CN112580071A - Data processing method and device - Google Patents
Data processing method and device Download PDFInfo
- Publication number
- CN112580071A CN112580071A CN202011447531.7A CN202011447531A CN112580071A CN 112580071 A CN112580071 A CN 112580071A CN 202011447531 A CN202011447531 A CN 202011447531A CN 112580071 A CN112580071 A CN 112580071A
- Authority
- CN
- China
- Prior art keywords
- ciphertext
- preset
- participant
- sub
- encryption algorithm
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 12
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 121
- 238000012545 processing Methods 0.000 claims abstract description 77
- 238000006243 chemical reaction Methods 0.000 claims abstract description 71
- 238000000034 method Methods 0.000 claims abstract description 26
- 239000002131 composite material Substances 0.000 claims description 23
- 238000005516 engineering process Methods 0.000 abstract description 6
- 230000007246 mechanism Effects 0.000 abstract description 5
- 238000012360 testing method Methods 0.000 description 9
- 238000012986 modification Methods 0.000 description 5
- 230000004048 modification Effects 0.000 description 5
- 230000008569 process Effects 0.000 description 5
- 230000008520 organization Effects 0.000 description 4
- 238000004364 calculation method Methods 0.000 description 3
- 238000004590 computer program Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/27—Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/04—Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Business, Economics & Management (AREA)
- Physics & Mathematics (AREA)
- Finance (AREA)
- Accounting & Taxation (AREA)
- Databases & Information Systems (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Bioethics (AREA)
- Computing Systems (AREA)
- Computer Security & Cryptography (AREA)
- Data Mining & Analysis (AREA)
- Computer Hardware Design (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Development Economics (AREA)
- Economics (AREA)
- Marketing (AREA)
- Strategic Management (AREA)
- Technology Law (AREA)
- General Business, Economics & Management (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a data processing method and a data processing device, wherein the method comprises the following steps: the first participant acquires a second public key and a second ciphertext from the second participant; the first participant encrypts first plaintext data of the first participant according to the second public key and the preset encryption algorithm to obtain a third ciphertext; and the first participant obtains a first ciphertext processing result based on conversion operation of preset operation under the preset encryption algorithm according to the second public key, the second ciphertext and the third ciphertext. When the method is applied to financial technology (Fintech), the first ciphertext processing result can be obtained without a third-party mechanism, and the credibility problem does not exist.
Description
Technical Field
The invention relates to the field of block chains (blockchain) in the field of financial technology (Fintech), in particular to a data processing method and device.
Background
With the development of computer technology, more and more technologies are applied in the financial field, and the traditional financial industry is gradually changing to financial technology (Fintech), but due to the requirements of security and real-time performance of the financial industry, higher requirements are also put forward on the technologies (BlockChain, big data, distributed type, etc.). The financial institution has many users, and in some scenarios, data processing is performed in the form of ciphertext.
At present, the data processing mode in the form of the ciphertext is that a user submits the ciphertext to a centralized mechanism for processing. For example, the user A, B submits the respective ciphertext to the centralized organization C, the centralized organization C holds the private keys of a and B, and the C decrypts A, B ciphertext to obtain plaintext, and obtains a plaintext processing result. And encrypting the data into a ciphertext, and sending the processing result of the ciphertext back to the A and the B. However, in a way of processing the ciphertext according to the third-party organization, not only the cost is increased, but also the credibility problem exists, for example, private keys of a and B and plaintext risk privacy exposure, the privacy security of the ciphertext depends on C, a and B cannot determine whether C has fraudulent behavior, and cannot determine whether C sends a real processing result of the ciphertext to a and B. Therefore, it is a problem to be solved.
Disclosure of Invention
The invention provides a data processing method and a data processing device, which solve the problem of credibility of a centralized mechanism in the prior art.
In a first aspect, the present invention provides a data processing method, including:
the first participant acquires a second public key and a second ciphertext from the second participant; the second ciphertext is obtained by encrypting second plaintext data by the second participant according to a second public key according to a preset encryption algorithm;
the first participant encrypts first plaintext data of the first participant according to the second public key and the preset encryption algorithm to obtain a third ciphertext;
the first participant obtains a first ciphertext processing result based on conversion operation of preset operation under the preset encryption algorithm according to the second public key, the second ciphertext and the third ciphertext;
the preset operation is a composite logic operation to be executed by the first plaintext data and the second plaintext data; the composite logic operation is formed by compositing all logic operations; the preset encryption algorithm has the encryption characteristics of the logic operations.
In the above manner, after the first participant obtains the first ciphertext and the second ciphertext obtained according to the preset encryption algorithm, the preset encryption algorithm is adopted, and the first ciphertext processing result can be obtained directly on the basis of the conversion operation of the preset operation under the preset encryption algorithm, that is, the ciphertext can be directly operated without decryption, so that the function equivalent to plaintext operation is realized on the premise of ensuring the data privacy of the participant, and therefore, the first ciphertext processing result can be obtained without a third party mechanism, and the credibility problem does not exist.
Optionally, the preset operation specifically includes: after the plaintext operation result of each bit of the plaintext is obtained through the first sub-preset operation, a second sub-preset operation is executed on the plaintext operation result of each bit of the plaintext;
the first sub-preset operation and the second sub-preset operation are: any one of the logical operations or a composite logical operation of the logical operations; the first plaintext data and the second plaintext data have the same number of bits;
the conversion operation is specifically as follows: after the ciphertext result of each bit of the ciphertext is obtained through the first sub-conversion operation, the second sub-conversion operation is executed on the ciphertext result of each bit of the ciphertext;
the first and second sub-conversion operations are: under the preset encryption algorithm, the logic operation of any one logic operation in the logic operations or the logic operation of the composite logic operation of the logic operations; the bit number of the second ciphertext is the same as that of the third ciphertext.
In the above method, the predetermined operation is divided into the first sub-predetermined operation and the second sub-predetermined operation, the first sub-predetermined operation is performed first to obtain the plaintext operation result of each bit, and then the second sub-predetermined operation is performed on the plaintext operation result of each bit, so that the slicing operation can be performed, the operation efficiency can be improved, the conversion operation can also be divided into the first sub-conversion operation and the second sub-conversion operation, and the first sub-conversion operation can be performed first to obtain the ciphertext result of each bit, and then the second sub-conversion operation is performed on the ciphertext result of each bit, so that the slicing operation can be performed, and the operation efficiency can be improved.
Optionally, the first sub-preset operation specifically includes:
m _ ri is the i-th bit of the first plaintext data, m _ si is the i-th bit of the second plaintext data,
representing an exclusive or logical operation;
the first sub-conversion operation specifically includes:
wherein Enc _ AND represents the operation of ciphertext conversion;
the second sub-predetermined operation and the second sub-conversion operation are both an and logic operation.
In the above-mentioned method, by
The ciphertext result of each bit is calculated, and then the AND logic operation is carried out, so that the operation efficiency is improved.
Optionally, the first sub-preset operation specifically includes:
m _ sj is the j-th bit of the first plaintext data, and m _ rj is the j-th bit of the second plaintext data; m _ si is the ith bit of the first plaintext data, and m _ ri is the ith bit of the second plaintext data; k is the number of bits of the first plaintext data and the second plaintext data;
the first sub-conversion operation specifically includes:
wherein Enc _ AND represents the conversion operation with the ciphertext, Enc represents the preset encryption algorithm, AND Pi represents the continuous product operation;
the second sub-predetermined operation and the second sub-conversion operation are both an or logic operation.
In the above manner, the ciphertext result of each bit is calculated through the above formula, and then the logical operation is performed, so that the operation efficiency is improved.
Optionally, the first party encrypts the first plaintext data according to the first public key of the first party according to the preset encryption algorithm, so as to obtain a first ciphertext;
and the first participant sends the first ciphertext and the first public key to the second participant, so that the second participant encrypts the second plaintext data according to the first public key to obtain a fourth ciphertext, and obtains a second ciphertext processing result based on the conversion operation according to the first public key, the first ciphertext and the fourth ciphertext.
In the above manner, the first party sends the first ciphertext and the first public key to the second party, so that the second party encrypts the first ciphertext and the fourth ciphertext according to the same first public key.
Optionally, the first party obtains the second ciphertext processing result from the second party;
and the first participant decrypts the second ciphertext processing result according to a preset decryption algorithm of the preset encryption algorithm to obtain a second plaintext processing result.
In the above manner, the first party does not need to calculate, and the second ciphertext processing result is directly obtained from the second party.
Optionally, the first party decrypts the first ciphertext processing result according to a preset decryption algorithm of the preset encryption algorithm, so as to obtain a first plaintext processing result.
In the above manner, the first participant decrypts the first ciphertext processing result, so that direct calculation through plaintext data is avoided, the first plaintext processing result can be directly obtained, a final first plaintext processing result can be obtained, and privacy security in the process of obtaining the first plaintext processing result is improved.
In a second aspect, the present invention provides a data processing apparatus comprising:
the acquisition module is used for acquiring a second public key and a second ciphertext from a second participant; the second ciphertext is obtained by encrypting second plaintext data by the second participant according to a second public key according to a preset encryption algorithm;
the encryption module is used for encrypting the first plaintext data of the first participant according to the second public key and the preset encryption algorithm to obtain a third ciphertext;
the processing module is used for obtaining a first ciphertext processing result based on conversion operation of preset operation under the preset encryption algorithm according to the second public key, the second ciphertext and the third ciphertext;
the preset operation is a composite logic operation to be executed by the first plaintext data and the second plaintext data; the composite logic operation is formed by compositing all logic operations; the preset encryption algorithm has the encryption characteristics of the logic operations.
Optionally, the preset operation specifically includes: after the plaintext operation result of each bit of the plaintext is obtained through the first sub-preset operation, a second sub-preset operation is executed on the plaintext operation result of each bit of the plaintext;
the first sub-preset operation and the second sub-preset operation are: any one of the logical operations or a composite logical operation of the logical operations; the first plaintext data and the second plaintext data have the same number of bits;
the conversion operation is specifically as follows: after the ciphertext result of each bit of the ciphertext is obtained through the first sub-conversion operation, the second sub-conversion operation is executed on the ciphertext result of each bit of the ciphertext;
the first and second sub-conversion operations are: under the preset encryption algorithm, the logic operation of any one logic operation in the logic operations or the logic operation of the composite logic operation of the logic operations; the bit number of the second ciphertext is the same as that of the third ciphertext.
Optionally, the first sub-preset operation specifically includes:
m _ ri is the i-th bit of the first plaintext data, m _ si is the i-th bit of the second plaintext data,
representing an exclusive or logical operation;
the first sub-conversion operation specifically includes:
wherein Enc _ AND represents the operation of ciphertext conversion;
the second sub-predetermined operation and the second sub-conversion operation are both an and logic operation.
Optionally, the first sub-preset operation specifically includes:
m _ sj is the j-th bit of the first plaintext data, and m _ rj is the j-th bit of the second plaintext data; m _ si is the ith bit of the first plaintext data, and m _ ri is the ith bit of the second plaintext data; k is the number of bits of the first plaintext data and the second plaintext data;
the first sub-conversion operation specifically includes:
wherein Enc _ AND represents the conversion operation with the ciphertext, Enc represents the preset encryption algorithm, AND Pi represents the continuous product operation;
the second sub-predetermined operation and the second sub-conversion operation are both an or logic operation.
Optionally, the obtaining module is further configured to: encrypting the first plaintext data according to a first public key of a first participant according to the preset encryption algorithm to obtain a first ciphertext; the processing module is further configured to: and sending the first ciphertext and the first public key to the second party, so that the second party encrypts the second plaintext data according to the first public key to obtain a fourth ciphertext, and obtaining a second ciphertext processing result based on the conversion operation according to the first public key, the first ciphertext and the fourth ciphertext.
Optionally, the obtaining module is further configured to: obtaining the second ciphertext processing result from the second party;
the processing module is further configured to:
and decrypting the second ciphertext processing result according to a preset decryption algorithm of the preset encryption algorithm to obtain a second plaintext processing result.
Optionally, the processing module is further configured to:
and decrypting the first ciphertext processing result according to a preset decryption algorithm of the preset encryption algorithm to obtain a first plaintext processing result.
The advantageous effects of the second aspect and the various optional apparatuses of the second aspect may refer to the advantageous effects of the first aspect and the various optional methods of the first aspect, and are not described herein again.
In a third aspect, the present invention provides a computer device comprising a program or instructions for performing the method of the first aspect and the alternatives of the first aspect when the program or instructions are executed.
In a fourth aspect, the present invention provides a storage medium comprising a program or instructions which, when executed, is adapted to perform the method of the first aspect and the alternatives of the first aspect.
These and other aspects of the invention are apparent from and will be elucidated with reference to the embodiments described hereinafter.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive exercise.
Fig. 1 is a schematic flow chart of a data processing method according to an embodiment of the present invention;
fig. 2 is a schematic structural diagram of a data processing apparatus according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the present invention will be described in further detail with reference to the accompanying drawings, and it is apparent that the described embodiments are only a part of the embodiments of the present invention, not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The nouns appearing in the present application are listed first below.
p, q: large prime numbers (e.g., prime numbers greater than 2^128 can be taken), preset the private key of the encryption algorithm.
n: the public key of the encryption algorithm is preset.
r: a random number.
C: the ciphertext.
Gen: and presetting a key generation algorithm corresponding to the encryption algorithm.
Enc: and presetting an encryption algorithm.
And Dec: and presetting a decryption algorithm corresponding to the encryption algorithm.
Enc _ AND: presetting an encryption algorithm and an encryption algorithm.
Dec _ AND: and presetting the encryption algorithm and the decryption algorithm.
k: the length of the string.
The preset encryption algorithm has the encryption characteristics of the logical operations, and in one possible case of the preset encryption algorithm, an encryptor encrypts and decrypts one bit data b according to the encryption and decryption modes of the preset encryption algorithm:
key generation Gen: private key (p, q), public key n is private key multiplication n ═ p × q. Wherein p and q are large prime numbers of modulo 4 and 3.
Encryption Enc: a selects a random number r, and calculates C ═ Enc (b) ═ C ═ r2·(n-1)b mod n。
And (4) decrypting the Dec: for the ciphertext C, calculate
Where mod represents the modulo operation.
Presetting an encryption algorithm and an encryption algorithm:
the encryption algorithm and the encryption algorithm are preset for presetting the encryption algorithm and the property. The ciphertext associated with the preset encryption algorithm can be directly generated by the ciphertext of the preset encryption algorithm. The generation process is as follows:
the cipher text c ═ Enc (b) obtained by the existing bit b according to the preset encryption algorithm, and the cipher text Enc _ and (b) ═ c _1, c _2, …, c _ s of the preset encryption algorithm of the bit b. Wherein s is more than or equal to 30.
1. S random bits r _1, r _2, …, r _ s are selected.
2. If the random bit r _ i is 1, let c _ i be Enc (0).
If the random bit r _ i is 0, let c _ i be Enc (0) × c (n-1) mod n.
Wherein c is a ciphertext obtained by the bit b according to a preset encryption algorithm, and n is a public key of the preset encryption algorithm.
Presetting the properties of the encryption algorithm:
1. exclusive OR
Knowing the ciphertext Enc of b1 (b1), the ciphertext Enc of b2 (b2), b1 xors b2 (i.e.:
) Is a ciphertext of
Namely: and after the two plaintext bits are subjected to XOR, a ciphertext obtained according to a preset encryption algorithm is equal to the multiplication of two ciphertexts obtained by the two plaintext bits according to the preset encryption algorithm.
2. Not:
if the ciphertext Enc (b) of b is known, then not
The ciphertext of (i.e., 1-b) is Enc (b) (n-1).
Namely: and (3) after the plaintext bit is negated, obtaining a ciphertext according to a preset encryption algorithm, wherein the ciphertext obtained by the plaintext bit according to the preset encryption algorithm is multiplied by (a public key-1 of the preset encryption algorithm).
3. And (#):
the preset encryption algorithm and the cipher text are used.
Given that the AND ciphertext of b1 is Enc _ AND (b1) ═ c _1, c _2, …, c _ s ', AND the AND ciphertext of b2 is Enc _ AND (b2) ═ c _1 ', c _2 ', …, c _ s '), the AND ciphertext of b1 AND b2 (i.e., b 1: "b 2) is (c _1 × c _1 ', c _2 ×, c _2 ', …, c _ s × c _ s ').
Namely: and taking the two plaintext bits and the ciphertext of the subsequent preset encryption algorithm, wherein the two plaintext bits are equal to the multiplication of the corresponding bits of the preset encryption algorithm of the two plaintext bits and the ciphertext.
Ciphertext equality testing:
the two messages m1 and m2 are encrypted by using the same public key to obtain two ciphertexts c1 and c2, and the cipher text equality test is to judge whether the two plaintexts m1 and m2 are the same or not through the two ciphertexts c1 and c 2.
In the operation process of a financial institution (a banking institution, an insurance institution or a security institution) in business (such as loan business, deposit business and the like of a bank), the financial institution has a plurality of users, and in some scenes, data processing is performed in a form of ciphertext. At present, the data processing mode in the form of the ciphertext is that a user submits the ciphertext to a centralized mechanism for processing. However, in the case of processing the ciphertext according to the third-party organization, not only the cost is increased, but also the credibility is problematic. This situation does not meet the requirements of financial institutions such as banks, and the efficient operation of various services of the financial institutions cannot be ensured. To this end, the present application provides a data processing method, as shown in fig. 1.
Step 101: the first party obtains a second public key and a second ciphertext from the second party.
And the second ciphertext is obtained by encrypting second plaintext data by the second participant according to a second public key according to a preset encryption algorithm.
Step 102: and the first participant encrypts the first plaintext data of the first participant according to the second public key and the preset encryption algorithm to obtain a third ciphertext.
Step 103: and the first participant obtains a first ciphertext processing result based on conversion operation of preset operation under the preset encryption algorithm according to the second public key, the second ciphertext and the third ciphertext.
The preset operation is a composite logic operation to be executed by the first plaintext data and the second plaintext data; the composite logic operation is formed by compositing all logic operations; the preset encryption algorithm has the encryption characteristics of the logic operations.
It should be noted that the preset encryption algorithm has the encryption characteristic of each logical operation. For example, under the predetermined encryption algorithm, the encryption and decryption property, the non-encryption property, and the exclusive-or encryption property are provided, and then each of the logical operations may be at least one of an and logical operation, a non-logical operation, and an exclusive-or logical operation.
In an optional implementation (hereinafter, referred to as an implementation based on bit operation), the preset operation is specifically: and after the plaintext operation result of each bit of the plaintext is obtained through the first sub-preset operation, executing a second sub-preset operation on the plaintext operation result of each bit of the plaintext.
It should be noted that the preset operation actually satisfies the requirement that the operation can be performed on each bit first to obtain the result of each bit, and then the overall result is operated based on the result of each bit, thereby implementing the slicing operation.
The first sub-preset operation and the second sub-preset operation are: any one of the logical operations or a composite logical operation of the logical operations; the first plaintext data and the second plaintext data have the same number of bits.
The conversion operation is specifically as follows: and after the ciphertext result of each bit of the ciphertext is obtained through the first sub-conversion operation, the second sub-conversion operation is executed on the ciphertext result of each bit of the ciphertext.
The first and second sub-conversion operations are: under the preset encryption algorithm, the logic operation of any one logic operation in the logic operations or the logic operation of the composite logic operation of the logic operations; the bit number of the second ciphertext is the same as that of the third ciphertext.
One possible scenario for an implementation based on bit operations is as follows:
the first sub-preset operation specifically comprises:
m _ ri is the i-th bit of the first plaintext data, m _ si is the i-th bit of the second plaintext data,
representing an exclusive or logical operation;
the first sub-conversion operation specifically includes:
wherein Enc _ AND represents a cipher text conversion operation, AND n is the second public key;
the second sub-predetermined operation and the second sub-conversion operation are both an and logic operation.
Another possible scenario for an implementation based on bit operations is as follows:
the first sub-preset operation specifically comprises:
m _ sj is the j-th bit of the first plaintext data, and m _ rj is the j-th bit of the second plaintext data; m _ si is the ith bit of the first plaintext data, and m _ ri is the ith bit of the second plaintext data; k is the number of bits of the first plaintext data and the second plaintext data;
the first sub-conversion operation specifically includes:
wherein Enc _ AND represents the conversion operation with the ciphertext, Enc represents the preset encryption algorithm, AND Pi represents the continuous product operation;
the second sub-predetermined operation and the second sub-conversion operation are both an or logic operation.
In an optional implementation manner, the first party encrypts the first plaintext data according to the first public key of the first party according to the preset encryption algorithm to obtain a first ciphertext; the first party sends the first ciphertext and the first public key to the second party.
In the foregoing embodiment, the second party may encrypt the second plaintext data according to the first public key to obtain a fourth ciphertext, and obtain a second ciphertext processing result based on the conversion operation according to the first public key, the first ciphertext, and the fourth ciphertext.
In the above manner, the first party sends the first ciphertext and the first public key to the second party, so that the second party encrypts the first ciphertext and the fourth ciphertext according to the same first public key.
Further, in the above embodiment, the following steps may be further performed:
the first party acquires the second ciphertext processing result from the second party; and the first participant decrypts the second ciphertext processing result according to a preset decryption algorithm of the preset encryption algorithm to obtain a second plaintext processing result.
In the above manner, the first party does not need to calculate, and the second ciphertext processing result is directly obtained from the second party.
Further, an alternative embodiment is as follows:
and the first participant decrypts the first ciphertext processing result according to a preset decryption algorithm of the preset encryption algorithm to obtain a first plaintext processing result.
In the above manner, the first participant decrypts the first ciphertext processing result, so that direct calculation through plaintext data is avoided, the first plaintext processing result can be directly obtained, a final first plaintext processing result can be obtained, and privacy security in the process of obtaining the first plaintext processing result is improved.
According to the scheme, the properties of the preset encryption algorithm are used for judging whether the plaintext contained in the two bit string ciphertext meets a certain relation or not on the premise that the ciphertext of the two bit strings is not decrypted. The predetermined operation may be any logic operation, and each logic operation may be a complete logic set consisting of an exclusive-or logic operation, a non-logic operation, and a logic operation. The logic operation in the complete logic set can form any logic operation, the complete logic set can also be an OR logic operation, a non-logic operation and a logic operation, and any logic function can be theoretically completed through the combination of the three logic operations and the corresponding conversion operation in the preset encryption algorithm. Therefore, the method theoretically supports all ciphertext operations and is universal.
The method of steps 101 to 103 is applicable to any ciphertext logical operation, and the data processing method shown in fig. 1 is described in detail below by taking a ciphertext equivalence test as an example.
Overall, the participants of the ciphertext equality test are any number of plaintext data owners, and the plaintext data owned by the participants is in the form of a character string of any length k, and each character in the character string is 0 or 1. Firstly, participants encrypt data owned by the participants by using a preset encryption algorithm, then mutually send own ciphertext to each other, and finally, each participant can self judge whether plaintext data corresponding to own ciphertext and received ciphertext are the same or not by using a private key of the participant under the preset encryption algorithm. The following example illustrates a scenario in which two participants R, S are used. The protocol has two stages, and the specific flow of each stage will be explained in detail below.
In the first stage, each participant encrypts data using a preset encryption algorithm:
step 1-1: each participant initializes a public and private key under its own preset encryption algorithm.
The first participant R selects two large prime numbers p1, q1, p1 and q1 with modulo 4 and 3 as a private key sk1 under a preset encryption algorithm; the first participant multiplies p1 and q1 to obtain n1 ═ p1 × q1, and n1 is used as a public key pk1 (first public key) under a preset encryption algorithm.
The second participant S selects two large prime numbers p2, q2, p2 and q2 with modulo 4 and 3 as a private key sk2 under a preset encryption algorithm; the second participant multiplies p2 and q2 to obtain n2 ═ p2 × q2, and n2 is used as a public key pk2 (second public key) under a preset encryption algorithm.
Step 1-2: each participant encrypts its data using its public key under its preset encryption algorithm.
The first participant R and the second participant S respectively use a public key (a first public key) pk _ R (a second public key) pk _ S under a preset encryption algorithm of the first participant R and the second participant S, and encrypt first plaintext data m _ R and second plaintext data m _ S of the first participant R and the second participant S by using the preset encryption algorithm to obtain a first ciphertext c _ R and a second ciphertext c _ S of the ciphertexts, wherein the data m _ R and the data m _ S are character strings with the length of k.
Step 1-3: the first participant R sends the public key pk _ R and the ciphertext c _ R under the preset encryption algorithm of the first participant R to the second participant R. The second participant S sends the public key pk _ S and the ciphertext c _ S under the preset encryption algorithm of the second participant S to the first participant R.
In the second stage, the first participant R performs ciphertext equality test, and S obtains a test result:
now, R, S possess: the cipher text of the user, the cipher text of the opposite side and the public key of the opposite side under the preset encryption algorithm. Either party may perform the ciphertext equivalence test locally, and the flow of the test performed by the first participant R is described herein. First, the comparison process in the clear will be described below. In the plaintext, R needs to determine whether two plaintext bit strings are equal, and needs to perform bit-by-bit comparison on the two bit strings, so that R needs to calculate the following result (i.e., the preset operation is as follows):
wherein m _ ri, m _ si respectively represent the ith bit of R, S plaintext data m _ r, m _ s,
indicating that i is from bit 1 to bit k.
The preset operation F is mapped to the operation on the ciphertext, R needs to calculate the ciphertext Res of F, wherein,
the calculation procedure for R is as follows:
step (2-1): the first participant R encrypts its first plaintext data m _ R using the second public key pks of the second participant S to obtain a third ciphertext c _ R '═ Enc _ pks (m _ R), where c _ R' is a number of length k, and the ith number is Enc (m _ ri).
Step (2-2): r calculates Enc (1-m _ ri) ═ Enc (m _ ri) × (n-1) using the non-nature of the pre-set encryption algorithm.
Step (2-3): r is calculated by using the exclusive or property of a preset encryption algorithm
Step (2-4): r is calculated by using a preset encryption algorithm and an encryption algorithm
Step (2-5): r computes the ciphertext Res of the F function,
step (2-6): r sends the ciphertext result Res to S.
Step (2-7): s decrypts Res, i.e., S computes dec (Res). If the decryption obtains 1, the corresponding plaintext in the S ciphertext and the R ciphertext is equal; if decryption obtains 0, the corresponding plaintext in S and R ciphertext is unequal. So that S obtains a ciphertext equality test result.
It should be noted that R can also be decrypted by itself to calculate dec (res).
If R wants to calculate the ciphertext processing result by S, S may be executed by referring to steps (2-1) to (2-6), and step (2-7) may be executed by R.
It should be noted that, the above-mentioned stage introduces the implementation of the comparison function F in the ciphertext, where F may be a preset operation compounded by any logic operations. For example, if the magnitude relationship between two ciphertexts and a plaintext needs to be determined under the ciphertexts, F can be designed as:
by using the property of the preset encryption algorithm, the operation in the function F can be realized through the encrypted ciphertext, and R performs corresponding conversion operation under the ciphertext to obtain a comparison result ciphertext. S, decryption is carried out to obtain a comparison result. Therefore, the judgment of the size relation of the two ciphertexts corresponding to the plain text is realized under the condition that the two ciphertexts are not decrypted by the R and the S.
By analogy, after the plaintext data is encrypted by any logic operation relation (such as and, exclusive or and non-combined composite logic operation) among the plaintext data, the participant can directly perform corresponding conversion operation on the ciphertext without decryption, and the function equivalent to the plaintext operation is realized on the premise of ensuring the data privacy of the participant.
As shown in fig. 2, the present invention provides a data processing apparatus comprising:
an obtaining module 201, configured to obtain a second public key and a second ciphertext from a second party; the second ciphertext is obtained by encrypting second plaintext data by the second participant according to a second public key according to a preset encryption algorithm;
the encryption module 202 is configured to encrypt first plaintext data of the first participant according to the second public key and the preset encryption algorithm to obtain a third ciphertext;
the processing module 203 is configured to obtain a first ciphertext processing result based on a conversion operation of a preset operation under the preset encryption algorithm according to the second public key, the second ciphertext and the third ciphertext;
the preset operation is a composite logic operation to be executed by the first plaintext data and the second plaintext data; the composite logic operation is formed by compositing all logic operations; the preset encryption algorithm has the encryption characteristics of the logic operations.
Optionally, the preset operation specifically includes: after the plaintext operation result of each bit of the plaintext is obtained through the first sub-preset operation, a second sub-preset operation is executed on the plaintext operation result of each bit of the plaintext;
the first sub-preset operation and the second sub-preset operation are: any one of the logical operations or a composite logical operation of the logical operations; the first plaintext data and the second plaintext data have the same number of bits;
the conversion operation is specifically as follows: after the ciphertext result of each bit of the ciphertext is obtained through the first sub-conversion operation, the second sub-conversion operation is executed on the ciphertext result of each bit of the ciphertext;
the first and second sub-conversion operations are: under the preset encryption algorithm, the logic operation of any one logic operation in the logic operations or the logic operation of the composite logic operation of the logic operations; the bit number of the second ciphertext is the same as that of the third ciphertext.
Optionally, the first sub-preset operation specifically includes:
m _ ri is the i-th bit of the first plaintext data, m _ si is the i-th bit of the second plaintext data,
representing an exclusive or logical operation;
the first sub-conversion operation specifically includes:
wherein Enc _ AND represents the operation of ciphertext conversion;
the second sub-predetermined operation and the second sub-conversion operation are both an and logic operation.
Optionally, the first sub-preset operation specifically includes:
m _ sj is the j-th bit of the first plaintext data, and m _ rj is the j-th bit of the second plaintext data; m _ si is the ith bit of the first plaintext data, and m _ ri is the ith bit of the second plaintext data; k is the number of bits of the first plaintext data and the second plaintext data;
the first sub-conversion operation specifically includes:
wherein Enc _ AND represents the conversion operation with the ciphertext, Enc represents the preset encryption algorithm, AND Pi represents the continuous product operation;
the second sub-predetermined operation and the second sub-conversion operation are both an or logic operation.
Optionally, the obtaining module 201 is further configured to: encrypting the first plaintext data according to a first public key of a first participant according to the preset encryption algorithm to obtain a first ciphertext; the processing module 203 is further configured to: and sending the first ciphertext and the first public key to the second party, so that the second party encrypts the second plaintext data according to the first public key to obtain a fourth ciphertext, and obtaining a second ciphertext processing result based on the conversion operation according to the first public key, the first ciphertext and the fourth ciphertext.
Optionally, the obtaining module 201 is further configured to: obtaining the second ciphertext processing result from the second party;
the processing module 203 is further configured to:
and decrypting the second ciphertext processing result according to a preset decryption algorithm of the preset encryption algorithm to obtain a second plaintext processing result.
Optionally, the processing module 203 is further configured to:
and decrypting the first ciphertext processing result according to a preset decryption algorithm of the preset encryption algorithm to obtain a first plaintext processing result.
Based on the same inventive concept, embodiments of the present invention also provide a computer device, which includes a program or instructions, and when the program or instructions are executed, the data processing method and any optional method provided by the embodiments of the present invention are executed.
Based on the same inventive concept, embodiments of the present invention also provide a computer-readable storage medium, which includes a program or instructions, and when the program or instructions are executed, the data processing method and any optional method provided by the embodiments of the present invention are executed.
It should be apparent to those skilled in the art that embodiments of the present invention may be provided as a method, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.
Claims (10)
1. A data processing method, comprising:
the first participant acquires a second public key and a second ciphertext from the second participant; the second ciphertext is obtained by encrypting second plaintext data by the second participant according to a second public key according to a preset encryption algorithm;
the first participant encrypts first plaintext data of the first participant according to the second public key and the preset encryption algorithm to obtain a third ciphertext;
the first participant obtains a first ciphertext processing result based on conversion operation of preset operation under the preset encryption algorithm according to the second public key, the second ciphertext and the third ciphertext;
the preset operation is a composite logic operation to be executed by the first plaintext data and the second plaintext data; the composite logic operation is formed by compositing all logic operations; the preset encryption algorithm has the encryption characteristics of the logic operations.
2. The method of claim 1,
the preset operation is specifically as follows: after the plaintext operation result of each bit of the plaintext is obtained through the first sub-preset operation, a second sub-preset operation is executed on the plaintext operation result of each bit of the plaintext;
the first sub-preset operation and the second sub-preset operation are: any one of the logical operations or a composite logical operation of the logical operations; the first plaintext data and the second plaintext data have the same number of bits;
the conversion operation is specifically as follows: after the ciphertext result of each bit of the ciphertext is obtained through the first sub-conversion operation, the second sub-conversion operation is executed on the ciphertext result of each bit of the ciphertext;
the first and second sub-conversion operations are: under the preset encryption algorithm, the logic operation of any one logic operation in the logic operations or the logic operation of the composite logic operation of the logic operations; the bit number of the second ciphertext is the same as that of the third ciphertext.
3. The method of claim 2, wherein the first sub-predetermined operation is specifically:
(1-m_ri)⊕m_si;
m _ ri is the ith bit of the first plaintext data, m _ si is the ith bit of the second plaintext data, and ^ indicates an exclusive-or logical operation;
the first sub-conversion operation specifically includes:
Enc_AND((1-m_ri)⊕m_si);
wherein Enc _ AND represents the operation of ciphertext conversion;
the second sub-predetermined operation and the second sub-conversion operation are both an and logic operation.
4. The method of claim 2, wherein the first sub-predetermined operation is specifically:
m _ sj is the j-th bit of the first plaintext data, and m _ rj is the j-th bit of the second plaintext data; m _ si is the ith bit of the first plaintext data, and m _ ri is the ith bit of the second plaintext data; k is the number of bits of the first plaintext data and the second plaintext data;
the first sub-conversion operation specifically includes:
wherein Enc _ AND represents the conversion operation with the ciphertext, Enc represents the preset encryption algorithm, AND Pi represents the continuous product operation;
the second sub-predetermined operation and the second sub-conversion operation are both an or logic operation.
5. The method of any of claims 1 to 4, further comprising:
the first participant encrypts the first plaintext data according to the first public key of the first participant according to the preset encryption algorithm to obtain a first ciphertext;
and the first participant sends the first ciphertext and the first public key to the second participant, so that the second participant encrypts the second plaintext data according to the first public key to obtain a fourth ciphertext, and obtains a second ciphertext processing result based on the conversion operation according to the first public key, the first ciphertext and the fourth ciphertext.
6. The method of claim 5, further comprising:
the first party acquires the second ciphertext processing result from the second party;
and the first participant decrypts the second ciphertext processing result according to a preset decryption algorithm of the preset encryption algorithm to obtain a second plaintext processing result.
7. The method of any of claims 1 to 4, further comprising:
and the first participant decrypts the first ciphertext processing result according to a preset decryption algorithm of the preset encryption algorithm to obtain a first plaintext processing result.
8. A data processing apparatus, comprising:
the acquisition module is used for acquiring a second public key and a second ciphertext from a second participant; the second ciphertext is obtained by encrypting second plaintext data by the second participant according to a second public key according to a preset encryption algorithm;
the encryption module is used for encrypting the first plaintext data of the first participant according to the second public key and the preset encryption algorithm to obtain a third ciphertext;
the processing module is used for obtaining a first ciphertext processing result based on conversion operation of preset operation under the preset encryption algorithm according to the second public key, the second ciphertext and the third ciphertext;
the preset operation is a composite logic operation to be executed by the first plaintext data and the second plaintext data; the composite logic operation is formed by compositing all logic operations; the preset encryption algorithm has the encryption characteristics of the logic operations.
9. A computer device comprising a program or instructions that, when executed, perform the method of any of claims 1 to 7.
10. A computer-readable storage medium comprising a program or instructions which, when executed, perform the method of any of claims 1 to 7.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011447531.7A CN112580071B (en) | 2020-12-09 | 2020-12-09 | Data processing method and device |
| PCT/CN2021/129756 WO2022121607A1 (en) | 2020-12-09 | 2021-11-10 | Data processing method and apparatus |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011447531.7A CN112580071B (en) | 2020-12-09 | 2020-12-09 | Data processing method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112580071A true CN112580071A (en) | 2021-03-30 |
| CN112580071B CN112580071B (en) | 2024-05-14 |
Family
ID=75131006
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011447531.7A Active CN112580071B (en) | 2020-12-09 | 2020-12-09 | Data processing method and device |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN112580071B (en) |
| WO (1) | WO2022121607A1 (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2022121607A1 (en) * | 2020-12-09 | 2022-06-16 | 深圳前海微众银行股份有限公司 | Data processing method and apparatus |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115617897B (en) * | 2022-11-04 | 2023-03-14 | 华控清交信息科技(北京)有限公司 | Data type conversion method and multi-party secure computing system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030026430A1 (en) * | 1998-05-29 | 2003-02-06 | Makoto Aikawa | Encrypting conversion apparatus, decrypting conversion apparatus, cryptographic communication system, and electronic toll collection apparatus |
| CN108599951A (en) * | 2018-08-10 | 2018-09-28 | 北京奇虎科技有限公司 | Encryption method and device |
| CN111143862A (en) * | 2019-12-13 | 2020-05-12 | 支付宝(杭州)信息技术有限公司 | Data processing method, query method, device, electronic equipment and system |
| CN111931250A (en) * | 2019-07-11 | 2020-11-13 | 华控清交信息科技(北京)有限公司 | Multi-party safety computing integrated machine |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105099653A (en) * | 2014-05-20 | 2015-11-25 | 华为技术有限公司 | Distributed data processing method, device and system |
| CN111447059B (en) * | 2020-03-30 | 2023-04-28 | 南阳理工学院 | Ciphertext equivalent test method, ciphertext equivalent test device, electronic equipment, storage medium and ciphertext equivalent test system |
| CN112580071B (en) * | 2020-12-09 | 2024-05-14 | 深圳前海微众银行股份有限公司 | Data processing method and device |
-
2020
- 2020-12-09 CN CN202011447531.7A patent/CN112580071B/en active Active
-
2021
- 2021-11-10 WO PCT/CN2021/129756 patent/WO2022121607A1/en active Application Filing
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030026430A1 (en) * | 1998-05-29 | 2003-02-06 | Makoto Aikawa | Encrypting conversion apparatus, decrypting conversion apparatus, cryptographic communication system, and electronic toll collection apparatus |
| CN108599951A (en) * | 2018-08-10 | 2018-09-28 | 北京奇虎科技有限公司 | Encryption method and device |
| CN111931250A (en) * | 2019-07-11 | 2020-11-13 | 华控清交信息科技(北京)有限公司 | Multi-party safety computing integrated machine |
| CN111143862A (en) * | 2019-12-13 | 2020-05-12 | 支付宝(杭州)信息技术有限公司 | Data processing method, query method, device, electronic equipment and system |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2022121607A1 (en) * | 2020-12-09 | 2022-06-16 | 深圳前海微众银行股份有限公司 | Data processing method and apparatus |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2022121607A1 (en) | 2022-06-16 |
| CN112580071B (en) | 2024-05-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Almaiah et al. | A new hybrid text encryption approach over mobile ad hoc network | |
| CN108199835B (en) | Multi-party combined private key decryption method | |
| CN111510281B (en) | Homomorphic encryption method and device | |
| CN113364576A (en) | Data encryption evidence storing and sharing method based on block chain | |
| US10511581B2 (en) | Parallelizable encryption using keyless random permutations and authentication using same | |
| CN110011995B (en) | Encryption and decryption method and device in multicast communication | |
| CN107317666A (en) | A kind of parallel full homomorphism encipher-decipher method for supporting floating-point operation | |
| US20240364533A1 (en) | Quantum digital signature method and quantum digital signcryption method | |
| US8462939B2 (en) | RNS-based cryptographic system and method | |
| US8331558B2 (en) | Method of cipher block chaining using elliptic curve cryptography | |
| CA2819211C (en) | Data encryption | |
| CN106878322A (en) | A kind of encryption and decryption method of the fixed length ciphertext based on attribute and key | |
| CN112182660A (en) | Data sorting method and device | |
| CN112580071B (en) | Data processing method and device | |
| CN113992325B (en) | Private data sharing method and device | |
| CN117114959B (en) | Image encryption method based on key feedback mechanism of multi-parameter one-dimensional chaotic system | |
| CN115361109B (en) | Homomorphic encryption method supporting bidirectional proxy re-encryption | |
| CN116743358A (en) | Repudiation multi-receiver authentication method and system | |
| Srikantaswamy et al. | Enhanced onetime pad cipher with morearithmetic and logical operations with flexible key generation algorithm | |
| US6823070B1 (en) | Method for key escrow in a communication system and apparatus therefor | |
| CN115865313A (en) | Lightweight privacy protection longitudinal federal learning model parameter aggregation method | |
| CN115051849A (en) | Digital judicial evidence storing method, evidence storing device and readable storage medium | |
| Hussein et al. | An enhanced ElGamal cryptosystem for image encryption and decryption | |
| CN112367159A (en) | Medical data safety storage oriented hybrid encryption and decryption method and system | |
| kadhim Bermani et al. | Efficient cryptography techniques for image encryption in cloud storage |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |