Decryption method, related device and storage medium

By performing fragmented secret sharing operations on ciphertext and key in homomorphic encryption scenarios, the problem of data leakage in multi-party interactions is solved, thereby improving the security and privacy of data information.

CN115589281BActive Publication Date: 2026-06-30BEIJING REALAI TECH CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
BEIJING REALAI TECH CO LTD
Filing Date
2022-09-30
Publication Date
2026-06-30

AI Technical Summary

Technical Problem

When homomorphic encryption is applied to multi-party interaction scenarios, the devices of the participating parties each hold the key and the ciphertext, making it difficult to guarantee data security and privacy. Both parties are unwilling to allow the other to obtain their information, which poses a risk of data leakage.

Method used

By performing a fragmented secret sharing operation on the data information, ciphertext fragments and key fragments are generated and sent to the other party's device for secret sharing operation, and finally the target plaintext is decrypted, thus avoiding the direct acquisition of the other party's complete data information.

Benefits of technology

It effectively prevents data leakage, improves data security and privacy, and reduces the security risks caused by data leakage.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN115589281B_ABST
    Figure CN115589281B_ABST
Patent Text Reader

Abstract

Embodiments of the present application relate to the field of data processing, and provide a decryption method, related device and storage medium. The method comprises: a first device participating in secret sharing generates one or more ciphertext fragments of ciphertext, sends a second ciphertext fragment to a second device participating in secret sharing, the second device holding a key for decrypting the ciphertext; receives a first key fragment of the second device, and performs secret sharing operation on the first ciphertext fragment and the first key fragment to obtain first decryption information, the first key fragment being generated by the second device based on the key; receives second decryption information of the second device, the second decryption information being obtained by the second device through secret sharing operation on the second ciphertext fragment and a second key fragment; and decrypts target plaintext based on the first decryption information and the second decryption information. In the embodiments of the present application, secret sharing operation on data information fragments is performed to realize ciphertext decryption, avoid leakage of complete data information, and improve data security and privacy.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application relates to the field of data processing, and more specifically to a decryption method, related apparatus, and storage medium. Background Technology

[0002] Homomorphic encryption provides a way to process encrypted data. In homomorphic encryption, the result of performing operations on the original data under homomorphic encryption is equivalent to the result of performing the same operations on the original data in its unencrypted state. In other words, homomorphically encrypted data can be processed without revealing any of the original data's content, and decryption after processing yields the exact same result as the original data.

[0003] Compared to general encryption schemes that focus on data storage security, homomorphic encryption focuses more on the security and privacy of the data processing process.

[0004] Currently, homomorphic encryption technology, when applied to multi-party interaction scenarios, presents the following problems: Each of the participating devices holds both the key and the ciphertext. To avoid data leakage and ensure data security, neither party wants the other to obtain the information it holds. Simply put, device B, holding the ciphertext, needs the key to decrypt it, but device A, holding the key, does not want device B to obtain that key. If device A holds both the ciphertext and the key, it will compromise device B's data security, posing a risk of data leakage. Summary of the Invention

[0005] This application provides a decryption method, related apparatus, and storage medium that can achieve the ciphertext decryption process through secret sharing operations on data information fragments, effectively avoiding the leakage of complete data information, reducing the related security risks caused by data leakage, and greatly improving the security and privacy of data information.

[0006] In a first aspect, embodiments of this application provide a decryption method applicable to a first device participating in secret sharing, the first device holding ciphertext obtained through homomorphic encryption, the method comprising:

[0007] Generate one or more ciphertext fragments of the ciphertext;

[0008] The second ciphertext fragment is sent to a second device participating in the secret sharing, the second device holding a key for decrypting the ciphertext;

[0009] The device receives a first key fragment from the second device and performs a secret sharing operation on the first ciphertext fragment and the first key fragment to obtain first decryption information. The first key fragment is generated by the second device based on the key.

[0010] The second decryption information is received from the second device, which is obtained by the second device performing a secret sharing operation on the second ciphertext fragment and the second key fragment.

[0011] The target plaintext is decrypted based on the first decryption information and the second decryption information.

[0012] Secondly, embodiments of this application provide a decryption method applicable to a second device participating in secret sharing, the second device holding a key for decrypting homomorphic encrypted ciphertext, the method comprising:

[0013] Generate one or more key fragments of the key;

[0014] Send the first key fragment to the first device participating in the secret sharing, the first device holding the ciphertext obtained through homomorphic encryption;

[0015] The device receives a second ciphertext fragment from the first device and performs a secret sharing operation on the second ciphertext fragment and the second key fragment to obtain second decryption information. The second ciphertext fragment is generated by the first device based on the ciphertext.

[0016] The second decryption information is sent to the first device, so that the first device can decrypt the target plaintext based on the second decryption information and the first key fragment.

[0017] Thirdly, embodiments of this application provide a decryption apparatus having functions corresponding to the decryption method provided in the first aspect above. These functions can be implemented in hardware or by hardware executing corresponding software. The hardware or software includes one or more modules corresponding to the above functions, and these modules can be software and / or hardware.

[0018] In one embodiment, the device is suitable for a first device participating in secret sharing, the first device holding ciphertext obtained through homomorphic encryption. The device includes:

[0019] The processing module is configured to generate one or more ciphertext fragments of the ciphertext;

[0020] The transceiver module is configured to send a second ciphertext fragment to a second device participating in the secret sharing, the second device holding a key for decrypting the ciphertext;

[0021] The transceiver module is also configured to receive a first key fragment from the second device;

[0022] The processing module is further configured to perform a secret sharing operation on the first ciphertext fragment and the first key fragment to obtain first decryption information, wherein the key fragment is generated by the second device based on the key;

[0023] The transceiver module is further configured to receive second decryption information from the second device, the second decryption information being obtained by the second device performing a secret sharing operation on the second ciphertext fragment and the second key fragment;

[0024] The processing module is also configured to decrypt the target plaintext based on the first decryption information and the second decryption information.

[0025] Fourthly, embodiments of this application provide a decryption apparatus having functions corresponding to the decryption method provided in the second aspect above. These functions can be implemented in hardware or by hardware executing corresponding software. The hardware or software includes one or more modules corresponding to the above functions, and these modules can be software and / or hardware.

[0026] In one embodiment, the device is adapted to a second device participating in secret sharing, the second device holding a key for decrypting homomorphic encrypted ciphertext, the device comprising:

[0027] The processing module is configured to generate one or more key fragments of the key;

[0028] The transceiver module is configured to send a first key fragment to a first device participating in secret sharing, the first device holding ciphertext obtained through homomorphic encryption.

[0029] The transceiver module is also configured to receive a second encrypted fragment from the first device;

[0030] The processing module is further configured to perform a secret sharing operation on the second ciphertext fragment and the second key fragment to obtain second decryption information, wherein the second ciphertext fragment is generated by the first device based on the ciphertext;

[0031] The transceiver module is further configured to send the second decryption information to the first device, so that the first device can decrypt the target plaintext based on the second decryption information and the first key fragment.

[0032] Fifthly, embodiments of this application provide a computing device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor executes the computer program to implement the decryption method described in the first or second aspect.

[0033] In a sixth aspect, embodiments of this application provide a computer-readable storage medium including instructions that, when executed on a computer, cause the computer to perform the decryption method described in the first or second aspect.

[0034] Compared to existing technologies, in this embodiment, a first device and a second device participate in secret sharing. The first device holds the ciphertext obtained through homomorphic encryption, and the second device holds the key used to decrypt the ciphertext. The first device generates one or more ciphertext fragments and sends a second ciphertext fragment to the second device, thereby enabling the second device to perform a secret sharing operation on the second ciphertext fragment and the second key fragment to obtain second decryption information. The first device receives a first key fragment generated by the second device based on the key, and performs a secret sharing operation on the first ciphertext fragment and the first key fragment to obtain first decryption information. Finally, the target plaintext is decrypted based on the first and second decryption information. This application provides a secret-sharing-based ciphertext decryption method. Compared to existing technologies that require directly obtaining the complete data information (such as ciphertext or key) held by the other party for decryption, this application can achieve the ciphertext decryption process by using data fragments held by the other party, such as ciphertext fragments or key fragments, through secret-sharing operations. Since the data fragments do not expose the data information they hold to the other party, they can effectively avoid data leakage, reduce the security risks caused by data leakage, and greatly improve the security and privacy of data information. Attached Figure Description

[0035] The objectives, features, and advantages of the embodiments of this application will become readily understood by referring to the accompanying drawings and the detailed description of the embodiments. Wherein:

[0036] Figure 1 This is a schematic diagram of a ciphertext decryption system for which the decryption method is applied in an embodiment of this application;

[0037] Figure 2 This is a flowchart illustrating the decryption method in an embodiment of this application;

[0038] Figure 3 This is a schematic diagram of a process for obtaining decrypted information in an embodiment of this application;

[0039] Figure 4 This is a schematic diagram of a secret multiplication calculation method in an embodiment of this application;

[0040] Figure 5 This is a schematic diagram of a process for constructing a multiplication triple array in an embodiment of this application;

[0041] Figure 6This is a schematic diagram of the structure of a decryption device according to an embodiment of this application;

[0042] Figure 7 This is a schematic diagram of the structure of a computing device according to an embodiment of this application;

[0043] Figure 8 This is a schematic diagram of the structure of a mobile phone in one embodiment of this application;

[0044] Figure 9 This is a schematic diagram of a server structure in one embodiment of this application.

[0045] In the accompanying drawings, the same or corresponding reference numerals indicate the same or corresponding parts. Detailed Implementation

[0046] The terms "first," "second," etc., in the specification, claims, and accompanying drawings of this application are used to distinguish similar objects (e.g., the first feature and the second feature represent different features, and so on), and are not necessarily used to describe a specific order or sequence. It should be understood that such data can be interchanged where appropriate so that the embodiments described herein can be implemented in a sequence other than that illustrated or described herein. Furthermore, the terms "comprising" and "having," and any variations thereof, are intended to cover non-exclusive inclusion. For example, a process, method, system, product, or device that includes a series of steps or modules is not necessarily limited to those explicitly listed, but may include other steps or modules not explicitly listed or inherent to these processes, methods, products, or devices. The division of modules in the embodiments of this application is merely a logical division; in actual applications, there may be other division methods. For example, multiple modules may be combined into or integrated into another system, or some features may be omitted or not performed. Additionally, the shown or discussed mutual coupling or direct coupling or communication connection may be through some interface, indirect coupling between modules, or electrical or other similar forms of communication connection, none of which are limited in the embodiments of this application. Furthermore, the modules or sub-modules described as separate components may or may not be physically separated, may or may not be physical modules, or may be distributed among multiple circuit modules. Some or all of the modules may be selected according to actual needs to achieve the purpose of the embodiments of this application.

[0047] This application provides a decryption method applicable to homomorphic encryption scenarios, involving at least one service device, which includes at least two decryption devices. For example, a service device may include a first decryption device and a second decryption device, where the first and second decryption devices are respectively used to perform steps at different stages of ciphertext decryption in a homomorphic encryption scenario. Alternatively, two service devices may each include at least two decryption devices. The first service device includes a first decryption device, and the second service device includes a second decryption device, where the first and second decryption devices are respectively used to perform steps at different stages of ciphertext decryption in a homomorphic encryption scenario.

[0048] For example, the first decryption device and the second decryption device each generate data information fragments and share some data information fragments with each other, such as ciphertext fragments of ciphertext or key fragments of keys used to decrypt the ciphertext. This allows the other party to obtain decryption information through secret sharing calculations based on the data information it holds and the received data information fragments. Thus, the target plaintext can be restored through the decryption information calculated by each party, realizing the ciphertext decryption process based on secret sharing in the homomorphic encryption scenario.

[0049] The first decryption device can be a server that generates one or more ciphertext fragments, shares a second ciphertext fragment with a second device holding a key, receives a first key fragment from the second device, performs a secret sharing operation on the first ciphertext fragment and the first key fragment to obtain first decryption information, and then receives a second decryption information from the second device and decrypts the target plaintext application based on the first and second decryption information. Alternatively, it can be a server that generates one or more ciphertext fragments, shares a second ciphertext fragment with a second device, receives a first key fragment from the second device, performs a secret sharing operation on the first ciphertext fragment and the first key fragment to obtain first decryption information, and then receives a second decryption information from the second device and decrypts the target plaintext application based on the first and second decryption information. The second decryption device can be one or more key fragments that generate the key, sharing the first key fragment with the first device holding the ciphertext, receiving the second ciphertext fragment from the first device, and performing a secret sharing operation on the second ciphertext fragment and the second key fragment to obtain second decryption information. The second ciphertext fragment is generated by the first device based on the ciphertext, and the second decryption information is sent to the application of the first device. Alternatively, it can be one or more key fragments that have the key generated installed, sharing the first key fragment with the first device holding the ciphertext, receiving the second ciphertext fragment from the first device, and performing a secret sharing operation on the second ciphertext fragment and the second key fragment to obtain second decryption information. The second ciphertext fragment is generated by the first device based on the ciphertext, and the second decryption information is sent to the server of the application of the first device.

[0050] It should be noted that the first key fragment, the second ciphertext fragment, the first key fragment, and the second key fragment described in the embodiments of this application are all examples and are not intended to limit the number or name of data information fragments (including ciphertext fragments and key fragments) involved in actual applications.

[0051] The solutions provided in this application involve technologies such as Artificial Intelligence (AI), Federated Learning (FL), and Machine Learning (ML), which are specifically illustrated through the following embodiments:

[0052] AI, or Artificial Intelligence, refers to the theories, methods, technologies, and application systems that utilize digital computers or machines controlled by digital computers to simulate, extend, and expand human intelligence, perceive the environment, acquire knowledge, and use that knowledge to achieve optimal results. In other words, Artificial Intelligence is a comprehensive technology within computer science that attempts to understand the essence of intelligence and produce a new kind of intelligent machine capable of reacting in a manner similar to human intelligence. Artificial Intelligence studies the design principles and implementation methods of various intelligent machines, enabling them to possess the functions of perception, reasoning, and decision-making.

[0053] AI technology is a comprehensive discipline encompassing a wide range of fields, including both hardware and software technologies. Fundamental AI technologies generally include sensors, dedicated AI chips, cloud computing, distributed storage, big data processing, operating / interactive systems, and mechatronics. AI software technologies primarily include computer vision, speech processing, natural language processing, and machine learning / deep learning.

[0054] Federated Learning (FL) is a distributed machine learning technology. Its core idea is to train models in a distributed manner across multiple data sources that have local data. Without exchanging local individual or sample data, it constructs a global model based on virtual fused data by exchanging model parameters or intermediate results. This achieves a balance between data privacy protection and data sharing computation, namely, a new application paradigm of "data is available but not visible" and "the model moves while the data does not move".

[0055] Machine learning (ML) is a multidisciplinary field involving probability theory, statistics, approximation theory, convex analysis, and algorithm complexity theory. It specifically studies how computers can simulate or implement human learning behavior to acquire new knowledge or skills and reorganize existing knowledge structures to continuously improve their performance. Machine learning is the core of artificial intelligence and the fundamental way to endow computers with intelligence; its applications span all areas of artificial intelligence. Machine learning and deep learning typically include techniques such as artificial neural networks, belief networks, reinforcement learning, transfer learning, inductive learning, and instructional learning.

[0056] Secret sharing is a cryptographic technique that involves splitting secret information into several data fragments (also called secret fragments) in an appropriate manner, and then sending these fragments to different participants for management. Multiple participants then collaboratively compute the data fragments to recover the secret. Because a single participant cannot recover the secret information, all participants must work together to do so, thus greatly protecting the privacy and security of the secret information.

[0057] In existing technologies, homomorphic encryption, when applied to multi-party interaction scenarios, often presents the following problems: Each of the participating devices holds both the key and the ciphertext. To avoid data leakage and ensure data security, neither party wants the other to obtain the information they possess. Simply put, if any party in the multi-party interaction obtains complete data from another device, it poses a data leakage security risk to that device.

[0058] Compared to existing technologies that require directly obtaining the complete data information (such as ciphertext or key) held by the other party for decryption, the embodiments of this application can achieve the ciphertext decryption process by fragmenting the data information held by the other party, such as ciphertext fragments or key fragments, and performing secret sharing operations. Since the data information fragments do not expose the data information they hold to the other party, they can effectively avoid data leakage, reduce the related security risks caused by data leakage, and greatly improve the security and privacy of data information.

[0059] In some implementations, the first decryption device and the second decryption device are deployed in an integrated manner, as shown in the following figure. Figure 1 The decryption method provided in this application embodiment can be based on Figure 1 The diagram illustrates an implementation of a ciphertext decryption system. This ciphertext decryption system may include a first device and a second device.

[0060] The first device can be a first decryption device, holding the ciphertext obtained through homomorphic encryption. The second device can be a second decryption device, holding a key used to decrypt the homomorphically encrypted ciphertext. The first and second devices each generate data information fragments and share partial data information fragments with each other, such as ciphertext fragments of the ciphertext or key fragments of the key used to decrypt the ciphertext. This allows the other party to obtain decryption information through secret sharing operations based on its own data information and the received data information fragments. Then, using the decryption information calculated by each device, the target plaintext can be recovered, thus realizing a ciphertext decryption process based on secret sharing in a homomorphic encryption scenario.

[0061] Both the first device and the second device can be an application, a server, or a terminal device, or the first device can be a terminal device and the second device can be a server.

[0062] It should be noted that the server involved in the embodiments of this application can be an independent physical server, a server cluster or distributed system composed of multiple physical servers, or a cloud server that provides basic cloud computing services such as cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communication, middleware services, domain name services, security services, CDN, and big data and artificial intelligence platforms.

[0063] The terminal devices involved in the embodiments of this application can be devices that provide voice and / or data connectivity to users, handheld devices with wireless connectivity, or other processing devices connected to a wireless modem. Examples include mobile phones (or "cellular" phones) and computers with mobile terminals, such as portable, pocket-sized, handheld, computer-embedded, or vehicle-mounted mobile devices that exchange voice and / or data with a wireless access network. Examples include Personal Communication Service (PCS) phones, cordless phones, Session Initiation Protocol (SIP) phones, Wireless Local Loop (WLL) stations, Personal Digital Assistants (PDAs), and other similar devices.

[0064] Reference Figure 2 , Figure 2 This is a flowchart illustrating a decryption method provided in an embodiment of this application. In this embodiment, the number of devices participating in secret sharing can be two or more; for ease of explanation, two devices will be used as an example below. This method can be applied to a first device and a second device in a homomorphic encryption scenario, and is executed collaboratively by the first device and the second device through secret sharing technology. The decryption method includes:

[0065] Step S210: The first device generates one or more ciphertext fragments of the ciphertext.

[0066] In step S220, the first device sends the second encrypted fragment to the second device.

[0067] In this embodiment, the first device holds the homomorphically encrypted ciphertext, and the second device holds the key for decrypting the homomorphically encrypted ciphertext. Homomorphic encryption includes partially homomorphic encryption, somewhat homomorphic encryption, and fully homomorphic encryption. Partially homomorphic encryption, also called single homomorphic encryption, means that the homomorphic encryption scheme can only perform an unlimited number of homomorphic additions or only an unlimited number of homomorphic multiplications. Somewhat homomorphic encryption allows for a finite number of arbitrary homomorphic operations on the ciphertext; in other words, it can perform both multiplication and addition, but cannot homomorphically compute arbitrary functions. Fully homomorphic encryption allows for an unlimited number of arbitrary homomorphic operations on the ciphertext; that is, it can homomorphically compute any function (which must also be efficiently computable functions). In order to enable feature comparison calculation in the encrypted state in subsequent steps, when reconstructing and encrypting the segmented part, the embodiments of this application can use partial homomorphic encryption or fully homomorphic encryption (e.g., CKKS) to realize matrix multiplication calculation or vector dot product calculation in the encrypted state (satisfying both homomorphic multiplication and homomorphic addition).

[0068] In this embodiment, the ciphertext held by the first device can be decrypted using the key held by the second device. Considering the security risks associated with directly transmitting keys or ciphertext in the prior art, this embodiment employs secret sharing technology to segment the data information into data fragments, thereby decrypting the final target plaintext through computational processing of these data fragments.

[0069] For the first device, the ciphertext needs to be divided into multiple ciphertext fragments and sent to other devices participating in secret sharing in the homomorphic encryption scenario. In this way, multiple devices jointly manage multiple ciphertext fragments in order to complete the operation of their respective decryption information.

[0070] In this embodiment, for ease of description, the ciphertext fragment managed by the first device is referred to as the first ciphertext fragment of the ciphertext, and the ciphertext fragment shared with and managed by the second device is referred to as the second ciphertext fragment of the ciphertext. In some embodiments, in step S210, the first device randomly generates first data as the first ciphertext fragment of the ciphertext. Then, the first device segments the ciphertext into a second ciphertext fragment based on the first ciphertext fragment, thereby achieving the segmentation of the ciphertext under homomorphic encryption. For example, the first device randomly generates an integer as the first ciphertext fragment of the ciphertext. Then, the difference between the ciphertext and the first ciphertext fragment is used as the second ciphertext fragment. Of course, ciphertext fragments can also be obtained in other ways, which are not limited here. It is worth noting that the order of obtaining the first and second ciphertext fragments, as well as the number of ciphertext fragments that the ciphertext can be segmented into, are not limited here. In step S220, the first device sends the second ciphertext fragment to the second device.

[0071] In one possible design, the first device can be a physical device deployed in the ciphertext decryption system. For example, in a face recognition scenario, the physical device can be a mobile phone with a camera. After the physical device acquires a face image of the person to be recognized, it obtains facial features from the face image through a face recognition model deployed therein, and performs homomorphic encryption on the facial features to obtain the face feature ciphertext (i.e., the ciphertext).

[0072] In one possible design, the physical device can also be a service device in a trusted execution environment. The trusted execution environment refers to an execution environment trusted by the owner of the model used to obtain the original data. That is, the owner of the model is not worried that the service device will reverse-engineer the model based on the original data. Thus, the physical device can obtain the original data used to encrypt the ciphertext from the service device with data collection device deployed via wired or wireless connection.

[0073] In step S230, the second device generates one or more key fragments of the key.

[0074] In step S240, the second device sends the first key fragment to the first device.

[0075] Based on the above description, in steps S230 to S240, similar to the first device, the second device can divide the key into multiple key fragments and send them to other devices participating in secret sharing in the homomorphic encryption scenario. This allows multiple devices to jointly manage the multiple key fragments and perform operations on their respective decrypted information. The method for obtaining key fragments is similar to that for obtaining ciphertext fragments, and will not be elaborated here.

[0076] In step S250, the first device receives the first key fragment from the second device and performs a secret sharing operation on the first ciphertext fragment and the first key fragment to obtain the first decryption information.

[0077] In this embodiment of the application, the secret sharing operation includes secret multiplication calculation and secret addition calculation.

[0078] To obtain the first decrypted information, refer to... Figure 3 In one possible design, step S250 can be implemented as follows:

[0079] Step S251: The first device performs secret multiplication calculations on the first ciphertext vector element of the first ciphertext fragment and the vector element of the first key fragment respectively.

[0080] Step S252: Perform secret addition calculations on the second ciphertext vector elements of the first ciphertext fragment and each multiplication calculation result, and construct the first decrypted information based on each secret addition calculation result.

[0081] It should be noted that the secret sharing operation of ciphertext fragmentation and key fragmentation follows the calculation rules of secret sharing operation completely, regardless of the specific amount and structure of data included in the ciphertext fragmentation and key fragmentation.

