CN113612597A - Data calculation method, device and system and electronic equipment - Google Patents

Abstract

The application provides a data calculation method, a device, a system and electronic equipment, wherein the data calculation method comprises the following steps: the trusted execution module acquires a data calculation request sent by a client, acquires corresponding symmetric ciphertext data from the data storage module according to the data calculation request, decrypts the symmetric ciphertext data to obtain first plaintext data, homomorphically encrypts the first plaintext data to obtain homomorphic ciphertext data, and sends the homomorphic ciphertext data to the untrusted calculation module so that the untrusted calculation module can perform homomorphic calculation according to the homomorphic ciphertext data to obtain a homomorphic ciphertext calculation result. The trusted execution module is used for decrypting the symmetric ciphertext and assisting the untrusted execution module in calculating key steps, the data security is guaranteed, meanwhile, the calculation efficiency is enhanced, and a practical homomorphic encryption application mode is formed through interactive cooperation of a plurality of participants such as the client, the trusted execution module, the untrusted calculation module and the data storage module.

Description

Data calculation method, device and system and electronic equipment

Technical Field

The present application relates to the field of data processing technologies, and in particular, to a data calculation method, apparatus, system, and electronic device.

Background

At present, a homomorphic encryption technology is widely applied to the fields of cloud computing, machine learning and the like as an important data security and privacy protection technology. Homomorphic encryption allows computation of ciphertext data, enabling the use of data while preserving the confidentiality of the data.

In the related art, when data calculation is performed based on a homomorphic encryption technology, the consumption of storage space, transmission network bandwidth and calculation resources of homomorphic ciphertext data is high, the calculation speed is low, and a practical homomorphic encryption application mode and a practical homomorphic encryption application architecture are lacked.

Disclosure of Invention

The application provides a data calculation method, a data calculation device, a data calculation system and electronic equipment.

An embodiment of a first aspect of the present application provides a data calculation method, including: acquiring a data calculation request sent by a client; acquiring corresponding symmetric ciphertext data from a data storage module according to the data calculation request; decrypting the symmetric ciphertext data to obtain first plaintext data; homomorphic encryption is carried out on the first plaintext data to obtain homomorphic ciphertext data; and sending the homomorphic ciphertext data to an untrusted calculation module, so that the untrusted calculation module performs homomorphic calculation according to the homomorphic ciphertext data to obtain a homomorphic ciphertext calculation result.

In the data calculation method of the embodiment of the application, the trusted execution module acquires a data calculation request sent by a client, acquires corresponding symmetric ciphertext data from the data storage module according to the data calculation request, decrypts the symmetric ciphertext data to obtain first plaintext data, homomorphic encrypts the first plaintext data to obtain homomorphic ciphertext data, and sends the homomorphic ciphertext data to the untrusted calculation module so that the untrusted calculation module performs homomorphic calculation according to the homomorphic ciphertext data to obtain a homomorphic ciphertext calculation result. According to the embodiment of the application, the data are stored and decrypted based on the symmetric encryption technology, and then subsequent calculation is carried out, compared with the data stored and decrypted based on the homomorphic encryption technology, on the premise that data safety is guaranteed, the storage space of the data, the transmission network bandwidth of the data and the calculation resource consumption are saved, the calculation speed is improved, and a practical homomorphic encryption application mode is formed through interactive cooperation of a plurality of participants such as a client side, a trusted execution module, an untrusted calculation module and a data storage module.

An embodiment of a second aspect of the present application provides a data calculation method, including: receiving homomorphic ciphertext data sent by a trusted execution module, wherein the homomorphic ciphertext data is obtained by the trusted execution module through decryption and homomorphic encryption according to symmetric ciphertext data acquired from a data storage module; and performing homomorphic calculation according to the homomorphic ciphertext data to obtain a homomorphic ciphertext calculation result.

According to the data computing method, the untrusted computing module receives homomorphic ciphertext data sent by the trusted execution module, wherein the homomorphic ciphertext data is obtained by the trusted execution module through decryption and homomorphic encryption according to symmetric ciphertext data acquired from the data storage module; and performing homomorphic calculation according to the homomorphic ciphertext data to obtain a homomorphic ciphertext calculation result. According to the embodiment of the application, the data are stored and decrypted based on the symmetric encryption technology, and then subsequent calculation is carried out, compared with the data stored and decrypted based on the homomorphic encryption technology, on the premise that data safety is guaranteed, the storage space of the data, the transmission network bandwidth of the data and the calculation resource consumption are saved, the calculation speed is improved, and a practical homomorphic encryption application mode is formed through interactive cooperation of a plurality of participants such as a client side, a trusted execution module, an untrusted calculation module and a data storage module.

An embodiment of a third aspect of the present application provides a data calculation method, including: sending a data calculation request to a trusted execution module, so that the trusted execution module can obtain corresponding symmetric ciphertext data from a data storage module according to the data calculation request, decrypt the symmetric ciphertext data to obtain first plaintext data, homomorphically encrypt the first plaintext data to obtain homomorphic ciphertext data, and send the homomorphic ciphertext data to different trusted calculation modules to perform homomorphic calculation to obtain homomorphic ciphertext calculation results; receiving the homomorphic ciphertext calculation result sent by the untrusted calculation module; and decrypting the homomorphic ciphertext calculation result to obtain a plaintext calculation result.

In the data calculation method of the embodiment of the application, the client sends the data calculation request to the trusted execution module, so that the trusted execution module obtains corresponding symmetric ciphertext data from the data storage module according to the data calculation request, decrypts the symmetric ciphertext data to obtain first plaintext data, homomorphic encrypts the first plaintext data to obtain homomorphic ciphertext data, sends the homomorphic ciphertext data to different trusted calculation modules to perform homomorphic calculation to obtain homomorphic ciphertext calculation results, receives the homomorphic ciphertext calculation results sent by the untrusted calculation modules, and decrypts the homomorphic ciphertext calculation results to obtain plaintext calculation results. According to the embodiment of the application, the data are stored and decrypted based on the symmetric encryption technology, and then subsequent calculation is carried out, compared with the data stored and decrypted based on the homomorphic encryption technology, on the premise that data safety is guaranteed, the storage space of the data, the transmission network bandwidth of the data and the calculation resource consumption are saved, the calculation speed is improved, and a practical homomorphic encryption application mode is formed through interactive cooperation of a plurality of participants such as a client side, a trusted execution module, an untrusted calculation module and a data storage module.

An embodiment of a fourth aspect of the present application provides a data computing apparatus, including: the first acquisition module is configured to acquire a data calculation request sent by a client; the second acquisition module is configured to acquire corresponding symmetric ciphertext data from the data storage module according to the data calculation request; the first decryption module is configured to decrypt the symmetric ciphertext data to obtain first plaintext data; the first encryption module is configured to homomorphic encrypt the first plaintext data to obtain homomorphic ciphertext data; the first sending module is configured to send the homomorphic ciphertext data to the untrusted calculation module, so that the untrusted calculation module performs homomorphic calculation according to the homomorphic ciphertext data to obtain a homomorphic ciphertext calculation result.

In the data computing device in the embodiment of the application, the trusted execution module obtains a data computing request sent by the client, obtains corresponding symmetric ciphertext data from the data storage module according to the data computing request, decrypts the symmetric ciphertext data to obtain first plaintext data, homomorphically encrypts the first plaintext data to obtain homomorphic ciphertext data, and sends the homomorphic ciphertext data to the untrusted calculation module, so that the untrusted calculation module performs homomorphic calculation according to the homomorphic ciphertext data to obtain a homomorphic ciphertext calculation result. According to the embodiment of the application, the data are stored and decrypted based on the symmetric encryption technology, and then subsequent calculation is carried out, compared with the data stored and decrypted based on the homomorphic encryption technology, on the premise that data safety is guaranteed, the storage space of the data, the transmission network bandwidth of the data and the calculation resource consumption are saved, the calculation speed is improved, and a practical homomorphic encryption application mode is formed through interactive cooperation of a plurality of participants such as a client side, a trusted execution module, an untrusted calculation module and a data storage module.

