CN115883212A

CN115883212A - Information processing method, device, electronic equipment and storage medium

Info

Publication number: CN115883212A
Application number: CN202211525928.2A
Authority: CN
Inventors: 谢丹力; 吴磊
Original assignee: CCB Finetech Co Ltd
Current assignee: CCB Finetech Co Ltd
Priority date: 2022-11-30
Filing date: 2022-11-30
Publication date: 2023-03-31

Abstract

The present disclosure provides an information processing method, apparatus, electronic device, and storage medium, which can be applied to the technical field of information security, the field of financial technology, or other fields. The method comprises the following steps: splitting the plaintext of the information to be processed according to bits based on the encryption splitting parameter to obtain a plurality of sub-plaintext; encrypting each sub plaintext in the plurality of sub plaintext respectively by using a first elliptic curve parameter of the elliptic curve group to obtain a plurality of first sub ciphertext; generating a first ciphertext of the information to be processed based on the plurality of first sub-ciphertexts; and sending the first ciphertext to the second electronic device so that the second electronic device decrypts the first ciphertext based on the decryption reverse lookup table to obtain a plaintext.

Description

Information processing method, device, electronic equipment and storage medium

Technical Field

The present disclosure relates to the field of information security technology and the field of financial technology, and more particularly, to an information processing method and apparatus, an electronic device, and a storage medium.

Background

Data encryption and decryption and validity verification on the block chain are always in a pair of contradictions, if unencrypted data are sent to the block chain, privacy of data of an enterprise can be leaked, and if the data are encrypted, a universal encryption method can cause the data to lose the validity verification capability.

The proposal in the related art combines commitment with an elliptic curve encryption algorithm to ensure that encrypted data has the capability of validity verification, but is limited by the discrete logarithm problem on an elliptic curve, the decryption difficulty of the elliptic curve is greatly increased along with the increase of the bit number of the encrypted data, the scheme in the related art can only support the decryption of the encrypted data with lower bit number, and at least, the problems of poor usability and limited application range and scene exist.

Disclosure of Invention

In view of the above, the present disclosure provides an information processing method, apparatus, electronic device, readable storage medium, and computer program product.

One aspect of the present disclosure provides an information processing method applied to a first electronic device, where the method includes: splitting the plaintext of the information to be processed according to bits based on the encryption splitting parameter to obtain a plurality of sub-plaintext; encrypting each sub-plaintext in the plurality of sub-plaintext respectively by using a first elliptic curve parameter of an elliptic curve group to obtain a plurality of first sub-ciphertext; generating a first ciphertext of the information to be processed based on the plurality of first sub-ciphertexts; and sending the first ciphertext to a second electronic device, so that the second electronic device decrypts the first ciphertext based on a decryption anti-lookup table to obtain the plaintext.

Another aspect of the present disclosure provides an information processing method applied to a second electronic device, the method including: receiving a first ciphertext of information to be processed sent by first electronic equipment, wherein the first ciphertext comprises a plurality of first sub-ciphertexts; for each first sub-ciphertext, decrypting the first sub-ciphertext based on a decryption anti-lookup table to obtain a sub-plaintext corresponding to the first sub-ciphertext; and obtaining a plaintext of the information to be processed based on a plurality of sub-plaintext respectively corresponding to the plurality of first sub-ciphertexts.

Another aspect of the present disclosure provides an information processing apparatus provided in a first electronic device, the apparatus including: the splitting module is used for splitting the plaintext of the information to be processed according to bits based on the encryption splitting parameters to obtain a plurality of sub-plaintext; the first encryption module is used for respectively encrypting each sub-plaintext in the plurality of sub-plaintext by using a first elliptic curve parameter of an elliptic curve group to obtain a plurality of first sub-ciphertext; a first generating module, configured to generate a first ciphertext of the to-be-processed information based on the plurality of first sub-ciphertexts; and the first sending module is used for sending the first ciphertext to the second electronic equipment so that the second electronic equipment decrypts the first ciphertext based on the decryption reverse lookup table to obtain the plaintext.

Another aspect of the present disclosure provides an information processing apparatus provided in a second electronic device, the apparatus including: the first receiving module is used for receiving a first ciphertext of the information to be processed, which is sent by first electronic equipment, wherein the first ciphertext comprises a plurality of first sub-ciphertexts; the first decryption module is used for decrypting each first sub-ciphertext based on a decryption reverse look-up table to obtain a sub-plaintext corresponding to the first sub-ciphertext; and a first processing module, configured to obtain a plaintext of the to-be-processed information based on a plurality of sub-plaintext respectively corresponding to the plurality of first sub-ciphertext.

Another aspect of the present disclosure provides an electronic device including: one or more processors; a memory for storing one or more instructions, wherein the one or more instructions, when executed by the one or more processors, cause the one or more processors to implement the method as described above.

Another aspect of the present disclosure provides a computer-readable storage medium storing computer-executable instructions for implementing the method as described above when executed.

Another aspect of the disclosure provides a computer program product comprising computer executable instructions for implementing the method as described above when executed.

According to the embodiment of the disclosure, when information to be processed is encrypted, the plaintext of the information to be processed can be split into a plurality of sub-plaintext according to bits, each sub-plaintext is encrypted by using an elliptic curve group to obtain a first ciphertext, and when the information to be processed is decrypted, the first ciphertext can be decrypted by using a decryption reverse lookup table. The encryption and decryption process of the high-digit plaintext is split into a plurality of encryption and decryption processes of the low-digit plaintext by splitting the plaintext according to the digits and respectively encrypting the plaintext, so that the technical problems that the encryption method in the related technology cannot support decryption of high-digit data, the usability is poor and the application range and the scene are limited are at least partially solved, the time complexity and the resource consumption of information decryption are effectively reduced under the condition of ensuring the safety of information to be processed, and the method for decrypting by using table lookup can support the plaintext with any digit.

Drawings

The above and other objects, features and advantages of the present disclosure will become more apparent from the following description of the embodiments of the present disclosure with reference to the accompanying drawings, in which:

fig. 1 schematically shows an exemplary system architecture to which the information processing method and apparatus may be applied, according to an embodiment of the present disclosure.

Fig. 2 schematically shows a flowchart of an information processing method applied to a first electronic device according to an embodiment of the present disclosure.

Fig. 3 schematically shows a flow chart of a decryption look-back table generation method according to an embodiment of the present disclosure.

Fig. 4 schematically shows a flowchart of an information processing method applied to a second electronic device according to an embodiment of the present disclosure.

Fig. 5 schematically shows a flowchart of an information processing method applied to a first electronic device according to another embodiment of the present disclosure.

Fig. 6 schematically shows a flowchart of an information processing method applied to a second electronic device according to another embodiment of the present disclosure.

Fig. 7 schematically shows a flowchart of an information processing method applied to a first electronic device according to still another embodiment of the present disclosure.

Fig. 8 schematically shows a flowchart of an information processing method applied to a second electronic device according to still another embodiment of the present disclosure.

Fig. 9 schematically shows a block diagram of an information processing apparatus provided to a first electronic device according to an embodiment of the present disclosure.

Fig. 10 schematically shows a block diagram of an information processing apparatus provided to a second electronic device according to an embodiment of the present disclosure.

Fig. 11 schematically shows a block diagram of an electronic device adapted to implement an information processing method according to an embodiment of the present disclosure.

Detailed Description

Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is illustrative only and is not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present disclosure.

The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.

All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs, unless otherwise defined. It is noted that the terms used herein should be interpreted as having a meaning that is consistent with the context of this specification and should not be interpreted in an idealized or overly formal sense.

Where a convention analogous to "A, B and at least one of C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B and C" would include, but not be limited to, systems that have a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.). Where a convention analogous to "A, B or at least one of C, etc." is used, in general such a construction should be interpreted in the sense one having ordinary skill in the art would understand the convention (e.g., "a system having at least one of A, B or C" would include but not be limited to systems that have a alone, B alone, C alone, a and B, a and C, B and C, and/or A, B, C, etc.).

In the related art, a commitment based on cryptography, such as a bit commitment, a Pedersen commitment, etc., is a commonly used method for verifying data validity, and the commitment can further combine technical means such as a scope certification, a ring signature, a zero-knowledge certification, etc., verify the scope size of one commitment, and verify the size comparison among a plurality of commitments, etc. However, the related art has little research on the combined application of the commitment and the encryption algorithm, and the related research has a problem of low security. For example, a method for proving that Pedersen promises are associated with the El-Gamal encryption algorithm is proposed in the related art, the method can realize decryption and verification of encrypted data, but is limited by the discrete logarithm problem on an elliptic curve, and as the bit number of the encrypted data is increased, the calculation amount required by the method for decryption is greatly increased, so that the maximum supported encrypted data is 32 bits.

In view of this, embodiments of the present disclosure provide an information processing method, which can solve the discrete logarithm problem of any length by grouping and disassembling the discrete logarithm problem on the elliptic curve, so as to implement encryption and decryption of information with any number of bits.

Specifically, embodiments of the present disclosure provide an information processing method, apparatus, electronic device, storage medium, and computer program product. The method comprises the following steps: splitting the plaintext of the information to be processed according to bits based on the encryption splitting parameter to obtain a plurality of sub-plaintext; encrypting each sub plaintext in the plurality of sub plaintext respectively by using a first elliptic curve parameter of the elliptic curve group to obtain a plurality of first sub ciphertext; generating a first ciphertext of the information to be processed based on the plurality of first sub-ciphertexts; and sending the first ciphertext to the second electronic device so that the second electronic device decrypts the first ciphertext based on the decryption reverse lookup table to obtain a plaintext.

It should be noted that the information processing method and apparatus determined in the embodiments of the present disclosure may be used in the information security technology field or the financial technology field, and may also be used in any fields other than the information security technology field and the financial technology field. The application fields of the information processing method and the information processing device determined by the embodiment of the disclosure are not limited.

In the technical scheme of the disclosure, the acquisition, storage, application and the like of the personal information of the related user all accord with the regulations of related laws and regulations, necessary security measures are taken, and the customs of the public order is not violated.

In the technical scheme of the disclosure, before the personal information of the user is acquired or collected, the authorization or the consent of the user is acquired.

Fig. 1 schematically shows an exemplary system architecture to which the information processing method and apparatus may be applied, according to an embodiment of the present disclosure. It should be noted that fig. 1 is only an example of a system architecture to which the embodiments of the present disclosure may be applied to help those skilled in the art understand the technical content of the present disclosure, and does not mean that the embodiments of the present disclosure may not be applied to other devices, systems, environments or scenarios.

As shown in fig. 1, a system architecture 100 according to this embodiment may include

terminal devices

101, 102, 103 and a network 104.

The

terminal devices

101, 102, 103 may be various electronic devices including, but not limited to, smart phones, tablet computers, laptop portable computers, desktop computers, and the like. The

terminal devices

101, 102, 103 may have installed thereon various communication client applications, such as a shopping-like application, a web browser application, a search-like application, an instant messaging tool, a mailbox client, and/or social platform software, etc. (by way of example only).

The network 104 serves as a medium for providing communication links between the

terminal devices

101, 102, 103 and the server 105. Network 104 may include various connection types, such as wired and/or wireless communication links, and so forth.

At least one terminal device (for example, the terminal device 101) of the

terminal devices

101, 102, and 103 may serve as a first electronic device, and the terminal device 101 may execute the information processing method provided by the embodiment of the present disclosure to encrypt a plaintext of information to be processed, so as to obtain a first ciphertext. At least one of the

terminal devices

101, 102, and 103 (for example, the terminal device 102) except the terminal device serving as the first electronic device may serve as a second electronic device, and the terminal device 102 may execute the information processing method provided by the embodiment of the present disclosure to decrypt the first ciphertext of the information to be processed to obtain the plaintext of the information to be processed. Accordingly, the information processing apparatuses provided by the embodiments of the present disclosure may be provided on the terminal device 101 and the terminal device 102, respectively.

It should be understood that the number of terminal devices and networks in fig. 1 is merely illustrative. There may be any number of terminal devices and networks, as desired for implementation.

As shown in fig. 2, the method includes operations S201 to S204.

In operation S201, the plaintext of the information to be processed is split according to bits based on the encryption splitting parameter, so as to obtain a plurality of sub-plaintext.

In operation S202, each plaintext sub-block in the plurality of plaintext sub-blocks is encrypted by using the first elliptic curve parameter of the elliptic curve group, so as to obtain a plurality of first ciphertext sub-blocks.

In operation S203, a first ciphertext of the information to be processed is generated based on the plurality of first sub-ciphertexts.

In operation S204, the first ciphertext is sent to the second electronic device, so that the second electronic device decrypts the first ciphertext based on the decryption anti-lookup table to obtain a plaintext.

According to an embodiment of the present disclosure, the first electronic device may refer to an electronic device that encrypts information to be processed, and the first electronic device may include any kind of electronic device, such as a smart phone, a tablet computer, a computer, and the like.

According to the embodiment of the disclosure, the encryption splitting parameter may represent the maximum number of bits of each sub-plaintext, for example, if the number of bits of the plaintext of the information to be processed is n, and the encryption splitting parameter is u, the number of sub-plaintext obtained by splitting is n

That is, the number α of sub-plaintext is a value obtained by dividing the number n of bits of plaintext by the encryption splitting parameter u and rounding up. The number of bits of the 1 st to alpha-1 st sub-plain texts is u, and the number of bits of the alpha sub-plain text is n- (alpha-1) u. The encryption splitting parameter may be set according to a specific application scenario, for example, may be set to 8, 16, 32, and the like, and is not limited herein.

According to the embodiment of the disclosure, the information to be processed may be represented as a numerical value in an arbitrary system, and at this time, the plaintext of the information to be processed may refer to the information to be processed itself. Or, the information to be processed may be represented as data such as text, audio, character string, and the like, and at this time, the plaintext of the information to be processed may be a numerical value obtained by encoding the information to be processed.

According to an embodiment of the present disclosure, the elliptic curve group may include a preset prime order elliptic curve group, and the first elliptic curve parameter of the elliptic curve group may represent a generator of the elliptic curve group.

According to an embodiment of the present disclosure, encrypting the sub-plaintext by using the first elliptic curve parameter may be performing a dot product operation on the first elliptic curve parameter and the sub-plaintext, as shown in formula (1):

C1 ⁽ⁱ⁾ ＝m ⁽ⁱ⁾ G (1)

in formula (1), C1 ⁽ⁱ⁾ May represent the ith first sub-ciphertext; m is ⁽ⁱ⁾ The ith sub-plaintext may be represented; g may represent a first elliptic curve parameter; i =1,2.

According to an embodiment of the present disclosure, the first ciphertext may be represented as an array composed of a plurality of first sub-ciphertexts, i.e., the first ciphertext C1= (C1) ⁽¹⁾ ，...，C1 ^(α) )。

According to an embodiment of the present disclosure, the decryption lookaside table may include sub-tables respectively corresponding to each sub-plaintext. Each sub-table may include all plaintext data traversed within a value range determined based on the number of bits of the sub-plaintext and corresponding ciphertext data. Based on each sub-table, the sub-plaintext corresponding to each sub-ciphertext can be determined in a table lookup retrieval manner, and the ciphertext can be decrypted.

According to an embodiment of the present disclosure, the decryption look-up table may be generated by the first electronic device and sent to the second electronic device when the first electronic device and the second electronic device sign an encryption protocol, or the decryption look-up table may be sent to the second electronic device along with the first ciphertext, which is not limited herein.

According to an embodiment of the present disclosure, operation S201 may specifically include the following operations:

expanding the plaintext according to a preset scale to obtain a plurality of plaintext data, wherein the plaintext represents the sum of the plurality of plaintext data, and the plaintext data represents the exponential power of the preset value; grouping the plurality of plaintext data based on the encryption splitting parameter to obtain a plurality of data groups; and for each data group, obtaining a sub-plaintext corresponding to the data group based on a plurality of plaintext data included in the data group.

According to an embodiment of the present disclosure, the preset binary may include any binary, such as binary, ternary, etc. And expanding the plaintext according to a preset system, namely converting the plaintext into a form of sum of a plurality of exponential powers. For example, binary expansion of plaintext m may be expressed as m =2 ⁰ m ₀ +…+2 ^n-1 m _n-1 Wherein m is ₀ ，...，m _n-1 ＝0，1，m ₀ ，...，m _n-1 Respectively, as plaintext data. As another example, expanding the plaintext m in ternary may be expressed as m =3 ⁰ m ₀ +…+3 ^n-1 m _n-1 Wherein m is ₀ ，...，m _n-1 ＝0，1，2，m ₀ ，...，m _n-1 Respectively, as plaintext data.

According to an embodiment of the present disclosure, grouping the plurality of plaintext data may be performed according to an original arrangement order of the plurality of plaintext data, that is, according to an order in which power exponents of the plaintext data are arranged from small to large. For example, the binary expansion of plaintext m may be represented as m =2 ⁰ m ₀ +…+2 ^n-1 m _n-1 According to the encryption splitting parameter u, the plaintext m can be split to obtain a plurality of data groups a ⁽¹⁾ ，…，a ^(α) And can be expressed as: a is ⁽¹⁾ ＝(m ₀ ，...，2 ^u-1 m _u-1 )，a ⁽²⁾ ＝(2 ^u m _u ，...，2 ^2u-1 m _2u-1 )，…，a ^(α) ＝(2 ^(α-1)u m ₀ ，...，2 ^n-1 m _n-1 ). Accordingly, a plurality of sub-plaintext may refer to the sum of all elements in the corresponding data group, and may be represented as: m is a unit of ⁽¹⁾ ＝m ₀ +…+2 ^u-1 m _u-1 ，m ⁽²⁾ ＝2 ^u m _u +…+2 ^2u-1 m _2u-1 ，…，m ^(α) ＝2 ^(α-1)u m ₀ +…+2 ^n-1 m _n-1 。

According to the embodiment of the disclosure, while the plaintext of the information to be processed is split in bits, a decryption lookup table can be generated based on the encryption splitting parameter, the preset homomorphic addition depth and the first elliptic curve parameter. As an alternative embodiment, the first electronic device may generate a decryption lookup table in advance when determining the common parameter of the elliptic curve group, and send the decryption lookup table to the second electronic device, which is not limited herein. The common parameters of the elliptic curve group may include at least an order q, a generator G, and a secret parameter h, and the common parameters of the elliptic curve group are held by a ciphertext generator, that is, the first electronic device.

According to the embodiment of the disclosure, the decryption reverse lookup table T may include a plurality of reverse lookup sub-tables, and the plurality of reverse lookup sub-tables may be respectively expressed as { T } T ⁽¹⁾ ，T ⁽²⁾ ，...，T ^(α) And multiple reverse lookup sub-tables correspond to multiple sub-plaintexts respectively. In particular, the decryption lookaside table T may be generated by: against a sub-plaintext m in turn ⁽¹⁾ ∈[0，2 ^u+v ) Establishing a reverse lookup sub-table { T ⁽¹⁾ (M)＝m，m∈[0，2 ^u+v ) }; for sub-plaintext m ⁽²⁾ ∈[2 ^u ，2 ^2u+v ) Establishing reverse lookup sub-table { T ⁽²⁾ (M)＝m，m∈[2 ^u ，2 ^2u+v ) }; … …; for sub-plaintext m ^(α) ∈[2 ^(α-1)u ，2 ^n+v ) Establishing reverse lookup sub-table { T ^(α) (M)＝m，m∈[2 ^(α-1)u ，2 ^n+v )}。

According to the embodiment of the disclosure, the decryption reverse lookup table is used for decrypting the ciphertext, namely, the corresponding ciphertext element in the ciphertext sequence is determined according to the ciphertext, and then the corresponding plaintext element in the plaintext sequence is determined according to the corresponding relation between the element in the plaintext sequence and the element in the ciphertext sequence, wherein the plaintext element is a decryption result.

In the following embodiments, each reverse lookup table may include a plaintext sequence and a ciphertext sequence, and elements in the plaintext sequence and elements in the ciphertext sequence respectively correspond to each other in sequence.

As shown in fig. 3, the method includes operations S301 to S305.

In operation S301, for each sub plaintext, a dimension of an element in the initial plaintext sequence is determined based on the sub plaintext.

In operation S302, a plurality of plaintext sequence elements are generated based on the encryption splitting parameter, the preset homomorphic addition depth, and the dimension, and the plurality of plaintext sequence elements are filled to the initial plaintext Wen Xulie, so as to obtain a target plaintext sequence.

In operation S303, a plurality of ciphertext sequence elements are generated based on the first elliptic curve parameter and the plurality of plaintext sequence elements, and the plurality of ciphertext sequence elements are filled into the initial ciphertext sequence to obtain a target ciphertext sequence.

In operation S304, a reverse lookup sub-table corresponding to the sub-plaintext is obtained based on the target plaintext sequence and the target ciphertext sequence.

In operation S305, a decryption look-up table is obtained based on a plurality of look-up sub-tables respectively corresponding to the plurality of sub-plaintext.

According to an embodiment of the present disclosure, the preset homomorphic addition depth may be a preset parameter determined according to a specific application scenario. The preset homomorphic addition depth may represent the maximum number of homomorphic additions that may support ciphertext implementations. For example, if the preset homomorphic addition depth can be set as v, the maximum homomorphic addition number of ciphertext implementation with the depth of 1 can be supported to be 2 ^v Next, the process is carried out.

According to an embodiment of the present disclosure, the initial plaintext sequence may refer to a sequence having a preset length, and the preset length may be determined according to a preset carry, an encryption splitting parameter, and a preset homomorphic addition depth based on which the plaintext is split. For example, if the preset binary system adopted in splitting the plaintext m is binary system, the encryption splitting parameter is u, and the preset homomorphic addition depth is v, the preset length may be represented as 2 ^u+v I.e. 2 may be included in the original plaintext sequence ^u+v And (4) each element.

According to an embodiment of the present disclosure, the dimension of an element in the initial plaintext sequence may represent the greatest common factor of the respective plaintext data constituting the corresponding sub-plaintext. For example, the ith sub-plaintext in the plurality of sub-plaintext may be denoted as m ⁽ⁱ⁾ ＝2 ^(i-1) ^u m _u +…+2 ^iu-1 m _iu-1 The sub-plaintextThe plurality of plain text data included may be 2 each ^(i-1)u m _u ，…，2 ^iu-1 m _iu-1 From this, it can be determined that the greatest common factor of the plurality of plaintext data is 2 ^(i-1)u I.e. the dimension of the element in the initial plaintext sequence corresponding to the ith sub-plaintext is 2 ^(i-1)u 。

According to an embodiment of the present disclosure, the generating of the plurality of plaintext sequence elements based on the encryption splitting parameter, the preset homomorphic addition depth, and the dimension may be: based on the number of elements contained in the initial plaintext sequence, an initial value of each element is determined, and the initial value of each element is multiplied by the dimension to obtain each plaintext sequence element. For example, 2 may be included in the initial plaintext sequence corresponding to the ith sub-plaintext ^u+v An element, the dimension of the element in the initial plaintext sequence is 2 ^(i-1)u Then the initial value of each element is 1,2 ^u+v Each plaintext sequence element is 2 ^(i-1)u ，2×2 ^(i-1)u ，...，2 ^iu+v 。

According to an embodiment of the present disclosure, generating the plurality of ciphertext sequence elements based on the first elliptic curve parameter and the plurality of plaintext sequence elements may be: and performing point multiplication on each plaintext sequence element and the first elliptic curve parameter to obtain each ciphertext sequence element. For example, each plaintext sequence element is 2 ^(i-1)u ，2×2 ^(i-1)u ，...，2 ^iu+v Then, each plaintext sequence element is point-multiplied by the first elliptic curve parameter G to obtain each ciphertext sequence element which can be respectively expressed as 2 ^(i-1)u G，2×2 ^(i-1)u G，…，2 ^iu+v G。

According to the embodiment of the disclosure, the elements in the target plaintext sequence and the elements in the target ciphertext sequence are sequentially and respectively corresponded to obtain the reverse lookup sub-table corresponding to the sub-plaintext. In particular, element pairs may be generated based on corresponding plaintext sequence elements and ciphertext sequence elements, resulting in a look-back sub-table. For example, for the ith sub-plaintext, the plaintext sequence elements may be respectively represented as 2 ^(i-1)u ，2×2 ^(i-1)u ，...，2 ^iu+v The elements of the ciphertext sequence may be separateIs shown as 2 ^(i-1)u G，2×2 ^(i-1)u G，...，2 ^iu+v G, the reverse look-up sub-table T corresponding to the ith sub-plaintext ⁽ⁱ⁾ Can be represented as T ⁽ⁱ⁾ ＝{(2 ^(i-1)u ，2 ^(i-1) ^u G)，...，(2 ^iu+v ，2 ^iu+v G)}。

According to the embodiment of the disclosure, the decryption reverse lookup table is established in a grouping mode, and the total number of plaintext sequence elements in the decryption reverse lookup table is alpha multiplied by 2 ^u+v Compared with the method of directly creating the inverse lookup table in the related art, the total number of plaintext sequence elements in the inverse lookup table is 2 ^n+v Since the number of bits n of the plaintext is generally much larger than the encryption splitting parameter u, the total number of plaintext sequence elements in the anti-lookup table established in the related art is generally much larger than the total number of plaintext sequence elements in the decryption anti-lookup table established in the embodiment of the present disclosure, so that when the decryption anti-lookup table established in the embodiment of the present disclosure is applied to decrypt the ciphertext, the traversal number of the ciphertext elements can be effectively reduced, and further, the time complexity and the resource consumption during decryption are reduced.

As shown in fig. 4, the method includes operations S401 to S403.

In operation S401, a first ciphertext of information to be processed, which is sent by a first electronic device, is received, where the first ciphertext includes a plurality of first sub-ciphertexts.

In operation S402, for each first sub-ciphertext, the first sub-ciphertext is decrypted based on the decryption anti-lookup table, so as to obtain a sub-plaintext corresponding to the first sub-ciphertext.

In operation S403, a plaintext of the information to be processed is obtained based on a plurality of sub-plaintext respectively corresponding to the plurality of first sub-ciphertexts.

According to an embodiment of the present disclosure, the second electronic device may refer to an electronic device that decrypts information to be processed, and the second electronic device may include any kind of electronic device, such as a smart phone, a tablet computer, a computer, and the like.

According to an embodiment of the present disclosure, for each first sub-ciphertext C1 of the first ciphertext C1 ⁽¹⁾ ，...，C1 ^(α) T can be respectively found in each reverse look-up sub-table ⁽¹⁾ ，...，T ^(α) To obtain each sub-plaintext m by looking up the table ⁽¹⁾ ，...，m ^(α) 。

According to an embodiment of the present disclosure, obtaining a plaintext of information to be processed based on a plurality of sub-plaintext respectively corresponding to a plurality of first sub-ciphertext, may be as shown in formula (2):

in equation (2), m represents the plaintext of the information to be processed obtained by decryption.

According to the embodiment of the disclosure, the decryption of the encrypted data with any number of bits can be realized through the table lookup decryption method, so that the encryption and decryption method can solve the discrete logarithm problem with any length.

As shown in fig. 5, the method includes operations S501 to S505.

In operation S501, based on the encryption splitting parameter, the plaintext of the information to be processed is split by bits, so as to obtain a plurality of sub-plaintext.

In operation S502, a plurality of first keys are generated based on an initial key using a key derivation method, wherein the initial key represents a sum of the plurality of first keys, and the plurality of first keys correspond to each of the plurality of sub-plaintexts.

In operation S503, each sub plaintext in the plurality of sub plaintext is encrypted by using the first elliptic curve parameter, the second elliptic curve parameter of the elliptic curve group, and the first key corresponding to the sub plaintext, so as to obtain a plurality of second sub ciphertexts, wherein the second elliptic curve parameter represents a product of the first elliptic curve parameter and the first random number of the elliptic curve group.

In operation S504, a second ciphertext of the information to be processed is generated based on the plurality of second sub-ciphertexts.

In operation S505, the plurality of first keys, the second elliptic curve parameters, and the second ciphertext are sent to the second electronic device, so that the second electronic device decrypts the second ciphertext by using the plurality of first keys and the second elliptic curve parameters based on the decryption look-up table to obtain a plaintext.

According to the embodiment of the present disclosure, operation S501 may be implemented by applying the method of operation S201, and details are not described herein.

According to an embodiment of the present disclosure, a Key Derivation method may include any algorithm implemented based on a Key Derivation Function (KDF), which may refer to a Function that converts a password or Key into one or more keys. Key derivation methods may include, but are not limited to, HKDF (HMAC-based KDF, key derivation algorithm based on hashed message authentication code), bcrypt, argon2, and the like.

According to an embodiment of the present disclosure, generating the plurality of first keys based on the initial key using a key derivation method may include: alpha-1 first keys are generated for an initial key k by using a key derivation method, and the alpha-1 first keys can be respectively expressed as k ⁽¹⁾ ，...，k ^(α-1) And generating an alpha first key k according to the alpha-1 first keys ^(α) . Specifically, to ensure the connection relationship between the keys, the generated (i-1) th first key k can be used ^(i-1) As generation of the ith first key k ⁽ⁱ⁾ The input of time. Taking key derivation function as hash function H _s () As an example, the hash function H _s () Is a hash value of length s bits, s representing a number satisfying 2 ^s Q, which represents the order in the common parameter of the elliptic curve group, k may be used in generating the 1 st to alpha-1 st first keys ⁽⁰⁾ Setting to a preset value, and initializing a counter, for example, initializing a 32-bit counter ct =0x00000001, and executing formula (3) to generate the first key for i = 1.

k ⁽ⁱ⁾ ＝H _s (k ^(i-1 )||ct)mod q，ct++ (3)

In formula (3), k ^(i-1 ) The | | ct can represent splicing the i-1 st first key and the counter ct; ct + + can be expressed in generating k ⁽ⁱ⁾ After that, the value of the counter is incremented by one.

According to an embodiment of the present disclosure, after determining the α -1 first keys, the α -th first key k ^(α) Can be generated by equation (4):

according to an embodiment of the present disclosure, the second elliptic curve parameter H may represent a dot product of the first elliptic curve parameter G with a first random number, i.e., a secret parameter H in a common parameter of the elliptic curve group, i.e., H = hG. When encrypting with an elliptic curve, the second elliptic curve parameter H may be shared with the decrypter, i.e. the second electronic device.

According to an embodiment of the present disclosure, operation S503 may specifically include the following operations:

and for each sub plaintext, taking a first key corresponding to the sub plaintext as a blind factor, and calculating the commitment of the sub plaintext based on the first elliptic curve parameter and the second elliptic curve parameter to obtain a second sub ciphertext.

In accordance with embodiments of the present disclosure, the commitment may include, but is not limited to, a bit commitment, a Pedersen commitment, and the like, without limitation.

According to the embodiment of the disclosure, taking the commitment as the Pedersen commitment as an example, for the ith plaintext m ⁽ⁱ⁾ The process of calculating the ith second sub-ciphertext can be as shown in equation (5):

C2 ⁽ⁱ⁾ ＝m ⁽ⁱ⁾ G+k ⁽ⁱ⁾ H (5)

in formula (5), C2 ⁽ⁱ⁾ The ith second sub-ciphertext may be represented.

According to an embodiment of the present disclosure, the second ciphertext C2 of the information to be processed generated based on the plurality of second sub-ciphertexts may be represented as C2= (C2) ⁽¹⁾ ，...，C2 ^(α) )。

According to an embodiment of the present disclosure, the decryption anti-lookup table used in decrypting the second ciphertext may be generated based on the method shown in fig. 3, and will not be described herein again.

According to the embodiment of the present disclosure, since the commitment is used when encrypting the plaintext, the second ciphertext may be verified before decrypting the second ciphertext, specifically, the first electronic device may send the first elliptic curve parameter G, the second elliptic curve parameter H, the second ciphertext and the initial key to the verifying side device, and the verifying side device may verify the validity of the second ciphertext by determining whether the following formula (6) is satisfied:

according to the embodiment of the disclosure, any user or electronic equipment can perform decryptability verification on the second ciphertext. Decryptability may refer to that a certain ciphertext must be a result calculated by a certain encryption algorithm, rather than an undecipherable random number, that is, a second ciphertext is encrypted by the information processing method executed in the first electronic device.

The problem of decryptability of the above-described information processing method operating in the first electronic device is described below, taking as an example encryption of the plaintext x.

According to the embodiment of the present disclosure, assuming that the device a encrypts x, the encryption key of the device a is k1, and the encryption result is represented as C, the decryptability problem can be described as verifying that C is decryptable, that is, C is not a point on a randomly generated elliptic curve, but a ciphertext actually calculated by an encryption method.

According to an embodiment of the present disclosure, the decryptability certification of the ciphertext C may be obtained by:

device a may select a random number (s, k 2), encrypt s with k2 as the key, and convert the encryption result to the Pedersen commitment a = sG + k2H; device a may calculate e = Hash (a, C, msg) using any message string msg for signature; device a may then calculate z = s + e x, K = (K2 + e K1) H in sequence; the device A can increase the digital signature sig which takes k2+ e x k1 as a private key under a new elliptic curve taking H as a generating element; <xnotran> , C proof = (msg, z, A, K, sig). </xnotran>

According to an embodiment of the present disclosure, based on the decryptability certification, device B may verify the decryptability of ciphertext C by:

device B may compute E = Hash (a, C, msg) and convert the ciphertext C into Pedersen commitment Y = Pedersen (C), device B may compute E = a + E Y; and then, the device B can verify the validity of K, namely, the sign verification of sig is carried out on K, if the sign verification is successful, whether E is equal to zG + K or not can be judged, and if the E is equal to zG + K, the decryptability of Y can be ensured.

According to the embodiment of the present disclosure, when the second ciphertext encrypted by using the information processing method is under attack, if the attacker does not know m can k1 corresponding to Y, the forgery certificate needs to pass the verification, and two conditions need to be satisfied at the same time. Wherein condition one is that the attacker knows e = Hash (a, Y, msg); the second condition is that the attacker needs to provide r1, K = r2H, Y = sG + K2H, and K and Y belong to the elliptic curve group used in encryption so that it satisfies eY = (r 1-s) G + (r 2-K2) H. According to the anti-collision characteristic of Hash, if an attacker wants to simultaneously satisfy the above two conditions, the requirement is equivalent to 2 ⁿ The two independent random numbers in space have the same value, and according to the result of birthday paradox, the collision requirement 2 is constructed ^n/2 By operation, it is apparent that collisions require the consumption of significant computational resources. Therefore, the second ciphertext encrypted by the information processing method has anti-counterfeiting property.

As shown in fig. 6, the method includes operations S601 to S605.

In operation S601, an initial key, a second elliptic curve parameter and a second ciphertext of the information to be processed, which are sent by the first electronic device, are received, where the second ciphertext includes a plurality of second sub-ciphertexts.

In operation S602, a plurality of first keys are generated based on the initial key using a key derivation method, wherein the plurality of first keys correspond to the plurality of second sub-ciphertexts, respectively.

In operation S603, for each second sub-ciphertext, the second sub-ciphertext is processed using the first key and the second elliptic curve parameter corresponding to the second sub-ciphertext to obtain first ciphertext data.

In operation S604, the first ciphertext data is decrypted based on the decryption lookup table, so as to obtain a sub-plaintext corresponding to the second sub-ciphertext.

In operation S605, a plaintext of the information to be processed is obtained based on a plurality of sub-plaintext respectively corresponding to the plurality of second sub-ciphertexts.

According to an embodiment of the present disclosure, generating a plurality of first keys based on the initial key by using a key derivation method may be implemented by using the method of operation S502, and will not be described herein again.

According to the embodiment of the present disclosure, for the ith second sub-ciphertext, processing the ith second sub-ciphertext by using the ith first key and the second elliptic curve parameter to obtain the ith first ciphertext data may be as shown in formula (7):

m ₁ ⁽ⁱ⁾ G＝C2 ⁽ⁱ⁾ -k ⁽ⁱ⁾ H (7)

in formula (7), m ₁ ⁽ⁱ⁾ G may represent the ith first ciphertext data.

According to the embodiment of the disclosure, decrypting the first ciphertext data based on the decryption reverse lookup table may be matching the ith first ciphertext data in the ciphertext sequence of the ith reverse lookup sub-table, and determining a corresponding plaintext sequence element from the plaintext sequence after the matching is completed, so as to obtain the plaintext sequence element, i.e., the ith sub-plaintext.

As an alternative implementation, the second ciphertext decrypted by the second electronic device may be a ciphertext obtained by performing a homomorphic addition operation on a plurality of initial second ciphertexts, and each of the plurality of initial second ciphertexts may be obtained by encrypting through the methods in operations S501 to S504. Accordingly, the initial key may include a plurality of homomorphic addition keys, which may correspond to the plurality of initial second ciphertexts, respectively.

According to an embodiment of the present disclosure, operation S602 may further include the following operation:

generating a plurality of third keys based on the homomorphic addition key by using a key derivation method for each homomorphic addition key, wherein the plurality of third keys correspond to the plurality of second sub-ciphertexts respectively; and generating, for each second sub-ciphertext, a first key corresponding to the second sub-ciphertext based on a plurality of third keys corresponding to the second sub-ciphertext, respectively.

According to embodiments of the present disclosure, the initial key k may be a plurality of homomorphic addition keys k ₁ ，...，k _l A collection of (a). For homomorphic addition of the key k _i Alpha-1 third keys may be generated using a key derivation method

The alpha-th third key is->

According to an embodiment of the present disclosure, for the ith second sub-ciphertext, the corresponding first key may be determined by equation (8):

in equation (8), l may represent the number of homomorphic addition keys. Correspondingly, for the ith second sub-ciphertext, processing the second sub-ciphertext by using the ith first key and the second elliptic curve parameter to obtain the ith first ciphertext data, which may be shown in formula (9):

according to the embodiment of the disclosure, the deterministic encryption method obtained by combining the packet encryption method with the commitment realizes the unification of data encryption and decryption and validity verification. The deterministic encryption method can be applied to application scenes such as the field of block chains and the like which need to support one-time pad, and the ciphertext of the method can be further combined with means such as range certification, ring signature, zero knowledge certification and the like to implement verification of range size and the like.

As shown in fig. 7, the method includes operations S701 to S706.

In operation S701, the plaintext of the information to be processed is split according to bits based on the encryption splitting parameter, so as to obtain a plurality of sub-plaintext.

In operation S702, a plurality of second random numbers are generated from the elliptic curve group, wherein the plurality of second random numbers respectively correspond to the plurality of sub-plaintexts.

In operation S703, a second key transmitted by the trusted terminal is received, where the second key includes a product of the first elliptic curve parameter and a third random number, and the third random number includes a product generated by the trusted terminal based on an elliptic curve group.

In operation S704, for each sub-plaintext, the sub-plaintext is encrypted by using the first elliptic curve parameter, the second random number corresponding to the sub-plaintext, and the second key, so as to obtain a third sub-ciphertext.

In operation S705, a third ciphertext of the information to be processed is generated based on a plurality of third sub-ciphertexts respectively corresponding to the plurality of sub-plaintexts.

In operation S706, the third ciphertext is sent to the second electronic device, so that the second electronic device decrypts the third ciphertext based on the decryption anti-lookup table to obtain a plaintext.

According to an embodiment of the present disclosure, operation S701 may be implemented by applying the method of operation S201, and details are not described herein.

According to an embodiment of the present disclosure, the encryption method employed in operations S701 to S705 may be an asymmetric encryption method, wherein the trusted terminal may be configured to generate the public key and the private key based on the elliptic curve group. The private key is a third random number s generated by the trusted terminal based on the elliptic curve group, and the private key can be sent to the second electronic device by the trusted terminal and used for decrypting the third ciphertext. The public key, i.e. the second key PK received by the first electronic device, may be denoted PK = sG.

According to an embodiment of the present disclosure, the generating of the plurality of second random numbers from the elliptic curve group may be generating the plurality of second random numbers from a finite field of the elliptic curve group, and the plurality of second random numbers may be respectively represented as r ⁽¹⁾ ，...，r ^(α) 。

According to an embodiment of the present disclosure, operation S704 may specifically include the following operations:

for each sub plaintext, generating a fourth sub ciphertext based on the first elliptic curve parameter and a second random number corresponding to the sub plaintext; encrypting the sub-plaintext by using the first elliptic curve parameter, the second key and a second random number corresponding to the sub-plaintext to obtain a fifth sub-ciphertext; and obtaining a third sub-ciphertext based on the fourth sub-ciphertext and the fifth sub-ciphertext.

According to an embodiment of the present disclosure, for the ith sub-plaintext, a fourth sub-ciphertext may be generated based on the first elliptic curve parameter and the ith second random number, as shown in equation (10):

C4 ⁽ⁱ⁾ ＝r ⁽ⁱ⁾ G (10)

in formula (10), C4 ⁽ⁱ⁾ The ith fourth sub-ciphertext may be represented.

According to an embodiment of the present disclosure, for the ith sub-plaintext, a fifth sub-ciphertext may be generated based on the first elliptic curve parameter, the second key, and the ith second random number, as shown in equation (11):

C5 ⁽ⁱ⁾ ＝r ⁽ⁱ⁾ PK+m ⁽ⁱ⁾ G (11)

in formula (11), C5 ⁽ⁱ⁾ The ith fifth sub cipher text may be represented.

According to an embodiment of the present disclosure, the ith third sub-plaintext may represent a value pair composed of the ith fourth sub-ciphertext and the ith fifth sub-ciphertext, and the finally obtained third ciphertext may be as shown in equation (12):

C3＝(C4，C5)＝({C4 ⁽¹⁾ ，…，C4 ^(α) }，{C5 ⁽¹⁾ ，…，C5 ^(α) }) (12)

in equation (12), C3 may represent the third ciphertext.

As shown in fig. 8, the method includes operations S801 to S805.

In operation S801, a third ciphertext transmitted by the first electronic device is received, where the third ciphertext includes a plurality of third sub-ciphertexts, and the third sub-ciphertext includes a fourth sub-ciphertext and a fifth sub-ciphertext.

In operation S802, a third random number transmitted by the trusted terminal is received.

In operation S803, for each third sub-ciphertext, second ciphertext data is obtained based on the third random number, a fourth sub-ciphertext included in the third sub-ciphertext, and a fifth sub-ciphertext included in the third sub-ciphertext.

In operation S804, the second ciphertext data is decrypted based on the decryption lookup table, so as to obtain a sub-plaintext corresponding to the third sub-ciphertext.

In operation S805, a plaintext of the information to be processed is obtained based on a plurality of sub-plaintext respectively corresponding to the plurality of third sub-ciphertext.

According to the embodiment of the present disclosure, for the ith third sub-plaintext, obtaining the ith second ciphertext data based on the third random number, the ith fourth sub-ciphertext and the ith fifth sub-ciphertext may be as shown in equation (13):

m ₂ ⁽ⁱ⁾ G＝C5 ⁽ⁱ⁾ -s*C4 ⁽ⁱ⁾ (13)

in formula (13), m ₂ ⁽ⁱ⁾ G may represent the ith second ciphertext data.

According to the embodiment of the disclosure, the decrypting the second ciphertext data based on the decryption reverse lookup table may be matching the ith second ciphertext data in the ciphertext sequence of the ith reverse lookup sub-table, and determining a corresponding plaintext sequence element from the plaintext sequence after the matching is completed, so as to obtain the plaintext sequence element, i.e., the ith sub-plaintext.

As shown in fig. 9, the information processing apparatus 900 may include a splitting module 910, a first encrypting module 920, a first generating module 930, and a first transmitting module 940.

The splitting module 910 is configured to split the plaintext of the information to be processed according to bits based on the encryption splitting parameter, so as to obtain a plurality of sub-plaintext.

The first encryption module 920 is configured to encrypt each plaintext sub-plaintext in the plurality of plaintext sub-texts by using the first elliptic curve parameter of the elliptic curve group, so as to obtain a plurality of first ciphertext sub-texts.

A first generating module 930 configured to generate a first ciphertext of the information to be processed based on the plurality of first sub-ciphertexts.

The first sending module 940 is configured to send the first ciphertext to the second electronic device, so that the second electronic device decrypts the first ciphertext based on the decryption look-up table to obtain a plaintext.

According to an embodiment of the present disclosure, the splitting module 910 includes a first splitting unit, a second splitting unit, and a third splitting unit.

The first splitting unit is used for unfolding the plaintext according to a preset system to obtain a plurality of plaintext data, wherein the plaintext represents the sum of the plurality of plaintext data, and the plaintext data represents the exponential power of the preset value.

And the second splitting unit is used for grouping the plurality of plaintext data based on the encryption splitting parameter to obtain a plurality of data groups.

And the third splitting unit is used for obtaining a sub-plaintext corresponding to each data group based on a plurality of plaintext data included in the data group.

According to an embodiment of the present disclosure, the information processing apparatus 900 may further include a second generating module, a second encrypting module, a third generating module, and a second transmitting module.

And a second generating module, configured to generate a plurality of first keys based on the initial key by using a key derivation method, where the initial key represents a sum of the plurality of first keys, and the plurality of first keys correspond to the plurality of sub-plaintexts, respectively.

And the second encryption module is used for encrypting each sub plaintext in the plurality of sub plaintext by using the first elliptic curve parameter, the second elliptic curve parameter of the elliptic curve group and the first key corresponding to the sub plaintext to obtain a plurality of second sub ciphertext, wherein the second elliptic curve parameter represents the product of the first elliptic curve parameter and the first random number of the elliptic curve group.

And the third generation module is used for generating a second ciphertext of the information to be processed based on the plurality of second sub-ciphertexts.

The second sending module is configured to send the plurality of first keys, the second elliptic curve parameters and the second ciphertext to the second electronic device, so that the second electronic device decrypts the second ciphertext by using the plurality of first keys and the second elliptic curve parameters based on the decryption reverse lookup table to obtain a plaintext.

According to an embodiment of the present disclosure, the second encryption module includes a first encryption unit.

And the first encryption unit is used for calculating commitment of the sub-plaintext based on the first elliptic curve parameter and the second elliptic curve parameter by taking the first key corresponding to the sub-plaintext as a blind factor for each sub-plaintext so as to obtain a second sub-ciphertext.

According to an embodiment of the present disclosure, the information processing apparatus 900 may further include a fourth generating module, a second receiving module, a third encrypting module, a fifth generating module, and a third transmitting module.

And the fourth generation module is used for generating a plurality of second random numbers from the elliptic curve group, wherein the plurality of second random numbers respectively correspond to the plurality of sub-plaintexts.

And the second receiving module is used for receiving a second secret key sent by the trusted terminal, wherein the second secret key comprises a product of the first elliptic curve parameter and a third random number, and the third random number is generated by the trusted terminal based on the elliptic curve group.

And the third encryption module is used for encrypting each sub-plaintext by using the first elliptic curve parameter, the second random number corresponding to the sub-plaintext and the second key to obtain a third sub-ciphertext.

And the fifth generation module is used for generating a third ciphertext of the information to be processed based on a plurality of third sub-ciphertexts respectively corresponding to the plurality of sub-plaintexts.

And the third sending module is used for sending the third ciphertext to the second electronic device so that the second electronic device decrypts the third ciphertext based on the decryption reverse lookup table to obtain the plaintext.

According to an embodiment of the present disclosure, the third encryption module includes a second encryption unit, a third encryption unit, and a fourth encryption unit.

And the second encryption unit is used for generating a fourth sub ciphertext according to each sub plaintext based on the first elliptic curve parameter and a second random number corresponding to the sub plaintext.

And the third encryption unit is used for encrypting the sub-plaintext by using the first elliptic curve parameter, the second key and a second random number corresponding to the sub-plaintext to obtain a fifth sub-ciphertext.

And the fourth encryption unit is used for obtaining a third sub-ciphertext based on the fourth sub-ciphertext and the fifth sub-ciphertext.

According to an embodiment of the present disclosure, the information processing apparatus 900 may further include a sixth generating module and a fourth transmitting module.

And the sixth generation module is used for generating a decryption reverse lookup table based on the encryption splitting parameter, the preset homomorphic addition depth and the first elliptic curve parameter.

And the fourth sending module is used for sending the decryption reverse lookup table to the second electronic equipment.

According to the embodiment of the disclosure, the decryption reverse lookup table comprises a plurality of reverse lookup sub-tables, the plurality of reverse lookup sub-tables correspond to the plurality of sub-plain texts respectively, each reverse lookup sub-table comprises a plain text sequence and a cipher text sequence, and elements in the plain text sequence correspond to elements in the cipher text sequence respectively in sequence.

According to an embodiment of the present disclosure, the sixth generating module includes a first generating unit, a second generating unit, a third generating unit, a fourth generating unit, and a fifth generating unit.

A first generating unit configured to determine, for each child plaintext, a dimension of an element in the initial plaintext sequence based on the child plaintext.

And the second generation unit is used for generating a plurality of plaintext sequence elements based on the encryption splitting parameter, the preset homomorphic addition depth and the dimension, and filling the plurality of plaintext sequence elements to the initial plaintext Wen Xulie to obtain a target plaintext sequence.

And the third generating unit is used for generating a plurality of ciphertext sequence elements based on the first elliptic curve parameter and the plurality of plaintext sequence elements, and filling the plurality of ciphertext sequence elements into the initial ciphertext sequence to obtain the target ciphertext sequence.

And the fourth generating unit is used for obtaining a reverse lookup sub-table corresponding to the sub-plaintext based on the target plaintext sequence and the target ciphertext sequence.

And the fifth generating unit is used for obtaining a decryption reverse lookup table based on a plurality of reverse lookup sub-tables respectively corresponding to the plurality of sub-plaintexts.

As shown in fig. 10, the information processing apparatus 1000 may include a first receiving module 1010, a first decrypting module 1020, and a first processing module 1030.

The first receiving module 1010 is configured to receive a first ciphertext of the information to be processed, where the first ciphertext includes a plurality of first sub-ciphertexts.

The first decryption module 1020 is configured to decrypt, for each first sub-ciphertext, the first sub-ciphertext based on a decryption anti-lookup table to obtain a sub-plaintext corresponding to the first sub-ciphertext.

The first processing module 1030 is configured to obtain a plaintext of the information to be processed based on a plurality of sub-plaintext respectively corresponding to the plurality of first sub-ciphertext.

According to an embodiment of the present disclosure, the information processing apparatus 1000 may further include a third receiving module, a seventh generating module, a second processing module, a second decrypting module, and a third processing module.

And the third receiving module is used for receiving the initial key, the second elliptic curve parameters and a second ciphertext of the information to be processed, wherein the second ciphertext comprises a plurality of second sub-ciphertexts.

And a seventh generating module, configured to generate, by using a key derivation method, a plurality of first keys based on the initial key, where the plurality of first keys and the plurality of second sub ciphertexts each correspond to each other.

And the second processing module is used for processing each second sub-ciphertext by using the first key and the second elliptic curve parameter corresponding to the second sub-ciphertext to obtain first ciphertext data.

And the second decryption module is used for decrypting the first ciphertext data based on the decryption reverse look-up table to obtain a sub plaintext corresponding to the second sub ciphertext.

And the third processing module is used for obtaining the plaintext of the information to be processed based on a plurality of sub-plaintext respectively corresponding to the plurality of second sub-ciphertext.

According to an embodiment of the present disclosure, the initial key includes a plurality of homomorphic addition keys.

According to an embodiment of the present disclosure, the seventh generating module includes a sixth generating unit and a seventh generating unit.

And a sixth generation unit configured to generate, for each homomorphic addition key, a plurality of third keys based on the homomorphic addition key by using a key derivation method, wherein the plurality of third keys correspond to the plurality of second sub-ciphertexts, respectively.

A seventh generation unit configured to generate, for each second sub ciphertext, the first key corresponding to the second sub ciphertext based on a plurality of third keys corresponding to the second sub ciphertext, respectively.

According to an embodiment of the present disclosure, the information processing apparatus 1000 may further include a fourth receiving module, a fifth receiving module, a fourth processing module, a third decrypting module, and a fifth processing module.

And the fourth receiving module is used for receiving a third ciphertext transmitted by the first electronic device, wherein the third ciphertext comprises a plurality of third sub-ciphertexts, and the third sub-ciphertext comprises a fourth sub-ciphertext and a fifth sub-ciphertext.

And the fifth receiving module is used for receiving the third random number sent by the credible terminal.

And the fourth processing module is used for obtaining second ciphertext data based on the third random number, the fourth sub ciphertext included in the third sub ciphertext and the fifth sub ciphertext included in the third sub ciphertext for each third sub ciphertext.

And the third decryption module is used for decrypting the second ciphertext data based on the decryption reverse look-up table to obtain a sub-plaintext corresponding to the third sub-ciphertext.

And the fifth processing module is used for obtaining the plaintext of the information to be processed based on a plurality of sub-plaintext respectively corresponding to the plurality of third sub-ciphertext.

Any number of modules, sub-modules, units, sub-units, or at least part of the functionality of any number thereof according to embodiments of the present disclosure may be implemented in one module. Any one or more of the modules, sub-modules, units, and sub-units according to the embodiments of the present disclosure may be implemented by being split into a plurality of modules. Any one or more of the modules, sub-modules, units, sub-units according to embodiments of the present disclosure may be implemented at least in part as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented in any other reasonable manner of hardware or firmware by integrating or packaging a circuit, or in any one of or a suitable combination of software, hardware, and firmware implementations. Alternatively, one or more of the modules, sub-modules, units, sub-units according to embodiments of the disclosure may be at least partially implemented as a computer program module, which when executed may perform the corresponding functions.

For example, the splitting module 910, the first encryption module 920, the first generation module 930, and the first sending module 940, or any multiple of the first receiving module 1010, the first decryption module 1020, and the first processing module 1030 may be combined and implemented in one module/unit/sub-unit, or any one module/unit/sub-unit thereof may be split into multiple modules/units/sub-units. Alternatively, at least part of the functionality of one or more of these modules/units/sub-units may be combined with at least part of the functionality of other modules/units/sub-units and implemented in one module/unit/sub-unit. According to the embodiment of the present disclosure, the splitting module 910, the first encrypting module 920, the first generating module 930, and the first transmitting module 940, or at least one of the first receiving module 1010, the first decrypting module 1020, and the first processing module 1030 may be at least partially implemented as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented by hardware or firmware in any other reasonable manner of integrating or packaging a circuit, or implemented by any one of three implementations of software, hardware, and firmware, or by a suitable combination of any of them. Alternatively, the splitting module 910, the first encrypting module 920, the first generating module 930 and the first sending module 940, or at least one of the first receiving module 1010, the first decrypting module 1020 and the first processing module 1030 may be at least partially implemented as a computer program module, which when executed, may perform a corresponding function.

It should be noted that the information processing apparatus portion in the embodiments of the present disclosure corresponds to the information processing method portion in the embodiments of the present disclosure, and the description of the information processing apparatus portion specifically refers to the information processing method portion, and is not repeated herein.

Fig. 11 schematically shows a block diagram of an electronic device adapted to implement an information processing method according to an embodiment of the present disclosure. The electronic device shown in fig. 11 is only an example, and should not bring any limitation to the functions and the use range of the embodiment of the present disclosure.

As shown in fig. 11, a computer electronic device 1100 according to an embodiment of the present disclosure includes a processor 1101, which can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 1102 or a program loaded from a storage section 1108 into a Random Access Memory (RAM) 1103. The processor 1101 may comprise, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or associated chipset, and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), among others. The processor 1101 may also include on-board memory for caching purposes. The processor 1101 may comprise a single processing unit or a plurality of processing units for performing the different actions of the method flows according to the embodiments of the present disclosure.

In the RAM 1103, various programs and data necessary for the operation of the electronic device 1100 are stored. The processor 1101, the ROM 1102, and the RAM 1103 are connected to each other by a bus 1104. The processor 1101 performs various operations of the method flow according to the embodiments of the present disclosure by executing programs in the ROM 1102 and/or RAM 1103. It is noted that the programs may also be stored in one or more memories other than the ROM 1102 and RAM 1103. The processor 1101 may also perform various operations of the method flows according to the embodiments of the present disclosure by executing programs stored in the one or more memories.

Electronic device 1100 may also include input/output (I/O) interface 1105, input/output (I/O) interface 1105 also connected to bus 1104, according to an embodiment of the disclosure. Electronic device 1100 may also include one or more of the following components connected to I/O interface 1105: an input portion 1106 including a keyboard, mouse, and the like; an output portion 1107 including a signal output unit such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and a speaker; a storage section 1108 including a hard disk and the like; and a communication portion 1109 including a network interface card such as a LAN card, a modem, or the like. The communication section 1109 performs communication processing via a network such as the internet. A driver 1110 is also connected to the I/O interface 1105 as necessary. A removable medium 1111, such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like, is installed on the drive 1110 as necessary, so that a computer program read out therefrom is installed into the storage section 1108 as necessary.

According to an embodiment of the present disclosure, the method flow according to an embodiment of the present disclosure may be implemented as a computer software program. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer-readable storage medium, the computer program containing program code for performing the method illustrated by the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network through the communication portion 1109 and/or installed from the removable medium 1111. The computer program, when executed by the processor 1101, performs the above-described functions defined in the system of the embodiments of the present disclosure. The systems, devices, apparatuses, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the present disclosure.

The present disclosure also provides a computer-readable storage medium, which may be contained in the apparatus/device/system described in the above embodiments; or may exist separately and not be assembled into the device/apparatus/system. The computer-readable storage medium carries one or more programs which, when executed, implement the method according to an embodiment of the disclosure.

According to an embodiment of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium. Examples may include, but are not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present disclosure, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.

For example, according to an embodiment of the present disclosure, a computer-readable storage medium may include the ROM 1102 and/or the RAM 1103 described above and/or one or more memories other than the ROM 1102 and the RAM 1103.

Embodiments of the present disclosure also include a computer program product comprising a computer program containing program code for performing the method provided by the embodiments of the present disclosure, when the computer program product is run on an electronic device, the program code being configured to cause the electronic device to implement the information processing method provided by the embodiments of the present disclosure.

The computer program, when executed by the processor 1101, performs the above-described functions defined in the system/apparatus of the embodiments of the present disclosure. The systems, apparatuses, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the present disclosure.

In one embodiment, the computer program may be hosted on a tangible storage medium such as an optical storage device, a magnetic storage device, or the like. In another embodiment, the computer program may also be transmitted in the form of a signal on a network medium, distributed, downloaded and installed via the communication part 1109, and/or installed from the removable medium 1111. The computer program containing program code may be transmitted using any suitable network medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.

In accordance with embodiments of the present disclosure, program code for executing computer programs provided by embodiments of the present disclosure may be written in any combination of one or more programming languages, and in particular, these computer programs may be implemented using high level procedural and/or object oriented programming languages, and/or assembly/machine languages. The programming language includes, but is not limited to, programming languages such as Java, C + +, python, the "C" language, or the like. The program code may execute entirely on the user computing device, partly on the user device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).

The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems that perform the specified functions or acts, or combinations of special purpose hardware and computer instructions. Those skilled in the art will appreciate that various combinations and/or combinations of features recited in the various embodiments and/or claims of the present disclosure can be made, even if such combinations or combinations are not expressly recited in the present disclosure. In particular, various combinations and/or combinations of the features recited in the various embodiments and/or claims of the present disclosure may be made without departing from the spirit or teaching of the present disclosure. All such combinations and/or associations are within the scope of the present disclosure.

The embodiments of the present disclosure have been described above. However, these examples are for illustrative purposes only and are not intended to limit the scope of the present disclosure. Although the embodiments are described separately above, this does not mean that the measures in the embodiments cannot be used in advantageous combination. The scope of the disclosure is defined by the appended claims and equivalents thereof. Various alternatives and modifications can be devised by those skilled in the art without departing from the scope of the disclosure, and these alternatives and modifications are intended to fall within the scope of the disclosure.

Claims

1. An information processing method is applied to a first electronic device, and comprises the following steps:

splitting the plaintext of the information to be processed according to bits based on the encryption splitting parameter to obtain a plurality of sub-plaintext;

encrypting each sub plaintext in the plurality of sub plaintext respectively by using a first elliptic curve parameter of an elliptic curve group to obtain a plurality of first sub ciphertext;

generating a first ciphertext of the information to be processed based on the plurality of first sub-ciphertexts; and

and sending the first ciphertext to second electronic equipment so that the second electronic equipment decrypts the first ciphertext based on a decryption reverse lookup table to obtain the plaintext.

2. The method according to claim 1, wherein the bit-splitting the plaintext of the information to be processed based on the encryption splitting parameter to obtain a plurality of sub-plaintext, comprises:

expanding the plaintext according to a preset scale to obtain a plurality of plaintext data, wherein the plaintext represents the sum of the plurality of plaintext data, and the plaintext data represents the exponential power of a preset value;

grouping the plurality of plaintext data based on the encryption splitting parameter to obtain a plurality of data groups; and

for each data group, obtaining a sub-plaintext corresponding to the data group based on the plurality of plaintext data included in the data group.

3. The method of claim 1, further comprising:

generating a plurality of first keys based on an initial key by using a key derivation method, wherein the initial key represents the sum of the plurality of first keys, and the plurality of first keys correspond to the plurality of sub plain texts respectively;

encrypting each sub plaintext in the plurality of sub plaintext by using the first elliptic curve parameter, a second elliptic curve parameter of the elliptic curve group and the first key corresponding to the sub plaintext to obtain a plurality of second sub ciphertext, wherein the second elliptic curve parameter represents a product of the first elliptic curve parameter and a first random number of the elliptic curve group;

generating a second ciphertext of the information to be processed based on the plurality of second sub-ciphertexts; and

and sending the plurality of first keys, the second elliptic curve parameters and the second ciphertext to the second electronic device, so that the second electronic device decrypts the second ciphertext by using the plurality of first keys and the second elliptic curve parameters based on the decryption reverse look-up table to obtain the plaintext.

4. The method of claim 3, wherein the encrypting each sub-plaintext in the plurality of sub-plaintext using the first elliptic curve parameter, a second elliptic curve parameter of the elliptic curve group, and the first key corresponding to the sub-plaintext to obtain a plurality of second sub-ciphertext comprises:

for each sub plaintext, taking a first key corresponding to the sub plaintext as a blind factor, and calculating a commitment of the sub plaintext based on the first elliptic curve parameter and the second elliptic curve parameter to obtain the second sub ciphertext.

5. The method of claim 1, further comprising:

generating a plurality of second random numbers from the elliptic curve group, wherein the plurality of second random numbers respectively correspond to the plurality of sub-plain texts;

receiving a second key sent by a trusted terminal, wherein the second key comprises a product of the first elliptic curve parameter and a third random number, the third random number comprising a product generated by the trusted terminal based on the elliptic curve group;

for each sub plaintext, encrypting the sub plaintext by using the first elliptic curve parameter, a second random number corresponding to the sub plaintext and the second key to obtain a third sub ciphertext;

generating a third ciphertext of the information to be processed based on a plurality of third sub-ciphertexts respectively corresponding to the plurality of sub-plaintexts; and

and sending the third ciphertext to the second electronic device, so that the second electronic device decrypts the third ciphertext based on the decryption reverse lookup table to obtain the plaintext.

6. The method according to claim 5, wherein the encrypting the sub-plaintext using the first elliptic curve parameter, a second random number corresponding to the sub-plaintext, and the second key for each of the sub-plaintext to obtain a third sub-ciphertext comprises:

for each sub plaintext, generating a fourth sub ciphertext based on the first elliptic curve parameter and a second random number corresponding to the sub plaintext;

encrypting the sub-plaintext by using the first elliptic curve parameter, the second key and a second random number corresponding to the sub-plaintext to obtain a fifth sub-ciphertext; and

and obtaining the third sub-ciphertext based on the fourth sub-ciphertext and the fifth sub-ciphertext.

7. The method of any of claims 1-6, further comprising:

generating the decryption reverse lookup table based on the encryption splitting parameter, the preset homomorphic addition depth and the first elliptic curve parameter; and

and sending the decryption reverse look-up table to the second electronic equipment.

8. The method according to claim 7, wherein the decryption reverse lookup table comprises a plurality of reverse lookup sub-tables, the plurality of reverse lookup sub-tables respectively correspond to the plurality of sub-plain texts, each reverse lookup sub-table comprises a plain text sequence and a cipher text sequence, and elements in the plain text sequence respectively correspond to elements in the cipher text sequence in sequence;

wherein the generating the decryption look-up table based on the encryption splitting parameter, the preset homomorphic addition depth and the first elliptic curve parameter comprises:

for each of the sub-plaintexts, determining dimensions of elements in the initial plaintext sequence based on the sub-plaintexts;

generating a plurality of plaintext sequence elements based on the encryption splitting parameter, the preset homomorphic addition depth and the dimension, and filling the plurality of plaintext sequence elements into the initial plaintext sequence to obtain a target plaintext sequence;

generating a plurality of ciphertext sequence elements based on the first elliptic curve parameter and the plurality of plaintext sequence elements, and filling the plurality of ciphertext sequence elements into an initial ciphertext sequence to obtain a target ciphertext sequence;

obtaining a reverse lookup sub-table corresponding to the sub-plaintext based on the target plaintext sequence and the target ciphertext sequence; and

and obtaining the decryption reverse lookup table based on a plurality of reverse lookup sub-tables respectively corresponding to the plurality of sub-plaintexts.

9. An information processing method applied to a second electronic device, the method comprising:

receiving a first ciphertext of information to be processed sent by first electronic equipment, wherein the first ciphertext comprises a plurality of first sub-ciphertexts;

for each first sub-ciphertext, decrypting the first sub-ciphertext based on a decryption reverse lookup table to obtain a sub-plaintext corresponding to the first sub-ciphertext; and

and obtaining the plaintext of the information to be processed based on the plurality of sub-plaintext respectively corresponding to the plurality of first sub-ciphertexts.

10. The method of claim 9, further comprising:

receiving an initial key, a second elliptic curve parameter and a second ciphertext of the information to be processed, wherein the second ciphertext comprises a plurality of second sub-ciphertexts, and the initial key is sent by the first electronic device;

generating a plurality of first keys based on the initial key by using a key derivation method, wherein the plurality of first keys correspond to the plurality of second sub ciphertexts respectively;

for each second sub ciphertext, processing the second sub ciphertext by using a first key corresponding to the second sub ciphertext and the second elliptic curve parameter to obtain first ciphertext data;

decrypting the first ciphertext data based on the decryption reverse lookup table to obtain a sub-plaintext corresponding to the second sub-ciphertext; and

and obtaining the plaintext of the information to be processed based on the plurality of sub-plaintext respectively corresponding to the plurality of second sub-ciphertext.

11. The method of claim 10, wherein the initial key comprises a plurality of homomorphic addition keys;

wherein the generating a plurality of first keys based on the initial key using a key derivation method comprises:

generating a plurality of third keys based on the homomorphic addition key by using a key derivation method for each homomorphic addition key, wherein the plurality of third keys respectively correspond to the plurality of second sub-ciphertexts; and

generating, for each of the second sub-ciphertexts, a first key corresponding to the second sub-cipher text based on a plurality of third keys corresponding to the second sub-cipher text, respectively.

12. The method of claim 9, further comprising:

receiving a third ciphertext transmitted by the first electronic device, wherein the third ciphertext comprises a plurality of third sub-ciphertexts, and the third sub-ciphertext comprises a fourth sub-ciphertext and a fifth sub-ciphertext;

receiving a third random number sent by the trusted terminal;

for each third sub ciphertext, obtaining second ciphertext data based on the third random number, a fourth sub ciphertext included in the third sub ciphertext, and a fifth sub ciphertext included in the third sub ciphertext;

decrypting the second ciphertext data based on the decryption reverse lookup table to obtain a sub-plaintext corresponding to the third sub-ciphertext; and

and obtaining the plaintext of the information to be processed based on the plurality of sub-plaintext respectively corresponding to the plurality of third sub-ciphertexts.

13. An information processing apparatus provided in a first electronic device, the apparatus comprising:

the splitting module is used for splitting the plaintext of the information to be processed according to bits based on the encryption splitting parameters to obtain a plurality of sub-plaintext;

the first encryption module is used for respectively encrypting each sub-plaintext in the plurality of sub-plaintext by using a first elliptic curve parameter of an elliptic curve group to obtain a plurality of first sub-ciphertext;

a first generating module, configured to generate a first ciphertext of the information to be processed based on the plurality of first sub-ciphertexts; and

and the first sending module is used for sending the first ciphertext to the second electronic equipment so that the second electronic equipment decrypts the first ciphertext based on a decryption reverse look-up table to obtain the plaintext.

14. An information processing apparatus provided in a second electronic device, the apparatus comprising:

the first receiving module is used for receiving a first ciphertext of the information to be processed, which is sent by the first electronic device, wherein the first ciphertext comprises a plurality of first sub-ciphertexts;

the first decryption module is used for decrypting each first sub-ciphertext based on a decryption reverse look-up table to obtain a sub-plaintext corresponding to the first sub-ciphertext; and

and the first processing module is used for obtaining the plaintext of the information to be processed based on the plurality of sub-plaintext respectively corresponding to the plurality of first sub-ciphertexts.

15. An electronic device, comprising:

one or more processors;

a memory to store one or more instructions that,

wherein the one or more instructions, when executed by the one or more processors, cause the one or more processors to implement the method of any one of claims 1-8 or the method of any one of claims 9-12.

16. A computer readable storage medium having stored thereon executable instructions which, when executed by a processor, cause the processor to carry out the method of any one of claims 1 to 8, or carry out the method of any one of claims 9 to 12.

17. A computer program product comprising computer executable instructions for implementing the method of any one of claims 1 to 8, or for implementing the method of any one of claims 9 to 12, when executed.