[0082] The following example illustrates the computational rules of secret addition. Specifically, in secret addition, assume that storage device A (i.e., the second device) stores the key for homomorphic encryption, and that the key stored by storage device A is an N-dimensional vector, specifically represented as s = {s i} where i is less than N. Assume that storage B (i.e., the first device) stores homomorphically encrypted ciphertext, and assume that the ciphertext of storage B consists of two N-dimensional vectors (a, b).

[0083] Based on this, the ciphertext is represented as a = {a i}, b={b i Based on the above assumptions, the decryption result of plaintext m is m = {m}. i Assume the decryption result is obtained in the following way: m i =a i +b i ·s i .

[0084] Based on the above assumptions, let x and y represent the data of storage providers A and B, respectively. First, the data information to be shared between the two parties needs to be fragmented, namely key fragment x0 and key fragment x1, and ciphertext fragment y0 and ciphertext fragment y1, where x = x0 + x1 and y = y0 + y1. Then, storage provider A sends key fragment x1 (i.e., the first key fragment) to storage provider B, and storage provider B sends ciphertext fragment y0 (i.e., the second ciphertext fragment) to storage provider A.

[0085] Based on this, the specific process of secret addition calculation is as follows: storage party A adds key fragment x0 (i.e., the second key fragment) and ciphertext fragment y0, while storage party B adds key fragment x1 and ciphertext fragment y1 (i.e., the first ciphertext fragment), thus obtaining their respective addition result components z0 and z1. Therefore, the sum of the addition result components equals the sum of the data of storage parties A and B, i.e., z0 + z1 = x + y. Thus, secret addition calculation can be achieved through data information fragmentation.

[0086] The following example illustrates the calculation rules of secret multiplication. In secret multiplication calculation, using... Figure 4 Taking the illustrated secret multiplication calculation process as an example, an additional auxiliary calculation ternary array (i,j,k) is required, where the components of the ternary array satisfy the following algebraic relationship: k = i·j. Furthermore, the ternary array is stored in the auxiliary calculation party C and secretly shared between storage parties A and B, so that storage party A possesses i0,j0,k0, and storage party B possesses i1,j1,k1. The ternary array satisfies the following relationships: i = i0 + i1, j = j0 + j1, k = k0 + k1.

[0087] Alternatively, in one possible design, refer to Figure 5 Before step S251, to improve computational efficiency, a multiplication triple array can be pre-constructed. Specifically, the multiplication triple array is pre-constructed through the following steps S510 to S530:

[0088] Step S510: Randomly generate a triple array as the original triple array;

[0089] Step S520: Divide the original triple array to obtain the first multiplication triple array and the second multiplication triple array, wherein the preset algebraic relationship is that the sum of the first multiplication triple array and the second multiplication triple array is the original triple array;

[0090] Step S530: Send the second multiplication ternary array to the second device.

[0091] It is worth noting that the multiplication triple array can also be pre-constructed by the second device or the first device, or constructed by other third-party devices and then distributed to the first and second devices. The acquisition method described above is only an example.

[0092] Continuing with the example above, suppose the first multiplication triplet is (i1,j1,k1) held by storage party B in the above example, and suppose the second multiplication triplet is (i0,j0,k0) held by storage party A in the above example.

[0093] Based on the aforementioned multiplication ternary array, storage entities A and B respectively calculate e0 = x0 - i0, e1 = x1 - i1, f0 = y0 - j0, f1 = y1 - j1, and storage entity A sends e0 and f0 to storage entity B, while storage entity B sends e1 and f1 to storage entity A. Thus, both storage entities A and B store e0, f0, e1, and f1. In this way, storage entities A and B can calculate e = e0 + e1 = (x0 - i0) + (x1 - i1) = (x0 + x1) - (i0 + i1) = xi. Similarly, the two storage entities can also calculate f = yj.

[0094] Next, storage unit A needs to calculate the first multiplication operation component r0 = -e·f + y0·e + x0·f + k0, storage unit B calculates the second multiplication operation component r1 = y1·e + x1·f + k1, and restores the multiplication calculation result based on the first and second multiplication operation components in the following way, that is, r0 + r1 = x·y.

[0095] Based on the above-mentioned secret multiplication calculation principle, specifically, in a possible design, step S251 can include the following steps:

[0096] Step S2511: The first device performs preset processing on the first ciphertext vector element, the vector element of the key fragment, and the pre-acquired first multiplication ternary array to obtain the first multiplication operation component;

[0097] In step S2512, the first device receives the second multiplication operation component from the second device. The second multiplication operation component is obtained by the second device based on the third ciphertext vector element of the ciphertext segment, the vector element of the key segment, and the second multiplication triple array. The first multiplication triple array and the second multiplication triple array satisfy a preset algebraic relationship.

[0098] In step S2513, the first device restores the vector elements of the first multiplication operation component and the vector elements of the second multiplication operation component to obtain the multiplication calculation results.

[0099] In step S260, the second device receives the second ciphertext fragment from the first device and performs a secret sharing operation on the second ciphertext fragment and the second key fragment to obtain the second decrypted information.

[0100] Step S270: The second device sends the second decryption information to the first device.

[0101] In step S280, the first device receives the second decryption information from the second device.

[0102] Step S290: The first device decrypts the target plaintext based on the first decryption information and the second decryption information.

[0103] Similar to step S250 performed by the first device, the second device can obtain the second decrypted information using a secret sharing operation, which will not be elaborated here. The second device sends the second decrypted information to the first device, thereby allowing the first device to recover the target plaintext by reversing the data fragmentation process in the secret sharing technique using the first and second decrypted information.

[0104] In one optional implementation of S290, the vector elements of the first decrypted information and the vector elements of the second decrypted information are respectively restored; the target plaintext is constructed based on the results of each restoration process.

[0105] Continuing with the previous assumptions, let's assume that storage device A (i.e., the second device) is used to store the key for homomorphic encryption, and that the key stored by storage device A is s = {s i Assume that storage device B (i.e., the first device) stores two N-dimensional vectors (a, b) that have undergone homomorphic encryption, specifically represented as a = {a...}. i}, b={b i}

[0106] Based on the above assumptions, let's assume the decryption result of the target plaintext M is m = {m} i Assume the decryption result is obtained in the following way: m i =a i +b i ·s i Based on this, the first decrypted information is that storage party B has secretly shared the multiplication calculation b. i ·s i Then, using secret sharing addition, calculate a. i +b i ·s i The first decryption result m obtained later B The second decrypted information is that storage party A, through secret sharing, performs a multiplication calculation on b. i ·s i Then, using secret sharing addition, calculate a. i +bi ·s i The second decryption result m obtained later A Storage B receives the second decryption result m from storage A. A And based on m B and m A Calculate each m i The target plaintext M is constructed.

[0107] In the decryption method of this application embodiment, a first device and a second device participate in secret sharing. The first device holds the ciphertext obtained through homomorphic encryption, and the second device holds the key used to decrypt the ciphertext. The first device generates one or more ciphertext fragments and sends a second ciphertext fragment to the second device, thereby enabling the second device to perform a secret sharing operation on the second ciphertext fragment and the second key fragment to obtain second decryption information. The first device receives a first key fragment generated by the second device based on the key, and performs a secret sharing operation on the first ciphertext fragment and the first key fragment to obtain first decryption information. Finally, the target plaintext is decrypted based on the first decryption information and the second decryption information. This application embodiment provides a secret sharing-based ciphertext decryption method. Compared with the prior art method that requires directly obtaining the complete data information (such as ciphertext or key) held by the other party for decryption, this application embodiment can achieve the ciphertext decryption process through secret sharing operation using data information fragments held by the other party, such as ciphertext fragments or key fragments. Since the data information fragments do not expose the data information they hold to the other party, it can effectively avoid data leakage, reduce the related security risks caused by data leakage, and greatly improve the security and privacy of data information.

[0108] After introducing the method of the embodiments of this application, the following references are made. Figure 6 The decryption apparatus of the present application embodiments will be described.

[0109] The decryption device 60 in this embodiment can achieve the function corresponding to the above. Figure 2 The steps of the decryption method in the embodiment corresponding to the first device are described below. The functions implemented by the decryption device 60 can be implemented by hardware or by hardware executing corresponding software. The hardware or software includes one or more modules corresponding to the above functions, and the modules can be software and / or hardware. The decryption device 60 may include a transceiver module 601 and a processing module 602. The functional implementation of the processing module 602 and the transceiver module 601 can be found in [reference needed]. Figure 2 The operations performed in the corresponding embodiments will not be described in detail here. For example, the processing module 602 can be used to control the data transmission and reception operations of the transceiver module 601.

[0110] In some implementations, the processing module 602 is configured to generate one or more ciphertext fragments of the ciphertext;

[0111] The transceiver module 601 is further configured to send a second ciphertext fragment to a second device participating in the secret sharing, the second device holding a key for decrypting the ciphertext;

[0112] The transceiver module 601 is also configured to receive a first key fragment from the second device;

[0113] The processing module 602 is configured to perform a secret sharing operation on the first ciphertext fragment and the first key fragment to obtain first decryption information, wherein the first key fragment is generated by the second device based on the key;

[0114] The transceiver module 601 is further configured to receive second decryption information from the second device, the second decryption information being obtained by the second device after performing a secret sharing operation on the second ciphertext fragment and the second key fragment;

[0115] The processing module 602 is configured to decrypt the target plaintext based on the first decryption information and the second decryption information.

[0116] In some implementations, the secret sharing operation includes secret multiplication and secret addition.

[0117] The processing module 602, when performing a secret sharing operation on the first ciphertext fragment and the first key fragment to obtain the first decrypted information, is configured as follows:

[0118] Perform secret multiplication calculations on the first ciphertext vector element of the first ciphertext segment and the vector element of the first key segment respectively; perform secret addition calculations on the second ciphertext vector element of the first ciphertext segment and each multiplication calculation result, and construct the first decrypted information based on each secret addition calculation result.

[0119] In some implementations, when the processing module 602 performs secret multiplication calculations on the first ciphertext vector element of the first ciphertext fragment and the vector element of the first key fragment, it is configured as follows:

[0120] The first ciphertext vector element, the vector element of the first key fragment, and the pre-acquired first multiplication ternary array are subjected to preset processing to obtain the first multiplication operation component; the vector elements of the first multiplication operation component and the vector elements of the second multiplication operation component are restored to obtain the multiplication calculation results.

[0121] The transceiver module 601 is further configured to receive a second multiplication operation component from the second device. The second multiplication operation component is obtained by the second device based on the third ciphertext vector element of the second ciphertext segment, the vector element of the second key segment, and the second multiplication ternary array. The first multiplication ternary array and the second multiplication ternary array satisfy a preset algebraic relationship.

[0122] In some embodiments, the processing module 602 is further configured to: before performing secret multiplication calculations on the first ciphertext vector elements of the first ciphertext fragment and the vector elements of the first key fragment respectively, randomly generate a ternary array as the original ternary array; divide the original ternary array to obtain the first multiplication ternary array and the second multiplication ternary array, wherein the preset algebraic relationship is that the sum of the first multiplication ternary array and the second multiplication ternary array is the original ternary array;

[0123] The transceiver module 601 is also configured to send the second multiplication ternary array to the second device.

[0124] In some implementations, the processing module 602, which decrypts the target plaintext based on the first decryption information and the second decryption information, is configured to:

[0125] The vector elements of the first decrypted information and the vector elements of the second decrypted information are restored respectively; the target plaintext is constructed based on the results of each restoration process.

[0126] In some implementations, the processing module 602, which generates one or more ciphertext fragments of the ciphertext, is configured to:

[0127] Randomly generate the first data, which serves as the first ciphertext fragment of the ciphertext;

[0128] A second ciphertext fragment is extracted from the ciphertext based on the first ciphertext fragment.

[0129] The decryption device of this application embodiment can be applied to a first device in a homomorphic encryption scenario. In the homomorphic encryption scenario, the first device and the second device participate in secret sharing. The first device holds the ciphertext obtained through homomorphic encryption, and the second device holds the key used to decrypt the ciphertext. In this decryption device, the transceiver module sends a second ciphertext fragment to the second device participating in secret sharing. The second device holds the key used to decrypt the ciphertext. The transceiver module receives a first key fragment from the second device. The processing module performs a secret sharing operation on the first ciphertext fragment and the first key fragment to obtain first decryption information. The first key fragment is generated by the second device based on the key. The processing module receives second decryption information from the second device, which is obtained by the second device performing a secret sharing operation on the second ciphertext fragment and the second key fragment. The processing module decrypts the target plaintext based on the first decryption information and the second decryption information. This application provides a secret-sharing-based ciphertext decryption method. Compared to existing technologies that require directly obtaining the complete data information (such as ciphertext or key) held by the other party for decryption, this application can achieve the ciphertext decryption process by using data fragments held by the other party, such as ciphertext fragments or key fragments, through secret-sharing operations. Since the data fragments do not expose the data information they hold to the other party, they can effectively avoid data leakage, reduce the security risks caused by data leakage, and greatly improve the security and privacy of data information.

[0130] Next, continue to refer to Figure 6 This application embodiment also provides another decryption device that is used in conjunction with the second device, which will be described below.

[0131] The decryption device 60 in this embodiment can achieve the function corresponding to the above. Figure 2 The steps of the decryption method in the embodiment corresponding to the second device are described below. The functions implemented by the decryption device 60 can be implemented by hardware or by hardware executing corresponding software. The hardware or software includes one or more modules corresponding to the above functions, and the modules can be software and / or hardware. The decryption device 60 may include a transceiver module 601 and a processing module 602. The functional implementation of the processing module 602 and the transceiver module 601 can be found in [reference needed]. Figure 2 The operations performed in the corresponding embodiments will not be described in detail here. For example, the processing module 602 can be used to control the data transmission and reception operations of the transceiver module 601.

[0132] In some implementations, the processing module 602 is configured to generate one or more key fragments of the key;

[0133] The transceiver module 601 is configured to send a first key fragment to a first device participating in secret sharing, the first device holding ciphertext obtained through homomorphic encryption.

[0134] The transceiver module 601 is also configured to receive a second encrypted fragment from the first device;

[0135] The processing module 602 is further configured to perform a secret sharing operation on the second ciphertext fragment and the second key fragment to obtain second decryption information, wherein the second ciphertext fragment is generated by the first device based on the ciphertext;

[0136] The transceiver module 601 is further configured to send the second decryption information to the first device, so that the first device can decrypt the target plaintext based on the second decryption information and the first key fragment.

[0137] The decryption apparatus of this application embodiment can be applied to a second device in a homomorphic encryption scenario. In the homomorphic encryption scenario, a first device and a second device participate in secret sharing. The first device holds the ciphertext obtained through homomorphic encryption, and the second device holds the key used to decrypt the ciphertext. In this decryption apparatus, a processing module generates one or more key fragments of the key; a transceiver module sends the first key fragment to the first device participating in secret sharing, and the first device holds the ciphertext obtained through homomorphic encryption; the transceiver module receives the second ciphertext fragment from the first device; the processing module performs a secret sharing operation on the second ciphertext fragment and the second key fragment to obtain second decryption information, the second ciphertext fragment being generated by the first device based on the ciphertext; the transceiver module sends the second decryption information to the first device, enabling the first device to decrypt the target plaintext based on the second decryption information and the first key fragment. This application provides a secret-sharing-based ciphertext decryption method. Compared to existing technologies that require directly obtaining the complete data information (such as ciphertext or key) held by the other party for decryption, this application can achieve the ciphertext decryption process by using data fragments held by the other party, such as ciphertext fragments or key fragments, through secret-sharing operations. Since the data fragments do not expose the data information they hold to the other party, they can effectively avoid data leakage, reduce the security risks caused by data leakage, and greatly improve the security and privacy of data information.