An embodiment of a fifth aspect of the present application provides a data computing apparatus, including: the first receiving module is configured to receive homomorphic ciphertext data sent by the trusted execution module, wherein the homomorphic ciphertext data is obtained by the trusted execution module through decryption and homomorphic encryption according to symmetric ciphertext data acquired from the data storage module; and the first calculation module is configured to perform homomorphic calculation according to the homomorphic ciphertext data to obtain a homomorphic ciphertext calculation result.

In the data computing device of the embodiment of the application, the untrusted computing module receives homomorphic ciphertext data sent by the trusted executing module, wherein the homomorphic ciphertext data is obtained by the trusted executing module through decryption and homomorphic encryption according to symmetric ciphertext data acquired from the data storage module; and performing homomorphic calculation according to the homomorphic ciphertext data to obtain a homomorphic ciphertext calculation result. According to the embodiment of the application, the data are stored and decrypted based on the symmetric encryption technology, and then subsequent calculation is carried out, compared with the data stored and decrypted based on the homomorphic encryption technology, on the premise that data safety is guaranteed, the storage space of the data, the transmission network bandwidth of the data and the calculation resource consumption are saved, the calculation speed is improved, and a practical homomorphic encryption application mode is formed through interactive cooperation of a plurality of participants such as a client side, a trusted execution module, an untrusted calculation module and a data storage module.

An embodiment of a sixth aspect of the present application provides a data computing apparatus, including: the second sending module is configured to send a data calculation request to the trusted execution module, so that the trusted execution module can obtain corresponding symmetric ciphertext data from the data storage module according to the data calculation request, decrypt the symmetric ciphertext data to obtain first plaintext data, homomorphically encrypt the first plaintext data to obtain homomorphic ciphertext data, and send the homomorphic ciphertext data to different trusted calculation modules to perform homomorphic calculation to obtain homomorphic ciphertext calculation results; a second receiving module configured to receive the homomorphic ciphertext calculation result sent by the untrusted calculation module; and the second decryption module is configured to decrypt the homomorphic ciphertext calculation result to obtain a plaintext calculation result.

In the data computing device of the embodiment of the application, the client sends the data computing request to the trusted execution module, so that the trusted execution module obtains corresponding symmetric ciphertext data from the data storage module according to the data computing request, decrypts the symmetric ciphertext data to obtain first plaintext data, homomorphic encrypts the first plaintext data to obtain homomorphic ciphertext data, sends the homomorphic ciphertext data to different trusted calculation modules to perform homomorphic calculation to obtain homomorphic ciphertext computing results, receives the homomorphic ciphertext computing results sent by the untrusted calculation modules, and decrypts the homomorphic ciphertext computing results to obtain plaintext computing results. According to the embodiment of the application, the data are stored and decrypted based on the symmetric encryption technology, and then subsequent calculation is carried out, compared with the data stored and decrypted based on the homomorphic encryption technology, on the premise that data safety is guaranteed, the storage space of the data, the transmission network bandwidth of the data and the calculation resource consumption are saved, the calculation speed is improved, and a practical homomorphic encryption application mode is formed through interactive cooperation of a plurality of participants such as a client side, a trusted execution module, an untrusted calculation module and a data storage module.

An embodiment of a seventh aspect of the present application provides a data computing system, including: a data storage module, a trusted execution module provided with a data computing device as described in the embodiment of the fourth aspect, an untrusted execution module provided with a data computing device as described in the embodiment of the fifth aspect, and a client provided with a data computing device as described in the embodiment of the sixth aspect.

An eighth aspect of the present application provides an electronic device, including: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to enable the at least one processor to perform a data calculation method as described in the first aspect of the embodiments above, or to perform a data calculation method as described in the second aspect of the embodiments above, or to perform a data calculation method as described in the third aspect of the embodiments above.

An embodiment of a ninth aspect of the present application provides a computer-readable storage medium storing computer instructions for causing a computer to perform the data calculation method according to the embodiment of the first aspect, or perform the data calculation method according to the embodiment of the second aspect, or perform the data calculation method according to the embodiment of the third aspect.

Additional aspects and advantages of the present application will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the present application.

Drawings

The foregoing and/or additional aspects and advantages of the present application will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings of which:

fig. 1 is a schematic flow chart of a data calculation method according to an embodiment of the present application;

FIG. 2 is a schematic flow chart diagram illustrating a data calculation method according to another embodiment of the present application;

FIG. 3 is a schematic flow chart diagram illustrating a data calculation method according to another embodiment of the present application;

FIG. 4 is a schematic flow chart diagram illustrating a data calculation method according to another embodiment of the present application;

FIG. 5 is a schematic flow chart diagram illustrating a data calculation method according to another embodiment of the present application;

FIG. 6 is a schematic flow chart diagram illustrating a data calculation method according to another embodiment of the present application;

FIG. 7 is a schematic flow chart diagram illustrating a data calculation method according to another embodiment of the present application;

fig. 8 is a schematic signaling interaction diagram of a data calculation method according to an embodiment of the present application;

FIG. 9 is a schematic structural diagram of a data computing device according to an embodiment of the present application;

FIG. 10 is a schematic diagram of a data computing device according to another embodiment of the present application;

FIG. 11 is a schematic diagram of a data computing device according to another embodiment of the present application;

FIG. 12 is a block diagram of a data computing system according to an embodiment of the present application;

fig. 13 is a schematic structural diagram of an electronic device according to an embodiment of the present application.

Detailed Description

Reference will now be made in detail to the embodiments of the present application, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are exemplary and intended to be used for explaining the present application and should not be construed as limiting the present application. The following describes a data calculation method, apparatus, system, and electronic device according to embodiments of the present application with reference to the drawings.

Fig. 1 is a schematic flow chart of a data calculation method according to an embodiment of the present application. The data calculation method according to the embodiment of the present application may be executed by the data calculation apparatus according to the embodiment of the present application, and the data calculation apparatus may be disposed in a trusted execution module of a data calculation system. As shown in fig. 1, the data calculation method according to the embodiment of the present application may specifically include the following steps:

s101, acquiring a data calculation request sent by a client.

Specifically, in an application scenario constructed based on a computer technology, data calculation can be completed by multiple participants, and can be simply divided into a client where a user is located, a data storage module providing data storage service, and a participant (e.g., cloud computing service) undertaking computing service. The computing service can be divided into a trusted execution module and an untrusted computing module.

The Trusted Execution module is constructed based on a Trusted Execution Environment (TEE for short). The trusted execution environment provides an isolated, secure program execution space that protects its internal code and data from access and corruption by external computing environments. The trusted execution environment may be hardware-based, e.g.,

SGX, which may also be software-based, for example, a trusted Hypervisor (Hypervisor) that protects applications from operating system attacks.

In a specific implementation, when the client needs to perform some computation using data stored in the data storage module, for example, data computation in machine learning model training, the client may send a data computation request to the trusted execution module, and the trusted execution module receives the data computation request sent by the client and provides a computation service.

