CN115603890A - Privacy calculation device and privacy calculation method - Google Patents

Privacy calculation device and privacy calculation method Download PDF

Info

Publication number
CN115603890A
CN115603890A CN202211072198.5A CN202211072198A CN115603890A CN 115603890 A CN115603890 A CN 115603890A CN 202211072198 A CN202211072198 A CN 202211072198A CN 115603890 A CN115603890 A CN 115603890A
Authority
CN
China
Prior art keywords
privacy
data
logic
calculation
processing unit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211072198.5A
Other languages
Chinese (zh)
Inventor
邹银超
秦承刚
杜少华
孔金灿
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alipay Hangzhou Information Technology Co Ltd
Original Assignee
Alipay Hangzhou Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alipay Hangzhou Information Technology Co Ltd filed Critical Alipay Hangzhou Information Technology Co Ltd
Priority to CN202211072198.5A priority Critical patent/CN115603890A/en
Publication of CN115603890A publication Critical patent/CN115603890A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/008Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The embodiment of the specification provides a privacy computing device and a privacy computing method based on the privacy computing device, and according to the technical idea of the embodiment of the specification, a privacy computing module is provided for related equipment in various service scenes related to privacy data processing. The privacy computation module can encapsulate encryption and decryption customized according to business needs or integrated algorithms such as homomorphic encryption acceleration, semi-homomorphic acceleration and customized ciphertext acceleration in advance, and provide a data interface on hardware and application interfaces API corresponding to various algorithms for the outside. The equipment for processing the privacy related business can be directly provided with the privacy computing device, the equipment for processing the privacy related business transmits data to the privacy computing device through a high-speed data interface, the privacy computing device completes related computation through corresponding computing logic, and a computing result is fed back. The technical concept can reduce the data processing pressure of the equipment and improve the service processing efficiency.

Description

Privacy calculation device and privacy calculation method
Technical Field
One or more embodiments of the present disclosure relate to the field of secure computing technology, and more particularly, to a privacy computing device and a privacy computing method.
Background
The concept of homomorphic encryption was first proposed by Rivest et al in 1978, and then became an open problem in the cryptology community, some scholars have successively studied homomorphic encryption algorithms satisfying multiplication or addition, and have also proposed homomorphic passwords capable of satisfying multiplication and addition for a limited number of times, until 2009 Gentry constructs the first fully homomorphic encryption scheme, and the problem puzzling the cryptology community for more than 30 years is solved. Fully Homomorphic Encryption (FHE) is considered as a better method for solving the security of cloud computing, user data is encrypted by using a fully homomorphic encryption scheme, and a ciphertext is sent to a cloud end, so that the cloud end can perform operations such as retrieval and comparison without decryption, and the risk of data leakage of a data storage party is avoided. The fully homomorphic encryption scheme has relatively high computational complexity, has high requirements on the device processing capacity of a data processing party, and may cause a computational bottleneck of private computation.
Disclosure of Invention
One or more embodiments of the present specification describe a privacy computing apparatus and a privacy computing method to solve one or more of the problems mentioned in the background.
According to a first aspect, there is provided a privacy computing apparatus, the apparatus comprising at least one processing unit, a data interface, a storage unit; wherein:
the data interface is used for being connected with external equipment which carries out corresponding business processing on the private data so as to interact data with the external equipment through a high-speed link protocol;
the processing unit is used for executing corresponding calculation logic to obtain a corresponding privacy calculation result based on the privacy calculation request under the condition that the privacy calculation request sent by the external equipment is received through the data interface, so that the corresponding privacy calculation result can be fed back to the external equipment through the data interface, and the calculation logic is execution logic for executing at least one privacy calculation operation of homomorphic encryption acceleration, semi-homomorphic acceleration, customized ciphertext acceleration and encryption and decryption on privacy data for acceleration;
the storage unit is used for storing at least one of an intermediate result generated in the process of processing the data to be processed, the data to be processed received from the server and an encryption calculation result to be sent to the server.
In one embodiment, the homomorphic encryption accelerated computing logic comprises one or more of the following fully homomorphic encryption algorithms implemented by a fully homomorphic encryption module: plain and cipher text multiplication, a key exchange algorithm, a number theory conversion circuit and a shelling circuit.
In one embodiment, the computational logic for semi-homomorphic encryption comprises one or more of the following semi-homomorphic encryption algorithms: the addition homomorphic encryption algorithm Paillier, the asymmetric encryption algorithm Elgmal based on the Diffie-Hellman key exchange, and the multiplication homomorphic encryption algorithm RAS.
In one embodiment, the customized ciphertext accelerated computing logic comprises an integrated algorithm based on fully homomorphic encryption and/or a versioned secret algorithm.
In one embodiment, each computational logic allocates computational resources of the processing units in a predetermined proportion.
In one embodiment, the processing unit is implemented by at least one of a central processing unit CPU, an application specific integrated circuit ASIC, a field programmable gate array FPGA, and: in the case where the processing unit is an application specific integrated circuit, ASIC, the computational logic is implemented by circuitry that is cured on the ASIC; in the case where the processing unit is implemented by a field programmable gate array, FPGA, the computational logic is provided by the processing unit; in case the processing unit is implemented by a central processing unit CPU, the computational logic is provided by the memory unit.
In one embodiment, the high-speed connection protocol corresponding to the data interface is one of a PCIe protocol as a PCIe standard and a CXL (new interconnect protocol).
According to a second aspect, there is provided a privacy calculation method for performing privacy protection-based data processing based on the apparatus provided in the first aspect, the method comprising: receiving a privacy processing request sent by an external device through a data interface, wherein the privacy processing request is a calling request aiming at a first computing logic and comprises input parameters of the first computing logic called by the privacy processing request; calling the first calculation logic by the processing unit according to the privacy processing request, so as to perform corresponding privacy calculation on the input parameters and obtain at least one calculation result; and feeding back the calculation result to external equipment through a data interface.
In one embodiment, the input parameter is at least one of a ciphertext or an plaintext.
In one embodiment, in a case where the calculation result includes an intermediate calculation result, the method further includes: feeding back the intermediate result to an external device, and receiving exchange data determined based on the intermediate result or data to be processed selected from the intermediate result from the external device; and continuing to execute the first calculation logic according to the exchange data or the data to be processed.
In one embodiment, in a case that the calculation result is a final result, the feeding back the calculation result to the external device through the data interface further includes: calling a decryption logic to decrypt the calculation result through the processing unit; and feeding back the decrypted plaintext result to the external equipment.
Through the device and the method provided by the embodiment of the specification, a privacy calculation module is provided for relevant equipment in various service scenes relevant to privacy data processing. The privacy computation module can encapsulate encryption and decryption customized according to business needs or integrated algorithms such as homomorphic encryption acceleration, semi-homomorphic acceleration and customized ciphertext acceleration in advance, and provide a data interface on hardware and application interfaces API corresponding to various algorithms for the outside. Therefore, the equipment for processing the privacy related business can be directly configured with the privacy calculation module, the learning pressure and the skill requirement of developers are reduced, and the labor cost is saved. The device for processing the related privacy related service transmits the data to the privacy calculation module through the high-speed data interface, and the privacy calculation module completes the related calculation through the corresponding calculation logic and feeds back the calculation result, so that the data processing pressure of the device for processing the related privacy related service is reduced, and the service processing efficiency is improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
FIG. 1 illustrates a specific application architecture diagram of a privacy computing device, according to one embodiment;
