A medical privacy data security calculation method based on CKKS homomorphic encryption

By optimizing the GPU architecture through core fusion and register-level bit reversal, the problem of low computational efficiency of homomorphic encryption in medical privacy data processing is solved, achieving efficient homomorphic encryption computation that is suitable for real-time data processing and high-concurrency cloud privacy computing.

CN122179205APending Publication Date: 2026-06-09GUILIN UNIV OF ELECTRONIC TECH

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
GUILIN UNIV OF ELECTRONIC TECH
Filing Date
2026-03-23
Publication Date
2026-06-09

AI Technical Summary

Technical Problem

Existing homomorphic encryption technology suffers from low computational efficiency and high latency in medical privacy data processing, making it difficult to adapt to the performance bottlenecks of real-time data processing and high-concurrency cloud privacy computing, especially when it is inefficient in multi-core parallel computing.

Method used

By adopting a core fusion mechanism to merge multi-stage butterfly operations, adjusting the number of threads to the optimal number of threads per GPU block, and combining register-level bit reversal operations and resource pool mechanisms, the GPU hardware architecture and scheduling are optimized to reduce global synchronization waiting time.

Benefits of technology

It improves the efficiency of homomorphic encryption computation, adapts to GPU hardware architecture, reduces synchronization time, improves computational throughput and latency, and supports real-time data processing and high-concurrency cloud privacy computing.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122179205A_ABST
    Figure CN122179205A_ABST
Patent Text Reader

Abstract

This invention relates to the field of information security technology, specifically to a secure computation method for medical privacy data based on CKKS homomorphic encryption. The method involves initializing a polynomial multiplication module and a CKKS module; the user end collects medical data, performs CKKS encoding and encryption, and uploads the ciphertext to the cloud; the server end deploys a disease risk prediction model, performs homomorphic inference analysis based on the ciphertext, and obtains the ciphertext result; the user end decrypts and decodes the ciphertext result, outputs a disease risk score, and obtains health data. This method makes the computation process more compatible with the GPU hardware architecture and scheduling mechanism, directly manipulates registers using assembly language to improve bit reversal efficiency, and designs a resource pool so that threads can place data into the resource pool after processing the current stage. Idle threads can find the data needed for the next stage in the resource pool without waiting and can directly execute the next stage's computation, reducing synchronization time.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of information security technology, and in particular to a method for secure computation of medical privacy data based on CKKS homomorphic encryption. Background Technology

[0002] With the widespread adoption of technologies such as cloud computing, big data sharing, and privacy computing, data privacy and security throughout its entire lifecycle has become a core pain point in the industry. Homomorphic encryption, with its core characteristic of "direct computation in ciphertext without decryption to expose the original data," has become a key cryptographic technology for resolving the contradiction between data sharing and privacy protection, and has broad application prospects in scenarios involving confidential data processing such as finance, healthcare, and government. Hospitals or medical examination institutions need to perform disease risk assessments based on multiple physiological indicators of users (such as age, blood pressure, blood sugar, blood lipids, heart rate, body mass index, etc.). However, due to the high sensitivity of the original medical data, it cannot be directly uploaded to the cloud in plaintext for processing. To solve this problem, a homomorphic encryption scheme based on CKKS is proposed to encrypt the user's real-valued medical features before performing predictive model calculations on the ciphertext in the cloud. In this scenario, the user terminal is responsible for encoding and encrypting the medical feature vectors, the cloud server is responsible for performing inference calculations of the risk scoring model or neural network model in the ciphertext domain, and finally the user decrypts the results to obtain the corresponding disease risk prediction value. The prediction process involves numerous polynomial multiplications, ciphertext multiplications, relinearization, and rescaling operations. As the underlying core operation of homomorphic encryption algorithms, polynomial multiplication directly determines the computational efficiency, latency, and engineering feasibility of homomorphic encryption schemes, making it a key factor restricting the practical application of homomorphic encryption technology. Number theory transformations constitute the most computationally time-consuming operation within polynomial multiplications. Currently, number theory transformations in homomorphic encryption are mostly implemented based on CPU architectures. However, CPUs have a limited number of cores, high serial execution efficiency, but insufficient parallel computing power. When facing large-scale number theory transformations, single-threaded computation time increases exponentially, and multi-core parallelism cannot fully utilize computing power due to thread scheduling overhead and memory bandwidth limitations. This performance bottleneck directly leads to high ciphertext computation latency and low throughput in homomorphic encryption schemes, making them unsuitable for real-time data processing, high-concurrency cloud privacy computing, and lightweight edge deployments, severely restricting the engineering implementation and large-scale application of homomorphic encryption. Summary of the Invention

[0003] The purpose of this invention is to provide a method for secure computation of medical privacy data based on CKKS homomorphic encryption, which aims to improve the execution efficiency of the privacy computation process.

[0004] To achieve the above objectives, this invention provides a method for secure computation of medical privacy data based on CKKS homomorphic encryption, comprising the following steps:

[0005] Initialize the polynomial multiplication module and the CKKS module;

[0006] The user terminal collects medical data, performs CKKS encoding and encryption, and uploads the encrypted data to the cloud;

[0007] The server deploys a disease risk prediction model and performs homomorphic inference analysis based on the ciphertext to obtain the ciphertext result.

[0008] The user terminal decrypts and decodes the encrypted result, outputs a disease risk score, and obtains health data.

[0009] The initialization polynomial multiplication module includes core fusion, local synchronization mechanism, and register-level bit reversal operation.

[0010] The core fusion includes merging multi-stage butterfly operations, constraining the number of threads to the optimal number of threads per GPU block, and adapting to the GPU hardware architecture and scheduling mechanism.

[0011] The local synchronization and resource pool mechanism includes storing intermediate data and stage number into the resource pool after a thread completes the current stage operation, and idle threads retrieve data from the resource pool to directly execute the next stage, thus canceling global synchronization waiting.

[0012] Specifically, the register-level bit reversal includes performing bit reversal directly in the register using PTX assembly, reducing global / shared memory access overhead.

[0013] The medical data includes one or more continuous physiological indicators such as age, blood pressure, blood sugar, blood lipids, heart rate, and body mass index.

[0014] This invention discloses a medical privacy data security computation method based on CKKS homomorphic encryption. The method initializes a polynomial multiplication module and a CKKS module. The user end collects medical data, performs CKKS encoding and encryption, and uploads the ciphertext to the cloud. The server deploys a disease risk prediction model and performs homomorphic inference analysis based on the ciphertext to obtain the ciphertext result. The user end decrypts and decodes the ciphertext result, outputting a disease risk score and obtaining health data. This method utilizes a kernel fusion mechanism to reduce the number of threads to the common GPU level of 1024 threads / block, making the computation process more compatible with the GPU's hardware architecture and scheduling mechanism. It uses an InlinePTX mechanism to directly manipulate registers in assembly language, improving the efficiency of bit reversal. The method proposes a local synchronization mechanism by designing a resource pool. After processing the data of the current stage, threads are placed in the resource pool. Idle threads can find the data needed for the next stage in the resource pool without waiting and can directly execute the next stage's computation, reducing synchronization time. Attached Figure Description

[0015] To more clearly illustrate the technical solutions in the embodiments of this application or the prior art, the accompanying drawings used in the description of the embodiments or the prior art will be briefly introduced below.

[0016] Figure 1 This is a flowchart of a medical privacy data security calculation method based on CKKS homomorphic encryption provided by the present invention.

[0017] Figure 2 This is a schematic diagram of the first two layers of the traditional 8-point number theory transformation.

[0018] Figure 3 This is a schematic diagram of the first two layers of the 8-point number theory transformation after nuclear fusion.

[0019] Figure 4 This is a diagram illustrating the interaction between threads and the resource pool.

[0020] Figure 5 This is a schematic diagram of the overall system flow. Detailed Implementation

[0021] The embodiments of the present invention are described in detail below. Examples of the embodiments are shown in the accompanying drawings. The embodiments described below with reference to the accompanying drawings are exemplary and intended to explain the present invention, but should not be construed as limiting the present invention.

[0022] Please see Figures 1 to 5 This invention provides a method for secure computation of medical privacy data based on CKKS homomorphic encryption, comprising the following steps:

[0023] S1 initializes the polynomial multiplication module and the CKKS module;

[0024] In this embodiment of the invention, the polynomial multiplication module is initialized by establishing system parameters, including the polynomial length N and the RNS module chain.

[0025]

[0026] Modulus for each layer The twitch factor required to pre-calculate NTT / INTT is calculated using the following formula:

[0027]

[0028]

[0029] .

[0030] Where g is a primitive element in the multiplicative group of the finite field GF(p), the multiplicative group of GF(p) is a cyclic group of order p-1, and the power of g is {g 0 ,g1 , …, g p-2}, which can traverse all non-zero elements in GF(p). p is a prime number and must satisfy N∣(p - 1) (i.e., p≡1 (mod N)).

[0031] The N-th primitive root of unity in the finite field GF(p) can be generated by the first equation . What the third equation generates is the rotation factor. L is half of the sequence that needs to be merged in the current NTT stage and will increase according to the sequence of 2, 4, 8, 16...

[0032] In the polynomial multiplication calculation stage, most polynomials need to enter the RNS stage and be converted into several sub-polynomials that can be calculated in parallel. Using the Inline PTX scheduling register, an efficient bit-reversal module is implemented. The representation of the butterfly operation is as follows:

[0033]

[0034] The N-point number-theoretic transform should be divided into log2N stages for execution. The interval step size of the data pairs processed in the i-th stage should be 2 i-1 <N. The initial A and B are elements of the polynomial coefficient array after bit-reversal. The separation size is the above step size. After processing all elements, it enters the next stage. The subsequent A and B are those of the previous stage 、 , except that the step size doubles in each stage. t is the in-block offset.

[0035] The butterfly operation is dynamically adjusted according to N. k pairs of butterfly operations are fused, where k = N / 2 / 1024, and at the same time j stages are fused, where j = N / 2 / 1024 / 2. Before fusion, it is like Figure 1 , and after fusion, it is like Figure 2 (taking the 8-point number-theoretic transform as an example). Initialize the resource pool. The data in the pool is a binary tuple, including the data itself and its current stage number. The synchronization mode of the thread is adjusted as follows: after processing the current data, label the data and put it into the resource pool. The idle thread immediately executes the butterfly operation of the next stage after searching for the required data in the resource pool without waiting for other threads, as Figure 3 . After all stages are completed, the result of polynomial multiplication is obtained after dot multiplication, INTT, and IRNS. The polynomial multiplication module will be called multiple times in the subsequent steps.

[0036] Initialize the CKKS module: Determine the CKKS parameters, including the scaling factor Δ, and initialize the ring required for CKKS:

[0037] (This is a cryptographic definition and should not need to be explained. It is the most basic definition)

[0038] Prepare the private key, public key, relinearization key, and rotation key required for the CKKS scheme. The private key is denoted as s, and the public key is represented as pk=(b,a), where b=-as+e mod q.

[0039] The S2 client collects medical data, performs CKKS encoding and encryption, and uploads the encrypted data to the cloud.

[0040] In this embodiment of the invention, the user terminal collects user medical data, performs CKKS plaintext encoding and scaling mapping, and uploads it encrypted: CKKS encoding is performed on the input plaintext vector. Let the input complex vector be...

[0041]

[0042] Where x can include age, blood pressure, blood sugar, blood lipids, heart rate, body mass index, or other continuous medical indicators used for disease prediction, and R is a natural number. The medical feature vector is encoded as a message multinomial:

[0043]

[0044] in, It is a scaling factor, defined as

[0045] Encrypting the encoded medical feature polynomial using the CKKS public key yields the ciphertext:

[0046]

[0047] in:

[0048]

[0049] .

[0050] Where u is a small-coefficient polynomial that is randomly generated once during the encryption process, most commonly sampled from a ternary distribution.

[0051] The S3 server deploys a disease risk prediction model and performs homomorphic inference analysis based on the ciphertext to obtain the ciphertext result.

[0052] In this embodiment of the invention, a disease risk prediction model is pre-deployed on the cloud server side, and the received data is analyzed: If a linear risk scoring model is used, the model can be expressed as:

[0053]

[0054] in, Represents the i-th medical feature; 'b' represents the weight of the feature's contribution to disease risk; 'y' represents the bias term; and 'y' represents the output risk score. The risk score is multi-dimensional; for example, for the same user, it can output: diabetes risk score; cardiovascular disease risk score; metabolic syndrome risk score; and tumor recurrence risk score, categorized as high, medium, and low risk based on thresholds.

[0055] The S4 client decrypts and decodes the encrypted result, outputs a disease risk score, and obtains health data.

[0056] In this embodiment of the invention, the server transmits the analysis results back to the user terminal, which decrypts the results to obtain the analysis results: the user side uses its private key to decrypt and decode the risk score ciphertext to obtain the predicted value.

[0057]

[0058] .

[0059] The above-disclosed embodiments are merely preferred embodiments of a medical privacy data security calculation method based on CKKS homomorphic encryption, and should not be construed as limiting the scope of this application. Those skilled in the art can understand that implementing all or part of the above embodiments and making equivalent changes in accordance with the claims of this application still fall within the scope of this application.

Claims

1. A method for secure computation of medical privacy data based on CKKS homomorphic encryption, characterized in that, Includes the following steps: Initialize the polynomial multiplication module and the CKKS module; The user terminal collects medical data, performs CKKS encoding and encryption, and uploads the encrypted data to the cloud; The server deploys a disease risk prediction model and performs homomorphic inference analysis based on the ciphertext to obtain the ciphertext result. The user terminal decrypts and decodes the encrypted result, outputs a disease risk score, and obtains health data.

2. The medical privacy data security calculation method based on CKKS homomorphic encryption as described in claim 1, characterized in that, The initialization polynomial multiplication module includes kernel fusion, local synchronization mechanisms, and register-level bit reversal operations.

3. The medical privacy data security computation method based on CKKS homomorphic encryption as described in claim 1, characterized in that, The core fusion includes merging multi-stage butterfly operations, constraining the number of threads to the optimal number of threads per GPU block, and adapting to the GPU hardware architecture and scheduling mechanism.

4. The medical privacy data security calculation method based on CKKS homomorphic encryption as described in claim 1, characterized in that, The local synchronization and resource pool mechanism includes storing intermediate data and stage number into the resource pool after a thread completes the current stage operation, and idle threads retrieve data from the resource pool to directly execute the next stage, thus canceling global synchronization waiting.

5. The medical privacy data security computation method based on CKKS homomorphic encryption as described in claim 1, characterized in that, The register-level bit reversal includes performing bit reversal directly in the register using PTX assembly, reducing global / shared memory access overhead.

6. The medical privacy data security computation method based on CKKS homomorphic encryption as described in claim 1, characterized in that, The medical data includes one or more continuous physiological indicators among age, blood pressure, blood sugar, blood lipids, heart rate, and body mass index.