WO2020258727A1 - Data encryption method, apparatus and device, and medium - Google Patents
Data encryption method, apparatus and device, and medium Download PDFInfo
- Publication number
- WO2020258727A1 WO2020258727A1 PCT/CN2019/122826 CN2019122826W WO2020258727A1 WO 2020258727 A1 WO2020258727 A1 WO 2020258727A1 CN 2019122826 W CN2019122826 W CN 2019122826W WO 2020258727 A1 WO2020258727 A1 WO 2020258727A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- ciphertext data
- data set
- confusion
- ciphertext
- obfuscation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Ceased
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
Definitions
- This application relates to the field of data encryption technology, and in particular to a data encryption method, device, equipment and medium.
- the embodiments of the present application provide a data encryption method, device, equipment, and medium to reduce the risk of cracking ciphertext data, reduce processing resources consumed when processing large amounts of data, and improve data processing efficiency.
- the technical solutions provided by the embodiments of this application are as follows:
- an embodiment of the present application provides a data encryption method, including:
- the ciphertext data set is obfuscated to obtain the confused ciphertext data set of the ciphertext data set.
- determining the obfuscation quantity of the ciphertext data set according to the setting method includes:
- the product of the setting coefficient and the number of ciphertext data in the ciphertext data set is determined as the confusion quantity corresponding to the ciphertext data set, where the setting coefficient is a value greater than 0 and less than 1.
- determining the obfuscation quantity of the ciphertext data set according to the setting method includes:
- the product of the random number and the number of ciphertext data in the ciphertext data set is determined as the confusion quantity corresponding to the ciphertext data set.
- the ciphertext data set is obfuscated based on each obfuscation parameter to obtain the obfuscated ciphertext data set of the ciphertext data set, including:
- the obfuscated ciphertext data set of the ciphertext data set is generated.
- encrypting the data set to obtain the ciphertext data set of the data set includes:
- the homomorphic encryption algorithm is used to encrypt the data set to obtain the ciphertext data set of the data set.
- the data set is a multi-dimensional matrix containing various model parameters to be encrypted.
- the homomorphic encryption algorithm includes Paillier algorithm, RSA algorithm, and Gentry algorithm.
- the method further includes:
- an embodiment of the present application provides a data encryption device, including:
- the data acquisition unit is used to acquire the data set to be encrypted
- the data encryption unit is used to encrypt the data set to obtain the ciphertext data set of the data set;
- the obfuscation generating unit is used to determine the obfuscation quantity of the ciphertext data set according to the setting method, and generate obfuscation parameters according to the obfuscation quantity, where the obfuscation quantity is less than the quantity of ciphertext data in the ciphertext data set;
- the obfuscation processing unit is used to perform obfuscation processing on the ciphertext data set based on each obfuscation parameter to obtain the obfuscated ciphertext data set of the ciphertext data set.
- the obfuscation generating unit when determining the obfuscation quantity of the ciphertext data set according to the setting method, is specifically configured to:
- the product of the setting coefficient and the number of ciphertext data in the ciphertext data set is determined as the confusion quantity corresponding to the ciphertext data set, where the setting coefficient is a value greater than 0 and less than 1.
- the obfuscation generating unit when determining the obfuscation quantity of the ciphertext data set according to the setting method, is specifically configured to:
- the product of the random number and the number of ciphertext data in the ciphertext data set is determined as the confusion quantity corresponding to the ciphertext data set.
- the obfuscation processing unit when obfuscating the ciphertext data set based on each obfuscation parameter to obtain the obfuscated ciphertext data set of the ciphertext data set, is specifically configured to:
- the obfuscated ciphertext data set of the ciphertext data set is generated.
- the data encryption unit is specifically configured to use a homomorphic encryption algorithm to encrypt the data set to obtain the ciphertext data set of the data set.
- the data set is a multi-dimensional matrix containing various model parameters to be encrypted.
- the homomorphic encryption algorithm includes Paillier algorithm, RSA algorithm, and Gentry algorithm.
- the device further includes a storage unit
- the storage unit is used to store the obtained obfuscated ciphertext data set.
- an embodiment of the present application also provides a data encryption device, including: a memory, a processor, and a computer program stored in the memory and running on the processor.
- the processor executes the computer program to implement the embodiment of the present application.
- an embodiment of the present application also provides a computer-readable storage medium, where the computer-readable storage medium stores computer instructions, and the computer instructions are executed by a processor to implement the data encryption method provided in the embodiments of the present application.
- FIG. 1 is a schematic flowchart of a data encryption method in an embodiment of the application
- FIG. 2 is a schematic diagram of a specific flow of a data encryption method in an embodiment of the application
- FIG. 3 is a schematic diagram of the functional structure of the data encryption device in an embodiment of the application.
- Figure 4 is a schematic diagram of the hardware structure of a data encryption device in an embodiment of the application.
- Encryption is a data processing technology that uses a special algorithm to change the original data so that even if unauthorized users obtain encrypted data, they still cannot obtain the original data because they do not know the decryption method.
- the encryption in this application can be but not limited to: homomorphic encryption.
- homomorphic encryption is an encryption method that supports arithmetic operations on ciphertext data. According to the different arithmetic operations supported, homomorphic encryption is divided into the following three types:
- Addition homomorphic encryption is the homomorphic encryption that supports addition and subtraction operations.
- Paillier algorithm is homomorphic for addition and subtraction operations;
- Multiplication homomorphic encryption is the homomorphic encryption that supports multiplication and division operations.
- the RSA algorithm is homomorphic for multiplication and division operations;
- the data set to be encrypted is a set of various data to be encrypted, for example, a multi-dimensional matrix containing a large number of model parameters to be encrypted.
- Obfuscation parameters are parameters used to obfuscate ciphertext data, such as random numbers.
- the ciphertext data Generate an obfuscation parameter, and perform obfuscation processing on the ciphertext data based on the obfuscation parameter, thereby obtaining the obfuscated ciphertext data of the ciphertext data, and then, according to the obfuscated ciphertext data of each ciphertext data in the ciphertext data set Text data, the obfuscated ciphertext data set of the ciphertext data set can be obtained.
- this obfuscation method can reduce the risk of cracking the ciphertext data set and improve the security of the ciphertext data set, when generating obfuscation parameters, it is necessary to generate a confusion for each ciphertext data in the ciphertext data set.
- Parameters, causing confusion The generation of parameters requires more calculation time and more processing resources than pure encryption, thereby reducing data processing efficiency and consuming a lot of processing resources. For example, in the application scenario of deep learning, the training process of the deep learning model may require 1 second of processing time.
- the data set after obtaining the data set to be encrypted, the data set is encrypted to obtain the ciphertext of the data set Data collection; Determine the amount of confusion in the ciphertext data set according to the setting method, and generate confusion parameters according to the amount of confusion, where the amount of confusion is less than the number of ciphertext data in the ciphertext data set; based on each confusion parameter, The ciphertext data set is obfuscated to obtain the confused ciphertext data set of the ciphertext data set.
- the embodiments of the present application provide a data encryption method, which can be applied to any device that needs to encrypt a large amount of data, such as computers, cloud servers and other devices.
- a data encryption method which can be applied to any device that needs to encrypt a large amount of data, such as computers, cloud servers and other devices.
- FIG. 1 the flow of the data encryption method provided by the embodiment of the present application is as follows:
- Step 101 Obtain a data set to be encrypted, and encrypt the data set to obtain a ciphertext data set of the data set.
- an encryption algorithm can be selected from among encryption algorithms such as Paillier algorithm, RSA algorithm, and Gentry algorithm to encrypt the data set according to actual requirements and device performance, thereby obtaining the ciphertext data set of the data set.
- encryption algorithms such as Paillier algorithm, RSA algorithm, and Gentry algorithm to encrypt the data set according to actual requirements and device performance, thereby obtaining the ciphertext data set of the data set.
- Step 102 Determine the confusion quantity of the ciphertext data set according to the setting method, and generate confusion parameters according to the confusion quantity, wherein the confusion quantity is less than the quantity of ciphertext data in the ciphertext data set.
- the following methods can be used but not limited to:
- the first method Obtain the number of ciphertext data in the ciphertext data set, and determine the product of the setting coefficient and the number of ciphertext data in the ciphertext data set as the confusion quantity corresponding to the ciphertext data set, where The coefficient is less than 1.
- N is the amount of confusion
- ⁇ is the setting coefficient
- n is the number of ciphertext data
- the second method Get the number of ciphertext data in the ciphertext data set, and generate a random number within the set range, and determine the product of the random number and the number of ciphertext data in the ciphertext data set as the ciphertext data The confusion amount corresponding to the set, where the setting range is (0, 1).
- the number of ciphertext data in the ciphertext data set is 10, and the random number generated according to the set range (0,1) is 0.6
- the number of ciphertext data in the ciphertext data set can be 10 and the random number
- the product 6 of 0.6 is determined as the amount of confusion corresponding to the ciphertext data set.
- the confusion parameter can be generated according to the confusion quantity. For example: assuming that the number of confusions in the ciphertext data set is 6, then 6 confusion parameters can be generated.
- Step 103 Perform obfuscation processing on the ciphertext data set based on each obfuscation parameter to obtain the obfuscated ciphertext data set of the ciphertext data set.
- the ciphertext data For each ciphertext data in the ciphertext data set, randomly select a confusion parameter from each confusion parameter as the confusion parameter of the ciphertext data, and based on the confusion parameter of the ciphertext data, the ciphertext data Perform obfuscation processing to obtain obfuscated ciphertext data of the ciphertext data.
- the obfuscated ciphertext data set of the ciphertext data set is generated.
- the number of ciphertext data in the ciphertext data set is 10 and the number of confusion parameters is 6, for the 10 ciphertext data, one confusion parameter can be randomly selected from the 6 confusion parameters.
- Obfuscation parameters of the ciphertext data the respective obfuscation parameters of the 10 ciphertext data are obtained, and based on the respective obfuscation parameters of the 10 ciphertext data, the 10 ciphertext data are respectively obfuscated to obtain the 10 ciphertext data
- the respective obfuscated ciphertext data of the data, and further, the obfuscated ciphertext data set of the ciphertext data set can be obtained according to the respective obfuscated ciphertext data of the 10 ciphertext data.
- Step 201 Obtain the matrix M to be encrypted.
- Step 202 Use the homomorphic encryption algorithm F(M) to perform homomorphic encryption on the matrix M to obtain the homomorphic ciphertext matrix [[M]] of the matrix M.
- Step 203 Determine the number of homomorphic ciphertext parameters in the homomorphic ciphertext matrix [[M]] as 100, and set the number of homomorphic ciphertext parameters in the homomorphic ciphertext matrix [[M]] to 100 and the set coefficient
- the product 60 of 0.6 is determined as the confusion amount of the homomorphic ciphertext matrix [[M]].
- Step 204 According to the confusion number 60 of the homomorphic ciphertext matrix [[M]], 60 confusion parameters are generated.
- Step 205 Regarding the 100 homomorphic ciphertext parameters in the homomorphic ciphertext matrix [[M]], a confusion parameter is randomly selected from the 60 confusion parameters as the confusion parameter of the homomorphic ciphertext parameter to obtain the Obfuscation parameters for each of the 100 homomorphic ciphertext parameters.
- Step 206 Based on the respective obfuscation parameters of the 100 homomorphic ciphertext parameters, perform obfuscation processing on the 100 homomorphic ciphertext parameters respectively to obtain the respective obfuscated homomorphic ciphertext parameters of the 100 homomorphic ciphertext parameters.
- Step 207 Obtain the confused homomorphic ciphertext matrix [[M]]' of the homomorphic ciphertext matrix [[M]] according to the respective confused homomorphic ciphertext parameters of the 100 homomorphic ciphertext parameters.
- an embodiment of the present application provides a data encryption device.
- the data encryption device 300 provided by the embodiment of the present application at least includes:
- the data obtaining unit 301 is configured to obtain a data set to be encrypted
- the data encryption unit 302 is configured to encrypt the data set to obtain the ciphertext data set of the data set;
- the obfuscation generating unit 303 is used to determine the obfuscation quantity of the ciphertext data set according to the setting method, and generate obfuscation parameters according to the obfuscation quantity, where the obfuscation quantity is less than the quantity of ciphertext data in the ciphertext data set;
- the obfuscation processing unit 304 is configured to perform obfuscation processing on the ciphertext data set based on each obfuscation parameter to obtain the obfuscated ciphertext data set of the ciphertext data set.
- the confusion generating unit 303 when determining the amount of confusion in the ciphertext data set according to the setting method, is specifically configured to:
- the product of the setting coefficient and the number of ciphertext data in the ciphertext data set is determined as the confusion quantity corresponding to the ciphertext data set, where the setting coefficient is a value greater than 0 and less than 1.
- the confusion generating unit 303 when determining the amount of confusion in the ciphertext data set according to the setting method, is specifically configured to:
- the product of the random number and the number of ciphertext data in the ciphertext data set is determined as the confusion quantity corresponding to the ciphertext data set.
- the obfuscation processing unit 304 is specifically configured to:
- the obfuscated ciphertext data set of the ciphertext data set is generated.
- the data encryption unit 302 is specifically configured to use a homomorphic encryption algorithm to encrypt the data set to obtain the ciphertext data set of the data set.
- the data set is a multi-dimensional matrix containing various model parameters to be encrypted.
- the homomorphic encryption algorithm includes Paillier algorithm, RSA algorithm, and Gentry algorithm.
- the device further includes a storage unit 305;
- the storage unit 305 is configured to store the obtained obfuscated ciphertext data set.
- the principle of solving the technical problems of the data encryption device 300 provided by the embodiment of the application is similar to the data encryption method provided by the embodiment of the application. Therefore, the implementation of the data encryption device 300 provided by the embodiment of the application can refer to this application. The implementation of the data encryption method provided in the embodiment will not be repeated here.
- the data encryption device 400 provided by the embodiment of the present application at least includes: a processor 41, a memory 42, and a computer program stored on the memory 42 and running on the processor 41.
- the processor 41 executes the computer program Implement the data encryption method provided in the embodiment of this application.
- data encryption device 400 shown in FIG. 4 is only an example, and should not bring any limitation to the functions and scope of use of the embodiments of the present application.
- the data encryption device 400 provided by the embodiment of the present application may further include a bus 43 connecting different components (including the processor 41 and the memory 42).
- the bus 43 represents one or more of several types of bus structures, including a memory bus, a peripheral bus, and a local bus.
- the memory 42 may include a readable medium in the form of a volatile memory, such as a random access memory (RAM) 421 and/or a cache memory 422, and may further include a read only memory (ROM) 423.
- RAM random access memory
- ROM read only memory
- the memory 42 may also include a program tool 425 having a set of (at least one) program modules 424.
- the program modules 424 include, but are not limited to, an operating subsystem, one or more application programs, other program modules, and program data. In these examples, Each one or some combination may include the realization of the network environment.
- the data encryption device 400 may also communicate with one or more external devices 44 (such as keyboards, remote controls, etc.), and may also communicate with one or more devices (such as mobile phones, computers, etc.) that enable users to interact with the data encryption device 400. , And/or, communicate with any device (such as a router, modem, etc.) that enables the data encryption device 400 to communicate with one or more other data encryption devices 400. This communication can be performed through an input/output (Input/Output, I/O) interface 45.
- the data encryption device 400 may also communicate with one or more networks (such as a local area network (LAN), a wide area network (WAN), and/or a public network, such as the Internet) through the network adapter 46. As shown in FIG.
- the network adapter 46 communicates with other modules of the data encryption device 400 through the bus 43. It should be understood that although not shown in FIG. 4, other hardware and/or software modules can be used in conjunction with the data encryption device 400, including but not limited to: microcode, device drivers, redundant processors, external disk drive arrays, disk arrays ( Redundant Arrays of Independent Disks, RAID) subsystems, tape drives, and data backup storage subsystems.
- the embodiments of the present application also provide a computer-readable storage medium that stores computer instructions, and when the computer instructions are executed by a processor, the data encryption method provided in the embodiments of the present application is implemented.
- the executable program may be built into the data encryption device 400, so that the data encryption device 400 can implement the data encryption method provided by the embodiment of the present application by executing the built-in executable program.
- the data encryption method provided in the embodiments of the present application can also be implemented as a program product.
- the program product includes program code.
- the program code is used to enable the data encryption device 400 executes the data encryption method provided in the embodiment of the present application.
- the program product provided in the embodiments of the present application may use any combination of one or more readable media, where the readable medium may be a readable signal medium or a readable storage medium, and the readable storage medium may be, but is not limited to, an electronic , Magnetic, optical, electromagnetic, infrared, or semiconductor systems, devices or devices, or any combination of the above.
- readable storage media include: having one or more Electrical connection of wires, portable disk, hard disk, RAM, ROM, Erasable Programmable Read-Only Memory (EPROM), optical fiber, portable compact disk Read-Only Memory (Compact Disc Read-Only Memory, CD- ROM), optical storage device, magnetic storage device, or any suitable combination of the above.
- the program product provided by the embodiments of the present application can adopt a CD-ROM and include program code, and can also run on a computing device.
- the program products provided by the embodiments of the present application are not limited thereto.
- the readable storage medium may be any tangible medium that contains or stores a program, and the program may be used by or in combination with an instruction execution system, device, or device. In conjunction with.
- the embodiments of the present application may be provided as methods, systems, or computer program products. Therefore, the present application may adopt the form of a complete hardware embodiment, a complete software embodiment, or an embodiment combining software and hardware.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Storage Device Security (AREA)
Abstract
Description
相关申请的交叉引用Cross references to related applications
本申请要求在2019年06月28日提交中国专利局、申请号为201910580587.0、申请名称为“一种数据加密方法、装置、设备及介质”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of a Chinese patent application filed with the Chinese Patent Office on June 28, 2019, the application number is 201910580587.0, and the application name is "a data encryption method, device, equipment, and medium", the entire content of which is incorporated by reference In this application.
本申请涉及数据加密技术领域,尤其涉及一种数据加密方法、装置、设备及介质。This application relates to the field of data encryption technology, and in particular to a data encryption method, device, equipment and medium.
实际应用中,通常需要对大量数据进行加密,例如,在分布式机器学习过程中,可能需要对机器学习过程中产生的大量模型参数(如深度神经网络模型参数)进行加密。In practical applications, it is usually necessary to encrypt a large amount of data. For example, in a distributed machine learning process, it may be necessary to encrypt a large number of model parameters (such as deep neural network model parameters) generated in the machine learning process.
然而,在实际的应用场景中,在对大量数据进行加密得到相应的密文数据后,这些密文数据也可能被破解,如何在降低密文数据的破解风险的同时,减少对大量数据进行处理时所消耗的处理资源、提升数据处理效率是需要考虑的问题。However, in actual application scenarios, after encrypting a large amount of data to obtain the corresponding ciphertext data, these ciphertext data may also be cracked. How to reduce the risk of cracking the ciphertext data while reducing the processing of large amounts of data The processing resources consumed at the time and the improvement of data processing efficiency are issues that need to be considered.
发明内容Summary of the invention
本申请实施例提供了一种数据加密方法、装置、设备及介质,用以在降低密文数据的破解风险的同时,减少对大量数据进行处理时所消耗的处理资源、提升数据处理效率,具体的,本申请实施例提供的技术方案如下:The embodiments of the present application provide a data encryption method, device, equipment, and medium to reduce the risk of cracking ciphertext data, reduce processing resources consumed when processing large amounts of data, and improve data processing efficiency. Yes, the technical solutions provided by the embodiments of this application are as follows:
第一方面,本申请实施例提供了一种数据加密方法,包括:In the first aspect, an embodiment of the present application provides a data encryption method, including:
获取待加密的数据集合,并对数据集合进行加密,得到数据集合的密文数据集合;Obtain the data set to be encrypted, and encrypt the data set to obtain the ciphertext data set of the data set;
按照设定方式,确定密文数据集合的混淆数量,并按照混淆数量,生成混淆参数,其中,混淆数量小于密文数据集合中密文数据的数量;Determine the amount of confusion in the ciphertext data set according to the setting method, and generate confusion parameters according to the amount of confusion, where the amount of confusion is less than the number of ciphertext data in the ciphertext data set;
基于各个混淆参数,对密文数据集合进行混淆处理,得到密文数据集合的混淆密文数据集合。Based on each confusion parameter, the ciphertext data set is obfuscated to obtain the confused ciphertext data set of the ciphertext data set.
在一种可能的实施方式中,按照设定方式,确定密文数据集合的混淆数量,包括:In a possible implementation manner, determining the obfuscation quantity of the ciphertext data set according to the setting method includes:
获取密文数据集合中密文数据的数量;Obtain the number of ciphertext data in the ciphertext data set;
将设定系数和密文数据集合中密文数据的数量的乘积确定为密文数据集合对应的混淆数量,其中,设定系数是大于0小于1的数值。The product of the setting coefficient and the number of ciphertext data in the ciphertext data set is determined as the confusion quantity corresponding to the ciphertext data set, where the setting coefficient is a value greater than 0 and less than 1.
在一种可能的实施方式中,按照设定方式,确定密文数据集合的混淆数量,包括:In a possible implementation manner, determining the obfuscation quantity of the ciphertext data set according to the setting method includes:
获取密文数据集合中密文数据的数量,并生成一个在设定范围内的随机数,其中,设定范围是大于0小于1;Obtain the number of ciphertext data in the ciphertext data set, and generate a random number within a set range, where the set range is greater than 0 and less than 1;
将随机数和密文数据集合中密文数据的数量的乘积确定为密文数据集合对应的混淆数量。The product of the random number and the number of ciphertext data in the ciphertext data set is determined as the confusion quantity corresponding to the ciphertext data set.
在一种可能的实施方式中,基于各个混淆参数,对密文数据集合进行混淆处理,得到密文数据集合的混淆密文数据集合,包括:In a possible implementation manner, the ciphertext data set is obfuscated based on each obfuscation parameter to obtain the obfuscated ciphertext data set of the ciphertext data set, including:
针对密文数据集合中的每一个密文数据,从各个混淆参数中,随机选取一个混淆参数作为密文数据的混淆参数,并基于密文数据的混淆参数,对密文数据进行混淆处理,得到密文数据的混淆密文数据;For each ciphertext data in the ciphertext data set, randomly select a confusion parameter from each confusion parameter as the confusion parameter of the ciphertext data, and perform the confusion processing on the ciphertext data based on the confusion parameter of the ciphertext data, and obtain Obfuscated ciphertext data of ciphertext data;
基于密文数据集合中的每一个密文数据的混淆密文数据,生成密文数据集合的混淆密文数据集合。Based on the obfuscated ciphertext data of each ciphertext data in the ciphertext data set, the obfuscated ciphertext data set of the ciphertext data set is generated.
在一种可能的实施方式中,对所述数据集合进行加密,得到所述数据集合的密文数据集合,包括:In a possible implementation manner, encrypting the data set to obtain the ciphertext data set of the data set includes:
采用同态加密算法,对所述数据集合进行加密,得到所述数据集合的密文数据集合。The homomorphic encryption algorithm is used to encrypt the data set to obtain the ciphertext data set of the data set.
在一种可能的实施方式中,所述数据集合是包含待加密的各个模型参数 的多维矩阵。In a possible implementation manner, the data set is a multi-dimensional matrix containing various model parameters to be encrypted.
在一种可能的实施方式中,所述同态加密算法包括Paillier算法、RSA算法和Gentry算法。In a possible implementation manner, the homomorphic encryption algorithm includes Paillier algorithm, RSA algorithm, and Gentry algorithm.
在一种可能的实施方式中,得到所述密文数据集合的混淆密文数据集合之后,所述方法还包括:In a possible implementation manner, after obtaining the obfuscated ciphertext data set of the ciphertext data set, the method further includes:
对得到的混淆密文数据集合进行存储。Store the obtained obfuscated ciphertext data set.
在一种可能的实施方式中,所述混淆数量的计算公式可以表示为:N=n*α;其中,N为混淆数量,α为设定系数,n为密文数据的数量。In a possible implementation manner, the formula for calculating the amount of confusion may be expressed as: N=n*α; where N is the amount of confusion, α is the setting coefficient, and n is the number of ciphertext data.
第二方面,本申请实施例提供了一种数据加密装置,包括:In the second aspect, an embodiment of the present application provides a data encryption device, including:
数据获取单元,用于获取待加密的数据集合;The data acquisition unit is used to acquire the data set to be encrypted;
数据加密单元,用于对数据集合进行加密,得到数据集合的密文数据集合;The data encryption unit is used to encrypt the data set to obtain the ciphertext data set of the data set;
混淆生成单元,用于按照设定方式,确定密文数据集合的混淆数量,并按照混淆数量,生成混淆参数,其中,混淆数量小于密文数据集合中密文数据的数量;The obfuscation generating unit is used to determine the obfuscation quantity of the ciphertext data set according to the setting method, and generate obfuscation parameters according to the obfuscation quantity, where the obfuscation quantity is less than the quantity of ciphertext data in the ciphertext data set;
混淆处理单元,用于基于各个混淆参数,对密文数据集合进行混淆处理,得到密文数据集合的混淆密文数据集合。The obfuscation processing unit is used to perform obfuscation processing on the ciphertext data set based on each obfuscation parameter to obtain the obfuscated ciphertext data set of the ciphertext data set.
在一种可能的实施方式中,在按照设定方式,确定密文数据集合的混淆数量时,混淆生成单元具体用于:In a possible implementation manner, when determining the obfuscation quantity of the ciphertext data set according to the setting method, the obfuscation generating unit is specifically configured to:
获取密文数据集合中密文数据的数量;Obtain the number of ciphertext data in the ciphertext data set;
将设定系数和密文数据集合中密文数据的数量的乘积确定为密文数据集合对应的混淆数量,其中,设定系数是大于0小于1的数值。The product of the setting coefficient and the number of ciphertext data in the ciphertext data set is determined as the confusion quantity corresponding to the ciphertext data set, where the setting coefficient is a value greater than 0 and less than 1.
在一种可能的实施方式中,在按照设定方式,确定密文数据集合的混淆数量时,混淆生成单元具体用于:In a possible implementation manner, when determining the obfuscation quantity of the ciphertext data set according to the setting method, the obfuscation generating unit is specifically configured to:
获取密文数据集合中密文数据的数量,并生成一个在设定范围内的随机数,其中,设定范围是大于0小于1;Obtain the number of ciphertext data in the ciphertext data set, and generate a random number within a set range, where the set range is greater than 0 and less than 1;
将随机数和密文数据集合中密文数据的数量的乘积确定为密文数据集合 对应的混淆数量。The product of the random number and the number of ciphertext data in the ciphertext data set is determined as the confusion quantity corresponding to the ciphertext data set.
在一种可能的实施方式中,在基于各个混淆参数,对密文数据集合进行混淆处理,得到密文数据集合的混淆密文数据集合时,混淆处理单元具体用于:In a possible implementation manner, when obfuscating the ciphertext data set based on each obfuscation parameter to obtain the obfuscated ciphertext data set of the ciphertext data set, the obfuscation processing unit is specifically configured to:
针对密文数据集合中的每一个密文数据,从各个混淆参数中,随机选取一个混淆参数作为密文数据的混淆参数,并基于密文数据的混淆参数,对密文数据进行混淆处理,得到密文数据的混淆密文数据;For each ciphertext data in the ciphertext data set, randomly select a confusion parameter from each confusion parameter as the confusion parameter of the ciphertext data, and perform the confusion processing on the ciphertext data based on the confusion parameter of the ciphertext data, and obtain Obfuscated ciphertext data of ciphertext data;
基于密文数据集合中的每一个密文数据的混淆密文数据,生成密文数据集合的混淆密文数据集合。Based on the obfuscated ciphertext data of each ciphertext data in the ciphertext data set, the obfuscated ciphertext data set of the ciphertext data set is generated.
在一种可能的实施方式中,数据加密单元,具体用于采用同态加密算法,对所述数据集合进行加密,得到所述数据集合的密文数据集合。In a possible implementation manner, the data encryption unit is specifically configured to use a homomorphic encryption algorithm to encrypt the data set to obtain the ciphertext data set of the data set.
在一种可能的实施方式中,所述数据集合是包含待加密的各个模型参数的多维矩阵。In a possible implementation manner, the data set is a multi-dimensional matrix containing various model parameters to be encrypted.
在一种可能的实施方式中,所述同态加密算法包括Paillier算法、RSA算法和Gentry算法。In a possible implementation manner, the homomorphic encryption algorithm includes Paillier algorithm, RSA algorithm, and Gentry algorithm.
在一种可能的实施方式中,所述装置还包括存储单元;In a possible implementation manner, the device further includes a storage unit;
所述存储单元,用于对得到的混淆密文数据集合进行存储。The storage unit is used to store the obtained obfuscated ciphertext data set.
在一种可能的实施方式中,所述混淆数量的计算公式可以表示为:N=n*α;其中,N为混淆数量,α为设定系数,n为密文数据的数量。In a possible implementation manner, the formula for calculating the amount of confusion may be expressed as: N=n*α; where N is the amount of confusion, α is the setting coefficient, and n is the number of ciphertext data.
第三方面,本申请实施例还提供了一种数据加密设备,包括:存储器、处理器和存储在存储器上并可在处理器上运行的计算机程序,处理器执行计算机程序时实现本申请实施例提供的数据加密方法。In a third aspect, an embodiment of the present application also provides a data encryption device, including: a memory, a processor, and a computer program stored in the memory and running on the processor. The processor executes the computer program to implement the embodiment of the present application. Provide data encryption method.
第四方面,本申请实施例还提供了一种计算机可读存储介质,计算机可读存储介质存储有计算机指令,计算机指令被处理器执行时实现本申请实施例提供的数据加密方法。In a fourth aspect, an embodiment of the present application also provides a computer-readable storage medium, where the computer-readable storage medium stores computer instructions, and the computer instructions are executed by a processor to implement the data encryption method provided in the embodiments of the present application.
本申请实施例的有益效果如下:The beneficial effects of the embodiments of the present application are as follows:
本申请实施例中,在对数据集合进行加密,得到密文数据集合后,通过 生成一定数量的混淆参数,并根据各个混淆参数对密文数据集合进行混淆处理,使得最终得到的混淆密文数据集合难以被破解,从而提高了数据安全性,而且,由于生成的混淆参数的数量较少,因此,在提高了数据安全性的同时,还节省了混淆参数的生成时间,提高了对数据集合的处理效率。In the embodiment of this application, after encrypting the data set to obtain the ciphertext data set, a certain number of obfuscation parameters are generated, and the ciphertext data set is obfuscated according to each obfuscation parameter, so that the finally obtained obfuscated ciphertext data The collection is difficult to crack, thereby improving data security. Moreover, since the number of generated confusion parameters is small, while improving data security, it also saves the generation time of confusion parameters and improves the data collection. Processing efficiency.
本申请的其它特征和优点将在随后的说明书中阐述,并且,部分地从说明书中变得显而易见,或者通过实施本申请而了解。本申请的目的和其他优点可通过在所写的说明书、权利要求书、以及附图中所特别指出的结构来实现和获得。Other features and advantages of the present application will be described in the following description, and partly become obvious from the description, or understood by implementing the present application. The purpose and other advantages of this application can be realized and obtained through the structure specified in the written description, claims, and drawings.
此处所说明的附图用来提供对本申请的进一步理解,构成本申请的一部分,本申请的示意性实施例及其说明用于解释本申请,并不构成对本申请的不当限定。在附图中:The drawings described here are used to provide a further understanding of the application and constitute a part of the application. The exemplary embodiments and descriptions of the application are used to explain the application and do not constitute an improper limitation of the application. In the attached picture:
图1为本申请实施例中的数据加密方法的流程示意图;FIG. 1 is a schematic flowchart of a data encryption method in an embodiment of the application;
图2为本申请实施例中的数据加密方法的具体流程示意图;FIG. 2 is a schematic diagram of a specific flow of a data encryption method in an embodiment of the application;
图3为本申请实施例中的数据加密装置的功能结构示意图;3 is a schematic diagram of the functional structure of the data encryption device in an embodiment of the application;
图4为本申请实施例中的数据加密设备的硬件结构示意图。Figure 4 is a schematic diagram of the hardware structure of a data encryption device in an embodiment of the application.
为了使本领域技术人员更好地理解本申请,首先对本申请中提及的技术用语进行说明。In order to enable those skilled in the art to better understand this application, firstly, the technical terms mentioned in this application will be explained.
1、加密,为以某种特殊的算法改变原有数据,使得未经授权的用户即使获得了已加密数据,但因不知解密方法,仍然无法获得原有数据的一种数据处理技术。本申请中的加密可以是但不限于是:同态加密。1. Encryption is a data processing technology that uses a special algorithm to change the original data so that even if unauthorized users obtain encrypted data, they still cannot obtain the original data because they do not know the decryption method. The encryption in this application can be but not limited to: homomorphic encryption.
其中,同态加密,为支持对密文数据进行运算操作的一种加密方式,根据支持的运算操作不同,同态加密分为以下三种类型:Among them, homomorphic encryption is an encryption method that supports arithmetic operations on ciphertext data. According to the different arithmetic operations supported, homomorphic encryption is divided into the following three types:
加法同态加密,为支持加减法运算的同态加密,例如,Paillier算法对加 减法运算是同态的;Addition homomorphic encryption is the homomorphic encryption that supports addition and subtraction operations. For example, Paillier algorithm is homomorphic for addition and subtraction operations;
乘法同态加密,为支持乘除法运算的同态加密,例如,RSA算法对乘除法运算是同态的;Multiplication homomorphic encryption is the homomorphic encryption that supports multiplication and division operations. For example, the RSA algorithm is homomorphic for multiplication and division operations;
全同态加密,为支持加减乘除、多项式求值、指数、对数、三角函数等各种运算的同态加密,例如,Gentry算法对各种运算是同态的。Fully homomorphic encryption, in order to support the homomorphic encryption of various operations such as addition, subtraction, multiplication and division, polynomial evaluation, exponents, logarithms, and trigonometric functions, for example, the Gentry algorithm is homomorphic for various operations.
2、待加密的数据集合,为待加密的各个数据的集合,例如,包含待加密的大量模型参数的多维矩阵等。2. The data set to be encrypted is a set of various data to be encrypted, for example, a multi-dimensional matrix containing a large number of model parameters to be encrypted.
3、混淆参数,为用于对密文数据进行混淆处理的参数,例如:随机数。3. Obfuscation parameters are parameters used to obfuscate ciphertext data, such as random numbers.
为了使本申请的目的、技术方案及有益效果更加清楚明白,以下将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本申请一部分实施例,并不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。In order to make the purpose, technical solutions and beneficial effects of this application clearer, the following will clearly and completely describe the technical solutions in the embodiments of this application in conjunction with the drawings in the embodiments of this application. Obviously, the described embodiments These are only a part of the embodiments of the present application, not all the embodiments. Based on the embodiments in this application, all other embodiments obtained by those of ordinary skill in the art without creative work shall fall within the protection scope of this application.
目前,为了进一步提高数据安全性,降低密文数据的破解风险,通常在对数据集合进行加密,得到密文数据集合后,针对密文数据集合中的每一个密文数据,为该密文数据生成一个混淆参数,并基于该混淆参数,对该密文数据进行混淆处理,从而获得了该密文数据的混淆密文数据,进而,根据密文数据集合中的每一个密文数据的混淆密文数据,即可获得该密文数据集合的混淆密文数据集合。这种混淆方法虽然能够降低密文数据集合的破解风险,提高密文数据集合的安全性,但是,在生成混淆参数时,由于需要针对密文数据集合中的每一个密文数据分别生成一个混淆参数,导致混淆参数的生成需要比单纯的加密消耗更多的计算时间、占用更多的处理资源,从而,降低了数据处理效率,消耗了大量的处理资源。例如:在深度学习的应用场景下,深度学习模型的训练过程可能需要1秒的处理时间,若对深度学习过程中产生的大量模型参数进行加密,并使用目前的混淆方法对加密后获得的大量密文数据进行混淆,则可能需要3个小时的处理时间才能完成模型训练,而且,还会占用大量的处理资源。At present, in order to further improve data security and reduce the risk of cracking ciphertext data, usually after encrypting the data set to obtain the ciphertext data set, for each ciphertext data in the ciphertext data set, it is the ciphertext data Generate an obfuscation parameter, and perform obfuscation processing on the ciphertext data based on the obfuscation parameter, thereby obtaining the obfuscated ciphertext data of the ciphertext data, and then, according to the obfuscated ciphertext data of each ciphertext data in the ciphertext data set Text data, the obfuscated ciphertext data set of the ciphertext data set can be obtained. Although this obfuscation method can reduce the risk of cracking the ciphertext data set and improve the security of the ciphertext data set, when generating obfuscation parameters, it is necessary to generate a confusion for each ciphertext data in the ciphertext data set. Parameters, causing confusion The generation of parameters requires more calculation time and more processing resources than pure encryption, thereby reducing data processing efficiency and consuming a lot of processing resources. For example, in the application scenario of deep learning, the training process of the deep learning model may require 1 second of processing time. If a large number of model parameters generated in the deep learning process are encrypted, and the current obfuscation method is used to encrypt the large number of If the ciphertext data is obfuscated, it may take 3 hours of processing time to complete the model training, and it will also take up a lot of processing resources.
为了解决目前的这种混淆方式存在的资源消耗较多、处理效率较低的问题,本申请实施例中,在获取待加密的数据集合后,对该数据集合进行加密,得到数据集合的密文数据集合;按照设定方式,确定该密文数据集合的混淆数量,并按照该混淆数量,生成混淆参数,其中,混淆数量小于密文数据集合中密文数据的数量;基于各个混淆参数,对该密文数据集合进行混淆处理,得到该密文数据集合的混淆密文数据集合。这样,在对数据集合进行加密,得到密文数据集合后,通过生成一定数量的混淆参数,并根据各个混淆参数对密文数据集合进行混淆处理,使得最终得到的混淆密文数据集合难以被破解,从而提高了数据安全性,而且,由于生成的混淆参数的数量较少,因此,在提高了数据安全性的同时,还节省了混淆参数的生成时间,提升了对数据集合的处理效率。In order to solve the problems of high resource consumption and low processing efficiency in the current obfuscation method, in the embodiment of the present application, after obtaining the data set to be encrypted, the data set is encrypted to obtain the ciphertext of the data set Data collection; Determine the amount of confusion in the ciphertext data set according to the setting method, and generate confusion parameters according to the amount of confusion, where the amount of confusion is less than the number of ciphertext data in the ciphertext data set; based on each confusion parameter, The ciphertext data set is obfuscated to obtain the confused ciphertext data set of the ciphertext data set. In this way, after the data set is encrypted to obtain the ciphertext data set, a certain number of confusion parameters are generated, and the ciphertext data set is obfuscated according to each confusion parameter, so that the finally obtained confused ciphertext data set is difficult to be deciphered , Thereby improving data security, and because the number of generated obfuscated parameters is small, while improving data security, it also saves the generation time of obfuscated parameters, and improves the processing efficiency of the data set.
在介绍了本申请实施例的应用场景和设计思想之后,下面对本申请实施例提供的技术方案进行说明。After introducing the application scenarios and design ideas of the embodiments of the present application, the technical solutions provided by the embodiments of the present application are described below.
本申请实施例提供了一种数据加密方法,该数据加密方法可以应用于需要对大量数据进行加密的任何设备,例如:计算机、云服务器等设备。具体的,参阅图1所示,本申请实施例提供的数据加密方法的流程如下:The embodiments of the present application provide a data encryption method, which can be applied to any device that needs to encrypt a large amount of data, such as computers, cloud servers and other devices. Specifically, referring to FIG. 1, the flow of the data encryption method provided by the embodiment of the present application is as follows:
步骤101:获取待加密的数据集合,并对该数据集合进行加密,得到该数据集合的密文数据集合。Step 101: Obtain a data set to be encrypted, and encrypt the data set to obtain a ciphertext data set of the data set.
实际应用中,可以根据实际需求和设备性能,从Paillier算法、RSA算法和Gentry算法等加密算法中,选取一种加密算法对数据集合进行加密,从而获得该数据集合的密文数据集合。In practical applications, an encryption algorithm can be selected from among encryption algorithms such as Paillier algorithm, RSA algorithm, and Gentry algorithm to encrypt the data set according to actual requirements and device performance, thereby obtaining the ciphertext data set of the data set.
步骤102:按照设定方式,确定该密文数据集合的混淆数量,并按照该混淆数量,生成混淆参数,其中,混淆数量小于密文数据集合中密文数据的数量。Step 102: Determine the confusion quantity of the ciphertext data set according to the setting method, and generate confusion parameters according to the confusion quantity, wherein the confusion quantity is less than the quantity of ciphertext data in the ciphertext data set.
在具体实施时,在按照设定方式,确定该密文数据集合的混淆数量时,可以采用但不限于以下方式:In specific implementation, when determining the amount of confusion of the ciphertext data set according to the setting method, the following methods can be used but not limited to:
第一种方式:获取密文数据集合中密文数据的数量,并将设定系数和密 文数据集合中密文数据的数量的乘积确定为密文数据集合对应的混淆数量,其中,设定系数小于1。The first method: Obtain the number of ciphertext data in the ciphertext data set, and determine the product of the setting coefficient and the number of ciphertext data in the ciphertext data set as the confusion quantity corresponding to the ciphertext data set, where The coefficient is less than 1.
例如:假设密文数据集合中密文数据的数量为10个,设定系数为0.5,则可以将密文数据集合中密文数据的数量10与设定系数0.5的乘积5确定为密文数据集合对应的混淆数量,混淆数量的计算公式可以表示为:N=n*α;For example: assuming that the number of ciphertext data in the ciphertext data set is 10 and the set coefficient is 0.5, the
其中,N为混淆数量,α为设定系数,n为密文数据的数量;Among them, N is the amount of confusion, α is the setting coefficient, and n is the number of ciphertext data;
第二种方式:获取密文数据集合中密文数据的数量,并生成一个在设定范围内的随机数,将随机数和密文数据集合中密文数据的数量的乘积确定为密文数据集合对应的混淆数量,其中,设定范围是(0,1)。The second method: Get the number of ciphertext data in the ciphertext data set, and generate a random number within the set range, and determine the product of the random number and the number of ciphertext data in the ciphertext data set as the ciphertext data The confusion amount corresponding to the set, where the setting range is (0, 1).
例如:假设密文数据集合中密文数据的数量为10个,根据设定范围(0,1)生成的随机数是0.6,则可以将密文数据集合中密文数据的数量10与随机数0.6的乘积6确定为密文数据集合对应的混淆数量。For example: assuming that the number of ciphertext data in the ciphertext data set is 10, and the random number generated according to the set range (0,1) is 0.6, the number of ciphertext data in the ciphertext data set can be 10 and the random number The product 6 of 0.6 is determined as the amount of confusion corresponding to the ciphertext data set.
进一步的,在确定该密文数据集合的混淆数量后,即可按照该混淆数量,生成混淆参数。例如:假设该密文数据集合的混淆数量为6,则可以生成6个混淆参数。Further, after the confusion quantity of the ciphertext data set is determined, the confusion parameter can be generated according to the confusion quantity. For example: assuming that the number of confusions in the ciphertext data set is 6, then 6 confusion parameters can be generated.
步骤103:基于各个混淆参数,对该密文数据集合进行混淆处理,得到该密文数据集合的混淆密文数据集合。Step 103: Perform obfuscation processing on the ciphertext data set based on each obfuscation parameter to obtain the obfuscated ciphertext data set of the ciphertext data set.
本申请实施例中,在基于各个混淆参数,对密文数据集合进行混淆处理时,可以采用但不限于以下方式:In the embodiments of the present application, when performing obfuscation processing on the ciphertext data set based on each obfuscation parameter, the following methods can be adopted but not limited to:
首先,针对密文数据集合中的每一个密文数据,从各个混淆参数中,随机选取一个混淆参数作为该密文数据的混淆参数,并基于该密文数据的混淆参数,对该密文数据进行混淆处理,得到该密文数据的混淆密文数据。First, for each ciphertext data in the ciphertext data set, randomly select a confusion parameter from each confusion parameter as the confusion parameter of the ciphertext data, and based on the confusion parameter of the ciphertext data, the ciphertext data Perform obfuscation processing to obtain obfuscated ciphertext data of the ciphertext data.
然后,基于密文数据集合中的每一个密文数据的混淆密文数据,生成密文数据集合的混淆密文数据集合。Then, based on the obfuscated ciphertext data of each ciphertext data in the ciphertext data set, the obfuscated ciphertext data set of the ciphertext data set is generated.
最后,对得到的该密文数据集合的混淆密文数据集合进行存储。Finally, the obtained obfuscated ciphertext data set of the ciphertext data set is stored.
例如:假设密文数据集合中的密文数据数量为10个,混淆参数的数量为6个,则可以针对该10个密文数据,分别从该6个混淆参数中随机选取一个 混淆参数作为该密文数据的混淆参数,得到该10个密文数据各自的混淆参数,并基于该10个密文数据各自的混淆参数,对该10个密文数据分别进行混淆处理,得到该10个密文数据各自的混淆密文数据,进而,根据该10个密文数据各自的混淆密文数据,即可获得密文数据集合的混淆密文数据集合。For example: assuming that the number of ciphertext data in the ciphertext data set is 10 and the number of confusion parameters is 6, for the 10 ciphertext data, one confusion parameter can be randomly selected from the 6 confusion parameters. Obfuscation parameters of the ciphertext data, the respective obfuscation parameters of the 10 ciphertext data are obtained, and based on the respective obfuscation parameters of the 10 ciphertext data, the 10 ciphertext data are respectively obfuscated to obtain the 10 ciphertext data The respective obfuscated ciphertext data of the data, and further, the obfuscated ciphertext data set of the ciphertext data set can be obtained according to the respective obfuscated ciphertext data of the 10 ciphertext data.
这样,在对数据集合进行加密,得到密文数据集合后,通过生成一定数量的混淆参数,并根据各个混淆参数对密文数据集合进行混淆处理,使得最终得到的混淆密文数据集合难以被破解,从而提高了数据安全性,而且,由于生成的混淆参数的数量较少,因此,在提高了数据安全性的同时,还节省了混淆参数的生成时间,提升了对数据集合的处理效率。In this way, after the data set is encrypted to obtain the ciphertext data set, a certain number of confusion parameters are generated, and the ciphertext data set is obfuscated according to each confusion parameter, so that the finally obtained confused ciphertext data set is difficult to be deciphered , Thereby improving data security, and because the number of generated obfuscated parameters is small, while improving data security, it also saves the generation time of obfuscated parameters, and improves the processing efficiency of the data set.
下面采用“对待加密的数据集合进行同态加密,并且该数据集合是包含待加密的各个模型参数的多维矩阵”为具体应用场景,对本申请实施例提供的数据加密方法作进一步详细说明,参阅图2所示,本申请实施例提供的数据加密方法的具体流程如下:The following uses "homomorphic encryption of the data set to be encrypted, and the data set is a multi-dimensional matrix containing each model parameter to be encrypted" as a specific application scenario. The data encryption method provided by the embodiment of the application will be further described in detail, see Figure As shown in 2, the specific process of the data encryption method provided by the embodiment of this application is as follows:
步骤201:获取待加密的矩阵M。Step 201: Obtain the matrix M to be encrypted.
步骤202:采用同态加密算法F(M)对矩阵M进行同态加密,得到矩阵M的同态密文矩阵[[M]]。Step 202: Use the homomorphic encryption algorithm F(M) to perform homomorphic encryption on the matrix M to obtain the homomorphic ciphertext matrix [[M]] of the matrix M.
步骤203:确定同态密文矩阵[[M]]中同态密文参数的数量为100,并将同态密文矩阵[[M]]中同态密文参数的数量100与设定系数0.6的乘积60确定为同态密文矩阵[[M]]的混淆数量。Step 203: Determine the number of homomorphic ciphertext parameters in the homomorphic ciphertext matrix [[M]] as 100, and set the number of homomorphic ciphertext parameters in the homomorphic ciphertext matrix [[M]] to 100 and the set coefficient The product 60 of 0.6 is determined as the confusion amount of the homomorphic ciphertext matrix [[M]].
步骤204:按照同态密文矩阵[[M]]的混淆数量60,生成60个混淆参数。Step 204: According to the confusion number 60 of the homomorphic ciphertext matrix [[M]], 60 confusion parameters are generated.
步骤205:针对同态密文矩阵[[M]]中的100个同态密文参数,分别从该60个混淆参数中随机选取一个混淆参数作为该同态密文参数的混淆参数,得到该100个同态密文参数各自的混淆参数。Step 205: Regarding the 100 homomorphic ciphertext parameters in the homomorphic ciphertext matrix [[M]], a confusion parameter is randomly selected from the 60 confusion parameters as the confusion parameter of the homomorphic ciphertext parameter to obtain the Obfuscation parameters for each of the 100 homomorphic ciphertext parameters.
步骤206:基于该100个同态密文参数各自的混淆参数,对该100个同态密文参数分别进行混淆处理,得到该100个同态密文参数各自的混淆同态密文参数。Step 206: Based on the respective obfuscation parameters of the 100 homomorphic ciphertext parameters, perform obfuscation processing on the 100 homomorphic ciphertext parameters respectively to obtain the respective obfuscated homomorphic ciphertext parameters of the 100 homomorphic ciphertext parameters.
步骤207:根据该100个同态密文参数各自的混淆同态密文参数,获得同 态密文矩阵[[M]]的混淆同态密文矩阵[[M]]'。Step 207: Obtain the confused homomorphic ciphertext matrix [[M]]' of the homomorphic ciphertext matrix [[M]] according to the respective confused homomorphic ciphertext parameters of the 100 homomorphic ciphertext parameters.
基于上述实施例,本申请实施例提供了一种数据加密装置,参阅图3所示,本申请实施例提供的数据加密装置300至少包括:Based on the foregoing embodiment, an embodiment of the present application provides a data encryption device. As shown in FIG. 3, the data encryption device 300 provided by the embodiment of the present application at least includes:
数据获取单元301,用于获取待加密的数据集合;The
数据加密单元302,用于对数据集合进行加密,得到数据集合的密文数据集合;The
混淆生成单元303,用于按照设定方式,确定密文数据集合的混淆数量,并按照混淆数量,生成混淆参数,其中,混淆数量小于密文数据集合中密文数据的数量;The
混淆处理单元304,用于基于各个混淆参数,对密文数据集合进行混淆处理,得到密文数据集合的混淆密文数据集合。The
在一种可能的实施方式中,在按照设定方式,确定密文数据集合的混淆数量时,混淆生成单元303具体用于:In a possible implementation manner, when determining the amount of confusion in the ciphertext data set according to the setting method, the
获取密文数据集合中密文数据的数量;Obtain the number of ciphertext data in the ciphertext data set;
将设定系数和密文数据集合中密文数据的数量的乘积确定为密文数据集合对应的混淆数量,其中,设定系数是大于0小于1的数值。The product of the setting coefficient and the number of ciphertext data in the ciphertext data set is determined as the confusion quantity corresponding to the ciphertext data set, where the setting coefficient is a value greater than 0 and less than 1.
在一种可能的实施方式中,在按照设定方式,确定密文数据集合的混淆数量时,混淆生成单元303具体用于:In a possible implementation manner, when determining the amount of confusion in the ciphertext data set according to the setting method, the
获取密文数据集合中密文数据的数量,并生成一个在设定范围内的随机数,其中,设定范围是大于0小于1;Obtain the number of ciphertext data in the ciphertext data set, and generate a random number within a set range, where the set range is greater than 0 and less than 1;
将随机数和密文数据集合中密文数据的数量的乘积确定为密文数据集合对应的混淆数量。The product of the random number and the number of ciphertext data in the ciphertext data set is determined as the confusion quantity corresponding to the ciphertext data set.
在一种可能的实施方式中,在基于各个混淆参数,对密文数据集合进行混淆处理,得到密文数据集合的混淆密文数据集合时,混淆处理单元304具体用于:In a possible implementation manner, when obfuscating the ciphertext data set based on each obfuscation parameter to obtain the obfuscated ciphertext data set of the ciphertext data set, the
针对密文数据集合中的每一个密文数据,从各个混淆参数中,随机选取一个混淆参数作为密文数据的混淆参数,并基于密文数据的混淆参数,对密 文数据进行混淆处理,得到密文数据的混淆密文数据;For each ciphertext data in the ciphertext data set, randomly select a confusion parameter from each confusion parameter as the confusion parameter of the ciphertext data, and perform the confusion processing on the ciphertext data based on the confusion parameter of the ciphertext data, and obtain Obfuscated ciphertext data of ciphertext data;
基于密文数据集合中的每一个密文数据的混淆密文数据,生成密文数据集合的混淆密文数据集合。Based on the obfuscated ciphertext data of each ciphertext data in the ciphertext data set, the obfuscated ciphertext data set of the ciphertext data set is generated.
在一种可能的实施方式中,数据加密单元302,具体用于采用同态加密算法,对所述数据集合进行加密,得到所述数据集合的密文数据集合。In a possible implementation manner, the
在一种可能的实施方式中,所述数据集合是包含待加密的各个模型参数的多维矩阵。In a possible implementation manner, the data set is a multi-dimensional matrix containing various model parameters to be encrypted.
在一种可能的实施方式中,所述同态加密算法包括Paillier算法、RSA算法和Gentry算法。In a possible implementation manner, the homomorphic encryption algorithm includes Paillier algorithm, RSA algorithm, and Gentry algorithm.
在一种可能的实施方式中,所述装置还包括存储单元305;In a possible implementation manner, the device further includes a storage unit 305;
存储单元305,用于对得到的混淆密文数据集合进行存储。The storage unit 305 is configured to store the obtained obfuscated ciphertext data set.
在一种可能的实施方式中,所述混淆数量的计算公式可以表示为:N=n*α;其中,N为混淆数量,α为设定系数,n为密文数据的数量。In a possible implementation manner, the formula for calculating the amount of confusion may be expressed as: N=n*α; where N is the amount of confusion, α is the setting coefficient, and n is the number of ciphertext data.
需要说明的是,本申请实施例提供的数据加密装置300解决技术问题的原理与本申请实施例提供的数据加密方法相似,因此,本申请实施例提供的数据加密装置300的实施可以参见本申请实施例提供的数据加密方法的实施,重复之处不再赘述。It should be noted that the principle of solving the technical problems of the data encryption device 300 provided by the embodiment of the application is similar to the data encryption method provided by the embodiment of the application. Therefore, the implementation of the data encryption device 300 provided by the embodiment of the application can refer to this application. The implementation of the data encryption method provided in the embodiment will not be repeated here.
在介绍了本申请实施例提供的数据加密方法及装置之后,接下来,对本申请实施例提供的数据加密设备进行简单介绍。After introducing the data encryption method and device provided in the embodiment of the present application, next, the data encryption device provided in the embodiment of the present application will be briefly introduced.
参阅图4所示,本申请实施例提供的数据加密设备400至少包括:处理器41、存储器42和存储在存储器42上并可在处理器41上运行的计算机程序,处理器41执行计算机程序时实现本申请实施例提供的数据加密方法。4, the data encryption device 400 provided by the embodiment of the present application at least includes: a
需要说明的是,图4所示的数据加密设备400仅仅是一个示例,不应对本申请实施例的功能和使用范围带来任何限制。It should be noted that the data encryption device 400 shown in FIG. 4 is only an example, and should not bring any limitation to the functions and scope of use of the embodiments of the present application.
本申请实施例提供的数据加密设备400还可以包括连接不同组件(包括处理器41和存储器42)的总线43。其中,总线43表示几类总线结构中的一种或多种,包括存储器总线、外围总线、局域总线等。The data encryption device 400 provided by the embodiment of the present application may further include a
存储器42可以包括易失性存储器形式的可读介质,例如随机存储器(Random Access Memory,RAM)421和/或高速缓存存储器422,还可以进一步包括只读存储器(Read Only Memory,ROM)423。The
存储器42还可以包括具有一组(至少一个)程序模块424的程序工具425,程序模块424包括但不限于:操作子系统、一个或者多个应用程序、其它程序模块以及程序数据,这些示例中的每一个或某种组合中可能包括网络环境的实现。The
数据加密设备400也可以与一个或多个外部设备44(例如键盘、遥控器等)通信,还可以与一个或者多个使得用户能与数据加密设备400交互的设备通信(例如手机、电脑等),和/或,与使得数据加密设备400能与一个或多个其它数据加密设备400进行通信的任何设备(例如路由器、调制解调器等)通信。这种通信可以通过输入/输出(Input/Output,I/O)接口45进行。并且,数据加密设备400还可以通过网络适配器46与一个或者多个网络(例如局域网(Local Area Network,LAN),广域网(Wide Area Network,WAN)和/或公共网络,例如因特网)通信。如图4所示,网络适配器46通过总线43与数据加密设备400的其它模块通信。应当理解,尽管图4中未示出,可以结合数据加密设备400使用其它硬件和/或软件模块,包括但不限于:微代码、设备驱动器、冗余处理器、外部磁盘驱动阵列、磁盘阵列(Redundant Arrays of Independent Disks,RAID)子系统、磁带驱动器以及数据备份存储子系统等。The data encryption device 400 may also communicate with one or more external devices 44 (such as keyboards, remote controls, etc.), and may also communicate with one or more devices (such as mobile phones, computers, etc.) that enable users to interact with the data encryption device 400. , And/or, communicate with any device (such as a router, modem, etc.) that enables the data encryption device 400 to communicate with one or more other data encryption devices 400. This communication can be performed through an input/output (Input/Output, I/O)
此外,本申请实施例还提供了一种计算机可读存储介质,该计算机可读存储介质存储有计算机指令,该计算机指令被处理器执行时实现本申请实施例提供的数据加密方法。具体地,该可执行程序可以内置在数据加密设备400中,这样,数据加密设备400就可以通过执行内置的可执行程序实现本申请实施例提供的数据加密方法。In addition, the embodiments of the present application also provide a computer-readable storage medium that stores computer instructions, and when the computer instructions are executed by a processor, the data encryption method provided in the embodiments of the present application is implemented. Specifically, the executable program may be built into the data encryption device 400, so that the data encryption device 400 can implement the data encryption method provided by the embodiment of the present application by executing the built-in executable program.
此外,本申请实施例提供的数据加密方法还可以实现为一种程序产品,该程序产品包括程序代码,当该程序产品可以在数据加密设备400上运行时,该程序代码用于使数据加密设备400执行本申请实施例提供的数据加密方法。In addition, the data encryption method provided in the embodiments of the present application can also be implemented as a program product. The program product includes program code. When the program product can run on the data encryption device 400, the program code is used to enable the data encryption device 400 executes the data encryption method provided in the embodiment of the present application.
本申请实施例提供的程序产品可以采用一个或多个可读介质的任意组合,其中,可读介质可以是可读信号介质或者可读存储介质,而可读存储介质可以是但不限于是电、磁、光、电磁、红外线、或半导体的系统、装置或器件,或者任意以上的组合,具体地,可读存储介质的更具体的例子(非穷举的列表)包括:具有一个或多个导线的电连接、便携式盘、硬盘、RAM、ROM、可擦式可编程只读存储器(Erasable Programmable Read Only Memory,EPROM)、光纤、便携式紧凑盘只读存储器(Compact Disc Read-Only Memory,CD-ROM)、光存储器件、磁存储器件、或者上述的任意合适的组合。The program product provided in the embodiments of the present application may use any combination of one or more readable media, where the readable medium may be a readable signal medium or a readable storage medium, and the readable storage medium may be, but is not limited to, an electronic , Magnetic, optical, electromagnetic, infrared, or semiconductor systems, devices or devices, or any combination of the above. Specifically, more specific examples (non-exhaustive list) of readable storage media include: having one or more Electrical connection of wires, portable disk, hard disk, RAM, ROM, Erasable Programmable Read-Only Memory (EPROM), optical fiber, portable compact disk Read-Only Memory (Compact Disc Read-Only Memory, CD- ROM), optical storage device, magnetic storage device, or any suitable combination of the above.
本申请实施例提供的程序产品可以采用CD-ROM并包括程序代码,还可以在计算设备上运行。然而,本申请实施例提供的程序产品不限于此,在本申请实施例中,可读存储介质可以是任何包含或存储程序的有形介质,该程序可以被指令执行系统、装置或者器件使用或者与其结合使用。The program product provided by the embodiments of the present application can adopt a CD-ROM and include program code, and can also run on a computing device. However, the program products provided by the embodiments of the present application are not limited thereto. In the embodiments of the present application, the readable storage medium may be any tangible medium that contains or stores a program, and the program may be used by or in combination with an instruction execution system, device, or device. In conjunction with.
应当注意,尽管在上文详细描述中提及了装置的若干单元或子单元,但是这种划分仅仅是示例性的并非强制性的。实际上,根据本申请的实施方式,上文描述的两个或更多单元的特征和功能可以在一个单元中具体化。反之,上文描述的一个单元的特征和功能可以进一步划分为由多个单元来具体化。It should be noted that although several units or subunits of the device are mentioned in the above detailed description, this division is merely exemplary and not mandatory. In fact, according to the embodiments of the present application, the features and functions of two or more units described above can be embodied in one unit. Conversely, the features and functions of a unit described above can be further divided into multiple units to be embodied.
此外,尽管在附图中以特定顺序描述了本申请方法的操作,但是,这并非要求或者暗示必须按照该特定顺序来执行这些操作,或是必须执行全部所示的操作才能实现期望的结果。附加地或备选地,可以省略某些步骤,将多个步骤合并为一个步骤执行,和/或将一个步骤分解为多个步骤执行。In addition, although the operations of the method of the present application are described in a specific order in the drawings, this does not require or imply that these operations must be performed in the specific order, or that all the operations shown must be performed to achieve the desired result. Additionally or alternatively, some steps may be omitted, multiple steps may be combined into one step for execution, and/or one step may be decomposed into multiple steps for execution.
本领域内的技术人员应明白,本申请的实施例可提供为方法、系统、或计算机程序产品。因此,本申请可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。Those skilled in the art should understand that the embodiments of the present application may be provided as methods, systems, or computer program products. Therefore, the present application may adopt the form of a complete hardware embodiment, a complete software embodiment, or an embodiment combining software and hardware.
尽管已描述了本申请的优选实施例,但本领域内的技术人员一旦得知了基本创造性概念,则可对这些实施例作出另外的变更和修改。所以,所附权利要求意欲解释为包括优选实施例以及落入本申请范围的所有变更和修改。Although the preferred embodiments of the present application have been described, those skilled in the art can make additional changes and modifications to these embodiments once they learn the basic creative concept. Therefore, the appended claims are intended to be interpreted as including the preferred embodiments and all changes and modifications falling within the scope of the present application.
显然,本领域的技术人员可以对本申请实施例进行各种改动和变型而不 脱离本申请实施例的精神和范围。这样,倘若本申请实施例的这些修改和变型属于本申请权利要求及其等同技术的范围之内,则本申请也意图包含这些改动和变型在内。Obviously, those skilled in the art can make various changes and modifications to the embodiments of the present application without departing from the spirit and scope of the embodiments of the present application. In this way, if these modifications and variations of the embodiments of this application fall within the scope of the claims of this application and their equivalent technologies, this application is also intended to include these modifications and variations.
Claims (20)
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910580587.0A CN110266484B (en) | 2019-06-28 | 2019-06-28 | A data encryption method, device, equipment and medium |
| CN201910580587.0 | 2019-06-28 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| WO2020258727A1 true WO2020258727A1 (en) | 2020-12-30 |
Family
ID=67923372
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| PCT/CN2019/122826 Ceased WO2020258727A1 (en) | 2019-06-28 | 2019-12-03 | Data encryption method, apparatus and device, and medium |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN110266484B (en) |
| WO (1) | WO2020258727A1 (en) |
Families Citing this family (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110266484B (en) * | 2019-06-28 | 2021-07-06 | 深圳前海微众银行股份有限公司 | A data encryption method, device, equipment and medium |
| CN111177740B (en) * | 2019-11-14 | 2023-05-02 | 腾讯科技(深圳)有限公司 | Data confusion processing method, system and computer readable medium |
| DE112020005033T5 (en) * | 2019-11-21 | 2022-07-21 | Murata Manufacturing Co., Ltd. | COMMUNICATION DATA TEXT CONFUSION ENCRYPTION METHOD |
| CN110958255B (en) * | 2019-12-06 | 2022-07-29 | 杭州安恒信息技术股份有限公司 | Data transmission method and device, electronic equipment and storage medium |
| US11902424B2 (en) * | 2020-11-20 | 2024-02-13 | International Business Machines Corporation | Secure re-encryption of homomorphically encrypted data |
| CN114331648A (en) * | 2021-12-22 | 2022-04-12 | 国泰新点软件股份有限公司 | Bid file processing method, device, equipment and storage medium |
| CN115225250B (en) * | 2022-07-26 | 2025-11-07 | 上海同态信息科技有限责任公司 | Ciphertext data outsourcing decryption system and method based on homomorphic encryption |
| CN115102687B (en) * | 2022-07-26 | 2025-11-07 | 上海同态信息科技有限责任公司 | Plaintext data outsourcing encryption system and method based on homomorphic encryption |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106452737A (en) * | 2010-08-11 | 2017-02-22 | 安全第公司 | Systems and methods for secure multi-tenant data storage |
| US20180067725A1 (en) * | 2016-09-06 | 2018-03-08 | Bertrand Cambou | Data Compiler for True Random Number Generation and Related Methods |
| CN109687966A (en) * | 2017-10-18 | 2019-04-26 | 北京明特量化信息技术有限公司 | Encryption method and its system |
| CN109768978A (en) * | 2019-01-16 | 2019-05-17 | 武汉斗鱼鱼乐网络科技有限公司 | A method and related device for obfuscating data |
| CN110266484A (en) * | 2019-06-28 | 2019-09-20 | 深圳前海微众银行股份有限公司 | A data encryption method, device, equipment and medium |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP1764697A4 (en) * | 2004-04-14 | 2009-04-01 | Panasonic Corp | TERMINAL SYSTEM AND COPYRIGHT PROTECTION SYSTEM |
| US9537650B2 (en) * | 2009-12-15 | 2017-01-03 | Microsoft Technology Licensing, Llc | Verifiable trust for data through wrapper composition |
| DE102015205827A1 (en) * | 2015-03-31 | 2016-10-06 | Siemens Aktiengesellschaft | Method for protecting security-relevant data in a cache memory |
| CN109241016B (en) * | 2018-08-14 | 2020-07-07 | 阿里巴巴集团控股有限公司 | Multi-party security calculation method and device and electronic equipment |
| CN109861819B (en) * | 2019-03-19 | 2022-04-15 | 天津中德应用技术大学 | Data encryption method and decryption method based on confusion encryption block algorithm |
-
2019
- 2019-06-28 CN CN201910580587.0A patent/CN110266484B/en active Active
- 2019-12-03 WO PCT/CN2019/122826 patent/WO2020258727A1/en not_active Ceased
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106452737A (en) * | 2010-08-11 | 2017-02-22 | 安全第公司 | Systems and methods for secure multi-tenant data storage |
| US20180067725A1 (en) * | 2016-09-06 | 2018-03-08 | Bertrand Cambou | Data Compiler for True Random Number Generation and Related Methods |
| CN109687966A (en) * | 2017-10-18 | 2019-04-26 | 北京明特量化信息技术有限公司 | Encryption method and its system |
| CN109768978A (en) * | 2019-01-16 | 2019-05-17 | 武汉斗鱼鱼乐网络科技有限公司 | A method and related device for obfuscating data |
| CN110266484A (en) * | 2019-06-28 | 2019-09-20 | 深圳前海微众银行股份有限公司 | A data encryption method, device, equipment and medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110266484A (en) | 2019-09-20 |
| CN110266484B (en) | 2021-07-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| WO2020258727A1 (en) | Data encryption method, apparatus and device, and medium | |
| US11381381B2 (en) | Privacy preserving oracle | |
| CN113691374B (en) | Data encryption method and device, storage medium and electronic equipment | |
| Liu et al. | Lightning-fast and privacy-preserving outsourced computation in the cloud | |
| US9755832B2 (en) | Password-authenticated public key encryption and decryption | |
| CN111163056B (en) | A data security method and system for MapReduce computing | |
| CN114417364A (en) | Data encryption method, federal modeling method, apparatus and computer device | |
| US10084784B1 (en) | Restricting access to computing resources | |
| US20230085239A1 (en) | Querying fully homomorphic encryption encrypted databases using client-side preprocessing or post-processing | |
| WO2022257411A1 (en) | Data processing method and apparatus | |
| Singh et al. | Improving stored data security in Cloud using Rc5 algorithm | |
| Dhiman et al. | Homomorphic encryption library, framework, toolkit and accelerator: A review | |
| Gim et al. | Confidential prompting: Protecting user prompts from cloud llm providers | |
| Joseph et al. | Survey on privacy-preserving methods for storage in cloud computing | |
| US20240419845A1 (en) | Computer system and information processing method | |
| JP2014137474A (en) | Tamper detection device, tamper detection method, and program | |
| CN107786580B (en) | Paillier encryption method based on cloud computing platform | |
| CN114760052A (en) | Bank Internet of things platform key generation method and device, electronic equipment and medium | |
| Liu et al. | ESMAC: Efficient and secure multi-owner access control with TEE in multi-level data processing | |
| JP2022141962A (en) | Data inquiry and writing methods, devices, electronic devices, readable storage media and computer programs | |
| Almiani et al. | Context-aware latency reduction protocol for secure encryption and decryption | |
| CN111860847B (en) | Quantum computation-based data encryption method | |
| CN110289945B (en) | A data encryption method, device, equipment and medium | |
| US10680801B2 (en) | Data distribution against credential information leak | |
| Hui et al. | Horizontal federated learning and secure distributed training for recommendation system with intel SGX |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| 121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 19934780 Country of ref document: EP Kind code of ref document: A1 |
|
| NENP | Non-entry into the national phase |
Ref country code: DE |
|
| 32PN | Ep: public notification in the ep bulletin as address of the adressee cannot be established |
Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 21.04.2022) |
|
| 122 | Ep: pct application non-entry in european phase |
Ref document number: 19934780 Country of ref document: EP Kind code of ref document: A1 |