FIG. 2 illustrates a block diagram of an implementation-specific form factor of a privacy computing device, according to one embodiment;
FIG. 3 illustrates a physical topology diagram of a privacy computing device, according to one embodiment;
FIG. 4 illustrates a logical topology diagram of a logical compute unit in a privacy computing device, according to one embodiment;
fig. 5 shows a flowchart of a privacy calculation method using the privacy calculation apparatus provided in the present specification.
Detailed Description
The technical solution provided in the present specification is described below with reference to the accompanying drawings.
With the development of big data technology, privacy protection is more and more emphasized. Scenarios involving privacy protection are for example: a multi-party safety calculation scene, a data uploading block chain scene, a telephone information protection scene in express delivery and the like. Taking a telephone information protection scene in express delivery as an example, if names and mobile phone numbers of a delivery person and a recipient are recorded on an express delivery bill through plaintext, personal privacy is easily leaked, and if the information is maliciously utilized by people, immeasurable loss is brought. In a multi-party security computing scenario, a plurality of data parties may jointly perform certain business processing, but each data party may consider reluctant to reveal local data due to peer competition and the like. Homomorphic encryption can handle these privacy protection issues well. Homomorphic encryption is a cryptographic technique based on the theory of computational complexity of mathematical problems. The homomorphic encrypted data is processed to produce an output, which is decrypted, the result being the same as the output obtained by processing the unencrypted original data in the same way. Homomorphic encryption has wide application in a variety of scenarios.
Homomorphic encryption is classified into fully homomorphic encryption and semi-homomorphic encryption. An encryption algorithm that satisfies limited operational homomorphism but does not satisfy arbitrary operational homomorphism is referred to as semi-homomorphic encryption. Typical semi-homomorphic encryption characteristics include multiplicative homomorphs, additive homomorphs, a limited number of full homomorphs, and the like. Examples of multiplicative homomorphic encryption methods are: RSA algorithm, elGamal algorithm, etc., and the addition homomorphic encryption algorithm is, for example, paillier algorithm, etc. An encryption algorithm that satisfies any computational homomorphism is called fully homomorphic encryption. Since any computation can be constructed by the addition and multiplication gate circuits, the encryption algorithm is said to satisfy the fully homomorphic characteristic as long as the multiplication homomorphic characteristic and the addition homomorphic characteristic are simultaneously satisfied. Examples of the homomorphic encryption algorithm include a BGV scheme, a BFV scheme, a CKKS scheme, and the like.
Homomorphic encryption has a wide application range and higher computational complexity. Homomorphic encryption has certain professional requirements on computer equipment computing power and algorithm developers. Therefore, it is difficult to perform calculation by homomorphic encryption in various application scenarios. To this end, the present specification proposes a hardware-assisted device based solution, implemented by a privacy computing means based on homomorphic encryption.
The privacy computing device is used as a hardware device and is connected with other computing devices through built-in encryption and decryption algorithms related to homomorphic encryption, and auxiliary computing related to homomorphic encryption is provided. Fig. 1 shows an application scenario of the privacy computing device. In the application scenario illustrated in fig. 1, the privacy computing device may be used in a server of a data center. The data center can be a data storage center, a data processing center, and the like, such as a participant who holds training data for multi-party secure computation, an express delivery data processing server, and the like. As shown in fig. 1, a server device of a data center may include a CPU processor, a memory, and a data storage unit. As is readily understood by those skilled in the art, the CPU is responsible for operations and processing, and the memory is responsible for data exchange, which corresponds to the data access channel of the CPU. The instructions sent by the application process to the CPU, the data contained in the instructions, and the processing results after the CPU completes processing may be temporarily stored in the memory cache. The privacy computing device provided in this specification may be connected to a CPU of a data center server in an application scenario shown in fig. 1, and when the data center server performs operations related to homomorphic encryption, the CPU may transmit related data to the privacy computing device, and the privacy computing device performs related computations using a homomorphic encryption algorithm, and feeds back a computation result to a related process executed by the CPU of the data center server.
Therefore, on one hand, the CPU computing pressure of the data center server can be shared, and on the other hand, the development and learning cost of the data center server for homomorphic encryption computing can be reduced by integrating the privacy computing device with the homomorphic encryption algorithm. In order to increase the computing speed, the CPUs of the privacy computing device and the data center server may be linked through a high-speed data interface of a high-speed link protocol such as PCIe and CXL.
To clarify the implementation of the privacy computing device, fig. 2 shows a schematic diagram of an implementation form of a specific privacy computing device. As shown in fig. 2, the privacy computing device may include a computer module (such as a PCB, etc.) packaged in advance by a housing, and the module may be physically connected with the CPU of the data center server through a reserved data interface 201. Data interaction can be carried out between the CPU of the data center server and the privacy computing device through a data interface 201 through a corresponding high-speed link protocol, so that quick and non-inductive communication is realized, and the real-time auxiliary computing function of the privacy computing device is carried out. It is understood that the physical implementation form shown in fig. 2 is a specific example, and in practice, the privacy computing apparatus may also have other forms, for example, the section is square, the shape is irregular, the data interface 201 is disposed on the top surface or the left/right side surface, the data interface 201 has a connecting line extending for a certain length, and the like, which is not limited in this specification. This privacy accounting device can locate inside the host computer of data center server, and the video card is similar with CPU's being connected, is connected with computer processing unit through data interface 201's grafting, also can locate the host computer outside of data center server, is connected with server CPU through other modes (such as the connecting wire that data interface 201 draws forth etc.). In an alternative implementation, the privacy computing device may also be integrated onto a host of the data center server as part of the data center server.
It should be noted that, the data center server is taken as an example to describe a specific implementation scenario of the privacy computing apparatus provided in this specification, and in fact, the data center server may be replaced by any computer having data encryption and decryption requirements, which is not limited in this specification. Similarly, the above scheme of the privacy computing apparatus based on homomorphic encryption is proposed, and in practice, the privacy computing logic in the privacy computing apparatus may further include other encryption and decryption computing logic (such as a garbled circuit, etc.), which is not limited herein.
The logical structure and the internal physical structure of the privacy computing means are described in detail below.
FIG. 3 illustrates a physical topology diagram of a privacy computing device provided by the present specification. As shown in fig. 3, the internal structure of the privacy computing device may include: a processing unit, a storage unit, a data interface (a hardware interface connected with other devices, such as the data interface 201 in fig. 2), and the like. The processing unit may be configured to execute various computing logics to perform data processing, intermediate results or final results of the data processing may be stored in the storage unit, data of the processing unit may be buffered by a memory cache (optionally, the memory may be a part of the storage unit), the hardware interface is configured to exchange data with an external device, and the hardware interface may also include a power interface. To assist in the encryption of the homomorphic encryption operation, the computational logic executed by the processing unit may be execution logic that accelerates at least one privacy computational operation of homomorphic encryption acceleration, semi-homomorphic acceleration, customized ciphertext acceleration, encryption, and decryption for the private data.
As can be seen from fig. 2 and 3, the privacy computing apparatus provided in the present specification is a relatively independent data processing apparatus, and exchanges data with an external device only through a hardware data interface, for example, receives private data to be processed from the external device, and feeds back a processing result to the external device after relevant processing. For the external device, the device can be used as a black box, and hardly occupies the computing resources (except power consumption) of the external device. The privacy computing device can greatly reduce the development cost corresponding to homomorphic encryption and reduce the CPU pressure caused by complex operation of homomorphic encryption.
Wherein, the processing unit can be selected from the following group: a CPU, an ASIC (Application Specific Integrated circuit), an FPGA (Field Programmable Gate Array), and the like. The hardware data interface may include interfaces of PCIe (i.e., PCI Express, peripheral component interconnect Express, a high speed serial computer expansion bus standard), CXL (new interconnect protocol Express Link in the field of AI, etc.), and the like. These interfaces have the characteristics of high-speed communication, so that the private computing device provided by the specification is more integrated with external equipment in the data processing process.
Further, fig. 4 illustrates a logical topology diagram of computational logic of the privacy computing device of one embodiment of the present description. Fig. 4 embodies the computational logic of the privacy computing apparatus by some examples, however, in practice, the specific arrangement of the computational logic of the privacy computing apparatus is not so limited. As shown in fig. 4, the computing logic in the privacy computing device may be comprised of, but is not limited to, one or more of the following logic modules: a fully homomorphic encryption module, a semi-homomorphic module, a customized ciphertext module, an encryption and decryption module, an application interface module and the like.
The fully homomorphic encryption module is responsible for performing computation of data under an encryption protocol satisfying fully homomorphic encryption according to a fully homomorphic encryption protocol, for example, the fully homomorphic encryption module may perform bright/ciphertext multiplication computation, and the fully homomorphic encryption module may include one or more computation task items of a bright/ciphertext multiplication protocol, a key switch (key exchange algorithm), NTT/innt (number theory transform circuit), bootstrapping (decapsulation circuit), and the like. Here, the plaintext/ciphertext multiplication may be multiplication of plaintext data, or may be multiplication of ciphertext data encrypted by a homomorphic encryption algorithm (e.g., denoted as E). The number-theoretic transform NTT, which is a bottom operator of the bottom layer of the fully homomorphic encryption, is actually a variant of the fourier transform (FFT), and has the advantage that the integer can be directly processed without considering the storage and precision problems in floating-point numbers.
In the homomorphic encryption calculation process, low-noise ciphertext data can be obtained through bootstrap. Specifically, the ciphertext of the FHE full of noise is encrypted to obtain another FHE ciphertext, and the decryption algorithm of the FHE is homomorphically calculated, so that the ciphertext of the inner layer is decrypted and restored to the original text, and a brand-new low-noise FHE ciphertext is obtained. As an example, for a plaintext m, two pairs of public and private keys are selected: pk1, sk1, pk2 and sk2, encrypting m by a public key pk1 to generate a ciphertext c1, and encrypting c1 by a public key pk2 to obtain a double-layer encrypted ciphertext c * Then, s is obtained by encrypting the private key sk2 by pk2 * And m is encrypted by the public key pk2 to obtain a ciphertext c2. Due to the homomorphism of the decryption algorithm, there are: dec (sk 2, dec(s) * ,c * ) ) = = Dec (sk 1, c 1) = m, where Dec denotes a decryption algorithm, the second element being decrypted by its first element in parentheses. Then, when Dec (s, c) = c2 is obtained, the encryption of a private key (sk 1) to decrypt the encryption of a ciphertext (c 1) results in a new ciphertext, c2, being the ciphertext of plaintext m encrypted under the public key pk 2.
And the semi-homomorphic encryption module is responsible for calculating the data under the encryption protocol meeting the fully homomorphic encryption according to the semi-homomorphic encryption protocol. The semi-homomorphic encryption module can include, but is not limited to, semi-homomorphic algorithms such as Paillier, elgmal, RAS, and the like. The Paillier encryption algorithm is a public key encryption algorithm based on the difficult problem of the compound residue class, and the addition homomorphism is satisfied, namely ciphertext multiplication is equal to plaintext addition: d (E (m) 1 )·E(m 2 ))=m 1 +m 2 . E representsThe cipher text encrypted by the key. The Elgmal encryption algorithm is an asymmetric encryption algorithm based on the diffie-hellman key exchange. The Elgmal public key cryptosystem is based on the difficulty of discrete logarithm problem in finite field, and it is based on the principle that: it is difficult to solve discrete logarithm, and the inverse operation can be effectively calculated by using square multiplication, and in the corresponding group G, the exponential function is a one-way function. When the method is used, the plaintext m can be mapped to be a numerical value on the G group, namely, the ciphertext, and the corresponding ciphertext can be decrypted through the inverse element.
