CN116366226A - Data processing method and device combining two parties - Google Patents

Data processing method and device combining two parties Download PDF

Info

Publication number
CN116366226A
CN116366226A CN202310335953.2A CN202310335953A CN116366226A CN 116366226 A CN116366226 A CN 116366226A CN 202310335953 A CN202310335953 A CN 202310335953A CN 116366226 A CN116366226 A CN 116366226A
Authority
CN
China
Prior art keywords
ciphertext
vectors
vector
party
reconstruction
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310335953.2A
Other languages
Chinese (zh)
Inventor
李漓春
尹栋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ant Blockchain Technology Shanghai Co Ltd
Original Assignee
Ant Blockchain Technology Shanghai Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ant Blockchain Technology Shanghai Co Ltd filed Critical Ant Blockchain Technology Shanghai Co Ltd
Priority to CN202310335953.2A priority Critical patent/CN116366226A/en
Publication of CN116366226A publication Critical patent/CN116366226A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/008Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F17/00Digital computing or data processing equipment or methods, specially adapted for specific functions
    • G06F17/10Complex mathematical operations
    • G06F17/16Matrix or vector computation, e.g. matrix-matrix or matrix-vector multiplication, matrix factorization
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/46Secure multiparty computation, e.g. millionaire problem
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02PCLIMATE CHANGE MITIGATION TECHNOLOGIES IN THE PRODUCTION OR PROCESSING OF GOODS
    • Y02P90/00Enabling technologies with a potential contribution to greenhouse gas [GHG] emissions mitigation
    • Y02P90/30Computing systems specially adapted for manufacturing

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Pure & Applied Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Mathematical Optimization (AREA)
  • Computer Security & Cryptography (AREA)
  • Computational Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • Algebra (AREA)
  • Databases & Information Systems (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Complex Calculations (AREA)

Abstract

The embodiment of the specification discloses a data processing method combining two parties, which is used for carrying out safe product operation on n original matrixes held by a first party and n m-dimensional column vectors held by a second party. In the method, a first party determines m reconstruction matrices based on the n original matrices, wherein any jth reconstruction matrix comprises jth column elements in each original matrix; the second party carries out homomorphic encryption on a plurality of reconstructed vectors to determine a corresponding first vector ciphertext and sends the first vector ciphertext to the first party; and then, the first party carries out homomorphic operation based on the first vector ciphertext and m reconstruction matrixes to obtain a product result ciphertext, and the product result ciphertext is used for constructing a result of the safe product operation.

Description

Data processing method and device combining two parties
Technical Field
One or more embodiments of the present disclosure relate to the field of data security processing technologies, and in particular, to a method and apparatus for data processing with two-party association.
Background
Secure Multi-party computing (MPC for short) is also known as multiparty Secure computing, i.e. the parties together compute the result of a function without revealing the input data of the parties to the function, the computed result being disclosed to one or more of the parties. The basic technologies related to MPC include homomorphic encryption (Homomorphic Encryption, abbreviated as HE), secret Sharing (SS), and the like.
Matrix multiplication vectors are commonly used computations, such as logistic regression modeling and reasoning used in machine learning. Matrix vector multiplication based on HE can protect privacy information of each party.
However, the performance of the existing mode of calculating the matrix vector multiplication based on HE is limited, so a scheme is needed to better meet the actual application requirements, such as reducing the calculation amount of the matrix vector multiplication.
Disclosure of Invention
The embodiment of the specification describes a data processing method and device combining two parties, which can better meet the actual application requirements, and effectively reduce the calculated amount by reasonably coding the batch matrix vector multiplication.
According to a first aspect, a two-party joint data processing method is provided, which is used for performing a secure product operation on n original matrices held by a first party and n m-dimensional column vectors held by a second party. The method is performed by the first party and comprises: determining m reconstruction matrices based on the n original matrices; wherein any jth reconstruction matrix includes jth column elements in each original matrix; receiving a first ciphertext vector from a second party, the first ciphertext vector obtained by homomorphic encrypting a plurality of reconstructed vectors; the single reconstruction vector is composed of n elements of the n m-dimensional column vectors in the same row; and homomorphic operation is carried out based on the m reconstruction matrixes and the first ciphertext vector to obtain a product result ciphertext, and the product result ciphertext is used for constructing a result of the safe product operation.
In one embodiment, each original matrix is in k×m dimensions, and the first ciphertext vector is obtained by encrypting a single reconstruction vector; and performing homomorphic operation based on the m reconstruction matrices and the first ciphertext vector to obtain a product result ciphertext, wherein the homomorphic operation comprises the following steps: and carrying out homomorphic operation based on the m reconstruction matrixes and the m first ciphertext vectors to obtain a product result ciphertext, wherein the product result ciphertext comprises k second ciphertext vectors corresponding to k rows in a result plaintext matrix, and the ith column in the result plaintext matrix is the product of the ith original matrix and the ith m-dimensional column vector.
In a specific embodiment, performing homomorphic operation based on the m reconstruction matrices and m first ciphertext vectors to obtain the product result ciphertext, including: carrying out homomorphic plaintext vector multiplication operation on m row vectors positioned on the h row in the m reconstruction matrixes and the m first ciphertext vectors correspondingly to obtain m third ciphertext vectors; and homomorphism summation is carried out on the m third ciphertext vectors, and an h second ciphertext vector is obtained.
In one embodiment, each original matrix is in k dimension; wherein receiving the first ciphertext vector from the second party comprises: receiving a plurality of first ciphertext vectors obtained by homomorphic encryption of a plurality of first splicing vectors respectively from a second party, wherein the plurality of first splicing vectors are obtained by dividing the m reconstruction vectors into a plurality of groups by taking t as a unit and then splicing the groups in groups; and performing homomorphic operation based on the m reconstruction matrices and the first ciphertext vector to obtain a product result ciphertext, wherein the homomorphic operation comprises the following steps: and carrying out homomorphic operation based on the m reconstruction matrixes and the plurality of first ciphertext vectors to obtain a product result ciphertext, wherein the product result ciphertext comprises a fourth ciphertext vector corresponding to a second splicing vector formed by adjacent t rows in a result plaintext matrix, and the ith column in the result plaintext matrix is the product of the ith original matrix and the ith m-dimensional column vector.
In a specific embodiment, performing homomorphic operation based on the m reconstruction matrices and the plurality of first ciphertext vectors to obtain a product result ciphertext, including: for each first ciphertext vector, performing cyclic shift for a plurality of times by taking the length of the reconstructed vector as a unit to obtain a plurality of shift ciphertext vectors; for the adjacent t rows, t vectors positioned in the same row are respectively obtained from the m reconstruction matrixes, so that m x t row vectors are obtained; and carrying out homomorphic operation on the basis of the plurality of first ciphertext vectors, a plurality of shift ciphertext vectors corresponding to each first ciphertext vector and the m x t row vectors to obtain a fourth ciphertext vector corresponding to the adjacent t rows, and forming the product result ciphertext.
In one embodiment, after homomorphic operation is performed based on the m reconstruction matrices and the first ciphertext vector to obtain a product result ciphertext, the method further includes: and sending the product result ciphertext to the second party so that the second party decrypts the product result ciphertext to obtain a product result plaintext.
In another embodiment, after homomorphic operation is performed based on the m reconstruction matrices and the first ciphertext vector to obtain a product result ciphertext, the method further includes: generating a random number as a first secret sharing slice of the product result plaintext; carrying out homomorphic subtraction operation on the random number and the product result ciphertext to obtain a homomorphic operation result; and sending the homomorphic operation result to the second party so that the second party obtains a second secret sharing slice of the product result plaintext by decrypting the homomorphic operation result.
According to a second aspect, a two-party joint data processing method is provided, which is used for performing a secure product operation on n original matrices held by a first party and n m-dimensional column vectors held by a second party. The method is performed by the second party and comprises: determining m reconstruction vectors based on the n m-dimensional column vectors; the single reconstruction vector is composed of n elements of the n m-dimensional column vectors in the same row; homomorphic encryption is carried out on a plurality of reconstruction vectors in the m reconstruction vectors, so as to obtain a corresponding first ciphertext vector; the first ciphertext vector is sent to the first party, so that the first party carries out homomorphic operation based on the first ciphertext vector and m reconstruction matrixes to obtain a product result ciphertext; the arbitrary jth reconstruction matrix comprises jth column elements in each original matrix, and the product result ciphertext is used for constructing the result of the safe product operation.
In one embodiment, homomorphic encryption is performed on a plurality of reconstruction vectors in the m reconstruction vectors to obtain a corresponding first ciphertext vector, including: and homomorphic encryption is respectively carried out on the m reconstruction vectors to obtain m first ciphertext vectors.
In one embodiment, homomorphic encryption is performed on a plurality of reconstruction vectors in the m reconstruction vectors to obtain a corresponding first ciphertext vector, including: dividing the m reconstruction vectors into a plurality of groups by taking t as a unit, and then performing intra-group splicing to obtain a plurality of first spliced vectors; and homomorphic encryption is respectively carried out on the plurality of first spliced vectors to obtain a plurality of first ciphertext vectors.
In one embodiment, after transmitting the first ciphertext vector to the first party, the method further comprises: receiving the product result ciphertext from the first party; and decrypting the product result ciphertext to obtain a product result plaintext.
In one embodiment, after transmitting the first ciphertext vector to the first party, the method further comprises: receiving a homomorphic operation result from the first party, wherein the homomorphic operation result is obtained by the first party through homomorphic subtraction operation on a random number locally generated by the first party and the product result ciphertext; the random number is used as a first secret sharing slice of a product result plaintext by the first party; and decrypting the homomorphic operation result to obtain a second secret sharing slice of the product result plaintext.
According to a third aspect, there is provided a two-party joint data processing apparatus for performing a secure product operation on n original matrices held by a first party and n m-dimensional column vectors held by a second party; the apparatus is integrated with the first party, comprising: a matrix reconstruction unit configured to determine m reconstructed matrices based on the n original matrices; wherein any jth reconstruction matrix includes jth column elements in each original matrix; a ciphertext vector receiving unit configured to receive a first ciphertext vector from a second party, the first ciphertext vector being obtained by homomorphic encrypting a plurality of reconstructed vectors; the single reconstruction vector is composed of n elements of the n m-dimensional column vectors in the same row; and the homomorphic operation unit is configured to perform homomorphic operation based on the m reconstruction matrixes and the first ciphertext vector to obtain a product result ciphertext, and the product result ciphertext is used for constructing a result of the safe product operation.
According to a fourth aspect, a two-party combined data processing method is provided, which is used for performing a secure product operation on n original matrices held by a first party and n m-dimensional column vectors held by a second party; the apparatus is integrated with the second party, comprising: a vector reconstruction unit configured to determine m reconstruction vectors based on the n m-dimensional column vectors; a single reconstruction vector is made up of n elements of the n m-dimensional column vectors in the same row. And the ciphertext vector determining unit is configured to homomorphic encrypt a plurality of reconstruction vectors in the m reconstruction vectors to obtain a corresponding first ciphertext vector. The ciphertext vector sending unit is configured to send the first ciphertext vector to the first party, so that the first party performs homomorphic operation based on the first ciphertext vector and m reconstruction matrices to obtain a product result ciphertext; the arbitrary jth reconstruction matrix comprises jth column elements in each original matrix, and the product result ciphertext is used for constructing the result of the safe product operation.
According to a fifth aspect, there is provided a computer readable storage medium having stored thereon a computer program which, when executed in a computer, causes the computer to perform the method provided in the first or second aspect.
According to an eighth aspect, there is provided a computing device comprising a memory having executable code stored therein and a processor which, when executing the executable code, implements the method provided by the first or second aspect.
By adopting the method and the device for processing the data by combining the two parties disclosed by the embodiment of the specification, batch safety calculation is carried out on a plurality of matrix vector multiplications, and rotation operation of homomorphic encryption can be reduced or even eliminated, so that the calculation amount of the safety matrix vector multiplications is effectively reduced.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed in the description of the embodiments below are briefly introduced, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and that other drawings can be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a diagram illustrating a conventional method for obtaining a matrix-multiplied vector ciphertext E (Mv) by homomorphism operation based on rearrangement of a plaintext matrix M and rotational shift of a ciphertext vector E (v);
FIG. 2 is a schematic diagram of communication interaction between two parties for data processing in combination according to an embodiment of the present disclosure;
FIG. 3 is a schematic representation of vector reconstruction as disclosed in the embodiments of the present specification;
FIG. 4 is a schematic diagram of a matrix reconstruction as disclosed in an embodiment of the present disclosure;
FIG. 5 is a second schematic diagram of communication interaction between two parties in combination for data processing according to the embodiments of the present disclosure;
FIG. 6 is a schematic diagram of a data processing apparatus integrated with a first party according to an embodiment of the present disclosure;
FIG. 7 is a schematic diagram of a data processing apparatus integrated with a second party according to an embodiment of the present disclosure.
Detailed Description
The following describes the scheme provided in the present specification with reference to the drawings.
As stated earlier, homomorphic encryption algorithms are a class of encryption algorithms commonly used in multiparty security computing. Compared with common encryption, homomorphic encryption has the property of homomorphism, namely, data in an encrypted state can be calculated. For example, the homomorphic encryption ciphertext E (a) of a and the homomorphic encryption ciphertext E (b) of b are operated to obtain the ciphertext E (a+b) of a+b, and a, b or a+b cannot be leaked in the operation process, and a decrypted key is not needed.
Matrix vector multiplication based on homomorphic encryption can protect private information. In this scenario, the a side holds the vector v, the B side holds the matrix M, and after security calculation by homomorphic encryption, the a side obtains the result c=mv of the matrix multiplied vector, or one slice of the result c obtained by both sides (the a side obtains c 1 The B side obtains c 2 And c 1 +c 2 =c)。
The scheme of the matrix multiplication based on homomorphic encryption in the prior art is as follows:
1) And the A party generates a homomorphic encryption public and private key pair, and the public key is shared with the B party.
2) The A side generates ciphertext E (v) and sends the ciphertext E (v) to the B side.
A BFV, BGV, CKKS homomorphic encryption algorithm based on the on-ring fault tolerance learning problem (Ring Learning With Errors, RLWE for short) is adopted, and the homomorphic encryption algorithm supports vector operation.
3) B performs homomorphic cyclic shift operation on E (v) to obtain E (L) 1 (v))、E(L 2 (v))、E(L 3 (v) Ciphertext, etc.
BFV, BGV, CKKS homomorphic encryption algorithms support cyclic shift operations of encryption vectors. L (L) i The function represents a left loop shift by i bits.
4) The B side rearranges the matrix M, or extracts elements from the matrix M to form a plurality of vectors, each of which is associated with one of E (L 1 (v))、E(L 2 (v))、E(L 3 (v) And (3) carrying out homomorphic vector multiplication on the ciphertext, and carrying out homomorphic summation on the obtained vector ciphertext to finally obtain E (Mv). For this, see the example shown in fig. 1.
5) And the B party sends E (Mv) to the A party for decryption, and the A party obtains b=Mv. Alternatively, party B generates a random vector c 2 The homomorphism vectors are subtracted to obtain E (Mv-c) 2 ) Sending the decryption result to party A, and obtaining party c by party A 1 =Mv-c 2
The conventional calculation needs to perform cyclic shift operation of the encryption vector for a plurality of times, and has large calculation amount and low performance.
Based on the observation and analysis, the embodiment of the specification provides a batch matrix vector multiplication based on homomorphic encryption, a plurality of matrix vector multiplications are calculated together, and rotation operation of homomorphic encryption is reduced or even eliminated through reasonable coding design, so that the calculated amount is effectively reduced.
Fig. 2 is a schematic diagram of communication interaction of two parties combined for data processing according to an embodiment of the present disclosure. In fig. 2, two participants are illustrated as first parties (P 1 Square) and a second square (P 2 Square). It is understood that both parties may be implemented as any means, server, platform, or cluster of devices having computing, processing capabilities, etc., such as a secure computing node.
The following first deal with the data processing scenario, and then introduce the security calculation process.
Scene: p (P) 1 Square sum P 2 The square needs to multiply the matrix vector n times, and the matrix and vector of the ith time are A respectively (i) And r (i) The ith result is vector s (i) . Let r be (i) For m-dimensional column vectors, A (i) Is k.m dimension, s (i) Is a k-dimensional column vector. Let S be a k x n dimensional matrix of n column vectors S, herein or referred to as the resulting plaintext matrix.
In one implementation, matrix A (i) For the feature matrix of the ith sample, vector r (i) Is a model parameter s (i) Is the predicted result of the ith sample. Exemplary, in the recommended services field, matrix A (i) Can be a user characteristic matrix and a vector r (i) Model parameters s of recommendation model for business (i) The k vector elements included indicate the user's interest level in the k-class commodity.
As shown in fig. 2, the secure computing process includes the following interactive steps:
step S210, P 2 The square is based on n m-dimensional column vectors { r } (i) } [n] Determining m n-dimensional reconstruction vectors { v (j) } [m] Wherein v is (j) From all r (i) Is formed in the j-th dimension of (a). Note that, in the text, the shorthand symbol n]Representing i.epsilon.1, n]And i epsilon N * Similarly, shorthand notation [ m ]]Represent j E [1, m]And j epsilon N *
FIG. 3 is a schematic diagram of vector reconstruction disclosed in the embodiments of the present specification, wherein { r } (i) } [n] Sum { v } (j) } [m] Schematic diagrams of element correspondence between the elements. Thus, it is possible to obtain the value from { r } (i) } [n] Extracting the same dimension element in m rounds to obtain m reconstruction vectors v, namely { v } (j) } j∈[m]
Step S220, P 2 Party reconstruct vector v using generated homomorphic public key (j) Homomorphic encryption is performed to obtain a first ciphertext vector E (v (j) ). Thus, P 2 The square can obtain corresponding m reconstruction vectors { v } (j) } [m] M first ciphertext vectors { E (v) (j) )} [m] . It should be understood that the terms "first" and "second" and the like in the first ciphertext vector are used for distinguishing similar things, and have no other limitation such as ordering.
For example, a homomorphic encryption algorithm based on RLWE such as BFV, BGV, CKKS may be first adopted to generate a homomorphic public-private key pair, and then m reconstruction vectors { v) are respectively encrypted by using the homomorphic public keys (j) } [m] Corresponding to m first ciphertext vectors { E (v) (j) )} [m]
Step S230, P 2 The party will m first ciphertext vectors { E (v (j) )} [m] Send to P 1 And (3) a prescription.
Step S240, P 1 The square is based on n original matrices { A } (i) } [n] Determining m reconstruction matrices { W (j) } [m] Wherein any jth reconstruct matrix W (j) Including all the original matrices { A } (i) } [n] The j-th column element of (b).
FIG. 4 is a schematic diagram of matrix reconstruction according to an embodiment of the present disclosure, in which the j-th column element is extracted from all the original matrices A to form a j-th reconstructed matrix W (j) . Since the original matrix A includes m columns, m reconstructed matrices, i.e., { W }, can be obtained (j) } [m]
Step S250, P 1 The square is based on m reconstruction matrices { W ] (j) } [m] And m first ciphertext vectors { E (v) (j) )} [m] Homomorphic operation is carried out to obtain a product result ciphertext E (S).
Specifically, P 1 The homomorphic summation of the squares calculates any h line in the resultant plaintext matrix S, namely S [ h ]]Corresponding third ciphertext vector E (S [ h ]]). It should be understood that S is a k×n-dimensional matrix formed by n vector results obtained by n matrix vector plaintext multiplication (plaintext multiplication does not actually occur). E (S [ h ]]) The calculation formula of (2) is as follows:
Figure BDA0004156783650000061
thus, the product result ciphertext E (S) = { E (S [ h ]])} [k] Wherein [ k ]]Represents h.epsilon.1, k]And j epsilon N *
Thereafter, in one embodiment, the interaction process further includes step S261 and step S262. In step S261, P 1 The party sends the product result ciphertext E (S) to P 2 Square, thereby at step S262, P 2 The party decrypts the product result ciphertext E (S) by using the homomorphic private key to obtain a result plaintext matrix S.
In another embodiment, the interaction process further includes steps S263, S264, S265, and S266.
In step S263, P 1 First secret sharing shard S of result plaintext matrix S generated by party 1 . Exemplary, P 1 The party generates a random vector as a first secret sharing slice S 1 . It should be noted that, the description of Secret Sharing (Secret Sharing) may be referred to the prior art, and will not be described herein.
In step S264, P 1 Party-to-first secret sharing shard S 1 Homomorphism subtraction is carried out on the product result ciphertext E (S) to obtain a second secret sharing segmentation S 2 Ciphertext E (S-S) 1 )。
In step S265, P 1 The party will fragment ciphertext E (S-S 1 ) Send to P 2 And (3) a prescription.
In step S266, P 2 The party decrypts the piece of ciphertext E (S-S) 1 ) Obtaining a second secret sharing slice S 2 . It will be appreciated that S 2 =S-S 1
In this way, the result of the constructed secure product operation, e.g., P, can be obtained 2 The party obtains a result plaintext matrix S or P 1 Square sum P 2 Secret sharing shard S of plaintext matrix S of result obtained by corresponding party 1 And S is 2
In summary, by adopting the two-party combined data processing method disclosed in the embodiment of the specification, batch security calculation is carried out on a plurality of matrix vector multiplications, and rotation operation of homomorphic encryption can be eliminated, so that the calculation amount of the security matrix vector multiplications is greatly reduced.
Note that during the data processing shown in fig. 2, P 2 The party reconstructs the vectors { v } for m in step S220 (j) } [m] Homomorphic encryption is performed one by one, and in fact, m reconstructed vectors { v } can be also used in the case where the dimension n of the reconstructed vector is smaller (j) } [m] Grouping and splicing, homomorphic encrypting the spliced vectors and sending the homomorphic encrypted vectors to P 1 In this case, the same cyclic shift is involved, but compared with the prior art, the number of cyclic shifts can be effectively reduced.
Specifically, fig. 5 is a second schematic diagram of communication interaction of two parties combined for data processing according to the embodiment of the present disclosure. In fig. 5, two parties are also shown as first party (P 1 Square) and a second square (P 2 Square).
For the description of the implementation carrier and the data processing scenario of the two parties, reference may be made to the relevant content in the foregoing embodiments, which are not described in detail herein.
As shown in fig. 5, the secure computing process includes the following interactive steps:
step S510, P 2 The square is based on n m-dimensional column vectors { r } (i) } [n] Determining m reconstruction vectors { v (j) } [m] Wherein v is (j) From all r (i) Is formed in the j-th dimension of (a).
It should be noted that, for the description of step S510, reference may be made to the foregoing description of step S210.
Step S520, P 2 The square takes t as a unit to reconstruct m reconstruction vectors { v (j) } [m] Dividing the vector into a plurality of groups and performing intra-group splicing to obtain a plurality of first splicing vectors. It is understood that t is a positive integer greater than 1 and less than m, and the actual value of t can be set and adjusted by a worker according to actual needs.
In one embodiment, m may be divided by t, at which time { v may be divided (j) } [m] Dividing into m/t groups, and splicing the reconstruction vectors of each group. In another embodiment, m is not divisible by t, at which time the number of reconstruction vectors may be increased (e.g., using an n-dimensional zero vector as the filled reconstruction vector) such that the increaseThe total number of added reconstruction vectors m' may be divided by t, thereby dividing { v } (j) } [m′] Dividing into m'/t groups, and splicing the reconstructed vectors of each group.
For visual description, the first splice vector of any one is denoted as v (j) ||v (j+1) ||…||v (j+t-1) Where the symbol || represents inter-vector concatenation.
Step S530, P 2 And the party respectively carries out homomorphic encryption on the plurality of first spliced vectors by using the generated homomorphic public key to obtain a plurality of first ciphertext vectors.
Exemplary, for any first splice vector v (j) ||v (j+1) ||…||v (j+t-1) Homomorphic encryption is carried out to obtain a corresponding first ciphertext vector E (v) (j) ||v (j+1) ||…||v (j+t-1) )。
Step S540, P 2 The party sends a plurality of first ciphertext vectors to P 1 And (3) a prescription.
Step S550, P 1 The square is based on n original matrices { A } (i) } [n] Determining m reconstruction matrices { W (j) } [m] Wherein any jth reconstruct matrix W (j) Including all the original matrices { A } (i) } [n] The j-th column element of (b).
It should be noted that, for the description of step S550, reference may be made to the foregoing description of step S240.
Step S560, P 1 The square is based on m reconstruction matrices { W ] (j) } [m] And homomorphic operation is carried out on the plurality of first ciphertext vectors, so that a product result ciphertext is obtained.
Specifically, P 1 The homomorphic sum of the squares calculates the fourth ciphertext vector E (S [ h ]]||S[h+1]||…||S[h+t-1]) Wherein S [ h ]]||S[h+1]||…||S[h+t-1]Representing a second splice vector formed by adjacent t rows from the h-th row in the resulting plaintext matrix S. It can be understood that the resultant plaintext matrix includes k rows, so that k/t second spliced vectors can be obtained by dividing the resultant plaintext matrix in t units, and P is the corresponding value 1 The square can calculate k/t fourth ciphertext vectors corresponding to k/t second concatenation vectors, which are taken together as product result ciphertext E (S || )。
There are various embodiments for the calculation of the fourth ciphertext vector E (Sh Sh+1 … Sh+t-1) described above.
In embodiment a, for the second concatenated vector S [ h ] ||s [ h+1] | … |s [ h+t-1], a predetermined calculation is performed on the basis of each first ciphertext vector of a plurality (denoted as p) of first ciphertext vectors, respectively, to obtain t intermediate ciphertext vectors corresponding to the first ciphertext vector, and then all p×t intermediate ciphertext vectors obtained may be summed to obtain a fourth ciphertext vector E (S [ h ] ||s [ h+1] | … |s [ h+t-1 ]).
From an arbitrary first ciphertext vector E (v (j) ||v (j+1) ||…||v (j+t-1) ) Starting from this, a calculation procedure of the above-described predetermined calculation in embodiment a is described, specifically including:
on the one hand, for the first ciphertext vector E (v (j) ||v (j+1) ||…||v (j+t-1) ) By performing a cyclic shift for t-1 times, t-1 shifted ciphertext vectors can be obtained correspondingly, whereby the first ciphertext vector and t-1 shifted ciphertext vectors can be collectively referred to as { E (v) (j+(q-1)%t) ||v (j+q%t) ||…||v (j+(q+t-2)%t) )} [t] The notation t is abbreviated herein]Represents q.epsilon.1, t]And q.epsilon.N * The method comprises the steps of carrying out a first treatment on the surface of the % is the remainder operator.
On the other hand, t row vectors located in the h to h+t-1 rows are extracted from the j-th to j+t-1 reconstruction matrices of the m reconstruction matrices, t row vectors are extracted in total, and then organized into mutually exclusive t lot vectors, and the same lot of vectors are spliced, so that t third spliced vectors, which are denoted as { (W), can be obtained (j+(q-1)%t) [h]||W (j+q%t) [h+1]||…||W (j+(q+t-2)%t) [h+t-1])} [t]
Based on the two aspects, the pair (W (j+(q-1)%t) [h]||W (j+q%t) [h+1]||…||W (j+(q+t-2)%t) [h+t-1]) And E (v) (j+(q-1)%t) ||v (j+q%t) ||…||v (j+(q+t-2)%t) ) Performing homomorphic plaintext-ciphertext vector multiplication to obtain the (q) th intermediate ciphertext vector, which is classified into the t intermediate ciphertextsVector.
In one example, for q=1, the pair (W (j) [h]||W (j+1) [h+1]||…||W (j+t-1) [h+t-1]) And E (v) (j) ||v (j+1) ||…||v (j+t-1) ) And carrying out homomorphic plaintext and ciphertext vector multiplication operation to obtain a 1 st intermediate vector result.
In another example, for q=2, the pair (W (j+1) [h]||W (j+2) [h+1]||…||W (j) [h+t-1]) And E (v) (j +1) ||v (j+2) ||…||v (j) ) And carrying out homomorphic plaintext and ciphertext vector multiplication operation to obtain a 2 nd intermediate vector result.
The predetermined calculation method in the embodiment a described above can obtain the fourth ciphertext vector E (S [ h ]]||S[h+1]||…||S[h+t-1]) Thus, k/t fourth ciphertext vectors corresponding to the k/t second concatenated vectors can be obtained, together as the product result ciphertext E (S || )。
In embodiment A, all first ciphertext vectors are cyclically shifted m/t times (t-1). In practice, the cyclic shift method in embodiment a may be optimized to further reduce the number of cyclic shifts to O (m/t×sqrt (t-1)) times, thereby providing embodiment B.
In embodiment B, an existing cyclic shift optimization method may be employed. The fourth ciphertext vector is calculated using the optimized cyclic shift method in embodiment B the procedure of E (Sh Sh+1 … Sh+t-1) is briefly described:
1) For an arbitrary first ciphertext vector E (v (j) ||v (j+1) ||…||v (j+t-1) ) And (3) performing the cyclic shift for the sqrt (m) -1 time, and shifting n times the sqrt (m) positions each time to obtain sqrt (m) ciphertext vectors (containing ciphertext before shifting).
2) Rearranging a plaintext matrix formed by the extracted t x t row vectors to obtain sqrt (m) groups of plaintext vectors, wherein each group of plaintext vectors is homomorphically multiplied by one ciphertext vector respectively. Each group gets sqrt (m) product ciphertext vectors that need to be shifted by 0, 1, 2 … sqrt (m) -1 bits, respectively, to reach the target location.
3) Homomorphic summation is carried out on the ciphertext with the same number of bits required to be moved in the step 2), and the required number of bits is moved.
4) Homomorphism summation is carried out on the ciphertext obtained by the steps, and obtaining a fourth ciphertext vector E (Sh Sh+1 … Sh+t-1).
Based on this, the obtained k/t fourth ciphertext vectors corresponding to the k/t second concatenation vectors can be used together as the product result ciphertext E (S || )。
As described above, the product result ciphertext E (S || )。
Thereafter, in one embodiment, the interaction procedure further includes step S571 and step S572. In step S571, P 1 The party will multiply the result ciphertext E (S || ) Send to P 2 Square, thereby at step S572, P 2 The party decrypts the product result ciphertext E using its homomorphic private key (S || ) Obtaining a plaintext matrix S || The k/t second splicing vectors are included.
In another embodiment, the interaction process further includes steps S573, S574, S575, and S576.
In step S573, P 1 Square generating plaintext matrix S || First secret sharing shard of (1)
Figure BDA0004156783650000101
Exemplary, P 1 The party generates a random vector as a first secret sharing slice +.>
Figure BDA0004156783650000102
In step S574, P 1 Party-to-first secret sharing shard
Figure BDA0004156783650000103
And product result ciphertext E (S || ) Performing homomorphism subtraction operation to obtain a second secret sharing partition +>
Figure BDA0004156783650000104
Ciphertext->
Figure BDA0004156783650000105
In step S575, P 1 Square-to-square piece ciphertext
Figure BDA0004156783650000106
Send to P 2 And (3) a prescription.
In step S576, P 2 The party decrypts the piece ciphertext by using homomorphic private key
Figure BDA0004156783650000107
Obtaining a second secret sharing slice S 2 . It can be appreciated that->
Figure BDA0004156783650000108
Thus, the ciphertext E (S) || ) Constructing the result of a secure product operation, e.g. P 2 The square obtains a result plaintext matrix S || Alternatively, P 1 Square sum P 2 Square correspondence to obtain plaintext matrix S || Secret sharing shard of (c)
Figure BDA0004156783650000109
And->
Figure BDA00041567836500001010
In summary, by adopting the two-party combined data processing method disclosed by the embodiment of the specification, batch security calculation is carried out on a plurality of matrix vector multiplications, so that homomorphic encryption rotation operation can be reduced, and the calculation amount of the security matrix vector multiplications is effectively reduced.
In step S520 shown in fig. 5, the same number of reconstruction vectors per group is realized in units of t when m reconstruction vectors are grouped. In practice, the first split vectors may be divided into multiple mutually exclusive groups, for example, each group includes a random number of reconstruction vectors, and then intra-group split is performed to obtain multiple first split vectors. Based on the method, the execution mode of the subsequent steps can be adaptively adjusted, and finally, the safe calculation of batch matrix vector multiplication is realized.
In addition, the execution order is not unique to the steps shown in fig. 2 and 5, and the order of the operations in a single step is not unique, as long as the flow direction of the data is satisfied to conform to the logic.
In summary, by adopting the two-party combined data processing method disclosed in the embodiments of the present disclosure, batch security computation is performed on multiple matrix vector multiplications together, so that rotation operations of homomorphic encryption can be reduced or even eliminated, and thus the computation amount of the security matrix vector multiplications is effectively reduced.
Corresponding to the above data processing method, the embodiments of the present specification also disclose a data processing apparatus. FIG. 6 is a schematic diagram of a data processing apparatus integrated with a first party for performing a secure product operation on n primitive matrices held by the first party and n m-dimensional column vectors held by a second party according to an embodiment of the present disclosure.
The apparatus is integrated with the first party, comprising the following elements shown in fig. 6:
a matrix reconstruction unit 610 configured to determine m reconstructed matrices based on the n original matrices; wherein any jth reconstruction matrix includes jth column elements in each original matrix. A ciphertext vector receiving unit 620 configured to receive a first ciphertext vector from a second party, the first ciphertext vector being obtained by homomorphic encrypting a number of reconstructed vectors; a single reconstruction vector is made up of n elements of the n m-dimensional column vectors in the same row. And the homomorphic operation unit 630 is configured to perform homomorphic operation based on the m reconstruction matrices and the first ciphertext vector to obtain a product result ciphertext, and is used for constructing a result of the secure product operation.
In one embodiment, homomorphic operation unit 630 is specifically configured to: carrying out homomorphic plaintext vector multiplication operation on m row vectors positioned on the h row in the m reconstruction matrixes and the m first ciphertext vectors correspondingly to obtain m third ciphertext vectors; and homomorphism summation is carried out on the m third ciphertext vectors, and an h second ciphertext vector is obtained.
In one embodiment, each original matrix is in k dimension; wherein the ciphertext vector receiving unit 620 is specifically configured to: and receiving a plurality of first ciphertext vectors obtained by homomorphic encryption of a plurality of first splicing vectors respectively from a second party, wherein the plurality of first splicing vectors are obtained by dividing the m reconstruction vectors into a plurality of groups by taking t as a unit and then splicing the groups in the group. The homomorphic operation unit 630 is specifically configured to: and carrying out homomorphic operation based on the m reconstruction matrixes and the plurality of first ciphertext vectors to obtain a product result ciphertext, wherein the product result ciphertext comprises a fourth ciphertext vector corresponding to a second splicing vector formed by adjacent t rows in a result plaintext matrix, and the ith column in the result plaintext matrix is the product of the ith original matrix and the ith m-dimensional column vector.
In one embodiment, homomorphic operation unit 630 is further configured to: for each first ciphertext vector, performing cyclic shift for a plurality of times by taking the length of the reconstructed vector as a unit to obtain a plurality of shift ciphertext vectors; for the adjacent t rows, t vectors positioned in the same row are respectively obtained from the m reconstruction matrixes, so that m x t row vectors are obtained; and carrying out homomorphic operation on the basis of the plurality of first ciphertext vectors, a plurality of shift ciphertext vectors corresponding to each first ciphertext vector and the m x t row vectors to obtain a fourth ciphertext vector corresponding to the adjacent t rows, and forming the product result ciphertext.
In one embodiment, the apparatus 600 further comprises: and a result ciphertext transmitting unit 640 configured to transmit the product result ciphertext to the second party, so that the second party decrypts the product result ciphertext to obtain a product result plaintext.
In one embodiment, the apparatus further comprises: a random number generation unit 650 configured to generate a random number as a first secret sharing slice of the product result plaintext; the homomorphism subtracting unit 660 is configured to perform homomorphism subtracting operation on the random number and the product result ciphertext to obtain a homomorphism operation result; the operation result sending unit 670 is configured to send the homomorphic operation result to the second party, so that the second party obtains the second secret sharing slice of the product result plaintext by decrypting the homomorphic operation result.
FIG. 7 is a schematic diagram of a data processing apparatus integrated with a second party according to an embodiment of the present disclosure, where the apparatus is configured to perform a secure product operation on n primitive matrices held by the first party and n m-dimensional column vectors held by the second party. The apparatus is integrated with the second party, comprising the following units shown in fig. 7:
a vector reconstruction unit 710 configured to determine m reconstruction vectors based on the n m-dimensional column vectors; a single reconstruction vector is made up of n elements of the n m-dimensional column vectors in the same row. The ciphertext vector determining unit 720 is configured to homomorphic encrypt a plurality of reconstruction vectors in the m reconstruction vectors, so as to obtain corresponding first ciphertext vectors. A ciphertext vector transmitting unit 730 configured to transmit the first ciphertext vector to the first party, so that the first party performs homomorphic operation based on the first ciphertext vector and m reconstruction matrices, to obtain a product result ciphertext; the arbitrary jth reconstruction matrix comprises jth column elements in each original matrix, and the product result ciphertext is used for constructing the result of the safe product operation.
In one embodiment, ciphertext vector determination unit 720 may be specifically configured to: and homomorphic encryption is respectively carried out on the m reconstruction vectors to obtain m first ciphertext vectors.
In one embodiment, ciphertext vector determination unit 720 may be specifically configured to: dividing the m reconstruction vectors into a plurality of groups by taking t as a unit, and then performing intra-group splicing to obtain a plurality of first spliced vectors; and homomorphic encryption is respectively carried out on the plurality of first spliced vectors to obtain a plurality of first ciphertext vectors.
In one embodiment, the apparatus 700 further comprises: a result ciphertext receiving unit 740 configured to receive the product result ciphertext from the first party; the first decryption unit 750 is configured to decrypt the product result ciphertext to obtain a product result plaintext.
In one embodiment, the apparatus 700 further comprises: an operation result receiving unit 760 configured to receive a homomorphic operation result from the first party, which is obtained by the first party performing a homomorphic subtraction operation on the locally generated random number and the product result ciphertext; the random number is used as a first secret sharing slice of a product result plaintext by the first party; and the second decryption unit 770 is configured to decrypt the homomorphic operation result to obtain a second secret sharing slice of the product result plaintext.
It will be appreciated that reference is also made to the description of the data processing apparatus and to the description of the data processing method hereinbefore.
According to an embodiment of another aspect, there is also provided a computer-readable storage medium having stored thereon a computer program which, when executed in a computer, causes the computer to perform the method described in connection with fig. 2 or 5.
According to an embodiment of yet another aspect, there is also provided a computing device including a memory having executable code stored therein and a processor that, when executing the executable code, implements the method described in connection with fig. 2 or 5. Those skilled in the art will appreciate that in one or more of the examples described above, the functions described in the present invention may be implemented in hardware, software, firmware, or any combination thereof. When implemented in software, these functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium.
The foregoing embodiments have been provided for the purpose of illustrating the general principles of the present invention in further detail, and are not to be construed as limiting the scope of the invention, but are merely intended to cover any modifications, equivalents, improvements, etc. based on the teachings of the invention.

Claims (16)

1. A two-party joint data processing method for performing a secure product operation on n original matrices held by a first party and n m-dimensional column vectors held by a second party, the method performed by the first party comprising:
determining m reconstruction matrices based on the n original matrices; wherein any jth reconstruction matrix includes jth column elements in each original matrix;
receiving a first ciphertext vector from a second party, the first ciphertext vector obtained by homomorphic encrypting a plurality of reconstructed vectors; the single reconstruction vector is composed of n elements of the n m-dimensional column vectors in the same row;
and homomorphic operation is carried out based on the m reconstruction matrixes and the first ciphertext vector to obtain a product result ciphertext, and the product result ciphertext is used for constructing a result of the safe product operation.
2. The method of claim 1, wherein each original matrix is in k x m dimensions, the first ciphertext vector being obtained by encrypting a single reconstruction vector; and performing homomorphic operation based on the m reconstruction matrices and the first ciphertext vector to obtain a product result ciphertext, wherein the homomorphic operation comprises the following steps:
and carrying out homomorphic operation based on the m reconstruction matrixes and the m first ciphertext vectors to obtain a product result ciphertext, wherein the product result ciphertext comprises k second ciphertext vectors corresponding to k rows in a result plaintext matrix, and the ith column in the result plaintext matrix is the product of the ith original matrix and the ith m-dimensional column vector.
3. The method of claim 2, wherein homomorphism operation is performed based on the m reconstruction matrices and m first ciphertext vectors to obtain the product result ciphertext, comprising:
carrying out homomorphic plaintext vector multiplication operation on m row vectors positioned on the h row in the m reconstruction matrixes and the m first ciphertext vectors correspondingly to obtain m third ciphertext vectors;
and homomorphism summation is carried out on the m third ciphertext vectors, and an h second ciphertext vector is obtained.
4. The method of claim 1, wherein each original matrix is in k x m dimensions; wherein receiving the first ciphertext vector from the second party comprises:
receiving a plurality of first ciphertext vectors obtained by homomorphic encryption of a plurality of first splicing vectors respectively from a second party, wherein the plurality of first splicing vectors are obtained by dividing the m reconstruction vectors into a plurality of groups by taking t as a unit and then splicing the groups in groups;
and performing homomorphic operation based on the m reconstruction matrices and the first ciphertext vector to obtain a product result ciphertext, wherein the homomorphic operation comprises the following steps:
and carrying out homomorphic operation based on the m reconstruction matrixes and the plurality of first ciphertext vectors to obtain a product result ciphertext, wherein the product result ciphertext comprises a fourth ciphertext vector corresponding to a second splicing vector formed by adjacent t rows in a result plaintext matrix, and the ith column in the result plaintext matrix is the product of the ith original matrix and the ith m-dimensional column vector.
5. The method of claim 4, wherein homomorphism operation based on the m reconstruction matrices and the plurality of first ciphertext vectors results in a product result ciphertext, comprising:
for each first ciphertext vector, performing cyclic shift for a plurality of times by taking the length of the reconstructed vector as a unit to obtain a plurality of shift ciphertext vectors;
for the adjacent t rows, t vectors positioned in the same row are respectively obtained from the m reconstruction matrixes, so that m x t row vectors are obtained;
and carrying out homomorphic operation on the basis of the plurality of first ciphertext vectors, a plurality of shift ciphertext vectors corresponding to each first ciphertext vector and the m x t row vectors to obtain a fourth ciphertext vector corresponding to the adjacent t rows, and forming the product result ciphertext.
6. The method of claim 1, wherein after homomorphism operation based on the m reconstruction matrices and the first ciphertext vector, resulting in a product result ciphertext, the method further comprises:
and sending the product result ciphertext to the second party so that the second party decrypts the product result ciphertext to obtain a product result plaintext.
7. The method of claim 1, wherein after homomorphism operation based on the m reconstruction matrices and the first ciphertext vector, resulting in a product result ciphertext, the method further comprises:
generating a random number as a first secret sharing slice of the product result plaintext;
carrying out homomorphic subtraction operation on the random number and the product result ciphertext to obtain a homomorphic operation result;
and sending the homomorphic operation result to the second party so that the second party obtains a second secret sharing slice of the product result plaintext by decrypting the homomorphic operation result.
8. A two-party joint data processing method for performing a secure product operation on n original matrices held by a first party and n m-dimensional column vectors held by a second party, the method performed by the second party comprising:
determining m reconstruction vectors based on the n m-dimensional column vectors; the single reconstruction vector is composed of n elements of the n m-dimensional column vectors in the same row;
homomorphic encryption is carried out on a plurality of reconstruction vectors in the m reconstruction vectors, so as to obtain a corresponding first ciphertext vector;
the first ciphertext vector is sent to the first party, so that the first party carries out homomorphic operation based on the first ciphertext vector and m reconstruction matrixes to obtain a product result ciphertext; the arbitrary jth reconstruction matrix comprises jth column elements in each original matrix, and the product result ciphertext is used for constructing the result of the safe product operation.
9. The method of claim 8, wherein homomorphic encrypting a number of the m reconstructed vectors to obtain a corresponding first ciphertext vector comprises:
and homomorphic encryption is respectively carried out on the m reconstruction vectors to obtain m first ciphertext vectors.
10. The method of claim 8, wherein homomorphic encrypting a number of the m reconstructed vectors to obtain a corresponding first ciphertext vector comprises:
dividing the m reconstruction vectors into a plurality of groups by taking t as a unit, and then performing intra-group splicing to obtain a plurality of first spliced vectors;
and homomorphic encryption is respectively carried out on the plurality of first spliced vectors to obtain a plurality of first ciphertext vectors.
11. The method of claim 8, wherein after transmitting the first ciphertext vector to the first party, the method further comprises:
receiving the product result ciphertext from the first party;
and decrypting the product result ciphertext to obtain a product result plaintext.
12. The method of claim 8, wherein after transmitting the first ciphertext vector to the first party, the method further comprises:
receiving a homomorphic operation result from the first party, wherein the homomorphic operation result is obtained by the first party through homomorphic subtraction operation on a random number locally generated by the first party and the product result ciphertext; the random number is used as a first secret sharing slice of a product result plaintext by the first party;
and decrypting the homomorphic operation result to obtain a second secret sharing slice of the product result plaintext.
13. The data processing device is used for carrying out safe product operation on n original matrixes held by a first party and n m-dimensional column vectors held by a second party; the apparatus is integrated with the first party, comprising:
a matrix reconstruction unit configured to determine m reconstructed matrices based on the n original matrices; wherein any jth reconstruction matrix includes jth column elements in each original matrix;
a ciphertext vector receiving unit configured to receive a first ciphertext vector from a second party, the first ciphertext vector being obtained by homomorphic encrypting a plurality of reconstructed vectors; the single reconstruction vector is composed of n elements of the n m-dimensional column vectors in the same row;
and the homomorphic operation unit is configured to perform homomorphic operation based on the m reconstruction matrixes and the first ciphertext vector to obtain a product result ciphertext, and the product result ciphertext is used for constructing a result of the safe product operation.
14. The data processing device is used for carrying out safe product operation on n original matrixes held by a first party and n m-dimensional column vectors held by a second party; the apparatus is integrated with the second party, comprising:
a vector reconstruction unit configured to determine m reconstruction vectors based on the n m-dimensional column vectors; the single reconstruction vector is composed of n elements of the n m-dimensional column vectors in the same row;
the ciphertext vector determining unit is configured to homomorphic encrypt a plurality of reconstruction vectors in the m reconstruction vectors to obtain corresponding first ciphertext vectors;
the ciphertext vector sending unit is configured to send the first ciphertext vector to the first party, so that the first party performs homomorphic operation based on the first ciphertext vector and m reconstruction matrices to obtain a product result ciphertext; the arbitrary jth reconstruction matrix comprises jth column elements in each original matrix, and the product result ciphertext is used for constructing the result of the safe product operation.
15. A computer readable storage medium having stored thereon a computer program, wherein the computer program, when executed in a computer, causes the computer to perform the method of any of claims 1-12.
16. A computing device comprising a memory and a processor, wherein the memory has executable code stored therein, which when executed by the processor, implements the method of any of claims 1-12.
CN202310335953.2A 2023-03-30 2023-03-30 Data processing method and device combining two parties Pending CN116366226A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310335953.2A CN116366226A (en) 2023-03-30 2023-03-30 Data processing method and device combining two parties

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310335953.2A CN116366226A (en) 2023-03-30 2023-03-30 Data processing method and device combining two parties

Publications (1)

Publication Number Publication Date
CN116366226A true CN116366226A (en) 2023-06-30

Family

ID=86936176

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310335953.2A Pending CN116366226A (en) 2023-03-30 2023-03-30 Data processing method and device combining two parties

Country Status (1)

Country Link
CN (1) CN116366226A (en)

Similar Documents

Publication Publication Date Title
Wagh et al. SecureNN: 3-party secure computation for neural network training
Wagh et al. Securenn: Efficient and private neural network training
US10033708B2 (en) Secure computation using a server module
CN112182649A (en) Data privacy protection system based on safe two-party calculation linear regression algorithm
CN112989368B (en) Method and device for processing private data by combining multiple parties
US20210167946A1 (en) One-Round Secure Multiparty Computation of Arithmetic Streams and Evaluation of Functions
CN111512589A (en) Method for fast secure multi-party inner product using SPDZ
CN110912713A (en) Method and device for processing model data by combining multiple parties
Akavia et al. Linear-regression on packed encrypted data in the two-server model
CN114465708B (en) Privacy data processing method, device, system, electronic equipment and storage medium
CN108055128B (en) RSA key generation method, RSA key generation device, storage medium and computer equipment
US20240137206A1 (en) Methods and apparatuses for jointly processing data by two parties for data privacy protection
US20230361986A1 (en) Simd interactive comparison using garbled circuits and interactive bootstrapping for homomorphic encryption
US20240329936A1 (en) Secure multi-party computations
Xu et al. Toward practical privacy-preserving linear regression
CN111859440B (en) Sample classification method of distributed privacy protection logistic regression model based on mixed protocol
CN116170142B (en) Distributed collaborative decryption method, device and storage medium
CN116861477A (en) Data processing method, system, terminal and storage medium based on privacy protection
CN116366226A (en) Data processing method and device combining two parties
Zhang et al. Joint Linear and Nonlinear Computation across Functions for Efficient Privacy-Preserving Neural Network Inference
JP7194303B1 (en) Apparatus and method for encryption, decryption and key generation involving Diophantine equations and artificial intelligence
CN114024674B (en) Method and system for safety comparison of two parties
Tezuka et al. A fast privacy-preserving multi-layer perceptron using ring-lwe-based homomorphic encryption
CN117454941B (en) Safe binary neural network reasoning system based on function secret sharing
JP5677252B2 (en) A method for obtaining a result of applying a function to a first vector and a second vector, and a system for obtaining a result of applying a function to the first vector and the second vector using a third processor

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination