[go: up one dir, main page]

WO2025065854A1 - Data processing method and system for protecting privacy, and device - Google Patents

Data processing method and system for protecting privacy, and device Download PDF

Info

Publication number
WO2025065854A1
WO2025065854A1 PCT/CN2023/135081 CN2023135081W WO2025065854A1 WO 2025065854 A1 WO2025065854 A1 WO 2025065854A1 CN 2023135081 W CN2023135081 W CN 2023135081W WO 2025065854 A1 WO2025065854 A1 WO 2025065854A1
Authority
WO
WIPO (PCT)
Prior art keywords
ciphertext
homomorphic
parameter value
plaintext polynomial
polynomial
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
PCT/CN2023/135081
Other languages
French (fr)
Chinese (zh)
Inventor
何家兴
林立
闫莺
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ant Blockchain Technology Shanghai Co Ltd
Original Assignee
Ant Blockchain Technology Shanghai Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ant Blockchain Technology Shanghai Co Ltd filed Critical Ant Blockchain Technology Shanghai Co Ltd
Publication of WO2025065854A1 publication Critical patent/WO2025065854A1/en
Pending legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/008Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • H04L9/3026Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters details relating to polynomials generation, e.g. generation of irreducible polynomials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/08Randomization, e.g. dummy operations or using noise
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/34Encoding or coding, e.g. Huffman coding or error correction
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/46Secure multiparty computation, e.g. millionaire problem

Definitions

  • the matrix holders and vector holders need to complete the calculation of the inner product of the matrix and the vector while protecting the privacy data of each party.
  • RLWE ring-based learning tolerable fault
  • multiple row vectors in the matrix can be converted into multiple first plaintext polynomials
  • the target vector can be converted into a second plaintext polynomial
  • the second plaintext polynomial is encrypted to obtain a first ciphertext
  • each first plaintext polynomial is multiplied with the first ciphertext to obtain multiple second ciphertexts
  • the plaintext polynomials corresponding to the multiple second ciphertexts include the inner product values of each row vector in the matrix and the target vector.
  • the object of the present invention is to provide a data processing solution, by which computing resources and storage resources can be saved and communication traffic can be reduced.
  • a first aspect of the present specification provides a data processing method for protecting privacy, the method being performed by a device of a first party and a device of a second party, wherein the second party possesses a public key for homomorphic encryption and a private key corresponding to the public key, the method comprising:
  • the first party's device performs the following operations:
  • first ciphertext and a second ciphertext wherein the first ciphertext and the second ciphertext are homomorphic ciphertexts of a first plaintext polynomial and a second plaintext polynomial, respectively, the first ciphertext and the second ciphertext correspond to the public key, and the first plaintext polynomial and the second plaintext polynomial are polynomials in the same polynomial space;
  • the second parameter value is used in the homomorphic calculation of homomorphic multiplication on the homomorphic ciphertext; based on the first parameter value, the second parameter value, the first ciphertext and the second ciphertext, a homomorphic calculation is performed to obtain a third ciphertext, and a third plaintext polynomial corresponding to the third ciphertext includes the first coefficient of the first number;
  • the device of the second party decrypts the third ciphertext based on the private key to obtain the third plaintext polynomial, and obtains the first coefficient of the first number from the third plaintext polynomial.
  • a second aspect of this specification provides a privacy-protecting data processing method, comprising:
  • first ciphertext and a second ciphertext are homomorphic ciphertexts of a first plaintext polynomial and a second plaintext polynomial, respectively, and the first plaintext polynomial and the second plaintext polynomial are polynomials in the same polynomial space;
  • a third ciphertext is obtained by performing homomorphic calculation based on the first parameter value, the second parameter value, the first ciphertext, and the second ciphertext, wherein a third plaintext polynomial corresponding to the third ciphertext includes a first coefficient of the first number.
  • a third aspect of the present specification provides a computing device, including:
  • first ciphertext and a second ciphertext wherein the first ciphertext and the second ciphertext are homomorphic ciphertexts of a first plaintext polynomial and a second plaintext polynomial, respectively, the first ciphertext and the second ciphertext correspond to the public key, and the first plaintext polynomial and the second plaintext polynomial are polynomials in the same polynomial space;
  • the embodiments of the present specification provide a privacy-protecting data processing method.
  • multiple ciphertexts can be homomorphically calculated based on the number of target coefficients in each ciphertext, so that in a data processing process of two ciphertexts, the two ciphertexts are packaged into a packaged ciphertext, so that the plaintext corresponding to the packaged ciphertext includes all the target coefficients corresponding to the two ciphertexts, and the packaged ciphertext can be sent to the device of the second party so that the device of the second party obtains all the target coefficients corresponding to the two ciphertexts.
  • the amount of communication data between the first party device and the second party device is reduced while achieving the same effect, and the calculation complexity is also reduced, saving calculation resources.
  • FIG4 is a schematic diagram of a process in which a matrix holder packages multiple ciphertexts in accordance with an embodiment of the present specification
  • Homomorphic computation including homomorphic addition, homomorphic multiplication, homomorphic substitution, etc.
  • the device 102 may use the public key pk to homomorphically encrypt the vector, generate a ciphertext of the vector (i.e., the ciphertext of the plaintext polynomial corresponding to the vector), and send the ciphertext to the device 101.
  • a ciphertext of the vector i.e., the ciphertext of the plaintext polynomial corresponding to the vector
  • the vector holder can C w0 ⁇ C w3 are decrypted to obtain each polynomial w i ⁇ v.
  • Constant terms can be obtained from each polynomial w i ⁇ v, thereby obtaining each
  • the second column of the matrix W can be obtained.
  • the server cannot know the specific data queried by the user, thereby protecting the user's privacy.
  • the user cannot obtain the data of other columns in the matrix W, thereby protecting the server's data privacy.
  • the embodiment of this specification provides a data processing method for protecting privacy, whereby a server can pack multiple ciphertexts into one ciphertext, so that the plaintext polynomial corresponding to the packed ciphertext includes all coefficients that need to be retained in the multiple plaintext polynomials corresponding to the multiple ciphertexts, and send the packed ciphertext to a user device.
  • the data processing method provided by the embodiment of this specification reduces the amount of communication data compared to the solution in the related art.
  • the matrix W is, for example, a 4*4 matrix
  • the constant coefficient of the plaintext polynomial y0 ⁇ v corresponding to the ciphertext C1 is the row vector With vector
  • the inner product of the ciphertext C1 the coefficients of the x 4 terms in the plaintext polynomial y0 ⁇ v are row vectors With vector
  • the inner product of the constant term coefficient and the x4 term coefficient in the plaintext polynomial corresponding to the ciphertext C1 need to be provided to the vector holder.
  • step S240 the matrix holder packages multiple ciphertexts to obtain a ciphertext Cq.
  • the matrix holder obtains the ciphertext C1 and ciphertext C2 as described above.
  • the number of coefficients (ie, target coefficients) that need to be provided to the vector holder in the plaintext polynomials corresponding to the ciphertext C1 and the ciphertext C2 is 2 respectively.
  • the matrix holder may perform packaging processing on the ciphertext C1 and the ciphertext C2 by executing steps S241 and S243 .
  • step S241 the matrix holder determines the first parameter value and the second parameter value based on the number of target coefficients in the plaintext polynomial Vi and the plaintext polynomial Vj corresponding to the ciphertext Ci and the ciphertext Cj.
  • the first parameter value is the number of times x in the ciphertext is homomorphically replaced
  • the second parameter is The value is the number of powers of x used to perform homomorphic multiplication on the ciphertext.
  • 2 s should be less than or equal to N, and the first parameter value may be determined to be 2 s +1 and the second parameter value to be N/2 s .
  • FIG3 is a schematic diagram of the process of the matrix holder executing step S240.
  • step S243 the matrix holder performs homomorphic calculation based on the first parameter value, the second parameter value, the ciphertext Ci and the ciphertext Cj to obtain the ciphertext Ck.
  • the matrix holder can first perform homomorphic replacement on both ciphertext C1 and ciphertext C2 based on the first parameter value, that is, replace x in ciphertext C1 with x 5 , and replace x in ciphertext C2 with x 5. Specifically, replace x in the two polynomials included in ciphertext C1 with x 5 , and replace x in the two polynomials included in ciphertext C2 with x 5 .
  • the constant term in the plaintext polynomial V1(x 5 ) is the same as the constant term in the plaintext polynomial V1.
  • the polynomial space in formula (5) That is to say, after homomorphic substitution, The coefficients of the term become the coefficients of the plaintext polynomial V1 The negative of the coefficient of the term.
  • the coefficients of the term become the coefficients of the plaintext polynomial V1 The negative number of the coefficient of the term.
  • the coefficients of the terms are the same as those in the plaintext polynomial V1 The coefficients of the terms are the same.
  • ciphertext C1(x 5 ) corresponding to plaintext polynomial V1(x 5 ) is obtained.
  • plaintext polynomial V1(x 5 ) has constant terms and x 4 ( i.e. ) has the same coefficient as the corresponding term in the plaintext polynomial V1.
  • the coefficient of x 2 (i.e. ) and x 6 (i.e. ) are respectively the negatives of the coefficients of the corresponding terms in the plaintext polynomial V1.
  • the constant term and the coefficient of the x 4 term of the corresponding plaintext polynomial V1+V1(x 5 ) are twice the coefficient of the corresponding term in the plaintext polynomial V1. That is, as shown in FIG3 , the constant term and the coefficient of the x 4 term of the plaintext polynomial (V1+V1(x 5 ))/2 are the same as the coefficient of the corresponding term in the plaintext polynomial V1, and its x 2 (i.e. ) and x 6 (i.e. ) becomes zero.
  • adding the ciphertext C1 to the ciphertext C1(x 5 ) is to add the first polynomial of the ciphertext C1 to the first polynomial of C1(x 5 ), and to add the second polynomial of the ciphertext C1 to the second polynomial of C1(x 5 ), to obtain two new ciphertext polynomials.
  • the ciphertext C2 is processed to obtain the ciphertext (C2+C2(x 5 ))/2, which corresponds to the plaintext polynomial (V2+V2(x 5 ))/2.
  • the coefficients of the constant term and the x 4 term of the plaintext polynomial (V2+V2(x 5 ))/2 are the same as those of the plaintext polynomial V2, and its x 2 (i.e. ) and x 6 (i.e. ) becomes zero.
  • the ciphertext (C2+C2(x 5 ))/2 can be homomorphically multiplied based on the second parameter value to obtain the ciphertext x 2 ⁇ (C2+C2(x 5 ))/2, which corresponds to the plaintext polynomial x 2 ⁇ (V2+V2(x 5 ))/2.
  • x 2 is multiplied by the two polynomials of (C2+C2(x 5 ))/2 respectively to obtain two new ciphertext polynomials.
  • the coefficients in the plaintext polynomial x 2 ⁇ (V2+V2(x 5 ))/2 are obtained by processing the coefficients in the plaintext polynomial (V2+V2(x 5 ))/2 as follows: each of the coefficients of the 1st to 6th items in the plaintext polynomial (V2+V2(x 5 ))/2 is moved backward by two grids, and the 7th and 8th items are multiplied by -1 and moved to the first grid and the second grid.
  • the coefficients that need to be retained in x 2 ⁇ (V2+V2(x 5 ))/2 correspond to the positions of the items with coefficients of 0 in (V1+V1(x 5 ))/2
  • the items with coefficients of zero in x 2 ⁇ (V2+V2(x 5 ))/2 correspond to the positions of the coefficients that need to be retained in (V1+V1(x 5 ))/2.
  • the ciphertext C3 corresponds to the plaintext polynomial That is, the coefficients in the plaintext polynomial V3 include the row vectors of the matrix W and the vector The inner product of .
  • the matrix holder can first perform homomorphic multiplication on the ciphertext C2 to obtain x 2 ⁇ C2. Then, the matrix holder can calculate the ciphertext C1-x 2 ⁇ C2. Then, it only needs to perform a homomorphic replacement on the ciphertext C1-x 2 ⁇ C2, that is, replace x in the ciphertext C1-x 2 ⁇ C2 with x 5 to obtain the ciphertext C3, thereby saving computing resources.
  • the embodiments of this specification are not limited to setting the first parameter value to 2s +1 and the second parameter value to N/ 2s .
  • the first parameter value can be set to 2s +1 +1, and the second parameter value can be set accordingly based on the first parameter value.
  • the degree of the polynomial space is less than 16, when the first parameter value is set to 9, a homomorphic replacement of x 9 is performed on one of the two ciphertexts, so that the ciphertext can be converted similarly to the above, so that the 2nd (i.e., 16/8) coefficient, the 6th (i.e., 16*3/8) coefficient, the 10th (i.e., 16*5/8) coefficient, and the 14th (i.e., 16*7/8) coefficient of the plaintext polynomial corresponding to the ciphertext after the conversion are set to 0, and by setting the second parameter value accordingly according to the first parameter value, the coefficients that need to be retained in the plaintext polynomial corresponding to the other ciphertext of the two ciphertexts can be packed into at least one of the 2nd coefficient, the 6th coefficient, the 10th coefficient, and the 14th coefficient in the plaintext polynomial corresponding to the final ciphertext.
  • the obtained ciphertext C3 is also the ciphertext Cq to be sent to the vector holder.
  • the matrix holder obtains, for example, the above-mentioned four ciphertexts C 21 -C 24 , and the matrix holder may iteratively execute steps S241 and S243 in FIG. 2 to pack the four ciphertexts C 21 -C 24 into one ciphertext, so that the packaged ciphertext includes all coefficients that need to be retained in the plaintext polynomials corresponding to the four ciphertexts C 21 -C 24 .
  • FIG4 is a schematic diagram of the process of packing four ciphertexts in an embodiment of the present specification.
  • the matrix holder can first perform step S241 in FIG2 on the ciphertexts C 21 and C 23 , where similar to the process shown in FIG3, the number of coefficients that need to be retained in the plaintext polynomials C 21 and V 25 is 4, so the first parameter value is 5 and the second parameter value is 2.
  • the matrix holder performs step S243, and similar to the process shown in FIG3, obtains the ciphertext C 25 , and the plaintext polynomial V 25 corresponding to the ciphertext C 25 includes the four coefficients that need to be retained in the plaintext polynomials V 21 and V 25 .
  • the matrix holder can perform step S241 in FIG. 2 on the ciphertext C 22 and C 24 , where the number of coefficients to be retained in the plaintext polynomials C 22 and V 24 is 4, so the first parameter value is 5 and the second parameter value is 2.
  • the party executes step S243 to obtain the ciphertext C 26 , and the plaintext polynomial V 26 corresponding to the ciphertext C 26 includes the four coefficients that need to be retained in the plaintext polynomials V 22 and V 24 .
  • the ciphertext C 27 obtained by the matrix holder is the ciphertext Cq to be sent to the vector holder.
  • the matrix holder can package multiple ciphertexts in the form of a binary tree, so that the final ciphertext includes the coefficients that need to be retained in each plaintext polynomial corresponding to all the ciphertexts.
  • the coefficients of the first to fourth items arranged in sequence are respectively the four constant items of the plaintext polynomials V 21 to V 24 , and the position order of the four coefficients in the plaintext polynomial V 27 is consistent with the arrangement order of the plaintext polynomials V 21 to V 24 respectively corresponding thereto (i.e., the arrangement order of the ciphertexts C 21 to C 24 ), and the coefficients of the fifth to eighth items are respectively the four x 4 coefficients of the plaintext polynomials V 21 to V 24 , and the position order of the four coefficients in the plaintext polynomial V 27 is consistent with the arrangement order of the plaintext polynomials V 21 to V 24 respectively corresponding thereto.
  • step S250 the matrix holder sends the ciphertext Cq to the vector holder.
  • step S260 the vector holder decrypts the ciphertext Cq, obtains the plaintext polynomial Vq, and obtains multiple vector inner products from the plaintext polynomial Vq.
  • the vector holder can use the private key sk to decrypt the ciphertext C3 and obtain the above plaintext polynomial V3, so that the row vectors and vectors of the matrix W can be obtained from the coefficients of the constant term, x2 term, x4 term and x6 term in V3.
  • the vector holder can use the private key sk to decrypt the ciphertext C 27 and obtain the above plaintext
  • V 27 thus the row vectors and vectors of the matrix W2 can be obtained from the coefficients of the 8 terms in V 27 The inner product of .
  • the matrix holder packs multiple ciphertexts into one ciphertext and only needs to send one ciphertext to the vector holder. Then, multiple target coefficients included in multiple plaintext polynomials corresponding to the multiple ciphertexts can be provided to the vector holder without sending multiple ciphertexts to the vector holder, thereby reducing the amount of communication data between the matrix holder and the vector holder.
  • FIG. 2 shows an example scenario of the data processing solution in an embodiment of this specification, and the embodiment of this specification is not limited thereto, but can be applied to other scenarios where multiple ciphertexts need to be packaged.
  • FIG. 5 shows a flow chart of a method for data processing in another embodiment of this specification. The method can be executed by any computing device.
  • step S510 the ciphertext Ci corresponding to the plaintext polynomial Vi and the ciphertext Cj corresponding to the plaintext polynomial Vj are obtained.
  • the ciphertext Ci and the ciphertext Cj are ciphertexts based on the same homomorphic encryption public key pk.
  • the ciphertext Ci and the ciphertext Cj can be ciphertexts obtained by directly encrypting the corresponding plaintext polynomials with the public key pk.
  • the ciphertext Ci and the ciphertext Cj can be ciphertexts obtained by performing homomorphic calculations on homomorphically encrypted ciphertexts, such as the ciphertexts C 25 and C 26 mentioned above.
  • step S520 a first parameter value and a second parameter value are determined based on the number of target coefficients in the plaintext polynomial Vi and the plaintext polynomial Vj.
  • the first parameter value is the number of times x in the ciphertext is homomorphically replaced, and the second parameter value is the number of times x is homomorphically multiplied.
  • 2 s should be less than or equal to N, and the first parameter value can be determined to be 2 s +1 and the second parameter value to be N/2 s . It can be understood that the embodiments of this specification are not limited to setting the first parameter value to 2 s +1 and setting the second parameter value to N/2 s . For example, when 2 s+1 is less than or equal to N, the first parameter value can be set to 2 s+1 +1, and the second parameter value can be set accordingly according to the first parameter value.
  • the first parameter value can be determined to be 5 and the second parameter value to be N/4.
  • step S230 homomorphic calculation is performed based on the first parameter value, the second parameter value, the ciphertext Ci and the ciphertext Cj to obtain the ciphertext Ck.
  • the computing device can first perform homomorphic replacement on both ciphertext Ci and ciphertext Cj based on the first parameter value, that is, replace x in ciphertext Ci with x 5 , and replace x in ciphertext Cj with x 5. Specifically, replace x in the two polynomials included in ciphertext Ci with x 5 , and replace x in the two polynomials included in ciphertext Cj with x 5 .
  • the plaintext polynomial Vi(x 5 ) The coefficients of the terms are the same as those in the plaintext polynomial Vi The coefficients of the terms are the same, and the plaintext polynomial Vi(x 5 ) Item and The coefficients of the terms are the negatives of the coefficients of the corresponding terms in the plaintext polynomial Vi.
  • adding the ciphertext Ci to the ciphertext Ci(x 5 ) is to add the first polynomial of the ciphertext Ci to the first polynomial of Ci(x 5 ), and to add the second polynomial of the ciphertext Ci to the second polynomial of Ci(x 5 ), to obtain two new ciphertext polynomials.
  • the ciphertext Cj is processed to obtain the ciphertext Cj+Cj(x 5 ), and the constant terms and The coefficient of the term is twice the coefficient of the corresponding term in the plaintext polynomial Vj. and The coefficient of the term becomes zero.
  • the ciphertext (Cj+Cj(x 5 ))/2 can be homomorphically multiplied based on the second parameter value to obtain the ciphertext
  • the ciphertext corresponds to the plaintext polynomial Specifically, Multiply the two polynomials with (Cj+Cj(x 5 ))/2 respectively to obtain two new ciphertext polynomials.
  • the coefficients that need to be retained in correspond to the positions of the items with coefficients of 0 in Vj+Vj(x 5 ).
  • the terms with zero coefficients in Vi+Vi(x 5 ) correspond to the coefficient positions that need to be retained in Vi+Vi(x 5 ).
  • the conversion may be performed by the following homomorphic computation:
  • the computing device can first perform homomorphic multiplication on the ciphertext Cj to obtain The computing device can then calculate the ciphertext Then only the ciphertext Perform a homomorphic replacement, that is, the ciphertext By replacing x in with x 5 , the ciphertext Ck can be obtained, thus saving computing resources.
  • the multiple ciphertexts may be packed based on the structure of a binary tree.
  • M is a power of 2
  • the ciphertexts in the multiple ciphertexts may be firstly combined in pairs to obtain multiple ciphertext pairs, each ciphertext pair may be packed to obtain M/2 ciphertexts, and then the M/2 ciphertexts may be packed in pairs, and so on, until a ciphertext Cq is obtained, so that the plaintext polynomial corresponding to the ciphertext Cq includes all coefficients that need to be retained in the M plaintext polynomials corresponding to the M ciphertexts.
  • multiple ciphertexts can still be packaged based on the binary tree structure.
  • the computing device can first package the ciphertexts Ci and Cj to obtain the ciphertext Ct, and then package the ciphertext Ct and the ciphertext Ck to obtain the final ciphertext Cq, so that the plaintext polynomial corresponding to the ciphertext Cq includes all the coefficients that need to be retained in the three plaintext polynomials corresponding to the ciphertexts Ci, Cj, and Ck.
  • the computing device After the computing device obtains the ciphertext Cq by packaging multiple ciphertexts, it can send the ciphertext Cq to another device to provide multiple target coefficients in the plaintext polynomial corresponding to the ciphertext Cq to the other device.
  • multiple ciphertexts can be homomorphically calculated based on the number of coefficients that need to be retained in each ciphertext, so that in a packing process of two ciphertexts, the two ciphertexts are packed into a packed ciphertext, so that the plaintext polynomial corresponding to the packed ciphertext includes all the target coefficients that need to be retained corresponding to the two ciphertexts, thereby saving computational complexity and storage resources required for storing ciphertexts, and reducing the amount of communication data required to provide the target coefficients to other devices.
  • FIG6 is an architecture diagram of a computing device in an embodiment of this specification, including:
  • An acquiring unit 61 is configured to acquire a first ciphertext and a second ciphertext, wherein the first ciphertext and the second ciphertext are homomorphic ciphertexts of a first plaintext polynomial and a second plaintext polynomial, respectively, and the first plaintext polynomial and the second plaintext polynomial are polynomials in the same polynomial space;
  • a determining unit 62 configured to determine a first parameter value and a second parameter value based on a first number of first coefficients to be retained in the first plaintext polynomial and the second plaintext polynomial, the first parameter value being used in a homomorphic calculation of homomorphic replacement of a homomorphic ciphertext, and the second parameter value being used in a homomorphic calculation of homomorphic multiplication of a homomorphic ciphertext;
  • the calculation unit 63 is used to perform homomorphic calculation based on the first parameter value, the second parameter value, the first ciphertext and the second ciphertext to obtain a third ciphertext, wherein a third plaintext polynomial corresponding to the third ciphertext includes the first coefficient of the first number.
  • the embodiments of the present specification also provide a computer-readable storage medium on which a computer program is stored.
  • the computer program is executed in a computer, the computer is caused to execute the method shown in FIG. 2 or FIG. 5 .
  • a computing device including a memory and a processor, wherein the memory stores executable code, and when the processor executes the executable code, the method shown in FIG. 2 or FIG. 5 is implemented.
  • a programmable logic device such as a field programmable gate array (FPGA)
  • FPGA field programmable gate array
  • HDL hardware description language
  • HDL There is not only one HDL, but many types, such as ABEL (Advanced Boolean Expression Language), AHDL (Altera Hardware Description Language), Confluence, CUPL (Cornell University Programming Language), HDCal, JHDL (Java Hardware Description Language), Lava, Lola, MyHDL, PALASM, RHDL (Ruby Hardware Description Language), etc.
  • ABEL Advanced Boolean Expression Language
  • AHDL Altera Hardware Description Language
  • HDCal JHDL (Java Hardware Description Language), Lava, Lola, MyHDL, PALASM, RHDL (Ruby Hardware Description Language), etc.
  • VHDL Very-High-Speed Integrated Circuit Hardware Description Language
  • Verilog Verilog
  • the controller may be implemented in any suitable manner, for example, the controller may take the form of a microprocessor or processor and a computer readable medium storing a computer readable program code (e.g., software or firmware) executable by the (micro)processor, a logic gate, a switch, an application specific integrated circuit (ASIC), a programmable logic controller, and an embedded microcontroller, examples of which include but are not limited to the following microcontrollers: ARC 625D, Atmel AT91SAM, Microchip PIC18F26K20, and Silicone Labs C8051F320, and the memory controller may also be implemented as part of the control logic of the memory.
  • a computer readable program code e.g., software or firmware
  • the controller may be implemented in the form of a logic gate, a switch, an application specific integrated circuit, a programmable logic controller, and an embedded microcontroller by logically programming the method steps. Therefore, such a controller may be considered as a hardware component, and the means for implementing various functions included therein may also be considered as a structure within the hardware component. Or even, the means for implementing various functions may be considered as both a software module for implementing the method and a structure within the hardware component.
  • the systems, devices, modules or units described in the above embodiments may be implemented by computer chips or entities, or by products with certain functions.
  • a typical implementation device is a server system.
  • the computer that implements the functions of the above embodiments may be, for example, a personal computer, a laptop computer, a vehicle-mounted human-computer interaction device, a cellular phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.
  • one or more embodiments of the present specification provide method operation steps as described in the embodiments or flow charts, more or less operation steps may be included based on conventional or non-creative means.
  • the order of steps listed in the embodiments is only one way of executing the order of many steps, and does not represent the only execution order.
  • the device or terminal product in practice is executed, it can be executed in sequence or in parallel according to the method shown in the embodiments or the drawings (for example, a parallel processor or a multi-threaded processing environment, or even a distributed data processing environment).
  • each process and/or box in the flowchart and/or block diagram, as well as the combination of the process and/or box in the flowchart and/or block diagram can be implemented by computer program instructions.
  • These computer program instructions can be provided to a processor of a general-purpose computer, a special-purpose computer, an embedded processor or other programmable data processing device to produce a machine, so that the instructions executed by the processor of the computer or other programmable data processing device produce a device for implementing the functions specified in one or more processes in the flowchart and/or one or more boxes in the block diagram.
  • a computing device includes one or more processors (CPU), input/output interfaces, network interfaces, and memory.
  • processors CPU
  • input/output interfaces network interfaces
  • memory volatile and non-volatile memory

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Algebra (AREA)
  • Physics & Mathematics (AREA)
  • Complex Calculations (AREA)

Abstract

A data processing method and system for protecting privacy, and a device. The method comprises: a device of a first party performing the following operations: acquiring first ciphertext and second ciphertext; determining a first parameter value and a second parameter value on the basis of a first number of first coefficients in each of a first plaintext polynomial and a second plaintext polynomial corresponding to the first ciphertext and the second ciphertext; performing homomorphic calculation on the basis of the first parameter value, the second parameter value, the first ciphertext and the second ciphertext, so as to obtain third ciphertext, wherein a third plaintext polynomial corresponding to the third ciphertext comprises the first number of first coefficients; sending the third ciphertext to a device of a second party; and the device of the second party decrypting the third ciphertext, so as to obtain the third plaintext polynomial, and acquiring the first number of first coefficients from the third plaintext polynomial.

Description

一种保护隐私的数据处理方法、设备和系统A data processing method, device and system for protecting privacy

本申请要求于2023年9月28日提交中国国家知识产权局、申请号为202311282679.3、申请名称为“一种保护隐私的数据处理方法、设备和系统”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims priority to the Chinese patent application filed with the State Intellectual Property Office of China on September 28, 2023, with application number 202311282679.3 and application name “A privacy-protecting data processing method, device and system”, the entire contents of which are incorporated by reference in this application.

技术领域Technical Field

本说明书实施例属于数据处理技术领域,尤其涉及一种保护隐私的数据处理方法、设备和系统。The embodiments of this specification belong to the field of data processing technology, and more particularly, to a data processing method, device, and system for protecting privacy.

背景技术Background Art

在一些多方数据处理的场景下,通常包括矩阵持有方和向量持有方,矩阵持有方和向量持有方需要在保护各方隐私数据的情况下完成对矩阵和向量内积的计算。在相关技术中,可基于环上容错学习(RLWE)同态加密算法,将矩阵中的多个行向量转换为多个第一明文多项式,将目标向量转换为第二明文多项式,对第二明文多项式加密得到第一密文,分别将各个第一明文多项式与第一密文相乘,得到多个第二密文,该多个第二密文对应的明文多项式中包括矩阵中的各个行向量与目标向量的内积值。In some multi-party data processing scenarios, usually including matrix holders and vector holders, the matrix holders and vector holders need to complete the calculation of the inner product of the matrix and the vector while protecting the privacy data of each party. In the related technology, based on the ring-based learning tolerable fault (RLWE) homomorphic encryption algorithm, multiple row vectors in the matrix can be converted into multiple first plaintext polynomials, the target vector can be converted into a second plaintext polynomial, the second plaintext polynomial is encrypted to obtain a first ciphertext, and each first plaintext polynomial is multiplied with the first ciphertext to obtain multiple second ciphertexts, and the plaintext polynomials corresponding to the multiple second ciphertexts include the inner product values of each row vector in the matrix and the target vector.

发明内容Summary of the invention

本发明的目的在于提供一种数据处理方案,通过该方案可节省计算资源和存储资源,减少通信流量。The object of the present invention is to provide a data processing solution, by which computing resources and storage resources can be saved and communication traffic can be reduced.

本说明书第一方面提供一种保护隐私的数据处理方法,所述方法由第一方的设备和第二方的设备执行,其中,第二方拥有用于进行同态加密的公钥和与所述公钥对应的私钥,所述方法包括:A first aspect of the present specification provides a data processing method for protecting privacy, the method being performed by a device of a first party and a device of a second party, wherein the second party possesses a public key for homomorphic encryption and a private key corresponding to the public key, the method comprising:

所述第一方的设备进行如下操作:The first party's device performs the following operations:

获取第一密文和第二密文,所述第一密文和所述第二密文分别为第一明文多项式和第二明文多项式的同态密文,所述第一密文和所述第二密文与所述公钥对应,所述第一明文多项式和所述第二明文多项式为相同多项式空间中的多项式;Obtain a first ciphertext and a second ciphertext, wherein the first ciphertext and the second ciphertext are homomorphic ciphertexts of a first plaintext polynomial and a second plaintext polynomial, respectively, the first ciphertext and the second ciphertext correspond to the public key, and the first plaintext polynomial and the second plaintext polynomial are polynomials in the same polynomial space;

基于所述第一明文多项式和所述第二明文多项式中作为目标系数的第一系数的第一数目,确定第一参数值和第二参数值,所述第一参数值用于对同态密文进行同态替 换的同态计算中,所述第二参数值用于对同态密文进行同态乘法的同态计算中;基于所述第一参数值、所述第二参数值、所述第一密文和所述第二密文进行同态计算,得到第三密文,所述第三密文对应的第三明文多项式中包括所述第一数目的第一系数;Determine a first parameter value and a second parameter value based on a first number of first coefficients as target coefficients in the first plaintext polynomial and the second plaintext polynomial, wherein the first parameter value is used to homomorphically replace the homomorphic ciphertext. In the homomorphic calculation of the conversion, the second parameter value is used in the homomorphic calculation of homomorphic multiplication on the homomorphic ciphertext; based on the first parameter value, the second parameter value, the first ciphertext and the second ciphertext, a homomorphic calculation is performed to obtain a third ciphertext, and a third plaintext polynomial corresponding to the third ciphertext includes the first coefficient of the first number;

将所述第三密文发送给所述第二方的设备;sending the third ciphertext to a device of the second party;

所述第二方的设备基于所述私钥对所述第三密文解密,得到所述第三明文多项式,从所述第三明文多项式中获取所述第一数目的第一系数。The device of the second party decrypts the third ciphertext based on the private key to obtain the third plaintext polynomial, and obtains the first coefficient of the first number from the third plaintext polynomial.

本说明书第二方面提供一种保护隐私的数据处理方法,包括:A second aspect of this specification provides a privacy-protecting data processing method, comprising:

获取第一密文和第二密文,所述第一密文和所述第二密文分别为第一明文多项式和第二明文多项式的同态密文,所述第一明文多项式和所述第二明文多项式为相同多项式空间中的多项式;Obtaining a first ciphertext and a second ciphertext, wherein the first ciphertext and the second ciphertext are homomorphic ciphertexts of a first plaintext polynomial and a second plaintext polynomial, respectively, and the first plaintext polynomial and the second plaintext polynomial are polynomials in the same polynomial space;

基于所述第一明文多项式和所述第二明文多项式中作为目标系数的第一系数的第一数目,确定第一参数值和第二参数值,所述第一参数值用于对同态密文进行同态替换的同态计算中,所述第二参数值用于对同态密文进行同态乘法的同态计算中;Determine a first parameter value and a second parameter value based on a first number of first coefficients as target coefficients in the first plaintext polynomial and the second plaintext polynomial, the first parameter value being used in a homomorphic calculation of homomorphic replacement of a homomorphic ciphertext, and the second parameter value being used in a homomorphic calculation of homomorphic multiplication of a homomorphic ciphertext;

基于所述第一参数值、所述第二参数值、所述第一密文和所述第二密文进行同态计算,得到第三密文,所述第三密文对应的第三明文多项式中包括所述第一数目的第一系数。A third ciphertext is obtained by performing homomorphic calculation based on the first parameter value, the second parameter value, the first ciphertext, and the second ciphertext, wherein a third plaintext polynomial corresponding to the third ciphertext includes a first coefficient of the first number.

本说明书第三方面提供一种计算设备,包括:A third aspect of the present specification provides a computing device, including:

获取单元,用于获取第一密文和第二密文,所述第一密文和所述第二密文分别为第一明文多项式和第二明文多项式的同态密文,所述第一明文多项式和所述第二明文多项式为相同多项式空间中的多项式;an acquiring unit, configured to acquire a first ciphertext and a second ciphertext, wherein the first ciphertext and the second ciphertext are homomorphic ciphertexts of a first plaintext polynomial and a second plaintext polynomial, respectively, and the first plaintext polynomial and the second plaintext polynomial are polynomials in the same polynomial space;

确定单元,用于基于所述第一明文多项式和所述第二明文多项式中作为目标系数的第一系数的第一数目,确定第一参数值和第二参数值,所述第一参数值用于对同态密文进行同态替换的同态计算中,所述第二参数值用于对同态密文进行同态乘法的同态计算中;a determining unit, configured to determine a first parameter value and a second parameter value based on a first number of first coefficients as target coefficients in the first plaintext polynomial and the second plaintext polynomial, the first parameter value being used in a homomorphic calculation of homomorphic replacement of a homomorphic ciphertext, and the second parameter value being used in a homomorphic calculation of homomorphic multiplication of a homomorphic ciphertext;

计算单元,用于基于所述第一参数值、所述第二参数值、所述第一密文和所述第二密文进行同态计算,得到第三密文,所述第三密文对应的第三明文多项式中包括所述第一数目的第一系数。A computing unit is configured to perform homomorphic computing based on the first parameter value, the second parameter value, the first ciphertext, and the second ciphertext to obtain a third ciphertext, wherein a third plaintext polynomial corresponding to the third ciphertext includes the first coefficient of the first number.

本说明书第四方面提供一种保护隐私的数据处理系统,所述系统包括第一方的设备和第二方的设备,其中,第二方拥有用于进行同态加密的公钥和与所述公钥对应的私钥, A fourth aspect of the present specification provides a privacy-protecting data processing system, the system comprising a first party's device and a second party's device, wherein the second party has a public key for homomorphic encryption and a private key corresponding to the public key,

所述第一方的设备用于进行如下操作:The first party's device is used to perform the following operations:

获取第一密文和第二密文,所述第一密文和所述第二密文分别为第一明文多项式和第二明文多项式的同态密文,所述第一密文和所述第二密文与所述公钥对应,所述第一明文多项式和所述第二明文多项式为相同多项式空间中的多项式;Obtain a first ciphertext and a second ciphertext, wherein the first ciphertext and the second ciphertext are homomorphic ciphertexts of a first plaintext polynomial and a second plaintext polynomial, respectively, the first ciphertext and the second ciphertext correspond to the public key, and the first plaintext polynomial and the second plaintext polynomial are polynomials in the same polynomial space;

基于所述第一明文多项式和所述第二明文多项式中作为目标系数的第一系数的第一数目,确定第一参数值和第二参数值,所述第一参数值用于对同态密文进行同态替换的同态计算中,所述第二参数值用于对同态密文进行同态乘法的同态计算中;Determine a first parameter value and a second parameter value based on a first number of first coefficients as target coefficients in the first plaintext polynomial and the second plaintext polynomial, the first parameter value being used in a homomorphic calculation of homomorphic replacement of a homomorphic ciphertext, and the second parameter value being used in a homomorphic calculation of homomorphic multiplication of a homomorphic ciphertext;

基于所述第一参数值、所述第二参数值、所述第一密文和所述第二密文进行同态计算,得到第三密文,所述第三密文对应的第三明文多项式中包括所述第一数目的第一系数;Performing homomorphic calculation based on the first parameter value, the second parameter value, the first ciphertext, and the second ciphertext to obtain a third ciphertext, wherein a third plaintext polynomial corresponding to the third ciphertext includes a first coefficient of the first number;

将所述第三密文发送给所述第二方的设备;sending the third ciphertext to a device of the second party;

所述第二方的设备用于基于所述私钥对所述第三密文解密,得到所述第三明文多项式,从所述第三明文多项式中获取所述第一数目的第一系数。The device of the second party is used to decrypt the third ciphertext based on the private key to obtain the third plaintext polynomial, and obtain the first coefficient of the first number from the third plaintext polynomial.

本说明书第五方面提供一种计算机可读存储介质,其上存储有计算机程序,当所述计算机程序在计算机中执行时,令计算机执行第二方面所述的方法。A fifth aspect of the present specification provides a computer-readable storage medium having a computer program stored thereon, which, when executed in a computer, causes the computer to execute the method described in the second aspect.

本说明书第六方面提供一种计算设备,包括存储器和处理器,所述存储器中存储有可执行代码,所述处理器执行所述可执行代码时,实现第二方面所述的方法。A sixth aspect of the present specification provides a computing device, including a memory and a processor, wherein the memory stores executable code, and when the processor executes the executable code, the method described in the second aspect is implemented.

本说明书实施例提供一种保护隐私的数据处理方法,通过该实施例的方案,可以基于各个密文中的目标系数的数目对多个密文进行同态计算,使得在对两个密文的一次数据处理过程中,将两个密文打包到一个打包密文中,使得该打包密文对应的明文中包括该两个密文对应的全部目标系数,并可通过将该打包密文发送给第二方的设备,使得第二方的设备获取两个密文对应的全部目标系数,从而相比于已有的方案,在实现相同的效果的情况下减少了第一方设备与第二方设备之间的通信数据量,同时也降低了计算复杂度,节省了计算资源。The embodiments of the present specification provide a privacy-protecting data processing method. Through the scheme of this embodiment, multiple ciphertexts can be homomorphically calculated based on the number of target coefficients in each ciphertext, so that in a data processing process of two ciphertexts, the two ciphertexts are packaged into a packaged ciphertext, so that the plaintext corresponding to the packaged ciphertext includes all the target coefficients corresponding to the two ciphertexts, and the packaged ciphertext can be sent to the device of the second party so that the device of the second party obtains all the target coefficients corresponding to the two ciphertexts. Compared with the existing scheme, the amount of communication data between the first party device and the second party device is reduced while achieving the same effect, and the calculation complexity is also reduced, saving calculation resources.

附图说明BRIEF DESCRIPTION OF THE DRAWINGS

为了更清楚地说明本说明书实施例的技术方案,下面将对实施例描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本说明书中记载的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。 In order to more clearly illustrate the technical solutions of the embodiments of this specification, the drawings required for use in the description of the embodiments will be briefly introduced below. Obviously, the drawings described below are only some embodiments recorded in this specification. For ordinary technicians in this field, other drawings can be obtained based on these drawings without paying creative labor.

图1为一实施例中的系统结构图;FIG1 is a system structure diagram of an embodiment;

图2为本说明书实施例中的数据处理的方法流程图;FIG2 is a flow chart of a method for data processing in an embodiment of the present specification;

图3为矩阵持有方执行图2所示方法的过程示意图;FIG3 is a schematic diagram of a process in which a matrix holder executes the method shown in FIG2 ;

图4是本说明书一实施例中矩阵持有方对多个密文进行打包处理的过程示意图;FIG4 is a schematic diagram of a process in which a matrix holder packages multiple ciphertexts in accordance with an embodiment of the present specification;

图5示出了本说明书另一实施例中的数据处理的方法流程图;FIG5 shows a flow chart of a method for data processing in another embodiment of the present specification;

图6为本说明书实施例中的一种计算设备的架构图。FIG. 6 is an architecture diagram of a computing device in an embodiment of this specification.

具体实施方式DETAILED DESCRIPTION

为了使本技术领域的人员更好地理解本说明书中的技术方案,下面将结合本说明书实施例中的附图,对本说明书实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本说明书一部分实施例,而不是全部的实施例。基于本说明书中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都应当属于本说明书保护的范围。In order to enable those skilled in the art to better understand the technical solutions in this specification, the technical solutions in the embodiments of this specification will be described clearly and completely below in conjunction with the drawings in the embodiments of this specification. Obviously, the described embodiments are only part of the embodiments of this specification, not all of the embodiments. Based on the embodiments in this specification, all other embodiments obtained by ordinary technicians in this field without creative work should fall within the scope of protection of this specification.

本说明书实施例中的方案基于同态加密算法。同态加密算法包括以下六个算法:The solution in the embodiments of this specification is based on the homomorphic encryption algorithm. The homomorphic encryption algorithm includes the following six algorithms:

(1)密钥生成算法(KeyGen),该密钥生成算法用于生成私钥sk和公钥pk。(1) Key generation algorithm (KeyGen), which is used to generate private key sk and public key pk.

令明文空间为多项式空间其中,该多项式空间中的次数小于N,其中N为2的幂次方,例如可取值4096、8192等,系数为[0,q)中的整数,该明文空间对应的密文空间为可通过密钥生成算法可随机生成Rq中的一个多项式,作为私钥sk,该多项式的每个系数都是服从于标准差为χσ的离散高斯分布。然后,可生成公钥pk=(-a*sk+e,a),这里a是Rq中随机生成的多项式,e←χσLet the plaintext space be a polynomial space The degree of the polynomial space is less than N, where N is a power of 2, such as 4096, 8192, etc. The coefficient is an integer in [0, q). The ciphertext space corresponding to the plaintext space is A polynomial in R q can be randomly generated by a key generation algorithm as the private key sk, and each coefficient of the polynomial is subject to a discrete Gaussian distribution with a standard deviation of χ σ . Then, a public key pk = (-a*sk + e, a) can be generated, where a is a randomly generated polynomial in R q , and e←χ σ .

(2)编码算法(Encode),用于将明文向量转换为多项式v∈Rq(2) Encoding algorithm (Encode), used to convert the plaintext vector Convert to a polynomial v∈R q .

(3)加密算法(Encryption),用于用公钥将明文多项式v加密成密文(密文的形式是两个多项式)。具体是,令pk=(p0,p1),则密文这里c1=u*p1+e1,c0=u*p0+e0+v,其中v是明文多项式。(3) Encryption algorithm, used to encrypt the plaintext polynomial v into ciphertext (the ciphertext is in the form of two polynomials) using the public key. Specifically, let pk = (p 0 , p 1 ), then the ciphertext Here c 1 =u*p 1 +e 1 , c 0 =u*p 0 +e 0 +v, where v is the plaintext polynomial.

(4)解密算法(Decryption),该解密算法用于将密文解密为明文多项式,设密文ct=(c0,c1),则v≈(c0+c1*sk)modq为解密后的明文多项式。(4) Decryption algorithm: This decryption algorithm is used to decrypt the ciphertext into a plaintext polynomial. Suppose the ciphertext ct = (c 0 , c 1 ), then v ≈ (c 0 + c 1 *sk) mod q is the decrypted plaintext polynomial.

(5)译码算法(Decode),该译码算法用于将明文多项式转换为明文向量。(5) Decoding algorithm (Decode), which is used to convert the plaintext polynomial into a plaintext vector.

(6)同态计算,包括同态加法、同态乘法、同态替换等。(6) Homomorphic computation, including homomorphic addition, homomorphic multiplication, homomorphic substitution, etc.

具体是,在同态加法中,对于明文多项式m和明文多项式t,则E(m+t)=E(m)+E(t),其中,明文多项式m与明文多项式t为相同多项式空间中的多项式,E()表示对密文多项式进行同态加密得到的密文;在同态乘法中,E(t*m)=t*E(m),在一种同态乘法中, E(xi*m)=xi*E(m);在同态替换中,假设多项式m(x)的密文为ct(x),则ct(xt)=E(m(xt))。Specifically, in homomorphic addition, for plaintext polynomial m and plaintext polynomial t, E(m+t)=E(m)+E(t), where plaintext polynomial m and plaintext polynomial t are polynomials in the same polynomial space, and E() represents the ciphertext obtained by homomorphically encrypting the ciphertext polynomial; in homomorphic multiplication, E(t*m)=t*E(m), in a homomorphic multiplication, E( xi *m)= xi *E(m); in homomorphic substitution, assuming that the ciphertext of the polynomial m(x) is ct(x), then ct( xt )=E(m( xt )).

图1为一实施例中的系统结构图。如图1所示,系统中可包括矩阵持有方P0的设备101和向量持有方P1的设备102,设备101中存储有矩阵持有方P0拥有的m行n列矩阵,设备102中存储有向量持有方P1拥有的n维向量。为了分别保护矩阵持有方P0和向量持有方P1各自的隐私数据,设备102可生成用于同态加密的私钥sk和公钥pk。设备102可使用公钥pk对向量进行同态加密,生成向量的密文(即向量对应的明文多项式的密文),将该密文发送给设备101。设备101可将矩阵的各个行向量转换为至少一个明文多项式,然后可基于该至少一个明文多项式和向量的密文计算得出蕴含内积结果的密文,将蕴含内积结果的密文发送给设备102,从而设备102通过使用私钥sk对蕴含内积结果的密文进行同态解密,可得到矩阵各个行向量与向量的内积。其中,蕴含内积的密文是指,该密文对应的明文多项式中包括内积。FIG1 is a system structure diagram in one embodiment. As shown in FIG1 , the system may include a device 101 of a matrix holder P0 and a device 102 of a vector holder P1. The device 101 stores an m-row n-column matrix owned by the matrix holder P0, and the device 102 stores an n-dimensional vector owned by the vector holder P1. In order to protect the privacy data of the matrix holder P0 and the vector holder P1 respectively, the device 102 may generate a private key sk and a public key pk for homomorphic encryption. The device 102 may use the public key pk to homomorphically encrypt the vector, generate a ciphertext of the vector (i.e., the ciphertext of the plaintext polynomial corresponding to the vector), and send the ciphertext to the device 101. The device 101 may convert each row vector of the matrix into at least one plaintext polynomial, and then calculate a ciphertext containing an inner product result based on the at least one plaintext polynomial and the ciphertext of the vector, and send the ciphertext containing the inner product result to the device 102, so that the device 102 can obtain the inner product of each row vector of the matrix and the vector by homomorphically decrypting the ciphertext containing the inner product result using the private key sk. The ciphertext containing the inner product means that the plaintext polynomial corresponding to the ciphertext includes the inner product.

本说明书实施例可应用于例如多方联合建模的场景中。在该场景下,矩阵持有方P0例如为提供模型的模型方,模型方中持有的所述矩阵例如为模型中的参数矩阵。向量持有方例如为提供特征数据的数据方。数据方将蕴含向量的密文发送给模型方之后,模型方可将该密文输入模型,从而由该模型输出蕴含内积的密文。The embodiments of this specification can be applied to scenarios such as multi-party joint modeling. In this scenario, the matrix holder P0 is, for example, a model party that provides a model, and the matrix held in the model party is, for example, a parameter matrix in the model. The vector holder is, for example, a data party that provides feature data. After the data party sends the ciphertext containing the vector to the model party, the model party can input the ciphertext into the model, so that the model outputs the ciphertext containing the inner product.

本说明书实施例还可以用于隐私信息检索的场景下。在该场景下,矩阵持有方P0的设备101例如为存储有数据库的服务器,数据库中存储有矩阵形式的数据,设备102为用户设备。用户设备在需要查询矩阵的第i列时,可以构建用于查询数据的向量,其中该向量的第i个分量为1,其他分量为0。The embodiments of this specification can also be used in the scenario of private information retrieval. In this scenario, the device 101 of the matrix holder P0 is, for example, a server storing a database, the database storing data in the form of a matrix, and the device 102 is a user device. When the user device needs to query the i-th column of the matrix, it can construct a vector for querying data, where the i-th component of the vector is 1 and the other components are 0.

例如,矩阵持有方拥有的矩阵W例如为4*4的矩阵:
For example, the matrix W owned by the matrix holder is a 4*4 matrix:

其中,可认为W中包括四个行向量 Among them, it can be considered that W includes four row vectors

设备102在需要查询该矩阵的第2列的数据时,可构建用于查询数据的向量
When the device 102 needs to query the data in the second column of the matrix, it can construct a vector for querying the data.

其中,表示向量与向量的内积,具体是,
in, Representation vector With vector The inner product of is,

也就是说,通过将向量设置为如上所述的向量,可通过计算矩阵W与向量的乘积得到矩阵W的一列。而在计算矩阵W与向量的乘法时,通过计算矩阵W包括的各个行向量与向量的内积,可得出矩阵W与向量的乘积。基于此,为了保护矩阵持有方和向量持有方的隐私数据,可基于同态加密算法进行上述计算。That is, by adding the vector Set as the vector above, by calculating the matrix W and the vector The product of gets a column of matrix W. When multiplying, by calculating the row vectors included in the matrix W and the vector The inner product of matrix W and vector Based on this, in order to protect the privacy data of the matrix holder and the vector holder, the above calculation can be performed based on the homomorphic encryption algorithm.

具体是,向量持有方可将向量转换为多项式v=0+x+0x2+0x3=x,使用同态加密的公钥pk对多项式v加密,得到多项式v的密文Cv=E(v),其中,E()表示同态加密算法,该密文Cv包括两个密文多项式(Cv0,Cv1)。向量持有方可将密文Cv发送给矩阵持有方。Specifically, the vector holder can use the vector Convert to polynomial v = 0 + x + 0x 2 + 0x 3 = x, use the homomorphic encryption public key pk to encrypt the polynomial v, and obtain the ciphertext Cv = E(v) of the polynomial v, where E() represents the homomorphic encryption algorithm. The ciphertext Cv includes two ciphertext polynomials (C v0 , C v1 ). The vector holder can send the ciphertext Cv to the matrix holder.

矩阵持有方可将矩阵W包括的4个行向量转换为4个多项式:
w0=1-4x-3x2-2x3
w1=3-6x-5x2-4x3,
w2=2-5x-4x2-3x3,
w3=4-7x-6x2-5x3The matrix holder can include the four row vectors of matrix W Convert to 4 polynomials:
w 0 = 1-4x-3x 2 -2x 3 ,
w 1 =3-6x-5x 2 -4x 3 ,
w 2 =2-5x-4x 2 -3x 3 ,
w 3 =4-7x-6x 2 -5x 3 .

其中,w0×v=(1-4x-3x2-2x3)×(0+x+0x2+0x3)
=(1×0-4x×0x3-3x2×0x2-2x3×x)+…
=(1×0-4×0x4-3×0x4-2×1x4)+…        (1)Where, w 0 ×v=(1-4x-3x 2 -2x 3 )×(0+x+0x 2 +0x 3 )
=(1×0-4x×0x 3 -3x 2 ×0x 2 -2x 3 ×x)+…
=(1×0-4×0x 4 -3×0x 4 -2×1x 4 )+… (1)

其中,上述公式中(1)的“…”表示其他x幂次方的项,在此不具体写出,如上文所述,在同态加密算法中,明文空间为多项式空间Rq,该多项式空间中的次数小于4,在这里N=4,在N=4的多项式空间中,可设定x4=-1,从而,上述公式(1)可转换为:
In the above formula (1), "..." represents other terms of powers of x, which are not specifically written here. As mentioned above, in the homomorphic encryption algorithm, the plaintext space is a polynomial space R q , and the degree in the polynomial space is less than 4, where N=4. In the polynomial space of N=4, x 4 can be set to -1, so that the above formula (1) can be converted to:

即,w0×v的多项式中的常数项为 That is, the constant term in the polynomial of w 0 ×v is

与公式(2)类似地可以得出,


Similar to formula (2), we can conclude that


根据同态加密算法,E(w×v)←w×E(v)。因此,矩阵持有方可以通过计算多项式wi(i为0~3中任一值)与多项式v的同态密文Cv的乘积wi×Cv,得到与wi×v对应的密文Cwi=E(wi×v)=wi×Cv,并可将四个密文Cw0~Cw3发送给向量持有方。其中,多项式wi与多项式v的同态密文Cv的乘积为wi×(Cv0,Cv1)=(wi×Cv0,wi×Cv1)。向量持有方可对四个密文 Cw0~Cw3解密,得到各个多项式wi×v,可从各个多项式wi×v获取常数项,从而获取到各个从而可得到该矩阵W的第2列。通过如此,在数据查询的过程中,服务器无法知晓用户查询的具体数据,保护了用户隐私,同时,用户也不能获取到矩阵W中的其他列的数据,从而保护了服务器的数据隐私。According to the homomorphic encryption algorithm, E(w×v)←w×E(v). Therefore, the matrix holder can calculate the product w i ×Cv of the polynomial w i (i is any value from 0 to 3) and the homomorphic ciphertext Cv of the polynomial v to obtain the ciphertext C wi =E(w i ×v)= w i ×Cv corresponding to w i ×v, and send the four ciphertexts C w0 ~C w3 to the vector holder. Among them, the product of the polynomial w i and the homomorphic ciphertext Cv of the polynomial v is w i ×(C v0 ,C v1 )=(w i ×C v0 ,w i ×C v1 ). The vector holder can C w0 ~ C w3 are decrypted to obtain each polynomial w i ×v. Constant terms can be obtained from each polynomial w i ×v, thereby obtaining each Thus, the second column of the matrix W can be obtained. In this way, during the data query process, the server cannot know the specific data queried by the user, thereby protecting the user's privacy. At the same time, the user cannot obtain the data of other columns in the matrix W, thereby protecting the server's data privacy.

在上述过程中,矩阵持有方在计算得到四个密文Cw0~Cw3之后,需要将该四个密文发送给向量持有方,从而使得向量持有方获取到该四个密文对应的明文多项式中的常数项,因此,矩阵持有方与向量持有方之间的通信数据量较大。In the above process, after the matrix holder calculates the four ciphertexts C w0 ~ C w3 , it needs to send the four ciphertexts to the vector holder, so that the vector holder can obtain the constant terms in the plaintext polynomials corresponding to the four ciphertexts. Therefore, the amount of communication data between the matrix holder and the vector holder is large.

本说明书实施例提供一种保护隐私的数据处理方法,服务器可将多个密文打包到一个密文中,使得该打包得到的密文对应的明文多项式中包括该多个密文对应的多个明文多项式中需要保留的全部系数,并将该打包得到的密文发送给用户设备。本说明书实施例提供的数据处理方法相比于相关技术中的方案减少了通信数据量。The embodiment of this specification provides a data processing method for protecting privacy, whereby a server can pack multiple ciphertexts into one ciphertext, so that the plaintext polynomial corresponding to the packed ciphertext includes all coefficients that need to be retained in the multiple plaintext polynomials corresponding to the multiple ciphertexts, and send the packed ciphertext to a user device. The data processing method provided by the embodiment of this specification reduces the amount of communication data compared to the solution in the related art.

图2为本说明书实施例中的保护隐私的数据处理方法的流程图,该方法例如由向量持有方和矩阵持有方执行。FIG2 is a flowchart of a privacy-preserving data processing method in an embodiment of the present specification, which method is executed by, for example, a vector holder and a matrix holder.

如图2所示,在步骤S210,向量持有方生成向量的密文Cv。As shown in FIG. 2 , in step S210 , the vector holder generates a ciphertext Cv of the vector.

如上文所述,向量持有方可预先生成用于同态加密的私钥sk和公钥pk。向量持有方可将其拥有的向量转换为明文多项式v,使用公钥pk对明文多项式v加密,得到明文多项式v的密文Cv,其中,该密文Cv包括两个密文多项式。As mentioned above, the vector holder can pre-generate the private key sk and public key pk for homomorphic encryption. Convert to a plaintext polynomial v, use the public key pk to encrypt the plaintext polynomial v, and obtain a ciphertext Cv of the plaintext polynomial v, wherein the ciphertext Cv includes two ciphertext polynomials.

具体是,在一种实施方式中,如上文所述,向量例如为4维向量,即图1中的n=4,可将其转换为多项式v=0+x+0x2+0x3=x,向量持有方使用公钥pk对该明文多项式v加密,得到密文Cv。Specifically, in one embodiment, as described above, the vector For example, a 4-dimensional vector, that is, n=4 in Figure 1, It can be converted into a polynomial v = 0 + x + 0x 2 + 0x 3 = x. The vector holder uses the public key pk to encrypt the plaintext polynomial v to obtain the ciphertext Cv.

在步骤S520,向量持有方将密文Cv发送给矩阵持有方。In step S520, the vector holder sends the ciphertext Cv to the matrix holder.

在步骤S530,矩阵持有方将其拥有的矩阵W转换为多个明文多项式,将多个明文多项式分别与密文Cv相乘,得到多个密文。In step S530, the matrix holder converts the matrix W it owns into multiple plaintext polynomials, and multiplies the multiple plaintext polynomials with the ciphertext Cv respectively to obtain multiple ciphertexts.

具体是,矩阵W例如为4*4的矩阵
Specifically, the matrix W is, for example, a 4*4 matrix

矩阵持有方可将矩阵W包括的4个行向量转换为4个多项式:
w10=1-4x5-3x6-2x7
w11=3-6x5-5x6-4x7,
w12=2-5x5-4x6-3x7,
w13=4-7x5-6x6-5x7The matrix holder can include the four row vectors of matrix W Convert to 4 polynomials:
w 10 =1-4x 5 -3x 6 -2x 7 ,
w 11 =3-6x 5 -5x 6 -4x 7 ,
w 12 = 2-5x 5 -4x 6 -3x 7 ,
w 13 = 4-7x 5 -6x 6 -5x 7 .

之后,矩阵持有方可基于明文多项式w10和w12生成明文多项式y0,基于w11和w13生成明文多项式y1:
y0=w10+x4×w12=1+5x+4x2+3x3+2x4-4x5-3x6-2x7
y1=w11+x4×w13=1+7x+6x2+5x3+4x4-6x5-5x6-4x7Afterwards, the matrix holder can generate plaintext polynomial y0 based on plaintext polynomials w10 and w12 , and generate plaintext polynomial y1 based on w11 and w13 :
y0=w 10 +x 4 ×w 12 =1+5x+4x 2 +3x 3 +2x 4 -4x 5 -3x 6 -2x 7 ,
y1=w 11 +x 4 ×w 13 =1+7x+6x 2 +5x 3 +4x 4 -6x 5 -5x 6 -4x 7 .

其中,设定明文多项式y0和y1所属的多项式空间的次数小于8,即多项式空间的N=8,在该多项式空间中x8=-1。It is assumed that the degree of the polynomial space to which the plaintext polynomials y0 and y1 belong is less than 8, that is, N of the polynomial space = 8, and x 8 = -1 in the polynomial space.

矩阵持有方可通过将明文多项式y0和y1分别与密文Cv相乘,得到两个密文y0×Cv和y1×Cv,可将该两个密文分别表示为C1和C2。如上文所述y0×Cv=E(y0×v),y1×Cv=E(y1×v),The matrix holder can obtain two ciphertexts y0×Cv and y1×Cv by multiplying the plaintext polynomials y0 and y1 with the ciphertext Cv respectively, and the two ciphertexts can be represented as C1 and C2 respectively. As mentioned above, y0×Cv=E(y0×v), y1×Cv=E(y1×v),

其中, in,

其中,表示向量与向量的内积。in, Representation vector With vector The inner product of .

也就是说,密文C1对应的明文多项式y0×v中的的常数项系数为行向量与向量的内积,密文C1对应的明文多项式y0×v中的x4项系数为行向量与向量的内积,密文C1对应的明文多项式中的常数项系数和x4项系数需要提供给向量持有方。That is to say, the constant coefficient of the plaintext polynomial y0×v corresponding to the ciphertext C1 is the row vector With vector The inner product of the ciphertext C1, the coefficients of the x 4 terms in the plaintext polynomial y0×v are row vectors With vector The inner product of the constant term coefficient and the x4 term coefficient in the plaintext polynomial corresponding to the ciphertext C1 need to be provided to the vector holder.

同理可得, Similarly,

也就是说,密文C2对应的明文多项式y1×v中的的常数项系数为行向量与向量的内积,密文C2对应的明文多项式y1×v中的x4项系数为行向量与向量的内积,密文C2对应的明文多项式中的常数项系数和x4项系数需要提供给向量持有方。 That is to say, the constant coefficient of the plaintext polynomial y1×v corresponding to the ciphertext C2 is the row vector With vector The inner product of the ciphertext C2, the coefficients of the x 4 terms in the plaintext polynomial y1×v are row vectors With vector The inner product of the constant term coefficient and the x4 term coefficient in the plaintext polynomial corresponding to the ciphertext C2 need to be provided to the vector holder.

可以理解,上文所述矩阵W和向量仅仅是示例性的,而不用于限制本说明书实施例的范围,在一种实施方式中,矩阵持有方的矩阵W2例如包括共8个行向量,可以与上文类似地,将行向量分别转换为多项式w20、w21、…w27It can be understood that the matrix W and vector This is merely exemplary and is not intended to limit the scope of the embodiments of this specification. In one embodiment, the matrix W2 of the matrix holder includes, for example: There are 8 row vectors in total. We can convert the row vectors into Convert them into polynomials w 20 , w 21 , …w 27 respectively.

与上文类似地,矩阵持有方可基于明文多项式w20和w24生成明文多项式y20,基于w21和w25生成明文多项式y21,基于明文多项式w22和w26生成明文多项式y22,基于明文多项式w23和w27生成明文多项式y23,即:
y20=w20+x4×w24
y21=w21+x4×w25
y22=w22+x4×w26
y23=w23+x4×w27Similar to the above, the matrix holder can generate plaintext polynomial y 20 based on plaintext polynomials w 20 and w 24 , generate plaintext polynomial y 21 based on w 21 and w 25 , generate plaintext polynomial y 22 based on plaintext polynomials w 22 and w 26 , and generate plaintext polynomial y 23 based on plaintext polynomials w 23 and w 27 , that is:
y 20 = w 20 + x 4 × w 24 ,
y 21 =w 21 +x 4 ×w 25 ,
y 2 2 =w 2 2 +x 4 ×w 2 6 ,
y 23 =w 23 +x 4 ×w 27 ,

类似地,通过将明文多项式y20~y23分别与密文Cv相乘,得到四个密文y20×Cv~y23×Cv,可将该四个密文分别表示为C21~C24Similarly, by multiplying the plaintext polynomials y 20 ˜y 23 by the ciphertext Cv respectively, four ciphertexts y 20 ×Cv ˜y 23 ×Cv are obtained. The four ciphertexts can be represented as C 21 ˜C 24 respectively.

参考上文公式(3)和公式(4),类似地,可得密文C21~C24分别对应的四个明文多项式:



Referring to the above formula (3) and formula (4), similarly, the four plaintext polynomials corresponding to the ciphertexts C 21 to C 24 can be obtained:



也就是说,密文C21~C24对应的四个明文多项式中每个明文多项式中的常数项系数和x4项系数需要提供给向量持有方。That is, the constant term coefficient and the x4 term coefficient in each of the four plaintext polynomials corresponding to the ciphertexts C 21 to C 24 need to be provided to the vector holder.

在步骤S240,矩阵持有方对多个密文进行打包处理,得到密文Cq。In step S240, the matrix holder packages multiple ciphertexts to obtain a ciphertext Cq.

在一个实例中,矩阵持有方如上文所述获取到上文中的密文C1和密文C2。其中,如上文所述,密文C1和密文C2对应的明文多项式中需要提供给向量持有方的系数(即目标系数)的数目分别为2个。In one example, the matrix holder obtains the ciphertext C1 and ciphertext C2 as described above. As described above, the number of coefficients (ie, target coefficients) that need to be provided to the vector holder in the plaintext polynomials corresponding to the ciphertext C1 and the ciphertext C2 is 2 respectively.

如图2中所示,矩阵持有方可通过执行步骤S241和步骤S243对密文C1和密文C2进行打包处理。As shown in FIG. 2 , the matrix holder may perform packaging processing on the ciphertext C1 and the ciphertext C2 by executing steps S241 and S243 .

具体是,在步骤S241,矩阵持有方基于密文Ci和密文Cj对应的明文多项式Vi和明文多项式Vj中的目标系数的数目,确定第一参数值和第二参数值。Specifically, in step S241, the matrix holder determines the first parameter value and the second parameter value based on the number of target coefficients in the plaintext polynomial Vi and the plaintext polynomial Vj corresponding to the ciphertext Ci and the ciphertext Cj.

其中,第一参数值为用于对密文中的x进行同态替换的x幂次方的次数,第二参数 值为用于对密文进行同态乘法的x幂次方的次数。The first parameter value is the number of times x in the ciphertext is homomorphically replaced, and the second parameter is The value is the number of powers of x used to perform homomorphic multiplication on the ciphertext.

在一种实施方式中,基于明文多项式Vi和明文多项式Vj中需要保留的系数数目2s,2s应小于或者等于N,可确定第一参数值为2s+1,第二参数值为N/2sIn one implementation, based on the number of coefficients 2 s that need to be retained in the plaintext polynomials Vi and Vj, 2 s should be less than or equal to N, and the first parameter value may be determined to be 2 s +1 and the second parameter value to be N/2 s .

图3为矩阵持有方执行步骤S240的过程示意图。如图3所示,假设密文C1与明文多项式V1(即y0×v)对应,密文C2与明文多项式V2(即y1×v)对应,密文C1对应的明文多项式V1的形式例如为V1=v0+v1x+…vNxN,假设N=8,图3中以顺序排列的方框表示明文多项式V1中的各项的系数,其中“*”表示明文多项式V1中的不关注的项的系数。在上文的示例中,V1的具体形式可以为V1=2+…+3x4+…,V2的具体形式可以为V2==4+…+5x4+…。其中,如上文所述,明文多项式V1和明文多项式V2中的常数项系数和第N/2项(即x4项)系数为向量内积,即图3中的V1中分别位于第1个框和第5个框的2和3,V2中分别位于第1个框和第5个框的4和5,即,明文多项式V1和明文多项式V2中的需要保留的目标系数的数目共为2+2=4个。相应地,可确定第一参数值为5,第二参数值为8/4=2。FIG3 is a schematic diagram of the process of the matrix holder executing step S240. As shown in FIG3, assuming that the ciphertext C1 corresponds to the plaintext polynomial V1 (i.e., y0×v), and the ciphertext C2 corresponds to the plaintext polynomial V2 (i.e., y1×v), the form of the plaintext polynomial V1 corresponding to the ciphertext C1 is, for example, V1=v 0 +v 1 x+…v N x N , assuming N=8, and the boxes arranged in sequence in FIG3 represent the coefficients of the various items in the plaintext polynomial V1, where "*" represents the coefficients of the unconcerned items in the plaintext polynomial V1. In the above example, the specific form of V1 can be V1=2+…+3x 4 +…, and the specific form of V2 can be V2==4+…+5x 4 +…. As described above, the coefficients of the constant term and the N/2th term (i.e., x 4 term) in the plaintext polynomial V1 and the plaintext polynomial V2 are vector inner products, i.e., 2 and 3 in the first and fifth boxes in V1 in FIG3, and 4 and 5 in the first and fifth boxes in V2, i.e., the number of target coefficients to be retained in the plaintext polynomial V1 and the plaintext polynomial V2 is 2+2=4 in total. Accordingly, the first parameter value can be determined to be 5, and the second parameter value can be determined to be 8/4=2.

在步骤S243,矩阵持有方基于第一参数值、第二参数值、密文Ci和密文Cj进行同态计算,得到密文Ck。In step S243, the matrix holder performs homomorphic calculation based on the first parameter value, the second parameter value, the ciphertext Ci and the ciphertext Cj to obtain the ciphertext Ck.

参考图3,矩阵持有方首先可基于第一参数值对密文C1和密文C2都进行同态替换,即将密文C1中的x替换为x5,将密文C2中的x替换为x5,具体是,将密文C1包括的两个多项式中的x都替换为x5,将密文C2包括的两个多项式中的x替换为x5Referring to Figure 3, the matrix holder can first perform homomorphic replacement on both ciphertext C1 and ciphertext C2 based on the first parameter value, that is, replace x in ciphertext C1 with x 5 , and replace x in ciphertext C2 with x 5. Specifically, replace x in the two polynomials included in ciphertext C1 with x 5 , and replace x in the two polynomials included in ciphertext C2 with x 5 .

其中,基于同态替换的原理,将密文C1中的x替换为x5,也就相当于将明文多项式V1中的x替换为x5,即使得将明文多项式V1转换为如下的形式:
V1(x5)=v0+v1x5+…vNx5N       (5)Among them, based on the principle of homomorphic substitution, replacing x in the ciphertext C1 with x 5 is equivalent to replacing x in the plaintext polynomial V1 with x 5 , that is, converting the plaintext polynomial V1 into the following form:
V1(x 5 )=v 0 +v 1 x 5 +…v N x 5N (5)

其中,明文多项式V1(x5)中的常数项与明文多项式V1的常数项相同。The constant term in the plaintext polynomial V1(x 5 ) is the same as the constant term in the plaintext polynomial V1.

对公式(5)mod(xN+1),也即将公式(5)中的xN替换为-1,以使得V1(x5)的多项式空间与明文多项式的多项式空间对应。经过该处理之后,公式(5)中的 也就是说,经过同态替换之后,公式(5)中的项的系数变成了明文多项式V1中的项的系数的负数。同样地,公式(5)中的 也就是说,经过同态替换之后,公式(5)中的项的系数变成了明文多项式V1中的项的系数的负数。另外,公式(5)中的 也就是说,经过同态替换之后,公式(5)中的项的系数与明文多项式V1中的项的系数相同。Formula (5) mod (x N +1), that is, replace x N in formula (5) with -1, so that the polynomial space of V1 (x 5 ) corresponds to the polynomial space of the plaintext polynomial. After this processing, the polynomial space in formula (5) That is to say, after homomorphic substitution, The coefficients of the term become the coefficients of the plaintext polynomial V1 The negative of the coefficient of the term. Similarly, That is to say, after homomorphic substitution, The coefficients of the term become the coefficients of the plaintext polynomial V1 The negative number of the coefficient of the term. In addition, That is to say, after homomorphic substitution, The coefficients of the terms are the same as those in the plaintext polynomial V1 The coefficients of the terms are the same.

在N=8的情况下,参考图3,在对密文C1进行同态替换之后,得到与明文多项式V1(x5)对应的密文C1(x5),明文多项式V1(x5)与明文多项式V1相比,明文多项式V1(x5)常数项和x4(即)项的系数与明文多项式V1中的相应项相同,明文多项式V1(x5)中的x2(即)项和x6(即)项的系数分别为明文多项式V1中的相应项的系数的负数。In the case of N=8, referring to FIG3, after homomorphic substitution of ciphertext C1, ciphertext C1(x 5 ) corresponding to plaintext polynomial V1(x 5 ) is obtained. Compared with plaintext polynomial V1, plaintext polynomial V1(x 5 ) has constant terms and x 4 ( i.e. ) has the same coefficient as the corresponding term in the plaintext polynomial V1. The coefficient of x 2 (i.e. ) and x 6 (i.e. ) are respectively the negatives of the coefficients of the corresponding terms in the plaintext polynomial V1.

通过如此,通过将密文C1与密文C1(x5)相加,得到的对应的明文多项式V1+V1(x5)的常数项和x4项的系数为明文多项式V1中的相应项系数的两倍,也就是说,如图3所示,明文多项式(V1+V1(x5))/2的常数项和x4项的系数与明文多项式V1中的相应项系数相同,其x2(即)项和x6(即)项的系数变为零。其中,将密文C1与密文C1(x5)相加具体是,将密文C1的第一多项式与C1(x5)的第一多项式相加,将密文C1的第二多项式与C1(x5)的第二多项式相加,得到新的密文的两个多项式。In this way, by adding the ciphertext C1 to the ciphertext C1(x 5 ), the constant term and the coefficient of the x 4 term of the corresponding plaintext polynomial V1+V1(x 5 ) are twice the coefficient of the corresponding term in the plaintext polynomial V1. That is, as shown in FIG3 , the constant term and the coefficient of the x 4 term of the plaintext polynomial (V1+V1(x 5 ))/2 are the same as the coefficient of the corresponding term in the plaintext polynomial V1, and its x 2 (i.e. ) and x 6 (i.e. ) becomes zero. Specifically, adding the ciphertext C1 to the ciphertext C1(x 5 ) is to add the first polynomial of the ciphertext C1 to the first polynomial of C1(x 5 ), and to add the second polynomial of the ciphertext C1 to the second polynomial of C1(x 5 ), to obtain two new ciphertext polynomials.

类似地对密文C2进行处理,可得到密文(C2+C2(x5))/2,其对应于明文多项式(V2+V2(x5))/2,如图3中所示,明文多项式(V2+V2(x5))/2的常数项和x4项的系数与明文多项式V2中的相应项相同,其x2(即)和x6(即)的系数变为零。Similarly, the ciphertext C2 is processed to obtain the ciphertext (C2+C2(x 5 ))/2, which corresponds to the plaintext polynomial (V2+V2(x 5 ))/2. As shown in FIG3 , the coefficients of the constant term and the x 4 term of the plaintext polynomial (V2+V2(x 5 ))/2 are the same as those of the plaintext polynomial V2, and its x 2 (i.e. ) and x 6 (i.e. ) becomes zero.

之后,可基于第二参数值对密文(C2+C2(x5))/2进行同态乘法,即得到密文x2×(C2+C2(x5))/2,该密文对应于明文多项式x2×(V2+V2(x5))/2,具体是,将x2分别与(C2+C2(x5))/2的两个多项式相乘,得到新的密文的两个多项式。参考图3,明文多项式x2×(V2+V2(x5))/2中的系数通过对明文多项式(V2+V2(x5))/2中的系数进行如下处理得到:将明文多项式(V2+V2(x5))/2中第1项~第6项系数中的每个向后移动了两格,将第7项和第8项乘以-1并移动到第一格和第二格。在经过该同态乘法处理之后,x2×(V2+V2(x5))/2中的需要保留的系数与(V1+V1(x5))/2中的系数为0的项位置对应,x2×(V2+V2(x5))/2中的系数为零的项与(V1+V1(x5))/2中的需要保留的系数位置对应。从而,参考图3,通过将(C1+C1(x5))/2与密文x2×(C2+C2(x5))/2相加,得到密文C3,其对应的明文多项式(V1+V1(x5))/2+x2×(V2+V2(x5))/2(即明文多项式V3)中包括了明文多项式V1和明文多项式V2中需要保留的全部系数,即2、4、3、5。根据上文中的公式(3)和公式(4)可以得出,密文C3对应于明文多项式也就是说,明文多项式V3中的系数中包括矩阵W的各个行向量与向量的内积。 Afterwards, the ciphertext (C2+C2(x 5 ))/2 can be homomorphically multiplied based on the second parameter value to obtain the ciphertext x 2 ×(C2+C2(x 5 ))/2, which corresponds to the plaintext polynomial x 2 ×(V2+V2(x 5 ))/2. Specifically, x 2 is multiplied by the two polynomials of (C2+C2(x 5 ))/2 respectively to obtain two new ciphertext polynomials. Referring to Figure 3, the coefficients in the plaintext polynomial x 2 ×(V2+V2(x 5 ))/2 are obtained by processing the coefficients in the plaintext polynomial (V2+V2(x 5 ))/2 as follows: each of the coefficients of the 1st to 6th items in the plaintext polynomial (V2+V2(x 5 ))/2 is moved backward by two grids, and the 7th and 8th items are multiplied by -1 and moved to the first grid and the second grid. After the homomorphic multiplication process, the coefficients that need to be retained in x 2 ×(V2+V2(x 5 ))/2 correspond to the positions of the items with coefficients of 0 in (V1+V1(x 5 ))/2, and the items with coefficients of zero in x 2 ×(V2+V2(x 5 ))/2 correspond to the positions of the coefficients that need to be retained in (V1+V1(x 5 ))/2. Therefore, referring to FIG3 , by adding (C1+C1(x 5 ))/2 to the ciphertext x 2 ×(C2+C2(x 5 ))/2, the ciphertext C3 is obtained, and its corresponding plaintext polynomial (V1+V1(x 5 ))/2+x 2 ×(V2+V2(x 5 ))/2 (i.e., plaintext polynomial V3) includes all the coefficients that need to be retained in the plaintext polynomials V1 and V2, i.e., 2, 4, 3, and 5. According to formula (3) and formula (4) above, it can be concluded that the ciphertext C3 corresponds to the plaintext polynomial That is, the coefficients in the plaintext polynomial V3 include the row vectors of the matrix W and the vector The inner product of .

在一种实施方式中,可通过如下同态计算对密文C3进行转换:
C3=(C1+C1(x5)+x2×(C2+C2(x5)))/2=(C1+x2×C2+(C1(x5)+x2×C2(x5)))/2
=(C1+x2×C2+(C1(x5)-x2+8×C2(x5)))/2
=(C1+x2×C2+(C1(x5)-(x5)2×C2(x5)))/2
=(C1+x2×C2+(C1-x2×C2)(x5))/2    (6)In one implementation, the ciphertext C3 may be transformed by the following homomorphic computation:
C3=(C1+C1(x 5 )+x 2 ×(C2+C2(x 5 )))/2=(C1+x 2 ×C2+(C1(x 5 )+x 2 ×C2(x 5 )))/2
=(C1+x 2 ×C2+(C1(x 5 )-x 2+8 ×C2(x 5 )))/2
=(C1+x 2 ×C2+(C1(x 5 )-(x 5 ) 2 ×C2(x 5 )))/2
=(C1+x 2 ×C2+(C1-x 2 ×C2)(x 5 ))/2 (6)

根据公式(6),矩阵持有方可首先对密文C2进行同态乘法,得到x2×C2,然后,矩阵持有方可计算密文C1-x2×C2,然后仅需要对密文C1-x2×C2进行一次同态替换,即将密文C1-x2×C2中的x替换为x5,即可得到密文C3,从而可节省计算资源。According to formula (6), the matrix holder can first perform homomorphic multiplication on the ciphertext C2 to obtain x 2 ×C2. Then, the matrix holder can calculate the ciphertext C1-x 2 ×C2. Then, it only needs to perform a homomorphic replacement on the ciphertext C1-x 2 ×C2, that is, replace x in the ciphertext C1-x 2 ×C2 with x 5 to obtain the ciphertext C3, thereby saving computing resources.

可以理解,本说明书实施例中不限于将第一参数值设定为2s+1,将第二参数值设置为N/2s,例如,在2s+1小于等于N的情况下,可将第一参数值设置为2s+1+1,根据第一参数值相应地设置第二参数值。例如,在多项式空间的次数小于16的情况下,当将第一参数值设置为9时,对两个密文中的一个密文进行x9的同态替换,从而可与上文类似地对密文进行转换,使得转换之后的密文对应的明文多项式的第2项(即16/8项)系数、第6项(即16*3/8项)系数、第10项(即16*5/8项)系数、第14项(即16*7/8项)系数被置为0,通过根据第一参数值相应地设置第二参数值,可将两个密文中的另一个密文对应的明文多项式中需要保留的系数打包到最终的密文对应的明文多项式中的第2项系数、第6项系数、第10项系数、第14项系数中的至少一项系数中。It can be understood that the embodiments of this specification are not limited to setting the first parameter value to 2s +1 and the second parameter value to N/ 2s . For example, when 2s +1 is less than or equal to N, the first parameter value can be set to 2s +1 +1, and the second parameter value can be set accordingly based on the first parameter value. For example, when the degree of the polynomial space is less than 16, when the first parameter value is set to 9, a homomorphic replacement of x 9 is performed on one of the two ciphertexts, so that the ciphertext can be converted similarly to the above, so that the 2nd (i.e., 16/8) coefficient, the 6th (i.e., 16*3/8) coefficient, the 10th (i.e., 16*5/8) coefficient, and the 14th (i.e., 16*7/8) coefficient of the plaintext polynomial corresponding to the ciphertext after the conversion are set to 0, and by setting the second parameter value accordingly according to the first parameter value, the coefficients that need to be retained in the plaintext polynomial corresponding to the other ciphertext of the two ciphertexts can be packed into at least one of the 2nd coefficient, the 6th coefficient, the 10th coefficient, and the 14th coefficient in the plaintext polynomial corresponding to the final ciphertext.

在矩阵持有方仅对两个密文C1和C2进行打包的情况中,得到的密文C3也即为将发送给向量持有方的密文Cq。In the case where the matrix holder only packages two ciphertexts C1 and C2, the obtained ciphertext C3 is also the ciphertext Cq to be sent to the vector holder.

在另一种情况中,矩阵持有方获取到例如上述四个密文C21~C24,矩阵持有方可通过迭代执行图2中的步骤S241和步骤S243,以将四个密文C21~C24打包为一个密文,使得该打包得到的密文中包括四个密文C21~C24对应的明文多项式中需要保留的全部系数。In another case, the matrix holder obtains, for example, the above-mentioned four ciphertexts C 21 -C 24 , and the matrix holder may iteratively execute steps S241 and S243 in FIG. 2 to pack the four ciphertexts C 21 -C 24 into one ciphertext, so that the packaged ciphertext includes all coefficients that need to be retained in the plaintext polynomials corresponding to the four ciphertexts C 21 -C 24 .

图4为本说明书实施例中对四个密文进行打包的过程示意图。如图4所示,假设各个密文对应的明文多项式中的两个数值为该明文多项式中需要保留的系数,矩阵持有方可首先对密文C21和C23执行图2中的步骤S241,其中与图3所示过程类似地,明文多项式C21和V25中需要保留的系数的数目为4,因此,第一参数值为5,第二参数值为2。然后,矩阵持有方执行步骤S243,从而与图3所示过程类似地,得到密文C25,该密文C25对应的明文多项式V25中包括了明文多项式V21和V25中需要保留的四个系数。FIG4 is a schematic diagram of the process of packing four ciphertexts in an embodiment of the present specification. As shown in FIG4, assuming that the two values in the plaintext polynomial corresponding to each ciphertext are the coefficients that need to be retained in the plaintext polynomial, the matrix holder can first perform step S241 in FIG2 on the ciphertexts C 21 and C 23 , where similar to the process shown in FIG3, the number of coefficients that need to be retained in the plaintext polynomials C 21 and V 25 is 4, so the first parameter value is 5 and the second parameter value is 2. Then, the matrix holder performs step S243, and similar to the process shown in FIG3, obtains the ciphertext C 25 , and the plaintext polynomial V 25 corresponding to the ciphertext C 25 includes the four coefficients that need to be retained in the plaintext polynomials V 21 and V 25 .

然后,矩阵持有方可对密文C22和C24执行图2中的步骤S241,其中明文多项式C22和V24中需要保留的系数的数目为4,因此,第一参数值为5,第二参数值为2。之后,矩阵持 有方执行步骤S243,得到密文C26,该密文C26对应的明文多项式V26中包括了明文多项式V22和V24中需要保留的四个系数。Then, the matrix holder can perform step S241 in FIG. 2 on the ciphertext C 22 and C 24 , where the number of coefficients to be retained in the plaintext polynomials C 22 and V 24 is 4, so the first parameter value is 5 and the second parameter value is 2. The party executes step S243 to obtain the ciphertext C 26 , and the plaintext polynomial V 26 corresponding to the ciphertext C 26 includes the four coefficients that need to be retained in the plaintext polynomials V 22 and V 24 .

在得到密文C25和C26之后,矩阵持有方可对密文C25和C26执行图2中的步骤S241,其中密文C25对应的明文多项式C25和密文C26对应的明文多项式V26中需要保留的系数的数目为4+4=8,因此,第一参数值为8+1=9,第二参数值为8/8=1。在该情况中,s=l+h,其中,2l为初始参与该数据处理过程的密文的数目(即C21~C24共4个),2h为每个初始的密文对应的明文多项式中需要保留的系数的数目(即2个),2l+h=2l×2h,也即初始参与该数据处理过程中的全部密文中包括的全部需要保留的系数的数目。After obtaining the ciphertexts C 25 and C 26 , the matrix holder may perform step S241 in FIG. 2 on the ciphertexts C 25 and C 26 , wherein the number of coefficients to be retained in the plaintext polynomial C 25 corresponding to the ciphertext C 25 and the plaintext polynomial V 26 corresponding to the ciphertext C 26 is 4+4=8, therefore, the first parameter value is 8+1=9, and the second parameter value is 8/8=1. In this case, s=l+h, wherein 2 l is the number of ciphertexts initially participating in the data processing process (i.e., C 21 to C 24 , a total of 4), 2 h is the number of coefficients to be retained in the plaintext polynomial corresponding to each initial ciphertext (i.e., 2), 2 l+h =2 l ×2 h , i.e., the number of all coefficients to be retained included in all ciphertexts initially participating in the data processing process.

之后,矩阵持有方执行步骤S243,与图3所示过程类似地,矩阵持有方可将密文C25和C26中的x替换为x9,并对密文C26+C26(x9)进行与x的同态乘法,得到x×(C26+C26(x9)),并将C25+C255(x9)与x×(C26+C26(x9))相加,得到密文C27=((C25+C25(x9))+x×(C26+C26(x9)))/2,该密文对应的明文多项式V27=((V25+V25(x9))+x×(V26+V26(x9)))/2如图4中所示,包括明文多项式V21~V24中的需要保留的全部系数。在该情况下,矩阵持有方得到的密文C27为将要发送给向量持有方的密文Cq。Afterwards, the matrix holder executes step S243. Similar to the process shown in Figure 3, the matrix holder may replace x in the ciphertexts C 25 and C 26 with x 9 , and perform homomorphic multiplication of the ciphertext C 26 +C 26 (x 9 ) with x to obtain x×(C 26 +C 26 (x 9 )), and add C 25 +C 25 5(x 9 ) to x×(C 26 +C 26 (x 9 )) to obtain the ciphertext C 27 =((C 25 +C 25 (x 9 ))+x×(C 26 +C 26 (x 9 )))/2. The plaintext polynomial V 27 corresponding to the ciphertext is =((V 25 +V 25 (x 9 ))+x×(V 26 +V 26 (x 9 ) ) )))/2 As shown in FIG4 , it includes all coefficients that need to be retained in the plaintext polynomials V 21 to V 24. In this case, the ciphertext C 27 obtained by the matrix holder is the ciphertext Cq to be sent to the vector holder.

也就是说,矩阵持有方可以以二叉树的形式对多个密文进行打包处理,从而最终得到的密文包括全部密文对应的各个明文多项式中的需要保留的系数。That is to say, the matrix holder can package multiple ciphertexts in the form of a binary tree, so that the final ciphertext includes the coefficients that need to be retained in each plaintext polynomial corresponding to all the ciphertexts.

参考图4所示处理过程,对于顺序排列的4个密文C21~C24,通过对4个密文中的奇数项和偶数项分别进行打包处理,在获得的密文C27对应的明文多项式V27中,顺序排列的第1项~第4项系数分别为明文多项式V21~V24的四个常数项,且该四项系数在明文多项式V27中的位置顺序与其分别对应的明文多项式V21~V24的排列顺序(即密文C21~C24的排列顺序)一致,第5项~第8项系数分别为明文多项式V21~V24的四个x4项系数,且该四项系数在明文多项式V27中的位置顺序与其分别对应的明文多项式V21~V24的排列顺序一致。Referring to the processing process shown in FIG4 , for the four ciphertexts C 21 to C 24 arranged in sequence, by packing the odd-numbered items and the even-numbered items in the four ciphertexts respectively, in the plaintext polynomial V 27 corresponding to the obtained ciphertext C 27 , the coefficients of the first to fourth items arranged in sequence are respectively the four constant items of the plaintext polynomials V 21 to V 24 , and the position order of the four coefficients in the plaintext polynomial V 27 is consistent with the arrangement order of the plaintext polynomials V 21 to V 24 respectively corresponding thereto (i.e., the arrangement order of the ciphertexts C 21 to C 24 ), and the coefficients of the fifth to eighth items are respectively the four x 4 coefficients of the plaintext polynomials V 21 to V 24 , and the position order of the four coefficients in the plaintext polynomial V 27 is consistent with the arrangement order of the plaintext polynomials V 21 to V 24 respectively corresponding thereto.

在步骤S250,矩阵持有方将密文Cq发送给向量持有方。In step S250, the matrix holder sends the ciphertext Cq to the vector holder.

在步骤S260,向量持有方对密文Cq解密,获取明文多项式Vq,从明文多项式Vq获取多个向量内积。In step S260, the vector holder decrypts the ciphertext Cq, obtains the plaintext polynomial Vq, and obtains multiple vector inner products from the plaintext polynomial Vq.

具体是,在上述一个实例中,向量持有方可使用私钥sk对密文C3解密,得到上述明文多项式V3,从而可从V3中的常数项、x2项、x4项和x6项的系数获得矩阵W的各个行向量与向量的内积。Specifically, in the above example, the vector holder can use the private key sk to decrypt the ciphertext C3 and obtain the above plaintext polynomial V3, so that the row vectors and vectors of the matrix W can be obtained from the coefficients of the constant term, x2 term, x4 term and x6 term in V3. The inner product of .

在上述另一个实例中,向量持有方可使用私钥sk对密文C27解密,得到上述明文多 项式V27,从而可从V27中的8项的系数获得矩阵W2的各个行向量与向量的内积。In another example above, the vector holder can use the private key sk to decrypt the ciphertext C 27 and obtain the above plaintext The term V 27 , thus the row vectors and vectors of the matrix W2 can be obtained from the coefficients of the 8 terms in V 27 The inner product of .

通过该实施例中的方案,矩阵持有方通过将多个密文中打包到一个密文中,只需要将一个密文发送给向量持有方,就可以将该多个密文对应的多个明文多项式中包括的多个目标系数提供给向量持有方,而不需要将多个密文都发送给向量持有方,从而减少了矩阵持有方与向量持有方之间的通信数据量。Through the scheme in this embodiment, the matrix holder packs multiple ciphertexts into one ciphertext and only needs to send one ciphertext to the vector holder. Then, multiple target coefficients included in multiple plaintext polynomials corresponding to the multiple ciphertexts can be provided to the vector holder without sending multiple ciphertexts to the vector holder, thereby reducing the amount of communication data between the matrix holder and the vector holder.

可以理解,图2所示应用场景仅为本说明书一实施例中的数据处理方案的示例场景,本说明书实施例不限于此,而是可以应用于其他需要对多个密文进行打包的场景中。图5示出了本说明书另一实施例中的数据处理的方法流程图。该方法可由任意计算设备执行。It can be understood that the application scenario shown in FIG. 2 is only an example scenario of the data processing solution in an embodiment of this specification, and the embodiment of this specification is not limited thereto, but can be applied to other scenarios where multiple ciphertexts need to be packaged. FIG. 5 shows a flow chart of a method for data processing in another embodiment of this specification. The method can be executed by any computing device.

如图5所示,首先在步骤S510,获取对应于明文多项式Vi的密文Ci和对应于明文多项式Vj的密文Cj。As shown in FIG. 5 , first in step S510 , the ciphertext Ci corresponding to the plaintext polynomial Vi and the ciphertext Cj corresponding to the plaintext polynomial Vj are obtained.

其中,密文Ci和密文Cj为基于相同的同态加密公钥pk的密文。密文Ci对应的明文多项式Vi的形式例如为Vi=vi0+vi1x+…viNxN,密文Cj对应的明文多项式Vj的形式例如为Vj=vj0+vj1x+…vjNxN。在一种情况下,密文Ci和密文Cj可以为通过公钥pk直接对对应的明文多项式加密得到的密文,在另一种情况下,密文Ci和密文Cj可以为通过对同态加密的密文进行同态计算得到的密文,例如上文中的密文C25和C26Among them, the ciphertext Ci and the ciphertext Cj are ciphertexts based on the same homomorphic encryption public key pk. The plaintext polynomial Vi corresponding to the ciphertext Ci is in the form of, for example, Vi=v i0 +v i1 x+…v iN x N , and the plaintext polynomial Vj corresponding to the ciphertext Cj is in the form of, for example, Vj=v j0 +v j1 x+…v jN x N . In one case, the ciphertext Ci and the ciphertext Cj can be ciphertexts obtained by directly encrypting the corresponding plaintext polynomials with the public key pk. In another case, the ciphertext Ci and the ciphertext Cj can be ciphertexts obtained by performing homomorphic calculations on homomorphically encrypted ciphertexts, such as the ciphertexts C 25 and C 26 mentioned above.

在步骤S520,基于明文多项式Vi和明文多项式Vj中的目标系数的数目,确定第一参数值和第二参数值。In step S520, a first parameter value and a second parameter value are determined based on the number of target coefficients in the plaintext polynomial Vi and the plaintext polynomial Vj.

其中,第一参数值为用于对密文中的x进行同态替换的x幂次方的次数,第二参数值为用于对密文进行同态乘法的x幂次方的次数。The first parameter value is the number of times x in the ciphertext is homomorphically replaced, and the second parameter value is the number of times x is homomorphically multiplied.

在一种实施方式中,基于明文多项式Vi和明文多项式Vj中需要保留的系数数目2s,2s应小于或者等于N,可确定第一参数值为2s+1,第二参数值为N/2s。可以理解,本说明书实施例中不限于将第一参数值设定为2s+1,将第二参数值设置为N/2s,例如,在2s+1小于等于N的情况下,可将第一参数值设置为2s+1+1,根据第一参数值相应的设置第二参数值。In one implementation, based on the number of coefficients 2 s that need to be retained in the plaintext polynomial Vi and the plaintext polynomial Vj, 2 s should be less than or equal to N, and the first parameter value can be determined to be 2 s +1 and the second parameter value to be N/2 s . It can be understood that the embodiments of this specification are not limited to setting the first parameter value to 2 s +1 and setting the second parameter value to N/2 s . For example, when 2 s+1 is less than or equal to N, the first parameter value can be set to 2 s+1 +1, and the second parameter value can be set accordingly according to the first parameter value.

例如,明文多项式Vi和明文多项式Vj中需要保留的目标系数一共有4项,从而可确定第一参数值为5,第二参数值为N/4。For example, there are a total of 4 target coefficients that need to be retained in the plaintext polynomial Vi and the plaintext polynomial Vj, so the first parameter value can be determined to be 5 and the second parameter value to be N/4.

在一种实施方式中,s=l+h,其中,2l为初始参与该数据处理过程的密文的数目,2h为每个初始的密文对应的明文多项式中需要保留的系数的数目,2l+h=2l×2h,也即初始参与该数据处理过程中的全部密文中包括的全部需要保留的系数的数目。 In one implementation, s=l+h, where 2l is the number of ciphertexts initially participating in the data processing process, 2h is the number of coefficients that need to be retained in the plaintext polynomial corresponding to each initial ciphertext, and 2l+h = 2l × 2h , that is, the number of all coefficients that need to be retained included in all ciphertexts initially participating in the data processing process.

在步骤S230,基于第一参数值、第二参数值、密文Ci和密文Cj进行同态计算,得到密文Ck。In step S230, homomorphic calculation is performed based on the first parameter value, the second parameter value, the ciphertext Ci and the ciphertext Cj to obtain the ciphertext Ck.

假设第一参数值为5,第二参数值为N/4,计算设备首先可基于第一参数值对密文Ci和密文Cj都进行同态替换,即将密文Ci中的x替换为x5,将密文Cj中的x替换为x5,具体是,将密文Ci包括的两个多项式中的x都替换为x5,将密文Cj包括的两个多项式中的x替换为x5Assuming that the first parameter value is 5 and the second parameter value is N/4, the computing device can first perform homomorphic replacement on both ciphertext Ci and ciphertext Cj based on the first parameter value, that is, replace x in ciphertext Ci with x 5 , and replace x in ciphertext Cj with x 5. Specifically, replace x in the two polynomials included in ciphertext Ci with x 5 , and replace x in the two polynomials included in ciphertext Cj with x 5 .

其中,基于同态替换的原理,将密文Ci中的x替换为x5,也就相当于将明文多项式Vi中的x替换为x5,即使得将明文多项式Vi转换为如下的形式:
Vi(x5)=v0+v1x5+…vNx5N Among them, based on the principle of homomorphic substitution, replacing x in the ciphertext Ci with x 5 is equivalent to replacing x in the plaintext polynomial Vi with x 5 , that is, converting the plaintext polynomial Vi into the following form:
Vi(x 5 )=v 0 +v 1 x 5 +…v N x 5N

参考上文的推导,经过同态替换之后,明文多项式Vi(x5)中的项的系数与明文多项式Vi中的项的系数相同,明文多项式Vi(x5)中的项和项的系数分别为明文多项式Vi中的相应项的系数的负数。Referring to the derivation above, after homomorphic substitution, the plaintext polynomial Vi(x 5 ) The coefficients of the terms are the same as those in the plaintext polynomial Vi The coefficients of the terms are the same, and the plaintext polynomial Vi(x 5 ) Item and The coefficients of the terms are the negatives of the coefficients of the corresponding terms in the plaintext polynomial Vi.

通过如此,通过将密文Ci与密文Ci(x5)相加,得到的密文对应的明文多项式Vi+Vi(x5)的常数项和x4项的系数是明文多项式Vi中的相应项系数的2倍,其项的系数变为零。其中,将密文Ci与密文Ci(x5)相加具体是,将密文Ci的第一多项式与Ci(x5)的第一多项式相加,将密文Ci的第二多项式与Ci(x5)的第二多项式相加,得到新的密文的两个多项式。In this way, by adding the ciphertext Ci to the ciphertext Ci(x 5 ), the coefficients of the constant term and the x 4 term of the plaintext polynomial Vi+Vi(x 5 ) corresponding to the ciphertext are twice the coefficients of the corresponding terms in the plaintext polynomial Vi. and The coefficient of the term becomes zero. Specifically, adding the ciphertext Ci to the ciphertext Ci(x 5 ) is to add the first polynomial of the ciphertext Ci to the first polynomial of Ci(x 5 ), and to add the second polynomial of the ciphertext Ci to the second polynomial of Ci(x 5 ), to obtain two new ciphertext polynomials.

类似地对密文Cj进行处理,可得到密文Cj+Cj(x5),其对应的明文多项式Vj+Vj(x5)的常数项和项的系数是明文多项式Vj中的相应项系数的两倍,其项的系数变为零。Similarly, the ciphertext Cj is processed to obtain the ciphertext Cj+Cj(x 5 ), and the constant terms and The coefficient of the term is twice the coefficient of the corresponding term in the plaintext polynomial Vj. and The coefficient of the term becomes zero.

之后,可基于第二参数值对密文(Cj+Cj(x5))/2进行同态乘法,即得到密文 该密文对应于明文多项式具体是,将分别与(Cj+Cj(x5))/2的两个多项式相乘,得到新的密文的两个多项式。在经过该同态乘法处理之后,中的需要保留的系数与Vj+Vj(x5)中的系数为0的项位置对应,中的系数为零的项与Vi+Vi(x5)中的需要保留的系数位置对应。从而,通过将(Ci+Ci(x5))/2与密文相加,得到密文Ck,其对应的明文多项式中包括了明文多项式Vi和明文多项式Vj中需要保留的全部系数。 Afterwards, the ciphertext (Cj+Cj(x 5 ))/2 can be homomorphically multiplied based on the second parameter value to obtain the ciphertext The ciphertext corresponds to the plaintext polynomial Specifically, Multiply the two polynomials with (Cj+Cj(x 5 ))/2 respectively to obtain two new ciphertext polynomials. After the homomorphic multiplication process, The coefficients that need to be retained in correspond to the positions of the items with coefficients of 0 in Vj+Vj(x 5 ). The terms with zero coefficients in Vi+Vi(x 5 ) correspond to the coefficient positions that need to be retained in Vi+Vi(x 5 ). Add together to get the ciphertext Ck, whose corresponding plaintext polynomial Includes all the coefficients that need to be retained in the plaintext polynomial Vi and the plaintext polynomial Vj.

在一种实施方式中,可通过如下同态计算进行转换:
In one implementation, the conversion may be performed by the following homomorphic computation:

根据上式,计算设备可首先对密文Cj进行同态乘法,得到然后,计算设备可计算密文然后仅需要对密文进行一次同态替换,即将密文中的x替换为x5,即可得到密文Ck,从而可节省计算资源。According to the above formula, the computing device can first perform homomorphic multiplication on the ciphertext Cj to obtain The computing device can then calculate the ciphertext Then only the ciphertext Perform a homomorphic replacement, that is, the ciphertext By replacing x in with x 5 , the ciphertext Ck can be obtained, thus saving computing resources.

参考上文的描述,当计算设备对M个密文进行打包处理时,可基于二叉树的结构对该多个密文进行打包处理。在M为2的幂次方的情况下,可首先对多个密文中的密文两两组合,得到多个密文对,对每个密文对进行打包处理,得到M/2个密文,然后再对M/2个密文两两组合进行打包处理,依此类推,直至得到一个密文Cq,以使得密文Cq对应的明文多项式中包括M个密文对应的M个明文多项式中需要保留的全部系数。可以理解,在M不为2的幂次方的情况下,仍然可基于二叉树的结构对多个密文进行打包处理,例如,在M=3的情况下,假设对密文Ci、Cj、Ck进行打包处理,计算设备可首先对密文Ci和Cj进行打包处理,得到密文Ct,然后对密文Ct和密文Ck进行打包处理,得到最终的密文Cq,以使得密文Cq对应的明文多项式中包括密文Ci、Cj、Ck对应的三个明文多项式中需要保留的全部系数。Referring to the above description, when the computing device performs a packing process on M ciphertexts, the multiple ciphertexts may be packed based on the structure of a binary tree. When M is a power of 2, the ciphertexts in the multiple ciphertexts may be firstly combined in pairs to obtain multiple ciphertext pairs, each ciphertext pair may be packed to obtain M/2 ciphertexts, and then the M/2 ciphertexts may be packed in pairs, and so on, until a ciphertext Cq is obtained, so that the plaintext polynomial corresponding to the ciphertext Cq includes all coefficients that need to be retained in the M plaintext polynomials corresponding to the M ciphertexts. It can be understood that when M is not a power of 2, multiple ciphertexts can still be packaged based on the binary tree structure. For example, when M=3, assuming that the ciphertexts Ci, Cj, and Ck are packaged, the computing device can first package the ciphertexts Ci and Cj to obtain the ciphertext Ct, and then package the ciphertext Ct and the ciphertext Ck to obtain the final ciphertext Cq, so that the plaintext polynomial corresponding to the ciphertext Cq includes all the coefficients that need to be retained in the three plaintext polynomials corresponding to the ciphertexts Ci, Cj, and Ck.

计算设备在通过对多个密文进行打包处理得到密文Cq之后,可以将密文Cq发送给另一设备,以将密文Cq对应的明文多项式中的多个目标系数提供给另一设备。After the computing device obtains the ciphertext Cq by packaging multiple ciphertexts, it can send the ciphertext Cq to another device to provide multiple target coefficients in the plaintext polynomial corresponding to the ciphertext Cq to the other device.

通过该实施例的方案,可以基于各个密文中需要保留的系数的数目对多个密文进行同态计算,使得在对两个密文的一次打包处理过程中,将两个密文打包到一个打包密文中,使得该打包密文对应的明文多项式中包括该两个密文对应的全部需要保留的目标系数,从而节省了计算复杂度,节省了为了存储密文需要存储资源,同时减少了为了将目标系数提供给其他设备而需要的通信数据量。Through the scheme of this embodiment, multiple ciphertexts can be homomorphically calculated based on the number of coefficients that need to be retained in each ciphertext, so that in a packing process of two ciphertexts, the two ciphertexts are packed into a packed ciphertext, so that the plaintext polynomial corresponding to the packed ciphertext includes all the target coefficients that need to be retained corresponding to the two ciphertexts, thereby saving computational complexity and storage resources required for storing ciphertexts, and reducing the amount of communication data required to provide the target coefficients to other devices.

图6为本说明书实施例中的一种计算设备的架构图,包括:FIG6 is an architecture diagram of a computing device in an embodiment of this specification, including:

获取单元61,用于获取第一密文和第二密文,所述第一密文和所述第二密文分别为第一明文多项式和第二明文多项式的同态密文,所述第一明文多项式和所述第二明文多项式为相同多项式空间中的多项式; An acquiring unit 61 is configured to acquire a first ciphertext and a second ciphertext, wherein the first ciphertext and the second ciphertext are homomorphic ciphertexts of a first plaintext polynomial and a second plaintext polynomial, respectively, and the first plaintext polynomial and the second plaintext polynomial are polynomials in the same polynomial space;

确定单元62,用于基于所述第一明文多项式和所述第二明文多项式中需要保留的第一系数的第一数目,确定第一参数值和第二参数值,所述第一参数值用于对同态密文进行同态替换的同态计算中,所述第二参数值用于对同态密文进行同态乘法的同态计算中;a determining unit 62, configured to determine a first parameter value and a second parameter value based on a first number of first coefficients to be retained in the first plaintext polynomial and the second plaintext polynomial, the first parameter value being used in a homomorphic calculation of homomorphic replacement of a homomorphic ciphertext, and the second parameter value being used in a homomorphic calculation of homomorphic multiplication of a homomorphic ciphertext;

计算单元63,用于基于所述第一参数值、所述第二参数值、所述第一密文和所述第二密文进行同态计算,得到第三密文,所述第三密文对应的第三明文多项式中包括所述第一数目的第一系数。The calculation unit 63 is used to perform homomorphic calculation based on the first parameter value, the second parameter value, the first ciphertext and the second ciphertext to obtain a third ciphertext, wherein a third plaintext polynomial corresponding to the third ciphertext includes the first coefficient of the first number.

本说明书实施例中还提供一种计算机可读存储介质,其上存储有计算机程序,当所述计算机程序在计算机中执行时,令计算机执行如图2或图5所示的方法。The embodiments of the present specification also provide a computer-readable storage medium on which a computer program is stored. When the computer program is executed in a computer, the computer is caused to execute the method shown in FIG. 2 or FIG. 5 .

本说明书实施例中还提供一种计算设备,包括存储器和处理器,所述存储器中存储有可执行代码,所述处理器执行所述可执行代码时,实现如图2或图5所示的方法。A computing device is also provided in an embodiment of the present specification, including a memory and a processor, wherein the memory stores executable code, and when the processor executes the executable code, the method shown in FIG. 2 or FIG. 5 is implemented.

在20世纪90年代,对于一个技术的改进可以很明显地区分是硬件上的改进(例如,对二极管、晶体管、开关等电路结构的改进)还是软件上的改进(对于方法流程的改进)。然而,随着技术的发展,当今的很多方法流程的改进已经可以视为硬件电路结构的直接改进。设计人员几乎都通过将改进的方法流程编程到硬件电路中来得到相应的硬件电路结构。因此,不能说一个方法流程的改进就不能用硬件实体模块来实现。例如,可编程逻辑器件(Programmable Logic Device,PLD)(例如现场可编程门阵列(Field Programmable Gate Array,FPGA))就是这样一种集成电路,其逻辑功能由用户对器件编程来确定。由设计人员自行编程来把一个数字系统“集成”在一片PLD上,而不需要请芯片制造厂商来设计和制作专用的集成电路芯片。而且,如今,取代手工地制作集成电路芯片,这种编程也多半改用“逻辑编译器(logic compiler)”软件来实现,它与程序开发撰写时所用的软件编译器相类似,而要编译之前的原始代码也得用特定的编程语言来撰写,此称之为硬件描述语言(Hardware Description Language,HDL),而HDL也并非仅有一种,而是有许多种,如ABEL(Advanced Boolean Expression Language)、AHDL(Altera Hardware Description Language)、Confluence、CUPL(Cornell University Programming Language)、HDCal、JHDL(Java Hardware Description Language)、Lava、Lola、MyHDL、PALASM、RHDL(Ruby Hardware Description Language)等,目前最普遍使用的是VHDL(Very-High-Speed Integrated Circuit Hardware Description Language)与Verilog。本领域技术人员也应该清楚,只需要将方法流程用上述几种硬件描述语言稍作逻辑编程并编程到集成电路中,就可以很容 易得到实现该逻辑方法流程的硬件电路。In the 1990s, improvements to a technology could be clearly distinguished as hardware improvements (for example, improvements to the circuit structure of diodes, transistors, switches, etc.) or software improvements (improvements to the method flow). However, with the development of technology, many improvements to the method flow today can be regarded as direct improvements to the hardware circuit structure. Designers almost always obtain the corresponding hardware circuit structure by programming the improved method flow into the hardware circuit. Therefore, it cannot be said that an improvement in a method flow cannot be implemented using a hardware entity module. For example, a programmable logic device (PLD) (such as a field programmable gate array (FPGA)) is such an integrated circuit whose logical function is determined by the user's programming of the device. Designers can "integrate" a digital system on a PLD by programming it themselves, without having to ask a chip manufacturer to design and produce a dedicated integrated circuit chip. Moreover, nowadays, instead of manually making integrated circuit chips, this kind of programming is mostly implemented by "logic compiler" software, which is similar to the software compiler used when developing and writing programs. The original code before compilation must also be written in a specific programming language, which is called hardware description language (HDL). There is not only one HDL, but many types, such as ABEL (Advanced Boolean Expression Language), AHDL (Altera Hardware Description Language), Confluence, CUPL (Cornell University Programming Language), HDCal, JHDL (Java Hardware Description Language), Lava, Lola, MyHDL, PALASM, RHDL (Ruby Hardware Description Language), etc. The most commonly used ones are VHDL (Very-High-Speed Integrated Circuit Hardware Description Language) and Verilog. Those skilled in the art should also be aware that it is easy to program the method flow in the above-mentioned hardware description languages slightly and program it into the integrated circuit. It is easy to obtain the hardware circuit that implements the logic method flow.

控制器可以按任何适当的方式实现,例如,控制器可以采取例如微处理器或处理器以及存储可由该(微)处理器执行的计算机可读程序代码(例如软件或固件)的计算机可读介质、逻辑门、开关、专用集成电路(Application Specific Integrated Circuit,ASIC)、可编程逻辑控制器和嵌入微控制器的形式,控制器的例子包括但不限于以下微控制器:ARC 625D、Atmel AT91SAM、Microchip PIC18F26K20以及Silicone Labs C8051F320,存储器控制器还可以被实现为存储器的控制逻辑的一部分。本领域技术人员也知道,除了以纯计算机可读程序代码方式实现控制器以外,完全可以通过将方法步骤进行逻辑编程来使得控制器以逻辑门、开关、专用集成电路、可编程逻辑控制器和嵌入微控制器等的形式来实现相同功能。因此这种控制器可以被认为是一种硬件部件,而对其内包括的用于实现各种功能的装置也可以视为硬件部件内的结构。或者甚至,可以将用于实现各种功能的装置视为既可以是实现方法的软件模块又可以是硬件部件内的结构。The controller may be implemented in any suitable manner, for example, the controller may take the form of a microprocessor or processor and a computer readable medium storing a computer readable program code (e.g., software or firmware) executable by the (micro)processor, a logic gate, a switch, an application specific integrated circuit (ASIC), a programmable logic controller, and an embedded microcontroller, examples of which include but are not limited to the following microcontrollers: ARC 625D, Atmel AT91SAM, Microchip PIC18F26K20, and Silicone Labs C8051F320, and the memory controller may also be implemented as part of the control logic of the memory. It is also known to those skilled in the art that in addition to implementing the controller in a purely computer readable program code manner, the controller may be implemented in the form of a logic gate, a switch, an application specific integrated circuit, a programmable logic controller, and an embedded microcontroller by logically programming the method steps. Therefore, such a controller may be considered as a hardware component, and the means for implementing various functions included therein may also be considered as a structure within the hardware component. Or even, the means for implementing various functions may be considered as both a software module for implementing the method and a structure within the hardware component.

上述实施例阐明的系统、装置、模块或单元,具体可以由计算机芯片或实体实现,或者由具有某种功能的产品来实现。一种典型的实现设备为服务器系统。当然,本申请不排除随着未来计算机技术的发展,实现上述实施例功能的计算机例如可以为个人计算机、膝上型计算机、车载人机交互设备、蜂窝电话、相机电话、智能电话、个人数字助理、媒体播放器、导航设备、电子邮件设备、游戏控制台、平板计算机、可穿戴设备或者这些设备中的任何设备的组合。The systems, devices, modules or units described in the above embodiments may be implemented by computer chips or entities, or by products with certain functions. A typical implementation device is a server system. Of course, the present application does not exclude that with the development of computer technology in the future, the computer that implements the functions of the above embodiments may be, for example, a personal computer, a laptop computer, a vehicle-mounted human-computer interaction device, a cellular phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.

虽然本说明书一个或多个实施例提供了如实施例或流程图所述的方法操作步骤,但基于常规或者无创造性的手段可以包括更多或者更少的操作步骤。实施例中列举的步骤顺序仅仅为众多步骤执行顺序中的一种方式,不代表唯一的执行顺序。在实际中的装置或终端产品执行时,可以按照实施例或者附图所示的方法顺序执行或者并行执行(例如并行处理器或者多线程处理的环境,甚至为分布式数据处理环境)。术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、产品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、产品或者设备所固有的要素。在没有更多限制的情况下,并不排除在包括所述要素的过程、方法、产品或者设备中还存在另外的相同或等同要素。例如若使用到第一,第二等词语用来表示名称,而并不表示任何特定的顺序。 Although one or more embodiments of the present specification provide method operation steps as described in the embodiments or flow charts, more or less operation steps may be included based on conventional or non-creative means. The order of steps listed in the embodiments is only one way of executing the order of many steps, and does not represent the only execution order. When the device or terminal product in practice is executed, it can be executed in sequence or in parallel according to the method shown in the embodiments or the drawings (for example, a parallel processor or a multi-threaded processing environment, or even a distributed data processing environment). The term "include", "include" or any other variant thereof is intended to cover non-exclusive inclusion, so that the process, method, product or equipment including a series of elements includes not only those elements, but also includes other elements that are not explicitly listed, or also includes elements inherent to such a process, method, product or equipment. In the absence of more restrictions, it is not excluded that there are other identical or equivalent elements in the process, method, product or equipment including the elements. For example, if the words first, second, etc. are used to represent the name, they do not represent any specific order.

为了描述的方便,描述以上装置时以功能分为各种模块分别描述。当然,在实施本说明书一个或多个时可以把各模块的功能在同一个或多个软件和/或硬件中实现,也可以将实现同一功能的模块由多个子模块或子单元的组合实现等。以上所描述的装置实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。For the convenience of description, the above devices are described in various modules according to their functions. Of course, when implementing one or more of the present specification, the functions of each module can be implemented in the same or more software and/or hardware, or the module implementing the same function can be implemented by a combination of multiple sub-modules or sub-units, etc. The device embodiments described above are only schematic. For example, the division of the units is only a logical function division. There may be other division methods in actual implementation. For example, multiple units or components can be combined or integrated into another system, or some features can be ignored or not executed. Another point is that the mutual coupling or direct coupling or communication connection shown or discussed can be through some interfaces, indirect coupling or communication connection of devices or units, which can be electrical, mechanical or other forms.

本发明是参照根据本发明实施例的方法、装置(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present invention is described with reference to the flowchart and/or block diagram of the method, device (system), and computer program product according to the embodiment of the present invention. It should be understood that each process and/or box in the flowchart and/or block diagram, as well as the combination of the process and/or box in the flowchart and/or block diagram can be implemented by computer program instructions. These computer program instructions can be provided to a processor of a general-purpose computer, a special-purpose computer, an embedded processor or other programmable data processing device to produce a machine, so that the instructions executed by the processor of the computer or other programmable data processing device produce a device for implementing the functions specified in one or more processes in the flowchart and/or one or more boxes in the block diagram.

这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing device to work in a specific manner, so that the instructions stored in the computer-readable memory produce a manufactured product including an instruction device that implements the functions specified in one or more processes in the flowchart and/or one or more boxes in the block diagram.

这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions may also be loaded onto a computer or other programmable data processing device so that a series of operational steps are executed on the computer or other programmable device to produce a computer-implemented process, whereby the instructions executed on the computer or other programmable device provide steps for implementing the functions specified in one or more processes in the flowchart and/or one or more boxes in the block diagram.

在一个典型的配置中,计算设备包括一个或多个处理器(CPU)、输入/输出接口、网络接口和内存。In a typical configuration, a computing device includes one or more processors (CPU), input/output interfaces, network interfaces, and memory.

内存可能包括计算机可读介质中的非永久性存储器,随机存取存储器(RAM)和/或非易失性内存等形式,如只读存储器(ROM)或闪存(flash RAM)。内存是计算机可读介质的示例。Memory may include non-permanent storage in a computer-readable medium, in the form of random access memory (RAM) and/or non-volatile memory, such as read-only memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.

计算机可读介质包括永久性和非永久性、可移动和非可移动媒体可以由任何方法或技术来实现信息存储。信息可以是计算机可读指令、数据结构、程序的模块或其他 数据。计算机的存储介质的例子包括,但不限于相变内存(PRAM)、静态随机存取存储器(SRAM)、动态随机存取存储器(DRAM)、其他类型的随机存取存储器(RAM)、只读存储器(ROM)、电可擦除可编程只读存储器(EEPROM)、快闪记忆体或其他内存技术、只读光盘只读存储器(CD-ROM)、数字多功能光盘(DVD)或其他光学存储、磁盒式磁带,磁带磁盘存储、石墨烯存储或其他磁性存储设备或任何其他非传输介质,可用于存储可以被计算设备访问的信息。按照本文中的界定,计算机可读介质不包括暂存电脑可读媒体(transitory media),如调制的数据信号和载波。Computer-readable media include permanent and non-permanent, removable and non-removable media that can store information by any method or technology. Information can be computer-readable instructions, data structures, program modules or other Data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technology, compact disk read-only memory (CD-ROM), digital versatile disk (DVD) or other optical storage, magnetic cassettes, magnetic tape disk storage, graphene storage or other magnetic storage devices or any other non-transmission media that can be used to store information that can be accessed by a computing device. As defined herein, computer-readable media does not include transitory media such as modulated data signals and carrier waves.

本领域技术人员应明白,本说明书一个或多个实施例可提供为方法、系统或计算机程序产品。因此,本说明书一个或多个实施例可采用完全硬件实施例、完全软件实施例或结合软件和硬件方面的实施例的形式。而且,本说明书一个或多个实施例可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。It should be understood by those skilled in the art that one or more embodiments of the present specification may be provided as a method, system or computer program product. Therefore, one or more embodiments of the present specification may take the form of a complete hardware embodiment, a complete software embodiment or an embodiment combining software and hardware. Moreover, one or more embodiments of the present specification may take the form of a computer program product implemented on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer-usable program code.

本说明书一个或多个实施例可以在由计算机执行的计算机可执行指令的一般上下文中描述,例如程序模块。一般地,程序模块包括执行特定任务或实现特定抽象数据类型的例程、程序、对象、组件、数据结构等等。也可以在分布式计算环境中实践本说明书一个或多个实施例,在这些分布式计算环境中,由通过通信网络而被连接的远程处理设备来执行任务。在分布式计算环境中,程序模块可以位于包括存储设备在内的本地和远程计算机存储介质中。One or more embodiments of the present specification may be described in the general context of computer-executable instructions executed by a computer, such as program modules. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform specific tasks or implement specific abstract data types. One or more embodiments of the present specification may also be practiced in distributed computing environments where tasks are performed by remote processing devices connected through a communication network. In a distributed computing environment, program modules may be located in local and remote computer storage media, including storage devices.

本说明书中的各个实施例均采用递进的方式描述,各个实施例之间相同相似的部分互相参见即可,每个实施例重点说明的都是与其他实施例的不同之处。尤其,对于系统实施例而言,由于其基本相似于方法实施例,所以描述的比较简单,相关之处参见方法实施例的部分说明即可。在本说明书的描述中,参考术语“一个实施例”、“一些实施例”、“示例”、“具体示例”、或“一些示例”等的描述意指结合该实施例或示例描述的具体特征、结构、材料或者特点包含于本说明书的至少一个实施例或示例中。在本说明书中,对上述术语的示意性表述不必须针对的是相同的实施例或示例。而且,描述的具体特征、结构、材料或者特点可以在任一个或多个实施例或示例中以合适的方式结合。此外,在不相互矛盾的情况下,本领域的技术人员可以将本说明书中描述的不同实施例或示例以及不同实施例或示例的特征进行结合和组合。Each embodiment in this specification is described in a progressive manner, and the same and similar parts between the embodiments can be referred to each other, and each embodiment focuses on the differences from other embodiments. In particular, for the system embodiment, since it is basically similar to the method embodiment, the description is relatively simple, and the relevant parts can be referred to the partial description of the method embodiment. In the description of this specification, the description of the reference terms "one embodiment", "some embodiments", "example", "specific example", or "some examples" means that the specific features, structures, materials or characteristics described in conjunction with the embodiment or example are included in at least one embodiment or example of this specification. In this specification, the schematic representation of the above terms does not necessarily target the same embodiment or example. Moreover, the specific features, structures, materials or characteristics described can be combined in any one or more embodiments or examples in a suitable manner. In addition, those skilled in the art can combine and combine the different embodiments or examples described in this specification and the features of different embodiments or examples without contradiction.

以上所述仅为本说明书一个或多个实施例的实施例而已,并不用于限制本说明书一个或多个实施例。对于本领域技术人员来说,本说明书一个或多个实施例可以有各 种更改和变化。凡在本说明书的精神和原理之内所作的任何修改、等同替换、改进等,均应包含在权利要求范围之内。 The above description is only an example of one or more embodiments of the present specification and is not intended to limit one or more embodiments of the present specification. For those skilled in the art, one or more embodiments of the present specification may have various Any modification, equivalent substitution, improvement, etc. made within the spirit and principle of this specification shall be included in the scope of the claims.

Claims (16)

一种保护隐私的数据处理方法,所述方法由第一方的设备和第二方的设备执行,其中,第二方拥有用于进行同态加密的公钥和与所述公钥对应的私钥,所述方法包括:A privacy-protecting data processing method, the method being executed by a device of a first party and a device of a second party, wherein the second party possesses a public key for homomorphic encryption and a private key corresponding to the public key, the method comprising: 所述第一方的设备进行如下操作:The first party's device performs the following operations: 获取第一密文和第二密文,所述第一密文和所述第二密文分别为第一明文多项式和第二明文多项式的同态密文,所述第一密文和所述第二密文与所述公钥对应,所述第一明文多项式和所述第二明文多项式为相同多项式空间中的多项式;Obtain a first ciphertext and a second ciphertext, wherein the first ciphertext and the second ciphertext are homomorphic ciphertexts of a first plaintext polynomial and a second plaintext polynomial, respectively, the first ciphertext and the second ciphertext correspond to the public key, and the first plaintext polynomial and the second plaintext polynomial are polynomials in the same polynomial space; 基于所述第一明文多项式和所述第二明文多项式中作为目标系数的第一系数的第一数目,确定第一参数值和第二参数值,所述第一参数值用于对同态密文进行同态替换的同态计算中,所述第二参数值用于对同态密文进行同态乘法的同态计算中;基于所述第一参数值、所述第二参数值、所述第一密文和所述第二密文进行同态计算,得到第三密文,所述第三密文对应的第三明文多项式中包括所述第一数目的第一系数;Determine a first parameter value and a second parameter value based on a first number of first coefficients as target coefficients in the first plaintext polynomial and the second plaintext polynomial, the first parameter value being used in a homomorphic calculation of homomorphic replacement of a homomorphic ciphertext, and the second parameter value being used in a homomorphic calculation of homomorphic multiplication of a homomorphic ciphertext; perform homomorphic calculation based on the first parameter value, the second parameter value, the first ciphertext, and the second ciphertext to obtain a third ciphertext, the third plaintext polynomial corresponding to the third ciphertext including the first number of first coefficients; 将所述第三密文发送给所述第二方的设备;sending the third ciphertext to a device of the second party; 所述第二方的设备基于所述私钥对所述第三密文解密,得到所述第三明文多项式,从所述第三明文多项式中获取所述第一数目的第一系数。The device of the second party decrypts the third ciphertext based on the private key to obtain the third plaintext polynomial, and obtains the first coefficient of the first number from the third plaintext polynomial. 根据权利要求1所述的方法,所述第一明文多项式和第二明文多项式中作为目标系数的第一系数至少包括常数项系数和xN/2项的系数。According to the method of claim 1, the first coefficients as target coefficients in the first plaintext polynomial and the second plaintext polynomial at least include coefficients of constant terms and coefficients of x N/2 terms. 根据权利要求1或2所述的方法,所述基于所述第一参数值、所述第二参数值、所述第一密文和所述第二密文进行同态计算包括:基于所述第一参数值对所述第一密文进行同态替换,得到第四密文,其中,所述第四密文对应的第四明文多项式中的至少xi项和xj项的系数是所述第一明文多项式中的xi项和xj项的系数的负数,其中,所述第一明文多项式中的xi项和xj项的系数不是所述第一明文多项式中的目标系数。According to the method of claim 1 or 2, the performing homomorphic calculation based on the first parameter value, the second parameter value, the first ciphertext and the second ciphertext includes: performing homomorphic replacement on the first ciphertext based on the first parameter value to obtain a fourth ciphertext, wherein the coefficients of at least the xi item and the xj item in a fourth plaintext polynomial corresponding to the fourth ciphertext are negative numbers of the coefficients of the xi item and the xj item in the first plaintext polynomial, and wherein the coefficients of the xi item and the xj item in the first plaintext polynomial are not the target coefficients in the first plaintext polynomial. 根据权利要求3所述的方法,所述基于所述第一参数值、所述第二参数值、所述第一密文和所述第二密文进行同态计算还包括:基于所述第一参数值对所述第二密文进行同态替换,得到第五密文,基于所述第二参数值对所述第二密文与所述第五密文之和进行同态乘法,得到第六密文,所述第六密文对应的第六明文多项式的第xi项和xj项的系数为所述第二明文多项式中的目标系数,所述第六明文多项式中的与所述第一明文多项式中所述第一系数对应的项的系数为零,基于将所述第六密文与所述第一密文和所述第四密文相加,得到所述第三密文。According to the method of claim 3, the performing homomorphic calculation based on the first parameter value, the second parameter value, the first ciphertext and the second ciphertext also includes: performing homomorphic replacement on the second ciphertext based on the first parameter value to obtain a fifth ciphertext, performing homomorphic multiplication on the sum of the second ciphertext and the fifth ciphertext based on the second parameter value to obtain a sixth ciphertext, the coefficients of the xi- th term and the xj - th term of the sixth plaintext polynomial corresponding to the sixth ciphertext are the target coefficients in the second plaintext polynomial, the coefficients of the terms in the sixth plaintext polynomial corresponding to the first coefficient in the first plaintext polynomial are zero, and the third ciphertext is obtained by adding the sixth ciphertext to the first ciphertext and the fourth ciphertext. 根据权利要求1或2所述的方法,所述基于所述第一参数值、所述第二参数值、 所述第一密文和所述第二密文进行同态计算包括:基于所述第二参数值对第二密文进行同态乘法,得到第七密文,基于所述第一参数值对所述第一密文与所述第七密文之差进行同态替换,得到第八密文,基于将所述第一密文与所述第七密文和所述第八密文相加,得到所述第三密文。The method according to claim 1 or 2, wherein the first parameter value, the second parameter value, The homomorphic calculation of the first ciphertext and the second ciphertext includes: performing homomorphic multiplication on the second ciphertext based on the second parameter value to obtain a seventh ciphertext, performing homomorphic replacement on the difference between the first ciphertext and the seventh ciphertext based on the first parameter value to obtain an eighth ciphertext, and obtaining the third ciphertext based on adding the first ciphertext to the seventh ciphertext and the eighth ciphertext. 根据权利要求1所述的方法,还包括:所述第二方的设备使用所述公钥对第九明文多项式进行同态加密,得到第九密文,所述第九明文多项式的系数对应于第一向量,将所述第九密文发送给所述第一方的设备,The method according to claim 1 further comprises: the device of the second party uses the public key to homomorphically encrypt a ninth plaintext polynomial to obtain a ninth ciphertext, the coefficients of the ninth plaintext polynomial corresponding to the first vector, and sending the ninth ciphertext to the device of the first party, 所述第一方的设备将第十明文多项式和第十一明文多项式分别与所述第九密文相乘,得到所述第一密文和所述第二密文,其中,所述第十明文多项式的系数对应于第二向量和第三向量,所述第十一明文多项式的系数对应第四向量和第五向量,The device of the first party multiplies the tenth plaintext polynomial and the eleventh plaintext polynomial by the ninth ciphertext respectively to obtain the first ciphertext and the second ciphertext, wherein the coefficient of the tenth plaintext polynomial corresponds to the second vector and the third vector, and the coefficient of the eleventh plaintext polynomial corresponds to the fourth vector and the fifth vector, 所述第一数目的第一系数包括所述第二向量与所述第一向量的内积、所述第三向量与所述第一向量的内积、所述第四向量与所述第一向量的内积和所述第五向量与所述第一向量的内积。The first coefficients of the first number include an inner product of the second vector and the first vector, an inner product of the third vector and the first vector, an inner product of the fourth vector and the first vector, and an inner product of the fifth vector and the first vector. 根据权利要求1所述的方法,还包括:The method according to claim 1, further comprising: 获取第十二密文和第十三密文,所述第十二密文和所述第十三密文分别为第十二明文多项式和第十三明文多项式的同态密文,所述第十二密文和所述第十三密文与所述公钥对应,所述第十二明文多项式和所述第十三明文多项式为所述多项式空间中的多项式;Obtain a twelfth ciphertext and a thirteenth ciphertext, wherein the twelfth ciphertext and the thirteenth ciphertext are homomorphic ciphertexts of a twelfth plaintext polynomial and a thirteenth plaintext polynomial, respectively, the twelfth ciphertext and the thirteenth ciphertext correspond to the public key, and the twelfth plaintext polynomial and the thirteenth plaintext polynomial are polynomials in the polynomial space; 基于所述第十二明文多项式和所述第十三明文多项式中作为目标系数的第二系数的第二数目,确定第三参数值和第四参数值,所述第三参数值用于对同态密文进行同态替换的同态计算中,所述第四参数值用于对同态密文进行同态乘法的同态计算中;Determine a third parameter value and a fourth parameter value based on the second number of the second coefficients as the target coefficients in the twelfth plaintext polynomial and the thirteenth plaintext polynomial, the third parameter value being used in a homomorphic calculation of homomorphic replacement of the homomorphic ciphertext, and the fourth parameter value being used in a homomorphic calculation of homomorphic multiplication of the homomorphic ciphertext; 基于所述第三参数值、所述第四参数值、所述第十二密文和所述第十三密文进行同态计算,得到所述第一密文。Perform homomorphic calculation based on the third parameter value, the fourth parameter value, the twelfth ciphertext, and the thirteenth ciphertext to obtain the first ciphertext. 根据权利要求1所述的方法,所述多项式空间中包括的多项式的次数小于N,所述N为2的幂次方,所述第一数目为2的幂次方,所述第一数目小于或者等于N。According to the method of claim 1, the degree of the polynomials included in the polynomial space is less than N, N is a power of 2, the first number is a power of 2, and the first number is less than or equal to N. 根据权利要求8所述的方法,其中,所述第一参数值等于所述第一数目加1,所述第二参数值等于N/第一数目。The method according to claim 8, wherein the first parameter value is equal to the first number plus 1, and the second parameter value is equal to N/first number. 一种保护隐私的数据处理方法,包括:A data processing method for protecting privacy, comprising: 获取第一密文和第二密文,所述第一密文和所述第二密文分别为第一明文多项式和第二明文多项式的同态密文,所述第一明文多项式和所述第二明文多项式为相同多 项式空间中的多项式;Obtain a first ciphertext and a second ciphertext, wherein the first ciphertext and the second ciphertext are homomorphic ciphertexts of a first plaintext polynomial and a second plaintext polynomial, respectively, and the first plaintext polynomial and the second plaintext polynomial are the same polymorphic polynomial. Polynomials in term space; 基于所述第一明文多项式和所述第二明文多项式中作为目标系数的第一系数的第一数目,确定第一参数值和第二参数值,所述第一参数值用于对同态密文进行同态替换的同态计算中,所述第二参数值用于对同态密文进行同态乘法的同态计算中;Determine a first parameter value and a second parameter value based on a first number of first coefficients as target coefficients in the first plaintext polynomial and the second plaintext polynomial, the first parameter value being used in a homomorphic calculation of homomorphic replacement of a homomorphic ciphertext, and the second parameter value being used in a homomorphic calculation of homomorphic multiplication of a homomorphic ciphertext; 基于所述第一参数值、所述第二参数值、所述第一密文和所述第二密文进行同态计算,得到第三密文,所述第三密文对应的第三明文多项式中包括所述第一数目的第一系数。A third ciphertext is obtained by performing homomorphic calculation based on the first parameter value, the second parameter value, the first ciphertext, and the second ciphertext, wherein a third plaintext polynomial corresponding to the third ciphertext includes a first coefficient of the first number. 根据权利要求10所述的方法,所述方法由第一方的设备执行,所述方法还包括:将所述第三密文发送给第二方的设备,其中,所述第二方拥有与所述第三密文对应的私钥。The method according to claim 10 is performed by a device of a first party, and further comprises: sending the third ciphertext to a device of a second party, wherein the second party possesses a private key corresponding to the third ciphertext. 根据权利要求10所述的方法,所述获取第一密文和第二密文包括,获取第一组密文对和第二组密文对,每组密文对包括第一密文和第二密文,所述得到第三密文包括,得到与第一组密文对对应的第三密文和与第二组密文对对应的第三密文,所述方法还包括:According to the method of claim 10, the obtaining of the first ciphertext and the second ciphertext comprises obtaining a first group of ciphertext pairs and a second group of ciphertext pairs, each group of ciphertext pairs comprising the first ciphertext and the second ciphertext, the obtaining of the third ciphertext comprises obtaining a third ciphertext corresponding to the first group of ciphertext pairs and a third ciphertext corresponding to the second group of ciphertext pairs, and the method further comprises: 以所述两个第三密文作为第三组密文对中的第一密文和第二密文,进行所述数据处理,得到与所述第三组密文对对应的第三密文,其中,与所述第三组密文对对应的第三密文对应的明文多项式中包括所述第一组密文对和所述第二组密文对对应的明文多项式中的目标系数。The data processing is performed using the two third ciphertexts as the first ciphertext and the second ciphertext in a third ciphertext pair to obtain a third ciphertext corresponding to the third ciphertext pair, wherein the plaintext polynomial corresponding to the third ciphertext corresponding to the third ciphertext pair includes the target coefficients in the plaintext polynomials corresponding to the first ciphertext pair and the second ciphertext pair. 根据权利要求12所述的方法,还包括:获取顺序排列的四个密文,将排在第一位和第三位的两个密文顺序组成所述第一组密文对,将排在第二位和第四位的两个密文顺序组成所述第二组密文对。The method according to claim 12 further includes: obtaining four ciphertexts arranged in sequence, sequentially forming the first group of ciphertext pairs with the two ciphertexts ranked first and third, and sequentially forming the second group of ciphertext pairs with the two ciphertexts ranked second and fourth. 一种计算设备,包括:A computing device comprising: 获取单元,用于获取第一密文和第二密文,所述第一密文和所述第二密文分别为第一明文多项式和第二明文多项式的同态密文,所述第一明文多项式和所述第二明文多项式为相同多项式空间中的多项式;an acquiring unit, configured to acquire a first ciphertext and a second ciphertext, wherein the first ciphertext and the second ciphertext are homomorphic ciphertexts of a first plaintext polynomial and a second plaintext polynomial, respectively, and the first plaintext polynomial and the second plaintext polynomial are polynomials in the same polynomial space; 确定单元,用于基于所述第一明文多项式和所述第二明文多项式中作为目标系数的第一系数的第一数目,确定第一参数值和第二参数值,所述第一参数值用于对同态密文进行同态替换的同态计算中,所述第二参数值用于对同态密文进行同态乘法的同态计算中;a determining unit, configured to determine a first parameter value and a second parameter value based on a first number of first coefficients as target coefficients in the first plaintext polynomial and the second plaintext polynomial, the first parameter value being used in a homomorphic calculation of homomorphic replacement of a homomorphic ciphertext, and the second parameter value being used in a homomorphic calculation of homomorphic multiplication of a homomorphic ciphertext; 计算单元,用于基于所述第一参数值、所述第二参数值、所述第一密文和所述第 二密文进行同态计算,得到第三密文,所述第三密文对应的第三明文多项式中包括所述第一数目的第一系数。a computing unit, configured to calculate a first ciphertext based on the first parameter value, the second parameter value, the first ciphertext and the first The two ciphertexts are homomorphically calculated to obtain a third ciphertext, and a third plaintext polynomial corresponding to the third ciphertext includes the first coefficient of the first number. 一种保护隐私的数据处理系统,所述系统包括第一方的设备和第二方的设备,其中,第二方拥有用于进行同态加密的公钥和与所述公钥对应的私钥,A privacy-preserving data processing system includes a device of a first party and a device of a second party, wherein the second party has a public key for homomorphic encryption and a private key corresponding to the public key. 所述第一方的设备用于进行如下操作:The first party's device is used to perform the following operations: 获取第一密文和第二密文,所述第一密文和所述第二密文分别为第一明文多项式和第二明文多项式的同态密文,所述第一密文和所述第二密文与所述公钥对应,所述第一明文多项式和所述第二明文多项式为相同多项式空间中的多项式;Obtain a first ciphertext and a second ciphertext, wherein the first ciphertext and the second ciphertext are homomorphic ciphertexts of a first plaintext polynomial and a second plaintext polynomial, respectively, the first ciphertext and the second ciphertext correspond to the public key, and the first plaintext polynomial and the second plaintext polynomial are polynomials in the same polynomial space; 基于所述第一明文多项式和所述第二明文多项式中作为目标系数的第一系数的第一数目,确定第一参数值和第二参数值,所述第一参数值用于对同态密文进行同态替换的同态计算中,所述第二参数值用于对同态密文进行同态乘法的同态计算中;Determine a first parameter value and a second parameter value based on a first number of first coefficients as target coefficients in the first plaintext polynomial and the second plaintext polynomial, the first parameter value being used in a homomorphic calculation of homomorphic replacement of a homomorphic ciphertext, and the second parameter value being used in a homomorphic calculation of homomorphic multiplication of a homomorphic ciphertext; 基于所述第一参数值、所述第二参数值、所述第一密文和所述第二密文进行同态计算,得到第三密文,所述第三密文对应的第三明文多项式中包括所述第一数目的第一系数;Performing homomorphic calculation based on the first parameter value, the second parameter value, the first ciphertext, and the second ciphertext to obtain a third ciphertext, wherein a third plaintext polynomial corresponding to the third ciphertext includes a first coefficient of the first number; 将所述第三密文发送给所述第二方的设备;sending the third ciphertext to a device of the second party; 所述第二方的设备用于基于所述私钥对所述第三密文解密,得到所述第三明文多项式,从所述第三明文多项式中获取所述第一数目的第一系数。The device of the second party is used to decrypt the third ciphertext based on the private key to obtain the third plaintext polynomial, and obtain the first coefficient of the first number from the third plaintext polynomial. 一种计算设备,包括存储器和处理器,所述存储器中存储有可执行代码,所述处理器执行所述可执行代码时,实现权利要求10-12任一项所述的方法。 A computing device comprises a memory and a processor, wherein the memory stores executable code, and when the processor executes the executable code, the method described in any one of claims 10 to 12 is implemented.
PCT/CN2023/135081 2023-09-28 2023-11-29 Data processing method and system for protecting privacy, and device Pending WO2025065854A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202311282679.3 2023-09-28
CN202311282679.3A CN117478294A (en) 2023-09-28 2023-09-28 Data processing method, device and system for protecting privacy

Publications (1)

Publication Number Publication Date
WO2025065854A1 true WO2025065854A1 (en) 2025-04-03

Family

ID=89622978

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2023/135081 Pending WO2025065854A1 (en) 2023-09-28 2023-11-29 Data processing method and system for protecting privacy, and device

Country Status (2)

Country Link
CN (1) CN117478294A (en)
WO (1) WO2025065854A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN119150353B (en) * 2024-08-30 2025-11-11 蚂蚁区块链科技(上海)有限公司 Multiparty data processing method and computing device for protecting privacy

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170180115A1 (en) * 2015-12-18 2017-06-22 Microsoft Technology Licensing, Llc Homomorphic Encryption with Optimized Homomorphic Operations
CN114006689A (en) * 2021-12-28 2022-02-01 北京瑞莱智慧科技有限公司 Data processing method, device and medium based on federal learning
US20220255721A1 (en) * 2021-01-19 2022-08-11 Alibaba Group Holding Limited Acceleration unit and related apparatus and method
CN115378573A (en) * 2022-07-22 2022-11-22 中国电子科技集团公司第三十研究所 A method, storage medium and device for formulating a private information retrieval protocol
CN115994546A (en) * 2023-02-14 2023-04-21 蚂蚁区块链科技(上海)有限公司 Safe calculation method and device for matrix multiplication

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170180115A1 (en) * 2015-12-18 2017-06-22 Microsoft Technology Licensing, Llc Homomorphic Encryption with Optimized Homomorphic Operations
US20220255721A1 (en) * 2021-01-19 2022-08-11 Alibaba Group Holding Limited Acceleration unit and related apparatus and method
CN114006689A (en) * 2021-12-28 2022-02-01 北京瑞莱智慧科技有限公司 Data processing method, device and medium based on federal learning
CN115378573A (en) * 2022-07-22 2022-11-22 中国电子科技集团公司第三十研究所 A method, storage medium and device for formulating a private information retrieval protocol
CN115994546A (en) * 2023-02-14 2023-04-21 蚂蚁区块链科技(上海)有限公司 Safe calculation method and device for matrix multiplication

Also Published As

Publication number Publication date
CN117478294A (en) 2024-01-30

Similar Documents

Publication Publication Date Title
TWI734368B (en) Data homomorphic encryption and decryption method and device for realizing privacy protection
CN112016120B (en) Event prediction method and device based on user privacy protection
JP6083234B2 (en) Cryptographic processing device
TWI686071B (en) Key management method, device and equipment
JP2017515195A (en) Solve digital logic constraint problems via adiabatic quantum computation
CN115834018A (en) Multi-party data processing method, system and equipment for protecting privacy
KR101449239B1 (en) Homomorphic Encryption and Decryption Method using Ring Isomorphism and apparatus using the same
CN111934878B (en) A data encryption and decryption method, device and medium based on blockchain
CN110391895B (en) Data preprocessing method, ciphertext data acquisition method, device and electronic equipment
CN113711247A (en) Data processing method, device and system of machine learning model
WO2025035679A1 (en) Data aggregation method and apparatus, and storage medium and electronic device
JP2023063430A (en) CRYPTOGRAPHIC SYSTEM, KEY GENERATOR, ENCRYPTER, DECODER, METHOD AND PROGRAM
CN115640601A (en) Method, system, server and client for realizing private information retrieval
WO2025065854A1 (en) Data processing method and system for protecting privacy, and device
US20200244436A1 (en) Ciphertext preprocessing and acquisition
CN110505054A (en) A kind of data processing method based on dynamic whitepack, device and equipment
CN119939667A (en) A privacy-protecting multi-party data processing method and computing device
CN119939666A (en) A privacy-protecting multi-party data processing method and computing device
CN114911851B (en) Data query method, device and storage medium
WO2024139320A1 (en) Data sorting method and apparatus, and device and readable storage medium
CN118764170B (en) Data processing method, system, device, storage medium and program product
CN119128976B (en) Privacy-protecting data processing method and computing device
CN120278275A (en) Neural network model reasoning method and computer equipment
CN120278276A (en) Neural network model reasoning method and computer equipment
CN118821947B (en) A method and device for reasoning calculation based on LLM model

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 23953987

Country of ref document: EP

Kind code of ref document: A1