The customized cipher text module may be a corresponding encryption circuit and a corresponding decryption circuit determined according to actual encryption and decryption service requirements, for example, including but not limited to at least one of ECDH, PSI, and the like. ECDH is a key exchange algorithm, and is used in combination with DH through an ECC algorithm for key negotiation. Both parties of the exchange can negotiate a key without sharing any secrets. ECC is a cryptosystem based on discrete logarithm problem of elliptic curve, and its key agreement and encryption and decryption principle are conventional technologies, which are not described herein again. PSI (Private Set interaction privacy Set Intersection) is used to find a data sample common to multiple data parties before joint calculation of the multiple data parties, and does not expose a sample unique to each data party. Privacy intersection is an integrated algorithm that uses cryptographic algorithms to determine intersection. In practice, other common algorithms using encryption algorithm may also be customized in the customized ciphertext device, and are not illustrated here.
The encryption and decryption module can provide the most initial encryption calculation or the decryption calculation of the final service processing result. The hardware can be realized by FPGA and the like.
And the application interface module is used for providing an external application interface API, such as an application interface of the SPI, an application interface of the Paillier and the like. The primary purpose of the application interface API is to provide developers the ability to access a set of routines of an application program without having to access source code or understand the details of the internal working mechanisms. Software that calls in a program, connects to a set of APIs when compiled, and when executed calls the implementation (library) of the APIs to implement the functions defined by the set of API interfaces. The external device (such as a data center server) can call the API interfaces to realize corresponding functions under the condition of processing the relevant encryption and decryption algorithms.
In practice, the application interface module and the encryption and decryption module may be used as basic modules of the privacy computing device, and the homomorphic encryption acceleration module, the semi-homomorphic acceleration module and the customized ciphertext acceleration module may be modules which are selectable in the computing logic unit and at least one of which exists. It is worth noting that the state encryption acceleration module, the semi-homomorphic acceleration module, the customized ciphertext acceleration module and the like are distinguished from the logic function, and actually, can be arranged together inside the privacy computing device.
In an optional embodiment, the resource proportion corresponding to each logic module may also be preconfigured according to actual service requirements, for example, the resource allocation proportion of the homomorphic encryption acceleration module, the semi-homomorphic acceleration module, and the customized ciphertext acceleration module is 1. The resource allocation ratio may configure computing resources and the like. A configuration ratio of 0 may indicate that the corresponding module is not configured with the corresponding resource. In the art, computing resources may generally include one or more of CPU resources, memory resources, hard disk resources, and network resources required for the running of a computer program. The resource allocation proportion can be predetermined, and can also be dynamically configured according to actual service requirements.
For example, in a case where the processing unit is implemented by a CPU, the CPU may include a plurality of cores, and the corresponding number of cores may be allocated to different computation logic modules according to requirements of external devices. For example, the CPU has 8 cores in total, and the number of cores allocated to the homomorphic encryption module, the semi-homomorphic module, and the customized ciphertext module is 3, or 2, respectively, so that when the processing unit processes the relevant data by using the semi-homomorphic encryption principle, at most 3 CPU cores are used to participate in the calculation, no matter whether the calculation of the homomorphic encryption logic and the customized ciphertext logic is currently required, or not, the other 5 CPU cores are idle.
For another example, if the processing unit is implemented by a digital integrated circuit FPGA, the computational resources of the logic modules can be dynamically configured due to the rewritable property of the FPGA. For example, the total computing resources of the FPGA account for 10, and if the current service is a privacy interaction service, a configuration scheme of 0 may be allocated to the homomorphic encryption module, the semi-homomorphic module, and the customized ciphertext module. And under the federal learning scene of multi-party safety calculation, a configuration scheme of 8 can be distributed for homomorphic encryption modules, semi-homomorphic modules and customized ciphertext modules, and the like. It will be appreciated that dynamic configuration of the computational resources of an FPGA is based on its programmable principle and can therefore be achieved by altering the computer program, colloquially, by "burning firmware".
In practice, the configuration of the computing resources of each logic module is different according to the different hardware configuration of the processing unit. For example, in the case that the processing unit is an ASIC, resource allocation is performed by compiling, etc., which are not illustrated here. In a word, based on the feature that the computing resources are configurable, more logic processing modules can be included in advance, and the method is more effectively applicable to specific service scenes through resource configuration according to actual service requirements, and particularly under the condition that the computing resources can be dynamically configured, more service scene requirements can be provided for external equipment, and the effectiveness of the privacy computing device is improved.
The homomorphic encryption acceleration module, the semi-homomorphic acceleration module, the customized ciphertext acceleration module, the encryption and decryption module, etc. shown in fig. 4, as logical modules of the computation logic, are depicted as computation logic dashed boxes in the hardware topology of fig. 3. These modules can be, for example, burned in a fixed memory unit or can be stored in a predetermined memory unit in the form of a code by programming, depending on the arrangement of the processing unit. Specifically, the method comprises the following steps: in the case of the processing unit being an application specific integrated circuit, ASIC, the various computational logic may be implemented by circuitry that is built into the ASIC; in the case of a processing unit implemented by a field programmable gate array FPGA, various computational logics may be provided by the processing unit; in case the processing unit is implemented by a central processing unit CPU, various computational logic is provided by the memory unit. In the case of programming, these logic modules may be called via an API interface provided externally.
In order to further explicitly describe the technical solution of the present specification, a usage principle of the privacy computing apparatus is described by taking a flow of privacy computing performed by an external device in a case where the privacy computing apparatus is connected as an example.
As shown in fig. 5, a privacy computing process performed by the privacy computing device is shown. As shown in fig. 5, the privacy calculation flow may include the following steps: step 501, receiving a privacy processing request sent by an external device through a data interface, wherein the privacy processing request comprises a calling request for a first computing logic and input parameters of the first computing logic called by the privacy processing request; step 502, according to the privacy processing request, the processing unit calls a first calculation logic, so as to perform corresponding privacy calculation aiming at the input parameters, and obtain at least one calculation result; step 503, feeding back the calculation result to the external device through the data interface.
Step 501, receiving a privacy processing request sent by an external device through a data interface module.
It is to be understood that the external device here may be any other device to which the privacy computing device is linked through data interface hardware, such as a hardware device of a data center server or the like. The external device may be a device that performs various business processes, and may be, for example, a server that performs express private information processing, a participant device that performs secure computation for multiple parties, or the like. In the case where the external device needs to perform calculations relating to homomorphic encryption, the relevant privacy calculation requirements may be sent to the privacy calculation means via a hardwired data interface.
It is to be understood that the private computation requirement herein may be a computation request related to homomorphic encryption, and the computation related to homomorphic encryption may be, for example, encryption, decryption, an integrated algorithm (such as SPI) based on encryption and decryption, and so on. The privacy computation request may be an API call request. The API call request may contain the computational logic to be called (e.g., via API interface name, address indication), etc., and input parameters for the corresponding computational logic. The application interface API may be provided in advance by a developer of the privacy computing apparatus provided in this specification to an external device. For a current privacy computation request, it may be assumed that the computation logic it invokes includes at least a first computation logic. Specifically, the first computational logic may be, for example, one of Paillier, elgmal, SPI, keyswitch, and the like.
The input parameter of the first calculation logic may be in a ciphertext form, a plaintext form, a ciphertext form, or a combination thereof, which is not limited herein. The privacy computation request may be passed to the processing unit for processing via an in-memory cache of the privacy computation apparatus.
Step 502, according to the privacy processing request, the processing unit invokes a first computation logic, so as to perform corresponding privacy computation on the input parameters, and obtain at least one computation result.
The processing unit is an execution unit of the privacy calculation device and can perform related calculation according to a calling instruction of the external equipment, so that data processing pressure and algorithm development pressure of the external equipment are shared. For example, in the case that the privacy processing request includes an application interface API of a first computation logic (e.g., privacy intersection SPI), and an input parameter, the processing unit may call the first computation logic (e.g., SPI logic, etc.) in the customized ciphertext acceleration module, and perform computation on the corresponding input parameter under the first computation logic. The first computation logic may comprise at least one of encryption and decryption. In an optional embodiment, the first computation logic may further include computation logic of another algorithm, for example, the privacy negotiation process includes encryption computation, and when the computation logic of the first computation logic is executed, according to API calls for another algorithm included in the computation logic, the other computation logic may be called to complete computation of the first computation logic.
During execution of the first computational logic, a corresponding computational result may be generated. The calculation result herein may be only one final result, or may include a plurality of intermediate results, which is not limited herein. The calculation result may be stored via the storage unit or temporarily stored.
Step 503, feeding back the calculation result to the external device through the data interface.
It will be appreciated that by execution of the first computational logic, a final result may be generated as a computational result fed back to the external device, or intermediate results and a final result may be generated and fed back to the external device. For example, in the integrated algorithm calculation process of privacy deal, an encryption result of a plurality of service data may be generated and fed back to the external device as an intermediate result, the external device interacts data with other parties involved in the privacy deal, the data obtained after interaction is transmitted to the privacy calculation apparatus through a data interface, or the data obtained after interaction and the other parties jointly determine a part of the intermediate result as further data to be processed, and the processing unit of the privacy calculation apparatus further executes the first calculation logic to perform the privacy deal algorithm process.
In some embodiments, the processing unit may also invoke decryption logic (e.g., a decryption algorithm in the encryption and decryption module shown in fig. 4) to decrypt the final result. And feeding back the decrypted plaintext result to the external device. For example, for the service data item included in the result of the privacy intersection, the plaintext result may be obtained by decrypting the corresponding service data identifier, and is fed back to the external device.
It should be noted that the method 500 shown in fig. 5 is executed by the apparatus described in fig. 3 and fig. 4, and the corresponding description in the apparatus embodiment shown in fig. 3 and fig. 4 is also applicable to the method 500, and is not repeated herein.
Reviewing the above processes, the technical idea provided by the present specification provides a privacy calculation module for a relevant device in various service scenarios related to privacy data processing. The privacy computation module can encapsulate encryption and decryption customized according to business needs or integrated algorithms such as homomorphic encryption acceleration, semi-homomorphic acceleration and customized ciphertext acceleration in advance, and provide a data interface on hardware and application interfaces API corresponding to various algorithms for the outside. Therefore, the equipment for processing the privacy related business can be directly provided with the privacy computing device, the learning pressure and the skill requirement of developers are reduced, and the labor cost is saved. And the equipment for processing the related privacy related service transmits the data to the privacy computing device through the high-speed data interface, and the privacy computing device completes related computation through corresponding computing logic and feeds back a computation result, so that the data processing pressure of the equipment for processing the related privacy related service is reduced, and the service processing efficiency is improved.
Those skilled in the art will recognize that, in one or more of the examples described above, the functions described in the embodiments of this specification may be implemented in hardware, software, firmware, or any combination thereof. When implemented in software, the functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium.
The above embodiments are only intended to be specific embodiments of the technical concept of the present disclosure, and should not be used to limit the scope of the technical concept of the present disclosure, and any modification, equivalent replacement, improvement, etc. made on the basis of the technical concept of the embodiments of the present disclosure should be included in the scope of the technical concept of the present disclosure.

Claims (11)

1. A privacy computing apparatus, the apparatus comprising at least one processing unit, a data interface, a storage unit; wherein:
the data interface is used for being connected with external equipment which carries out corresponding business processing on the private data so as to interact data with the external equipment through a high-speed link protocol;
the processing unit is used for executing corresponding calculation logic based on the privacy calculation request to obtain a corresponding privacy calculation result under the condition that the privacy calculation request sent by the external equipment is received through the data interface, so that the corresponding privacy calculation result can be fed back to the external equipment through the data interface, and the calculation logic is execution logic for executing at least one privacy calculation operation of homomorphic encryption acceleration, semi-homomorphic acceleration, customized ciphertext acceleration and encryption and decryption for privacy data to accelerate;
the storage unit is used for storing at least one of an intermediate result generated in the process of processing the data to be processed, the data to be processed received from the server and an encryption calculation result to be sent to the server.
2. The apparatus of claim 1, wherein the homomorphic cryptographic accelerated computing logic comprises one or more of the following fully homomorphic cryptographic algorithms implemented by a fully homomorphic cryptographic module: plain and cipher text multiplication, a key exchange algorithm, a number theory conversion circuit and a shelling circuit.
3. The apparatus of claim 1, wherein the semi-homomorphic cryptographic computational logic comprises one or more of the following semi-homomorphic cryptographic algorithms: the addition homomorphic encryption algorithm Paillier, the asymmetric encryption algorithm Elgmal based on the Diffie-Hellman key exchange, and the multiplication homomorphic encryption algorithm RAS.
4. The apparatus of claim 1, wherein the custom ciphertext accelerated computing logic comprises an integrated algorithm based on fully homomorphic encryption and/or a versioned secret algorithm.
5. The apparatus of claim 1, wherein each computational logic allocates computational resources of the processing unit in a predetermined proportion.
6. The apparatus of claim 1, wherein the processing unit is implemented by at least one of a Central Processing Unit (CPU), an Application Specific Integrated Circuit (ASIC), and a Field Programmable Gate Array (FPGA), and:
in the case where the processing unit is an application specific integrated circuit, ASIC, the computational logic is implemented by circuitry that is cured on the ASIC;
in the case where the processing unit is implemented by a field programmable gate array, FPGA, the computational logic is provided by the processing unit;
in case the processing unit is implemented by a central processing unit CPU, the calculation logic is provided by the memory unit.
7. The apparatus of claim 1, wherein the high-speed connection protocol corresponding to the data interface is one of a serial computer expansion bus express (PCIe) protocol and a new interconnect protocol (CXL).
8. A privacy calculation method for the apparatus of any one of claims 1-7 to perform privacy protection-based data processing, the method comprising:
receiving a privacy processing request sent by an external device through a data interface, wherein the privacy processing request is a calling request aiming at a first computing logic and comprises input parameters of the first computing logic called by the privacy processing request;
calling the first calculation logic by the processing unit according to the privacy processing request, so as to perform corresponding privacy calculation on the input parameters and obtain at least one calculation result;
and feeding back the calculation result to external equipment through a data interface.
9. The method of claim 8, wherein the input parameter is at least one of a ciphertext or an plaintext.
10. The method of claim 8, wherein in a case that the computation result comprises an intermediate computation result, the method further comprises:
feeding back the intermediate result to an external device, and receiving the exchange data determined based on the intermediate result or the to-be-processed data selected from the intermediate result from the external device;
and continuing to execute the first computing logic according to the exchange data or the data to be processed.
11. The method of claim 8, wherein in case the calculation result is a final result, the feeding back the calculation result to an external device through a data interface further comprises:
calling a decryption logic to decrypt the calculation result through the processing unit;
and feeding back the decrypted plaintext result to the external equipment.
CN202211072198.5A 2022-09-02 2022-09-02 Privacy calculation device and privacy calculation method Pending CN115603890A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211072198.5A CN115603890A (en) 2022-09-02 2022-09-02 Privacy calculation device and privacy calculation method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211072198.5A CN115603890A (en) 2022-09-02 2022-09-02 Privacy calculation device and privacy calculation method

