A method and system for processing encrypted data comprising evaluating a vector of encrypted data from a client using at least one decision tree provided by a server
The method and system leverage a server-managed and client-controlled secure execution environment to process encrypted data using decision trees, addressing computational inefficiencies and maintaining confidentiality in homomorphic encryption systems.
Patent Information
- Authority / Receiving Office
- FR · FR
- Patent Type
- Applications
- Current Assignee / Owner
- COMMISSARIAT A LENERGIE ATOMIQUE ET AUX ENERGIES ALTERNATIVES
- Filing Date
- 2024-12-17
- Publication Date
- 2026-06-19
AI Technical Summary
Existing methods for processing encrypted data using homomorphic encryption are computationally intensive and time-consuming, requiring significant resources while compromising data confidentiality.
A method and system that utilize a first execution environment managed by the server and a second secure execution environment controlled by the client, where the latter contains the client's private key, allowing for encrypted data processing using a decision tree without decrypting the data, ensuring confidentiality through homomorphic encryption and secure execution environments.
This approach enhances the efficiency of encrypted data processing by performing calculations in plaintext within the secure execution environment, preserving data confidentiality and reducing computational overhead.
Abstract
Description
Title of the invention: Method and system for processing encrypted data comprising evaluating a vector of encrypted data from a client by at least one decision tree provided by a server
[0001] The present invention relates to a method and a system for processing encrypted data comprising an evaluation of a vector of encrypted data from a client by at least one decision tree provided by a server.
[0002] The invention lies in the field of digital data encryption and the processing of encrypted digital data.
[0003] Encryption of digital data is critical for many applications, in order to protect confidential digital data, whether it be medical, industrial, or banking digital data.
[0004] Many applications require the implementation of calculations on numerical data, and it is common practice to offer to perform heavy calculations on computing servers, made available to various clients. In particular, calculations implementing artificial intelligence methods, developed through machine learning, are offered by servers. In such a context, it is critical to ensure the protection and confidentiality of both the client's numerical data and the specific parameters of the artificial intelligence methods implemented by the servers.
[0005] Indeed, the development of artificial intelligence methods using machine learning requires algorithmic choices to define an artificial intelligence model to be applied, and the training of model parameters, which are very numerous. The training phase uses significant computing resources and previously collected training data, the collection and storage of which are also time-consuming and expensive.
[0006] Thus, in such an application framework, each of the participants, namely the client and the server, needs to protect its own digital data. The protection of digital data is achieved through encryption.
[0007] Public-key and private-key encryption / decryption schemes are known, in particular, where these keys are distinct, the private key being secret and personal, known only to the data owner. Only the holder of the private key can decrypt the digital data encrypted with the corresponding public key.
[0008] Furthermore, confidential computing systems using homomorphic encryption have been developed. Such a confidential computing system makes it possible to put in This involves performing addition / subtraction and multiplication operations on encrypted data to obtain an encrypted result without decryption. The result of any operation on encrypted data (an operation performed "blind") corresponds to the result of applying the same operation without encryption (an operation "in plaintext"). This advantageously allows calculations to be delegated to an external server without the external server decrypting the encrypted data, thus maintaining data confidentiality. After performing the calculations in the encrypted domain, using the homomorphic encryption scheme, the server transmits the encrypted result to the client, who decrypts it using their private key.
[0009] However, calculations on encrypted data in a homomorphic encryption system are heavy, use many computing resources and require a long time.
[0010] An object of the invention is to offer a remote processing of encrypted data that is more efficient while ensuring the confidentiality of the data processed.
[0011] The invention applies more particularly to the confidential evaluation of a client's encrypted data vector by at least one decision tree provided by a server. Confidential evaluation is understood here to mean an evaluation that does not provide access to decrypted (or plaintext) client data.
[0012] A complementary objective of the invention is also to preserve the confidentiality of the operations and data specific to the server which performs the calculations.
[0013] To this end, the invention relates to a method for processing encrypted data comprising evaluating a vector of encrypted data from a client using at least one decision tree provided by a server, the encrypted data vector of the client being of dimension K less than or equal to the number of nodes of said at least one decision tree, the evaluation of the encrypted data vector by at least one decision tree comprising a phase of comparing the components of the encrypted data vector to decision threshold values associated with the nodes of said at least one decision tree, and a phase of traversing the at least one decision tree based on the result of the comparison phase, to obtain an encrypted decision result. This method is implemented by said server and comprises, in the comparison phase:
[0014] by a first execution environment, implementing a homomorphic encryption scheme, a calculation of an evaluation vector, comprising encrypted components each representing a difference between a component of the encrypted data vector and a decision threshold value associated with a corresponding node of said at least one decision tree,
[0015] providing the evaluation vector to a second execution environment which is a secure execution environment, executed by said server but controlled by said client,
[0016] by the second secure execution environment:
[0017] - decryption, by applying a private key of said client, previously registered in the secure execution environment, of said evaluation vector,
[0018] -determination of the sign of each component of the decrypted evaluation vector and provision of at least one encrypted sign vector resulting from said determination of the sign in said first execution environment.
[0019] Advantageously, the proposed method uses both a first execution environment managed by the server and a second secure execution environment in the phase of comparing the components of the encrypted data vector to decision threshold values associated with the nodes of the decision tree. The second secure execution environment is managed by the client and contains client information, including the client's private key enabling the decryption of the encrypted data. The second secure execution environment is installed on the server but is isolated; therefore, the information and data processed in this second secure execution environment are not accessible to the server.Advantageously, the second secure execution environment is used to perform comparisons in plaintext, which speeds up calculations while preserving the confidentiality of the processed data, because the data decrypted in the second secure execution environment is not accessible by the first server-managed execution environment.
[0020] According to other advantageous aspects of the invention, the encrypted data processing method comprises one or more of the following features, taken individually or in all technically possible combinations.
[0021] The calculation of an evaluation vector includes a calculation of a difference vector encrypted by encrypted subtraction between the encrypted data vector and a vector formed from said decision thresholds.
[0022] The calculation of an evaluation vector further involves a multiplicative masking of the difference vector encrypted by a masking vector.
[0023] Multiplicative masking involves generating the masking vector by pseudo-random drawing of K non-zero values and a multiplication of said encrypted difference vector and the masking vector, to obtain said evaluation vector.
[0024] The method comprises, by the first execution environment, upon receiving at least one ciphertext vector, a combination of the masking vector and each component of said ciphertext vector, to obtain a vector of representative numerical comparison of the comparison of each component of the numerical data vector at the corresponding decision threshold.
[0025] The determination of the sign of each component of the evaluation vector decrypted by the second secure execution environment further involves multiplying each sign component by a chosen constant factor, preferably equal to 0.5.
[0026] The method further comprises, by the first execution environment, an additive adjustment consisting of adding said constant factor to each component of said encrypted sign vector.
[0027] The traversal phase of at least one decision tree is carried out by the first secure execution environment, and includes a calculation of a result vector per level of the decision tree as a function of said at least one encrypted sign vector.
[0028] The method further includes calculating a decision vector based on the result vectors per level.
[0029] The calculation of a decision vector involves a numerical multiplication of result vectors by level.
[0030] The calculation of a decision vector involves a numerical addition of the result vectors by level, to obtain a numerical sum result vector.
[0031] The calculation of a decision vector further includes a priming step applied to the result vector sum ciphered to obtain a decision vector comprising a single '1' indicating a terminal result node and '0's for the other terminal nodes of the decision tree.
[0032] The calculation of a decision vector further includes a step of subtracting a predetermined value, equal to the number of depth levels of the decision tree, from each component of the result vector sum ciphered, and a step of multiplicative masking of the vector resulting from said subtraction step, making it possible to obtain a decision vector having a single '0' indicating a terminal result node and random values for the other terminal nodes of the decision tree.
[0033] The invention also relates to a computer program comprising software instructions which, when executed by a computer, implement a method for processing encrypted data as defined above.
[0034] According to another aspect, the invention relates to an encrypted data processing system comprising a client and a server providing at least one decision tree, the server being configured to perform an evaluation of a client's encrypted data vector using at least one decision tree, the client's encrypted data vector being of dimension K less than or equal to the number of nodes in said at least one decision tree, the evaluation of the encrypted data vector by the at least one decision tree comprising a phase of comparing the components of the encrypted data vector to decision threshold values associated with the nodes of said at least one decision tree, and a phase of traversing the at least one decision tree based on the result of the comparison phase, to obtain an encrypted decision result, the system comprising a first execution environment and a second secure execution environment. The system is such that, in the comparison phase:
[0035] The first execution environment is configured to implement a homomorphic encryption scheme, a calculation module for an evaluation vector, comprising encrypted components each representing a difference between a component of the encrypted data vector and a decision threshold value associated with a corresponding node of said at least one decision tree, and for providing the evaluation vector to said second secure execution environment, executed by said server but controlled by said client, the second secure execution environment being configured to implement:
[0036] -a decryption module, by applying a private key of said client, previously registered in the secure execution environment of said evaluation vector,
[0037] -a module for determining the sign of each component of the decrypted evaluation vector and providing a vector of encrypted signs resulting from said determination of the sign in said first execution environment.
[0038] The invention will become clearer upon reading the following description, given solely by way of non-limiting example, and made with reference to the drawings in which:
[0039] [Fig-1] [Fig.1] is an encrypted data processing system comprising a client and a server, the server comprising a computing processor, a first execution environment managed by the server and a second secure execution environment managed by the client;
[0040] [Fig.2] [Fig.2] is an example of a binary decision tree;
[0041] [Fig.3] [Fig.3] represents the set of paths of the binary decision tree of the [Fig.2];
[0042] [Fig.4] [Fig.4] is a synoptic diagram of the main steps of a treatment process of encrypted data according to a first embodiment;
[0043] [Fig.5] [Fig.5] is a synoptic diagram of several embodiments of a step in the traversal phase;
[0044] [Fig.6] The figure is a synoptic diagram of the main steps of a process for processing encrypted data according to a second embodiment.
[0045] The invention applies to any application for evaluating data, presented in the form of an encrypted data vector, by a decision tree provided by a server.
[0046] Decision trees are algorithms with a tree-like structure, whose parameters are learned by machine learning, and used in decision-making. They are used, for example, in decision-making for applications involving medical data analysis, analysis of operational data from industrial equipment for operational diagnostics and predictive maintenance, or detection of security attacks in computer systems.
[0047] The [Fig.1] is an encrypted data processing system 2 comprising a client system 4 and a server system 6, hereafter referred to simply as "client 4" and "server 6".
[0048] The encrypted data processing system 2 is a confidential computing system, in which encrypted data evaluation calculations are delegated to the server 6 by the client 4.
[0049] Each of the client 4 and server 6 systems includes electronic computing resources.
[0050] In some embodiments, each of the client 4 and server 6 systems is made up of one or more interconnected programmable electronic devices (or computers).
[0051] The client 4 is configured to provide encrypted data, according to a homomorphic encryption scheme 5 (or homomorphic cryptosystem), with public key Kpub and private key Kpriv.
[0052] A homomorphic encryption scheme or homomorphic cryptosystem comprises a pair of associated encryption algorithms Enc() and decryption algorithms Dec(), for which the following equality is satisfied for at least one operation in a ring Z
[0053] [Math.l] Dec ( Enc ( mt ) *Enc (m2)) - De^Enc m2
[0054] The operations denoted “*” and “°” being operations of the ring Z, which can be either identical or distinct.
[0055] A cryptosystem is said to be completely homomorphic if the property [MATH 1] is verified for all operations of a ring Z.
[0056] Partially homomorphic cryptosystems are also known.
[0057] For example, the fully homomorphic cryptosystem TFHE (for "Fully Homomorphic Encryption over the Torus") is used.
[0058] By convention, in the rest of the description, the notation in brackets [X] indicates that the data X is encrypted, and the notation in parentheses (X) indicates that the data X is unencrypted (or in plain text).
[0059] The encrypted data is provided in the form of an encrypted data vector [V] of dimension K, K being an integer greater than 1, to server 6 for evaluation by a binary decision tree or by a random forest comprising a plurality of binary decision trees.
[0060] The number K of components of the encrypted data vector to be evaluated is less than or equal to the number of nodes of the binary decision tree.
[0061] In the description below, the number K of components of the encrypted data vector to be evaluated is equal to the number of nodes of the binary decision tree.
[0062] Decision trees are algorithms with a tree structure, whose parameters are learned by machine learning in a prior learning phase.
[0063] The description considers the use case of a binary decision tree.
[0064] The described methods apply to any decision tree, since we know of methods of transforming any tree structure into a binary tree structure, for example the double-chain method or "left child right sibling" in English.
[0065] An example of a binary decision tree structure 22 is illustrated in [Fig. 2]. In the example in [Fig. 2], the binary decision tree has D=2 levels of depth and comprises K=3 nodes {N0, N1, and N2, respectively], each node having an associated decision threshold value {t0, t1, t2}. In a binary tree structure, each node at a given level p has two child nodes at the next level (level p+1). In the simple example shown, node N0 is the root node of the tree, and it has two child nodes, N1 and N2, respectively.
[0066] The binary decision tree 22 further comprises M=4 terminal nodes also called "leaves", denoted respectively L0, L1, L2, L3.
[0067] In the example of [Fig.2], each of the nodes NI and N2 has two child nodes, respectively L0 and L1 for the node NI and L2 and L3 for the node N2.
[0068] Between successive levels, the nodes are linked by branches.
[0069] The terminal nodes have no child nodes. The result of the evaluation on a binary decision tree is provided by the terminal nodes.
[0070] A decision tree traversal for evaluating a data vector X - (Xq, X]5 X2 involves comparing the respective values of the components X to the corresponding decision threshold values h, each comparison providing a comparison result [rf(]) associated with a first branch descending from the node Ni (in the example, the right-hand branch). The complementary result of [^], denoted k] = lw-best associated with the second branch of the node Ni (in the example, the left branch).
[0071] In [Fig. 3], the decision tree 22 of [Fig. 2] is shown in unfolded form, in which all the distinct paths of the tree are represented, denoted respectively CO, Cl, C2, C3, each path corresponding to a passage from the root node to a terminal node via branches, each having an associated comparison result. A path is characterized by the successive comparison results of the branches forming the path.
[0072] An exhaustive traversal of the decision tree involves the evaluation of the M possible paths, as represented in [Fig.3].
[0073] Of course, the example in Figures 2 and 3 is a simplistic example; binary trees comprising a much larger number of nodes are used in various practical applications.
[0074] Client 4 applies a homomorphic encryption scheme to obtain an encrypted data vector [V] which has K encrypted components.
[0075] Among homomorphic encryption schemes, there are known schemes that implement calculations on a "component-by-component" encryption of the data vector, i.e., calculations on a grouped encryption, using the "batching" technique in homomorphic encryption. "Batching" in homomorphic encryption, well known to those skilled in the art and described, for example, in the article "Fully Homomorphic SIMD Operations" by NP Smart and F. Vercauteren, available at https: / / eprint.ia cr.org / 2011 / 133.pdf, makes it possible to efficiently perform operations on the ciphertext vectors instead of carrying out "component-by-component" operations.
[0076] The methods of the invention described below apply with any type of homomorphic encryption scheme.
[0077] It should be noted that when calculations are carried out within the framework of a homomorphic encryption scheme, "blindly", the evaluation of a decision tree requires the exhaustive calculation of all the paths of the decision tree.
[0078] In the case of using component-by-component encryption, the vector [V] of encrypted data is written:
[0079] [Math.2] [V] ={[vn],
[0080] In the case of batch encryption using the "batching" technique for all components of the vector, the encrypted data vector is written as:
[0081] [Math.3] [V] = [vo -..,¾]
[0082] Server 6 includes a first execution environment 10 and a second secure execution environment 12.
[0083] The first execution environment 10 is controlled by the server 6.
[0084] The second execution environment 12 is a TEE (Trusted Execution Environment), isolated and secure. This second execution environment is physically executed by the server 6, but it is configured / controlled by the client: it contains secret information of the client 4, which is not accessible by other entities of the server 6, in particular by the first execution environment 10. The hardware and software implementation of a TEE in a computing system is known.
[0085] For example, the second secure execution environment 12 is implemented by secure enclaves, for example Intel® SGX enclaves.
[0086] Thanks to the separation of the two execution environments, different applications can be executed by the second execution environment 12, in an isolated and secure manner with respect to the first execution environment 10, which is the "standard" execution environment implemented by the server.
[0087] The use of a second secure execution environment 12 (or TEE 12) ensures the confidentiality of the data processed in the TEE 12, including when the server 6 adopts malicious behavior.
[0088] According to distinct embodiments, the first execution environment 10 and the second execution environment 12 are executed either on the same processor or on separate processors.
[0089] Thus, the first execution environment and the second execution environment are isolated, either physically and / or through separation schemes at the operating system level.
[0090] In the embodiment described with reference to [Fig. 1], the server 6 comprises a computing unit 16 consisting of one or more processors, an electronic memory unit 18, a communication unit 20, configured to communicate with the client 4.
[0091] The first execution environment 10 and the second secure execution environment 12 (or TEE 12) are configured to cooperate for the implementation of the encrypted data processing method from the client 4, using the homomorphic cryptography scheme 5.
[0092] In order to preserve the confidentiality of the client's data, the first execution environment 10 processes the client's data only in encrypted form and performs calculations "blindly" on the encrypted data using the homomorphic cryptography scheme 5. Advantageously, the second secure execution environment 12, which is controlled by the client, implements the private key Kpriv of the client 4 to perform a decryption of encrypted data from the client, which then allows calculations to be performed in plain text.
[0093] The encrypted data processing implements an evaluation of one or more decision trees 22, previously trained by machine learning for a specific task. The decision tree(s) 22 are part of the server data 6, maintained in the first execution environment 10.
[0094] In the following description, the case of evaluation on a decision tree 22 will be described, it being understood that the embodiments described below apply in a similar way to evaluation on a plurality of decision trees.
[0095] Preferably, according to embodiments described below, the decision tree(s) 22 are protected so that, when the TEE 12 adopts an "honest but curious" behavior, the TEE 12 cannot obtain information relating to the decision trees 22.
[0096] The encrypted data processing method includes a phase of comparing the components of the encrypted data vector to respective decision thresholds, each decision threshold being associated with a distinct node of the decision tree. The comparison phase is followed by a phase of traversing the decision tree 22 to provide an evaluation result [Res], this result being sent to the client in encrypted form, and then decrypted by the client.
[0097] The first execution environment 10 is configured to implement a module 30 for calculating an evaluation vector comprising ciphered components representing the difference between components of the ciphered data vector and decision threshold values, each threshold value being associated with a corresponding node.
[0098] The first execution environment 10 is configured to provide the evaluation vector to the TEE 12.
[0099] The TEE 12 implements a decryption module 32 and a module 34 for determining the sign of each component of the evaluation vector, and a module 36 for providing an encrypted sign vector. The encrypted sign vector is transmitted by the TEE 12 to the first execution environment 10.
[0100] The first execution environment 10 implements a module 38 for calculating an encrypted comparison vector, and a module 40 for calculating a result of traversing the decision tree 22 for the encrypted data vector [V] of client 4.
[0101] In one embodiment, modules 30, 32, 34, 36, 38, 40 are implemented in the form of software instructions forming a computer program, which, when executed by a programmable electronic device, implements a method for processing encrypted data as described.
[0102] In an alternative not shown, modules 30, 32, 34, 36, 38, 40 are each implemented as programmable logic components, such as FPGAs (Field Programmable Gate Arrays), microprocessors, GPGPUs (General-Purpose Processing on Graphics Processing) components, or dedicated integrated circuits, such as ASICs (Application-Specific Integrated Circuits).
[0103] The computer program comprising software instructions is further capable of being stored on a non-transient, computer-readable information storage medium. This computer-readable medium is, for example, a medium capable of storing electronic instructions and being connected to a bus of a computer system. By way of example, this medium is an optical disc, a magneto-optical disc, a ROM, a RAM, any type of non-volatile memory (e.g., EPROM, EEPROM, FLASH, NVRAM), a magnetic card, or an optical card.
[0104] The [Fig.4] is a flowchart of the main steps of a process for processing encrypted data according to one embodiment.
[0105] The process includes 100 steps performed by the first execution environment 10 of the server and 200 steps performed by the second secure execution environment 12 of the server.
[0106] Client 4 performs 50 encryption of data to be processed, using the client's Kpub public key, and provides a vector [V] of encrypted data to server 6.
[0107] In this first embodiment, the homomorphic encryption scheme used supports grouping or “batching”.
[0108] For example, the homomorphic encryption scheme is a BFV cryptosystem, (for "Bakerski-Fan-Vercauteren"), BGV (for "Bakerski-Gentry-Vaikuntanathan") or CKKS ("Cheon-Kim-Kim-Song"), these various types of cryptosystems being known in the field of homomorphic encryption.
[0109] As already explained, all computational operations implemented by the first execution environment 10 of server 6 are performed on encrypted data, without decryption, using the chosen homomorphic encryption scheme.
[0110] The first execution environment 10 receives a vector [V] of encrypted data to be evaluated by an evaluation tree 22, and implements a step 52 of calculating an evaluation vector on the binary decision tree.
[0111] In one embodiment, the binary decision tree has K nodes, K being the number of components of the vector [V] of encrypted data.
[0112] Each node Ni of the decision tree to be applied has an associated decision threshold value ti. The decision threshold values are the components of a vector T of decision thresholds: T = (
[0113] The decision threshold vector is in plain text, the decision threshold values being data from server 6.
[0114] During step 52, the first execution environment 10 implements a "ciphertext / plaintext" subtraction, allowing an encrypted difference vector to be obtained: [Math.4] •••' VÆ-1] • (A> •' ^ka) = ■■■^ka'^ka}
[0115] The resulting encrypted difference vector [Eshô] is a vector for evaluating the differences, node by node, between the encrypted components of the encrypted data vector and the decision threshold values of the decision tree.
[0116] Thus, if the component vk has a value greater than or equal to the decision threshold value tk, the difference component with index k of the difference vector is a positive real number or zero; if the component vk has a value strictly less than the decision threshold value tk, the difference Vk- tk, component with index k of the difference vector, is a negative real number.
[0117] Optionally, the first execution environment 10 implements a step 54 of multiplicative masking of the encrypted difference vector, by multiplying the encrypted difference vector obtained in step 52 by a masking vector. This preserves the confidentiality of the decision threshold values.
[0118] Alternatively, in applications where the client and the secure execution environment 12 are considered trustworthy and honest, step 54 of multiplicative masking of the encrypted difference vector may be omitted.
[0119] During masking step 54, a masking vector R of dimension K is generated, for example by pseudo-random sampling. The masking vector, or a vector comprising the signs of the masking vector, is stored in a memory unit accessible by the first execution environment. The masking vector R has non-zero real pseudo-random components q, of randomly positive or negative signs:
[0120] [Math.5] R = (¼
[0121] The encrypted difference vector is multiplied, component by component, by the masking vector R, and a masked difference vector is obtained:
[0122] [Math.6] = [rox (VO- / O), ...,rKix
[0123] The masked difference vector obtained at the end of the masking step 54 is a difference evaluation vector, comprising components representing the difference between the numerical components of the numerical data vector and the decision threshold values.
[0124] The evaluation vector obtained at the end of step 54 (or alternatively step 52) is transmitted to the second secure execution environment 12.
[0125] The second secure execution environment 12 implements a decryption 56 using the client's private key Kpriv and obtains a plaintext evaluation vector Ve:
[0126] [Math.7]
[0127] In the case where the masking step 54 has been implemented, the evaluation vector does not allow information to be inferred relating to the decision threshold values of the decision tree.
[0128] The second execution environment 12 determines 58 the sign of each component of the plaintext Veen evaluation vector. Advantageously, this determination operation is performed efficiently in plaintext, whereas sign determination in a homomorphic cryptosystem is complex.
[0129] Advantageously, in step 58 of determining the sign, a sign vector, each component of which is multiplied by a chosen constant factor, preferably equal to 0.5, is calculated:
[0130] [Math. 8] Vsign = (I x sgn (K;0), • • •, ix sgn ())
[0131] Where sgn(x) is the sign function:
[0132] [Math.9] sgn(x) = 1 if x > 0
[0133] sgn (x ) = -1 if x < 0
[0134] The sign vector Vsign obtained as a result of the determination step 58 is then encrypted, according to the homomorphic encryption scheme, with the public key Kpub of the client 4 in the encryption step 60, and then the encrypted sign vector [Vsign] is transmitted to the first execution environment 10.
[0135] When the masking step 54 has been implemented, the first execution environment 10 implements a step 62 of combining the ciphertext sign vector [VSign] received from the second secure execution environment with the masking vector R.
[0136] Combination 62 consists of a "ciphertext / plaintext" multiplication of the received ciphertext sign vector with the signs of the corresponding component of the vector of masking. The respective signs of the masking vector R are known by the first runtime environment, so they are used in plain text.
[0137] Thus, the random modification of the signs of the components of the difference vector, carried out in the masking step 52, is cancelled.
[0138] At the end of the combination step 62, an encrypted comparison vector is obtained:
[0139] [Math. 10] [^.”£«,0 x sign ( fq ), ..., Vsig / tK. ix sigf^r^
[0140] In an optional variant, when the masking step 54 has been omitted, the ciphertext comparison vector is the received ciphertext sign vector.
[0141] The first execution environment 10 then implements an additive adjustment step 64 in plaintext / ciphertext, consisting of adding the constant factor applied in step 58 by the second execution environment.
[0142] In the described embodiment, the constant factor applied is equal to 0.5:
[0143] [Math. 11] — if gn.0 sigH (Tq) + 2, • • •, signji-l SÎgfl (Fg.i) + 2]
[0144] The additive adjustment operation performed in step 64 makes it possible to obtain an encrypted comparison vector (which is the final result of the comparison phase), of which each component with a given index i represents the result of comparing the component with index i of the vector [V] of encrypted data to the decision threshold value ti of the node Ni:
[0145] [Math. 12] — [ ( ^0 — Ap ) ' • ■ ' ' ( ^K-1 ~ ? ) ]
[0146] The result of the comparison for each component is either a numbered 0 or a numbered 1:
[0147] [Math. 13] comp-finalk ~ [^k] — ^k^^k comp-final k~ [^jt] — Hl — ^k
[0148] The encrypted comparison vector has K components.
[0149] Steps 52 to 64 are part of the phase of comparing the components of the encrypted data vector to decision threshold values associated with the nodes of the decision tree.
[0150] The process then includes a phase 70 of traversing the decision tree according to the result of the comparison phase.
[0151] As the comparison phase, the traversal phase 70 is confidential, the steps implemented by the first execution environment 10 are carried out on encrypted data using the homomorphic encryption scheme.
[0152] In the first embodiment, the calculations are performed using the "batching" technique. The steps of the traversal phase are all implemented by the first execution environment.
[0153] The traversal phase 70 includes a step 65 of implementing homomorphic rotations to obtain, from the encrypted comparison vector of the shifted vectors, each vector shifted by a circular shift of j positions comprising K rearranged components: [ dj, ..., dg^, d^y. ..., d.
[0154] The implementation of homomorphic rotations in an FHE cryptosystem is well known to the person skilled in the art.
[0155] The traversal phase 70 further includes a step 66 of calculating a result vector per level of the decision tree from the offset vectors calculated by homomorphic rotation, each result vector per level having size M, M being the number of terminal nodes.
[0156] Referring to the example in [Fig.3], a result vector of size M=4 is associated with each level of the decision tree:
[0157] [Math. 14] ()]“ ^o] is the first-level result vector,
[0158] is the second-level result vector
[0159] The structure of the result vectors by level is generalizable to any number of levels.
[0160] In step 66, the result vectors per level of size M are calculated from the numerical values of the results of the comparison in each node, obtained in the previous step 65.
[0161] The path phase then includes a step 68 of calculating the decision vector.
[0162] Several embodiments of step 68 of calculating the decision vector are described below with reference to [Fig. 5]. In this figure, the dashed lines indicate alternatives.
[0163] In the first embodiment (branch A of [Fig.5]) the calculation step 68 is carried out by a homomorphic multiplication 75 of the level result vectors calculated in step 66.
[0164] The desired result corresponds to the path through the decision tree in which all comparisons are positive, or in other words, the values representative of the comparison of the component of the vector [V] of numerical data to the corresponding decision threshold value are all different from [0].
[0165] Multiplying the level result vectors calculated in step 66, component by component, yields a decision vector with only one non-zero component; such a result is also known as "1-hot encoding". The index of the non-zero component allows the corresponding leaf in the decision tree to be identified, and the evaluation result [Res] to be deduced.
[0166] For example, by referring to the decision tree shown in the figures 2 and 3, if for a vector of encrypted data [V]=[Vi,V2,V3], the comparison results obtained are: dü = 0, d. — 1, d2 = 1, the result vectors per level are respectively, by applying the formulas [MATH 14]:
[0167] [Math. 15] [Vr, 0] = [0,0, 1,1]
[0168] [Vr, 1] = [1,0, 1,0]
[0169] Multiplying these vectors gives the following result: [0,0, 1,0], which is the decision vector in this embodiment. Only the component with index 2 is equal to 1, the other components being equal to 0.
[0170] The result indicates the path C2 and the terminal node L2.
[0171] The encrypted result is transmitted to client 4, which decrypts it to obtain the decision of the evaluation of the vector [V] of encrypted data by the decision tree implemented by server 6.
[0172] In a second embodiment (branch B of [Fig.5]) and a third embodiment (branch C of [Fig.5]) the step of calculating the decision vector includes a homomorphic addition 72 of the result vectors by level.
[0173] A sum result vector is obtained:
[0174] [Math. 16] =Ez=0[v>J]
[0175] When each comparison result has the value 0 or the value 1 respectively, the sum result vector has a maximum value component, equal to the number D of depth levels.
[0176] For example, when the result vectors per level are those of the formula [MATH 15], the sum result vector obtained is:
[0177] [Math. 17] [VgJ=[1,0,2,1]
[0178] In the second embodiment, the calculation further comprises a functional bootstrapping step 74, a technique well known to man This relates to the field of homomorphic encryption, which allows for the conversion of encrypted content into encrypted content with reduced noise levels. Step 74 aims to replace the maximum value component of the sum result vector with the value [1], and all other values of the sum result vector components with [0], so as not to reveal additional information about the decision tree traversal.
[0179] The decision vector is obtained at the end of step 74.
[0180] In the third embodiment (branch C of [Fig.5]), the homomorphic addition step 72 is followed by a subtraction step 76 of the value D equal to the number of depth levels of each of the numbered components of the sum result vector.
[0181] For example, when the sum result vector is that of formula [MATH 17], the calculation performed in subtraction step 76 is:
[0182] [Math. 18] [ W«J = [ Vr^] -(2,2 2.2)= [ -1, -2.0, - 1]
[0183] The resulting vector from step 76 will contain one component equal to [0], indicating the result, the other components having negative values.
[0184] Next, a masking 78 analogous to the multiplicative masking by a random-valued vector R' previously described with reference to the masking step 54.
[0185] During masking 78, the vector R' is generated, with components of pseudo-random values of non-zero values and of randomly positive or negative signs.
[0186] In some embodiments, the vector R' is distinct from the masking vector R used for multiplicative masking in the masking step 54.
[0187] Multiplicative masking involves multiplying the components of the resulting vector from step 76 [Vres] by the components of vector R in plaintext / plaintext to form the decision vector in this embodiment. Multiplicative masking retains a component with index k equal to [0], indicating the index of the result.
[0188] The encrypted decision vector [Res], indicating the result of the decision, is transmitted to the client.
[0189] In the above description, the comparison phase of the encrypted data processing method is carried out by cooperation between the first execution environment and the second execution environment, and the decision tree traversal phase is carried out by the first execution environment.
[0190] According to a variant described with reference to [Fig. 6], the decision tree traversal phase is also performed cooperatively between the first and second execution environments. The steps that are executed in the manner described above, according to all alternatives, bear the same reference number and are not redescribed below.
[0191] In the embodiment of Figure 6, the second secure execution environment further implements a step 59 of calculation of rotations, in plain English, of the sign vector made explicit in [MATH 8], making it possible to obtain sign vectors by level.
[0192] Indeed, the sign vector has K components, equal respectively to 1 / 2 or -1 / 2, representing the signs of the components of the received evaluation vector, and more precisely corresponding to the signs of the masked components of the received evaluation vector.
[0193] Depending on the ranks of the components in the sign vector, and the number of levels of the decision tree, the sign vectors per level are calculated.
[0194] By way of example, in the case where D=2, the sign vectors obtained per level are respectively:
[0195] [Math. 19] V • n = (V • n. V • n. 1 - V • r» 1 - V ■ JF smvO \r sigWJ' f signib 1 r sign,v> 1 r signJj /
[0196] y. -(y. . yy. , y. -, iy. ' s_mvi \ * stgn,b 1 r sign,ï> r stgn,2> 1 r sign.l)
[0197] Each of the sign vectors per level is encrypted at the encryption step 60' and transmitted in encrypted form to the first execution environment.
[0198] The method then includes a combination 62' of each sign vector per ciphertext level received with the sign of the components of the masking vector R, and a step 64' of additive adjustment of each sign vector per level after masking.
[0199] The combination steps 62' and additive adjustment 64' are analogous to the combination steps 62 and additive adjustment 64, but adapted to the sign vectors by level.
[0200] At the end of the level adjustment step, the result vectors per level, numbered, analogous to the result vectors per level obtained at the end of step 66 of the first embodiment, are obtained at the end of step 64'.
[0201] The process then includes, in this second embodiment, step 68 of calculating a decision vector, carried out in a similar manner, according to all its variants, to the first embodiment.
[0202] The invention has been described above more specifically for a homomorphic encryption scheme supporting batching calculations.
[0203] Alternatively, within the grasp of a person skilled in the art, the processes described use a homomorphic encryption scheme in which the calculations are performed component by component. However, the calculations require more computational resources in this variant.
Claims
Demands
1. A method for processing encrypted data comprising evaluating a client's encrypted data vector by at least one decision tree (22) provided by a server (6), the client's encrypted data vector being of dimension K less than or equal to the number of nodes of said at least one decision tree, the evaluation of the encrypted data vector by at least one decision tree comprising a phase of comparing the components of the encrypted data vector to decision threshold values (t0, t1, t2) associated with the nodes (NO, NI, N2) of said at least one decision tree, and a phase of traversing the at least one decision tree (22) according to the result of the comparison phase, to obtain an encrypted decision result, the method being characterized in that it is implemented by said server (6) and comprises, in the comparison phase: by a first execution environment (10),implementing a homomorphic encryption scheme, a calculation (52, 54) of an evaluation vector, comprising encrypted components each representing a difference between a component of the encrypted data vector and a decision threshold value associated with a corresponding node of said at least one decision tree, provisioning the evaluation vector to a second execution environment (12) which is a secure execution environment, executed by said server but controlled by said client, by the second secure execution environment (12): -decryption (56), by applying a private key of said client, previously registered in the secure execution environment (12), of said evaluation vector, -determination (58) of the sign of each component of the decrypted evaluation vector and provisioning at least one encrypted sign vector resulting from said determination of the sign to said first execution environment (10).
2. A method according to claim 1, wherein the calculation of an evaluation vector comprises a calculation of a difference vector encrypted by encrypted subtraction between the encrypted data vector and a vector formed from said decision thresholds.
3. A method according to claim 2, wherein the calculation (52, 54) of an evaluation vector further comprises a multiplicative masking (54) of the difference vector encrypted by a masking vector.
4. Method according to claim 3, wherein said multiplicative masking (54) comprises a generation of the masking vector by pseudo-random drawing of K non-zero values and a multiplication of said encrypted difference vector and the masking vector, to obtain said evaluation vector.
5. A method according to claim 3 or 4, comprising, by the first execution environment (10), following the receipt of at least one ciphertext sign vector, a combination (62, 62') of the masking vector and each component of said ciphertext sign vector, to obtain a ciphertext comparison vector representative of the comparison of each component of the ciphertext data vector at the corresponding decision threshold.
6. A method according to any one of claims 1 to 5, wherein the determination (58) of the sign of each component of the evaluation vector decrypted by the second secure execution environment (12) further comprises a multiplication of each sign component by a chosen constant factor, preferably equal to 0.
5.
7. Method according to claim 6 further comprising, by the first execution environment (10), an additive adjustment (64, 64') consisting of adding said constant factor to each component of said cipher sign vector.
8. A method according to any one of claims 1 to 7, wherein the traversal phase of at least one decision tree is performed by the first secure execution environment, and comprises a calculation (65-66) of a result vector per level of the decision tree as a function of said at least one vector of ciphered signs.
9. Method according to claim 8 further comprising a calculation (68) of a decision vector as a function of the result vectors per level.
10. Method according to claim 9, wherein the calculation (68) of a decision vector involves a numerical multiplication (75), of the result vectors by level.
11. A method according to claim 9, wherein the calculation (68) of a decision vector comprises a numerical addition (72) of the vectors of result by level, to obtain a result vector sum of numbers.
12. A method according to claim 11, wherein the calculation (68) of a decision vector further comprises a priming step (74) applied to the result vector sum ciphered to obtain a decision vector comprising a single '1' indicating a terminal result node and '0's for the other terminal nodes of the decision tree.
13. A method according to claim 11, wherein the calculation (68) of a decision vector further comprises a subtraction step (76) of a predetermined value, equal to the number of depth levels of the decision tree, from each component of the result vector summed in digits, and a multiplicative masking step (78) of the vector resulting from said subtraction step, making it possible to obtain a decision vector comprising a single '0' indicating a result terminal node and random values for the other terminal nodes of the decision tree.
14. Computer program comprising software instructions which, when implemented by a programmable electronic device, implement a method for processing encrypted data in accordance with claims 1 to 13.
15. A system for processing encrypted data, comprising a client (4) and a server (6) providing at least one decision tree (22), the server (6) being configured to perform an evaluation of an encrypted data vector of a client (4) by the at least one decision tree (22), the encrypted data vector of the client being of dimension K less than or equal to the number of nodes of said at least one decision tree, the evaluation of the encrypted data vector by the at least one decision tree (22) comprising a phase of comparing the components of the encrypted data vector to decision threshold values (t0, t1, t2) associated with the nodes (NO, NI, N2) of said at least one decision tree (22), and a phase of traversing the at least one decision tree (22) according to the result of the comparison phase, to obtain an encrypted decision result,the system comprising a first execution environment (10) and a second secure execution environment (12), the system being characterized in that, during the comparison phase:, the first execution environment (10), is configured to implement a homomorphic encryption scheme, a module (30) for calculating an evaluation vector, comprising encrypted components each representing a difference between a component of the encrypted data vector and a decision threshold value associated with a corresponding node of said at least one decision tree, and for providing the evaluation vector to said second secure execution environment (20), executed by said server (6) but controlled by said client (4), the second secure execution environment (20) being configured to implement: -a decryption module (32), by applying a private key of said client, previously registered in the secure execution environment (20) of said evaluation vector, -a module (34) for determining the sign of each component of the decrypted evaluation vector and providing (36) a vector of encrypted signs resulting from said determination of the sign in said first execution environment.