Homomorphic data decryption method and apparatus for implementing privacy protection
地域:
George Town
摘要
A computer-implemented method, non-transitory, computer-readable medium, and computer-implemented system are provided for implementing privacy protection. In an implementation, a public key pk={N, h} corresponding to a target user is obtained, where h is a generator of a predetermined cyclic group with a size of k in a random number space Z*N, a length of k is i bits, a length of N is n bits, and i<
說明書
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
This application is a continuation of U.S. patent application Ser. No. 16/783,102, filed on Feb. 5, 2020, which is a continuation of PCT Application No. PCT/CN2020/071839, filed on Jan. 13, 2020, which claims priority to Chinese Patent Application No. 201910528750.9, filed on Jun. 18, 2019, and each application is hereby incorporated by reference in its entirety.
One or more implementations of the present specification relate to the field of encryption/decryption technologies, and in particular, to a homomorphic data encryption/decryption method and apparatus for implementing privacy protection.
In many scenarios, users require privacy protection for data content. For example, a blockchain technology (which is also referred to as a distributed ledger technology) is a decentralized distributed database technology, features decentralization, transparency, tamper-resistance, trustworthiness, etc., and is applicable to many application scenarios that require high data reliability. However, data such as transaction amounts of blockchain transactions can be exposed because full transaction data can be publicly queried. For another example, in a multi-party computation scenario, assume that user A holds data to be processed, and user B holds a data processing model. When the data to be processed is processed by using the data processing model, a value of the data to be processed can be exposed if user A sends the data to be processed to user B, and model parameters of the data processing model can be exposed if user B provides the data processing model to user A for use.
權(quán)利要求
What is claimed is:1. A computer-implemented method for implementing privacy protection, comprising:obtaining, by a first computing device, a homomorphic ciphertext c, wherein the homomorphic ciphertext c is obtained after data m is processed by a second computing device using a public key pk={N, h} of a target user, the homomorphic ciphertext c is obtained according to a formula c=(1+N)m·(hr mod N)N=(1+N)m·(hN mod N2)r mod N2, wherein h is a generator of a predetermined cyclic group with a size of k in a random number space Z*N, a length of k is i bits, a length of N is n bits, i<<n, and r is a random number that makes hr belong to the predetermined cyclic group, and wherein the first computing device is the same as the second computing device or the first computing device is different from the second computing device; decrypting, by the first computing device, the homomorphic ciphertext c based on a private key sk of the target user to obtain the data m, wherein a value of private key sk is α=a·k, and a is a predetermined non-zero value; and outputting, by the first computing device, the data m to the target user. 2. The computer-implemented method according to claim 1 , wherein a quadratic residue group QRN of the random number space Z*N comprises an internal direct product of a group QRNα and a group QRNβ, QRNβ=α, the predetermined cyclic group comprises an internal direct product of a group QRNβ and a group ![custom character]()
?1![custom character]()
, wherein the group ![custom character]()
?1![custom character]()
is a second-order cyclic group generated by element (?1 mod N) in the random number space Z*N, and a=1/2. 3. The computer-implemented method according to claim 2 , wherein if N=P·Q, P and Q are prime numbers with a length of n/2 bits, P≡Q≡3 mod 4, and gcd(P?1, Q?1)=2, it is satisfied that α=pq, β=(P?1)(Q?1)/(4pq), gcd(α, β)=1, p|(P?1), q|(Q?1), and p and q are prime numbers with a length of i/2 bits. 4. The computer-implemented method according to claim 2 , wherein h=?y2β mod N, and y belongs to the random number space Z*N. 5. The computer-implemented method according to claim 1 , wherein decrypting the homomorphic ciphertext c based on a private key sk of the target user to obtain the data m comprises decrypting the homomorphic ciphertext c based on the private key sk of the target user to obtain the data m according to: 6. The computer-implemented method according to claim 1 , wherein n=2048, and 224≤i≤n. 7. The computer-implemented method according to claim 1 , further comprising:sending homomorphic ciphertext c0 to cs respectively corresponding to data m0 to ms to a specified user to cause the specified user to perform predetermined operation f( ) that satisfies additive homomorphism on the homomorphic ciphertext c0 to cs; and receiving and decrypting an operation result f(c0?cs) returned by the specified user, wherein a value obtained after the decryption is f(m0?ms). 8. A non-transitory, computer-readable medium storing one or more instructions executable by a computer system to perform operations for implementing privacy protection, comprising:obtaining, by a first computing device, a homomorphic ciphertext c, wherein the homomorphic ciphertext c is obtained after data m is processed by a second computing device using a public key pk={N, h} of a target user, the homomorphic ciphertext c is obtained according to a formula c=(1+N)m·(hr mod N)N=(1+N)m·(hN mod N2)r mod N2, wherein h is a generator of a predetermined cyclic group with a size of k in a random number space Z*N, a length of k is i bits, a length of N is n bits, i<<n, and r is a random number that makes hr belong to the predetermined cyclic group, and wherein the first computing device is the same as the second computing device or the first computing device is different from the second computing device; decrypting, by the first computing device, the homomorphic ciphertext c based on a private key sk of the target user to obtain the data m, wherein a value of private key sk is α=a·k, and a is a predetermined non-zero value; and outputting, by the first computing device, the data m to the target user. 9. The non-transitory, computer-readable medium according to claim 8 , wherein a quadratic residue group QRN of the random number space Z*N comprises an internal direct product of a group QRNα and a group QRNβ, QRNβ=α, the predetermined cyclic group comprises an internal direct product of a group QRNβ and a group ![custom character]()
?1![custom character]()
, wherein the group ![custom character]()
?1![custom character]()
is a second-order cyclic group generated by element (?1 mod N) in the random number space Z*N, and a=1/2. 10. The non-transitory, computer-readable medium according to claim 9 , wherein if N=P·Q, P and Q are prime numbers with a length of n/2 bits, P≡Q≡3 mod 4, and gcd(P?1, Q?1)=2, it is satisfied that α=pq, β=(P?1)(Q?1)/(4pq), gcd(α, β)=1, p|(P?1), q|(Q?1), and p and q are prime numbers with a length of i/2 bits. 11. The non-transitory, computer-readable medium according to claim 9 , wherein h=?y2β mod N, and y belongs to the random number space Z*N. 12. The non-transitory, computer-readable medium according to claim 8 , wherein decrypting the homomorphic ciphertext c based on a private key sk of the target user to obtain the data m comprises decrypting the homomorphic ciphertext c based on the private key sk of the target user to obtain the data m according to: 13. The non-transitory, computer-readable medium according to claim 8 , wherein n=2048, and 224≤i≤n. 14. The non-transitory, computer-readable medium according to claim 8 , wherein the operations further comprise:sending homomorphic ciphertext c0 to cs respectively corresponding to data m0 to ms to a specified user to cause the specified user to perform predetermined operation f( ) that satisfies additive homomorphism on the homomorphic ciphertext c0 to cs; and receiving and decrypting an operation result f(c0?cs) returned by the specified user, wherein a value obtained after the decryption is f(m0?ms). 15. A computer-implemented system, comprising:one or more computers; and one or more computer memory devices interoperably coupled with the one or more computers and having tangible, non-transitory, machine-readable media storing one or more instructions that, when executed by the one or more computers, perform one or more operations comprising: obtaining, by a first computing device, a homomorphic ciphertext c, wherein the homomorphic ciphertext c is obtained after data m is processed by a second computing device using a public key pk={N, h} of a target user, the homomorphic ciphertext c is obtained according to a formula c=(1+N)m·(hr mod N)N=(1+N)m·(hN mod N2)r mod N2, wherein h is a generator of a predetermined cyclic group with a size of k in a random number space Z*N, a length of k is i bits, a length of N is n bits, i<<n, and r is a random number that makes hr belong to the predetermined cyclic group, and wherein the first computing device is the same as the second computing device or the first computing device is different from the second computing device; decrypting, by the first computing device, the homomorphic ciphertext c based on a private key sk of the target user to obtain the data m, wherein a value of private key sk is α=a·k, and a is a predetermined non-zero value; andoutputting, by the first computing device, the data m to the target user. 16. The computer-implemented system according to claim 15 , wherein a quadratic residue group QRN of the random number space Z*N comprises an internal direct product of a group QRNα and a group QRNβ, QRNβ=α, the predetermined cyclic group comprises an internal direct product of a group QRNβ and a group ![custom character]()
?1![custom character]()
, wherein the group ![custom character]()
?1![custom character]()
is a second-order cyclic group generated by element (?1 mod N) in the random number space Z*N, and a=1/2. 17. The computer-implemented system according to claim 16 , wherein h=?y2β mod N, and y belongs to the random number space Z*N. 18. The computer-implemented system according to claim 15 , wherein the operations further comprise:sending homomorphic ciphertext c0 to cs respectively corresponding to data m0 to ms to a specified user to cause the specified user to perform predetermined operation f( ) that satisfies additive homomorphism on the homomorphic ciphertext c0 to cs; and receiving and decrypting an operation result f(c0?cs) returned by the specified user, wherein a value obtained after the decryption is f(m0?ms). 19. The computer-implemented system according to claim 15 , wherein decrypting the homomorphic ciphertext c based on a private key sk of the target user to obtain the data m comprises decrypting the homomorphic ciphertext c based on the private key sk of the target user to obtain the data m according to: 20. The computer-implemented system according to claim 15 , wherein n=2048, and 224≤i<n.
意見反饋
使用該功能遇到問題