It should be noted here that the data calculation request sent by the client may include, but is not limited to, data information that needs to be acquired from the data storage module and call information of a calculation program applied to implement data calculation. After the client is examined and the function of the computing program is determined to be correct and no security loophole exists, the computing program is uploaded and loaded to the trusted execution module so that the trusted execution module can realize data calculation according to the computing program. The client interacts with the trusted execution module and, using the security mechanisms provided by the trusted execution module (e.g.,

remote attetstation of SGX), authenticates the identity of the trusted execution module and the integrity of the computing program, while establishing a secure channel between the client and the trusted execution module.

And S102, acquiring corresponding symmetric ciphertext data from the data storage module according to the data calculation request.

Specifically, the trusted execution module obtains the corresponding symmetric ciphertext data from the data storage module according to the data calculation request obtained in step S101.

It should be noted here that the data storage module can store data for a long time and provide data according to the requirements of the client. The data storage module may be located at a remote location outside the control range of the client, provided by a data storage service provider, and needs to encrypt data to ensure data security, and the data storage module generally uses a symmetric encryption scheme based on consideration of the size of the ciphertext and the encryption and decryption speed to implement data encryption, for example, the encryption scheme may be an SM4 algorithm and a Counter mode, or an AES algorithm and a GCM mode with 256-bit keys.

S103, the symmetric ciphertext data is decrypted to obtain first plaintext data.

Specifically, the trusted execution module decrypts the symmetric ciphertext data obtained in step S102 to obtain first plaintext data corresponding to the symmetric ciphertext data.

It should be noted that, in this embodiment of the application, before the trusted execution module decrypts the symmetric ciphertext data through step S301, the client sends the symmetric encryption key to the trusted execution module through the secure channel. The trusted execution module receives the symmetric encryption key sent by the client, and decrypts the symmetric ciphertext data by adopting the symmetric encryption key to obtain first plaintext data.

And S104, homomorphic encryption is carried out on the first plaintext data to obtain homomorphic ciphertext data.

Specifically, the trusted execution module performs homomorphic encryption on the first plaintext data obtained in step S103 to obtain homomorphic ciphertext data.

Homomorphic Encryption (Homomorphic Encryption), a method for processing data without accessing the data itself, is a cryptography technique based on the computational complexity theory of mathematical problems. The homomorphic encrypted data is processed to obtain an output, which is decrypted, the result of which is the same as the output result obtained by processing the unencrypted original data in the same way. The homomorphic encryption can perform addition and multiplication operations based on the ciphertext, and the data processing is realized under the condition of ensuring the data security.

It should be noted that in this embodiment of the application, before the trusted execution module performs homomorphic encryption on the first plaintext data through step S104, the client sends a homomorphic encryption key (including a public key and a private key) to the trusted execution module through the secure channel. The trusted execution module receives a homomorphic encryption key sent by the client, and homomorphic encryption is carried out on the first plaintext data by adopting the homomorphic encryption key to obtain homomorphic ciphertext data. Thus, the symmetric ciphertext data is converted into homomorphic ciphertext data with higher security level, for example, the trusted execution module converts data encrypted by the SM4 algorithm and the Counter mode into homomorphic ciphertext data encrypted by the hierarchical homomorphic encryption algorithm BGV.

And S105, sending the homomorphic ciphertext data to the untrusted calculation module, so that the untrusted calculation module performs homomorphic calculation according to the homomorphic ciphertext data to obtain a homomorphic ciphertext calculation result.

Specifically, the trusted execution module sends the homomorphic ciphertext data obtained in the step S104 to the untrusted calculation module, and the untrusted calculation module performs homomorphic calculation according to the homomorphic ciphertext to obtain a homomorphic ciphertext calculation result.

The untrusted computing module may be constructed based on an untrusted computing environment, and the untrusted computing environment may include an operating system, virtual machine management software, a BIOS, and all other hardware, software, and firmware except the CPU, and has the advantages of rich computing resources, dynamic capacity expansion as needed, and the like, and may perform a large-scale computing task. In order to protect the confidentiality of data, the calculation executed on the untrusted calculation module is realized based on a homomorphic encryption technology, namely homomorphic ciphertext data is calculated, and the obtained calculation result is also homomorphic ciphertext. According to a specific calculation task, a fully homomorphic encryption algorithm and a partially homomorphic encryption algorithm can be used, and the application is not limited.

In the data calculation method of the embodiment of the application, the trusted execution module acquires a data calculation request sent by a client, acquires corresponding symmetric ciphertext data from the data storage module according to the data calculation request, decrypts the symmetric ciphertext data to obtain first plaintext data, homomorphic encrypts the first plaintext data to obtain homomorphic ciphertext data, and sends the homomorphic ciphertext data to the untrusted calculation module so that the untrusted calculation module performs homomorphic calculation according to the homomorphic ciphertext data to obtain a homomorphic ciphertext calculation result. According to the embodiment of the application, the data are stored and decrypted based on the symmetric encryption technology, and then subsequent calculation is carried out, compared with the data stored and decrypted based on the homomorphic encryption technology, on the premise that data safety is guaranteed, the storage space of the data, the transmission network bandwidth of the data and the calculation resource consumption are saved, the calculation speed is improved, and a practical homomorphic encryption application mode is formed through interactive cooperation of a plurality of participants such as a client side, a trusted execution module, an untrusted calculation module and a data storage module.

Fig. 2 is a schematic flow chart of a data calculation method according to another embodiment of the present application. As shown in fig. 2, based on the embodiment shown in fig. 1, the data calculation method in the embodiment of the present application specifically includes the following steps:

s201, acquiring a data calculation request sent by a client.

And S202, acquiring corresponding symmetric ciphertext data from the data storage module according to the data calculation request.

S203, the symmetric ciphertext data is decrypted to obtain first plaintext data.

S204, homomorphic encryption is carried out on the first plaintext data to obtain homomorphic ciphertext data.

S205, sending the homomorphic ciphertext data to the untrusted calculation module, so that the untrusted calculation module can perform homomorphic calculation according to the homomorphic ciphertext data to obtain a homomorphic ciphertext calculation result.

Specifically, steps S201 to S205 are similar to steps S101 to S105 in the above embodiment, and are not described again here.

In specific implementation, under the condition of meeting the requirement of safety, the computing task can be reasonably divided between the trusted execution module and the untrusted execution module by combining the computing capability of the trusted execution module, so that the overall computing performance of computing is improved. The embodiment of the present application may further include the following steps S206 to S210.

And S206, receiving a first homomorphic ciphertext intermediate calculation result sent by the untrusted calculation module.

Specifically, during data computation, the trusted execution module may perform some performance and security critical computations, depending on the computational needs. In the homomorphic calculation process, the untrusted calculation module may send the first homomorphic ciphertext intermediate calculation result to the trusted execution module, and the trusted execution module receives the first homomorphic ciphertext intermediate calculation result sent by the untrusted calculation module and performs intermediate-stage data calculation.

And S207, decrypting the intermediate calculation result of the first homomorphic ciphertext to obtain second plaintext data.

Specifically, the trusted execution module decrypts the intermediate calculation result of the first homomorphic ciphertext received in step S206 according to the homomorphic key, so as to obtain the second plaintext data.

And S208, calculating according to the second plaintext data to obtain a plaintext intermediate calculation result.

Specifically, according to the second plaintext data obtained in step S207, the related calculation procedure is executed, so as to obtain a plaintext intermediate calculation result.

S209, homomorphic encryption is carried out on the plaintext intermediate calculation result to obtain a second homomorphic ciphertext intermediate calculation result.

Specifically, the trusted execution module performs homomorphic encryption on the plaintext intermediate calculation result obtained in step S208 according to the homomorphic encryption key, so as to obtain a second homomorphic ciphertext intermediate calculation result.

And S210, sending the intermediate calculation result of the second homomorphic ciphertext to the untrusted calculation module, so that the untrusted calculation module performs homomorphic calculation according to the intermediate calculation result of the second homomorphic ciphertext to obtain a homomorphic ciphertext calculation result.

Specifically, the trusted execution module sends the second homomorphic ciphertext intermediate calculation result obtained in step S209 to the untrusted calculation module. And the untrusted calculation module receives the intermediate calculation result of the second homomorphic ciphertext and continues to perform further homomorphic calculation according to the intermediate calculation result of the second homomorphic ciphertext. It should be noted that the above interactive collaboration may be performed multiple times until a final homomorphic ciphertext computation result is obtained.

In the data calculation method of the embodiment of the application, the trusted execution module acquires a data calculation request sent by a client, acquires corresponding symmetric ciphertext data from the data storage module according to the data calculation request, decrypts the symmetric ciphertext data to obtain first plaintext data, homomorphic encrypts the first plaintext data to obtain homomorphic ciphertext data, and sends the homomorphic ciphertext data to the untrusted calculation module so that the untrusted calculation module performs homomorphic calculation according to the homomorphic ciphertext data to obtain a homomorphic ciphertext calculation result. The embodiment of the application stores and decrypts data based on the symmetric encryption technology to perform subsequent calculation, compared with the embodiment that stores and decrypts data based on the homomorphic encryption technology to perform subsequent calculation, on the premise of ensuring the data security, the storage space of the data, the transmission network bandwidth of the data and the consumption of computing resources are saved, the data calculation is completed by the trusted execution module and the untrusted calculation module in cooperation with a homomorphic encryption technology, namely, homomorphic cryptograph data homomorphically encrypted by the trusted execution module is sent to the untrusted calculation module which has rich calculation resources and can execute large-scale calculation tasks for homomorphic calculation, therefore, large-scale data calculation tasks can be realized while data security is guaranteed, meanwhile, partial performance and security key calculation is executed through the trusted execution module, the calculation speed is further improved, and therefore the calculation tasks are completed safely and efficiently. A practical homomorphic encryption application mode is formed through interactive cooperation of a plurality of participants such as a client, a trusted execution module, an untrusted calculation module, a data storage module and the like.

Fig. 3 is a schematic flow chart of a data calculation method according to another embodiment of the present application. The data calculation method of the embodiment of the present application can be executed by the data calculation device provided in the embodiment of the present application, and the data calculation device can be disposed in an untrusted calculation module of a data calculation system. As shown in fig. 3, the data calculation method according to the embodiment of the present application may specifically include the following steps:

and S301, homomorphic ciphertext data sent by the trusted execution module is received, wherein the homomorphic ciphertext data is obtained by the trusted execution module through decryption and homomorphic encryption according to the symmetric ciphertext data acquired from the data storage module.

And S302, homomorphic calculation is carried out according to homomorphic ciphertext data to obtain a homomorphic ciphertext calculation result.

It should be noted here that the above explanation of the embodiment of the data calculation method is also applicable to the data calculation method in the embodiment of the present application, and the specific process is not described herein again.

According to the data computing method, the untrusted computing module receives homomorphic ciphertext data sent by the trusted executing module, wherein the homomorphic ciphertext data is obtained by the trusted executing module through decryption and homomorphic encryption according to symmetric ciphertext data acquired from the data storage module, and homomorphic ciphertext computing results are obtained through homomorphic computing according to the homomorphic ciphertext data. According to the embodiment of the application, the data are stored and decrypted based on the symmetric encryption technology so as to perform subsequent calculation, compared with the data stored and decrypted based on the homomorphic encryption technology so as to perform subsequent calculation, on the premise of ensuring data safety, the storage space of the data, the transmission network bandwidth of the data and the calculation resource consumption are saved, the calculation speed is improved, and a practical homomorphic encryption application mode is formed through interactive cooperation of a plurality of participants such as a client, a trusted execution module, an untrusted calculation module and a data storage module

Fig. 4 is a schematic flow chart of a data calculation method according to another embodiment of the present application. As shown in fig. 4, based on the embodiment shown in fig. 3, the data calculation method in the embodiment of the present application specifically includes the following steps:

and S401, receiving homomorphic ciphertext data sent by the trusted execution module, wherein the homomorphic ciphertext data is obtained by the trusted execution module through decryption and homomorphic encryption according to the symmetric ciphertext data acquired from the data storage module.

S402, homomorphic calculation is carried out according to homomorphic ciphertext data to obtain homomorphic ciphertext calculation results.

Specifically, steps S401 to S402 are similar to steps S301 to S302 in the above embodiment, and are not described again here.

And S403, sending the homomorphic ciphertext calculation result to the client, so that the client can decrypt the homomorphic ciphertext calculation result to obtain a plaintext calculation result.

Specifically, the untrusted calculation module sends a homomorphic ciphertext calculation result meeting a data calculation request sent by the client to the client, the client receives the homomorphic ciphertext calculation result, and the client decrypts the homomorphic ciphertext calculation result to obtain a plaintext calculation result corresponding to the homomorphic ciphertext calculation result.

As a possible implementation manner, on the basis of the foregoing embodiment, as shown in fig. 5, the step S402 of "performing homomorphic calculation according to homomorphic ciphertext data to obtain a homomorphic ciphertext calculation result" may specifically include the following steps:

s501, homomorphic calculation is carried out according to homomorphic ciphertext data to obtain a first homomorphic ciphertext intermediate calculation result.

Specifically, the untrusted computing module performs homomorphic computing according to homomorphic ciphertext data sent by the trusted executing module to obtain a first homomorphic ciphertext intermediate computing result.

S502, the first homomorphic ciphertext intermediate calculation result is sent to the trusted execution module, so that the trusted execution module can decrypt the first homomorphic ciphertext intermediate calculation result to obtain second plaintext data.

And S503, receiving a second homomorphic ciphertext intermediate calculation result sent by the trusted execution module, wherein the second homomorphic ciphertext intermediate calculation result is obtained by performing homomorphic encryption on a plaintext intermediate calculation result obtained by calculation according to the second plaintext data by the trusted execution module.

S504, homomorphic calculation is carried out according to the intermediate calculation result of the second homomorphic ciphertext to obtain a homomorphic ciphertext calculation result.

Specifically, the untrusted calculation module continues further homomorphic calculation according to the intermediate calculation result of the second homomorphic ciphertext received in step S503, so as to obtain a final homomorphic ciphertext calculation result.

It should be noted here that the above explanation of the embodiment of the data calculation method is also applicable to the data calculation method in the embodiment of the present application, and the specific process is not described herein again.

According to the data computing method, the untrusted computing module receives homomorphic ciphertext data sent by the trusted executing module, wherein the homomorphic ciphertext data is obtained by the trusted executing module through decryption and homomorphic encryption according to symmetric ciphertext data acquired from the data storage module, and homomorphic ciphertext computing results are obtained through homomorphic computing according to the homomorphic ciphertext data. The embodiment of the application stores and decrypts data based on a symmetric encryption technology and then performs subsequent calculation, compared with the method for storing and decrypting data based on a homomorphic encryption technology and then performing subsequent calculation, on the premise of ensuring data safety, the storage space of the data is saved, the transmission network bandwidth and the calculation resource consumption of the data are reduced, the calculation speed is increased, meanwhile, homomorphic calculation is performed by fully utilizing the advantages of abundant calculation resources of an untrusted calculation module, dynamic capacity expansion according to needs and the like, data calculation is rapidly completed while data safety is guaranteed, and a practical homomorphic encryption application mode is formed through interactive cooperation of a plurality of participants such as a client side, a trusted execution module, an untrusted calculation module and a data storage module.

Fig. 6 is a schematic flow chart of a data calculation method according to another embodiment of the present application. The data calculation method of the embodiment of the present application can be executed by the data calculation device provided in the embodiment of the present application, and the data calculation device can be disposed in a client of a data calculation system. As shown in fig. 6, the data calculation method according to the embodiment of the present application may specifically include the following steps:

s601, sending the data calculation request to a trusted execution module, so that the trusted execution module can obtain corresponding symmetric ciphertext data from the data storage module according to the data calculation request, decrypt the symmetric ciphertext data to obtain first plaintext data, homomorphically encrypt the first plaintext data to obtain homomorphic ciphertext data, and send the homomorphic ciphertext data to different trusted calculation modules to perform homomorphic calculation to obtain homomorphic ciphertext calculation results.

And S602, receiving a homomorphic ciphertext calculation result sent by the untrusted calculation module.

S603, decrypting the homomorphic ciphertext calculation result to obtain a plaintext calculation result.

Specifically, the homomorphic secret key is used to decrypt the homomorphic ciphertext calculation result received in step S602, so as to obtain a corresponding plaintext calculation result.

It should be noted here that the above explanation of the embodiment of the data calculation method is also applicable to the data calculation method in the embodiment of the present application, and the specific process is not described herein again.

In the data calculation method of the embodiment of the application, the client sends the data calculation request to the trusted execution module, so that the trusted execution module obtains corresponding symmetric ciphertext data from the data storage module according to the data calculation request, decrypts the symmetric ciphertext data to obtain first plaintext data, homomorphic encrypts the first plaintext data to obtain homomorphic ciphertext data, sends the homomorphic ciphertext data to different trusted calculation modules to perform homomorphic calculation to obtain homomorphic ciphertext calculation results, receives the homomorphic ciphertext calculation results sent by the untrusted calculation modules, and decrypts the homomorphic ciphertext calculation results to obtain plaintext calculation results. According to the embodiment of the application, the data are stored and decrypted based on the symmetric encryption technology, and then subsequent calculation is carried out, compared with the data stored and decrypted based on the homomorphic encryption technology, on the premise that data safety is guaranteed, the storage space of the data, the transmission network bandwidth of the data and the calculation resource consumption are saved, the calculation speed is improved, and a practical homomorphic encryption application mode is formed through interactive cooperation of a plurality of participants such as a client side, a trusted execution module, an untrusted calculation module and a data storage module.

Fig. 7 is a schematic flowchart of a data calculation method according to another embodiment of the present application. As shown in fig. 7, based on the embodiment shown in fig. 6, the data calculation method in the embodiment of the present application specifically includes the following steps:

and S701, sending the data calculation request to a trusted execution module, so that the trusted execution module can obtain corresponding symmetric ciphertext data from the data storage module according to the data calculation request, decrypt the symmetric ciphertext data to obtain first plaintext data, homomorphically encrypt the first plaintext data to obtain homomorphic ciphertext data, and send the homomorphic ciphertext data to different trusted calculation modules to perform homomorphic calculation to obtain homomorphic ciphertext calculation results.

Specifically, step S701 is similar to step S601 in the above embodiment, and is not described here again.

S702, the symmetric encryption key is sent to the trusted execution module, so that the trusted execution module decrypts the symmetric cipher text data by using the symmetric encryption key, and first plaintext data is obtained.

Specifically, the client sends the symmetric encryption key to the trusted execution module through the secure channel.

And S703, sending the homomorphic encryption key to the trusted execution module, so that the trusted execution module performs homomorphic encryption on the first plaintext data by using the homomorphic encryption key to obtain homomorphic ciphertext data.

Specifically, the client sends the homomorphic encryption key to the trusted execution module through the secure channel.

S704, receiving a homomorphic ciphertext calculation result sent by the untrusted calculation module.

S705, the homomorphic ciphertext calculation result is decrypted to obtain a plaintext calculation result.

Specifically, steps S704-S705 are similar to steps S602-S603 in the above embodiment, and are not described here again.

It should be noted here that the above explanation of the embodiment of the data calculation method is also applicable to the data calculation method in the embodiment of the present application, and the specific process is not described herein again.

In the data calculation method of the embodiment of the application, the client sends the data calculation request to the trusted execution module, so that the trusted execution module obtains corresponding symmetric ciphertext data from the data storage module according to the data calculation request, decrypts the symmetric ciphertext data to obtain first plaintext data, homomorphic encrypts the first plaintext data to obtain homomorphic ciphertext data, sends the homomorphic ciphertext data to different trusted calculation modules to perform homomorphic calculation to obtain homomorphic ciphertext calculation results, receives the homomorphic ciphertext calculation results sent by the untrusted calculation modules, and decrypts the homomorphic ciphertext calculation results to obtain plaintext calculation results. According to the embodiment of the application, the data are stored and decrypted based on the symmetric encryption technology, and then subsequent calculation is performed, compared with the data stored and decrypted based on the homomorphic encryption technology, on the premise that data safety is guaranteed, the storage space of the data is saved, the transmission network bandwidth and the calculation resource consumption of the data are saved, the calculation speed is improved, the client sends a data calculation request to the trusted execution module, the data calculation task initiated by the client can be safely and efficiently completed through the trusted execution module in cooperation with the homomorphic encryption machine technology, and a practical homomorphic encryption application mode is formed through interactive cooperation of multiple participants such as the client, the trusted execution module, the untrusted calculation module and the data storage module.

For clarity of explanation of the data calculation method according to the embodiment of the present application, the following description is made in detail with reference to fig. 8. Fig. 8 is a schematic signaling interaction diagram of a data calculation method according to an embodiment of the present application.

As shown in fig. 8, the data calculation method according to the embodiment of the present application is implemented by a client, a data service module, a trusted execution module, and an untrusted calculation module, and specifically includes the following steps:

s801, the client sends a data calculation request to the trusted execution module, authenticates a calculation program loaded by the trusted execution module, and establishes a secure channel with the trusted execution module.

S802, the client sends the symmetric encryption key and the homomorphic encryption key to the trusted execution module through the secure channel.

S803, the trusted execution module obtains the corresponding symmetric cipher text data from the data storage module according to the data calculation request,

s804, the trusted execution module decrypts the symmetric cipher text data by using the symmetric encryption key to obtain first plaintext data.

And S805, the trusted execution module performs homomorphic encryption on the first plaintext data by using the homomorphic encryption key to obtain homomorphic ciphertext data.

And S806, the trusted execution module sends the homomorphic ciphertext data to the untrusted calculation module.

And S807, the untrusted calculation module performs homomorphic calculation according to the homomorphic ciphertext data.

And S808, the untrusted computing module sends the first homomorphic ciphertext intermediate computing result to the trusted executing module.

And S809, the trusted execution module decrypts the intermediate result of the first homomorphic ciphertext according to the homomorphic encryption key to obtain second plaintext data.

And S810, the trusted execution module calculates according to the second plaintext data to obtain a plaintext intermediate calculation result.

S811, the trusted execution module encrypts the plaintext intermediate calculation result to obtain a second homomorphic ciphertext intermediate calculation result.

And S812, the trusted execution module sends the intermediate calculation result of the second homomorphic ciphertext to the untrusted calculation module.

And S813, the untrusted calculation module performs homomorphic calculation according to the intermediate calculation result of the second homomorphic ciphertext to obtain a homomorphic ciphertext calculation result.

S814, the untrusted computing module sends the homomorphic ciphertext computing result to the client.

And S815, the client decrypts the homomorphic ciphertext calculation result according to the homomorphic encryption key to obtain a plaintext calculation result.

In order to implement the above embodiments, the embodiments of the present application further provide a data computing device. Fig. 9 is a schematic structural diagram of a data computing device according to an embodiment of the present application. May be provided in a trusted execution module of a data computing system, as shown in fig. 9, the data computing apparatus 900 according to the embodiment of the present application may specifically include: a first generating module 901, a second obtaining module 902, a first decrypting module 903, a first encrypting module 904 and a first sending module 905.

A first obtaining module 901 configured to obtain a data calculation request sent by a client.

And a second obtaining module 902 configured to obtain corresponding symmetric ciphertext data from the data storage module according to the data calculation request.

The first decryption module 903 is configured to decrypt the symmetric ciphertext data to obtain first plaintext data.

The first encryption module 904 is configured to homomorphic encrypt the first plaintext data to obtain homomorphic ciphertext data.

The first sending module 905 is configured to send the homomorphic ciphertext data to the untrusted calculation module, so that the untrusted calculation module performs homomorphic calculation according to the homomorphic ciphertext data to obtain a homomorphic ciphertext calculation result.

In an embodiment of the present application, the data computing apparatus 900 of the embodiment of the present application may further include: the third receiving module is configured to receive the first homomorphic ciphertext intermediate calculation result sent by the untrusted calculation module; the third decryption module is configured to decrypt the intermediate calculation result of the first homomorphic ciphertext to obtain second plaintext data; the second calculation module is configured to calculate according to the second plaintext data to obtain a plaintext intermediate calculation result; the second encryption module is configured to homomorphic encrypt the plaintext intermediate calculation result to obtain a second homomorphic ciphertext intermediate calculation result; and the third sending module is configured to send the intermediate calculation result of the second homomorphic ciphertext to the untrusted calculation module, so that the untrusted calculation module performs homomorphic calculation according to the intermediate calculation result of the second homomorphic ciphertext to obtain the calculation result of the homomorphic ciphertext.

In an embodiment of the present application, the data computing apparatus 900 of the embodiment of the present application may further include: the fourth receiving module is configured to receive the symmetric encryption key sent by the client; the first decryption module 903 may include: and the decryption unit is configured to decrypt the symmetric ciphertext data by adopting the symmetric encryption key to obtain first plaintext data.

In an embodiment of the present application, the data computing apparatus 900 of the embodiment of the present application may further include: a fifth receiving module, configured to receive the homomorphic encryption key sent by the client; the first encryption module 904 may include: and the encryption unit is configured to homomorphic encrypt the first plaintext data by adopting a homomorphic encryption key to obtain homomorphic ciphertext data.

It should be noted that the above explanation of the data calculation method embodiment is also applicable to the data calculation apparatus of this embodiment, and the specific process is not described herein again.

In the data computing device in the embodiment of the application, the trusted execution module obtains a data computing request sent by the client, obtains corresponding symmetric ciphertext data from the data storage module according to the data computing request, decrypts the symmetric ciphertext data to obtain first plaintext data, homomorphically encrypts the first plaintext data to obtain homomorphic ciphertext data, and sends the homomorphic ciphertext data to the untrusted calculation module, so that the untrusted calculation module performs homomorphic calculation according to the homomorphic ciphertext data to obtain a homomorphic ciphertext calculation result. The embodiment of the application stores and decrypts data based on the symmetric encryption technology to perform subsequent calculation, compared with the embodiment that stores and decrypts data based on the homomorphic encryption technology to perform subsequent calculation, on the premise of ensuring the data security, the storage space of the data, the transmission network bandwidth of the data and the consumption of computing resources are saved, the data calculation is completed by the trusted execution module and the untrusted calculation module in cooperation with a homomorphic encryption technology, namely, homomorphic cryptograph data homomorphically encrypted by the trusted execution module is sent to the untrusted calculation module which has rich calculation resources and can execute large-scale calculation tasks for homomorphic calculation, therefore, large-scale data calculation tasks can be realized while data security is guaranteed, meanwhile, partial performance and security key calculation is executed through the trusted execution module, the calculation speed is further improved, and therefore the calculation tasks are completed safely and efficiently. A practical homomorphic encryption application mode is formed through interactive cooperation of a plurality of participants such as a client, a trusted execution module, an untrusted calculation module, a data storage module and the like.

In order to implement the above embodiments, the embodiments of the present application further provide a data computing device. Fig. 10 is a schematic structural diagram of a data computing device according to another embodiment of the present application. May be disposed in an untrusted computing module of a data computing system, as shown in fig. 10, the data computing apparatus 1000 according to the embodiment of the present application may specifically include: a first receiving module 1001 and a first calculating module 1002.

The first receiving module 1001 is configured to receive homomorphic ciphertext data sent by the trusted execution module, where the homomorphic ciphertext data is obtained by the trusted execution module performing decryption and homomorphic encryption according to symmetric ciphertext data acquired from the data storage module.

The first calculating module 1002 is configured to perform homomorphic calculation according to homomorphic ciphertext data to obtain a homomorphic ciphertext calculation result.

In an embodiment of the present application, the data computing apparatus 1000 of the embodiment of the present application may further include: and the fourth sending module is configured to send the homomorphic ciphertext calculation result to the client so that the client can decrypt the homomorphic ciphertext calculation result to obtain a plaintext calculation result.

In one embodiment of the present application, the first calculation module 1002 may include: the first calculation unit is configured to perform homomorphic calculation according to homomorphic ciphertext data to obtain a first homomorphic ciphertext intermediate calculation result; the sending unit is configured to send the first homomorphic ciphertext intermediate calculation result to the trusted execution module so that the trusted execution module can decrypt the first homomorphic ciphertext intermediate calculation result to obtain second plaintext data; the receiving unit is configured to receive a second homomorphic ciphertext intermediate calculation result sent by the trusted execution module, wherein the second homomorphic ciphertext intermediate calculation result is obtained by homomorphically encrypting a plaintext intermediate calculation result obtained by calculation according to second plaintext data by the trusted execution module; and the second computing unit is configured to perform homomorphic computation according to the second homomorphic ciphertext intermediate computation result to obtain a homomorphic ciphertext computation result.

It should be noted that the above explanation of the data calculation method embodiment is also applicable to the data calculation apparatus of this embodiment, and the specific process is not described herein again.

According to the data computing device, the untrusted computing module receives homomorphic ciphertext data sent by the trusted executing module, wherein the homomorphic ciphertext data is obtained by the trusted executing module through decryption and homomorphic encryption according to symmetric ciphertext data acquired from the data storage module, and homomorphic ciphertext computing results are obtained through homomorphic computing according to the homomorphic ciphertext data. The embodiment of the application stores and decrypts data based on a symmetric encryption technology and then performs subsequent calculation, compared with the method for storing and decrypting data based on a homomorphic encryption technology and then performing subsequent calculation, on the premise of ensuring data safety, the storage space of the data is saved, the transmission network bandwidth and the calculation resource consumption of the data are reduced, the calculation speed is increased, meanwhile, homomorphic calculation is performed by fully utilizing the advantages of abundant calculation resources of an untrusted calculation module, dynamic capacity expansion according to needs and the like, data calculation is rapidly completed while data safety is guaranteed, and a practical homomorphic encryption application mode is formed through interactive cooperation of a plurality of participants such as a client side, a trusted execution module, an untrusted calculation module and a data storage module.

In order to implement the above embodiments, the embodiments of the present application further provide a data computing device. Fig. 11 is a schematic structural diagram of a data computing device according to another embodiment of the present application. The data computing apparatus 1100 according to the embodiment of the present application may specifically include, as shown in fig. 11: a second sending module 1101, a second receiving module 1102 and a second decryption module 1103.

The second sending module 1101 is configured to send the data calculation request to the trusted execution module, so that the trusted execution module obtains corresponding symmetric ciphertext data from the data storage module according to the data calculation request, decrypts the symmetric ciphertext data to obtain first plaintext data, homomorphically encrypts the first plaintext data to obtain homomorphic ciphertext data, and sends the homomorphic ciphertext data to different trusted calculation modules to perform homomorphic calculation to obtain a homomorphic ciphertext calculation result.

The second receiving module 1102 is configured to receive the homomorphic ciphertext calculation result sent by the untrusted calculation module.

The second decryption module 1103 is configured to decrypt the homomorphic ciphertext calculation result to obtain a plaintext calculation result.

In one embodiment of the present application, the data computing device 1100 of the embodiment of the present application may further include: and the fifth sending module is configured to send the symmetric encryption key to the trusted execution module, so that the trusted execution module decrypts the symmetric ciphertext data by using the symmetric encryption key to obtain the first plaintext data.

In one embodiment of the present application, the data computing device 1100 of the embodiment of the present application may further include: and the sixth sending module is configured to send the homomorphic encryption key to the trusted execution module, so that the trusted execution module performs homomorphic encryption on the first plaintext data by using the homomorphic encryption key to obtain homomorphic ciphertext data.

It should be noted that the above explanation of the data calculation method embodiment is also applicable to the data calculation apparatus of this embodiment, and the specific process is not described herein again.

In the data computing device of the embodiment of the application, the client sends the data computing request to the trusted execution module, so that the trusted execution module obtains corresponding symmetric ciphertext data from the data storage module according to the data computing request, decrypts the symmetric ciphertext data to obtain first plaintext data, homomorphic encrypts the first plaintext data to obtain homomorphic ciphertext data, sends the homomorphic ciphertext data to different trusted calculation modules to perform homomorphic calculation to obtain homomorphic ciphertext computing results, receives the homomorphic ciphertext computing results sent by the untrusted calculation modules, and decrypts the homomorphic ciphertext computing results to obtain plaintext computing results. According to the embodiment of the application, the data are stored and decrypted based on the symmetric encryption technology, and then subsequent calculation is performed, compared with the data stored and decrypted based on the homomorphic encryption technology, on the premise that data safety is guaranteed, the storage space of the data is saved, the transmission network bandwidth and the calculation resource consumption of the data are saved, the calculation speed is improved, the client sends a data calculation request to the trusted execution module, the data calculation task initiated by the client can be safely and efficiently completed through the trusted execution module in cooperation with the homomorphic encryption technology, and a practical homomorphic encryption application mode is formed through interactive cooperation of multiple participants such as the client, the trusted execution module, the untrusted calculation module and the data storage module.

In order to implement the above embodiments, the embodiments of the present application further provide a data computing system. Fig. 12 is a schematic structural diagram of a data computing system according to an embodiment of the present application. As shown in fig. 12, the data computing system 1200 according to the embodiment of the present application may specifically include: a data storage module 1201, a trusted execution module 1202 provided with the data computing apparatus shown in fig. 9, an untrusted execution module 1203 provided with the data computing apparatus shown in fig. 10, and a client 1204 provided with the data computing apparatus shown in fig. 11.

According to an embodiment of the present application, an electronic device and a readable storage medium are also provided.

Fig. 13 is a block diagram of an electronic device according to the data calculation method of the embodiment of the present application. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. The electronic device may also represent various forms of mobile devices, such as smart voice interaction devices, personal digital processing, cellular phones, smart phones, wearable devices, and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be examples only, and are not meant to limit implementations of the present application that are described and/or claimed herein.

As shown in fig. 13, the electronic apparatus includes: one or more processors 1301, memory 1302, and interfaces for connecting the various components, including high speed interfaces and low speed interfaces. The various components are interconnected using different buses and may be mounted on a common motherboard or in other manners as desired. The processor 1301 may process instructions for execution within the electronic device, including instructions stored in or on a memory to display graphical information of a GUI on an external input/output apparatus (such as a display device coupled to an interface). In other embodiments, multiple processors and/or multiple buses may be used, along with multiple memories and multiple memories, as desired. Also, multiple electronic devices may be connected, with each device providing portions of the necessary operations (e.g., as a server array, a group of blade servers, or a multi-processor system). Fig. 13 illustrates an example of a processor 1301.

Memory 1302 is a non-transitory computer readable storage medium as provided herein. The memory stores instructions executable by the at least one processor to cause the at least one processor to perform the data calculation method provided herein. The non-transitory computer-readable storage medium of the present application stores computer instructions for causing a computer to perform the data calculation method provided herein.

The memory 1302 may be used as a non-transitory computer readable storage medium for storing non-transitory software programs, non-transitory computer executable programs, and modules, such as program instructions/modules corresponding to the data calculation method in the embodiment of the present application (for example, the first generation module 901, the second acquisition module 902, the first decryption module 903, the first encryption module 904, and the first sending module 905 shown in fig. 9, or the first receiving module 1001 and the first calculation module 1002 shown in fig. 10, or the second sending module 1101, the second receiving module 1102, and the second decryption module 1103 shown in fig. 11). The processor 1301 executes various functional applications of the server and data processing, that is, implements the data calculation method in the above-described method embodiment, by running non-transitory software programs, instructions, and modules stored in the memory 1302.

The memory 1302 may include a program storage area and a data storage area, wherein the program storage area may store an operating system, an application program required for at least one function; the storage data area may store data created according to use of the electronic device of the data calculation method, and the like. Further, the memory 1302 may include high speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, the memory 1302 may optionally include memory located remotely from the processor 1301, which may be connected to the data computing method electronics via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.

The electronic device of the data calculation method may further include: an input device 1303 and an output device 1304. The processor 1301, the memory 1302, the input device 1303 and the output device 1304 may be connected by a bus or other means, and fig. 13 illustrates the bus connection.

The input device 1303 may receive input numeric or character information and generate key signal inputs related to user settings and function control of the electronic device of the data calculation method, such as an input device of a touch screen, a keypad, a mouse, a track pad, a touch pad, a pointing stick, one or more mouse buttons, a track ball, a joystick, or the like. The output devices 1304 may include a display device, auxiliary lighting devices (e.g., LEDs), tactile feedback devices (e.g., vibrating motors), and the like. The display device may include, but is not limited to, a Liquid Crystal Display (LCD), a Light Emitting Diode (LED) display, and a plasma display. In some implementations, the display device can be a touch screen.

Various implementations of the systems and techniques described here can be realized in digital electronic circuitry, integrated circuitry, application specific ASICs (application specific integrated circuits), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs that are executable and/or interpretable on a programmable system including at least one programmable processor, which may be special or general purpose, receiving data and instructions from, and transmitting data and instructions to, a storage system, at least one input device, and at least one output device.

These computer programs (also known as programs, software applications, or code) include machine instructions for a programmable processor, and may be implemented using high-level procedural and/or object-oriented programming languages, and/or assembly/machine languages. As used herein, the terms "machine-readable medium" and "computer-readable medium" refer to any computer program product, apparatus, and/or device (e.g., magnetic discs, optical disks, memory, Programmable Logic Devices (PLDs)) used to provide machine instructions and/or data to a programmable processor, including a machine-readable medium that receives machine instructions as a machine-readable signal. The term "machine-readable signal" refers to any signal used to provide machine instructions and/or data to a programmable processor.

To provide for interaction with a user, the systems and techniques described here can be implemented on a computer having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) by which a user can provide input to the computer. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic, speech, or tactile input.

The systems and techniques described here can be implemented in a computing system that includes a back-end component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such back-end, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), Wide Area Networks (WANs), and the Internet.

The computer system may include clients and servers. A client and server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The Server can be a cloud Server, also called a cloud computing Server or a cloud host, and is a host product in a cloud computing service system, so as to solve the defects of high management difficulty and weak service expansibility in the traditional physical host and VPS service ("Virtual Private Server", or simply "VPS").

It should be understood that various forms of the flows shown above may be used, with steps reordered, added, or deleted. For example, the steps described in the present application may be executed in parallel, sequentially, or in different orders, and the present invention is not limited thereto as long as the desired results of the technical solutions disclosed in the present application can be achieved.

In the description of the present specification, the terms "first", "second" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implying any number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one such feature. In the description of the present application, "plurality" means at least two, e.g., two, three, etc., unless specifically limited otherwise.

Although embodiments of the present application have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present application, and that variations, modifications, substitutions and alterations may be made to the above embodiments by those of ordinary skill in the art within the scope of the present application.

Claims (16)

1. A data computing method, comprising:

acquiring a data calculation request sent by a client;

acquiring corresponding symmetric ciphertext data from a data storage module according to the data calculation request;

decrypting the symmetric ciphertext data to obtain first plaintext data;

homomorphic encryption is carried out on the first plaintext data to obtain homomorphic ciphertext data;

and sending the homomorphic ciphertext data to an untrusted calculation module, so that the untrusted calculation module performs homomorphic calculation according to the homomorphic ciphertext data to obtain a homomorphic ciphertext calculation result.

2. The data computing method of claim 1, further comprising:

receiving a first homomorphic ciphertext intermediate calculation result sent by the untrusted calculation module;

decrypting the intermediate calculation result of the first homomorphic ciphertext to obtain second plaintext data;

calculating according to the second plaintext data to obtain a plaintext intermediate calculation result;

homomorphic encryption is carried out on the plaintext intermediate calculation result to obtain a second homomorphic ciphertext intermediate calculation result;

and sending the second homomorphic ciphertext intermediate calculation result to the untrusted calculation module, so that the untrusted calculation module performs homomorphic calculation according to the second homomorphic ciphertext intermediate calculation result to obtain the homomorphic ciphertext calculation result.

3. The data computing method of claim 1, further comprising:

receiving a symmetric encryption key sent by the client;

the decrypting the symmetric ciphertext data to obtain first plaintext data includes:

and decrypting the symmetric cipher text data by adopting the symmetric encryption key to obtain the first plaintext data.

4. The data computing method of claim 1, further comprising:

receiving a homomorphic encryption key sent by the client;

the homomorphic encrypting the first plaintext data to obtain homomorphic ciphertext data includes:

and homomorphic encryption is carried out on the first plaintext data by adopting the homomorphic encryption key to obtain homomorphic ciphertext data.

5. A data computing method, comprising:

receiving homomorphic ciphertext data sent by a trusted execution module, wherein the homomorphic ciphertext data is obtained by the trusted execution module through decryption and homomorphic encryption according to symmetric ciphertext data acquired from a data storage module;

and performing homomorphic calculation according to the homomorphic ciphertext data to obtain a homomorphic ciphertext calculation result.

6. The data computing method of claim 5, further comprising:

and sending the homomorphic ciphertext calculation result to a client side so that the client side can decrypt the homomorphic ciphertext calculation result to obtain a plaintext calculation result.

7. The data calculation method according to claim 5, wherein the homomorphic calculation according to the homomorphic ciphertext data to obtain a homomorphic ciphertext calculation result comprises:

performing homomorphic calculation according to the homomorphic ciphertext data to obtain a first homomorphic ciphertext intermediate calculation result;

sending the first homomorphic ciphertext intermediate calculation result to the trusted execution module so that the trusted execution module can decrypt the first homomorphic ciphertext intermediate calculation result to obtain second plaintext data;

receiving a second homomorphic ciphertext intermediate calculation result sent by the trusted execution module, wherein the second homomorphic ciphertext intermediate calculation result is obtained by homomorphically encrypting a plaintext intermediate calculation result obtained by calculation according to the second plaintext data by the trusted execution module;

and performing homomorphic calculation according to the intermediate calculation result of the second homomorphic ciphertext to obtain a homomorphic ciphertext calculation result.

8. A data computing method, comprising:

sending a data calculation request to a trusted execution module, so that the trusted execution module can obtain corresponding symmetric ciphertext data from a data storage module according to the data calculation request, decrypt the symmetric ciphertext data to obtain first plaintext data, homomorphically encrypt the first plaintext data to obtain homomorphic ciphertext data, and send the homomorphic ciphertext data to different trusted calculation modules to perform homomorphic calculation to obtain homomorphic ciphertext calculation results;

receiving the homomorphic ciphertext calculation result sent by the untrusted calculation module;

and decrypting the homomorphic ciphertext calculation result to obtain a plaintext calculation result.

9. The data computing method of claim 8, further comprising:

and sending the symmetric encryption key to the trusted execution module so that the trusted execution module decrypts the symmetric cipher text data by adopting the symmetric encryption key to obtain the first plaintext data.

10. The data computing method of claim 8, further comprising:

and sending the homomorphic encryption key to the trusted execution module so that the trusted execution module can homomorphically encrypt the first plaintext data by adopting the homomorphic encryption key to obtain the homomorphic ciphertext data.

11. A data computing apparatus, comprising:

the first acquisition module is configured to acquire a data calculation request sent by a client;

the second acquisition module is configured to acquire corresponding symmetric ciphertext data from the data storage module according to the data calculation request;

the first decryption module is configured to decrypt the symmetric ciphertext data to obtain first plaintext data;

the first encryption module is configured to homomorphic encrypt the first plaintext data to obtain homomorphic ciphertext data;

the first sending module is configured to send the homomorphic ciphertext data to the untrusted calculation module, so that the untrusted calculation module performs homomorphic calculation according to the homomorphic ciphertext data to obtain a homomorphic ciphertext calculation result.

12. A data computing apparatus, comprising:

the first receiving module is configured to receive homomorphic ciphertext data sent by the trusted execution module, wherein the homomorphic ciphertext data is obtained by the trusted execution module through decryption and homomorphic encryption according to symmetric ciphertext data acquired from the data storage module;

and the first calculation module is configured to perform homomorphic calculation according to the homomorphic ciphertext data to obtain a homomorphic ciphertext calculation result.

13. A data computing apparatus, comprising:

the second sending module is configured to send a data calculation request to the trusted execution module, so that the trusted execution module can obtain corresponding symmetric ciphertext data from the data storage module according to the data calculation request, decrypt the symmetric ciphertext data to obtain first plaintext data, homomorphically encrypt the first plaintext data to obtain homomorphic ciphertext data, and send the homomorphic ciphertext data to different trusted calculation modules to perform homomorphic calculation to obtain homomorphic ciphertext calculation results;

a second receiving module configured to receive the homomorphic ciphertext calculation result sent by the untrusted calculation module;

and the second decryption module is configured to decrypt the homomorphic ciphertext calculation result to obtain a plaintext calculation result.

14. A data computing system, comprising: a data storage module, a trusted execution module provided with a data computing device according to claim 11, an untrusted execution module provided with a data computing device according to claim 12 and a client provided with a data computing device according to claim 13.

15. An electronic device, comprising:

at least one processor; and

a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,

the memory stores instructions executable by the at least one processor to enable the at least one processor to perform a data computation method according to any one of claims 1 to 4, or to perform a data computation method according to any one of claims 5 to 7, or to perform a data computation method according to any one of claims 8 to 10.

16. A computer-readable storage medium storing computer instructions for causing a computer to perform the data computing method of any one of claims 1-4, or perform the data computing method of any one of claims 5-7, or perform the data computing method of any one of claims 8-10.

Images