragments of the key;
sending the first key fragment to a first device participating in secret sharing through an input/output interface 1158, wherein the first device holds a ciphertext obtained through homomorphic encryption processing;
receiving a second ciphertext fragment of the first device through an input/output interface 1158, and performing secret sharing operation on the second ciphertext fragment and a second key fragment to obtain second decryption information, where the second ciphertext fragment is generated by the first device based on the ciphertext;
sending the second decryption information to the first device through an input/output interface 1158, so that the first device decrypts a target plaintext based on the second decryption information and the first key fragment.
In the foregoing embodiments, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
It can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working processes of the system, the apparatus and the module described above may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided in the embodiments of the present application, it should be understood that the disclosed system, apparatus, and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the modules is only one logical functional division, and other divisions may be realized in practice, for example, a plurality of modules or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or modules, and may be in an electrical, mechanical or other form.
The modules described as separate parts may or may not be physically separate, and parts displayed as modules may or may not be physical modules, may be located in one position, or may be distributed on a plurality of network modules. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment.
In addition, functional modules in the embodiments of the present application may be integrated into one processing module, or each module may exist alone physically, or two or more modules are integrated into one module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. The integrated module, if implemented in the form of a software functional module and sold or used as a stand-alone product, may be stored in a computer readable storage medium.
In the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product.
The computer program product includes one or more computer instructions. The procedures or functions described in accordance with the embodiments of the present application are generated in whole or in part when the computer program is loaded and executed on a computer. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, from one website site, computer, server, or data center to another website site, computer, server, or data center via wired (e.g., coaxial cable, fiber optic, digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that a computer can store or a data storage device, such as a server, a data center, etc., that is integrated with one or more available media. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., solid State Disk (SSD)), among others.
The technical solutions provided by the embodiments of the present application are introduced in detail, and the principles and implementations of the embodiments of the present application are explained by applying specific examples in the embodiments of the present application, and the descriptions of the embodiments are only used to help understanding the method and core ideas of the embodiments of the present application; meanwhile, for a person skilled in the art, according to the idea of the embodiment of the present application, the specific implementation manner and the application range may be changed, and in conclusion, the content of the present specification should not be construed as a limitation to the embodiment of the present application.

Claims (10)

1. A decryption method, the method being applied to a first device participating in secret sharing, the first device holding a ciphertext obtained through a homomorphic encryption process, the method comprising:
generating one or more ciphertext fragments of the ciphertext;
sending a second ciphertext fragment to a second device participating in secret sharing, wherein the second device holds a key for decrypting the ciphertext;
receiving a first key fragment of the second device, and performing secret sharing operation on a first ciphertext fragment and the first key fragment to obtain first decryption information, wherein the first key fragment is generated by the second device based on the key;
receiving second decryption information of the second device, where the second decryption information is obtained by the second device through secret sharing operation on the second ciphertext fragment and the second key fragment;
and decrypting out the target plaintext based on the first decryption information and the second decryption information.
2. The method of claim 1, wherein the secret sharing operation comprises a secret multiplication calculation and a secret addition calculation;
the secret sharing operation is performed on the first ciphertext fragment and the first key fragment to obtain first decryption information, and the secret sharing operation includes:
carrying out secret multiplication calculation on a first ciphertext vector element of the first ciphertext fragment and a vector element of the first key fragment respectively;
and carrying out secret addition calculation on the second ciphertext vector element of the first ciphertext fragment and each multiplication calculation result, and constructing the first decryption information based on each secret addition calculation result.
3. The method of claim 2, wherein the secret multiplication of the first ciphertext vector element of the first ciphertext fragment and the vector element of the first key fragment, respectively, comprises:
presetting the first ciphertext vector element, the vector elements of the first key fragment and a first multiplication ternary array obtained in advance to obtain a first multiplication operation component;
receiving a second multiplication operation component of the second device, where the second multiplication operation component is obtained by the second device based on a third ciphertext vector element of the second ciphertext fragment, a vector element of the second key fragment, and a second multiplication ternary array, and the first multiplication ternary array and the second multiplication ternary array satisfy a preset algebraic relationship;
and respectively carrying out reduction processing on the vector elements of the first multiplication operation component and the vector elements of the second multiplication operation component to obtain each multiplication calculation result.
4. The method of claim 3, wherein prior to performing the secret multiplication on the first ciphertext vector element of the first ciphertext fragment and the vector element of the first key fragment, respectively, further comprising:
randomly generating a ternary array as an original ternary array;
dividing the original ternary array to obtain the first multiplication ternary array and the second multiplication ternary array, wherein the preset algebraic relationship is that the sum of the first multiplication ternary array and the second multiplication ternary array is the original ternary array;
and sending the second multiplication ternary array to a second device.
5. The method of claim 1, wherein said decrypting the target plaintext based on the first decryption information and the second decryption information comprises:
respectively restoring the vector elements of the first decryption information and the vector elements of the second decryption information;
and constructing the target plaintext based on each reduction processing result.
6. A decryption method adapted for a second device participating in secret sharing, the second device holding a key for decrypting a homomorphic encrypted ciphertext, the method comprising:
generating one or more key fragments of the key;
sending a first key fragment to a first device participating in secret sharing, wherein the first device holds a ciphertext obtained through homomorphic encryption processing;
receiving a second ciphertext fragment of the first device, and performing secret sharing operation on the second ciphertext fragment and a second key fragment to obtain second decryption information, wherein the second ciphertext fragment is generated by the first device based on the ciphertext;
and sending the second decryption information to the first device, so that the first device decrypts a target plaintext based on the second decryption information and the first key fragment.
7. A decryption apparatus adapted to participate in a secret sharing by a first device that holds a ciphertext obtained through a homomorphic encryption process, the apparatus comprising:
a processing module configured to generate one or more ciphertext fragments of the ciphertext;
a transceiver module configured to transmit a second ciphertext fragment to a second device participating in secret sharing, where the second device holds a key for decrypting the ciphertext;
the transceiver module is further configured to receive a first key fragment of the second device;
the processing module is further configured to perform secret sharing operation on a first ciphertext fragment and the first key fragment to obtain first decryption information, where the first key fragment is generated by the second device based on the key;
the transceiver module is further configured to receive second decryption information of the second device, where the second decryption information is obtained by the second device after performing secret sharing operation on the second ciphertext fragment and the second key fragment;
the processing module is further configured to decrypt a target plaintext based on the first decryption information and the second decryption information.
8. A decryption apparatus, the apparatus being adapted to a second device participating in secret sharing, the second device holding a key for decrypting a homomorphic encrypted ciphertext, the apparatus comprising:
a processing module configured to generate one or more key fragments of the key;
the device comprises a receiving and sending module, a sending and receiving module and a sending and receiving module, wherein the receiving and sending module is configured to send a first key fragment to a first device participating in secret sharing, and the first device holds a ciphertext obtained through homomorphic encryption processing;
the transceiver module is further configured to receive a second ciphertext fragment of the first device;
the processing module is further configured to perform secret sharing operation on the second ciphertext fragment and a second key fragment to obtain second decryption information, wherein the second ciphertext fragment is generated by the first device based on the ciphertext;
the transceiver module is further configured to send the second decryption information to the first device, so that the first device decrypts a target plaintext based on the second decryption information and the first key fragment.
9. A computing device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the method of any one of claims 1-5 when executing the computer program or the processor implements the method of claim 6 when executing the computer program.
10. A computer-readable storage medium comprising instructions that, when executed on a computer, cause the computer to perform the method of any one of claims 1-5, or cause the computer to perform the method of claim 6.
CN202211205793.1A 2022-09-30 2022-09-30 Decryption method, related device and storage medium Pending CN115589281A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211205793.1A CN115589281A (en) 2022-09-30 2022-09-30 Decryption method, related device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211205793.1A CN115589281A (en) 2022-09-30 2022-09-30 Decryption method, related device and storage medium

Publications (1)

Publication Number Publication Date
CN115589281A true CN115589281A (en) 2023-01-10

Family

ID=84772758

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211205793.1A Pending CN115589281A (en) 2022-09-30 2022-09-30 Decryption method, related device and storage medium

Country Status (1)

Country Link
CN (1) CN115589281A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117353919A (en) * 2023-12-01 2024-01-05 卓望数码技术(深圳)有限公司 Data security storage method and system based on secret key sharing algorithm

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117353919A (en) * 2023-12-01 2024-01-05 卓望数码技术(深圳)有限公司 Data security storage method and system based on secret key sharing algorithm
CN117353919B (en) * 2023-12-01 2024-03-26 卓望数码技术(深圳)有限公司 Data security storage method and system based on secret key sharing algorithm

Similar Documents

Publication Publication Date Title
CN113395159B (en) Data processing method based on trusted execution environment and related device
CN110545190A (en) signature processing method, related device and equipment
WO2019148397A1 (en) Storage of decomposed sensitive data in different application environments
CN114978512B (en) Privacy intersection method and device and readable storage medium
CN108292347A (en) A kind of user property matching process and terminal
CN114973351A (en) Face recognition method, device, equipment and storage medium
CN114553612B (en) Data encryption and decryption method and device, storage medium and electronic equipment
CN116541865A (en) Password input method, device, equipment and storage medium based on data security
CN115589281A (en) Decryption method, related device and storage medium
CN114547082A (en) Data aggregation method, related device, equipment and storage medium
CN115270163B (en) Data processing method, related device and storage medium
CN109766705B (en) Circuit-based data verification method and device and electronic equipment
CN112231768B (en) Data processing method and device, computer equipment and storage medium
CN114758388A (en) Face recognition method, related device and storage medium
CN115549889A (en) Decryption method, related device and storage medium
CN110190947B (en) Information encryption and decryption method, terminal and computer readable storage medium
CN114629649B (en) Data processing method and device based on cloud computing and storage medium
CN114821751B (en) Image recognition method, device, system and storage medium
CN115801308B (en) Data processing method, related device and storage medium
CN109743289B (en) Data verification method and device based on neural network and electronic equipment
CN116257657B (en) Data processing method, data query method, related device and storage medium
CN117955811B (en) Data processing method, device, computer equipment and storage medium
CN117955732B (en) Data processing method and related device
CN115865309A (en) Data processing method and related device
CN114389825B (en) Data communication method based on block chain and related device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination