JP2020177223A - Computing device, computing system, and computing method - Google Patents

Abstract

To prevent the leakage of data and enable a wide range of process to be executed.SOLUTION: Provided is a computing system comprising a client device, and a computing device 30 connected via a bus to a server which is connected via a network. The client device encrypts the data to be processed with an encryption key, transmits it to the server, and decrypts, with a decryption key, the encrypted data of computation result which is transmitted from the server. The computing device 30 includes a key sharing unit 33 for sharing the encryption and decryption keys with the client device confidentially to the outside, a decryption unit 31 for acquiring data based on the data transmitted from the client device and encrypted with the encryption key and decrypting the acquired data with the decryption key, a computation execution unit 32 for executing a prescribed computation on the decrypted data, and an encryption unit 34 for encrypting the data of computation result with the encryption key and outputting the encrypted data of computation result to the server.SELECTED DRAWING: Figure 4

Description

The present invention relates to a technique that can prevent data leakage and enable a wide range of processing.

Conventionally, there is known a server / client model in which a server executes a process having a heavy load and uses the process result in a client device.

When this server / client model is used, the data to be processed is transmitted from the client device to the server, so that highly confidential data such as personal information contained in the data may be leaked.

In order to deal with such a problem, it is conceivable to use a secret calculation method in which the calculation is performed while the data is encrypted. The confidential operation method can be roughly divided into a method using homomorphic encryption and a method using MPC (Multi-Party-Computation).

First, a method using homomorphic encryption will be described.

Homomorphic encryption is a cryptosystem in which a set of a ciphertext and an operation having a homomorphic relationship with a plaintext and a certain operation exists. Strictly speaking, homomorphic encryption is defined as plaintext a, b and its bivariate function F (a, b), where ciphertext c1 = Enc (a) and ciphertext c2 = Enc, where the encryption function is Enc. This is a ciphertext in which (b) exists and a function G such that Enc (F (a, b)) = G (c1, c2) exists.

There are several types of homomorphic encryption, and the case where F (a, b) = a + b is called additive homomorphic encryption (AHE). Actually, even when F (a, b) = a + b mod n, it can be regarded as a real a + b if the plaintext to be handled is sufficiently small, so that it is called an additive homomorphic encryption.

Further, the case where F (a, b) = a × b is called a multiplication homomorphic encryption (MHE). Actually, even when F (a, b) = a × b mod n, it can be regarded as a real a × b if the plaintext to be handled is sufficiently small, so that it is called a multiplication homomorphic encryption.

Further, the case where both addition and multiplication operations can be handled is called fully homomorphic encryption (FHE). This fully homomorphic encryption is currently considered impractical in terms of complexity and key length.

In addition, Somehat homomorphic encryption (SHE) exists as a practical one that can perform both addition and multiplication by setting an upper limit on the number of operations.

For example, Patent Document 1 discloses a technique for performing inference while encrypting data using homomorphic encryption.

On the other hand, MPC is a system that calculates encrypted data while communicating using a plurality of computers, and a system that can perform many types of calculations compared to homomorphic encryption has been proposed. ..

Patent No. 6391900

When the above-mentioned additive homomorphic encryption and multiplication homomorphic encryption are used, there is a problem that there are restrictions on the operations that can be performed while being encrypted. Further, when the fully homomorphic encryption is used, there is a problem that the amount of calculation and the key length are enormous. Further, when Somehat homomorphic encryption is used, there is a problem that the number of operations is limited.

On the other hand, when MPC is used, there is a problem that the processing performance is generally restricted by the communication speed between computers. Further, in MPC, it is necessary to satisfy the precondition that a plurality of computers do not collude and have malicious intent, and as a practical problem, there is a problem that it is difficult to satisfy this precondition. For example, if a plurality of computers perform malicious operations at the same time, the encryption can be broken, so that data may be leaked.

The present invention has been made in view of the above circumstances, and an object of the present invention is to provide a technique capable of preventing data leakage and performing a wide range of processing.

In order to achieve the above object, the arithmetic unit according to the first aspect is connected to the information processing device connected to the client device via the network via the bus. The client device encrypts the data to be processed with the first encryption key and transmits it to the information processing device, and the encrypted processing result data transmitted from the information processing device corresponds to the first encryption key. Decrypt with the first decryption key. The arithmetic unit includes a key sharing unit, an acquisition unit, a decryption unit, an arithmetic execution unit, an encryption unit, and an output unit. The key sharing unit shares the first encryption key and the first decryption key with the client device in a secret state. The acquisition unit acquires the data encrypted with the first encryption key based on the data transmitted from the client device from the information processing device. The decryption unit decrypts the data encrypted by the first encryption key acquired by the acquisition unit with the first decryption key. The calculation execution unit executes a predetermined operation on the data decoded by the decoding unit. The encryption unit encrypts the data of the calculation result by the calculation execution unit with the first encryption key. The output unit outputs the encrypted calculation result data to the information processing device.

According to the present invention, data leakage can be prevented and a wide range of processing can be executed.

FIG. 1 is an overall configuration diagram of a computer system according to an embodiment. FIG. 2 is a functional configuration diagram of the client device according to the embodiment. FIG. 3 is a functional configuration diagram of the server according to the embodiment. FIG. 4 is a functional configuration diagram of the arithmetic unit according to the embodiment. FIG. 5 is a configuration diagram of a neural network model according to an embodiment. FIG. 6 is a sequence diagram showing the processing operation of the computer system according to the embodiment. FIG. 7 is a configuration diagram of a computer device according to an embodiment. FIG. 8 is a functional configuration diagram of the arithmetic unit according to the first modification. FIG. 9 is an overall configuration diagram of a computer system according to the second modification. FIG. 10 is a functional configuration diagram of a key sharing unit included in the client device according to the second modification. FIG. 11 is a functional configuration diagram of a key sharing unit included in the arithmetic unit according to the second modification.

The embodiment will be described with reference to the drawings. It should be noted that the embodiments described below do not limit the invention according to the claims, and all of the elements and combinations thereof described in the embodiments are indispensable for the means for solving the invention. Is not always.

First, the computer system according to the embodiment will be described.

FIG. 1 is an overall configuration diagram of a computer system according to an embodiment.

The computer system 1 includes a client device 10 and a calculation system 2. The arithmetic system 2 includes a server 20 and an arithmetic unit 30. The client device 10 and the server 20 are connected to each other via the network 40. The network 40 is, for example, a LAN (Local Area Network), a WAN (Wide Area Network), or the like. The server 20 and the arithmetic unit 30 are connected via the bus 50. The server 20 is an example of an information processing device.

The client device 10 encrypts the data to be processed and transmits it to the arithmetic system 2, receives the encrypted processing result (for example, the inference result) from the arithmetic system 2, decodes the encrypted processing result, and then decodes the encrypted processing result. Use the processing result. The arithmetic system 2 receives the encrypted data, executes a predetermined process (for example, inference process) on the encrypted data, and transmits the encrypted process result to the client device 10.

FIG. 2 is a functional configuration diagram of the client device according to the embodiment.

The client device 10 includes a display unit 11, an encryption unit 12, a transmission unit 13, a storage unit 14, a key sharing unit 15, a decryption unit 16, and a reception unit 17.

The storage unit 14 contains the target data 141 to be processed, the processing result 142 which is the result of executing the inference processing on the target data 141, and the private key 143 (first decryption key) for decrypting and encrypting the data. ) And the public key 144 (first encryption key) are stored. In this embodiment, the private key 143 and the public key 144 are, for example, keys for homomorphic encryption. The homomorphic encryption may be, for example, an additive homomorphic encryption such as Paillier encryption or a lifted-ElGamal encryption, or a multiplication homomorphic encryption. The processing result 142 is stored when the processing result is transmitted from the server 20, and the processing result for the target data 141 that has not been inferred by the server 20 does not exist. Further, the storage unit 14 may store the communication common key instead of the private key 143 and the public key 144. In this case, in the following description, the private key 143 and the public key 144 are read as the communication common key. That is, the communication common key functions as a private key 143 and a public key 144.

The encryption unit 12 encrypts the unencrypted target data 141 stored in the storage unit 14 and passes it to the transmission unit 13. In the present embodiment, the encryption unit 12 encrypts the target data 141 using the public key 144 stored in the storage unit 14. The transmission unit 13 transmits the encrypted target data 141 for inference processing to the server 20. When a communication common key is used instead of the private key 143 and the public key 144, the encryption unit 12 encrypts the target data 141 using the communication common key stored in the storage unit 14. To do.

The receiving unit 17 receives the encrypted processing result 142 from the server 20 and passes it to the decoding unit 16. The decryption unit 16 decrypts the encrypted processing result 142 passed from the receiving unit 17, and stores the decrypted processing result 142 in the storage unit 14. In the present embodiment, the decryption unit 16 decrypts the processed result 142 encrypted by using the private key 143 stored in the storage unit 14. When a communication common key is used instead of the private key 143 and the public key 144, the decryption unit 16 encrypts the communication result 142 using the communication common key stored in the storage unit 14. To decrypt.

The display unit 11 displays various information based on the processing result 142 stored in the storage unit 14. The display unit 11 may display the processing result 142 as it is, or may execute a predetermined process based on the processing result 142 and display the execution result.

The key sharing unit 15 executes a process (key sharing process) of sharing the private key 143 and the public key 144 with the arithmetic unit 30 in a state of being concealed from the outside (other than the client device 10 and the arithmetic unit 30). That is, the key sharing unit 15 has a function of sharing the private key 143 and the public key 144 between the client device 10 and the arithmetic unit 30 without being known to the server 20.

Here, the additive homomorphic encryption will be described by taking the Paillier cryptosystem, which is an additive homomorphic encryption, as an example.

When performing processing related to encryption, the following various settings are determined. That is, secure prime numbers p and q used in encryption are prepared. The procedure and precautions for determining the prime number may be the same as for the RSA cipher. Further, N = p × q. Further, k is arbitrarily set in the range of 1 ≦ k ≦ N-1. Let g = 1 + kN. Here, p and q are private keys, and g and N are public keys and system parameters.

For example, assuming that the plaintext data is A and B (0 ≦ A ≦ N-1, 0 ≦ B ≦ N-1), the encrypted data e _A and e _B in which they are encrypted are obtained by the following equation (1), It is represented as shown in (2).
e _A = g ^A × r ₁ ^N mod N ² ... (1)
e _B = g ^B × r ₂ ^N mod N ² ... (2)
Here, r ₁ (0 ≦ r ₁ ≦ N-1) and r ₂ (0 ≦ r ₂ ≦ N-1) are random numbers.

The encrypted data of Paillier cryptosystem can execute the operation corresponding to the sum operation of the plaintext data as the multiplication of the encrypted data. The multiplication of the encrypted data, that is, e _A × e _B is as shown in the equation (3).
e _A x e _B = g ^A x g ^B x r ₁ ^N x r ₂ ^N mod N ²
= G ^{(A + B)} × r ₁ ^N × r ₂ ^N mod N ² ... (A)
Here, since it is g = (1 + kN), are substituted into g of ^{g N} a ^{(1 + kN), g N} = (1 + kN) N is obtained. Further, when (1 + kN) ^N is expanded by the binomial theorem, (1 + kN) ^N = 1 + kN ² + ... Since the second and subsequent terms of the expanded equation 1 + kN ² + ... Are all multiples of N ² , 1 + kN ² + ... is divided by N ² to be 1. Therefore, g ^N modN ² = 1. And since g ^N = 1, g ^{(A + B)} = g ^{(A + B mod N)} holds. Then, the equation (A) can be transformed as the following equation by using the relation of g ^{(A + B)} = g ^{(A + B mod N)} .
Equation (A) = g ^{(A + B mod N)} × r ₁ ^N × r ₂ ^N mod N ²
= G ^{(A + B mod N)} × (r ₁ × r ₂ ) ^N mod N ² ... (B)
When r ₃ = r ₁ × r ₂ mod N is set, both r ₁ and r ₂ are random numbers, so r ₃ is also a random number. Therefore, the equation (B) can be transformed as the following equation.
Equation (B) = g ^{(A + B mod N)} × r ₃ ^N mod N ²
= E (A + B mod N) ... (3)
When e (A + B mod N) shown in the formula (3) is decoded, it becomes A + B mod N. Therefore, if A and B are sufficiently smaller than N, it can be regarded as substantially A + B, and it can be seen that the multiplication of the encrypted data corresponds to the sum operation of the plaintext data.

Further, the encrypted data of Paillier cryptosystem can execute an operation corresponding to the multiplication of the plaintext data and the integer of the plaintext data.
A × C, which is a multiplication of plaintext data A and an integer C, corresponds to a sum operation of adding A C times. Therefore, by multiplying the encrypted data for each of the sum operations, it is possible to execute the operation corresponding to the multiplication of the plaintext data A and the integer C on the encrypted data.
Specifically, e _A × e _A × ... That is, the power of the encrypted data (integer C power) may be performed, and the equation (4) shows.
e _A x e _A x ... = e _A + _A + ... = e _AC ... (4)
When the e- _AC shown in the equation (4) is decoded, it becomes an AC, which is the result of multiplication of the plaintext data A and the integer C. Therefore, it can be seen that the operation of multiplying the same encrypted data of the Paillier cryptosystem is an operation corresponding to the multiplication of the plaintext data and the integer of the plaintext data.

FIG. 3 is a functional configuration diagram of the server according to the embodiment.

The server 20 includes a relay unit 21, an inference processing control unit 22, a reception unit 23, a storage unit 24, and a transmission unit 25. The inference processing control unit 22 is an example of an arithmetic control unit.

The relay unit 21 relays the communication in the key exchange process between the key sharing unit 15 of the client device 10 and the key sharing units 33 and 40 described later of the arithmetic unit 30.

The inference processing control unit 22 executes the inference processing by the neural network model by using the encrypted target data 241 in the encrypted state according to the model information 242 stored in the storage unit 24. Then, the inference processing control unit 22 passes the processing result 142 of the inference processing in the encrypted state to the transmission unit 25. For example, the inference processing control unit 22 executes the processing of the processing layer that it is in charge of in the neural network model. Then, the inference processing control unit 22 controls the processing layer in charge of the arithmetic unit 30 in the neural network model so that the arithmetic processing 30 executes the processing layer. Here, the processing layer in charge of itself included in the neural network model is a processing layer that can be executed as encrypted data. An example of the configuration of the neural network model and the processing layer will be described later.

The storage unit 24 includes encrypted target data 241 and information on the configuration of each processing layer of the neural network model used in the inference processing executed by the inference processing control unit 22 and the setting value used in each processing layer. The model information 242 and the model information 242 are stored. The target data 241 is data for which the inference process is executed. The setting values included in the model information 242 include, for example, the coefficient of the filter used in the convolution processing layer, the weight used in the affine layer, and the like. The setting values and the like used in each processing layer include values obtained by learning using a neural network model.

The receiving unit 23 receives the encrypted target data 141 transmitted from the client device 10 and stores it in the storage unit 24. The transmission unit 25 transmits the encrypted processing result 142 obtained by the inference processing control unit 22 to the client device 10. The target data 241 includes at least one of the encrypted target data 141, the encrypted calculation result acquired from the calculation device 30, and the encrypted data processed in the information processing device 20 while being encrypted. It is the data to be included.

FIG. 4 is a functional configuration diagram of the arithmetic unit according to the embodiment.

The arithmetic unit 30 is composed of, for example, a dedicated LSI (Large-Scale Integrated Circuit), an ASIC (Application Specific Integrated Circuit), or an FPGA (Field-Programmable Gate Array). In this embodiment, the arithmetic unit 30 is connected to the internal bus of the server 20. The arithmetic unit 30 includes a decryption unit 31, an arithmetic execution unit 32, a key sharing unit 33, an encryption unit 34, an acquisition unit 35, and an output unit 36. The arithmetic unit 30 is configured to output only encrypted data to an external device (server 20 or the like), for example. The arithmetic unit 30 is composed of, for example, a hardware circuit that executes processing in whole or in large part, and it is difficult (impossible or almost impossible) to cause an illegal operation such as illegally outputting data. Impossible). Therefore, it is impossible or almost impossible for the server 20 to retrieve the unencrypted data in the process of processing from the arithmetic unit 30. The arithmetic unit 30 may output data that is at least partially encrypted to an external device.

The key sharing unit 33 stores the shared private key 331 (second decryption key) and the shared public key 332 (second encryption key) used in the key sharing process with the client device 10. In the present embodiment, the shared private key 331 is stored unreadable from the outside of the arithmetic unit 30. Here, the unreadable state from the outside may be unreadable due to the hardware configuration. The shared private key 331 may be stored, for example, in a hard-wired manner (connection logic). The key sharing unit 33 executes a process (key sharing process) of sharing the private key 143 and the public key 144 with the client device 10 in a state of being concealed from the outside (other than the client device 10 and the arithmetic unit 30). Specifically, for example, the key sharing unit 33 transmits the shared public key 332 to the client device 10 and acquires the private key 143 and the public key 144 encrypted by the shared public key 332 in the client device 10. .. Then, the key sharing unit 33 decrypts the private key 143 and the public key 144 encrypted by the shared private key 331, and acquires the private key 143 and the public key 144. According to this key sharing process, the private key 143 and the public key 144 are encrypted in the path between the client device 10 and the arithmetic unit 30, and a secret state can be secured. Further, since the shared private key 331 cannot be read from the outside of the arithmetic unit 30, it is not read from the server 20 and obtained, so that the secret state can be strictly maintained.

Further, the key sharing unit 33 sets the acquired private key 143 in the decryption unit 31 and sets the acquired public key 144 in the encryption unit 34. When a communication common key is used instead of the private key 143 and the public key 144, the key sharing unit 33 sets the acquired communication common key in the decryption unit 31 and the encryption unit 34.

The acquisition unit 35 acquires the encrypted data passed from the server 20. Then, the decryption unit 31 decrypts the encrypted data passed from the server 20 with the set private key 143. The encrypted data passed from the server 20 is encrypted data based on the encrypted target data transmitted from the client device 10. That is, the encrypted data passed from the server 20 is the same as the encrypted target data transmitted from the client device 10, or after some processing is performed on the encrypted target data. It is encrypted data. The decoding unit 31 passes the decoded data to the calculation execution unit 32. The acquisition unit 35 may receive the set value used in the process from the server 20 together with the encrypted data, and may set or notify the operation execution unit 32 of the received set value. When a communication common key is used instead of the private key 143 and the public key 144, the decryption unit 31 uses the set communication common key to convert the encrypted data passed from the server 20. Decrypt.

The calculation execution unit 32 executes a predetermined process on the decoded data passed from the decoding unit 31. The predetermined processing here is a processing including a processing layer that cannot be executed as the encrypted data in the neural network model. The calculation execution unit 32 passes the calculation result to the encryption unit 34.

The encryption unit 34 encrypts the operation result passed from the operation execution unit 32 with the set public key 144, and passes the encrypted data to the inference processing control unit 22 of the server 20. When a communication common key is used instead of the private key 143 and the public key 144, the encryption unit 34 encrypts the calculation result passed from the calculation execution unit 32 with the set communication common key. The encrypted data is encrypted and passed to the inference processing control unit 22 of the server 20.

Next, an example of the neural network model will be described.

FIG. 5 is a configuration diagram of a neural network model according to an embodiment.

The neural network model 3 is a neural network model showing the configuration of inference processing by the inference processing control unit 22, for example, what the image data to be processed represents, for example, what a person, a dog, a cat, or the like represents. This is a model of a convolutional neural network (CNN) for executing inference processing for inferring whether or not it is represented and outputting the processing result.

The neural network model 3 is composed of a plurality of processing layers 4. Specifically, the neural network model 3 includes a convolution layer 4-1, an activation layer 4-2, a pooling layer 4-3, an activation layer 4-n-2, an affine layer 4-n-1, and SoftMax. Includes layers 4-n and the like. The convolution layer 4-1 executes the convolution process on the image data. The activation layer 4-2 executes the activation process on the input data from the previous layer. The pooling layer 4-3 executes the downsampling process on the data input from the previous layer. The activation layer 4-n-2 executes the activation process on the input data from the previous layer. The affine layer 4-n-1 executes the affine transformation process on the input data from the previous layer. The SoftMax layer 4-n executes a process by the softmax (SoftMax) function on the input data from the previous layer. As the activation layer that performs the activation process, for example, there is an activation layer that performs the activation process by the ReLU function (Rectified Liner Unit Rectifier: normalized linear function).

In the present embodiment, the arithmetic processing of the convolution layer 4-1 can be performed by using the encrypted data by the additive homomorphic encryption as it is. Further, the other layers 4 cannot be processed by using the encrypted data as it is.

With respect to such a neural network model 3, the inference processing control unit 22 causes either the server 20 or the arithmetic unit 30 to execute a processing layer that can be calculated with the encrypted data as it is, according to a predetermined setting. .. Further, the inference processing control unit 22 causes the arithmetic unit 30 to execute a processing layer that cannot be calculated with the encrypted data as it is. Therefore, depending on the settings, the processing layer that can perform operations with the encrypted data can either be executed entirely on the server 20 side or partly executed on the server 20 side. It is also possible to execute it on the arithmetic unit 30 side. In order to execute the processing layer in the arithmetic unit 30, for example, the arithmetic execution unit 32 of the arithmetic unit 30 should be configured with a circuit for executing all the processing layers 4 to be executed on the arithmetic unit 30 side. Just do it. In this case, the setting values of the variables and the like used in the processing layer 4 may be fixedly set in advance, or may be passed from the inference processing control unit 22 to the arithmetic unit 30 during processing.

Next, the processing operation in the computer system 1 will be described.

FIG. 6 is a sequence diagram showing the processing operation of the computer system according to the embodiment.

When the key sharing unit 15 of the client device 10 receives a processing instruction for the predetermined target data from the user, the key sharing unit 15 transmits a request for the shared public key to the arithmetic unit 30 via the server 20 (steps S101 and S102). On the other hand, the key sharing unit 33 of the arithmetic unit 30 transmits the shared public key 332 to the client device 10 via the server 20 (steps S103 and S104).

The key sharing unit 15 of the client device 10 receives the shared public key 332 and uses the shared public key 332 to encrypt the private key 143 and the public key 144 (step S105). Next, the key sharing unit 15 of the client device 10 transmits the encrypted private key 143 and the public key 144 to the arithmetic unit 30 via the server 20 (steps S106 and S107).

The key sharing unit 33 of the arithmetic unit 30 receives the encrypted private key 143 and the public key 144, decrypts the encrypted private key 143 and the public key 144 using the shared private key 331, and secretly performs the secret. Obtain key 143 and public key 144. Then, the key sharing unit 33 sets the private key 143 in the decryption unit 31 and sets the public key 144 in the encryption unit 34 (step S108). By such steps S101 to S108, the sharing of the private key 143 and the public key 144 is completed between the client device 10 and the arithmetic unit 30 in a state of being concealed from the outside.

Next, the encryption unit 12 of the client device 10 encrypts the target data 141 using the public key 144 and passes it to the transmission unit 13 (step S109). Next, the transmission unit 13 transmits the encrypted target data to the server 20 (step S110).

In the server 20, the receiving unit 23 receives the encrypted target data and stores it in the storage unit 24. Then, the inference processing control unit 22 starts the inference processing for the target data (step S111).

In this inference process, the inference process control unit 22 executes an operation using the encrypted data as it is for the layer process executed by the server 20 (step S112).

On the other hand, regarding the processing of one or more processing layers executed by the arithmetic unit 30, the inference processing control unit 22 uses the encrypted processing data, that is, the encrypted target data or the immediately preceding layer. The processing result data is transmitted to the arithmetic unit 30 (step S113). When the arithmetic unit 30 receives the encrypted processing data, the decoding unit 31 decodes the processing data using the private key 143 and passes it to the arithmetic execution unit 32. The calculation execution unit 32 executes a predetermined operation on the decrypted processing data, and passes the data after the calculation processing to the encryption unit 34 (step S115). The encryption unit 34 encrypts the data after the arithmetic processing using the public key 144 (step S116), and transmits the encrypted data after the arithmetic processing to the server 20 (step S117).

By executing the processing of all layers that execute the inference processing in this way, the inference processing is completed and the encrypted processing result is obtained.

When the inference processing is completed, the inference processing control unit 22 of the server 20 passes the encrypted processing result to the transmission unit 25. Then, the transmission unit 25 transmits the encrypted processing result to the client device 10 (step S118).

In the client device 10, the receiving unit 17 receives the encrypted processing result and passes it to the decoding unit 16. Further, the decryption unit 16 decrypts the received encrypted processing result with the private key 143 and stores it in the storage unit 14. Then, the display unit 11 displays the information based on the processing result (step S119).

As described above, in the processing of the computer system 1, the server 20 processes the data in the encrypted state, so that it is possible to prevent the data from being leaked. Further, although the data is decrypted and processed in the arithmetic unit 30, it is impossible to retrieve the unencrypted data in the arithmetic unit 30 from the server 20, so that it is possible to prevent the data from leaking. ..

The client device 10 and the server 20 described above can each be configured by a computer device.

FIG. 7 is a configuration diagram of a computer device according to an embodiment. In the present embodiment, the client device 10 and the server 20 are composed of separate computer devices, but these computer devices can have the same configuration except for a part of the configurations. Therefore, in the following description, the computer device constituting the client device 10 and the server 20 will be described for convenience using the computer device shown in FIG. 7.

The computer device 100 includes, for example, a CPU (Central Processing Unit) 101 (processor), a main memory 102, a GPU (Graphics Processing Unit) 103, a reader / writer 104, a communication interface (communication I / F) 105, and auxiliary. It includes a storage device 106, an input / output interface (input / output I / F) 107, a display device 108, and an input device 109. The CPU 101, the main memory 102, the GPU 103, the reader / writer 104, the communication I / F 105, the auxiliary storage device 106, the input / output I / F 107, and the display device 108 are connected via the bus 110. The client device 10 and the server 20 are configured by appropriately selecting some or all of the components described in the computer device 100, respectively. In the present embodiment, in the computer device 100 constituting the server 20, the arithmetic unit 30 is connected via the bus 110. The arithmetic unit 30 may be configured by appropriately selecting some or all of the components of the computer device 100. Further, the CPU 101 may be another type of processor such as an ASIC and an FPGA.

Here, at least one of the main memory 102 and the auxiliary storage device 106 functions as the storage unit 14 of the client device 10 and the storage unit 24 of the server 20. At least one of the main memory 102 and the auxiliary storage device 106 may function as a storage unit of the arithmetic unit 30 described later. Further, at least one of the main memory 102 and the auxiliary storage device 106 may function as the storage unit 60B of the arithmetic unit 60 described later. Further, at least one of the main memory 102 and the auxiliary storage device 106 may function as the storage unit 70B of the arithmetic unit 70 described later.

In the computer device 100 constituting the client device 10, the CPU 101 executes the processing program stored in the auxiliary storage device 106, for example, the display unit 11, the encryption unit 12, the key sharing unit 15, and the decryption unit 16. It may also function as the control unit 60A of the key sharing unit 60 described later. In the computer device 100 constituting the server 20, the CPU 101 may function as, for example, the inference processing control unit 22 by executing the processing program stored in the auxiliary storage device 106. The CPU 101 of the computer device 100 constituting the server 20 may have better processing performance than the CPU 101 of the computer device 100 constituting the client device 10. The CPU 101 may function as a decoding unit 31, an arithmetic execution unit 32, a key sharing unit 33, an encryption unit 34, and a control unit 70A of the key sharing unit 70 described later.

The main memory 102 is, for example, a RAM, a ROM, or the like, and stores a program (processing program or the like) executed by the CPU 101 and various information. The auxiliary storage device 106 is a non-temporary storage device (nonvolatile storage device) such as an HDD (Hard Disk Drive) or SSD (Solid State Drive), and stores a program executed by the CPU 101 and various information. .. In the computer device 100 constituting the client device 10, the main memory 102 stores, for example, the target data 141, the processing result 142, the private key 143, and the public key 144. In the computer device 100 constituting the server 20, the main memory 102 stores, for example, the target data 241 and the model information 242.

The GPU 103 is a processor suitable for executing a specific process such as image processing, and is suitable for executing a process performed in parallel, for example. In this embodiment, the GPU 103 executes a predetermined process according to the instruction of the CPU 101.

The reader / writer 104 has a removable recording medium 111, and reads data from the recording medium 111 and writes data to the recording medium 111. Examples of the recording medium 111 include a non-temporary recording medium (nonvolatile recording medium) such as an SD memory card, an FD (floppy disk: registered trademark), a CD, DVD, a BD (registered trademark), and a flash memory. In the present embodiment, the processing program may be stored in the recording medium 111, read by the reader / writer 104, and used. Further, in the computer device 100 constituting the client device 10, the data to be processed may be stored in the recording medium 111, read by the reader driver 104, and stored in the storage unit 14.

The communication I / F 105 is connected to the network 40 and transmits / receives data to / from another device connected to the network 40. The transmission unit 13, the reception unit 17, the key sharing unit 15, the reception unit 23, the transmission unit 25, and the relay unit 21 of the client device 10 are each composed of the communication I / F 105 and the CPU 101 of the computer device 100 constituting the client device 10. It is composed. The communication I / F 105 may function as an acquisition unit 35 and an output unit 36 in the arithmetic unit 30.

The input / output I / F 107 is connected to an input device 109 such as a mouse or a keyboard, for example. In the computer device 100 constituting the client device 10, the input / output I / F 107 receives an operation input by the user of the client device 10 using the input device 109. Further, in the computer device 100 constituting the server 20, the input / output I / F 107 receives an operation input by the administrator of the server 20 using the input device 109. The input / output I / F 107 may function as an acquisition unit 35 and an output unit 36 in the arithmetic unit 30.

The display device 108 is, for example, a display device such as a liquid crystal display, and displays and outputs various information. The display device 18 functions as a display unit 11 in the client device 10, for example.

Next, the computer system according to the modified example will be described.

A first modification will be described with reference to FIG.
FIG. 8 is a functional configuration diagram of the arithmetic unit according to the first modification. The same components as those of the arithmetic unit 30 according to the embodiment are designated by the same reference numerals, and duplicate description will be omitted.

The arithmetic unit 30A according to the modified example includes the arithmetic execution unit 38 in place of the arithmetic execution unit 32 and the decoding unit 37 in place of the decoding unit 31 in the arithmetic unit 30 described above.
In addition to the functions of the decoding unit 31, the decoding unit 37 receives the designation of the type of operation to be executed from the inference processing control unit 22 via the acquisition unit 35, and passes it to the operation execution unit 38. The processing layer may be specified by a plurality of processing layers.

The calculation execution unit 38 has a plurality of calculation units 381, 382, etc. configured by a hardware circuit that executes processing corresponding to the processing layer 4. The calculation execution unit 38 selects a calculation unit 381 that executes a process corresponding to the designation of the type of calculation passed from the decoding unit 37, and inputs the data passed from the decoding unit 37 to the selected calculation unit. When a plurality of operation type designations are received from the decoding unit 37, the calculation units corresponding to the specifications are sequentially selected, and the processing result data by the calculation unit that executes the previous processing layer is input to the next. Input to the calculation unit of the processing layer.

When using the arithmetic unit 30A according to the modification, the inference processing control unit 22 of the server 20 causes the arithmetic processing 30A to execute the processing of the processing layer, and the type of operation corresponding to the processing layer. It has a function of transmitting the designation of to the arithmetic unit 30A. Further, instead of specifying the type of operation described above, a processing layer may be specified. In this case, the calculation execution unit 38 selects a calculation unit that executes the processing corresponding to the designation of the processing layer.

A second modification will be described with reference to FIGS. 9 to 11.
In the second modification, the private key 143 and the public key 144 are shared between the client device 10 and the arithmetic unit 30 by using the shared common key instead of the shared private key 331 and the shared public key 332. .. That is, in the second modification, the client device 10 and the arithmetic unit 30 each store the shared common key. Then, the client device 10 encrypts the private key 143 and the public key 144 using the shared common key, and transmits the encrypted private key 143 and the public key 144 to the arithmetic device 30. The arithmetic unit 30 receives the encrypted private key 143 and the public key 144, and decrypts the encrypted private key 143 and the public key 144 using the shared common key. As described above, the client device 10 and the arithmetic unit 30 share the private key 143 and the public key 144.

In the second modification, a communication common key may be used instead of the private key 143 and the public key 144. That is, the client device 10 encrypts the communication common key using the shared common key, and transmits the encrypted communication common key to the arithmetic unit 30. The arithmetic unit 30 receives the encrypted communication common key and decrypts the encrypted communication common key using the shared common key. In this case, in the following description, the private key 143 and the public key 144 are read as the communication common key.

The second modification is characterized in a method of sharing the above-mentioned shared common key between the client device 10 and the arithmetic unit 30 in a state of being concealed from the outside. In the following description, a method of sharing the shared common key between the client device 10 and the arithmetic unit 30, which is a feature of the second modification, will be described. The same components as those of the client device 10 and the arithmetic unit 30 according to the embodiment are designated by the same reference numerals, and duplicate description will be omitted.

FIG. 9 is an overall configuration diagram of a computer system according to the second modification.
The client device 10 stores the public key 66. Further, the arithmetic unit 30 stores the private key 75. In the second modification, the arithmetic unit 30 shares the private key 143 and the public key 144 with the client device 10 by using the shared common key created by the process described later, so that the shared secret is shared. It is not necessary to store the key 331 and the shared public key 332.

FIG. 10 is a functional configuration diagram of a key sharing unit included in the client device according to the second modification.
The key sharing unit 60 included in the client device 10 according to the second modification will be described with reference to FIG. The configuration similar to that of the client device 10 according to the embodiment is not shown.

The client device 10 includes a key sharing unit 60 instead of the key sharing unit 15.
The key sharing unit 60 includes a control unit 60A and a storage unit 60B. The control unit 60A includes a verification unit 61, a generation unit 62, a creation unit 63, an encryption unit 64, and a decryption unit 65. Further, the storage unit 60B stores the public key 66 and the shared common key 67. The shared common key 67 is stored as a result of the key sharing process with the arithmetic unit 30.

The public key 66 is a public key corresponding to the private key 75 stored in the arithmetic unit 30. The public key 66 is distributed to a client who is a user of the arithmetic unit 30, for example, when a developer including the developer and the manufacturer of the arithmetic unit 30 stores the private key 75 in the arithmetic unit 30. The public key 66 may be embedded in a DLL (Dynamic Link Library) that is called when an application that executes inference processing is started on the client device 10 and distributed. The public key 66 may be a decryption key corresponding to the private key 75.
The shared common key 67 is a key shared with the arithmetic unit 30 in a state of being concealed from the outside by executing key sharing, and the shared private key 331 and the shared public key 332 in the embodiment. Functions as.

FIG. 11 is a functional configuration diagram of a key sharing unit included in the arithmetic unit according to the second modification.
The key sharing unit 70 included in the arithmetic unit 30 according to the second modification will be described with reference to FIG. The configuration similar to that of the arithmetic unit 30 according to the embodiment is not shown.
The arithmetic unit 30 includes a key sharing unit 70 instead of the key sharing unit 33.
The key sharing unit 70 includes a control unit 70A and a storage unit 70B. The control unit 70A includes a generation unit 71, a creation unit 72, an encryption unit 73, and a decryption unit 74. Further, the storage unit 70B stores the private key 75 and the shared common key 76. The shared common key 76 is stored as a result of the key sharing process with the client device 10.

The private key 75 is stored in the storage unit 70B in a state where it cannot be read from the outside of the arithmetic unit 30. The private key 75 is determined by, for example, the developer of the arithmetic unit 30 and a developer including the manufacturer, and is stored in the storage unit 70B by using a storage method having tamper resistance such as hard wire when the arithmetic unit 30 is manufactured. It may be remembered. The shared common key 76 is a key that is shared in a state of being kept secret from the outside by executing key sharing with the client device 10, and is used as the shared private key 331 and the shared public key 332 in the embodiment. Function. That is, the shared common key 67 stored in the client device 10 and the shared common key 76 stored in the arithmetic unit 30 have the same values.

The key sharing process of the shared common key executed between the client device 10 and the arithmetic unit 30 will be described with reference to FIGS. 2 to 4, 10 and 11. In the following description, it is assumed that the client device 10 and the arithmetic unit 30 share various parameters defining a finite cyclic group, a hash function, and the like.

In the arithmetic unit 30, the generation unit 71 generates a random temporary key a. The temporary key a is a value randomly selected from integers. The creation unit 72 creates the public key aG as a source of a finite cyclic group in which the discrete logarithm problem is difficult by using the temporary key a and the generating source G. The generating source G is, for example, the base point G (base point) of the elliptic curve group. In the following description, the finite cyclic group will be described as an elliptic curve group. Note that the finite cyclic group in the case of finite multiplicative group a finite cyclic group of origin is generated based g, public key g ^a modn is created. n is a prime number. The temporary key a is an example of a first integer. The public key aG is an example of the first public key.

The creation unit 72 applies the hash function H to the public key aG to obtain the hash value H (aG). Further, the creating unit 72 creates the electronic signatures s by using the hash value H (aG) and the private key 75. The digital signature s is, for example, a value obtained by encrypting the hash value H (aG) with the private key 75. Note that when a finite cyclic group is finite multiplicative group hash value ^is H (g a modn).

The output unit 36 transmits the public key aG and the electronic signature s to the client device 10 via the server 20. Specifically, the output unit 36 outputs the public key aG and the electronic signature s to the server 20, and the relay unit 21 of the server 20 transmits the public key aG and the electronic signature s to the client device 10.
In the client device 10, the receiving unit 17 receives the public key aG and the electronic signature s. The verification unit 61 applies a hash function to the public key aG to obtain the hash value H (aG). Then, the verification unit 61 executes signature verification using the hash value H (aG), the electronic signature s, and the public key 66.

An example of signature verification using electronic signatures s will be described. The verification unit 61 applies the hash function H to the public key aG. Further, the verification unit 61 decrypts the electronic signatures s with the public key 66. Then, the verification unit 61 confirms the validity of the public key aG when the value obtained by applying the hash function H to the public key aG and the value obtained by decrypting the electronic signatures s are equal to each other. The legitimacy of the public key aG is to guarantee that the public key aG is created by the arithmetic unit 30 holding the private key 75. For signature verification, for example, a signature algorithm such as RSA, DSA (Digital Signature Algorithm), or ECDSA (Elliptic Curve Digital Signature Algorithm) may be used.

The generation unit 62 generates the temporary key b when the validity of the public key aG is confirmed by the electronic signature s. The temporary key b is a value randomly selected from integers. Then, the creation unit 63 creates the public key bG as the source of the finite cyclic group in which the discrete logarithm problem is difficult by using the temporary key b and the generating source G. When the finite cyclic group is a finite multiplicative group, the generator of the finite cyclic group is the generator g, and the public key g ^b mode is created. The temporary key b is an example of a second integer. The public key bG is an example of the second public key.

The creation unit 63 further applies the hash function H to the value obtained by multiplying the temporary key b and the public key aG to create H (b × aG) as the shared common key 67. Note that when a finite cyclic group is finite multiplicative ^{group, H ((g a modn)} b modn)) is created as sharing a common key 67. Further, the shared common key 67 may be simply b × aG.
The transmission unit 13 transmits the public key bG to the arithmetic unit 30. Specifically, the transmission unit 13 transmits the public key bG to the server 20, and the relay unit 21 of the server 20 inputs the public key bG to the arithmetic unit 30.

In the arithmetic unit 30, the acquisition unit 35 acquires the public key bG. That is, when the validity of the public key aG is confirmed by the electronic signatures on the client device 10, the acquisition unit 35 acquires the public key bG created by the client device 10.
Then, the creation unit 72 applies the hash function H to the temporary key a and the public key bG to create H (a × bG) as the shared common key 76. When the finite cyclic group is a finite multiplicative group, H ((g ^b mode) ^a mode)) is created as a shared common key 76. Further, the shared common key 76 may be simply a × bG.

By the above processing, the client device 10 and the arithmetic unit 30 share the shared common key in a state of being kept secret from the outside. That is, even if the server 20 and other devices acquire the public key aG and the public key bG, the public key aG and the public key bG are difficult to have a discrete logarithmic problem. Therefore, the temporary key a from the public key aG and the public key bG. And the temporary key b cannot be obtained. Further, the server 20 and other devices cannot obtain the temporary key a and the temporary key b from the electronic signatures even if the electronic signatures are acquired. Therefore, the server 20 and other devices that cannot obtain the temporary key a and the temporary key b cannot obtain a × bG and b × aG, so that it is impossible to acquire the shared common key.

Further, the server 20 and other devices generate a temporary key a', replace the public key aG with another value a'G, and transmit it to the client device 10. Further, the server 20 and other devices acquire the public key bG from the client device 10 and create an illegal shared common key a'x bG. As a result, it is conceivable that the server 20 and other devices share an illegal shared common key a'xbG with the client device 10.

Even in this case, since the server 20 and other devices do not have the private key 75, the electronic signature s'corresponding to another value a'G cannot be created. Then, since the client device 10 cannot confirm that another value a'G is valid, the public key bG is not transmitted to the server 20, and the illegal shared common key a'x bG is valid. It is not created as a thing. Therefore, the server 20 and other devices cannot decrypt the encrypted data transmitted from the client device 10 by using the illegal shared common key a'xbG.

As described above, the client device 10 and the arithmetic unit 30 according to the second modification are DH- in which a complicated arithmetic and a plurality of times of communication are generated as a process for preventing a man-in-the-middle attack of the server 20 and other devices. The common key for sharing can be shared without complicated processing such as EKE.

The sharing process of the private key 143 and the public key 144 after sharing the shared common key will be described. In the following processing, when a communication common key is used instead of the private key 143 and the public key 144, the private key 143 and the public key 144 are read as the communication common key.
In the client device 10, the encryption unit 64 encrypts the private key 143 and the public key 144 using the shared common key 67. The transmission unit 13 transmits the encrypted private key 143 and the public key 144 to the arithmetic unit 30. Specifically, the transmission unit 13 transmits the encrypted private key 143 and the public key 144 to the server 20, and the relay unit 21 of the server 20 inputs the encrypted private key 143 and the public key 144 to the arithmetic unit 30. To do.

In the arithmetic unit 30, the acquisition unit 35 acquires the encrypted private key 143 and the public key 144. Then, the decryption unit 74 decrypts the private key 143 and the public key 144 encrypted by using the shared common key 76. As a result, the private key 143 and the public key 144 are shared with the client device 10 and the arithmetic unit 30.

When the private key 143 and the public key 144 are transmitted from the arithmetic unit 30 to the client device 10 and the private key 143 and the public key 144 are shared, the following processing is executed.
In the arithmetic unit 30, the encryption unit 73 encrypts the private key 143 and the public key 144 by using the shared common key 76. The output unit 36 transmits the encrypted private key 143 and public key 144 to the client device 10 via the server 20. Specifically, the output unit 36 outputs the encrypted private key 143 and public key 144 to the server 20, and the relay unit 21 of the server 20 transmits the encrypted private key 143 and public key 144 to the client device 10. To do.

In the client device 10, the receiving unit 17 receives the encrypted private key 143 and the public key 144. The decryption unit 65 decrypts the private key 143 and the public key 144 encrypted by using the shared common key 67. As a result, the private key 143 and the public key 144 are shared with the client device 10 and the arithmetic unit 30.
In the above description, for the sake of simplicity, the encryption unit 64 and the decryption unit 65 have been described as being provided separately from the encryption unit 12 and the decryption unit 16, but the encryption unit 12 and the decryption unit have been described. 16 may function as an encryption unit 64 and a decryption unit 65, respectively. Further, although the encryption unit 73 and the decryption unit 74 have been described as being provided separately from the encryption unit 34 and the decryption unit 31, the encryption unit 34 and the decryption unit 31 are provided separately from the encryption unit 34 and the decryption unit 31, respectively. It may function as 74.

In many cases, there is no problem with the method of the second modification described above, but if the private key 75 is written and distributed to all devices, it is necessary to take measures such as making the storage unit 70B tamper resistant, and the private key. The 75 may not be safely memorized. In this case, the developer or the like determines the temporary key a for each arithmetic unit 30, obtains the electronic signature s of the arithmetic unit 30, and replaces the private key 75 with the temporary key a and the electronic signature s at the time of shipment from the factory. May be written in the storage unit 70B of the arithmetic unit 30. That is, the storage unit 70B stores the temporary key a and the electronic signature s. The storage unit 70B stores the shared common key 76 as a result of the key sharing process with the client device 10.

Specifically, in the arithmetic unit 30, the storage unit 70B stores the electronic signature s created by the developer or the like using the temporary key a, the public key aG, and the private key 75, and the temporary key a. The creation unit 72 creates the public key aG as a source of a finite cyclic group in which the discrete logarithm problem is difficult by using the temporary key a and the generating source G. Then, the output unit 36 outputs the public key aG and the electronic signature s to the client device 10 via the server 20.

In the client device 10, when the validity of the public key aG is confirmed by the electronic signatures, the verification unit 61 creates a shared common key 67 using a random temporary key b and the public key aG. Further, the creation unit 63 creates the public key bG as the source of the finite cyclic group in which the discrete logarithm problem is difficult by using the temporary key b and the generating source G. Then, the transmission unit 13 transmits the public key bG to the arithmetic unit 30 via the server 20.

In the arithmetic unit 30, the acquisition unit 35 acquires the public key bG from the client device 10. The creation unit 72 creates the shared common key 76 by using the temporary key a and the public key bG stored in the pre-storage unit 70B.

Further, another configuration in which the temporary key a is fixed for each arithmetic unit 30 will be described. The developer or the like determines a temporary key a for each arithmetic unit 30, obtains the electronic signature s of the arithmetic unit 30, and creates a finite cyclic group in which the discrete logarithm problem is difficult, which is created by using the temporary key a and the generating source G. Create a public key aG as the source of. Then, the developer or the like writes the temporary key a, the electronic signature s, and the public key aG in the storage unit 70B of the arithmetic unit 30 instead of the private key 75 at the time of shipment from the factory. That is, the storage unit 70B stores the temporary key a, the electronic signature s, and the public key aG. The storage unit 70B stores the shared common key 76 as a result of the key sharing process with the client device 10.

Specifically, in the arithmetic unit 30, the storage unit 70B uses a public key aG created by a developer or the like using the temporary key a and the generation source G, and the temporary key a, the public key aG, and the private key 75. The electronic signature s created by the developer or the like and the temporary key a are stored. Then, the output unit 36 outputs the public key aG and the electronic signature s to the client device 10 via the server 20. Therefore, in the configuration in which the public key aG is stored in the storage unit 70B, the arithmetic unit 30 creates the public key aG as a source of a finite cyclic group in which the discrete logarithm problem is difficult by using the temporary key a and the generating source G. The creation unit 72 may not be provided.

In the client device 10, when the validity of the public key aG is confirmed by the electronic signatures, the verification unit 61 creates a shared common key 67 using a random temporary key b and the public key aG. Further, the creation unit 63 creates the public key bG as the source of the finite cyclic group in which the discrete logarithm problem is difficult by using the temporary key b and the generating source G. Then, the transmission unit 13 transmits the public key bG to the arithmetic unit 30 via the server 20.

In the arithmetic unit 30, the acquisition unit 35 acquires the public key bG from the client device 10. The creation unit 72 creates the shared common key 76 by using the temporary key a and the public key bG stored in the pre-storage unit 70B.

As described above, the temporary key a is fixed for each arithmetic unit 30, and the key sharing process is executed using the configuration in which the temporary key a and the electronic signature s are stored in the storage unit 70B instead of the private key 75. This makes it possible to prevent the private key 75 from leaking to the outside. The configuration of the first modification may be combined with the configuration of the second modification. That is, the key sharing unit 60 of the second modification is applied instead of the key sharing unit 15 of the client device 10 of the first modification, and the key sharing unit 33 of the arithmetic unit 30 of the first modification is replaced with the first. 2 The key sharing unit 70 of the modified example may be applied.

The present invention is not limited to the above-described embodiments and modifications, and can be appropriately modified and implemented without departing from the spirit of the present invention.

For example, in the above embodiment, the client device 10 acquires the shared public key 332 from the arithmetic unit 30, but when the shared public key 332 is acquired in advance and stored in the client device 10. , It is not necessary to execute the processes of steps S101 to S104.

Further, the method of sharing the private key 143 and the public key 144 between the client device 10 and the arithmetic unit 30 is not limited to the above, and another algorithm, for example, DH-EKE (Diffie-Hellman Encrypted Key Exchange) is used. May be good.

Further, in the above embodiment or a modification, the inference processing control unit 22 determines whether the server 20 or the arithmetic unit 30 (30A) executes the processing layer that can perform the calculation with the encrypted data as it is, according to the setting. I was trying to decide. The present invention is not limited to this, and for example, at least one of the processing load of the server 20 and the processing load of the arithmetic unit 30 (30A) is detected, and based on this processing load, the server 20 and the arithmetic unit 30 (30A) You may decide which of the above is to execute the processing layer. For example, the inference processing control unit 22 may cause the arithmetic unit 30 (30A) to execute a processing layer that can perform an operation with the encrypted data as it is when the processing load of the server 20 is a predetermined value or more. Further, the inference processing control unit 22 may execute the processing layer on the server 20 that can perform the calculation with the encrypted data as it is when the processing load of the arithmetic unit 30 (30A) is equal to or more than a predetermined value. As a result, the processing load of the server 20 and the arithmetic unit 30 (30A) can be suppressed.

Further, in the above embodiment or a modification, the arithmetic execution unit 32 (38) of the arithmetic unit 30 (30A) may be provided with a microprocessor capable of executing a simple arithmetic expression. In this case, the inference processing control unit 22 may transmit an arithmetic expression to be executed by the arithmetic unit 30 (30A) and cause a microprocessor capable of executing a simple arithmetic expression to execute a process corresponding to the arithmetic expression. .. In this way, the arithmetic unit 30 (30A) can process the arithmetic that was not configured as a circuit.

Further, the configuration of the neural network model corresponding to the processing executed by the arithmetic system 2 is not limited to the above example, and may have more processing layers, and a processing layer that executes processing different from the above example may be provided. It may be included.

Further, in the above-described embodiment and modification, an example of executing a process corresponding to the neural network model in the arithmetic system 2 has been shown, but the present invention is not limited to this, and for example, a process not corresponding to the neural network model. May be executed.

Further, in the above-described embodiment and modification, the additive homomorphic encryption is used as an example of the homomorphic encryption, but the present invention is not limited to this, and the multiplication homomorphic encryption, the complete homomorphic encryption, and the SomeWhat homomorphic encryption are used. It may be encrypted.

Further, in the above-described embodiment and modification, an example in which data encrypted by homomorphic encryption is processed is shown, but data encrypted by another encryption method is processed. You may.

Further, in the above-described embodiment and modification, an example of executing the inference process is shown, but the present invention is not limited to this, and the present invention can be applied to the case of executing a process different from the inference process.

1 ... Computer system, 2 ... Arithmetic system, 10 ... Client device, 20 ... Server, 30, 30A ... Arithmetic device, 31, 37 ... Decryption unit, 32, 38 ... Arithmetic execution unit, 33, 40, 50 ... Key sharing unit , 34 ... Encryption unit

Claims (23)

An arithmetic unit connected to an information processing device connected to a client device via a network via a bus.
The client device encrypts the data to be processed with the first encryption key and transmits the data to the information processing device, and the encrypted processing result data transmitted from the information processing device is subjected to the first encryption. Decrypt with the first decryption key corresponding to the key,
The arithmetic unit
A key sharing unit that shares the first encryption key and the first decryption key with the client device in a secret state.
An acquisition unit that acquires data encrypted with the first encryption key based on data transmitted from the client device from the information processing device, and an acquisition unit.
A decryption unit that decrypts the data encrypted by the first encryption key acquired by the acquisition unit with the first decryption key, and a decryption unit.
An operation execution unit that executes a predetermined operation on the data decoded by the decoding unit, and
An encryption unit that encrypts the data of the operation result by the operation execution unit with the first encryption key,
An output unit that outputs the encrypted data of the calculation result to the information processing device, and
An arithmetic unit characterized by comprising. The calculation execution unit
It has multiple arithmetic units that can execute different arithmetic,
The acquisition unit acquires an instruction for an operation to be executed on the data from the information processing device, and obtains an instruction for calculation.
The arithmetic unit according to claim 1, wherein the arithmetic execution unit selects an arithmetic unit that executes an arithmetic corresponding to an instruction of the arithmetic, and executes an arithmetic on the data by the selected arithmetic unit. The information processing device transmits a calculation formula for a calculation to be executed by the calculation device to the calculation device.
The arithmetic execution unit of the arithmetic unit
The arithmetic unit according to claim 1, wherein the arithmetic expression received from the information processing apparatus is executed. The arithmetic unit stores the second decryption key so that it cannot be read from the outside.
The first encryption key and the first decryption key encrypted by the second encryption key corresponding to the second decryption key are received from the client device, and the encryption is performed using the second decryption key. The method according to any one of claims 1 to 3, wherein the first encryption key and the first decryption key are shared by decrypting the first encryption key and the first decryption key. Computational device. The key sharing unit is
A generator that generates a random first integer,
A creation unit that creates a first public key as an element of a finite cyclic group in which the discrete logarithm problem is difficult using the first integer and the generator.
With
The output unit
The first public key is transmitted to the client device via the information processing device.
The acquisition unit
From the client device that creates a shared common key using a random second integer and the first public key, there is a discrete logarithm problem created by the client device using the second integer and the generator. The second public key, which is the source of the difficult finite patrol group, and the first encryption key and the first decryption key encrypted by the client device using the shared common key are acquired.
The creation part
A shared common key is created using the first integer and the second public key.
Claims 1 to 1, wherein the decryption unit decrypts the encrypted first encryption key and the first decryption key using the shared common key created by the preparation unit. The arithmetic unit according to any one of 3. The key sharing unit further
Equipped with a storage unit that stores the private key
The creation unit further
A digital signature is created using the private key and the hash value of the public key.
The output unit
The electronic signature is output to the client device via the information processing device.
The acquisition unit
When the validity of the first public key is confirmed by the electronic signature on the client device, the second public key created by the client device, the encrypted first encryption key, and the first public key are used. The arithmetic unit according to claim 5, wherein the decryption key is acquired. The key sharing unit is
A storage unit that stores a first integer and an electronic signature created by using the first integer, the first public key, and the private key.
A creation unit that creates a first public key as an element of a finite cyclic group in which the discrete logarithm problem is difficult using the first integer and the generator.
With
The output unit
The electronic signature and the first public key are output to the client device via the information processing device.
The acquisition unit
When the validity of the first public key is confirmed by executing the verification of the electronic signature, the client device that creates a shared common key using the random second integer and the first public key Using the second public key, which is the source of the finite circuit group in which the discrete logarithm problem is difficult, created by the client device using the second integer and the generator, and the shared common key in the client device. Obtain the encrypted first encryption key and the first decryption key,
The creation part
A shared common key is created using the first integer and the second public key.
Claims 1 to 1, wherein the decryption unit decrypts the encrypted first encryption key and the first decryption key using the shared common key created by the preparation unit. The arithmetic unit according to any one of 3. The key sharing unit is
A finite cyclic group with a first integer, an electronic signature created using the first integer, the first public key, and a private key, and a discrete logarithmic problem created using the first integer and the generator. Equipped with a storage unit that stores the original first public key
The output unit
The electronic signature and the first public key are output to the client device via the information processing device.
The acquisition unit
When the validity of the first public key is confirmed by executing the verification of the electronic signature, the client device that creates a shared common key using the random second integer and the first public key Using the second public key, which is the source of the finite circuit group in which the discrete logarithm problem is difficult, created by the client device using the second integer and the generator, and the shared common key in the client device. Obtain the encrypted first encryption key and the first decryption key,
The creation part
A shared common key is created using the first integer and the second public key.
Claims 1 to 1, wherein the decryption unit decrypts the encrypted first encryption key and the first decryption key using the shared common key created by the preparation unit. The arithmetic unit according to any one of 3. The shared common key is
The arithmetic unit according to any one of claims 5 to 8, wherein the value is a value obtained by applying a hash value to a value using the first integer and the second public key. An arithmetic unit connected to an information processing device connected to a client device via a network via a bus.
The client device encrypts the data to be processed with the communication common key, transmits the data to the information processing device, and transmits the encrypted processing result data transmitted from the information processing device to the communication common. Decrypt with key,
The arithmetic unit
A key sharing unit that shares the communication common key with the client device in a secret state from the outside.
An acquisition unit that acquires data encrypted with the communication common key based on data transmitted from the client device from the information processing device, and an acquisition unit.
A decryption unit that decrypts data acquired by the acquisition unit and encrypted with the communication common key with the communication common key, and a decoding unit.
An operation execution unit that executes a predetermined operation on the data decoded by the decoding unit, and
An encryption unit that encrypts the data of the operation result by the operation execution unit with the communication common key,
An output unit that outputs the encrypted data of the calculation result to the information processing device, and
An arithmetic unit characterized by comprising. The calculation execution unit
It has multiple arithmetic units that can execute different arithmetic,
The acquisition unit acquires an instruction for an operation to be executed on the data from the information processing device, and obtains an instruction for calculation.
The arithmetic unit according to claim 10, wherein the arithmetic execution unit selects an arithmetic unit that executes an arithmetic corresponding to an instruction of the arithmetic, and executes an arithmetic on the data by the selected arithmetic unit. The information processing device transmits a calculation formula for a calculation to be executed by the calculation device to the calculation device.
The arithmetic execution unit of the arithmetic unit
The arithmetic unit according to claim 10, wherein the arithmetic expression received from the information processing apparatus is executed. The arithmetic unit stores the second decryption key so that it cannot be read from the outside.
The communication common key encrypted with the second encryption key corresponding to the second decryption key is received from the client device, and the communication common key encrypted with the second decryption key is used. The arithmetic apparatus according to any one of claims 10 to 12, wherein the common key for communication is shared by decrypting the above. The key sharing unit is
A generator that generates a random first integer,
A creation unit that creates a first public key as an element of a finite cyclic group in which the discrete logarithm problem is difficult using the first integer and the generator.
With
The output unit
The first public key is transmitted to the client device via the information processing device.
The acquisition unit
From the client device that creates a shared common key using a random second integer and the first public key, there is a discrete logarithm problem created by the client device using the second integer and the generator. The second public key, which is the source of the difficult finite cyclic group, and the communication common key encrypted by the client device using the shared common key are acquired.
The creation part
A shared common key is created using the first integer and the second public key.
Any one of claims 10 to 12, wherein the decryption unit decrypts the encrypted common key for communication by using the common key for sharing created by the preparation unit. The arithmetic unit described in. The key sharing unit further
Equipped with a storage unit that stores the private key
The creation unit further
A digital signature is created using the private key and the hash value of the public key.
The output unit
The electronic signature is output to the client device via the information processing device.
The acquisition unit
When the validity of the first public key is confirmed by the electronic signature on the client device, the second public key created by the client device and the encrypted common key for communication are acquired. The arithmetic unit according to claim 14, characterized in that. The key sharing unit is
A storage unit that stores a first integer and an electronic signature created by using the first integer, the first public key, and the private key.
A creation unit that creates a first public key as an element of a finite cyclic group in which the discrete logarithm problem is difficult using the first integer and the generator.
With
The output unit
The electronic signature and the first public key are output to the client device via the information processing device.
The acquisition unit
When the validity of the first public key is confirmed by executing the verification of the electronic signature, the client device that creates a shared common key using a random second integer and the first public key Using the second public key, which is the source of the finite cyclic group in which the discrete logarithmic problem is difficult, created by the client device using the second integer and the generator, and the shared common key in the client device. Obtain the encrypted common key for communication and
The creation part
A shared common key is created using the first integer and the second public key.
Any one of claims 10 to 12, wherein the decryption unit decrypts the encrypted common key for communication by using the common key for sharing created by the preparation unit. The arithmetic unit described in. The key sharing unit is
A finite cyclic group with a first integer, an electronic signature created using the first integer, the first public key, and a private key, and a discrete logarithmic problem created using the first integer and the generator. Equipped with a storage unit that stores the original first public key
The output unit
The electronic signature and the first public key are output to the client device via the information processing device.
The acquisition unit
When the validity of the first public key is confirmed by executing the verification of the electronic signature, the client device that creates a shared common key using a random second integer and the first public key Using the second public key, which is the source of the finite cyclic group in which the discrete logarithm problem is difficult, created by the client device using the second integer and the generator, and the shared common key in the client device. Obtain the encrypted common key for communication and
The creation part
A shared common key is created using the first integer and the second public key.
Any one of claims 10 to 12, wherein the decryption unit decrypts the encrypted common key for communication by using the common key for sharing created by the preparation unit. The arithmetic unit described in. The shared common key is
The arithmetic unit according to any one of claims 14 to 17, wherein the value is a value obtained by applying a hash value to a value using the first integer and the second public key. An arithmetic system including an information processing device connected to a client device via a network and an arithmetic device connected to the information processing device via a bus.
The client device encrypts the data to be processed with the first encryption key and transmits the data to the information processing device, and the encrypted processing result data transmitted from the information processing device is subjected to the first encryption. Decrypt with the first decryption key corresponding to the key,
The arithmetic unit
A key sharing unit that shares the first encryption key and the first decryption key with the client device in a secret state.
An acquisition unit that acquires data encrypted with the first encryption key based on data transmitted from the client device from the information processing device, and an acquisition unit.
A decoding unit that decodes the data acquired by the acquisition unit with the first decoding key, and
An operation execution unit that executes a predetermined operation on the data decoded by the decoding unit, and
An encryption unit that encrypts the data of the operation result by the operation execution unit with the first encryption key,
It has an output unit that outputs the encrypted data of the calculation result to the information processing apparatus.
The information processing device
A receiving unit that receives data encrypted with the first encryption key from the client device, and
An arithmetic control unit that calculates the result of the processing by causing the arithmetic execution unit of the arithmetic unit to execute at least an operation that cannot be executed with the encrypted data during the processing to be executed on the data. When,
A transmitter that transmits the result of the process to the client device,
An arithmetic system characterized by being equipped with. The first encryption key and the first decryption key are keys that follow a homomorphic encryption method.
The arithmetic control unit of the information processing device
The arithmetic system according to claim 19, wherein at least a part of an arithmetic that can be executed as it is is executed on the encrypted data being processed. The process executed for the data is an inference process realized by a neural network model including a convolution layer that performs a convolution operation and an activation layer that executes an activation operation on the calculation result of the convolution layer. And
The calculation control unit executes at least the calculation of the convolution layer,
The arithmetic system according to claim 20, wherein the arithmetic execution unit of the arithmetic unit executes an arithmetic of the activation layer. The arithmetic control unit
Which of the self-information processing apparatus during the processing and the arithmetic unit can execute the arithmetic based on at least one of the processing load of the information processing apparatus and the processing load of the arithmetic unit. The arithmetic system according to claim 19, wherein the arithmetic system is controlled. It is a calculation method by a calculation device in a calculation system including an information processing device connected to a client device via a network and a calculation device connected to the information processing device via a bus.
The client device encrypts the data to be processed with the first encryption key and transmits the data to the information processing device, and the encrypted processing result data transmitted from the information processing device is subjected to the first encryption. Decrypt with the first decryption key corresponding to the key,
The arithmetic unit
The first encryption key and the first decryption key are shared with the client device in a secret state.
Data encrypted with the first encryption key based on the data transmitted from the client device is acquired from the information processing device.
Decrypt the acquired data with the first decryption key,
Performs a predetermined operation on the decrypted data and
The calculation result data is encrypted with the first encryption key,
A calculation method for outputting the encrypted data of the calculation result to the information processing apparatus.