Publications (1)

Publication Number Publication Date
CN115603890A true CN115603890A (en) 2023-01-13

Family

ID=84842456

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211072198.5A Pending CN115603890A (en) 2022-09-02 2022-09-02 Privacy calculation device and privacy calculation method

Country Status (1)

Country Link
CN (1) CN115603890A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115987690A (en) * 2023-03-20 2023-04-18 天聚地合(苏州)科技股份有限公司 Privacy calculation method based on API, API calling end and API providing end

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115987690A (en) * 2023-03-20 2023-04-18 天聚地合(苏州)科技股份有限公司 Privacy calculation method based on API, API calling end and API providing end
CN115987690B (en) * 2023-03-20 2023-08-08 天聚地合(苏州)科技股份有限公司 Privacy computing method based on API, API calling terminal and API providing terminal

Similar Documents

Publication Publication Date Title
CN107862216B (en) Privacy protection method, device and storage medium for anonymous cross-link transaction
Angel et al. Unobservable communication over fully untrusted infrastructure
US11128447B2 (en) Cryptographic operation method, working key creation method, cryptographic service platform, and cryptographic service device
He et al. Efficient certificateless anonymous multi-receiver encryption scheme for mobile devices
Pfitzmann et al. Cryptographic security of reactive systems
CN113708930B (en) Data comparison method, device, equipment and medium for private data
Saab et al. Partial mobile application offloading to the cloud for energy-efficiency with security measures
WO2021082647A1 (en) Federated learning system, training result aggregation method, and device
CN110324321B (en) Data processing method and device
CN112953700B (en) Method, system and storage medium for improving safe multiparty computing efficiency
US20230342669A1 (en) Machine learning model update method and apparatus
WO2024078347A1 (en) Acceleration device, computing system and acceleration method
CN113343283B (en) Data processing method
CN115174267B (en) TLS protocol negotiation method, equipment and medium
CN114296922A (en) Multi-party data processing method, system, electronic device and storage medium
CN115603890A (en) Privacy calculation device and privacy calculation method
CN111586142A (en) Safe multi-party computing method and system
Biçer et al. Highly efficient and re-executable private function evaluation with linear complexity
CN111246407A (en) Data encryption and decryption method and device for short message transmission
CN116049851B (en) Ciphertext processing system and method based on full homomorphic encryption
CN117134906A (en) Multiparty privacy exchange method and related device
CN113452649A (en) Secure multi-party computing method, device, system and storage medium
CN114944936B (en) Privacy routing server, encryption protocol conversion method and machine-readable storage medium
CN110807211A (en) Method, system, readable medium and electronic device for safely acquiring user intersection
CN115801221A (en) Acceleration apparatus, computing system, and acceleration method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination