CN115801308B

CN115801308B - Data processing method, related device and storage medium

Info

Publication number: CN115801308B
Application number: CN202211130782.1A
Authority: CN
Inventors: 请求不公布姓名
Original assignee: Beijing Real AI Technology Co Ltd
Current assignee: Beijing Real AI Technology Co Ltd
Priority date: 2022-09-16
Filing date: 2022-09-16
Publication date: 2023-08-29
Anticipated expiration: 2042-09-16
Also published as: CN115801308A

Abstract

The embodiment of the application relates to the field of data processing, and provides a data processing method, a related device and a storage medium, wherein the method comprises the following steps: the first node acquires a first key and a second key, constructs a target key based on the first key and the second key, and sends the target key to the second node; the second node sends the first ciphertext and the target key to a third node, and the third node processes the first ciphertext based on the target key to obtain a second ciphertext; the difference value between a first plaintext obtained by decrypting the first ciphertext through a first key and a second plaintext obtained by decrypting the second ciphertext through a second key accords with a preset threshold. In the embodiment of the application, the transmission of different ciphertext feature libraries from the first node to the second node can be replaced by the transmission of different target keys, the first ciphertext is processed based on the target keys, the flow of obtaining the second ciphertext is arranged on the third node, the transmission data quantity from the first node to the second node is saved, and the data transmission pressure is reduced.

Description

Data processing method, related device and storage medium

Technical Field

The embodiment of the application relates to the field of data processing, in particular to a data processing method, a related device and a storage medium.

Background

The face ciphertext feature library comprises a plurality of face ciphertext features of prestored users, can be used for comparing and identifying the face features, is often generated by a data center based on the face plaintext feature library, and is distributed to units or departments needing to use the face ciphertext features. However, the face ciphertext feature libraries distributed to each unit or department are often obtained by encrypting different keys, that is, the data center may encrypt the face plaintext feature libraries by using different keys, so as to obtain a plurality of different face ciphertext feature libraries. Therefore, the data center needs to distribute a plurality of face ciphertext feature libraries to different units or departments, and the data calculation and transmission pressures are high.

Disclosure of Invention

The embodiment of the application provides a data processing method, a related device and a storage medium, which can generate a target key for processing a first ciphertext, and the first ciphertext can have the same characteristic comparison effect as a second ciphertext after being processed by the target key, so that a characteristic library for transmitting different ciphertexts can be replaced by transmitting different target keys, and the transmission data volume and transmission pressure are greatly reduced.

In a first aspect, an embodiment of the present application provides a data processing method from a first node point of view for encrypting plaintext to obtain ciphertext, the method comprising:

Acquiring a first key and a second key;

constructing a target key based on the first key and the second key, wherein the target key is a two-dimensional vector and at least comprises a first vector element and a second vector element, and the first vector element is constructed based on the first key, the second key and the second vector element;

the target key is sent to a third node through a second node, so that the third node processes a first ciphertext from the second node based on the target key to obtain a second ciphertext; and the difference value between a first plaintext obtained by decrypting the first ciphertext through the first key and a second plaintext obtained by decrypting the second ciphertext through the second key accords with a preset threshold.

In a second aspect, an embodiment of the present application provides a data processing method from a second node perspective for transferring data, the method including:

receiving a target key from a first node, wherein the target key is constructed by the first node based on a first key and a second key, the target key is a two-dimensional vector and at least comprises a first vector element and a second vector element, and the first vector element is constructed based on the first key, the second key and the second vector element;

The target key is sent to a third node, so that the third node processes a first ciphertext from the second node based on the target key to obtain a second ciphertext;

the difference value between a first plaintext obtained by decrypting the first ciphertext through the first key and a second plaintext obtained by decrypting the second ciphertext through the second key accords with a preset threshold.

In a third aspect, an embodiment of the present application provides a data processing method from a third node angle for performing feature comparison and identification using a second ciphertext, where the method includes:

receiving a target key from a second node, wherein the target key is constructed by a first node based on a first key and a second key, the target key is a two-dimensional vector and at least comprises a first vector element and a second vector element, and the first vector element is constructed based on the first key, the second key and the second vector element;

processing a first ciphertext acquired from the second node based on the target key to obtain a second ciphertext;

In a fourth aspect, an embodiment of the present application provides a data processing apparatus having a function of implementing a data processing method corresponding to the first aspect. The functions may be implemented by hardware, or may be implemented by hardware executing corresponding software. The hardware or software includes one or more modules corresponding to the functions described above, which may be software and/or hardware.

In one embodiment, the apparatus comprises:

the input-output module is configured to acquire a first key and a second key;

a processing module configured to construct a target key based on the first key, the second key, wherein the target key is a two-dimensional vector including at least a first vector element and a second vector element, the first vector element being constructed based on the first key, the second key, and the second vector element;

the input/output module is further configured to send the target key to a third node through a second node, so that the third node processes a first ciphertext from the second node based on the target key to obtain a second ciphertext; and the difference value between a first plaintext obtained by decrypting the first ciphertext through the first key and a second plaintext obtained by decrypting the second ciphertext through the second key accords with a preset threshold.

In a fifth aspect, an embodiment of the present application provides a data processing apparatus having a function of implementing a data processing method corresponding to the above third aspect. The functions may be implemented by hardware, or may be implemented by hardware executing corresponding software. The hardware or software includes one or more modules corresponding to the functions described above, which may be software and/or hardware.

In one embodiment, the apparatus comprises:

an input-output unit configured to receive a target key from a second node, wherein the target key is constructed by a first node based on a first key, a second key, the target key being a two-dimensional vector including at least a first vector element and a second vector element, the first vector element being constructed based on the first key, the second key, and the second vector element;

a processing unit configured to process a first ciphertext acquired from the second node based on the target key, resulting in a second ciphertext;

In a sixth aspect, an embodiment of the present application provides a computing node, including a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the data processing method described in the first aspect or the second aspect or the third aspect when executing the computer program.

In a seventh aspect, an embodiment of the present application provides a computer readable storage medium comprising instructions which, when run on a computer, cause the computer to perform the data processing method described in the first aspect or the second aspect or the third aspect.

Compared with the prior art, in the embodiment of the application, the first node can generate the target key for processing the first ciphertext, and after the first ciphertext is processed by the target key, the first ciphertext is decrypted by adopting the key associated with the second ciphertext, so that the result which is approximately the same as the result of the original plaintext data can be obtained, and the second ciphertext can play the same or similar role as the first ciphertext in the characteristic comparison and the identification of the third node, namely, the results of the characteristic comparison and the identification of the second ciphertext are the same or similar. Therefore, in the embodiment of the application, the transmission of different ciphertext feature libraries from the first node to the second node can be replaced by the transmission of different target keys, the first ciphertext is processed based on the target keys, the flow of obtaining the second ciphertext is arranged on the third node, the transmission data quantity from the first node to the second node is saved, and the data transmission pressure is greatly reduced.

Drawings

The objects, features and advantages of embodiments of the present application will become readily apparent from the detailed description of the embodiments of the present application read with reference to the accompanying drawings. Wherein:

fig. 1 is a schematic view of a scenario for distributing ciphertext data in the prior art;

FIG. 2 is a schematic diagram of a scenario in which ciphertext data and a target key are distributed in an embodiment of the application;

FIG. 3 is a block diagram of a data processing system for which the data processing method according to an embodiment of the present application is applicable;

fig. 4 is a signaling interaction diagram of a data processing method according to an embodiment of the present application;

FIG. 5 is a signaling interaction diagram of yet another data processing method according to an embodiment of the present application;

FIG. 6 is a flow chart of a method for constructing a target key according to an embodiment of the present application;

FIG. 7 is a flowchart of a method for constructing a second ciphertext according to an embodiment of the application;

FIG. 8 is a schematic diagram of a data processing apparatus according to an embodiment of the present application;

FIG. 9 is a schematic diagram of a data processing apparatus according to another embodiment of the present application;

FIG. 10 is a schematic diagram of a computing device in accordance with an embodiment of the application;

FIG. 11 is a schematic diagram of a mobile phone according to an embodiment of the present application;

fig. 12 is a schematic structural diagram of a server according to an embodiment of the present application.

In the drawings, the same or corresponding reference numerals indicate the same or corresponding parts.

Detailed Description

The terms first, second and the like in the description and in the claims of embodiments of the application and in the above-described figures are used for distinguishing between similar objects (e.g. a first key and a second key are each represented by a different key, and vice versa) and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments described herein may be implemented in other sequences than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or modules is not necessarily limited to those listed or explicitly listed or inherent to such process, method, article, or apparatus, but may include other steps or modules that may not be listed or inherent to such process, method, article, or apparatus, and the partitioning of such modules by embodiments of the application may include only one logical partitioning, and may be implemented in additional partitions, such as a plurality of modules may be combined or integrated into another system, or some features may be omitted or not implemented. In addition, the coupling or direct coupling or communication connection shown or discussed may be indirect coupling between modules via interfaces, and the communication connection may be in electrical or other similar forms, which are not limited in this embodiment. The modules or sub-modules described as separate components may or may not be physically separate, may or may not be physical modules, or may be distributed in a plurality of circuit modules, and some or all of the modules may be selected according to actual needs to achieve the purposes of the embodiment of the present application.

The embodiment of the application provides a data processing method which can be applied to ciphertext data distribution scenes and relates to at least three service nodes, wherein the at least three service nodes comprise at least two data processing devices. One service node is deployed in a data center and comprises a first data processing device, the other service node is deployed in a distribution center, and the other service node is deployed in a lower unit and comprises a second data processing device, wherein the first data processing device and the second data processing device are respectively assigned to different main bodies, and different data processing programs in ciphertext data distribution are executed. For example, the first data processing device is configured to generate a target key based on the first key and the second key, and send the target key to a third node through the second node, so that the third node processes a first ciphertext from the second node based on the target key to obtain a second ciphertext. The second data processing device is at least used for receiving the target key sent by the second node and processing the first ciphertext from the second node based on the target key to obtain a second ciphertext. The first data processing device may be an application program that generates a target key based on the first key and the second key and transmits the target key to the second node, or a server that installs an application program that generates a target key based on the first key and the second key and transmits the target key to the second node; the second data processing device may be a server that receives the target key sent by the second node and processes the first ciphertext from the second node based on the target key to obtain the second ciphertext, or that installs the target key sent by the second node and processes the first ciphertext from the second node based on the target key to obtain the second ciphertext.

The scheme provided by the embodiment of the application relates to artificial intelligence (Artificial Intelligence, AI), federal Learning (Federated Learning, FL), machine Learning (ML) and other technologies, and is specifically described by the following embodiments:

the AI is a theory, a method, a technology and an application system which simulate, extend and extend human intelligence by using a digital computer or a machine controlled by the digital computer, sense environment, acquire knowledge and acquire an optimal result by using the knowledge. In other words, artificial intelligence is an integrated technology of computer science that attempts to understand the essence of intelligence and to produce a new intelligent machine that can react in a similar way to human intelligence. Artificial intelligence, i.e. research on design principles and implementation methods of various intelligent machines, enables the machines to have functions of sensing, reasoning and decision.

AI technology is a comprehensive discipline, and relates to a wide range of technologies, both hardware and software. Artificial intelligence infrastructure technologies generally include technologies such as sensors, dedicated artificial intelligence chips, cloud computing, distributed storage, big data processing technologies, operation/interaction systems, mechatronics, and the like. The artificial intelligence software technology mainly comprises a computer vision technology, a voice processing technology, a natural language processing technology, machine learning/deep learning and other directions.

Machine Learning (ML) is a multi-domain interdisciplinary, involving multiple disciplines such as probability theory, statistics, approximation theory, convex analysis, algorithm complexity theory, etc. It is specially studied how a computer simulates or implements learning behavior of a human to acquire new knowledge or skills, and reorganizes existing knowledge structures to continuously improve own performance. Machine learning is the core of artificial intelligence, a fundamental approach to letting computers have intelligence, which is applied throughout various areas of artificial intelligence. Machine learning and deep learning typically include techniques such as artificial neural networks, confidence networks, reinforcement learning, transfer learning, induction learning, teaching learning, and the like.

In the ciphertext data distribution scene in the prior art, often, a data center generates different ciphertext databases respectively belonging to each unit, then the data center sends all ciphertext data to a distribution center, and the distribution center distributes the ciphertext data to different units. The different ciphertext databases are obtained by encrypting the same plaintext database, namely the data source heads of the ciphertext databases are the same, but the ciphertext databases with the same data source are required to be repeatedly transmitted due to the service requirement, so that more data transmission resources are occupied, and the pressure is brought to data transmission.

Compared with the scheme that a plurality of ciphertext databases with the same root need to be repeatedly transmitted to a distribution center in the prior art, in the embodiment of the application, the data center generates the target key for processing the first ciphertext, the first ciphertext is processed by the target key and then decrypted by adopting the key associated with the second ciphertext, so that the result which is approximately the same as the original plaintext data can be obtained, and the second ciphertext can play the same or similar role as the first ciphertext in the feature comparison and recognition of each unit, namely the results of feature comparison and recognition of the second ciphertext are the same or similar. Therefore, in the embodiment of the application, the characteristic library of the ciphertext transmitted from the data center to the distribution center can be replaced by the characteristic library of the ciphertext transmitted from the data center to the distribution center, the first ciphertext is processed based on the target key, the flow of obtaining the second ciphertext is arranged at the third node, the data amount transmitted from the data center to the distribution center is saved, and the data transmission pressure is greatly reduced.

In some embodiments, the first data processing apparatus and the second data processing apparatus are disposed separately, and referring to fig. 3, the data processing method provided by the embodiment of the present application may be implemented based on one data processing system shown in fig. 3. The data processing system may comprise a first node 01, a second node 02, a third node 03 and a third node 04.

The first node 01 may be disposed in a data center, specifically, a first data processing apparatus, for generating a target key and a first ciphertext.

The second node 02 may be deployed in a distribution center for forwarding the target key and the first ciphertext to the third node 03 and the third node 04.

The third node may be deployed in different units, for example, the third node 03 and the third node 04 may be deployed in different government units in the same ground city, and each may be a second data processing device. For example, the third node 03 may receive the first ciphertext and the target key 1 transmitted by the second node, and the third node 04 may receive the first ciphertext and the target key 2 transmitted by the second node. After the third node receives the target key and the first ciphertext, the first ciphertext may be processed by using the target key to obtain the second ciphertext.

The first node, the second node and the third node may each be a server, and the third node may also be a terminal device.

It should be noted that, the server according to the embodiment of the present application may be an independent physical server, or may be a server cluster or a distributed system formed by a plurality of physical servers, or may be a cloud server that provides cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communication, middleware services, domain name services, security services, CDNs, and basic cloud computing services such as big data and an artificial intelligence platform.

The terminal device according to the embodiment of the present application may be a device that provides voice and/or data connectivity to a user, a handheld device with a wireless connection function, or other processing device connected to a wireless modem. Such as mobile telephones (or "cellular" telephones) and computers with mobile terminals, which can be portable, pocket, hand-held, computer-built-in or car-mounted mobile devices, for example, which exchange voice and/or data with radio access networks. For example, personal communication services (English full name: personal Communication Service, english short name: PCS) telephones, cordless telephones, session Initiation Protocol (SIP) phones, wireless local loop (Wireless Local Loop, english short name: WLL) stations, personal digital assistants (English full name: personal Digital Assistant, english short name: PDA) and the like.

Referring to fig. 3, fig. 3 is a signaling interaction diagram of each node performing a data processing method according to an embodiment of the present application. The method can be applied to a data processing system in a ciphertext data distribution scene, and is interactively executed by a first node, a second node and a third node to generate a target key for processing the first ciphertext to obtain the second ciphertext, so that the first node can replace a plurality of different second ciphertexts sent to the second node in the prior art with a plurality of different target keys, and the transmission data volume is greatly reduced, and the data processing method comprises the following steps:

In step S110, the first node obtains the first key and the second key.

In the embodiment of the application, the first key can be used for decrypting the first ciphertext to obtain a first plaintext; the second key can be used for decrypting the second ciphertext to obtain a second plaintext; the first plaintext is substantially equal to the second plaintext, i.e., the difference therebetween meets a predetermined threshold.

In the existing image recognition scenario, in order to protect privacy of a pre-collected plaintext image (feature) as an image recognition contrast standard, a plaintext standard image (feature) library is often encrypted into a ciphertext standard image (feature) library, and then an image to be recognized is compared with the ciphertext standard image (feature) library to determine a label of the image to be recognized. For example, in the face recognition scenario, feature comparison is often performed between the face features of the face to be recognized and a face ciphertext library to determine the identity of the face to be recognized. In this example, the ciphertext standard image (feature) library is the first ciphertext, which may be obtained by the first node based on encryption of plaintext data, for example, the first plaintext is a polynomial, and may be constructed according to each feature value in the plaintext data feature as a coefficient. For example, the plaintext data feature is (1, 2,3, 4), then a corresponding plaintext polynomial may be constructed as 1+2w+3w based on the respective feature values 1,2,3, and 4 ² +4w ³ . It will be appreciated that the plaintext polynomial (1+2w+3w ² +4w ³ ) W in (2) is a variable and is not intended to limit the specific structure of the polynomial. In addition, the degree of each single form in the polynomials is not consistent, and the degree of each single form is not particularly limited in the embodiment of the application.

It should be noted that, in the embodiment of the present application, the variables included in each polynomial are the same, for example, the variables may be polynomials related to the variable w, so as to combine the single expressions with the same degree in the subsequent operation process.

It is contemplated that homomorphic encryption includes partial homomorphic (partially homomorphic) encryption, somewhat homomorphic (somewhat homomorphic) encryption, and fully homomorphic (fully homomorphic) encryption. The partial homomorphism is also called Shan Tongtai (single homomorphic), which means that the homomorphism encryption scheme can only do infinite homomorphism addition (add-only) or infinite homomorphism multiplication (multiply-only) operation; the scheme of homomorphic encryption can perform any homomorphic operation on the ciphertext for a limited number of times, in other words, the scheme can perform multiplication and addition, but cannot homomorphically calculate any function; the homomorphic encryption scheme can operate on ciphertext an unlimited number of homomorphic operations, that is, it can homomorphically calculate any function (of course efficiently computable functions is also required). In order to implement feature contrast calculation in a ciphertext state in a subsequent step, in the embodiment of the present application, when the reconstructed encryption processing is performed on the part after feature segmentation, a bit homomorphic encryption or homomorphic encryption (e.g., CKKS) may be adopted, so as to implement matrix multiplication calculation or vector quantity product calculation in an encrypted state (while satisfying homomorphic multiplication and homomorphic addition).

In an actual application scenario, because different subjects may all need a face ciphertext library to perform face recognition, for example, authorities of governments of various local municipalities need a full-national face ciphertext library. For safety, the national face ciphertext library of government authorities in each city is often encrypted by a data center using different keys and then distributed to each city, and then each city is redistributed to the units that need to use the face ciphertext library.

For example, referring to fig. 1, a unit Aa, a unit Ab and a unit Ac in city a, a unit Bd, a unit Be and a unit Bf in city B all need a face ciphertext library, so that a data center needs to generate a key for each unit respectively, that is, 6 keys need to Be generated in total, and then the face plaintext library is encrypted by adopting the 6 keys respectively to obtain 6 different face ciphertext libraries; the face secret library 1-3 is sent to A market by a data center, and then distributed to a unit Aa, a unit Ab and a unit Ac by A market; the face ciphertext library 4-6 is sent to the B city by the data center and then distributed to the bit Bd, the unit Be and the unit Bf by the B city. However, the face secret library 1-6 is actually obtained by encrypting the same face plaintext library, namely the data sources of the face secret libraries are the same, but the face feature libraries with the same data sources are required to be repeatedly transmitted due to the requirement of business, so that more data transmission resources are occupied, and pressure is brought to data transmission.

In order to change the current state of data processing shown in fig. 1, the embodiment of the application hopes to obtain a scheme that a data center in the prior art encrypts the same plaintext database by adopting different keys to obtain a plurality of different ciphertext databases and distributes the different ciphertext databases to each node, and replaces the scheme that the data center generates a plurality of different target keys, distributes each target key to each node, and each node processes the ciphertext database based on one target key received by itself to obtain the target ciphertext database of itself which is approximately the same as the plaintext database after decryption. Therefore, the embodiment of the application can save the process of encrypting the plaintext database for many times by the data center, and the encrypting to obtain a plurality of ciphertext databases is replaced by generating a plurality of different target keys, thereby saving the computing resources, saving the data transmission resources and greatly reducing the data transmission pressure.

Specifically, referring to fig. 2, the unit Aa, the unit Ab and the unit Ac in the city a, the unit Bd and the unit Be in the city B all need a face ciphertext library, so that a data center only needs to encrypt the face plaintext library to obtain a face ciphertext library, and generate a target key for each unit respectively, namely 5 target keys are required to Be generated in total, then the 5 target keys are distributed to each unit, and each unit obtains a target face ciphertext library based on the face ciphertext library and the target keys thereof; the target key 1-3 is sent to A city by a data center and then distributed to a unit Aa, a unit Ab and a unit Ac by A city; the target key 4-5 is sent by the data center to B city and then distributed by B city to unit Bd, unit Be. Compared with the example shown in fig. 1, the data volume sent by the data center to the A market and the B market is obviously reduced, the data transmission pressure is greatly reduced, and the data transmission resources are saved.

It should be noted that, although fig. 2 illustrates the data processing method in the embodiment of the present application by taking the transmission of the face secret library by the government department as an example, the embodiment of the present application is not limited to this scenario. For example, the ciphertext data may be distributed in a company, that is, the company headquarter encrypts the ciphertext data that needs to be used by the branch companies or departments in each place in a unified manner, and after the target key is correspondingly generated, the ciphertext data is distributed to the branch companies or departments in each place by the distribution center.

It will be appreciated that after the target key is processed on the first ciphertext, the second ciphertext may not be identical to the first ciphertext, and may be different from the first ciphertext to some extent, which does not affect subsequent feature comparison and recognition. For example, assuming that the first plaintext is m and the first ciphertext obtained by homomorphic encryption of the first plaintext m is (b, a), the first ciphertext (b, a) may be decrypted by the first key s to obtain the first plaintext m, i.e., m=b+as; similarly, the second ciphertext is (b ', a ') and the second key is s ', then the second plaintext m ' =b ' +a's '; in an embodiment of the present application, the target generates the target key KS, which may be enabled to process the first ciphertext (b, a) to obtain the second ciphertext (b ', a '), i.e., KS (b, a) = (b ', a '), and b ' +a's ' ≡b+as.

It should be noted that, in the embodiment of the present application, the first key and the second key may be generated by the data center, and there is no correspondence between the two keys, that is, the two keys may be generated separately and independently, and not have other common basic sources. It will be appreciated that to facilitate subsequent target key generation and ciphertext calculation, the first key and the second key may have the same data length or data structure, e.g., are polynomials of length n, for data merging at subsequent calculations.

Step S120, the first node constructs a target key based on the first key and the second key.

In the embodiment of the application, in order to enable the target key to process the second ciphertext obtained by the first ciphertext, the second plaintext obtained after the second key is decrypted is approximately the same as the first plaintext obtained after the first ciphertext is decrypted by the first key; that is, most miscellaneous data (i.e., other items than b+as) can be subtracted or ignored after the second ciphertext is decrypted by the second key. Thus, a target key of a particular data format may be constructed based on the first key and the second key, in particular the target key is a two-dimensional vector comprising at least a first vector element and a second vector element, the first vector element being constructed based on the first key, the second key and the second vector element.

In order to ensure that the second ciphertext obtained by encrypting the first ciphertext by the target key can eliminate and ignore some miscellaneous data after decrypting by the second key, the first key is multiplied by a large integer P, the opposite number of the second vector element is multiplied by the second key, and therefore, after the target key constructed based on the result of multiplying the first key by the large integer, the opposite number of the second vector element and the result of multiplying the second key is calculated with the first ciphertext, the second plaintext obtained by decrypting by the second key is very similar to the first plaintext.

It is contemplated that constructing the target key directly based on the first key and the second key may not be secure enough, e.g., may leave a malicious subject with a reverse-cracking target key, resulting in a multiplicative machine of the first key and the second key. In one possible design, a perturbation term may be additionally set, that is, the security of the target key and the subsequent encryption process is guaranteed based on the perturbation term when the target key is constructed, and referring to fig. 6, the step S120 may include:

step S121, generating first data according to a preset rule, and taking the first data as the second vector element.

In the embodiment of the application, in order to continue the characteristic that the ciphertext data obtained by homomorphic encryption is calculated and then is the same as the result of the same calculation as the plaintext data, a target key with a data structure of a two-dimensional polynomial vector can be constructed, so that the first ciphertext can be homomorphic encrypted based on the target key to obtain the second ciphertext of homomorphic ciphertext data. Specifically, the second vector element may be a polynomial, that is, the first data, and the first data may be generated according to a preset rule, for example, the number of terms and the degree and the coefficient of the polynomial may be preset, and the polynomial as the first data may be generated according to the number of terms, the degree and the coefficient; or a polynomial may be randomly generated as the first data in order to enhance the security of the target key.

Step S122, acquiring second data based on the first data.

In the embodiment of the application, in order to enable the second ciphertext obtained by encrypting the first ciphertext by the target key to be decrypted by the second key, some miscellaneous data can be eliminated, so that the first plaintext and the second plaintext are more similar, and the second data multiplied by the second key and the first data can be set to be opposite numbers. For example, the first data is a ", the second data may be-a". It will be appreciated that since the second data and the first data are opposite in number to each other, the second data may have the same data structure as the first data, i.e. when the first data is a polynomial, the second data is also a polynomial.

Step S123, obtaining a preset disturbance term.

In order to further enhance the security of the target key, in the embodiment of the application, a disturbance item can be additionally set, namely, the security of the target key and subsequent encryption processing is ensured based on the preset disturbance item when the target key is constructed.

It can be understood that if the target key is not based on the preset perturbation term during construction, the first vector element is directly constructed based on the second vector element, the first key and the second key, and the second vector element is transmitted in plaintext, the malicious entity may crack the first vector element based on the second vector element to obtain the first key and the second key. For example, if the target key (b ", a") = (-a "s '+ps, a"), then the malicious entity can directly obtain a "and b", and with a clear knowledge of a ", cracking b" to obtain the first key s and the second key s' can be achieved. Therefore, by contrast, the preset disturbance item added in the design can greatly enhance the security of the target key, so that a malicious body is difficult to crack.

It can be understood that the preset disturbance term may be set according to actual needs, for example, parameters such as a length or a numerical range may be preset, so as to control a generation result of the preset disturbance term. In addition, in order to make the calculation process of the subsequent target key generation and ciphertext processing smoother, the preset disturbance term may also be set as a polynomial so as to perform merging, decomposition and cancellation.

Step S124, constructing the first vector element based on the product of the second data and the second key, the product of the first key and the third data, and the predetermined perturbation term.

In the embodiment of the present application, the first vector element is a product of the second data and the second key, a product of the first key and the third data, and the predetermined disturbance term. For example, assuming that the first ciphertext is (b, a), the second ciphertext is (b ', a'), the first key is s, the second key is s ', the target key is (b ", a"), the first plaintext m=b+as, the second plaintext is b' +a's', the preset perturbation term is e, and the third data is P, b "may be constructed as b" = -a "s '+e+ps based on the first key s, the second key s', the third data P, and the preset perturbation term e, such that in (b ', a') = (b, 0) +ap ^-1 (b ", a") at b ' +a's ' =ab "P ^-1 +b+aa”s’P ^-1 ＝

a(-a”s’+e+Ps)P ^-1 +b+aa”s’P ^-1 ＝

b+as+(-a”+a”)as’P ^-1 +aeP ^-1 ＝m+aeP ^-1 The method comprises the steps of carrying out a first treatment on the surface of the And since P is a large integer, aeP ^-1 The fraction corresponding to a denominator of extremely large and small molecules, i.e. infinitely close to 0, thus m+ aeP ^-1 About equal to m.

Step S125 constructs the target key based on the first vector element and the second vector element.

Through steps S121 to S124, a first vector element and a second vector element may be obtained, for example, the first vector element is b "= -a" S '+e+ps and the second vector element is a ", and the target key (b", a ") = (-a" S' +e+ps, a ") may be obtained.

Steps S121-S125 introduce one possible way of generating the target key, wherein the generated target key is both satisfying the predetermined requirements and sufficiently secure by setting the first vector element of the target key of the specific data structure. For example, a preset disturbance item is set, so that the target key is not easy to crack, and the target key is safe enough; the first secret key is multiplied by third data in a large integer form, so that some miscellaneous data in a second ciphertext obtained by processing the first ciphertext by the target secret key are smaller than the value of the first ciphertext and can be ignored; setting second data with the number opposite to that of the second vector elements, and constructing a target key by matching the second data with the second key, so that some miscellaneous data in the second ciphertext obtained by processing the first ciphertext by the target key can be eliminated.

Step S130, the first node sends the target key to a third node through a second node.

It is contemplated that in the prior art, it is often necessary for a data center (e.g., a first node) to send each of the different ciphertext databases to a distribution center (e.g., a second node), which distributes each of the different ciphertext databases to a different unit or division (e.g., a third node). Therefore, the data transmission pressure from the data center to the distribution center is large. For example, if the data center needs to prepare respective ciphertext databases for 5 units, that is, 5 different ciphertext databases, then the 5 different ciphertext databases need to be sent to the distribution center, and the distribution center sends the 5 different ciphertext databases to different units respectively; in contrast, if the method of the embodiment of the application is adopted, the data center only needs to generate one ciphertext database and 5 different target keys, and sends the ciphertext database and the 5 target keys to the distribution center, and the distribution center sends the ciphertext database and the 5 target keys to different units respectively. Compared with the prior art that the data center needs to send 5 different ciphertext databases to the distribution center, the embodiment of the application only needs to send one ciphertext database and 5 different target keys to the distribution center, so that the data transmission quantity is greatly reduced, and the data transmission pressure is greatly reduced.

In the embodiment of the present application, the first node for generating the target key may be a server of the data center, and after the first node generates the target key, the target key may be sent to the distribution center, so that each unit may acquire the target key, thereby obtaining the target ciphertext database. For example, a first node (e.g., a server of a data center) may send a target key to a second node, which may be a server of a distribution center, that distributes the target key to a server of a target unit, e.g., a third node, such that the target unit encrypts an original ciphertext database based on the target key, resulting in a target ciphertext database.

Step S140, the second node receives a target key from the first node.

In the embodiment of the application, the first node can send the target key to the second node in real time after generating the target key; or after generating a plurality of target keys in batches, the target keys are uniformly sent to the second node.

And step S150, the second node sends the target key to the third node, so that the third node processes the first ciphertext from the second node based on the target key to obtain the second ciphertext.

It can be appreciated that the second node is further configured to obtain a first ciphertext and send the first ciphertext to a third node, so that the third node can process the first ciphertext based on the target key to obtain a second ciphertext. The second node may acquire the first ciphertext before or after acquiring the target key, and may transmit the first ciphertext to the third node before or after transmitting the target key to the third node.

In the embodiment of the present application, after receiving the target key, the second node may send the target key to a third node in real time, so that the third node processes the first ciphertext from the second node based on the target key to obtain the second ciphertext.

It will be appreciated that in one possible design, with reference to fig. 5, the second node may not directly distribute each target key to each different third node after receiving the respective target key sent by the first node. And after receiving the data request of the third node, the first ciphertext and the corresponding target key are sent to the third node, so that data transmission resources are saved.

It should be noted that the third node may also obtain the first ciphertext from the second node. For example, the second node may send the first ciphertext to the third node in real time after the first ciphertext is obtained, that is, the second node may have sent the first ciphertext to the third node before receiving the target key; or the second node can also send the first ciphertext and the target key to the third node in real time after acquiring the first ciphertext and the target key; or the second node may send the first ciphertext and the target key to the third node after receiving the data request of the third node.

Step S160, the third node receives the target key from the second node.

In the embodiment of the present application, the target key is constructed by the first node based on the first key and the second key, and the specific construction method may refer to the embodiment of steps S110 to S120, which is not described herein again.

It will be appreciated that the third node may directly receive the target key sent by the second node, i.e. the third node directly receives the target key sent by the second node without sending any data request to the second node.

In order to save data transmission resources, the third node may also send a data request to the second node when ciphertext data is needed, and the second node sends the target key to the second node after receiving the data request of the third node. Therefore, when the second node receives a plurality of different target keys, the plurality of different target keys can be temporarily not distributed to each third node, and data transmission resources which are needed to be occupied by sending the target keys and the first ciphertext to the third node without ciphertext data requirements are saved.

In the embodiment of the application, the first ciphertext is ciphertext data obtained by homomorphic encryption of the first node based on plaintext data, and can be used for matching with a target key, so that the third node processes the first ciphertext based on the target key to obtain a second ciphertext.

It will be appreciated that after the first node encrypts the plaintext data to obtain a first ciphertext, the first ciphertext may be sent to the second node, so that the second node may transit to the third node.

In one possible design, to save data transmission resources, the third node may send a data request to the second node when ciphertext data is needed, and the second node sends the first ciphertext to the second node after receiving the data request of the third node. Therefore, when the second node receives the first ciphertext, the first ciphertext can be temporarily not transmitted to each third node, and data transmission resources required to be occupied by transmitting the first ciphertext to the third node without ciphertext data requirements are saved.

It will be appreciated that the second node may be physically remote from the first node, e.g. the first node is a server deployed at a corporate headquarters, the second node is a server deployed at other local branches, and the third node may be physically close to the second node, e.g. the third node is a server or terminal device deployed at a specific department of each branch. Based on the above example, the second node and the third node may be in the same local area network, so that the data transmission rates of the data transmission channels of the second node and the third node are faster, and the second node may conveniently distribute data.

Step S170, the third node processes the first ciphertext based on the target key acquired from the second node, to obtain a second ciphertext.

In the embodiment of the application, one intention of generating the target key includes that the second ciphertext obtained by processing the first ciphertext through the target key can play the same role as the first ciphertext. Specifically, in some scenarios, for example, in a face recognition scenario, the face recognition system may compare the face features of the user to be recognized acquired in real time with ciphertext features in a face ciphertext feature library, determine ciphertext features that are most similar to the face features of the user to be recognized, and further determine a user tag associated with the ciphertext features as the identity of the user to be recognized; in this example, the face ciphertext feature library is the first ciphertext, and it is one of the purposes of the embodiments of the present application that the second ciphertext obtained by processing the first ciphertext with the target key may still be used for comparison with the face feature of the user to be identified, so as to determine the identity of the user to be identified.

In the embodiment of the present application, in order to obtain the second ciphertext that meets the requirements, the specific manner and the target key are further used to process the first ciphertext, and referring to fig. 7, the step S170 includes:

step S171, obtaining a first ciphertext element of the first ciphertext, and constructing a first ciphertext vector based on the first ciphertext element and a preset value.

In the embodiment of the present application, the first ciphertext may be obtained by a first node based on homomorphic encryption of plaintext data, for example, the plaintext data is a plaintext polynomial m constructed based on plaintext characteristics, and then the plaintext polynomial is encrypted by using a homomorphic key to obtain a two-dimensional polynomial vector (b, a), where b and a are polynomials; i.e. the first ciphertext may comprise a first ciphertext element b and a second ciphertext element a.

After determining the first ciphertext element of the first ciphertext, a first ciphertext vector may be constructed based on the first ciphertext element and a preset value, so as to continue the calculation of the subsequent step. In order to make the second plaintext obtained after the second ciphertext is decrypted by the second key similar to the first plaintext obtained after the first plaintext is decrypted by the first key, namely, the difference value between the second plaintext and the first plaintext accords with a preset threshold value, a first ciphertext vector in a specific form needs to be constructed; that is, the first ciphertext vector includes a vector element having a value of the preset value, for example, the first ciphertext element is b, and the first ciphertext vector is (b, 0), that is, the preset value is 0.

Step S172, obtaining a second ciphertext element of the first ciphertext, and constructing a second ciphertext vector based on the second ciphertext element, the target key, and fourth data.

In the embodiment of the application, in order to make the second plaintext obtained by decrypting the second ciphertext through the second key similar to the first plaintext obtained by decrypting the first plaintext through the first key, that is, the difference between the second plaintext and the first plaintext accords with a preset threshold, a second ciphertext vector in a specific form needs to be constructed. Specifically, to fit a large integer (third data) in the target key, fourth data reciprocal to the third data may be combined with the target key and the second ciphertext element to construct the second ciphertext vector; for example, if the first ciphertext is (b, a), the third data is P, the target key is (a ", b"), the second ciphertext element is a, and the second ciphertext vector is aP ^-1 (a”，b”)。

Step S173 constructs the second ciphertext based on the first ciphertext vector and the second ciphertext vector.

In the embodiment of the application, the second ciphertext is a two-dimensional polynomial vector constructed by the first ciphertext vector and the second ciphertext vector. For example, the first plaintext m=b+as, i.e. the first ciphertext (b, a) is decrypted by the first key s, the first ciphertext vector is (b, 0), and the second ciphertext vector is aP ^-1 (a ", b"), then the second ciphertext (b ', a') = (b, 0) +ap ^-1 (a ", b"). Thus, the second plaintext of the second ciphertext (b ', a ') decrypted by the second key s ' is:

b’+a’s’＝ab”P ^-1 +b+aa”s’P ^-1 ＝

a(-a”s’+e+Ps)P ^-1 +b+aa”s’P ^-1 ＝

b+as+(-a”+a”)as’P ^-1 +aeP ^-1 ＝m+aeP ^-1 the method comprises the steps of carrying out a first treatment on the surface of the And since P is a large integer, aeP ^-1 Equivalent to a minuteThe parent is the largest, smaller fraction of the numerator, i.e., infinitely close to 0, m+ aeP ^-1 About equal to m.

The second ciphertext may thus be used to compare with the feature to be identified in order to determine a tag of the feature to be identified, for example with a facial feature of the user to be identified in order to determine the identity of the user to be identified.

It can be understood that in the embodiment of the present application, in order to facilitate calculation of the target key and processing of the first ciphertext by the target key, that is, merging and cancellation of the same term during calculation, the calculated amount of data and the length of data are effectively reduced, and the preset disturbance term, the first data, the second data, the first key and the second key may be polynomials. In addition, to further facilitate the simplification of each calculation result, each polynomial may be related to the same variable, for example, each polynomial related to w.

According to the data processing method provided by the embodiment of the application, the first node can generate the target key for processing the first ciphertext, the first ciphertext is processed by the target key and then decrypted by adopting the key associated with the second ciphertext, so that the result which is approximately the same as the result of the original plaintext data can be obtained, and the second ciphertext can play the same or similar role as the first ciphertext in the characteristic comparison and identification of the third node, namely, the results of the characteristic comparison and identification of the second ciphertext and the first ciphertext are the same or similar. Therefore, in the embodiment of the application, the transmission of different ciphertext feature libraries from the first node to the second node can be replaced by the transmission of different target keys, the first ciphertext is processed based on the target keys, the flow of obtaining the second ciphertext is arranged on the third node, the transmission data quantity from the first node to the second node is saved, and the data transmission pressure is greatly reduced. In addition, in some embodiments, the second node may not directly send to the third node after receiving the first ciphertext and the target key, but may send the first ciphertext and the target key after receiving the data request of the third node; therefore, when the second node receives a plurality of different target keys, the plurality of different target keys can be temporarily not distributed to each third node, and data transmission resources which are needed to be occupied by sending the target keys and the first ciphertext to the third node without ciphertext data requirements are saved.

A data processing method according to an embodiment of the present application is described above in terms of a first node, a second node, and a third node, and a data processing apparatus that performs the data processing method and respectively belongs to different subjects (e.g., a data center and respective lower departments) will be described below.

Referring to fig. 8, a schematic structural diagram of a data processing apparatus shown in fig. 8 is shown, which can be applied to a first node in a ciphertext data distribution scenario. The data processing device 60 in the embodiment of the present application can implement the steps corresponding to the data processing method performed by the first node in the embodiment corresponding to fig. 3 described above. The functions performed by the data processing device 60 may be realized by hardware, or may be realized by hardware executing corresponding software. The hardware or software includes one or more modules corresponding to the functions described above, which may be software and/or hardware. The data processing apparatus 60 may include an input/output module 601 and a processing module 602, and the functional implementation of the processing module 602 and the input/output module 601 may refer to the operations performed in the embodiment corresponding to fig. 1, which are not described herein. For example, the processing module 602 may be configured to control data transceiving operations of the input-output module 601.

In some embodiments, the input-output module 601 is configured to obtain a first key and a second key;

a processing module 602 configured to construct a target key based on the first key, the second key, wherein the target key is a two-dimensional vector including at least a first vector element and a second vector element, the first vector element being constructed based on the first key, the second key, and the second vector element;

the input/output module 601 is further configured to send the target key to a third node through a second node, so that the third node processes a first ciphertext from the second node based on the target key to obtain a second ciphertext, and a difference value between a first plaintext obtained by decrypting the first ciphertext through the first key and a second plaintext obtained by decrypting the second ciphertext through the second key accords with a preset threshold.

In some embodiments, the processing module 602 is further configured to generate first data according to a preset rule, and use the first data as the second vector element; and obtaining second data based on the first data, wherein the first data and the second data are opposite numbers; acquiring a preset disturbance item; and constructing the first vector element based on a product of the second data and the second key, a product of the first key and third data, and the predetermined perturbation term, wherein the third data is a large integer; and constructing the target key based on the first vector element and the second vector element.

In some implementations, the processing module 602 is further configured to generate the first ciphertext;

the input/output module 601 is further configured to send the first ciphertext to a third node through the second node, so that the third node processes the first ciphertext from the second node based on the target key to obtain the second ciphertext;

the data transmission terminal point is generated by the first node, each data of the third node is transmitted to the second node by the first node, and the second node receives the data request of the third node and then transmits the data request to the third node.

In some embodiments, the embodiment of the present application further provides a data processing apparatus applied to the second node, where the data processing apparatus may have the same structure as the apparatus shown in fig. 8 or fig. 9, and the data processing apparatus is capable of implementing the steps of the data processing method performed by the second node in the embodiment corresponding to fig. 3. The functions realized by the data processing device can be realized by hardware, and can also be realized by executing corresponding software by hardware. The hardware or software includes one or more units corresponding to the above functions, and the units may be software and/or hardware.

Referring to fig. 9, a schematic structural diagram of another data processing apparatus shown in fig. 9 is shown, which can be applied to a third node in a ciphertext data distribution scenario. The data processing apparatus 70 in the embodiment of the present application can implement the steps corresponding to the data processing method performed by the third node in the embodiment corresponding to fig. 3 described above. The functions performed by the data processing device 70 may be realized by hardware, or may be realized by hardware executing corresponding software. The hardware or software includes one or more units corresponding to the above functions, and the units may be software and/or hardware. The data processing apparatus 70 may include an input/output unit 701 and a processing unit 702, and the functional implementation of the processing unit 702 and the input/output unit 701 may refer to the operations performed in the embodiment corresponding to fig. 1, which are not described herein. For example, the processing unit 702 may be configured to control data transceiving operations of the input/output unit 701.

In some embodiments, the input-output unit 701 is configured to receive a target key from a second node, where the target key is constructed by a first node based on a first key and a second key, and the target key is a two-dimensional vector, and includes at least a first vector element and a second vector element, and the first vector element is constructed based on the first key, the second key and the second vector element;

The processing unit 702 is configured to process the first ciphertext acquired from the second node based on the target key, to obtain a second ciphertext;

In some embodiments, the processing unit 702 is further configured to obtain a first ciphertext element of the first ciphertext, and construct a first ciphertext vector based on the first ciphertext element and a preset value, where the first ciphertext is a two-dimensional vector, and at least includes a first ciphertext element and a second ciphertext element; obtaining a second ciphertext element of the first ciphertext, and constructing a second ciphertext vector based on the second ciphertext element, the target key and fourth data, wherein the fourth data and the third data are reciprocal; and constructing the second ciphertext based on the first ciphertext vector and the second ciphertext vector.

In some embodiments, the input-output unit 701 is further configured to send a data request to the second node; and receiving the target key sent by the second node based on the data request.

The data processing device of the embodiment of the application can generate the target key for processing the first ciphertext by the first node, and decrypt the first ciphertext by adopting the key associated with the second ciphertext after the first ciphertext is processed by the target key, so that the result which is approximately the same as the result of the original plaintext data can be obtained, and the second ciphertext can play the same or similar role as the first ciphertext in the characteristic comparison and the identification of the third node, namely, the result which performs the characteristic comparison and the identification of the second ciphertext is the same or similar. Therefore, in the embodiment of the application, the transmission of different ciphertext feature libraries from the first node to the second node can be replaced by the transmission of different target keys, the first ciphertext is processed based on the target keys, the flow of obtaining the second ciphertext is arranged on the third node, the transmission data quantity from the first node to the second node is saved, and the data transmission pressure is greatly reduced. In addition, in some embodiments, the second node may not directly send to the third node after receiving the first ciphertext and the target key, but may send the first ciphertext and the target key after receiving the data request of the third node; therefore, when the second node receives a plurality of different target keys, the plurality of different target keys can be temporarily not distributed to each third node, and data transmission resources which are needed to be occupied by sending the target keys and the first ciphertext to the third node without ciphertext data requirements are saved.

Having described the method and apparatus of the present embodiments, a description will now be made of a computer-readable storage medium of the present embodiments, which may be an optical disc, having stored thereon a computer program (i.e., a program product) that, when executed by a processor, performs the steps described in the method embodiments, for example, obtaining a first key and a second key; constructing a target key based on the first key and the second key, wherein the target key is a two-dimensional vector and at least comprises a first vector element and a second vector element, and the first vector element is constructed based on the first key, the second key and the second vector element; and sending the target secret key to a third node through a second node, so that the third node processes a first ciphertext from the second node based on the target secret key to obtain a second ciphertext, and the difference value between a first plaintext obtained by decrypting the first secret key and a second plaintext obtained by decrypting the second secret key by the first ciphertext accords with a preset threshold. The specific implementation of each step is not repeated here.

It should be noted that examples of the computer readable storage medium may also include, but are not limited to, a phase change memory (PRAM), a Static Random Access Memory (SRAM), a Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), a Read Only Memory (ROM), an Electrically Erasable Programmable Read Only Memory (EEPROM), a flash memory, or other optical or magnetic storage medium, which will not be described in detail herein.

The data processing apparatus 60 and the data processing apparatus 70 in the embodiment of the present application are described above in terms of modularized functional entities, and the data processing apparatus of the feature holder and the data processing apparatus of the tag holder in the embodiment of the present application are described below in terms of hardware processing, respectively.

It should be noted that, the physical devices corresponding to the input/output modules in the embodiments of the data processing apparatus of the present application (including the embodiments shown in fig. 8 and fig. 9) may be transceivers, radio frequency circuits, communication modules, input/output (I/O) interfaces, and the like, and the physical devices corresponding to the processing modules may be processors. The data processing apparatus shown in fig. 8 and 9 may have the structure shown in fig. 11.

For example, the data processing apparatus 60 shown in fig. 8 may have a structure as shown in fig. 10, and when the apparatus shown in fig. 8 has a structure as shown in fig. 10, the processor and the transceiver in fig. 10 can implement the same or similar functions as the processing module 602 and the input/output module 601 provided in the foregoing embodiment of the apparatus corresponding to the data processing apparatus 70, and the central memory in fig. 10 stores a computer program to be invoked when the processor performs the foregoing data processing method applied to the first node. In the embodiment of the present application shown in fig. 8, the entity device corresponding to the input/output module 601 may be an input/output interface, and the entity device corresponding to the processing module 602 may be a processor.

For another example, the data processing apparatus 70 shown in fig. 9 may have a structure as shown in fig. 10, and when the apparatus shown in fig. 9 has a structure as shown in fig. 10, the processor and the transceiver in fig. 10 can implement the same or similar functions as the processing unit 702 and the input-output unit 701 provided in the foregoing embodiment of the apparatus corresponding to the data processing apparatus 70, and the central memory in fig. 10 stores a computer program to be invoked when the processor performs the foregoing data processing method applied to the third node. In the embodiment of the present application shown in fig. 9, the physical device corresponding to the input/output unit 701 may be an input/output interface, and the physical device corresponding to the processing unit 702 may be a processor.

The embodiment of the present application further provides a terminal device, as shown in fig. 11, for convenience of explanation, only the portion relevant to the embodiment of the present application is shown, and specific technical details are not disclosed, please refer to the method portion of the embodiment of the present application. The terminal device may be any terminal device including a mobile phone, a tablet computer, a personal digital assistant (Personal Digital Assistant, PDA), a Point of Sales (POS), a vehicle-mounted computer, and the like, taking the terminal device as an example of the mobile phone:

Fig. 11 is a block diagram showing a part of the structure of a mobile phone related to a terminal device provided by an embodiment of the present application. Referring to fig. 11, the mobile phone includes: radio Frequency (RF) circuitry 1010, memory 1020, input unit 1030, display unit 1040, sensor 1050, audio circuitry 1060, wireless fidelity (wireless fidelity, wiFi) module 1070, processor 1080, and power source 1090. Those skilled in the art will appreciate that the handset configuration shown in fig. 11 is not limiting of the handset and may include more or fewer components than shown, or may combine certain components, or may be arranged in a different arrangement of components.

The following describes the components of the mobile phone in detail with reference to fig. 11:

the RF circuit 1010 may be used for receiving and transmitting signals during a message or a call, and particularly, after receiving downlink information of a base station, the signal is processed by the processor 1080; in addition, the data of the design uplink is sent to the base station. Generally, RF circuitry 1010 includes, but is not limited to, an antenna, at least one amplifier, a transceiver, a coupler, a Low noise amplifier (Low NoiseAmplifier, LNA), a duplexer, and the like. In addition, the RF circuitry 1010 may also communicate with networks and other devices via wireless communications. The wireless communications may use any communication standard or protocol including, but not limited to, global system for mobile communications (GlobalSystem of Mobile communication, GSM), general Packet radio service (General Packet RadioService, GPRS), code division multiple access (Code Division Multiple Access, CDMA), wideband code division multiple access (Wideband Code Division Multiple Access, WCDMA), long term evolution (Long Term Evolution, LTE), email, short message service (Short Messaging Service, SMS), and the like.

The memory 1020 may be used to store software programs and modules that the processor 1080 performs various functional applications and data processing of the handset by executing the software programs and modules stored in the memory 1020. The memory 1020 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program (such as a sound playing function, an image playing function, etc.) required for at least one function, and the like; the storage data area may store data (such as audio data, phonebook, etc.) created according to the use of the handset, etc. In addition, memory 1020 may include high-speed random access memory and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state memory device.

The input unit 1030 may be used to receive input numeric or character information and generate key signal inputs related to user settings and function control of the handset. In particular, the input unit 1030 may include a touch panel 1031 and other input devices 1032. The touch panel 1031, also referred to as a touch screen, may collect touch operations thereon or thereabout by a user (e.g., operations of the user on the touch panel 1031 or thereabout using any suitable object or accessory such as a finger, stylus, etc.), and drive the corresponding connection device according to a predetermined program. Alternatively, the touch panel 1031 may include two parts, a touch detection device and a touch controller. The touch detection device detects the touch azimuth of a user, detects a signal brought by touch operation and transmits the signal to the touch controller; the touch controller receives touch information from the touch detection device and converts it into touch point coordinates, which are then sent to the processor 1080 and can receive commands from the processor 1080 and execute them. Further, the touch panel 1031 may be implemented in various types such as resistive, capacitive, infrared, and surface acoustic wave. The input unit 1030 may include other input devices 1032 in addition to the touch panel 1031. In particular, other input devices 1032 may include, but are not limited to, one or more of a physical keyboard, function keys (e.g., volume control keys, switch keys, etc.), a track ball, a mouse, a joystick, etc.

The display unit 1040 may be used to display information input by a user or information provided to the user and various menus of the mobile phone. The display unit 1040 may include a display panel 1041, and alternatively, the display panel 1041 may be configured in the form of a Liquid crystal display (Liquid CrystalDisplay, LCD), an Organic Light-Emitting Diode (OLED), or the like. Further, the touch panel 1031 may overlay the display panel 1041, and when the touch panel 1031 detects a touch operation thereon or thereabout, the touch panel is transferred to the processor 1080 to determine a type of touch event, and then the processor 1080 provides a corresponding visual output on the display panel 1041 according to the type of touch event. Although in fig. 11, the touch panel 1031 and the display panel 1041 are two independent components to implement the input and output functions of the mobile phone, in some embodiments, the touch panel 1031 and the display panel 1041 may be integrated to implement the input and output functions of the mobile phone.

The handset may also include at least one sensor 1050, such as a light sensor, a motion sensor, and other sensors. Specifically, the light sensor may include an ambient light sensor and a proximity sensor, wherein the ambient light sensor may adjust the brightness of the display panel 1041 according to the brightness of ambient light, and the proximity sensor may turn off the display panel 1041 and/or the backlight when the mobile phone moves to the ear. As one of the motion sensors, the accelerometer sensor can detect the acceleration in all directions (generally three axes), and can detect the gravity and direction when stationary, and can be used for applications of recognizing the gesture of a mobile phone (such as horizontal and vertical screen switching, related games, magnetometer gesture calibration), vibration recognition related functions (such as pedometer and knocking), and the like; other sensors such as gyroscopes, barometers, hygrometers, thermometers, infrared sensors, etc. that may also be configured with the handset are not described in detail herein.

Audio circuitry 1060, a speaker 1061, and a microphone 1062 may provide an audio interface between a user and a cell phone. Audio circuit 1060 may transmit the received electrical signal after audio data conversion to speaker 1061 for conversion by speaker 1061 into an audio signal output; on the other hand, microphone 1062 converts the collected sound signals into electrical signals, which are received by audio circuit 1060 and converted into audio data, which are processed by audio data output processor 1080 for transmission to, for example, another cell phone via RF circuit 1010 or for output to memory 1020 for further processing.

WiFi belongs to a short-distance wireless transmission technology, and a mobile phone can help a user to send and receive emails, browse webpages, access streaming media and the like through a WiFi module 1070, so that wireless broadband Internet access is provided for the user. Although fig. 11 shows a WiFi module 1070, it is understood that it does not belong to the necessary constitution of the handset, and can be omitted entirely as required within the scope of not changing the essence of the invention.

Processor 1080 is the control center of the handset, connects the various parts of the entire handset using various interfaces and lines, and performs various functions and processes of the handset by running or executing software programs and/or modules stored in memory 1020, and invoking data stored in memory 1020, thereby performing overall monitoring of the handset. Optionally, processor 1080 may include one or more processing units; alternatively, processor 1080 may integrate an application processor primarily handling operating systems, user interfaces, applications, etc., with a modem processor primarily handling wireless communications. It will be appreciated that the modem processor described above may not be integrated into processor 1080.

The handset further includes a power source 1090 (e.g., a battery) for powering the various components, optionally in logical communication with the processor 1080 via a power management system, such as for managing charge, discharge, and power consumption by the power management system.

Although not shown, the mobile phone may further include a camera, a bluetooth module, etc., which will not be described herein.

In an embodiment of the present application, the processor 1080 included in the mobile phone further has a control unit for executing the above method flow executed by the data processing device 70 for obtaining the second ciphertext based on the received first ciphertext and the target key.

Fig. 12 is a schematic diagram of a server structure provided in an embodiment of the present application, where the server 1100 may vary considerably in configuration or performance, and may include one or more central processing units (central processing units, CPU) 1122 (e.g., one or more processors) and memory 1132, one or more storage mediums 1130 (e.g., one or more mass storage devices) storing applications 1142 or data 1144. Wherein the memory 1132 and the storage medium 1130 may be transitory or persistent. The program stored on the storage medium 1130 may include one or more modules (not shown), each of which may include a series of instruction operations on a server. Still further, the central processor 1122 may be provided in communication with a storage medium 1130, executing a series of instruction operations in the storage medium 1130 on the server 1100.

The Server 1100 may also include one or more power supplies 1120, one or more wired or wireless network interfaces 1150, one or more input-output interfaces 1158, and/or one or more operating systems 1141, such as Windows Server, mac OS X, unix, linux, freeBSD, and the like.

The steps performed by the server in the above embodiments may be based on the structure of the server 1100 shown in fig. 12. For example, the steps performed by the data processing apparatus 60 shown in fig. 12 in the above-described embodiment may be based on the server structure shown in fig. 12. For example, the CPU 1122 may perform the following operations by calling instructions in the memory 1132:

the first key and the second key are obtained through the input-output interface 1158;

the target key is sent to a third node through the second node by the input/output interface 1158, so that the third node processes the first ciphertext from the second node based on the target key to obtain a second ciphertext, and a difference value between a first plaintext obtained by decrypting the first ciphertext through the first key and a second plaintext obtained by decrypting the second ciphertext through the second key accords with a preset threshold.

In the foregoing embodiments, the descriptions of the embodiments are emphasized, and for parts of one embodiment that are not described in detail, reference may be made to related descriptions of other embodiments.

It will be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working processes of the systems, apparatuses and modules described above may refer to the corresponding processes in the foregoing method embodiments, which are not repeated herein.

In the embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other manners. For example, the apparatus embodiments described above are merely illustrative, and for example, the division of the modules is merely a logical function division, and there may be additional divisions when actually implemented, for example, multiple modules or components may be combined or integrated into another system, or some features may be omitted or not performed. Alternatively, the coupling or direct coupling or communication connection shown or discussed with each other may be an indirect coupling or communication connection via some interfaces, devices or modules, which may be in electrical, mechanical, or other forms.

The modules described as separate components may or may not be physically separate, and components shown as modules may or may not be physical modules, i.e., may be located in one place, or may be distributed over a plurality of network modules. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment.

In addition, each functional module in each embodiment of the present application may be integrated into one processing module, or each module may exist alone physically, or two or more modules may be integrated into one module. The integrated modules may be implemented in hardware or in software functional modules. The integrated modules, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer readable storage medium.

In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product.

The computer program product includes one or more computer instructions. When the computer program is loaded and executed on a computer, the flow or functions according to the embodiments of the present application are fully or partially produced. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be transmitted from one website, computer, server, or data center to another website, computer, server, or data center by a wired (e.g., coaxial cable, fiber optic, digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). The computer readable storage medium may be any available medium that can be stored by a computer or a data storage device such as a server, data center, etc. that contains an integration of one or more available media. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., solid State Disk (SSD)), etc.

The above description has been made in detail on the technical solutions provided by the embodiments of the present application, and specific examples are applied in the embodiments of the present application to illustrate the principles and implementation manners of the embodiments of the present application, where the above description of the embodiments is only for helping to understand the methods and core ideas of the embodiments of the present application; meanwhile, as for those skilled in the art, according to the idea of the embodiment of the present application, there are various changes in the specific implementation and application scope, and in summary, the present disclosure should not be construed as limiting the embodiment of the present application.

Claims

1. A data processing method applied to a first node, the method comprising:

acquiring a first key and a second key; the first key and the second key have the same data structure and are polynomials with the length of n;

constructing a target key based on the first key and the second key, wherein the target key is a two-dimensional vector and at least comprises a first vector element and a second vector element, and the first vector element is constructed based on the first key, the second key and the second vector element; the target key is constructed based on the result of multiplying the first key by a large integer, and the result of multiplying the opposite number of the second vector element by the second key;

2. The method of claim 1, wherein the constructing a target key based on the first key, the second key, further comprises:

generating first data according to a preset rule, and taking the first data as the second vector element;

acquiring second data based on the first data, wherein the first data and the second data are opposite in number;

acquiring a preset disturbance item;

constructing the first vector element based on the product of the second data and the second key, the product of the first key and third data and the preset disturbance term, wherein the third data is a large integer;

the target key is constructed based on the first vector element and the second vector element.

3. The method of claim 1 or 2, wherein the first node is further configured to generate the first ciphertext, and send the first ciphertext to the third node through the second node, such that the third node processes the first ciphertext from the second node based on the target key to obtain the second ciphertext;

4. A data processing method applied to a second node, the method comprising:

receiving a target key from a first node, wherein the target key is constructed by the first node based on the first key and the second key; the first key and the second key have the same data structure and are polynomials with the length of n; the target key is a two-dimensional vector and at least comprises a first vector element and a second vector element, wherein the first vector element is constructed based on the first key, the second key and the second vector element; the target key is constructed based on the result of multiplying the first key by a large integer, and the result of multiplying the opposite number of the second vector element by the second key;

5. A data processing method applied to a third node, the method comprising:

receiving a target key from a second node, wherein the target key is constructed by a first node based on a first key and a second key; the first key and the second key have the same data structure and are polynomials with the length of n; the target key is a two-dimensional vector and at least comprises a first vector element and a second vector element, wherein the first vector element is constructed based on the first key, the second key and the second vector element; the target key is constructed based on the result of multiplying the first key by a large integer, and the result of multiplying the opposite number of the second vector element by the second key;

6. The method of claim 5, wherein processing the first ciphertext based on the target key to obtain a second ciphertext comprises:

acquiring a first ciphertext element of the first ciphertext, and constructing a first ciphertext vector based on the first ciphertext element and a preset value, wherein the first ciphertext is a two-dimensional vector and at least comprises the first ciphertext element and a second ciphertext element;

acquiring a second ciphertext element of the first ciphertext, and constructing a second ciphertext vector based on the second ciphertext element, the target key and fourth data, wherein the fourth data and the third data are reciprocal;

and constructing the second ciphertext based on the first ciphertext vector and the second ciphertext vector.

7. The method of claim 5 or 6, wherein prior to the receiving the target key from the second node, the method further comprises:

transmitting a data request to the second node, such that the second node transmits the target key to the third node based on the data request;

the receiving the target key from the second node includes:

and receiving the target key sent by the second node based on the data request.

8. A data processing apparatus for use with a first node, the apparatus comprising:

the input-output module is configured to acquire a first key and a second key; the first key and the second key have the same data structure and are polynomials with the length of n;

a processing module configured to construct a target key based on the first key, the second key, wherein the target key is a two-dimensional vector including at least a first vector element and a second vector element, the first vector element being constructed based on the first key, the second key, and the second vector element; the target key is constructed based on the result of multiplying the first key by a large integer, and the result of multiplying the opposite number of the second vector element by the second key;

9. The apparatus of claim 8, wherein the processing module is further configured to generate first data according to a preset rule and take the first data as the second vector element; and obtaining second data based on the first data, wherein the first data and the second data are opposite numbers; acquiring a preset disturbance item; and constructing the first vector element based on a product of the second data and the second key, a product of the first key and third data, and the predetermined perturbation term, wherein the third data is a large integer; and constructing the target key based on the first vector element and the second vector element.

10. The apparatus of claim 8 or 9, wherein the processing module is further configured to generate the first ciphertext;

the input/output module is further configured to send the first ciphertext to a third node through the second node, so that the third node processes the first ciphertext from the second node based on the target key to obtain the second ciphertext;

11. A data processing apparatus for use in a third node, the apparatus comprising:

an input-output unit configured to receive a target key from a second node, wherein the target key is constructed by a first node based on a first key, a second key; the first key and the second key have the same data structure and are polynomials with the length of n; the target key is a two-dimensional vector and at least comprises a first vector element and a second vector element, wherein the first vector element is constructed based on the first key, the second key and the second vector element; the target key is constructed based on the result of multiplying the first key by a large integer, and the result of multiplying the opposite number of the second vector element by the second key;

12. The apparatus of claim 11, wherein the processing unit is further configured to obtain a first ciphertext element of the first ciphertext and construct a first ciphertext vector based on the first ciphertext element and a preset value, wherein the first ciphertext is a two-dimensional vector comprising at least a first ciphertext element and a second ciphertext element; obtaining a second ciphertext element of the first ciphertext, and constructing a second ciphertext vector based on the second ciphertext element, the target key and fourth data, wherein the fourth data and the third data are reciprocal; and constructing the second ciphertext based on the first ciphertext vector and the second ciphertext vector.

13. The apparatus of claim 11 or 12, wherein the input output unit is further configured to send a data request to the second node; and receiving the target key sent by the second node based on the data request.

14. A computing device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the method of any one of claims 1-3, or the method of claim 4, or the method of any one of claims 5-7 when executing the computer program.

15. A computer readable storage medium comprising instructions which, when run on a computer, cause the computer to perform the method of any one of claims 1-3, or to perform the method of claim 4, or to perform the method of any one of claims 5-7.

16. A chip system, comprising:

a communication interface for inputting and/or outputting information;

a processor for executing a computer executable program to cause a device on which the chip system is installed to perform the method of any one of claims 1-3, or to perform the method of claim 4, or to perform the method of any one of claims 5-7.