Data transmission method and device, electronic equipment and storage medium

文档序号：409949 发布日期：2021-12-17 浏览：16次中文

阅读说明：本技术 数据传输方法、装置及电子设备、存储介质 (Data transmission method and device, electronic equipment and storage medium ) 是由代子营王铁成于 2021-04-06 设计创作，主要内容包括：本申请提出一种数据传输方法及装置,该数据传输方法包括：生成所述数据提供端自身的私钥片段,以及加密公钥和求值公钥,使用加密公钥对本地数据进行加密,以生成密文数据,并发送给数据使用端,接收所述数据使用端发送的密文计算结果,其中,所述密文计算结果由所述数据使用端根据求值公钥和接收的所述密文数据确定,使用所述私钥片段,对所述密文计算结果进行解密,以获取明文数据。本实施例提供的数据传输方法及装置,构造多方同态加密机制,能够实现对多个数据提供端的加密数据进行同态加密计算的目的,扩展了同态加密的应用场景。进一步地,提供了一种基于同态加密的安全多方计算技术,进而提高数据的安全性。(The application provides a data transmission method and a device, wherein the data transmission method comprises the following steps: and generating a private key segment of the data providing terminal, an encrypted public key and an evaluation public key, encrypting local data by using the encrypted public key to generate ciphertext data, sending the ciphertext data to a data using terminal, receiving a ciphertext calculation result sent by the data using terminal, wherein the ciphertext calculation result is determined by the data using terminal according to the evaluation public key and the received ciphertext data, and decrypting the ciphertext calculation result by using the private key segment to obtain plaintext data. The data transmission method and the data transmission device provided by the embodiment construct a multi-party homomorphic encryption mechanism, can achieve the purpose of homomorphic encryption calculation of encrypted data of a plurality of data providing ends, and expand the application scene of homomorphic encryption. Furthermore, a secure multi-party computing technology based on homomorphic encryption is provided, and the security of data is further improved.)

1. A data transmission method, adapted to a data providing end, the method comprising:

generating a private key fragment of the data provider, an encryption public key and an evaluation public key;

encrypting the local data by using the encrypted public key to generate ciphertext data, and sending the ciphertext data to a data using end;

receiving a ciphertext calculation result sent by the data using end, wherein the ciphertext calculation result is determined by the data using end according to the evaluation public key and the received ciphertext data;

and decrypting the ciphertext calculation result by using the private key segment to obtain plaintext data.

2. The data transmission method according to claim 1, wherein the decrypting the ciphertext computation result using the private key fragment to obtain plaintext data comprises:

decrypting the ciphertext calculation result by using the private key segment to obtain first intermediate decrypted data, and sending the first intermediate decrypted data to other data providing terminals;

receiving second intermediate decrypted data sent by the other data providing terminals;

and fusing the first intermediate decrypted data and the second intermediate decrypted data to obtain the plaintext data.

3. The data transmission method according to claim 1, wherein the generating of the data provider's own private key fragment, and the encrypting of the public key and the evaluating of the public key comprises:

generating the private key fragment of the data provider, and generating an encrypted public key fragment of the data provider and a target intermediate result corresponding to an evaluation public key based on the private key fragment;

broadcasting the encrypted public key fragment and the target intermediate result;

receiving the respective encrypted public key fragments and the target intermediate result sent by the other data providing terminals;

generating the encrypted public key based on each of the encrypted public key fragments, and generating the evaluation public key based on each of the target intermediate results.

4. The data transmission method according to claim 3, wherein the generating of the private key fragment of the data provider itself comprises:

acquiring key generation parameters, wherein the key generation parameters comprise public parameters and public random numbers;

and acquiring the private key fragment based on the public parameter and a private key generation algorithm.

5. The data transmission method according to claim 4, wherein the generating of the intermediate result corresponding to the encrypted public key fragment and the evaluation public key based on the private key fragment comprises:

generating the encrypted public key segment based on the private key segment, the public random number and an encrypted public key generation algorithm;

generating the target intermediate result based on the private key fragment and an evaluation public key generation algorithm.

6. The data transmission method of claim 5, wherein generating the target intermediate result based on the private key fragment and an evaluation public key generation algorithm comprises:

generating a first intermediate result of the evaluation public key based on the private key fragment, the public random number and an evaluation public key generation algorithm, and broadcasting the first intermediate result;

receiving the respective first intermediate results sent by other data providing terminals;

acquiring a second intermediate result of the evaluation public key based on the first intermediate result of the evaluation public key and the first intermediate result of the other data provider;

and acquiring a target intermediate result of the evaluation public key based on the private key segment, the public random number and the second intermediate result, and broadcasting the target intermediate result.

7. A data transmission method, adapted to a data user, the method comprising:

receiving ciphertext data sent by each data providing end;

carrying out encryption calculation on each ciphertext data by using the evaluation public key to obtain a ciphertext calculation result;

and respectively sending the ciphertext calculation result to each data providing end for decryption.

8. The data transmission method according to claim 7, wherein before receiving the ciphertext data sent by the data providing side, the method further comprises:

receiving encrypted public key fragments sent by each data providing end;

and acquiring the encrypted public key based on each encrypted public key segment.

9. The data transmission method according to claim 7, wherein before receiving the ciphertext data sent by the data providing side, the method further comprises:

receiving a target intermediate result of the evaluation public key sent by each data providing end;

and acquiring the evaluation public key based on each target intermediate result.

10. A data transmission apparatus adapted to a data providing side, the data transmission apparatus comprising:

the key generation module is used for generating a private key fragment of the data providing end, an encryption public key and an evaluation public key;

the encryption module is used for encrypting the local data by using the encrypted public key to generate ciphertext data and sending the ciphertext data to the data using end;

the receiving module is used for receiving a ciphertext calculation result sent by the data using end, wherein the ciphertext calculation result is determined by the data using end according to the evaluation public key and the received ciphertext data;

and the decryption module is used for decrypting the ciphertext calculation result by using the private key segment so as to obtain plaintext data.