[0138] After introducing the methods and apparatus of the embodiments of this application, the computer-readable storage medium of the embodiments of this application will be described next. The computer-readable storage medium may be an optical disc, on which a computer program (i.e., a program product) is stored. When the computer program is run by a processor, it will implement the steps described in the above method embodiments, for example, obtaining a first feature; constructing a first ciphertext based on the first feature, wherein the first ciphertext is obtained by homomorphic encryption based on a first plaintext polynomial and a first preset key, the first preset key is constructed based on a key polynomial, and the first plaintext polynomial is constructed with the feature values ​​in the first feature as coefficients; obtaining a second ciphertext, wherein the second ciphertext is constructed based on a second feature, and the second ciphertext has the same data structure as the first ciphertext; constructing a first vector based on the first ciphertext and the second ciphertext; obtaining a second vector, and performing an inner product calculation on the first vector and the second vector to obtain a target polynomial; wherein the target polynomial is used to obtain the recognition similarity between the second feature associated with the target polynomial and the first feature. The specific implementation of each step will not be repeated here.

[0139] It should be noted that examples of the computer-readable storage medium may also include, but are not limited to, phase-change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other optical and magnetic storage media, which will not be elaborated here.

[0140] The decryption device 60 in the embodiments of this application has been described above from the perspective of modular functional entities. The server and terminal device executing the decryption method in the embodiments of this application are described below from the perspective of hardware processing.

[0141] It should be noted that, in the embodiments of the decryption device in this application... Figure 6 The physical device corresponding to the transceiver module 601 shown can be an input / output unit, transceiver, radio frequency circuit, communication module, and input / output (I / O) interface, etc., and the physical device corresponding to the processing module 602 can be a processor. Figure 6 The decryption device 60 shown can have, for example: Figure 7 The structure shown, when Figure 6 The decryption device 60 shown has the following features: Figure 7 When the structure shown is used, Figure 7 The processor and transceiver in the device can perform the same or similar functions as the processing module 602 and transceiver module 601 provided in the aforementioned device embodiments. Figure 7 The memory in the processor needs to call the computer program when executing the above decryption method.

[0142] This application also provides a terminal device, such as... Figure 8 As shown, for ease of explanation, only the parts related to the embodiments of this application are shown. For specific technical details not disclosed, please refer to the method section of the embodiments of this application. The terminal device can be any terminal device including mobile phones, tablets, personal digital assistants (PDAs), point-of-sale (POS) terminals, in-vehicle computers, etc. Taking a mobile phone as an example:

[0143] Figure 8 This diagram illustrates a partial structural representation of a mobile phone related to the terminal device provided in this embodiment. (Reference) Figure 8 The mobile phone includes components such as a radio frequency (RF) circuit 1010, a memory 1020, an input unit 1030, a display unit 1040, a sensor 1050, an audio circuit 1060, a wireless fidelity (WiFi) module 1070, a processor 1080, and a power supply 1090. Those skilled in the art will understand that... Figure 8 The mobile phone structure shown does not constitute a limitation on the mobile phone and may include more or fewer components than shown, or combine certain components, or have different component arrangements.

[0144] The following is combined Figure 8 A detailed introduction to each component of a mobile phone:

[0145] The RF circuit 1010 can be used for receiving and transmitting signals during information transmission or calls. Specifically, it receives downlink information from the base station and processes it with the processor 1080; additionally, it transmits uplink data to the base station. Typically, the RF circuit 1010 includes, but is not limited to, an antenna, at least one amplifier, a transceiver, a coupler, a low-noise amplifier (LNA), a duplexer, etc. Furthermore, the RF circuit 1010 can also communicate wirelessly with networks and other devices. The aforementioned wireless communication can use any communication standard or protocol, including but not limited to Global System for Mobile Communications (GSM), General Packet Radio Service (GPRS), Code Division Multiple Access (CDMA), Wideband Code Division Multiple Access (WCDMA), Long Term Evolution (LTE), email, and Short Messaging Service (SMS).

[0146] The memory 1020 can be used to store software programs and modules. The processor 1080 executes various mobile phone functions and data processing by running the software programs and modules stored in the memory 1020. The memory 1020 may mainly include a program storage area and a data storage area. The program storage area may store the operating system, applications required for at least one function (such as sound playback function, image playback function, etc.), etc.; the data storage area may store data created according to the use of the mobile phone (such as audio data, phonebook, etc.). In addition, the memory 1020 may include high-speed random access memory, and may also include non-volatile memory, such as at least one disk storage device, flash memory device, or other volatile solid-state storage device.

[0147] The input unit 1030 can be used to receive input numerical or character information, and to generate key signal inputs related to user settings and function control of the mobile phone. Specifically, the input unit 1030 may include a touch panel 1031 and other input devices 1032. The touch panel 1031, also known as a touch screen, can collect touch operations performed by the user on or near it (such as operations performed by the user using a finger, stylus, or any suitable object or accessory on or near the touch panel 1031), and drive the corresponding connection devices according to a pre-set program. Optionally, the touch panel 1031 may include two parts: a touch detection device and a touch controller. The touch detection device detects the user's touch position and the signal generated by the touch operation, and transmits the signal to the touch controller; the touch controller receives touch information from the touch detection device, converts it into touch point coordinates, and sends it to the processor 1080, and can also receive and execute commands sent by the processor 1080. In addition, the touch panel 1031 can be implemented using various types such as resistive, capacitive, infrared, and surface acoustic wave. In addition to the touch panel 1031, the input unit 1030 may also include other input devices 1032. Specifically, other input devices 1032 may include, but are not limited to, one or more of the following: physical keyboard, function keys (such as volume control buttons, power buttons, etc.), trackball, mouse, joystick, etc.

[0148] The display unit 1040 can be used to display information input by the user or information provided to the user, as well as various menus of the mobile phone. The display unit 1040 may include a display panel 1041, which may optionally be configured as a liquid crystal display (LCD), organic light-emitting diode (OLED), or similar display. Further, a touch panel 1031 may cover the display panel 1041. When the touch panel 1031 detects a touch operation on or near it, it transmits the information to the processor 1080 to determine the type of touch event. Subsequently, the processor 1080 provides corresponding visual output on the display panel 1041 based on the type of touch event. Although in Figure 8 In this embodiment, the touch panel 1031 and the display panel 1041 are two separate components to realize the input and output functions of the mobile phone. However, in some embodiments, the touch panel 1031 and the display panel 1041 can be integrated to realize the input and output functions of the mobile phone.

[0149] The mobile phone may also include at least one sensor 1050, such as a light sensor, a motion sensor, and other sensors. Specifically, the light sensor may include an ambient light sensor and a proximity sensor. The ambient light sensor can adjust the brightness of the display panel 1041 according to the ambient light level, and the proximity sensor can turn off the display panel 1041 and / or the backlight when the phone is moved to the ear. As a type of motion sensor, an accelerometer sensor can detect the magnitude of acceleration in various directions (generally three axes). When stationary, it can detect the magnitude and direction of gravity and can be used for applications that recognize the phone's posture (such as landscape / portrait switching, related games, magnetometer posture calibration), vibration recognition-related functions (such as pedometer, taps), etc. Other sensors that may be configured in the mobile phone, such as gyroscopes, barometers, hygrometers, thermometers, and infrared sensors, will not be described in detail here.

[0150] The audio circuit 1060, speaker 1061, and microphone 1062 provide an audio interface between the user and the mobile phone. The audio circuit 1060 converts the received audio data into electrical signals and transmits them to the speaker 1061, where the speaker 1061 converts them into sound signals for output. On the other hand, the microphone 1062 converts the collected sound signals into electrical signals, which are then received by the audio circuit 1060, converted into audio data, and then processed by the processor 1080 before being transmitted via the RF circuit 1010 to, for example, another mobile phone, or the audio data can be output to the memory 1020 for further processing.

[0151] WiFi is a short-range wireless transmission technology. Through the WiFi module 1070, mobile phones can help users send and receive emails, browse web pages, and access streaming media, providing users with wireless broadband internet access. Although Figure 8 The WiFi module 1070 is shown, but it is understood that it is not an essential component of a mobile phone and can be omitted as needed without changing the essence of the invention.

[0152] The processor 1080 is the control center of the mobile phone, connecting various parts of the phone through various interfaces and lines. It executes software programs and / or modules stored in the memory 1020 and calls data stored in the memory 1020 to perform various functions and process data, thereby providing overall monitoring of the phone. Optionally, the processor 1080 may include one or more processing units; optionally, the processor 1080 may integrate an application processor and a modem processor, wherein the application processor mainly handles the operating system, user interface, and applications, and the modem processor mainly handles wireless communication. It is understood that the aforementioned modem processor may also not be integrated into the processor 1080.

[0153] The mobile phone also includes a power supply 1090 (such as a battery) that supplies power to various components. Optionally, the power supply can be logically connected to the processor 1080 through a power management system, thereby enabling functions such as charging, discharging, and power consumption management through the power management system.

[0154] Although not shown, mobile phones may also include a camera, Bluetooth module, etc., which will not be described in detail here.

[0155] In this embodiment of the application, the processor 1080 included in the mobile phone also has a method flow for controlling the execution of the above-mentioned method for obtaining a target polynomial based on the first feature of the input, which is executed by the decryption device.

[0156] Figure 9 This is a schematic diagram of a server structure provided in an embodiment of this application. The server 1100 can vary significantly due to different configurations or performance. It may include one or more central processing units (CPUs) 1122 (e.g., one or more processors) and memory 1132, and one or more storage media 1130 (e.g., one or more mass storage devices) for storing application programs 1142 or data 1144. The memory 1132 and storage media 1130 can be temporary or persistent storage. The program stored in the storage media 1130 may include one or more modules (not shown in the figure), each module may include a series of instruction operations on the server. Furthermore, the CPU 1122 may be configured to communicate with the storage media 1130 and execute the series of instruction operations in the storage media 1130 on the server 1100.

[0157] Server 1100 may also include one or more power supplies 1120, one or more wired or wireless network interfaces 1150, one or more input / output interfaces 1158, and / or one or more operating systems 1141, such as Windows Server, Mac OS X, Unix, Linux, FreeBSD, etc.

[0158] The steps performed by the server in the above embodiments can be based on this Figure 9 The structure of server 1100 shown. For example, as in the above embodiment, by Figure 9 The steps performed by the decryption device 60 shown can be based on this Figure 9 The server structure is shown. For example, the central processing unit 1122 performs the following operations by calling instructions from memory 1132:

[0159] Generate one or more ciphertext fragments of the ciphertext;

[0160] The second ciphertext fragment is sent to a second device participating in the secret sharing via input / output interface 1158, the second device holding a key for decrypting the ciphertext;

[0161] The first key fragment of the second device is received through the input / output interface 1158, and a secret sharing operation is performed on the first ciphertext fragment and the first key fragment to obtain the first decryption information. The key fragment is generated by the second device based on the key.

[0162] The second decryption information is received from the second device through the input / output interface 1158. The second decryption information is obtained by the second device after performing a secret sharing operation on the second ciphertext fragment and the second key fragment.

[0163] The target plaintext is decrypted based on the first decryption information and the second decryption information.

[0164] Alternatively, the central processing unit 1122 performs the following operations by calling instructions stored in memory 1132:

[0165] Generate one or more key fragments of the key;

[0166] The first key fragment is sent to the first device participating in the secret sharing via the input / output interface 1158. The first device holds the ciphertext obtained by homomorphic encryption.

[0167] The second ciphertext fragment of the first device is received through the input / output interface 1158, and a secret sharing operation is performed on the second ciphertext fragment and the second key fragment to obtain the second decryption information. The second ciphertext fragment is generated by the first device based on the ciphertext.

[0168] The second decryption information is sent to the first device through the input / output interface 1158, so that the first device can decrypt the target plaintext based on the second decryption information and the first key fragment.

[0169] In the above embodiments, the descriptions of each embodiment have different focuses. For parts not described in detail in a certain embodiment, please refer to the relevant descriptions in other embodiments.

[0170] Those skilled in the art will clearly understand that, for the sake of convenience and brevity, the specific working processes of the systems, devices, and modules described above can be referred to the corresponding processes in the foregoing method embodiments, and will not be repeated here.

[0171] In the embodiments provided in this application, it should be understood that the disclosed systems, apparatuses, and methods can be implemented in other ways. For example, the apparatus embodiments described above are merely illustrative; for instance, the division of modules is only a logical functional division, and in actual implementation, there may be other division methods. For example, multiple modules or components may be combined or integrated into another system, or some features may be ignored or not executed. Furthermore, the coupling or direct coupling or communication connection shown or discussed may be indirect coupling or communication connection through some interfaces, apparatuses, or modules, and may be electrical, mechanical, or other forms.

[0172] The modules described as separate components may or may not be physically separate. The components shown as modules may or may not be physical modules; that is, they may be located in one place or distributed across multiple network modules. Some or all of the modules can be selected to achieve the purpose of this embodiment according to actual needs.

[0173] Furthermore, the functional modules in the various embodiments of this application can be integrated into one processing module, or each module can exist physically separately, or two or more modules can be integrated into one module. The integrated module can be implemented in hardware or as a software functional module. If the integrated module is implemented as a software functional module and sold or used as an independent product, it can be stored in a computer-readable storage medium.

[0174] In the above embodiments, implementation can be achieved, in whole or in part, through software, hardware, firmware, or any combination thereof. When implemented in software, it can be implemented, in whole or in part, as a computer program product.

[0175] The computer program product includes one or more computer instructions. When the computer program is loaded and executed on a computer, all or part of the processes or functions described in the embodiments of this application are generated. The computer may be a general-purpose computer, a special-purpose computer, a computer network, or other programmable device. The computer instructions may be stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another. For example, the computer instructions may be transmitted from one website, computer, server, or data center to another website, computer, server, or data center via wired (e.g., coaxial cable, fiber optic, digital subscriber line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.) means. The computer-readable storage medium may be any available medium that a computer can store or a data storage device such as a server or data center that integrates one or more available media. The available medium may be a magnetic medium (e.g., floppy disk, hard disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., a solid-state disk (SSD)).

[0176] The technical solutions provided in the embodiments of this application have been described in detail above. Specific examples have been used in the embodiments of this application to illustrate the principles and implementation methods of the embodiments of this application. The description of the above embodiments is only for the purpose of helping to understand the methods and core ideas of the embodiments of this application. At the same time, for those skilled in the art, there will be changes in the specific implementation methods and application scope based on the ideas of the embodiments of this application. Therefore, the content of this specification should not be construed as a limitation on the embodiments of this application.

Claims

1. A decryption method, the method being applicable to a first device participating in secret sharing, the first device holding ciphertext obtained through homomorphic encryption, the method comprising: Generate one or more ciphertext fragments of the ciphertext; The second ciphertext fragment is sent to a second device participating in the secret sharing, the second device holding a key for decrypting the ciphertext; The device receives a first key fragment from the second device and performs a secret sharing operation on the first ciphertext fragment and the first key fragment to obtain first decryption information. The first key fragment is generated by the second device based on the key. The second decryption information is received from the second device, which is obtained by the second device performing a secret sharing operation on the second ciphertext fragment and the second key fragment. The target plaintext is decrypted based on the first decryption information and the second decryption information; The secret sharing operation includes secret multiplication and secret addition. The process of performing the secret sharing operation on the first ciphertext slice and the first key slice to obtain the first decrypted information includes: performing secret multiplication on the first ciphertext vector element of the first ciphertext slice and the vector element of the first key slice respectively; performing secret addition on the second ciphertext vector element of the first ciphertext slice and each multiplication result; and constructing the first decrypted information based on each secret addition result. In secret multiplication calculation, the multiplication ternary array is pre-constructed through the following steps: a ternary array is randomly generated as the original ternary array; the original ternary array is divided to obtain a first multiplication ternary array and a second multiplication ternary array, wherein the preset algebraic relationship is that the sum of the first multiplication ternary array and the second multiplication ternary array is the original ternary array; the second multiplication ternary array is sent to a second device; The first device performs secret multiplication calculations on the first ciphertext vector element of the first ciphertext segment and the vector element of the first key segment, respectively. This includes: the first device performing preset processing on the first ciphertext vector element, the vector element of the key segment, and a pre-acquired first multiplication triple array to obtain a first multiplication operation component; the first device receiving a second multiplication operation component from the second device, the second multiplication operation component being obtained by the second device based on the third ciphertext vector element of the ciphertext segment, the vector element of the key segment, and the second multiplication triple array, wherein the first multiplication triple array and the second multiplication triple array satisfy a preset algebraic relationship; and the first device performing restoration processing on the vector elements of the first multiplication operation component and the vector elements of the second multiplication operation component to obtain the respective multiplication calculation results.

2. The method as described in claim 1, wherein, The step of decrypting the target plaintext based on the first decryption information and the second decryption information includes: The vector elements of the first decrypted information and the vector elements of the second decrypted information are restored respectively; The target plaintext is constructed based on the results of each restoration process.

3. A decryption method applicable to a second device participating in a secret sharing, the second device holding a key for decrypting homomorphic encrypted ciphertext, the method comprising: Generate one or more key fragments of the key; Send the first key fragment to the first device participating in the secret sharing, the first device holding the ciphertext obtained through homomorphic encryption; The device receives a second ciphertext fragment from the first device and performs a secret sharing operation on the second ciphertext fragment and the second key fragment to obtain second decryption information. The second ciphertext fragment is generated by the first device based on the ciphertext. Send the second decryption information to the first device, so that the first device can decrypt the target plaintext based on the second decryption information and the first key fragment; The secret sharing operation includes secret multiplication and secret addition. The process of performing the secret sharing operation on the second ciphertext slice and the second key slice to obtain the second decrypted information includes: performing secret multiplication on the third ciphertext vector element of the second ciphertext slice and the vector element of the second key slice respectively; performing secret addition on the ciphertext vector element of the second ciphertext slice and each multiplication result; and constructing the second decrypted information based on each secret addition result. In the secret multiplication calculation, the multiplication triple array is pre-constructed by the first device; the second multiplication triple array is sent from the first device to the second device; during the generation of the second multiplication triple array, the first device randomly generates a triple array as the original triple array; the first device divides the original triple array to obtain the first multiplication triple array and the second multiplication triple array, wherein the preset algebraic relationship is that the sum of the first multiplication triple array and the second multiplication triple array is the original triple array; The second device performs secret multiplication calculations on the third ciphertext vector element of the second ciphertext segment and the vector element of the second key segment, respectively. This includes: the second device performs preset processing on the third ciphertext vector element, the vector element of the second key segment, and the pre-acquired second multiplication ternary array to obtain the second multiplication operation component, wherein the first multiplication ternary array and the second multiplication ternary array satisfy a preset algebraic relationship.

4. A decryption apparatus, the apparatus being adapted to a first device participating in secret sharing, the first device holding ciphertext obtained through homomorphic encryption, the apparatus comprising: The processing module is configured to generate one or more ciphertext fragments of the ciphertext; The transceiver module is configured to send a second ciphertext fragment to a second device participating in the secret sharing, the second device holding a key for decrypting the ciphertext; The transceiver module is also configured to receive a first key fragment from the second device; The processing module is further configured to perform a secret sharing operation on the first ciphertext fragment and the first key fragment to obtain first decryption information, wherein the first key fragment is generated by the second device based on the key; The transceiver module is further configured to receive second decryption information from the second device, the second decryption information being obtained by the second device performing a secret sharing operation on the second ciphertext fragment and the second key fragment; The processing module is further configured to decrypt the target plaintext based on the first decryption information and the second decryption information; The secret sharing operation includes secret multiplication and secret addition. When the processing module performs the secret sharing operation on the first ciphertext slice and the first key slice to obtain the first decrypted information, it is configured to: perform secret multiplication on the first ciphertext vector element of the first ciphertext slice and the vector element of the first key slice respectively; perform secret addition on the second ciphertext vector element of the first ciphertext slice and each multiplication result; and construct the first decrypted information based on each secret addition result. In the secret multiplication calculation, the processing module, when pre-constructing the multiplication ternary array through the following steps, is configured to: randomly generate a ternary array as the original ternary array; divide the original ternary array to obtain a first multiplication ternary array and a second multiplication ternary array, wherein the preset algebraic relationship is that the sum of the first multiplication ternary array and the second multiplication ternary array is the original ternary array; and send the second multiplication ternary array to a second device. The processing module, when performing secret multiplication calculations on the first ciphertext vector element of the first ciphertext segment and the vector element of the first key segment, is configured as follows: the first device performs preset processing on the first ciphertext vector element, the vector element of the key segment, and a pre-acquired first multiplication ternary array to obtain a first multiplication operation component; the first device receives a second multiplication operation component from the second device, the second multiplication operation component being obtained by the second device based on the third ciphertext vector element of the ciphertext segment, the vector element of the key segment, and the second multiplication ternary array, wherein the first multiplication ternary array and the second multiplication ternary array satisfy a preset algebraic relationship; the first device performs restoration processing on the vector elements of the first multiplication operation component and the vector elements of the second multiplication operation component to obtain the respective multiplication calculation results.

5. The apparatus of claim 4, wherein, The processing module, which decrypts the target plaintext based on the first decryption information and the second decryption information, is configured as follows: The vector elements of the first decrypted information and the vector elements of the second decrypted information are restored respectively; The target plaintext is constructed based on the results of each restoration process.

6. A decryption apparatus adapted to a second device participating in a secret sharing, the second device holding a key for decrypting homomorphic encrypted ciphertext, the apparatus comprising: The processing module is configured to generate one or more key fragments of the key; The transceiver module is configured to send a first key fragment to a first device participating in secret sharing, the first device holding ciphertext obtained through homomorphic encryption. The transceiver module is also configured to receive a second encrypted fragment from the first device; The processing module is further configured to perform a secret sharing operation on the second ciphertext fragment and the second key fragment to obtain second decryption information, wherein the second ciphertext fragment is generated by the first device based on the ciphertext; The transceiver module is further configured to send the second decryption information to the first device, so that the first device can decrypt the target plaintext based on the second decryption information and the first key fragment; The secret sharing operation includes secret multiplication and secret addition. When the processing module performs the secret sharing operation on the second ciphertext slice and the second key slice to obtain the second decrypted information, it is configured to: perform secret multiplication on the third ciphertext vector element of the second ciphertext slice and the vector element of the second key slice respectively; perform secret addition on the ciphertext vector element of the second ciphertext slice and each multiplication result; and construct the second decrypted information based on each secret addition result. In the secret multiplication calculation, the multiplication triple array is pre-constructed by the first device; the second multiplication triple array is sent from the first device to the second device; during the generation of the second multiplication triple array, the first device randomly generates a triple array as the original triple array; the first device divides the original triple array to obtain the first multiplication triple array and the second multiplication triple array, wherein the preset algebraic relationship is that the sum of the first multiplication triple array and the second multiplication triple array is the original triple array; The processing module is configured to perform secret multiplication calculations on the third ciphertext vector element of the second ciphertext segment and the vector element of the second key segment, respectively, as follows: the second device performs preset processing on the third ciphertext vector element, the vector element of the second key segment, and the pre-acquired second multiplication ternary array to obtain the second multiplication operation component, wherein the first multiplication ternary array and the second multiplication ternary array satisfy a preset algebraic relationship.

7. A computing device, comprising a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein, When the processor executes the computer program, it implements the method of any one of claims 1-2, or when the processor executes the computer program, it implements the method of claim 3.

8. A computer-readable storage medium comprising instructions that, when executed on a computer, cause the computer to perform the method as claimed in any one of claims 1-2, or cause the computer to perform the method as claimed in claim 3.