TWI814642B - Privacy computing method based on homomorphic encryption - Google Patents

Privacy computing method based on homomorphic encryption Download PDF

Info

Publication number
TWI814642B
TWI814642B TW111143838A TW111143838A TWI814642B TW I814642 B TWI814642 B TW I814642B TW 111143838 A TW111143838 A TW 111143838A TW 111143838 A TW111143838 A TW 111143838A TW I814642 B TWI814642 B TW I814642B
Authority
TW
Taiwan
Prior art keywords
ciphertext
mantissa
data
parameter
exponent
Prior art date
Application number
TW111143838A
Other languages
Chinese (zh)
Other versions
TW202422392A (en
Inventor
顧昱得
許之凡
陳維超
劉峰豪
張明清
Original Assignee
英業達股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 英業達股份有限公司 filed Critical 英業達股份有限公司
Priority to TW111143838A priority Critical patent/TWI814642B/en
Application granted granted Critical
Publication of TWI814642B publication Critical patent/TWI814642B/en
Publication of TW202422392A publication Critical patent/TW202422392A/en

Links

Landscapes

  • Telephone Function (AREA)
  • Telephonic Communication Services (AREA)
  • Storage Device Security (AREA)
  • Helmets And Other Head Coverings (AREA)

Abstract

The present disclosure provides a privacy computing method based on homomorphic encryption, which includes steps as follows. The ciphertext data is received, where the ciphertext data has a floating-point homomorphic encryption data structure, and the floating-point homomorphic encryption data structure of the ciphertext data includes the ciphertext mantissa, exponent parameter and gain parameter. The gain parameter sets the precision of the floating point corresponding to the ciphertext mantissa. The exponent parameter is suitable for multiplication or division. The artificial intelligence model performs operations on the ciphertext data to return the ciphertext result.

Description

基於同態加密的隱私運算方法Privacy computing method based on homomorphic encryption

本發明是有關於一種運算方法,且特別是有關於一種基於同態加密的隱私運算方法。The present invention relates to an operation method, and in particular to a privacy operation method based on homomorphic encryption.

目前神經網路有兩種常見使用方法。(1)由資料擁有者提供資料給模型擁有者運算,再將結果回傳給資料擁有者。(2)模型擁有者將模型傳送給資料擁有者,由資料擁有者運算模型得到結果。這兩種方法皆會讓兩方中任一方有隱私外洩的風險。There are currently two common ways to use neural networks. (1) The data owner provides data to the model owner for calculation, and then returns the results to the data owner. (2) The model owner transmits the model to the data owner, and the data owner calculates the model and obtains the results. Both methods expose either party to the risk of privacy leakage.

目前常見隱私計算的方法有三種。(1)機密計算(Confidential Computing),讓雙方共同將資料與模型在一個可信任執行環境(Trust Execution Environment)運算,硬體會為這個環境單獨分配一個隔離的記憶體空間,拒絕任何神經網路模型之外指令的讀取,確保隱私。(2) 安全多方計算(Secure Multi-Party Computation),解決一組互不信任的參與方各自持有秘密數據,協同計算一個既定函數的問題。目前安全多方計算主要通過混淆電路實現讓兩個參與方能在互相不知曉對方數據的情況下計算某一函數,會需要龐大的計算量及通信量,且較適合簡單邏輯運算。(3)同態加密(Homomorphic encryption),支持在加密之後的密文上進行計算,且計算結果解密後的內容近似明文的計算結果。There are currently three common privacy calculation methods. (1) Confidential Computing allows both parties to jointly calculate data and models in a Trust Execution Environment. The hardware will allocate an isolated memory space to this environment and reject any neural network model. Reading of external instructions ensures privacy. (2) Secure Multi-Party Computation (Secure Multi-Party Computation) solves the problem of a group of mutually distrustful participants each holding secret data and collaboratively calculating a given function. At present, secure multi-party computing is mainly implemented through confusion circuits, which allow two participants to calculate a certain function without knowing each other's data. This requires a huge amount of calculation and communication, and is more suitable for simple logical operations. (3) Homomorphic encryption supports calculations on the encrypted ciphertext, and the decrypted content of the calculation results is similar to the calculation results of the plaintext.

然而,現有全同態加密方法支援加密資料於神經網路模型內的非線性函數的運算通常使用以下兩種方法實現。(1)近似計算同態加密算法 (CKKS)使用泰勒展開式近似非現性函數,這方法需要大量的乘法運算且無法完全近似 (只能小區間近似),因此會降低神經網路運算的精準度。(2)使用基於GSW技術的同態加密(Fully Homomorphic Encryption Based On GSW, FHEW)方案中透過自舉(Bootstrapping)的過程中建構查找表 (Lookup Table)來實現非線性函數,這方法目前只支援容錯學習問題(Learning with errors, LWE)為基礎的整數加密方案,並無支援浮點數運算,無法有效用於神經網路運算。However, existing fully homomorphic encryption methods that support the operation of nonlinear functions on encrypted data within neural network models are usually implemented using the following two methods. (1) Approximate Computing Homomorphic Encryption Algorithm (CKKS) uses Taylor expansion to approximate non-occurring functions. This method requires a large number of multiplication operations and cannot be completely approximated (can only be approximated in small intervals), so it will reduce the accuracy of neural network operations. Spend. (2) Use the Fully Homomorphic Encryption Based On GSW (FHEW) solution based on GSW technology to construct a lookup table (Lookup Table) during the bootstrapping process to implement nonlinear functions. This method currently only supports The integer encryption scheme based on Learning with Errors (LWE) does not support floating point operations and cannot be effectively used in neural network operations.

本發明提出一種基於同態加密的隱私運算方法,改善先前技術的問題。The present invention proposes a privacy computing method based on homomorphic encryption to improve the problems of the prior art.

在本發明的一些實施例中,本發明所提出的基於同態加密的隱私運算方法,其包含以下步驟:將明文資料編碼及加密成密文資料,密文資料具有浮點數同態加密資料結構,密文資料的浮點數同態加密資料結構包含密文尾數、指數參數與增益參數,增益參數設定密文尾數對應的浮點數的精度,指數參數適用於乘法或除法;將密文資料傳送給人工智能模型,使人工智能模型對密文資料進行運算以回傳密文結果;將密文結果解碼及解密成明文結果。In some embodiments of the present invention, the privacy computing method based on homomorphic encryption proposed by the present invention includes the following steps: encoding and encrypting plaintext data into ciphertext data, and the ciphertext data has floating-point homomorphic encryption data Structure, the homomorphic encryption data structure of floating point numbers of ciphertext data includes ciphertext mantissa, exponent parameter and gain parameter. The gain parameter sets the precision of the floating point number corresponding to the ciphertext mantissa. The exponent parameter is suitable for multiplication or division; the ciphertext is The data is sent to the artificial intelligence model, which allows the artificial intelligence model to perform operations on the ciphertext data to return the ciphertext result; it decodes and decrypts the ciphertext result into a plaintext result.

在本發明的一些實施例中,明文資料包含帶小數的實數,將明文資料編碼及加密成密文資料的步驟包含:將帶小數的實數乘以增益參數並除以指數參數以得出明文尾數;將明文尾數加密成密文尾數,密文尾數為整數。In some embodiments of the present invention, the plaintext data includes real numbers with decimals, and the step of encoding and encrypting the plaintext data into ciphertext data includes: multiplying the real numbers with decimals by the gain parameter and dividing by the exponent parameter to obtain the plaintext mantissa. ; Encrypt the plaintext mantissa into the ciphertext mantissa, and the ciphertext mantissa is an integer.

在本發明的一些實施例中,密文結果具有一浮點數同態加密資料結構,密文結果的浮點數同態加密資料結構包含另一密文尾數、另一指數參數與另一增益參數,將密文結果解碼及解密成明文結果的步驟包含:將該另一密文尾數解密成明文尾數;將明文尾數除以該另一增益參數並乘以該另一指數參數以得出明文結果。In some embodiments of the present invention, the ciphertext result has a floating-point homomorphically encrypted data structure, and the floating-point homomorphically encrypted data structure of the ciphertext result includes another ciphertext mantissa, another exponent parameter, and another gain. parameter, the steps of decoding and decrypting the ciphertext result into the plaintext result include: decrypting the other ciphertext mantissa into the plaintext mantissa; dividing the plaintext mantissa by the other gain parameter and multiplying by the other exponent parameter to obtain the plaintext result.

在本發明的一些實施例中,本發明所提出的基於同態加密的隱私運算方法,其包含以下步驟:接收密文資料,密文資料具有浮點數同態加密資料結構,密文資料的浮點數同態加密資料結構包含密文尾數、指數參數與增益參數,增益參數設定密文尾數對應的浮點數的精度,指數參數適用於乘法或除法;透過人工智能模型對密文資料進行運算以回傳密文結果。In some embodiments of the present invention, the privacy computing method based on homomorphic encryption proposed by the present invention includes the following steps: receiving ciphertext data, the ciphertext data has a floating-point number homomorphic encryption data structure, and the ciphertext data The homomorphic encryption data structure of floating point numbers includes ciphertext mantissa, exponent parameter and gain parameter. The gain parameter sets the precision of the floating point number corresponding to the ciphertext mantissa. The exponent parameter is suitable for multiplication or division; the ciphertext data is processed through the artificial intelligence model. Operate to return the ciphertext result.

在本發明的一些實施例中,密文資料包含一第一密文資料與第二密文資料,第一密文資料的浮點數同態加密資料結構包含第一密文尾數、指數參數與增益參數,第二密文資料的浮點數同態加密資料結構包含第二密文尾數、指數參數與增益參數,人工智能模型對密文資料所進行的運算包含加法運算,加法運算包含:當第一密文資料的指數參數與第二密文資料的指數參數相同時,將第一密文資料的第一密文尾數與第二密文資料的第二密文尾數相加以得出第三密文資料的第三密文尾數,第三密文資料的浮點數同態加密資料結構包含第三密文尾數、指數參數與增益參數。In some embodiments of the present invention, the ciphertext data includes a first ciphertext data and a second ciphertext data, and the floating-point homomorphically encrypted data structure of the first ciphertext data includes a first ciphertext mantissa, an exponent parameter and Gain parameter, the floating point homomorphic encryption data structure of the second ciphertext data includes the second ciphertext mantissa, exponent parameter and gain parameter. The operation performed by the artificial intelligence model on the ciphertext data includes addition operation, and the addition operation includes: when When the exponent parameter of the first ciphertext data is the same as the exponent parameter of the second ciphertext data, the first ciphertext mantissa of the first ciphertext data and the second ciphertext mantissa of the second ciphertext data are added to obtain the third The third ciphertext mantissa of the ciphertext data, and the floating-point number homomorphically encrypted data structure of the third ciphertext data include the third ciphertext mantissa, exponent parameter and gain parameter.

在本發明的一些實施例中,密文資料包含第一密文資料與第二密文資料,第一密文資料的浮點數同態加密資料結構包含第一密文尾數、第一指數參數與增益參數,第二密文資料的浮點數同態加密資料結構包含第二密文尾數、第二指數參數與增益參數,人工智能模型對密文資料所進行的運算包含一加法運算,加法運算包含:當第一指數參數與第二指數參數不同時,將第一指數參數除以第二指數參數以得出乘數,將第一密文尾數乘以乘數以得出新的第一密文尾數,將第一密文資料的第二指數參數替換為第一指數參數;將第一密文資料的新的第一密文尾數與第二密文資料的第二密文尾數相加以得出第三密文資料的第三密文尾數,第三密文資料的浮點數同態加密資料結構包含第三密文尾數、第一指數參數與增益參數。In some embodiments of the present invention, the ciphertext data includes first ciphertext data and second ciphertext data, and the floating-point homomorphically encrypted data structure of the first ciphertext data includes a first ciphertext mantissa and a first exponent parameter. and gain parameters. The floating-point homomorphic encryption data structure of the second ciphertext data includes the second ciphertext mantissa, the second exponent parameter and the gain parameter. The operation performed by the artificial intelligence model on the ciphertext data includes an addition operation. The operation includes: when the first exponent parameter is different from the second exponent parameter, divide the first exponent parameter by the second exponent parameter to obtain a multiplier, and multiply the first ciphertext mantissa by the multiplier to obtain a new first Ciphertext mantissa, replace the second exponent parameter of the first ciphertext data with the first exponent parameter; add the new first ciphertext mantissa of the first ciphertext data and the second ciphertext mantissa of the second ciphertext data. The third ciphertext mantissa of the third ciphertext data is obtained. The floating-point homomorphically encrypted data structure of the third ciphertext data includes the third ciphertext mantissa, the first exponent parameter and the gain parameter.

在本發明的一些實施例中,人工智能模型對密文資料所進行的運算包含乘法運算,乘法運算包含:將密文資料的指數參數乘以乘數以得出密文資料的新的指數參數。In some embodiments of the present invention, the operation performed by the artificial intelligence model on the ciphertext data includes a multiplication operation, and the multiplication operation includes: multiplying the exponent parameter of the ciphertext data by a multiplier to obtain a new exponent parameter of the ciphertext data. .

在本發明的一些實施例中,人工智能模型對密文資料所進行的運算包含:透過人工智能模型的功能自舉(Functional Bootstrapping)對密文尾數去除雜訊並執行查表功能以實現非線性函數的運算。In some embodiments of the present invention, the operation performed by the artificial intelligence model on the ciphertext data includes: removing noise from the ciphertext mantissa through functional bootstrapping of the artificial intelligence model and performing a table lookup function to achieve nonlinearity. Function operations.

在本發明的一些實施例中,基於同態加密的隱私運算方法更包含:在人工智能模型的訓練完成以後,調整人工智能模型中查找表的內容以及功能自舉中擷取(Extraction)的編碼器(Encoder),以避免運算過程中的溢位。In some embodiments of the present invention, the privacy computing method based on homomorphic encryption further includes: after the training of the artificial intelligence model is completed, adjusting the contents of the lookup table in the artificial intelligence model and the encoding of extraction in function bootstrapping Encoder to avoid overflow during operation.

在本發明的一些實施例中,基於同態加密的隱私運算方法更包含:在人工智能模型的訓練完成以後,對人工智能模型逐層搜索適用於神經元的權重歸零的數值以做為閥值;將人工智能模型的神經元中小於閥值的權重歸零。In some embodiments of the present invention, the privacy computing method based on homomorphic encryption further includes: after the training of the artificial intelligence model is completed, searching the artificial intelligence model layer by layer for a value suitable for zeroing the weight of the neuron as a valve. value; reset the weights in the neurons of the artificial intelligence model that are smaller than the threshold to zero.

綜上所述,本發明之技術方案與現有技術相比具有明顯的優點和有益效果。本發明的基於同態加密的隱私運算方法可以讓加密資料運行人工智能模型(如:神經網路)得到精準答案。有別於明文運算,本發明不會洩漏資料擁有者與模型擁有者的隱私。相較於機密計算,本發明無須特殊的硬體支援的可信任執行環境。相較於安全多方計算,本發明可以執行複雜的運算也無須模型擁有者與資料擁有者雙方大量的交互工作。相較於過去的同態加密方案,本發明提升同態加密在人工智能模型(如:神經網路模型)運算的效率與精準度。To sum up, the technical solution of the present invention has obvious advantages and beneficial effects compared with the existing technology. The privacy computing method based on homomorphic encryption of the present invention can allow the encrypted data to run an artificial intelligence model (such as a neural network) to obtain accurate answers. Different from plaintext operations, this invention does not leak the privacy of data owners and model owners. Compared with confidential computing, the present invention does not require a trusted execution environment supported by special hardware. Compared with secure multi-party computation, the present invention can perform complex operations without requiring a large amount of interaction between the model owner and the data owner. Compared with past homomorphic encryption solutions, the present invention improves the efficiency and accuracy of homomorphic encryption in artificial intelligence models (such as neural network models).

以下將以實施方式對上述之說明作詳細的描述,並對本發明之技術方案提供更進一步的解釋。The above description will be described in detail in the following embodiments, and a further explanation of the technical solution of the present invention will be provided.

為了使本發明之敘述更加詳盡與完備,可參照所附之圖式及以下所述各種實施例,圖式中相同之號碼代表相同或相似之元件。另一方面,眾所週知的元件與步驟並未描述於實施例中,以避免對本發明造成不必要的限制。In order to make the description of the present invention more detailed and complete, reference may be made to the attached drawings and the various embodiments described below. The same numbers in the drawings represent the same or similar components. On the other hand, well-known components and steps are not described in the embodiments to avoid unnecessary limitations on the present invention.

請參照第1圖,本發明之技術態樣是一種基於同態加密的隱私運算方法,其可應用在各類運算,或是廣泛地運用在相關之技術環節。本技術態樣之基於同態加密的隱私運算方法可達到相當的技術進步,並具有産業上的廣泛利用價值。以下將搭配第1圖來說明基於同態加密的隱私運算方法之具體實施方式。Please refer to Figure 1. The technical aspect of the present invention is a private computing method based on homomorphic encryption, which can be applied to various operations or widely used in related technical links. The privacy computing method based on homomorphic encryption of this technical aspect can achieve considerable technological progress and has widespread industrial utilization value. The following will illustrate the specific implementation of the privacy computing method based on homomorphic encryption with the help of Figure 1.

於一些實施例中,基於同態加密的隱私運算方法的多種實施方式係搭配第1圖進行描述。於以下描述中,為了便於解釋,進一步設定許多特定細節以提供一或多個實施方式的全面性闡述。然而,本技術可在沒有這些特定細節的情況下實施。於其他舉例中,為了有效描述這些實施方式,已知結構與裝置以方塊圖形式顯示。此處使用的「舉例而言」的用語,以表示「作為例子、實例或例證」的意思。此處描述的作為「舉例而言」的任何實施例,無須解讀為較佳或優於其他實施例。In some embodiments, various implementations of the privacy computing method based on homomorphic encryption are described with reference to Figure 1 . In the following description, for convenience of explanation, numerous specific details are further set forth to provide a comprehensive explanation of one or more embodiments. However, the technology may be practiced without these specific details. In other instances, well-known structures and devices are shown in block diagram form in order to effectively describe the embodiments. The word "for example" used here means "as an example, instance or illustration". Any embodiment described herein is "by way of example" and is not necessarily to be construed as preferred or superior to other embodiments.

第1圖是依照本發明一實施例之一種基於同態加密的隱私運算方法的流程圖。如第1圖所示,基於同態加密的隱私運算方法包含步驟S101~S105、S111~S114(應瞭解到,在本實施例中所提及的步驟,除特別敘明其順序者外,均可依實際需要調整其前後順序,甚至可同時或部分同時執行)。Figure 1 is a flow chart of a privacy computing method based on homomorphic encryption according to an embodiment of the present invention. As shown in Figure 1, the privacy operation method based on homomorphic encryption includes steps S101~S105, S111~S114 (it should be understood that the steps mentioned in this embodiment, unless the order is specifically stated, are The sequence can be adjusted according to actual needs, and can even be executed simultaneously or partially simultaneously).

於步驟S101,資料擁有者的電腦裝置提供明文資料。於步驟S102,資料擁有者的電腦裝置執行編碼與加密模組以將明文資料編碼及加密成密文資料,密文資料具有浮點數同態加密資料結構。於步驟S103,資料擁有者的電腦裝置將密文資料傳送給模型擁有者的電腦裝置。於步驟S113,模型擁有者的電腦裝置接收密文資料,並執行人工智能模型(如:神經網路模型)對密文資料進行運算以得出密文結果;在一些實施例中,人工智能模型執行密文-密文加法模組、密文-明文乘法模組以及密文查表模組。於步驟S114,模型擁有者的電腦裝置將密文結果回傳給資料擁有者的電腦裝置。於步驟S104,資料擁有者的電腦裝置執行解密與解碼模組將密文結果解碼及解密成明文結果。於步驟S105,資料擁有者的電腦裝置儲存明文結果。In step S101, the computer device of the data owner provides plain text data. In step S102, the computer device of the data owner executes the encoding and encryption module to encode and encrypt the plaintext data into ciphertext data, and the ciphertext data has a floating-point homomorphically encrypted data structure. In step S103, the computer device of the data owner transmits the encrypted data to the computer device of the model owner. In step S113, the computer device of the model owner receives the ciphertext data and executes an artificial intelligence model (such as a neural network model) to operate on the ciphertext data to obtain a ciphertext result; in some embodiments, the artificial intelligence model Execute the ciphertext-ciphertext addition module, ciphertext-plaintext multiplication module and ciphertext table lookup module. In step S114, the computer device of the model owner returns the ciphertext result to the computer device of the data owner. In step S104, the computer device of the data owner executes the decryption and decoding module to decode and decrypt the ciphertext result into a plaintext result. In step S105, the data owner's computer device stores the plaintext result.

另一方面,於步驟S111,模型擁有者的電腦裝置預先對人工智能模型進行訓練。在人工智能模型的訓練完成以後,於步驟S112,模型擁有者的電腦裝置執行功能自舉(Functional Bootstrapping)參數自動調整模組以調整人工智能模型中查找表的內容以及功能自舉中擷取(Extraction)的編碼器(Encoder),以避免運算過程中的溢位,下列將以實施例進一步說明。模型擁有者的電腦裝置執行神經元權重調整閥值搜索模組對人工智能模型逐層搜索適用於神經元的權重歸零的數值以做為閥值,並執行神經元權重調整模組將人工智能模型的神經元中小於閥值的權重歸零,以減少運算上帶來的誤差。On the other hand, in step S111, the computer device of the model owner trains the artificial intelligence model in advance. After the training of the artificial intelligence model is completed, in step S112, the computer device of the model owner executes a functional bootstrapping parameter automatic adjustment module to adjust the content of the lookup table in the artificial intelligence model and the parameters extracted from the functional bootstrapping ( Extraction) encoder (Encoder) to avoid overflow during the operation, which will be further explained in the following examples. The computer device of the model owner executes the neuron weight adjustment threshold search module to search the artificial intelligence model layer by layer for a value suitable for zeroing the weight of the neurons as a threshold, and executes the neuron weight adjustment module to adjust the artificial intelligence The weights in the neurons of the model that are smaller than the threshold are reset to zero to reduce errors in operations.

第2圖是依照本發明另一實施例之一種基於同態加密的隱私運算方法的方塊圖。如第2圖所示,基於同態加密的隱私運算方法包含步驟S201~S207(應瞭解到,在本實施例中所提及的步驟,除特別敘明其順序者外,均可依實際需要調整其前後順序,甚至可同時或部分同時執行)。Figure 2 is a block diagram of a privacy computing method based on homomorphic encryption according to another embodiment of the present invention. As shown in Figure 2, the privacy operation method based on homomorphic encryption includes steps S201 to S207 (it should be understood that, unless the order of the steps mentioned in this embodiment is specifically stated, all of them can be changed according to actual needs. Adjust the order before and after, and even execute them simultaneously or partially simultaneously).

於步驟S201,對明文資料m 1進行編碼,藉以將明文資料m 1乘以增益參數Gain(如:g)並除以指數參數Exponent(如:1)以得出尾數Mantissa(如:明文尾數為m 1*g)。於步驟S202,將尾數Mantissa加密成密文尾數LWE(m 1*g)(如:基於容錯學習問題的密文尾數)。在一些實施例中,密文資料的浮點數同態加密資料結構包含密文尾數LWE(m 1*g)、指數參數Gain與增益參數Exponent,增益參數Gain設定密文尾數LWE(m 1*g)對應的浮點數的精度(小數點後幾位),指數參數Exponent(可預設為1)適用於乘法或除法。 In step S201, the plaintext data m 1 is encoded, whereby the plaintext data m 1 is multiplied by the gain parameter Gain (for example: g) and divided by the exponent parameter Exponent (for example: 1) to obtain the mantissa Mantissa (for example: the plaintext mantissa is m 1 *g). In step S202, the mantissa Mantissa is encrypted into the ciphertext mantissa LWE(m 1 *g) (for example: the ciphertext mantissa based on a fault-tolerant learning problem). In some embodiments, the floating-point homomorphic encryption data structure of the ciphertext data includes the ciphertext mantissa LWE(m 1 *g), the exponent parameter Gain, and the gain parameter Exponent. The gain parameter Gain sets the ciphertext mantissa LWE(m 1 * g) The precision of the corresponding floating point number (digits after the decimal point). The exponent parameter Exponent (can be preset to 1) is suitable for multiplication or division.

於步驟S203,人工智能模型對密文資料進行矩陣運算(如:加法運算、乘法運算…等),以得出密文尾數LWE(m 2)以及指數參數Exponent為n,增益參數Gain仍為g。於步驟S204,對指數參數Exponent重新縮放(如:除法運算),使指數參數Exponent為m。 In step S203, the artificial intelligence model performs matrix operations (such as addition operations, multiplication operations, etc.) on the ciphertext data to obtain the ciphertext mantissa LWE (m 2 ) and the exponent parameter Exponent is n, and the gain parameter Gain is still g. . In step S204, the exponential parameter Exponent is rescaled (such as division operation) so that the exponential parameter Exponent is m.

於步驟S205,透過人工智能模型的功能自舉對密文尾數LWE(m 2)去除雜訊並執行查表功能以實現非線性函數的運算,從而得出密文結果的密文尾數LWE(m 2/2) 。在一些實施例中,密文資料的浮點數同態加密資料結構包含密文尾數LWE(m 2/2)、指數參數Exponent(如:m)與增益參數Gain(如:g)。 In step S205, noise is removed from the ciphertext mantissa LWE(m 2 ) through functional bootstrapping of the artificial intelligence model and a table lookup function is performed to implement nonlinear function operations, thereby obtaining the ciphertext mantissa LWE(m) of the ciphertext result. 2/2 ). In some embodiments, the floating-point homomorphic encryption data structure of the ciphertext data includes the ciphertext mantissa LWE (m 2 /2), the exponent parameter Exponent (such as: m), and the gain parameter Gain (such as: g).

於步驟S206,對密文結果進行解密,藉以將密文尾數LWE(m 2/2)解密成尾數Mantissa(如:明文尾數為m 2/2)。於步驟S207,進行解碼,藉以將尾數Mantissa(如:明文尾數為m 2/2)除以增益參數(如:m)並乘以指數參數Exponent(如:g)以得出明文結果(m 2/2)*(m/g)。 In step S206, the ciphertext result is decrypted, thereby decrypting the ciphertext mantissa LWE (m 2 /2) into the mantissa Mantissa (for example: the plaintext mantissa is m 2 /2). In step S207, decoding is performed, whereby the mantissa Mantissa (for example: the plaintext mantissa is m 2 /2) is divided by the gain parameter (for example: m) and multiplied by the exponent parameter Exponent (for example: g) to obtain the plaintext result (m 2 /2)*(m/g).

第3圖是依照本發明一實施例之一種編碼與加密模組的流程圖。如第3圖所示,明文資料m 1包含帶小數的實數(如:200.2)。於步驟S201,將明文資料m 1(即,帶小數的實數)乘以增益參數Gain並除以指數參數Exponent以得出尾數Mantissa(如:明文尾數為20020)。於步驟S202,將尾數Mantissa加密成密文尾數ciphertext(20020),此密文尾數為整數,增益參數Gain仍為明文增益參數plaintext(100),指數參數Exponent仍為明文指數參數plaintext(1)。 Figure 3 is a flow chart of an encoding and encryption module according to an embodiment of the present invention. As shown in Figure 3, plaintext data m 1 contains real numbers with decimals (eg: 200.2). In step S201, the plaintext data m 1 (that is, a real number with decimals) is multiplied by the gain parameter Gain and divided by the exponent parameter Exponent to obtain the mantissa Mantissa (for example: the plaintext mantissa is 20020). In step S202, the mantissa Mantissa is encrypted into the ciphertext mantissa ciphertext(20020), the ciphertext mantissa is an integer, the gain parameter Gain is still the plaintext gain parameter plaintext(100), and the exponent parameter Exponent is still the plaintext exponent parameter plaintext(1).

第4圖是依照本發明一實施例之一種解密與解碼模組的流程圖。如第4圖所示,密文結果的浮點數同態加密資料結構包含密文尾數ciphertext(20020)、指數參數Exponent(如:明文指數參數plaintext(1))與增益參數Gain(如:明文增益參數plaintext(100))。於步驟S206,將密文尾數ciphertext(20020)解密成明文尾數(如:200.2)。於步驟S207,將尾數Mantissa(如:明文尾數為200.2)除以增益參數Gain(如:100)並乘以指數參數Exponent(如:1)以得出明文結果m 3(如:200.2)。 Figure 4 is a flow chart of a decryption and decoding module according to an embodiment of the present invention. As shown in Figure 4, the floating-point homomorphic encryption data structure of the ciphertext result includes the ciphertext mantissa ciphertext(20020), the exponent parameter Exponent (such as: plaintext exponent parameter plaintext(1)) and the gain parameter Gain (such as: plaintext gain parameter plaintext(100)). In step S206, the ciphertext mantissa ciphertext (20020) is decrypted into the plaintext mantissa (eg: 200.2). In step S207, the mantissa Mantissa (for example: the plaintext mantissa is 200.2) is divided by the gain parameter Gain (for example: 100) and multiplied by the exponent parameter Exponent (for example: 1) to obtain the plaintext result m 3 (for example: 200.2).

第5圖是依照本發明一實施例之一種密文-密文加法模組的流程圖。如第5圖所示,密文資料包含第一密文資料Ciphertext 3與第二密文資料Ciphertext 4,第一密文資料Ciphertext 3的浮點數同態加密資料結構包含尾數Mantissa(如:數值為20000的第一密文尾數)、指數參數Exponent與增益參數Gain,第二密文資料Ciphertext 4的浮點數同態加密資料結構包含尾數Mantissa(如:數值為10000的第二密文尾數)、指數參數Exponent(如:1)與增益參數Gain(如:100)。於步驟S501的加法運算,當第一密文資料Ciphertext 3的指數參數Exponent與第二密文資料Ciphertext 4的指數參數Exponent相同時,將第一密文資料Ciphertext 3的第一密文尾數(如:20000)與第二密文資料Ciphertext 4的第二密文尾數(如:10000)相加以得出第三密文資料的第三密文尾數(如:30000),第三密文資料的浮點數同態加密資料結構包含第三密文尾數(如:30000)、指數參數Exponent與增益參數Gain。 Figure 5 is a flow chart of a ciphertext-ciphertext addition module according to an embodiment of the present invention. As shown in Figure 5, the ciphertext data includes the first ciphertext data Ciphertext 3 and the second ciphertext data Ciphertext 4. The floating point number homomorphic encryption data structure of the first ciphertext data Ciphertext 3 contains the mantissa Mantissa (such as: numerical value The first ciphertext mantissa is 20000), the exponent parameter Exponent and the gain parameter Gain. The floating-point homomorphic encryption data structure of the second ciphertext data Ciphertext 4 contains the mantissa Mantissa (for example: the second ciphertext mantissa with a value of 10000) , exponential parameter Exponent (eg: 1) and gain parameter Gain (eg: 100). In the addition operation of step S501, when the exponent parameter Exponent of the first ciphertext data Ciphertext 3 is the same as the exponent parameter Exponent of the second ciphertext data Ciphertext 4 , the first ciphertext mantissa of the first ciphertext data Ciphertext 3 (such as : 20000) and the second ciphertext mantissa (such as: 10000) of the second ciphertext data Ciphertext 4 are added to obtain the third ciphertext mantissa (such as: 30000) of the third ciphertext data. The point homomorphic encryption data structure includes the third ciphertext mantissa (for example: 30000), the exponent parameter Exponent and the gain parameter Gain.

第6圖是依照本發明另一實施例之一種密文-密文加法模組的流程圖。如第6圖所示,密文資料包含第一密文資料Ciphertext 5與第二密文資料Ciphertext 6,第一密文資料Ciphertext 5的浮點數同態加密資料結構包含第一密文尾數Mantissa 1(如:2000)、第一指數參數Exponent 1(如:10)與增益參數Gain 1(如:100),第二密文資料Ciphertext 6的浮點數同態加密資料結構包含第二密文尾數Mantissa 2(如:20000)、第二指數參數Exponent 2(如:2)與增益參數Gain 2(如:100)。當第一指數參數Exponent 1與第二指數參數Exponent 2不同時,於步驟S601,使指數參數一致。在一些實施例中,將第一指數參數Exponent 1除以第二指數參數Exponent 2以得出乘數Multiplier;舉例而言,乘數Multiplier=round(Exponent 1/ Exponent 2),其中round()例如可為取整數的函式。接下來,將第一密文尾數Mantissa 1(如:2000)乘以乘數Multiplier以得出新的第一密文尾數Mantissa 1(如:10000),將第一密文資料的第二指數參數Exponent 2(如:10)替換為第一指數參數(如:2);舉例而言,第二指數參數Exponent 2(如:10)除以乘數Multiplier以得出第一指數參數(如:2)。 Figure 6 is a flow chart of a ciphertext-ciphertext addition module according to another embodiment of the present invention. As shown in Figure 6, the ciphertext data includes the first ciphertext data Ciphertext 5 and the second ciphertext data Ciphertext 6. The floating-point homomorphic encrypted data structure of the first ciphertext data Ciphertext 5 includes the first ciphertext mantissa Mantissa. 1 (for example: 2000), the first exponent parameter Exponent 1 (for example: 10) and the gain parameter Gain 1 (for example: 100), the floating point homomorphic encryption data structure of the second ciphertext data Ciphertext 6 contains the second ciphertext The mantissa Mantissa 2 (eg: 20000), the second exponential parameter Exponent 2 (eg: 2) and the gain parameter Gain 2 (eg: 100). When the first exponent parameter Exponent 1 and the second exponent parameter Exponent 2 are different, in step S601, the exponent parameters are made consistent. In some embodiments, the first exponent parameter Exponent 1 is divided by the second exponent parameter Exponent 2 to obtain the multiplier Multiplier; for example, the multiplier Multiplier=round(Exponent 1 / Exponent 2 ), where round() such as Can be a function taking an integer. Next, multiply the first ciphertext mantissa Mantissa 1 (for example: 2000) by the multiplier Multiplier to obtain the new first ciphertext mantissa Mantissa 1 (for example: 10000), and change the second exponent parameter of the first ciphertext data Exponent 2 (e.g.: 10) is replaced by the first exponent parameter (e.g.: 2); for example, the second exponent parameter Exponent 2 (e.g.: 10) is divided by the multiplier Multiplier to get the first exponent parameter (e.g.: 2 ).

於步驟S602的加法運算,將第一密文資料Ciphertext 5的新的第一密文尾數Mantissa 1(如:10000)與第二密文資料Ciphertext 6的第二密文尾數Mantissa 2(如:20000)相加以得出第三密文資料的尾數Mantissa(如:數值為30000的第三密文尾數),第三密文資料的浮點數同態加密資料結構包含第三密文尾數(如:30000)、指數參數Exponent(如:2)與增益參數Gain(如:100)。 In the addition operation in step S602, the new first ciphertext mantissa Mantissa 1 (for example: 10000) of the first ciphertext data Ciphertext 5 and the second ciphertext mantissa Mantissa 2 (for example: 20000) of the second ciphertext data Ciphertext 6 ) are added to obtain the mantissa of the third ciphertext data (for example: the third ciphertext mantissa with a value of 30000). The floating-point homomorphic encrypted data structure of the third ciphertext data contains the third ciphertext mantissa (for example: 30000), exponential parameter Exponent (such as: 2) and gain parameter Gain (such as: 100).

第7圖是依照本發明一實施例之一種密文-明文乘法模組的流程圖。於步驟S701,將密文資料Ciphertext 1的指數參數Exponent(如:1)乘以乘數Multiplier(如:4)以得出密文資料的新的指數參數Exponent(如:4)。 Figure 7 is a flow chart of a ciphertext-plaintext multiplication module according to an embodiment of the present invention. In step S701, the exponent parameter Exponent (eg: 1) of the ciphertext data Ciphertext 1 is multiplied by the multiplier Multiplier (eg: 4) to obtain a new exponent parameter Exponent (eg: 4) of the ciphertext data.

於步驟S702,將密文資料Ciphertext 2的指數參數Exponent(如:1)乘以乘數Multiplier(如:0.2)以得出密文資料的新的指數參數Exponent(如:0.2),由於乘數Multiplier(如:0.2)為小於1的正數,因此步驟S702的乘法運算亦可選擇性地視為實質上的除法,但不以此為限。由於步驟S701、S702的乘法運算均無需對密文(如:數值為200的密文尾數)進行運算,從而大幅節省運算時間。 In step S702, the exponent parameter Exponent (eg: 1) of the ciphertext data Ciphertext 2 is multiplied by the multiplier Multiplier (eg: 0.2) to obtain a new exponent parameter Exponent (eg: 0.2) of the ciphertext data. Since the multiplier Multiplier (eg: 0.2) is a positive number less than 1, so the multiplication operation in step S702 can optionally be regarded as substantial division, but is not limited to this. Since the multiplication operations in steps S701 and S702 do not need to operate on the ciphertext (for example, the ciphertext mantissa with a value of 200), the calculation time is greatly saved.

第8圖是依照本發明一實施例之一種密文查表模組的流程圖。於步驟S801,資料維度相對較大的密文尾數Lwe (Qin,Pin)(m 1)通過金鑰及模式切換(key & Mod Switch)以得出資料維度相對較小的密文尾數Lwe (q1,p1)(m 1),其中q1、p1可為範圍相關參數,例如:q1可表示模數,p1可表示信息空間參數,但不以此為限。於步驟S802,透過人工智能模型的功能自舉對密文尾數Lwe (q1,p1)(m 1)去除雜訊並執行查表功能以實現非線性函數的運算,從而得出密文尾數Lwe (Qin,Pin)(m 2)。 Figure 8 is a flow chart of a ciphertext table lookup module according to an embodiment of the present invention. In step S801, the ciphertext mantissa Lwe (Qin,Pin) (m 1 ), which has a relatively large data dimension, is obtained by using the key and mode switch (key & Mod Switch) to obtain the ciphertext mantissa Lwe (q1) , which has a relatively small data dimension. ,p1) (m 1 ), where q1 and p1 can be range-related parameters, for example: q1 can represent the module, and p1 can represent the information space parameter, but it is not limited to this. In step S802, noise is removed from the ciphertext mantissa Lwe (q1,p1) (m 1 ) through function bootstrapping of the artificial intelligence model and a table lookup function is performed to implement the operation of the nonlinear function, thereby obtaining the ciphertext mantissa Lwe ( Qin, Pin) (m 2 ).

第9圖是依照本發明一實施例之一種神經元權重調整模組F(x)的流程圖。如第9圖所示,在人工智能模型的訓練完成以後,表中最大值Max除以最小值Min所得的倍數Multiple為683.9,由於倍數Multiple超過預設範圍(如:經驗值範圍),因此將人工智能模型的神經元中小於閥值Threshold的權重歸零,以助於去除雜訊。在一些實施例中,如第9圖所示,舉例而言,最大值Max除以8以得出閥值Threshold,藉由上述神經元權重調整模組F(x)進行權重調整後,最大值Max不變,最大值Max除以新的最小值Min所得的倍數Multiple為7.159,落於上述預設範圍。Figure 9 is a flow chart of a neuron weight adjustment module F(x) according to an embodiment of the present invention. As shown in Figure 9, after the training of the artificial intelligence model is completed, the multiple obtained by dividing the maximum value Max by the minimum value Min in the table is 683.9. Since the multiple Multiple exceeds the preset range (such as the experience value range), the multiple The weights in the neurons of the artificial intelligence model that are smaller than the threshold are reset to zero to help remove noise. In some embodiments, as shown in Figure 9, for example, the maximum value Max is divided by 8 to obtain the threshold value Threshold. After weight adjustment by the above-mentioned neuron weight adjustment module F(x), the maximum value Max remains unchanged, and the multiple obtained by dividing the maximum value Max by the new minimum value Min is 7.159, which falls within the above preset range.

關於閥值Threshold的決定方式,參照第10、11圖,在人工智能模型的訓練完成以後對人工智能模型逐層搜索適用於神經元的權重歸零的數值以做為閥值。Regarding the method of determining the threshold value, refer to Figures 10 and 11. After the training of the artificial intelligence model is completed, the artificial intelligence model is searched layer by layer for a value suitable for zeroing the weight of the neuron as the threshold.

第10圖是依照本發明一實施例之一種神經元權重調整閥值搜索模組的流程圖。如第10圖所示,於步驟S1001、S1002、S1003,由後面的全連接層FC3、FC2、FC1的往前面的卷積層Conv1,利用例如上述最大值Max除以預設範圍中的不同倍率所得的不同數值,逐層搜索最適用於神經元的權重歸零的倍率(如:8)所換算的數值(如:Max/8)以做為閥值,例如選擇讓人工智能模型的精確度最佳的閥值,但不以此為限。由於前面的層實務上可由經驗法則決定,且後面的層對精準度影響較大,因此第10圖之實施例由後往前搜索。Figure 10 is a flow chart of a neuron weight adjustment threshold search module according to an embodiment of the present invention. As shown in Figure 10, in steps S1001, S1002, and S1003, from the following fully connected layers FC3, FC2, and FC1 to the previous convolutional layer Conv1, for example, the above maximum value Max is divided by different magnifications in the preset range. Different values, search layer by layer for the most suitable value (such as: Max/8) converted from the multiplier of neuron weight zeroing (such as: 8) as the threshold, for example, choose to maximize the accuracy of the artificial intelligence model. The best threshold, but not limited to this. Since the previous layers can be determined by empirical rules in practice, and the later layers have a greater impact on accuracy, the embodiment in Figure 10 searches from back to front.

第11圖是依照本發明另一實施例之一種神經元權重調整閥值搜索模組的流程圖。相較於第10圖之實施例,如第11圖所示,於步驟S1101、S1102、S1103,由前面的卷積層Conv1的往後面的全連接層FC1、FC2、FC3,利用例如上述最大值Max除以預設範圍中的不同倍率所得的不同數值,逐層搜索最適用於神經元的權重歸零的的倍率所換算的數值以做為閥值,例如選擇讓人工智能模型的精確度最佳的閥值,但不以此為限。由於前面的層會影響後面的輸出,因此第11圖之實施例由前往後搜索。Figure 11 is a flow chart of a neuron weight adjustment threshold search module according to another embodiment of the present invention. Compared with the embodiment in Figure 10, as shown in Figure 11, in steps S1101, S1102, and S1103, from the previous convolutional layer Conv1 to the later fully connected layers FC1, FC2, and FC3, for example, the above-mentioned maximum value Max is used. Divide the different values obtained by different magnifications in the preset range, and search layer by layer for the value converted from the magnification that is most suitable for zeroing the weight of the neuron as a threshold, for example, choosing to optimize the accuracy of the artificial intelligence model. threshold, but not limited to this. Since the previous layers will affect the subsequent output, the embodiment in Figure 11 searches from front to back.

第12圖是依照本發明一實施例之一種密文查表模組中的功能自舉的流程圖。關於步驟S802的功能自舉,如第12圖所示,密文尾數Lwe (q,p)(m 1)透過使用有效更新金鑰1201的步驟S1201進行累加(Accumulator)(例如:類解碼的操作),以利於步驟S1202使用查找表1202查找對應的數值。於步驟S1202,調整人工智能模型中查找表1202的內容以及功能自舉中擷取(Extraction)的編碼器(Encoder)1203,以避免運算過程中的溢位,從而得出密文尾數Lwe (Q,P)(m 2)。在一些實施例中,舉例而言,編碼器1203對於密文尾數的倍率重新縮放(如:密文尾數除以2),以避免透過查找表1202運算後的資料超過範圍相關參數p、q所限定的範圍區間,但不以此為限。 Figure 12 is a flow chart of functional bootstrapping in a ciphertext table lookup module according to an embodiment of the present invention. Regarding the functional bootstrapping of step S802, as shown in Figure 12, the ciphertext mantissa Lwe (q,p) (m 1 ) is accumulated (Accumulator) through step S1201 using the effective update key 1201 (for example: a decoding-like operation ), to facilitate step S1202 to use the lookup table 1202 to search for the corresponding value. In step S1202, the content of the lookup table 1202 in the artificial intelligence model and the encoder (Encoder) 1203 extracted in the functional bootstrapping are adjusted to avoid overflow during the operation, thereby obtaining the ciphertext mantissa Lwe (Q ,P) (m 2 ). In some embodiments, for example, the encoder 1203 rescales the ciphertext mantissa (such as dividing the ciphertext mantissa by 2) to prevent the data calculated through the lookup table 1202 from exceeding the range of the relevant parameters p and q. A limited range, but not limited to this.

第13圖是依照本發明一實施例之一種密文查表模組中查找表1202與編碼器1203選擇範例的圖表。在第13圖中,縱座標對應密文尾數Lwe (Q,P)(m 2),橫座標對應密文尾數密文尾數Lwe (q,p)(m 1),第13圖表示不同縮放倍率下的縮放結果,且未在預定範圍區間內的數值可歸零。 Figure 13 is a diagram illustrating a selection example of the lookup table 1202 and the encoder 1203 in a ciphertext table lookup module according to an embodiment of the present invention. In Figure 13, the ordinate corresponds to the ciphertext mantissa Lwe (Q,P) (m 2 ), and the abscissa corresponds to the ciphertext mantissa Lwe (q,p) (m 1 ). Figure 13 shows different zoom ratios. The scaling results are below, and values that are not within the predetermined range can be reset to zero.

關於查找表1202與編碼器1203的調整方式,參照第14、15圖,第14圖是依照本發明一實施例之一種功能自舉參數自動調整模組的流程圖,第15圖是依照本發明另一實施例之一種功能自舉參數自動調整模組的流程圖。Regarding the adjustment method of the lookup table 1202 and the encoder 1203, refer to Figures 14 and 15. Figure 14 is a flow chart of a function bootstrap parameter automatic adjustment module according to an embodiment of the present invention. Figure 15 is a flow chart of a function bootstrap parameter automatic adjustment module according to an embodiment of the present invention. A flow chart of a function bootstrap parameter automatic adjustment module according to another embodiment.

如第14圖所示,於步驟S1401、S1402、S1403,由後面的全連接層FC3、FC2、FC1的往前面的卷積層Conv1,利用不同數值,逐層搜索最適用於查找表1202與編碼器1203的參數,例如選擇讓功能自舉無溢位且精確度最佳的縮放參數,但不以此為限。由於前面的層實務上可由經驗法則決定,且後面的層對精準度影響較大,因此第14圖之實施例由後往前搜索。As shown in Figure 14, in steps S1401, S1402, and S1403, from the fully connected layers FC3, FC2, and FC1 at the back to the convolutional layer Conv1 at the front, using different values, the layer-by-layer search is most suitable for the lookup table 1202 and the encoder. 1203 parameters, such as selecting scaling parameters that allow the function to bootstrap without overflow and have the best accuracy, but are not limited to this. Since the previous layers can be determined by empirical rules in practice, and the later layers have a greater impact on accuracy, the embodiment in Figure 14 searches from back to front.

另一方面,如第15圖所示,於步驟S1501、S1502、S1503,由前面的卷積層Conv1的往後面的全連接層FC1、FC2、FC3,利用不同數值,逐層搜索最適用於查找表1202與編碼器1203的參數,例如選擇讓功能自舉無溢位且精確度最佳的縮放參數,但不以此為限。由於前面的層會影響後面的輸出,因此第15圖之實施例由前往後搜索。On the other hand, as shown in Figure 15, in steps S1501, S1502, and S1503, from the previous convolutional layer Conv1 to the following fully connected layers FC1, FC2, and FC3, different values are used to search layer by layer for the most suitable lookup table. The parameters of 1202 and encoder 1203 are, for example, selecting scaling parameters that allow function bootstrapping without overflow and optimal accuracy, but are not limited to this. Since the previous layers will affect the subsequent output, the embodiment in Figure 15 searches from front to back.

第16圖是依照本發明一實施例之一種基於同態加密的隱私運算系統的方塊圖,同態加密的隱私運算系統可執行上述的基於同態加密的隱私運算方法。如第16圖所示,基於同態加密的隱私運算系統包含資料擁有者的電腦裝置1600以及模型擁有者的電腦裝置1610。Figure 16 is a block diagram of a homomorphic encryption-based privacy computing system according to an embodiment of the present invention. The homomorphic encryption-based privacy computing system can execute the above-mentioned privacy computing method based on homomorphic encryption. As shown in Figure 16, the private computing system based on homomorphic encryption includes a computer device 1600 of the data owner and a computer device 1610 of the model owner.

資料擁有者的電腦裝置1600包含儲存裝置1601、處理器1602以及傳輸裝置1605;模型擁有者的電腦裝置1610包含儲存裝置1611、處理器1612以及傳輸裝置1615。舉例而言,儲存裝置1601、1611可為硬碟、快閃儲存裝置或其他儲存媒介,處理器1602、1612可為中央處理器、控制器或其他電路,傳輸裝置1605、1615可為傳輸接口、傳輸線路、網路裝置、通訊裝置或其他傳輸媒介。The data owner's computer device 1600 includes a storage device 1601, a processor 1602, and a transmission device 1605; the model owner's computer device 1610 includes a storage device 1611, a processor 1612, and a transmission device 1615. For example, the storage devices 1601 and 1611 can be hard disks, flash storage devices or other storage media, the processors 1602 and 1612 can be central processing units, controllers or other circuits, and the transmission devices 1605 and 1615 can be transmission interfaces, Transmission lines, network devices, communication devices or other transmission media.

關於資料擁有者的電腦裝置1600的架構,儲存裝置1601電性連接處理器1602,處理器1602電性連接傳輸裝置1605;關於模型擁有者的電腦裝置1610的架構,儲存裝置1611電性連接處理器1612,處理器1612電性連接傳輸裝置1615。應瞭解到,於實施方式與申請專利範圍中,涉及『電性連接』之描述,其可泛指一元件透過其他元件而間接電氣耦合至另一元件,或是一元件無須透過其他元件而直接電連結至另一元件。Regarding the architecture of the computer device 1600 of the data owner, the storage device 1601 is electrically connected to the processor 1602, and the processor 1602 is electrically connected to the transmission device 1605; regarding the architecture of the computer device 1610 of the model owner, the storage device 1611 is electrically connected to the processor 1612. The processor 1612 is electrically connected to the transmission device 1615. It should be understood that in the embodiments and the scope of the patent application, the description of "electrical connection" can generally refer to one component being indirectly electrically coupled to another component through other components, or one component being directly electrically coupled to another component without going through other components. electrically connected to another component.

於使用時,儲存裝置1601儲存明文資料、編碼與加密模組、具有浮點數同態加密資料結構的密文資料、解密與解碼模組以及明文結果,處理器1602可執行編碼與加密模組以及解密與解碼模組。儲存裝置1611儲存人工智能模型、功能自舉參數自動調整模組、神經元權重調整模組、神經元權重調整閥值搜索模組、密文-密文加法模組、密文-明文乘法模組、密文查表模組以及具有浮點數同態加密資料結構的密文結果,處理器1612可執行人工智能模型、功能自舉參數自動調整模組、神經元權重調整模組、神經元權重調整閥值搜索模組、密文-密文加法模組、密文-明文乘法模組以及密文查表模組。傳輸裝置1605與傳輸裝置1615之間可進行資料傳輸。When in use, the storage device 1601 stores plaintext data, encoding and encryption modules, ciphertext data with a floating-point homomorphic encryption data structure, decryption and decoding modules, and plaintext results. The processor 1602 can execute the encoding and encryption modules. and decryption and decoding modules. The storage device 1611 stores the artificial intelligence model, function bootstrapping parameter automatic adjustment module, neuron weight adjustment module, neuron weight adjustment threshold search module, ciphertext-ciphertext addition module, ciphertext-plaintext multiplication module , a ciphertext table lookup module and a ciphertext result with a floating-point homomorphic encryption data structure. The processor 1612 can execute an artificial intelligence model, a function bootstrapping parameter automatic adjustment module, a neuron weight adjustment module, and a neuron weight Adjust the threshold search module, ciphertext-ciphertext addition module, ciphertext-plaintext multiplication module and ciphertext table lookup module. Data can be transmitted between the transmission device 1605 and the transmission device 1615.

綜上所述,本發明之技術方案與現有技術相比具有明顯的優點和有益效果。本發明的基於同態加密的隱私運算方法可以讓加密資料運行人工智能模型(如:神經網路模型)得到精準答案。有別於明文運算,本發明不會洩漏資料擁有者與模型擁有者的隱私。相較於機密計算,本發明無須特殊的硬體支援的可信任執行環境。相較於安全多方計算,本發明可以執行複雜的運算也無須模型擁有者與資料擁有者雙方大量的交互工作。相較於過去的同態加密方案,本發明提升同態加密在人工智能模型(如:神經網路)運算的效率與精準度。To sum up, the technical solution of the present invention has obvious advantages and beneficial effects compared with the existing technology. The privacy computing method based on homomorphic encryption of the present invention can allow the encrypted data to run an artificial intelligence model (such as a neural network model) to obtain accurate answers. Different from plaintext operations, this invention does not leak the privacy of data owners and model owners. Compared with confidential computing, the present invention does not require a trusted execution environment supported by special hardware. Compared with secure multi-party computation, the present invention can perform complex operations without requiring a large amount of interaction between the model owner and the data owner. Compared with past homomorphic encryption solutions, the present invention improves the efficiency and accuracy of homomorphic encryption in artificial intelligence model (such as neural network) operations.

雖然本發明已以實施方式揭露如上,然其並非用以限定本發明,任何熟習此技藝者,在不脫離本發明之精神和範圍內,當可作各種之更動與潤飾,因此本發明之保護範圍當視後附之申請專利範圍所界定者為準。Although the present invention has been disclosed in the above embodiments, it is not intended to limit the present invention. Anyone skilled in the art can make various modifications and modifications without departing from the spirit and scope of the present invention. Therefore, the protection of the present invention is The scope shall be determined by the appended patent application scope.

為讓本發明之上述和其他目的、特徵、優點與實施例能更明顯易懂,所附符號之說明如下: 1201:有效更新金鑰 1202:查找表 1203:編碼器 1600:資料擁有者的電腦裝置 1610:模型擁有者的電腦裝置 1601、1611:儲存裝置 1602、1612:處理器 1605、1615:傳輸裝置 ciphertext(20020):密文尾數 Ciphertext 1、Ciphertext 2:密文資料 Ciphertext 3、Ciphertext 5:第一密文資料 Ciphertext 4、Ciphertext 6:第二密文資料 Conv1:卷積層 Exponent:指數參數 Exponent 1:第一指數參數 Exponent 2:第二指數參數 F(x):神經元權重調整模組 FC1、FC2、FC3:全連接層 Gain:增益參數 LWE(m 1*g):密文尾數 LWE(m 2):密文尾數 Lwe (Qin,Pin)(m 1):密文尾數 Lwe (q1,p1)(m 1):密文尾數 Lwe (Qin,Pin)(m 2):密文尾數 m 1:明文資料 (m 2/2)*(m/g):明文結果 m 3:明文結果 Mantissa:尾數 Mantissa 1:第一密文尾數 Mantissa 2:第二密文尾數 Max:最大值 Min:最小值 Multiple:倍數 Multiplier:乘數 q、p、q1、p1:範圍相關參數 plaintext(100):明文增益參數 plaintext(1):明文指數參數 S101~S105、S111~S114:步驟 S201~S207:步驟 S501:步驟 S601、S602:步驟 S701、S702:步驟 S801、S802:步驟 S1001、S1002、S1003:步驟 S1101、S1102、S1103:步驟 S1201、S1202:步驟 S1401、S1402、S1403:步驟 S1501、S1502、S1503:步驟 Threshold:閥值 In order to make the above and other objects, features, advantages and embodiments of the present invention more obvious and easy to understand, the description of the attached symbols is as follows: 1201: Valid update key 1202: Lookup table 1203: Encoder 1600: Data owner's computer Device 1610: model owner's computer device 1601, 1611: storage device 1602, 1612: processor 1605, 1615: transmission device ciphertext(20020): ciphertext mantissa Ciphertext 1 , Ciphertext 2 : ciphertext data Ciphertext 3 , Ciphertext 5 : First ciphertext data Ciphertext 4 , Ciphertext 6 : Second ciphertext data Conv1: Convolution layer Exponent: Exponent parameter Exponent 1 : First exponent parameter Exponent 2 : Second exponent parameter F(x): Neuron weight adjustment module FC1 , FC2, FC3: Fully connected layer Gain: gain parameter LWE (m 1 *g): ciphertext mantissa LWE (m 2 ): ciphertext mantissa Lwe (Qin,Pin) (m 1 ): ciphertext mantissa Lwe (q1, p1) (m 1 ): ciphertext mantissa Lwe (Qin,Pin) (m 2 ): ciphertext mantissa m 1 : plaintext data (m 2 /2)*(m/g): plaintext result m 3 : plaintext result Mantissa :Mantissa Mantissa 1 :Mantissa of the first ciphertext Mantissa 2 :Mantissa of the second ciphertext Max: Maximum value Min: Minimum value Multiple: Multiple Multiplier: Multiplier q, p, q1, p1: Range related parameters plaintext(100): Plaintext Gain parameter plaintext(1): plaintext index parameters S101~S105, S111~S114: steps S201~S207: step S501: step S601, S602: step S701, S702: step S801, S802: step S1001, S1002, S1003: step S1101 , S1102, S1103: Step S1201, S1202: Step S1401, S1402, S1403: Step S1501, S1502, S1503: Step Threshold: Threshold

為讓本發明之上述和其他目的、特徵、優點與實施例能更明顯易懂,所附圖式之說明如下: 第1圖是依照本發明一實施例之一種基於同態加密的隱私運算方法的流程圖; 第2圖是依照本發明另一實施例之一種基於同態加密的隱私運算方法的方塊圖; 第3圖是依照本發明一實施例之一種編碼與加密模組的流程圖; 第4圖是依照本發明一實施例之一種解密與解碼模組的流程圖; 第5圖是依照本發明一實施例之一種密文-密文加法模組的流程圖; 第6圖是依照本發明另一實施例之一種密文-密文加法模組的流程圖; 第7圖是依照本發明一實施例之一種密文-明文乘法模組的流程圖; 第8圖是依照本發明一實施例之一種密文查表模組的流程圖; 第9圖是依照本發明一實施例之一種神經元權重調整模組的流程圖; 第10圖是依照本發明一實施例之一種神經元權重調整閥值搜索模組的流程圖; 第11圖是依照本發明另一實施例之一種神經元權重調整閥值搜索模組的流程圖; 第12圖是依照本發明一實施例之一種密文查表模組中的功能自舉(Functional Bootstrapping)的流程圖; 第13圖是依照本發明一實施例之一種密文查表模組中查找表與編碼器選擇範例的圖表; 第14圖是依照本發明一實施例之一種功能自舉參數自動調整模組的流程圖; 第15圖是依照本發明另一實施例之一種功能自舉參數自動調整模組的流程圖;以及 第16圖是依照本發明一實施例之一種基於同態加密的隱私運算系統的方塊圖。 In order to make the above and other objects, features, advantages and embodiments of the present invention more apparent and understandable, the accompanying drawings are described as follows: Figure 1 is a flow chart of a privacy computing method based on homomorphic encryption according to an embodiment of the present invention; Figure 2 is a block diagram of a privacy computing method based on homomorphic encryption according to another embodiment of the present invention; Figure 3 is a flow chart of an encoding and encryption module according to an embodiment of the present invention; Figure 4 is a flow chart of a decryption and decoding module according to an embodiment of the present invention; Figure 5 is a flow chart of a ciphertext-ciphertext addition module according to an embodiment of the present invention; Figure 6 is a flow chart of a ciphertext-ciphertext addition module according to another embodiment of the present invention; Figure 7 is a flow chart of a ciphertext-plaintext multiplication module according to an embodiment of the present invention; Figure 8 is a flow chart of a ciphertext table lookup module according to an embodiment of the present invention; Figure 9 is a flow chart of a neuron weight adjustment module according to an embodiment of the present invention; Figure 10 is a flow chart of a neuron weight adjustment threshold search module according to an embodiment of the present invention; Figure 11 is a flow chart of a neuron weight adjustment threshold search module according to another embodiment of the present invention; Figure 12 is a flow chart of functional bootstrapping in a ciphertext table lookup module according to an embodiment of the present invention; Figure 13 is a diagram illustrating an example of lookup table and encoder selection in a ciphertext table lookup module according to an embodiment of the present invention; Figure 14 is a flow chart of a function bootstrap parameter automatic adjustment module according to an embodiment of the present invention; Figure 15 is a flow chart of a function bootstrap parameter automatic adjustment module according to another embodiment of the present invention; and Figure 16 is a block diagram of a privacy computing system based on homomorphic encryption according to an embodiment of the present invention.

S101~S105、S111~S114:步驟 S101~S105, S111~S114: steps

Claims (9)

一種基於同態加密的隱私運算方法,包含以下步驟:將一明文資料編碼及加密成一密文資料,該密文資料具有一浮點數同態加密資料結構,該密文資料的該浮點數同態加密資料結構包含一密文尾數、一指數參數與一增益參數,該增益參數設定該密文尾數對應的浮點數的精度,該指數參數適用於乘法或除法;將該密文資料傳送給一人工智能模型,使該人工智能模型對該密文資料進行運算以回傳一密文結果;將該密文結果解碼及解密成一明文結果;在該人工智能模型的訓練完成以後,對該人工智能模型逐層搜索適用於神經元的權重歸零的數值以做為一閥值;以及將該人工智能模型的該神經元中小於該閥值的該權重歸零。 A privacy computing method based on homomorphic encryption, including the following steps: encoding and encrypting a plaintext data into a ciphertext data, the ciphertext data has a floating point number homomorphic encryption data structure, the floating point number of the ciphertext data The homomorphic encryption data structure includes a ciphertext mantissa, an exponent parameter and a gain parameter. The gain parameter sets the precision of the floating point number corresponding to the ciphertext mantissa. The exponent parameter is suitable for multiplication or division; the ciphertext data is transmitted Give an artificial intelligence model, and enable the artificial intelligence model to perform operations on the ciphertext data to return a ciphertext result; decode and decrypt the ciphertext result into a plaintext result; after the training of the artificial intelligence model is completed, the The artificial intelligence model searches layer by layer for a value suitable for zeroing the weight of the neuron as a threshold; and zeroes the weight of the neuron of the artificial intelligence model that is smaller than the threshold. 如請求項1所述之基於同態加密的隱私運算方法,其中該明文資料包含帶小數的實數,將該明文資料編碼及加密成該密文資料的步驟包含:將該帶小數的實數乘以該增益參數並除以該指數參數以得出一明文尾數;以及將該明文尾數加密成該密文尾數,該密文尾數為整 數。 The privacy computing method based on homomorphic encryption as described in request item 1, wherein the plaintext data contains real numbers with decimals, and the step of encoding and encrypting the plaintext data into the ciphertext data includes: multiplying the real numbers with decimals by The gain parameter is divided by the exponent parameter to obtain a plaintext mantissa; and the plaintext mantissa is encrypted into the ciphertext mantissa, the ciphertext mantissa is an integer Count. 如請求項1所述之基於同態加密的隱私運算方法,其中該密文結果具有一浮點數同態加密資料結構,該密文結果的該浮點數同態加密資料結構包含另一密文尾數、另一指數參數與另一增益參數,將該密文結果解碼及解密成該明文結果的步驟包含:將該另一密文尾數解密成一明文尾數;以及將該明文尾數除以該另一增益參數並乘以該另一指數參數以得出該明文結果。 The privacy operation method based on homomorphic encryption as described in claim 1, wherein the ciphertext result has a floating-point homomorphically encrypted data structure, and the floating-point homomorphically encrypted data structure of the ciphertext result contains another ciphertext The mantissa, another exponent parameter and another gain parameter, the steps of decoding and decrypting the ciphertext result into the plaintext result include: decrypting the other ciphertext mantissa into a plaintext mantissa; and dividing the plaintext mantissa by the other A gain parameter and multiplied by the other exponential parameter to obtain the plaintext result. 一種基於同態加密的隱私運算方法,包含以下步驟:接收一密文資料,該密文資料具有一浮點數同態加密資料結構,該密文資料的該浮點數同態加密資料結構包含一密文尾數、一指數參數與一增益參數,該增益參數設定該密文尾數對應的浮點數的精度,該指數參數適用於乘法或除法;透過一人工智能模型對該密文資料進行運算以回傳一密文結果;在該人工智能模型的訓練完成以後,對該人工智能模型逐層搜索適用於神經元的權重歸零的數值以做為一閥值;以及將該人工智能模型的該神經元中小於該閥值的該權重 歸零。 A privacy computing method based on homomorphic encryption, including the following steps: receiving a ciphertext data, the ciphertext data has a floating point homomorphic encryption data structure, the floating point number homomorphic encryption data structure of the ciphertext data includes A ciphertext mantissa, an exponent parameter and a gain parameter. The gain parameter sets the precision of the floating point number corresponding to the ciphertext mantissa. The exponent parameter is suitable for multiplication or division; the ciphertext data is operated through an artificial intelligence model. to return a ciphertext result; after the training of the artificial intelligence model is completed, the artificial intelligence model is searched layer by layer for a value suitable for zeroing the weight of the neuron as a threshold; and the artificial intelligence model is The weight in this neuron is less than the threshold Return to zero. 如請求項4所述之基於同態加密的隱私運算方法,其中該密文資料包含一第一密文資料與一第二密文資料,該第一密文資料的一浮點數同態加密資料結構包含一第一密文尾數、該指數參數與該增益參數,該第二密文資料的一浮點數同態加密資料結構包含一第二密文尾數、該指數參數與該增益參數,該人工智能模型對該密文資料所進行的該運算包含一加法運算,該加法運算包含:當該第一密文資料的該指數參數與該第二密文資料的該指數參數相同時,將該第一密文資料的該第一密文尾數與該第二密文資料的該第二密文尾數相加以得出一第三密文資料的一第三密文尾數,該第三密文資料的一浮點數同態加密資料結構包含該第三密文尾數、該指數參數與該增益參數。 The privacy computing method based on homomorphic encryption as described in claim 4, wherein the ciphertext data includes a first ciphertext data and a second ciphertext data, and a floating-point homomorphic encryption of the first ciphertext data The data structure includes a first ciphertext mantissa, the exponent parameter and the gain parameter, and a floating-point homomorphically encrypted data structure of the second ciphertext data includes a second ciphertext mantissa, the exponent parameter and the gain parameter, The operation performed by the artificial intelligence model on the ciphertext data includes an addition operation, and the addition operation includes: when the exponent parameter of the first ciphertext data is the same as the exponent parameter of the second ciphertext data, The first ciphertext mantissa of the first ciphertext data and the second ciphertext mantissa of the second ciphertext data are added to obtain a third ciphertext mantissa of the third ciphertext data, the third ciphertext A floating-point homomorphically encrypted data structure of the data includes the third ciphertext mantissa, the exponent parameter and the gain parameter. 如請求項4所述之基於同態加密的隱私運算方法,其中該密文資料包含一第一密文資料與一第二密文資料,該第一密文資料的一浮點數同態加密資料結構包含一第一密文尾數、一第一指數參數與該增益參數,該第二密文資料的一浮點數同態加密資料結構包含一第二密文尾數、一第二指數參數與該增益參數,該人工智能模型對該密文資料所進行的該運算包含一加法運算,該加法運算包含: 當該第一指數參數與該第二指數參數不同時,將該第一指數參數除以該第二指數參數以得出一乘數,將該第一密文尾數乘以該乘數以得出一新的第一密文尾數,將該第一密文資料的該第二指數參數替換為該第一指數參數;以及將該第一密文資料的該新的第一密文尾數與該第二密文資料的該第二密文尾數相加以得出一第三密文資料的一第三密文尾數,該第三密文資料的一浮點數同態加密資料結構包含該第三密文尾數、該第一指數參數與該增益參數。 The privacy computing method based on homomorphic encryption as described in claim 4, wherein the ciphertext data includes a first ciphertext data and a second ciphertext data, and a floating-point homomorphic encryption of the first ciphertext data The data structure includes a first ciphertext mantissa, a first exponent parameter and the gain parameter, and a floating-point homomorphically encrypted data structure of the second ciphertext data includes a second ciphertext mantissa, a second exponent parameter and The gain parameter, the operation performed by the artificial intelligence model on the ciphertext data includes an addition operation, and the addition operation includes: When the first exponent parameter is different from the second exponent parameter, the first exponent parameter is divided by the second exponent parameter to obtain a multiplier, and the first ciphertext mantissa is multiplied by the multiplier to obtain A new first ciphertext mantissa, replace the second exponent parameter of the first ciphertext data with the first exponent parameter; and replace the new first ciphertext mantissa of the first ciphertext data with the first ciphertext mantissa. The second ciphertext mantissas of the two ciphertext data are added to obtain a third ciphertext mantissa of the third ciphertext data, and a floating-point homomorphically encrypted data structure of the third ciphertext data contains the third ciphertext data. The suffix, the first index parameter and the gain parameter. 如請求項4所述之基於同態加密的隱私運算方法,其中該人工智能模型對該密文資料所進行的該運算包含一乘法運算,該乘法運算包含:將該密文資料的該指數參數乘以一乘數以得出該密文資料的一新的指數參數。 The privacy operation method based on homomorphic encryption as described in claim 4, wherein the operation performed by the artificial intelligence model on the ciphertext data includes a multiplication operation, and the multiplication operation includes: converting the exponent parameter of the ciphertext data Multiply by a multiplier to obtain a new exponential parameter of the ciphertext data. 如請求項4所述之基於同態加密的隱私運算方法,其中該人工智能模型對該密文資料所進行的該運算包含:透過該人工智能模型的功能自舉(Functional Bootstrapping)對該密文尾數去除雜訊並執行查表功能以實現非線性函數的運算。 The privacy operation method based on homomorphic encryption as described in request 4, wherein the operation performed by the artificial intelligence model on the ciphertext data includes: using functional bootstrapping of the artificial intelligence model on the ciphertext The mantissa removes noise and performs table lookup functions to implement nonlinear function operations. 如請求項4所述之基於同態加密的隱私運算方法,更包含:在該人工智能模型的訓練完成以後,調整該人工智能模型中查找表的內容以及功能自舉中擷取(Extraction)的編碼器(Encoder),以避免運算過程中的溢位。 The privacy computing method based on homomorphic encryption as described in request item 4 further includes: after the training of the artificial intelligence model is completed, adjusting the content of the lookup table in the artificial intelligence model and the extraction (Extraction) of the function bootstrapping Encoder to avoid overflow during operation.
TW111143838A 2022-11-16 2022-11-16 Privacy computing method based on homomorphic encryption TWI814642B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW111143838A TWI814642B (en) 2022-11-16 2022-11-16 Privacy computing method based on homomorphic encryption

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW111143838A TWI814642B (en) 2022-11-16 2022-11-16 Privacy computing method based on homomorphic encryption

Publications (2)

Publication Number Publication Date
TWI814642B true TWI814642B (en) 2023-09-01
TW202422392A TW202422392A (en) 2024-06-01

Family

ID=88965903

Family Applications (1)

Application Number Title Priority Date Filing Date
TW111143838A TWI814642B (en) 2022-11-16 2022-11-16 Privacy computing method based on homomorphic encryption

Country Status (1)

Country Link
TW (1) TWI814642B (en)

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
期刊 Kluczniak, Kamil, and Leonard Schild. "Fdfb: Full domain functional bootstrapping towards practical fully homomorphic encryption." arXiv preprint arXiv:2109.02731 (2021) arXiv 2021 pages 1-20

Also Published As

Publication number Publication date
TW202422392A (en) 2024-06-01

Similar Documents

Publication Publication Date Title
CN113557512B (en) Secure multi-party arrival frequency and frequency estimation
US20230087864A1 (en) Secure multi-party computation method and apparatus, device, and storage medium
Rentería-Mejía et al. High-throughput ring-LWE cryptoprocessors
EP2965462A1 (en) Privacy-preserving ridge regression using partially homomorphic encryption and masks
CN114696990B (en) Multi-party computing method, system and related equipment based on fully homomorphic encryption
CN109327304A (en) The lightweight homomorphic cryptography method of secret protection is realized in a kind of cloud computing
CN115982424B (en) Privacy keyword query method and device and electronic equipment
CN115905710A (en) System, method and device for inquiring hiding trace, electronic equipment and storage medium
CN108923907A (en) A kind of homomorphism Inner product method based on the fault-tolerant problem concerning study of mould
Zheng et al. Towards secure and practical machine learning via secret sharing and random permutation
Agrawal et al. Open-source FPGA implementation of post-quantum cryptographic hardware primitives
Moon et al. An Efficient Encrypted Floating‐Point Representation Using HEAAN and TFHE
TWI814642B (en) Privacy computing method based on homomorphic encryption
Feng et al. Efficient and verifiable outsourcing scheme of sequence comparisons
Jiang et al. Privacy-Preserving Distributed Machine Learning Made Faster
Bai et al. Privacy‐Preserving Oriented Floating‐Point Number Fully Homomorphic Encryption Scheme
US11343070B2 (en) System and method for performing a fully homomorphic encryption on a plain text
Dong et al. Privacy-preserving locally weighted linear regression over encrypted millions of data
Zhao et al. Secure data set operation protocols for outsourced cloud data to protect user privacy in smart city
CN118041505A (en) Privacy operation method based on homomorphic encryption
Yu et al. Privacy‐Preserving Outsourced Logistic Regression on Encrypted Data from Homomorphic Encryption
CN108075889B (en) Data transmission method and system for reducing complexity of encryption and decryption operation time
Wang et al. EPSLP: Efficient and privacy-preserving single-layer perceptron learning in cloud computing
CN117009723B (en) Multiparty computing method, device, equipment and storage medium
Chiang Privacy-Preserving Logistic Regression Training on Large Datasets