11. The data transmission apparatus of claim 10, wherein the decryption module is further configured to:

receiving second intermediate decrypted data sent by the other data providing terminals;

and fusing the first intermediate decrypted data and the second intermediate decrypted data to obtain the plaintext data.

12. The data transmission apparatus according to claim 10, wherein the key generation module comprises:

the first generation unit is used for generating the private key fragment and generating a target intermediate result corresponding to an encrypted public key fragment and an evaluation public key of the data provider based on the private key fragment;

a sending unit, configured to broadcast the encrypted public key segment and the target intermediate result;

a receiving unit, configured to receive the encrypted public key fragments and the target intermediate result sent by the other data providing terminals;

a second generating unit configured to generate the encrypted public key based on each of the encrypted public key fragments, and generate the evaluation public key based on each of the target intermediate results.

13. The data transmission apparatus according to claim 12, wherein the first generating unit is further configured to:

acquiring key generation parameters, wherein the key generation parameters comprise public parameters and public random numbers;

and acquiring the private key fragment based on the public parameter and a private key generation algorithm.

14. The data transmission apparatus according to claim 13, wherein the first generating unit is further configured to:

generating the encrypted public key segment based on the private key segment, the public random number and an encrypted public key generation algorithm;

generating the target intermediate result based on the private key fragment and an evaluation public key generation algorithm.

15. The data transmission apparatus of claim 14, wherein the first generating module is further configured to:

receiving the respective first intermediate results sent by other data providing terminals;

acquiring a second intermediate result of the evaluation public key based on the first intermediate result of the evaluation public key and the first intermediate result of the other data provider;

16. A data transmission device, adapted for use at a data consumer, said data transmission device comprising:

the receiving module is used for receiving the ciphertext data sent by each data providing end;

the encryption module is used for carrying out encryption calculation on each ciphertext data by using the evaluation public key to obtain a ciphertext calculation result;

and the sending module is used for sending the ciphertext calculation results to each data providing end for decryption.

17. The data transmission apparatus of claim 16, further comprising:

the first key generation module is used for receiving the encrypted public key fragments sent by the data providing ends and acquiring the encrypted public key based on the encrypted public key fragments.

18. The data transmission apparatus of claim 16, further comprising:

and the second key generation module is used for receiving target intermediate results of the evaluation public key sent by each data providing end and acquiring the evaluation public key based on each target intermediate result.

19. An electronic device comprising a processor and a memory;

wherein the processor executes a program corresponding to the executable program code by reading the executable program code stored in the memory for implementing the data transmission method according to any one of claims 1 to 6 or for implementing the data transmission method according to any one of claims 7 to 9.

20. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, is adapted to carry out a data transmission method according to any one of claims 1 to 6 or is adapted to carry out a data transmission method according to any one of claims 7 to 9.

Technical Field

The present application relates to the field of data processing, and in particular, to a data transmission method and apparatus, an electronic device, and a storage medium.

Background

Homomorphic encryption allows computation of encrypted ciphertext data, enabling the use of data while protecting the security of the data. In the related art, homomorphic encryption only supports calculation of ciphertext data encrypted by one key, but cannot realize joint calculation of a plurality of ciphertext data encrypted by different keys, so that the use scene of homomorphic encryption is limited.

Disclosure of Invention

The present application is directed to solving, at least to some extent, one of the technical problems in the related art. Therefore, an object of the present application is to provide a mechanism for constructing a multi-party homomorphic encryption, which can achieve the purpose of homomorphic encryption of encrypted data of multiple data providing terminals, and expand the application scenarios of homomorphic encryption.

A first object of the present application is to propose a data transmission method.

A second object of the present application is to propose another data transmission method.

A third object of the present application is to provide a data transmission device.

A fourth object of the present application is to propose another data transmission device.

A fifth object of the present application is to provide an electronic device.

A sixth object of the present application is to propose a computer-readable storage medium.

To achieve the above object, an embodiment of a first aspect of the present application provides a data transmission method, which is applied to a data providing end, and the method includes: interacting with other data providing terminals to generate an encrypted public key and an evaluation public key; encrypting the local data by using the encrypted public key to generate ciphertext data, and sending the ciphertext data to a data using end; receiving a ciphertext calculation result sent by the data using end, wherein the ciphertext calculation result is determined by the data using end according to the evaluation public key and the received ciphertext data; and decrypting the ciphertext calculation result by using the private key segment of the data providing end to obtain plaintext data.

In order to achieve the above object, a second aspect of the present application provides a data transmission method, which is applied to a data consumer, and the method includes: receiving ciphertext data sent by each data providing end; carrying out encryption calculation on each ciphertext data by using the evaluation public key to obtain a ciphertext calculation result; and respectively sending the ciphertext calculation results to each data providing end for decryption.

To achieve the above object, a third aspect of the present invention provides a data transmission device, adapted to a data providing end, the device including: the key generation module is used for interacting with other data providing terminals to generate an encryption public key and an evaluation public key; the encryption module is used for encrypting the local data by using the encryption public key to generate ciphertext data and sending the ciphertext data to the data using end; the receiving module is used for receiving a ciphertext calculation result sent by the data using end, wherein the ciphertext calculation result is determined by the data using end according to the evaluation public key and the received ciphertext data; and the decryption module is used for decrypting the ciphertext calculation result by using the private key segment of the data providing end so as to obtain plaintext data.

In order to achieve the above object, a fourth aspect of the present application provides a data transmission device, which is suitable for a data user side, and includes: the receiving module is used for receiving the ciphertext data sent by each data providing end; the encryption module is used for carrying out encryption calculation on each ciphertext data by using the evaluation public key to obtain a ciphertext calculation result; and the sending module is used for sending the ciphertext calculation results to each data providing end for decryption.

To achieve the above object, a fifth embodiment of the present application provides an electronic device, which includes a processor and a memory;

wherein the processor executes a program corresponding to the executable program code by reading the executable program code stored in the memory, for implementing the data transmission method provided in the above aspect.

To achieve the above object, a sixth aspect of the present application provides a computer-readable storage medium, on which a computer program is stored, wherein the program, when executed by a processor, implements the data transmission method provided in the above aspect.

According to the data transmission method and device, a multi-party homomorphic encryption mechanism is constructed, the purpose of homomorphic encryption calculation of encrypted data of a plurality of data providing ends can be achieved, and the application scene of homomorphic encryption is expanded. Further, a secure multiparty computing technique based on homomorphic encryption is provided to improve the security of data. Data are transmitted based on a homomorphic encryption algorithm, so that the safety of the data providing end can be protected, and further, the information leakage of the data providing end is prevented. Furthermore, the private keys for decryption at a plurality of data providing terminals are managed in a distributed manner, and the security of data is improved.

Additional aspects and advantages of the invention will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the invention.

Drawings

Fig. 1 is a schematic view of an application scenario of a data transmission method provided in the present application;

fig. 2 is a schematic flowchart of a data transmission method according to an embodiment of the present application;

fig. 3 is a schematic flow chart of a key generation method according to another embodiment of the present application;

fig. 4 is a schematic flow chart of a data transmission method according to another embodiment of the present application;

fig. 5 is a schematic flow chart of a data transmission method according to another embodiment of the present application;

fig. 6 is a schematic flow chart of a data transmission method according to another embodiment of the present application;

fig. 7 is a schematic flow chart of a data transmission method according to another embodiment of the present application;

fig. 8 is a schematic application diagram of a data transmission method according to an embodiment of the present application;

fig. 9 is a schematic structural diagram of a data transmission apparatus according to an embodiment of the present application;

fig. 10 is a schematic structural diagram of a data transmission device according to another embodiment of the present application;

fig. 11 is a schematic structural diagram of a data transmission device according to another embodiment of the present application;

fig. 12 is a schematic structural diagram of an electronic device according to an embodiment of the present application.

Detailed Description

Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are illustrative and intended to be illustrative of the invention and are not to be construed as limiting the invention.

Fig. 1 is a schematic view of an application scenario of the data transmission method provided in the present application. As shown in fig. 1, the application scenario may include: at least one data provider (fig. 1 shows three data providers, namely, a data provider 111, a data provider 112, and a data provider 113), a network 12, and a data consumer 13. Wherein each data providing end and the data using end 13 can communicate through the network 12. Each data provider may communicate with each other via network 12.

It should be noted that fig. 1 is only a schematic diagram of an application scenario provided in this embodiment of the present application, and this embodiment of the present application does not limit the devices included in fig. 1, nor does it limit the positional relationship between the devices in fig. 1, for example, in the application scenario shown in fig. 1, a data storage device may also be included, and the data storage device may be an external memory or an internal memory integrated inside with respect to the data providing end and the data using end 13.

The technical solution of the present application will be described in detail below with reference to specific examples. It should be noted that the following specific embodiments may be combined with each other, and the same or similar concepts or processes may not be described in detail in some embodiments.

Fig. 2 is a flowchart illustrating a data transmission method according to an embodiment of the present application. As shown in fig. 2, the execution subject is a data provider, and the data provider may be an electronic device such as an e-commerce server, a social server, a communication server, etc. that possesses data of multiple parties of a user.

As shown in fig. 2, the data transmission method includes the following steps:

s201, generating a private key fragment of the data provider, an encryption public key and an evaluation public key.

In this embodiment, the private key fragment, the encryption public key, and the evaluation public key of the data provider are generated in an interactive cooperation manner between the data provider and another data provider. In some implementations, the data provider may obtain its own key generation parameters, where the key generation parameters include a public parameter and a public random number. Further, the data providing end generates own private key segment and partial contents of the encrypted public key segment and the evaluation public key based on own key generation parameters, and interacts with other data providing ends to share the own encrypted public key segment and partial contents of the evaluation public key to other data providing ends. Correspondingly, other data providers can share the encrypted public key fragment and partial content of the evaluation public key. The data providing terminal can obtain the encrypted public key after obtaining the encrypted public key fragments of other data providing terminals, and similarly, the evaluation public key can also be obtained based on partial content of the obtained evaluation public key. The other data providing terminals may be the same type of server as the data providing terminal serving as the execution subject, or may be other types of servers. Each data providing end participates in the calculation of the encryption public key and the evaluation public key, a multi-party homomorphic encryption mechanism is constructed, and the purpose of homomorphic encryption of data by a plurality of data providing ends can be realized.

S202, the local data is encrypted by using the encryption public key to generate ciphertext data, and the ciphertext data is sent to the data using end.

In this embodiment, the data providing end needs to encrypt its local data by using an encryption public key and then generate a ciphertext data. After the ciphertext data is generated, the data providing end sends the ciphertext data to the data using end. Accordingly, the data using end can receive the respective ciphertext data sent by the data providing ends. The local data of the data provider is encrypted through the encryption public key, so that only the data provider knows the data of the data provider, and other data providers obtain the data, so that the data of each data provider has higher safety, and the data leakage is avoided.

Continuing with the scenario of fig. 1 as an example, the data providing end 111 encrypts the local data u1 using the encryption public key to generate ciphertext data ct1, the data providing end 112 encrypts the local data u2 using the encryption public key to generate ciphertext data ct2, and the data providing end 113 encrypts the local data u3 using the encryption public key to generate ciphertext data ct 3. The data consumer 13 can receive the respective ciphertext data sent by each data provider.

S203, receiving a ciphertext calculation result sent by the data using end, wherein the ciphertext calculation result is determined by the data using end according to the evaluation public key and the received ciphertext data.

And after the data using end receives the ciphertext data sent by each data providing end, the data using end carries out encryption calculation on the ciphertext data based on the evaluation public key to generate a ciphertext calculation result, and then the ciphertext calculation result is respectively sent to each data providing end.

Accordingly, the data providing end can receive the ciphertext calculation result sent by the data using end.

S204, the ciphertext calculation result is decrypted by using the private key segment to obtain plaintext data.

In order to ensure the security of the data of each data providing end, in this embodiment, each data providing end cannot directly obtain a complete private key, and each data providing end has a part of the content of the private key, that is, a private key fragment. After receiving the ciphertext calculation result, the data providing end can decrypt the ciphertext calculation result by using the private key segment of the data providing end, so as to obtain plaintext data.

The data transmission method provided by the embodiment constructs a multi-party homomorphic encryption mechanism, can achieve the purpose of performing homomorphic encryption calculation on encrypted data of a plurality of data providing ends, and expands the application scene of homomorphic encryption. Further, a secure multiparty computing technique based on homomorphic encryption is provided to improve the security of data. Data are transmitted based on a homomorphic encryption algorithm, so that the safety of the data providing end can be protected, and further, the information leakage of the data providing end is prevented. Furthermore, the private keys for decryption at a plurality of data providing terminals are managed in a distributed manner, and the security of data is improved.

On the basis of the above embodiments, in order to implement encryption and decryption of data, before local data is encrypted by using an encrypted public key to generate ciphertext data, cooperation between data providing terminals is also required to generate a secret key, where the secret key includes a public key and a private key. In this embodiment, the public key for encryption includes an encryption public key and an evaluation public key. In the embodiment of the present application, a hierarchical homomorphic encryption (BGV) algorithm based on a Learning With Error (LWE) problem is adopted. Note that the notation e.pubkeygen (s; a) is used to denote an encryption public key generation algorithm performed using a fixed coefficient a. The cryptographic public key generation algorithm performed using fixed coefficients a and noise e is denoted using the notation e.

The generation process of the key is described below.

Fig. 3 is a schematic flowchart of a key generation method according to another embodiment of the present application. As shown in fig. 3, the execution subject is a data provider, and the key generation process includes the following steps:

s301, generating a private key fragment of the data providing end.

Each data provider possesses a key generation parameter for generating a key, based on which the key is generated. Wherein the key generation parameter includes a public parameter and a public random number. A common parameter ofWherein, params_dFor the parameters of the LWE-based hierarchical BGV algorithm, d denotes the modulus q of the ciphertext_d，κ，m，n，And χ is a parameter of the above algorithm, where κ is a security parameter, m, n are dimensions respectively,and χ represent a key probability distribution and a noise probability distribution, respectively.Is a probability distributionAnd the boundary of χ. Each time a sample is taken(or x ← χ), the test is carried out(or | x | ≦ B_χ) And if the condition is not satisfied, resampling. B is_evalIs the noise bound of the evaluation key calculation, B_encIs a cryptographically calculated noise boundary, B_decIs the noise boundary of the decryption computation.

Optionally, the public random number comprises:wherein D ∈ { 0.,. D }; i is an element of [ n ]]，[n]Representing the set of all integers including 1 to n,n is the number of data supply ends, and D is the LWE-based hierarchical BGV algorithm, and the maximum multiplication level of the supporting circuit is realized.

Further, after obtaining the key generation parameter, the data providing end may generate its own private key segment based on the key generation parameter and the private key generation algorithm. The private key generation algorithm is e.symkeygen (params), public parameters in the key generation parameters are input into the private key generation algorithm, and a private key segment corresponding to the data providing end can be output.

Data provider P_kGenerating own private key segment by using public parameter in key generation parameterFirst P_kCalling a private key generation algorithm of the LWE-based hierarchical BGV algorithm, and generating a private key for each D e {0

S302, generating an encrypted public key fragment of the data provider based on the private key fragment.

Further, after the data providing end obtains the private key fragment, the data providing end may generate the encrypted public key fragment of the data providing end based on the private key fragment, the public random number and the encrypted public key generation algorithm. The encryption public key generation algorithm is E.PubKeygen(s). The private key segment and the public random number are input into the encryption public key generation algorithm, and the encryption public key segment corresponding to the data providing end can be output.

Data provider P_kGenerating its own encrypted public key fragment using the public random number in the private key fragment and the key generation parameterFirst P_kCalling an encryption public key generation algorithm of a hierarchical BGV algorithm based on LWE, and generating a secret key for each D e {0Wherein the content of the first and second substances,

s303, generating a target intermediate result corresponding to the evaluation public key based on the private key fragment.

After the data providing end obtains the private key segment, a first intermediate result of the evaluation public key corresponding to the data providing end can be generated based on the private key segment, the public random number and the evaluation public key generation algorithm. Wherein, the evaluation public key generation algorithm is E.symEnc(s). The private key segment and the public random number are input into the evaluation public key generating algorithm, and a first intermediate result of the evaluation public key corresponding to the data providing end can be output.

Data provider P_kGenerating a first intermediate result of the evaluation public key using the private key fragment and the public random number in the key generation parameterFirst P_kInvoking an evaluation public key generation algorithm, for each D e {0]，[n]Representing the set of all integers including 1 to n,the following calculations are made:

wherein the content of the first and second substances, to representThe ith component of the representation.

Also for each d, i, τ and each l ∈ [ N ] as above]- { k }, data provider P_kComputingWherein the content of the first and second substances,

after the first intermediate result of the evaluation public key is obtained, the first intermediate result of the evaluation public key can be sent to other data providing terminals. For example, the data provider may broadcast its first intermediate result. Similarly, the other data providers broadcast respective first intermediate results. Accordingly, the data provider may receive the respective first intermediate results broadcast by the other data providers. After the first intermediate results of other data providing terminals are obtained, the second intermediate result of the evaluation public key can be further obtained by combining the first intermediate results of the other data providing terminals.

Data provider P_kAt the moment of acquisitionA second intermediate result can be calculatedP_kBased onA second intermediate result may be calculated. If all data owners adhere to the protocol, thenWhereinIn implementation the evaluation public key isSecond intermediate result of calculationAlready close to the above evaluation public key.

Further, after the second intermediate result is obtained, the data providing end is based on the public random number in the private key segment and the key generation parameter and the second intermediate result, and the target intermediate result of the evaluation public key can be obtained

Data provider P_kAfter obtaining the second intermediate resultFor each l e [ N [ ]]，d∈[D]，i,j∈[n]，e←^$[-B_eval,B_eval]，After the operation, the target intermediate result corresponding to the evaluation public key can be obtainedIs more similar toThe distance evaluation public key is further.

S304, broadcasting the target intermediate result corresponding to the encrypted public key fragment and the evaluation public key.

S305, receiving the respective encrypted public key fragments and the target intermediate result sent by other data providing terminals.

S306, generating an encrypted public key based on each encrypted public key segment, and generating an evaluation public key based on each target intermediate result.

The specific processing of steps S304 to S306 will be described in detail below.

In this embodiment, after acquiring the own encrypted public key segment, the data provider may send the own encrypted public key segment to another data provider. For example, the data provider may broadcast its own encrypted public key fragment. Similarly, other data providers will broadcast respective encrypted public key fragments. Accordingly, the data provider may receive the respective encrypted public key fragments broadcast by the other data providers. After the encrypted public key fragments of other data providing terminals are obtained, the encrypted public key can be recovered by combining the encrypted public key fragments of the data providing terminals.

Data provider P_kAt the moment of acquisitionWherein the content of the first and second substances,a collection of encrypted public key fragments representing all data providers. P_kUpon obtaining theAfter aggregation, the encrypted public key can be calculatedP_kBased onAn encrypted public key may be computed.

In the homomorphic encryption process, if each data providing end follows the protocol, namely each data providing end is a credible data provider, the encryption public key generation algorithm isWherein the content of the first and second substances,wherein l is ∈ [ N ]]，d∈[D]。

Further, after obtaining the target intermediate result of the evaluation public key, the data provider may send the target intermediate result to other data providers. For example, the data provider may broadcast its own target intermediate results. Similarly, other data providers will broadcast respective targeted intermediate results. Accordingly, the data provider may receive respective targeted intermediate results broadcast by other data providers. After the target intermediate results of other data providing ends are obtained, the evaluation public key can be recovered by combining the target intermediate results of the data providing ends.

Data provider P_kHaving the input setup, computing an output evaluation keyP_kThe calculation is performed as follows for each l ∈ [ N ]]，d∈[D]，i∈[n]，j∈[n]∪{0}，The evaluation public key can be calculated using the following formula:

accordingly, the data using end can receive the respective encrypted public key fragments broadcast by each data providing end, and can acquire the complete encrypted public key by adopting a similar mode. The data using end adopts the calculation formula of the evaluation public key to calculate the evaluation public key.

The data providing terminal calls an encryption algorithm after acquiring the encryption public key, wherein the encryption algorithm is E_pkAnd (mu) encrypting the data of the user by using the encryption algorithm to obtain ciphertext data. For example, the data provider P_kAnd (v, w) ← E.Enc) is calculated by calling encryption algorithm_pk(mu) to finally obtain ciphertext data c_k((v, w +2e),0), where 0 denotes a multiplication level of 0, e ←^$[-B_enc,B_enc]。

After the data using end obtains the evaluation public key, the data using end encrypts the ciphertext data sent by each data providing end by using the evaluation public key to obtain a ciphertext calculation result.

Data consumer calls Eval_evkAn encryption algorithm for encrypting each ciphertext data based on the evaluation public key, i.e. Eval_evk(f,c₁,…,c_l) The ciphertext computation result may be computed. Wherein, evaluation Algorithm, Eval_evk(f,c₁,…,c_l) And e.eval_evk(f,c₁,…,c_l) The same is true.

In the key generation process provided in this embodiment, a two-round protocol is performed between N data providers, the input is setup, and the output is an evaluation public keyEncrypted public keyEach data owner obtains a private key portionIn the embodiment, the encrypted data can be further encrypted based on the evaluation public key, so that the safety of data transmission is better ensured. Moreover, the private keys for decryption at a plurality of data providing terminals are managed in a distributed manner, and the security of data is improved.

Based on the above embodiment, after the data providing end obtains the ciphertext calculation result, it will use its own private key segmentAnd decrypting the received ciphertext calculation result. Fig. 4 is a flowchart illustrating a data transmission method according to another embodiment of the present application. As shown in fig. 4, the execution main body is a data providing end, and the data transmission method includes the following steps:

s400, generating a private key fragment of the data provider, and encrypting the public key and evaluating the public key.

S401, the local data is encrypted by using the encrypted public key to generate ciphertext data, and the ciphertext data is sent to the data using end.

S402, receiving a ciphertext calculation result sent by the data using end, wherein the ciphertext calculation result is determined by the data using end according to the evaluation public key and the received ciphertext data.

For the description of steps S400 to S402, reference may be made to the description of the relevant contents in the above embodiments, and the description is omitted here.

And S403, decrypting the ciphertext calculation result by using the private key segment to obtain first intermediate decrypted data, and sending the first intermediate decrypted data to other data providing terminals.

In this embodiment, since the data providing end only has a part of the private key, the ciphertext calculation result cannot be completely decrypted, and after the ciphertext calculation result is decrypted, a first intermediate decrypted data may be obtained. After the first intermediate decrypted data is obtained, in order to decrypt the data completely, the data providing needs to send the first intermediate decrypted data to other data providing terminals, so that other data ladder terminals can also obtain the own first intermediate decrypted data, and so that other data providing terminals can decrypt the plaintext data.

Optionally, the data providing end broadcasts the first intermediate decrypted data outwards, and other data providing ends can listen to the first intermediate decrypted data. Alternatively, the data provider may also send the data directly to other data providers. Here, the example is only used, and the transmission mode of the first intermediate decrypted data is not particularly limited in this embodiment.

Data provider P_kHas its own private key segmentDecrypting the received ciphertext computation result, P_kCalculating first intermediate decrypted dataWherein e is_k←^$[-B_dec,B_dec]. Then, P_kBroadcasting the first intermediate decrypted data w outwards^k。

S404, receiving second intermediate decrypted data sent by other data providing terminals.

In this embodiment, the roles of each data provider are the same, and other data providers will also decrypt the received ciphertext computation result by using their own private key segments to obtain decrypted intermediate decrypted data. It should be noted that, in order to distinguish the intermediate decrypted data decoded by the other data providing end using its own private key segment, it is referred to as second intermediate decrypted data. And after obtaining the second intermediate decrypted data, the other data providing ends also send the second intermediate decrypted data outwards. Optionally, other data providing terminals also broadcast their second intermediate decrypted data, and the data providing terminals can listen to the second intermediate decrypted data.

S405, according to the fusion of the first intermediate decrypted data and the second intermediate decrypted data, plaintext data is obtained.

Based on the secret sharing mechanism, enough secret fragments need to be acquired to decrypt the secret. In this embodiment, the decrypted intermediate decrypted data can be shared among the data providing terminals, so that each data providing terminal can acquire enough intermediate decrypted data, and the plaintext data can be decrypted. In this embodiment, the data providing end may receive the ciphertext calculation result sent by the data using end, where the ciphertext calculation result is a multiplication level. The data providing end fuses the first intermediate decrypted data and the second intermediate decrypted data, for example, the plaintext data can be decrypted by homomorphically adding or multiplying the first intermediate decrypted data and the second intermediate decrypted data.

The data providing end can acquire second intermediate decrypted data sent by other data providing ends, and the first intermediate decrypted data and the second intermediate decrypted data are fused by adopting the following formula:further, based on a formulaThe plaintext data can be decrypted.

Fig. 5 is a flowchart illustrating a data transmission method according to another embodiment of the present application. As shown in fig. 5, the execution subject is a data using end, and the data transmission method includes the following steps:

s501, receives ciphertext data transmitted by each data providing end.

S502, carrying out encryption calculation on each ciphertext data by using the evaluation public key to obtain a ciphertext calculation result.

After the data using end receives the ciphertext data sent by each data providing end, an encryption algorithm is called for all the ciphertext data, encryption calculation is carried out on each ciphertext data based on the evaluation public key to generate a ciphertext calculation result, and then the ciphertext calculation result is sent to each data providing end respectively. For example, the data consumer calls Eval_evkAn encryption algorithm for encrypting each ciphertext data based on the evaluation public key, i.e. Eval_evk(f,c₁,…,c_l) The ciphertext computation result may be computed. Wherein, evaluation Algorithm, Eval_evk(f,c₁,…,c_l) And e.eval_evk(f,c₁,…,c_l) The same is true.

And S503, respectively sending the ciphertext calculation results to each data providing end for decryption.

After the ciphertext calculation result is obtained, the ciphertext calculation result is sent to the data providing end, and the data providing end can decrypt the ciphertext calculation result to obtain plaintext data. In order to ensure the security of the data of each data providing end, in this embodiment, each data providing end cannot directly obtain a complete private key, and each data providing end has a part of the content of the private key, that is, a private key fragment. After receiving the ciphertext calculation result, the data providing end can decrypt the ciphertext calculation result by using the private key segment of the data providing end, so as to obtain plaintext data.

On the basis of the above embodiments, before receiving ciphertext data sent by a data provider, the data provider needs to cooperate with the data provider to generate an encrypted public key and an evaluation public key in order to encrypt and decrypt the data. Fig. 6 is a flowchart illustrating a data transmission method according to another embodiment of the present application. As shown in fig. 6, the execution subject is a data using end, and the data transmission method includes the following steps:

s601, receiving the encrypted public key fragment sent by each data provider.

In this embodiment, each data provider may generate an encrypted public key fragment first, and broadcast the encrypted public key fragment to the data consumer. Accordingly, the data consumer can receive the encrypted public key fragments sent by each data provider. For the calculation process of generating the encrypted public key fragment by the data provider, reference may be made to the description of relevant contents in the above embodiments, and details are not described here.

S602, based on the encrypted public key fragments of each data provider, the encrypted public key is obtained.

And after the encrypted public key fragments of each data providing end are obtained, adding the encrypted public key fragments to obtain an encrypted public key. Optionally, the cryptographic public key generation algorithm isWherein the content of the first and second substances,wherein l is ∈ [ N ]]，d∈[D]。

Fig. 7 is a flowchart illustrating a data transmission method according to another embodiment of the present application. As shown in fig. 7, the execution subject is a data using end, and the data transmission method includes the following steps:

s701, receiving target intermediate results of the evaluation public keys sent by the data providing terminals.

In this embodiment, each data provider may generate a target intermediate result of the evaluation public key first, and broadcast the target intermediate result to the data consumer. Accordingly, the data consumer can receive the target intermediate result sent by each data provider. For the calculation process of generating the target intermediate result at the data providing end, reference may be made to the description of relevant contents in the above embodiments, and details are not described here.

S702, based on the target intermediate result of each data providing end, an evaluation public key is obtained.

And after the target intermediate results of the data providing terminals are obtained, calculating based on the target intermediate results to obtain an evaluation public key.

The data consumer has an input setup,computing an output evaluation keyFor each l e [ N [ ]]，d∈[D]，i∈[n]，j∈[n]∪{0}，The evaluation public key can be calculated using the following formula:

after the evaluation public key is obtained, the data using end can perform encryption calculation on the ciphertext data of each data providing end by using the evaluation public key to obtain a ciphertext calculation result.

The data transmission method provided by the present application is explained below with reference to application scenarios of two data providing terminals, and as shown in fig. 8, the data transmission process can be divided into four stages.

The first stage is a key generation stage:

two data providers interactively cooperate to generate an encrypted public key, p in FIG. 8_k. Meanwhile, each data provider has a part of the private key corresponding to the public key, and in fig. 8, data provider No. 1 has s_k1The No. 2 data provider has s_k2. Each data provider cannot obtain any information of the private key part of other data owners, and cannot obtain any information of the private key.

The second phase is a data encryption phase:

each data provider encrypts its own data using the encryption public key to generate ciphertext data, as shown in c of fig. 8_t1And c_t2. Each data providing terminal sends the respective ciphertext data to the data user.

The third stage is a ciphertext calculation stage:

the data using end performs encryption calculation on each ciphertext data by using the evaluation-based key to obtain a ciphertext calculation result, for example, c in fig. 8_r. And the data using end sends the ciphertext calculation result to all data providing ends.

The fourth stage is a ciphertext calculation result decryption stage:

and (4) interactively collaborating each data providing end, and decrypting the ciphertext calculation result by using the private key part of each data providing end in a combined manner to obtain a plaintext calculation result.

The following description and convention are made for the symbols in the homomorphic encryption algorithm in the above embodiments:

using E to denote the hierarchical BGV algorithm based on LWE, the maximum multiplication level of the support circuit is D, and the plaintext space is {0,1 }. The use of TFHE denotes threshold homomorphic encryption. Suppose there are N data owners, one data user. The vectors are represented using lower case letters in bold, and the lower case letters represent scalars. If s is a vector, then s [ i ]]The ith component, representing s, is the contract s [0 ]]1. Suppose thatRepresenting a probability distribution over a finite set S,denotes x isX ← c^$S denotes that x is a uniformly distributed sample over S. The base of all logarithms is 2. If n is a positive integer, then n]Representing the set of all integers including 1 to n.

E comprises the following basic components:

1)params is an implicit input to all algorithms, κ is a security parameter, q is an odd modulo, m and n are dimensions,andis thatA probability distribution over;

2) e.symkeygen (params): generating a private key

3) E.pubkeygen(s): generatinge←χ^mSetting p: (a · s +2 · e), and outputting a private key s to a public key pk: (a, p);

4)E.SymEnc_s(mu): to encrypt μ ∈ {0,1}, a choice is madee ← χ, set b: ═<a,s>+2 · e + μ, output ciphertext c ═(a,b)；

5)E.PubEnc_pk(mu): to encrypt μ ∈ {0,1}, using the public key pk ═ (a, p), we choose r ← {0,1}, as^mSetting a: ═ r^T·A，b:＝<r,p>+ μ, output ciphertext c ═ (a, b);

6) to decrypt c ═ a, b, the plain text [ b-<a,s>]_qmod2；

7) Evaluation algorithm e.eval_evk(f,c₁,…,c_l) The function f, f: {0,1} is calculated using the evaluation key evk^lDenoted as boolean circuit → {0,1} whose inputs are the l ciphertexts c₁,…,c_lThe output is the ciphertext result c_f。

The execution of the public key generation algorithm using fixed coefficients a is indicated by the notation e.pubkeygen (s; a). The public key generation algorithm is performed using fixed coefficients a and noise e, denoted by the symbol e. Using the notation E.SymEnc_s(μ; a) denotes encrypting μ using a fixed coefficient a and a private key s. Using the notation E.SymEnc_s(mu; a; e) denotes that mu is encrypted using a fixed coefficient a, noise e, private key s.

Fig. 9 is a schematic structural diagram of a data transmission device according to an embodiment of the present application. As shown in fig. 9, the data transmission apparatus is adapted to a data providing side, and includes: a key generation module 90, an encryption module 91, a reception module 92 and a decryption module 93.

The key generation module 90 is configured to generate a private key fragment of the data provider itself, and an encrypted public key and an evaluation public key.

And the encryption module 91 is configured to encrypt the local data by using the encrypted public key to generate ciphertext data, and send the ciphertext data to the data consumer.

And the receiving module 92 is configured to receive a ciphertext calculation result sent by the data using end, where the ciphertext calculation result is determined by the data using end according to the evaluation public key and the received ciphertext data.

And the decryption module 93 is configured to decrypt the ciphertext calculation result by using the private key segment to obtain plaintext data.

Optionally, the decryption module 93 is further configured to decrypt the ciphertext calculation result by using the private key segment to obtain first intermediate decrypted data, send the first intermediate decrypted data to other data providing terminals, receive second intermediate decrypted data sent by other data providing terminals, and obtain plaintext data according to fusion of the first intermediate decrypted data and the second intermediate decrypted data.

In some embodiments, the key generation module 90 includes: a first generating unit 901, a transmitting unit 902, a receiving unit 903 and a second generating unit 903.

The first generating unit 901 is configured to generate a private key fragment, and generate a target intermediate result corresponding to the encrypted public key fragment and the evaluation public key of the data provider based on the private key fragment.

A sending unit 902, configured to broadcast the encrypted public key fragment and the target intermediate result.

A receiving unit 903, configured to receive the respective encrypted public key fragments and the target intermediate result sent by the other data providing terminals.

A second generation sheet 904 for generating the encrypted public key based on each encrypted public key fragment and generating the evaluation public key based on each target intermediate result.

Optionally, the first generating unit 901 is further configured to obtain a key generation parameter, where the key generation parameter includes a public parameter and a public random number, obtain a private key fragment based on the public parameter and a private key generation algorithm, generate an encrypted public key fragment based on the private key fragment, the public random number and an encrypted public key generation algorithm, and generate a target intermediate result based on the private key fragment and an evaluation public key generation algorithm.

Optionally, the first generating unit 901 is further configured to generate a first intermediate result of the evaluation public key based on the private key segment, the public random number and the evaluation public key generating algorithm, and broadcast the first intermediate result, receive respective first intermediate results sent by other data providing terminals, obtain a second intermediate result of the evaluation public key based on the first intermediate result of the first intermediate result and the first intermediate results of the other data providing terminals, obtain a target intermediate result of the evaluation public key based on the private key segment, the public random number and the second intermediate result, and broadcast the target intermediate result.

The data transmission device provided by the embodiment constructs a multi-party homomorphic encryption mechanism, can achieve the purpose of performing homomorphic encryption calculation on encrypted data of a plurality of data providing ends, and expands the application scene of homomorphic encryption. Further, a secure multiparty computing technique based on homomorphic encryption is provided to improve the security of data. Data are transmitted based on a homomorphic encryption algorithm, so that the safety of the data providing end can be protected, and further, the information leakage of the data providing end is prevented. Furthermore, the private keys for decryption at a plurality of data providing terminals are managed in a distributed manner, and the security of data is improved.

It should be noted that the foregoing explanation on the embodiment of the data transmission method is also applicable to the data transmission apparatus of this embodiment, and is not repeated here.

Fig. 10 is a schematic structural diagram of a data transmission device according to another embodiment of the present application. As shown in fig. 10, the data transmission apparatus is adapted to a data user side, and includes: a receiving module 210, an encryption module 220, and a transmitting module 230.

The receiving module 210 is configured to receive ciphertext data sent by each data providing end.

And the encryption module 220 is configured to perform encryption calculation on each ciphertext data by using the evaluation public key to obtain a ciphertext calculation result.

And the sending module 230 is configured to send the ciphertext calculation result to each data providing end for decryption.

Fig. 11 is a schematic structural diagram of a data transmission device according to another embodiment of the present application. As shown in fig. 11, the data transmission apparatus is adapted to a data user side, and includes: a receiving module 310, an encryption module 320, and a transmitting module 330, and a first key generation module 340 and a second key generation module 350.

The functions and structures of the receiving module 310, the encrypting module 320 and the sending module 320 are similar to those of the receiving module 210, the encrypting module 220 and the sending module 230 in fig. 10, and are not described herein again.

The first key generation module 340 is configured to receive the encrypted public key fragments sent by each data provider, and obtain the encrypted public key based on each encrypted public key fragment.

The second key generation module 350 is configured to receive the target intermediate result of the evaluation public key sent by each data provider, and obtain the evaluation public key based on each target intermediate result.

It should be noted that the foregoing explanation on the embodiment of the data transmission method is also applicable to the data transmission apparatus of this embodiment, and is not repeated here.

In order to implement the above embodiments, the present application also provides an electronic device, including: a memory 410 and a processor 420; wherein, the processor 420 runs a program corresponding to the executable program code by reading the executable program code stored in the memory 410, so as to implement the data transmission method as proposed by the foregoing embodiment of the present application.

In order to implement the foregoing embodiments, the present application also proposes a computer-readable storage medium on which a computer program is stored, characterized in that the program, when executed by a processor, implements the data transmission method as proposed by the foregoing embodiments of the present application.

In order to implement the foregoing embodiments, the present invention further provides a computer program product, which when executed by an instruction processor in the computer program product implements the data transmission method as proposed in the foregoing embodiments of the present application.

In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above are not necessarily intended to refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, various embodiments or examples and features of different embodiments or examples described in this specification can be combined and combined by one skilled in the art without contradiction.

Furthermore, the terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one such feature. In the description of the present invention, "a plurality" means at least two, e.g., two, three, etc., unless specifically limited otherwise.

Any process or method descriptions in flow charts or otherwise described herein may be understood as representing modules, segments, or portions of code which include one or more executable instructions for implementing steps of a custom logic function or process, and alternate implementations are included within the scope of the preferred embodiment of the present invention in which functions may be executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those reasonably skilled in the art of the present invention.

The logic and/or steps represented in the flowcharts or otherwise described herein, e.g., an ordered listing of executable instructions that can be considered to implement logical functions, can be embodied in any computer-readable medium for use by or in connection with an instruction execution system, apparatus, or device, such as a computer-based system, processor-containing system, or other system that can fetch the instructions from the instruction execution system, apparatus, or device and execute the instructions. For the purposes of this description, a "computer-readable medium" can be any means that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device. More specific examples (a non-exhaustive list) of the computer-readable medium would include the following: an electrical connection (electronic device) having one or more wires, a portable computer diskette (magnetic device), a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber device, and a portable compact disc read-only memory (CDROM). Additionally, the computer-readable medium could even be paper or another suitable medium upon which the program is printed, as the program can be electronically captured, via for instance optical scanning of the paper or other medium, then compiled, interpreted or otherwise processed in a suitable manner if necessary, and then stored in a computer memory.

It should be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the various steps or methods may be implemented in software or firmware stored in memory and executed by a suitable instruction execution system. If implemented in hardware, as in another embodiment, any one or combination of the following techniques, which are known in the art, may be used: a discrete logic circuit having a logic gate circuit for implementing a logic function on a data signal, an application specific integrated circuit having an appropriate combinational logic gate circuit, a Programmable Gate Array (PGA), a Field Programmable Gate Array (FPGA), or the like.

It will be understood by those skilled in the art that all or part of the steps carried by the method for implementing the above embodiments may be implemented by hardware related to instructions of a program, which may be stored in a computer readable storage medium, and when the program is executed, the program includes one or a combination of the steps of the method embodiments.

In addition, functional units in the embodiments of the present invention may be integrated into one processing module, or each unit may exist alone physically, or two or more units are integrated into one module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. The integrated module, if implemented in the form of a software functional module and sold or used as a stand-alone product, may also be stored in a computer readable storage medium.

The storage medium mentioned above may be a read-only memory, a magnetic or optical disk, etc. Although embodiments of the present invention have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present invention, and that variations, modifications, substitutions and alterations can be made to the above embodiments by those of ordinary skill in the art within the scope of the present invention.

24页详细技术资料下载

上一篇：一种医用注射器针头装配设备

下一篇：基于冲突检测的执行端口时间信道安全防护系统及方法

Data transmission method and device, electronic equipment and storage medium

相关技术

网友询问留言