Confidential computing-based method for customized balancing between security and performance of homomorphic encryption
Patent Information
- Authority / Receiving Office
- NL · NL
- Patent Type
- Patents
- Current Assignee / Owner
- NANHU LAB
- Filing Date
- 2025-01-09
- Publication Date
- 2026-06-12
AI Technical Summary
Existing homomorphic encryption technologies face challenges in achieving a practical balance between security and performance, with trusted execution environments (TEE) offering performance improvements but risking side-channel attacks and being hardware-dependent.
A confidential computing-based method that customizes security and performance by dividing computing tasks into multiple levels, allocating resources dynamically, and executing tasks within or outside the trusted execution environment based on user-defined parameters.
This approach allows users to tailor security and performance to their specific needs, optimizing performance while ensuring data security and mitigating side-channel risks.
Abstract
Description
l CONFIDENTIAL COMPUTING-BASED METHOD FOR CUSTOMIZED BALANCING BETWEEN SECURITY AND PERFORMANCE OF HOMOMORPHIC ENCRYPTION TECHNICAL FIELD
[0001] The present disclosure belongs to the technical eld of homomorphic encryption algorithms and condential computing, and in particular to a condential computing-based method for customized balancing between security and performance of homomorphic encryption BACKGROUND
[0002] Privacy computing or condential computing based on Central Processing Unit (CPU) level is one of the most advanced technologies emerging in the eld of information security in recent years, which refers to trusted execution environment of trusted computing base based on chip-level, is not controlled by system layer and kernel layer (that is, the data and operation in this secure environment can not be viewed, tampered with and controlled even with the highest administrative privilege of a computer system or kernel-level control right), thus ensuring the security of data privacy protection and the credibility of operation in the trusted execution environment. At present, the corresponding technologies include Intel Software Guard Extension (SGX), AMD Secure Encrypted Virtualization (SEV), ARM Condential Compute Architecture (V9CCA), etc. The condential computing technology has been widely used in general chips and integrated into general-purpose computers and servers in the market, such as Intel Xeon servers and HYGON third-generation servers. Therefore, the condential computing / privacy computing based on CPU level is based on the current general chips (such as Intel general-purpose chip based on Intel SGX technology). Meanwhile, the condential computing / privacy computing based on CPU level have two most important features as follows.
[0003] Homomorphic encryption (HE) is a special encryption technology, which allows to perform computing in an encrypted state and perform operation on the encrypted data without decrypting the data rst. This means that after the encrypted data is operated, the result of decryption is about to be matched with the result of the same operation on the original data. Homomorphic encryption not only protects privacy and security, but also allows the computing in a case of encrypted the data, which is of a great signicance in the elds of cloud computing and secure multi-party computing. The homomorphic encryption is of a great signicance for processing sensitive information and private data safely due to its support to the computing in the encrypted state.
[0004] However, the existing homomorphic computing cannot be truly implemented in the practical applications due to low performance. The trusted execution environment (TEE) technology can accelerate the computing of homomorphic computing technology, and greatly improve the performance of the homomorphic computing, and thus the homomorphic computing can be integrated with practical applications. However, the TEE technology may suffer side channel attack theoretically, and depends on hardware manufacturers. Therefore, there are security and performance considerations between the HE computing and TEE. SUMMARY
[0005] For the above problem, in order to optimize the performance of homomorphic encryption technology using condential computing technology, the present disclosure provides a condential computing-based method for customized balancing between security and performance of homomorphic encryption, thereby satisfying a personalized balance requirement of the user for the security and performance.
[0006] A condential computing-based method for customized balancing between security and performance of homomorphic encryption includes following steps:
[0007] receiving a computing task, a security custom parameter and a performance custom parameter, and encrypted computing data; customizing one of security and performance by a user based on corresponding one of the security custom parameter and the performance custom parameter;
[0008] when security customization is performed by the user, dividing computing data into a plurality of security levels according to the security custom parameter, and according to the security levels of data involved in computing, executing partial corresponding computing task outside a trusted execution environment, and executing partial computing task in the trusted execution environment;
[0009] when performance customization is performed by the user, dynamically allocating resources according to the performance custom parameter, executing partial computing task in the trusted execution environment, and partial computing task outside the trusted execution environment with a performance requirement customized by the user being satised; and
[0010] returning a computing result to a request side.
[0011] In the condential computing-based method for customized balancing between security and performance of homomorphic encryption, the encrypted computing data is divided into three security levels according to the security custom parameter, including plaintext data, sensitive data, and top-secret data.
[0012] The computing task includes multiple subtasks.
[0013] For a subtask involving only the plaintext data, plaintext computing is performed in plaintext form outside the trusted execution environment.
[0014] For a subtask involving the sensitive data but not the top-secret data, computing is performed in plaintext form in the trusted execution environment.
[0015] For a subtask involving the top-secret data, homomorphic encryption computing is performed outside the trusted execution environment.
[0016] In the condential computing-based method for customized balancing between security and performance of homomorphic encryption, when a computing data of a subtask does not involve the top-secret data, the trusted execution environment receives an encryption key of computing data of a current subtask and performs trusted sealing.
[0017] In the condential computing-based method for customized balancing between security and performance of homomorphic encryption, for the subtask involving the sensitive data but not the top-secrete data, a normal computing operation is performed outside the trusted execution environment by means of homomorphic encryption computing, and a denoising operation is performed in plaintext form in the trusted execution environment.
[0018] For the subtask involving the top-secret data, all operations are performed outside the trusted execution environment by means of homomorphic encryption computing.
[0019] The normal computing operation refers to other operations except a bootstrapping denoising operation. A nonlinear operation and the denoising operation have the greatest computing performance increases. Due to the limited TEE resource and high degree of condentiality involved in nonlinear operation, the normal computing operation is still performed in a normal environment, and the denoising operation is executed in the trusted execution environment. This way has the highest performance improvement and the least security inuence.
[0020] In the condential computing-based method for customized balancing between security and performance of homomorphic encryption, the method further includes following steps:
[0021] when the security customization is performed by the user, if the number of multiplications of the current subtask reaches a predetermined value, starting the denoising operation;
[0022] if the current subtask involves the sensitive data but not the top-secret data, upon starting the denoising operation, sending a latest computing result and / or corresponding computing data into the trusted execution environment for denoising, and then re-encrypting the computing result and / or corresponding data denoised for continuously performing homomorphic encryption computing outside the trusted execution environment;
[0023] if the current subtask involves the top-secret data, after starting the denoising operation, continuously performing the denoising operation of the homomorphic encryption computing outside the trusted execution environment; and
[0024] if the current subtask only involves the plaintext data, performing plaintext computing outside the trusted execution environment after sending the corresponding computing data into the trusted execution environment for decryption.
[0025] In the condential computing-based method for customized balancing between security and performance of homomorphic encryption, the trusted execution environment receives an encryption key of the computing data and performs trusted sealing. At this time, the performance customization is performed by the user, the encryption keys generated by a system for the subtasks may be the same or different encryption keys.
[0026] In the condential computing-based method for customized balancing between security and performance of homomorphic encryption, the performance custom parameters include a performance threshold, and resources are allocated dynamically through following ways:
[0027] acquiring multiple computing operators of a current computing task, where each subtask includes one or more computing operators;
[0028] acquiring a predetermined performance parameter table of the current computing task, where
[0029] the predetermined performance parameter table includes HE computation time, TEE computation time and computation time difference of each computing operator, the HE computation time and TEE computation time of each computing operator are obtained in advance by testing, which may be obtained by testing when a TEE homomorphic computing server is created, or obtained by testing in other stages, and in a word, the HE computation time and TEE computation time are obtained before the current computing task is started; and computation time difference is directly obtained by subtraction;
[0030] dynamically allocating resources according to the predetermined performance parameter table to generate a plurality of pre-allocation schemes, and determining an optimal allocation scheme according to a performance enhancement factor P of each pre-allocation scheme;
[0031] P = THE(MiSm) ; THE(MiSm)_T(MiSm)
[0032] where M ism denotes time consumption of a whole computing task of a corresponding allocation scheme, TH E (M ism) denotes time consumption of homomorphic encryption computing for the whole computing task, and T(M,-Sm) denotes time capable of saved by a corresponding pre-allocation scheme.
[0033] In the condential computing-based method for customized balancing between security and performance of homomorphic encryption, a performance enhancement factor P which is greater than or equal to the performance threshold and is the smallest among the plurality of pre- allocation schemes is selected, and the pre-allocation scheme corresponding to selected performance enhancement factor P is determined as a nal scheme.
[0034] Each corresponding computing operator is executed in one of the trusted execution environment and outside the trusted execution environment according to determined allocation scheme.
[0035] In the condential computing-based method for customized balancing between security and performance of homomorphic encryption, multiple pre-allocation schemes are generated through following ways.
[0036] Time consumption reduction of each computing operator of the current computing task is computed according to the predetermined performance parameter table.
[0037] The computing operators are arranged in a descending order according to the time consumption reduction to obtain an operator queue, and top Zx-Zy computing operators with biggest time consumption reduction are allocated into the trusted execution environment to obtain a pre-allocation scheme A, where Z has no special meaning, and denotes the computing operator; ZX and Zy denote a X'th computing operator and a y'th computing operator, respectively, and x and y may be determined according to an actual situation. For example, the X and y may be 1 and 2, respectively, that is, two computing operators with the biggest time consumption reduction are allocated, the x and y may be other numerical values, for example, X may also be 2, 3, 4, etc., y may also be 3, 4, 5, etc., and y is greater than X and less than the total number of computing operators, which is not specically limited here;
[0038] The performance enhancement factor P of the pre-allocation scheme A is computed, if the performance enhancement factor P of the pre-allocation scheme A is greater than the performance threshold, one computing operator is taken out from y-x+l computing operators among the top Zx- Zy computing operators arbitrarily or according to a predetermined rule to obtain a new pre- allocation scheme Bl, for example, if a ZXth computing operator is taken out, in the pre-allocation scheme Bl, the computing operators executed in the trusted execution environment include Z- Zy computing operators. If the performance enhancement factor P of the pre-allocation scheme A is less than the performance threshold at the moment, the pre-allocation scheme A is determined as the nal scheme. If the performance enhancement factor P of the new pre-allocation scheme Bl is greater than the performance threshold, one computing operation is continuously taken out from remaining computing operators of Zx-Zy computing operators arbitrarily or according to the predetermined rule to obtain a new pre-allocation scheme B2, and if the performance enhancement factor P of the new pre-allocation scheme Bl is less than the performance threshold at the moment, the new pre-allocation scheme Bl is determined as the nal scheme. If the performance enhancement factor P of the new pre-allocation scheme B2 is greater than the performance threshold, one computing operator is continuously taken out from the remaining computing operators of Zx'Zy computing operators arbitrarily or according to the set rule to obtain a new pre- allocation scheme B3 . . .., which is repeated in a same manner until the performance enhancement factor P of the latest pre-allocation scheme is less than or equal to the performance threshold In other words, the pre-allocation scheme A is set as a current pre-allocation scheme, steps of determining the performance enhancement factor P of the current pre-allocation scheme greater than the performance threshold, and taking out one computing operator to obtain a new pre- allocation scheme, and setting the new pre-allocation scheme as the current pre-allocation scheme are repeated until the performance enhancement factor P of the latest pre-allocation scheme is less than or equal to the performance threshold. If the performance enhancement factor P of the latest pre-allocation scheme is less than the performance threshold, a previous pre-allocation scheme of the latest pre-allocation scheme is determined as the nal scheme. If the performance enhancement factor P of the latest pre-allocation scheme is equal to the performance threshold, the latest pre- allocation scheme is determined as the nal scheme. The predetermined rule is determined by those skilled in the art, and thus will not be specically descried in detail here. For example, the computing operator with the biggest time consumption reduction or the least time consumption reduction can be taken out.
[0039] If the performance enhancement factor P of the current pre-allocation scheme is less than the performance threshold, the Zth computing operator or Zyll-th computing operator in the operator queue is taken out according to the predetermined rule and then allocated into the trusted execution environment to obtain a new pre-allocation scheme Cl, if the performance enhancement factor P of the new pre-allocation scheme Cl is still less than the performance threshold at the moment, a computing operator (at this time, the computing operator is the Zx-2'th or Zy-lZ-th computing operator in the operator queue) is continuously taken out according to the predetermined rule from both sides of the operator queue of the Zx-Zy computing operators to be allocated into the trusted execution environment to obtain a new pre-allocation scheme C2 which is repeated in a same manner. The computing operators are taken out from both sides of the operator queue of the Zx-Zy computing operators in turn until the performance enhancement factor P is greater than or equal to the performance threshold, and then the current pre-allocation scheme is used as the nal scheme. In other word, steps of determining the performance enhancement factor P of the current pre-allocation scheme less than the performance threshold, and taking out computing operators to obtain a new pre-allocation scheme, and setting the new pre-allocation scheme as the current pre-allocation scheme are repeated until the performance enhancement factor P of the latest pre-allocation scheme is greater than the performance threshold, and the latest pre-allocation scheme is determined the nal scheme.
[0040] If the performance enhancement factor P of the current pre-allocation scheme is less than or equal to the performance threshold, the pre-allocation scheme A is determined as the nal scheme.
[0041] In practical application scenarios, the pre-allocation scheme may also be generated in other ways and the corresponding pre-allocation scheme can be selected as the nal scheme. Preferably, the TEE resources are allocated in a way that an operator with bigger reduction in computation time T has higher priority, to gain TEE resources, and then multiple pre-allocation schemes are generated by combining the predetermined performance parameter table.
[0042] In the condential computing-based method for customized balancing between security and performance of homomorphic encryption, the method further includes following steps:
[0043] after receiving the encrypted computing data, if the homomorphic encryption computing is executed outside the trusted execution environment, using the encrypted computing data to participate in the homomorphic encryption computing;
[0044] if corresponding computing is executed in the trusted execution environment, decrypting, by the trusted execution environment, the corresponding computing data with an encryption key acquired in advance, and then performing plaintext computing;
[0045] receiving the computing data encrypted by a request side with the encryption key, and a required encryption key, where the encryption key cannot be provided to a TEE homomorphic computing server only when the security customization is performed by the user and the computing task involves the top-secret data;
[0046] generating an encryption key of each subtask by the request side for the subtask, where encryption keys of respective subtasks are one of same and different, when computing data of a certain subtask involves the top-secret data, the encryption key of the certain subtask is different from those of other subtasks; and
[0047] after the current computing task is completed, returning one or more encrypted computing results to the request side for decrypting by the request side with a corresponding encryption key or a private key of the corresponding encryption key, thus acquiring a plaintext computing result.
[0048] The present disclosure has the advantages that:
[0049] l. The idea of security and performance customization of homomorphic encryption computing is put forward, which, compared with a homomorphic encryption computing mode xed by the system in the prior art, can achieve the balance between security and performance customized by the user and meet the individual needs of the user.
[0050] 2. Two customization methods are provided, including security and performance, such that the user can customize the balance between security and performance with a focus on the security, or customize the balance between security and performance with a focus on the performance.
[0051] 3. When the security is focused on, a computing position and a mix of plaintext and ciphertext computing method of the corresponding operation are allocated according to the security level of the data, thus achieving the performance optimization effect under the premise of meeting the security requirements of the user.
[0052] 4. When the performance is focused on, the resources are dynamically allocated according to the user-dened performance threshold, the highest data security is ensured under the premise of meeting performance requirements, and the security and performance preferences of the user are satised.
[0053] 5. Through above means, a exible solution with security and performance capable of being customized by the user to satisfy the special security requirements or special performance requirements of the user is provided.
[0054] 6. According to the security level or performance requirements of data, the denoising operation is allocated, which not only denoises the homomorphic encryption computing process using the trusted execution environment, but also can ensure that the security and computing performance of the homomorphic encryption computing satisfy the needs of the user, including the security requirements of top-secret data and the performance requirements of the handling process of the whole computing task. BRIEF DESCRIPTION OF THE DRAWINGS
[0055] FIG. 1 is an implementation block diagram of the condential computing-based method for customized balancing between security and performance of homomorphic encryption according to the present disclosure;
[0056] FIG. 2 is a method ow chart of the condential computing-based method for customized balancing between security and performance of homomorphic encryption according to the present disclosure.
[0057] FIG. 3 is a ow chart of a method for balancing security and performance based on security customization in the condential computing-based method for customized balancing between security and performance of homomorphic encryption according to the present disclosure;
[0058] FIG. 4 is ow chart of a method for balancing security and performance based on performance customization in the condential computing-based method for customized balancing between security and performance of homomorphic encryption according to the present disclosure. DETAILED DESCRIPTION OF THE EMBODIMENTS
[0059] The present disclosure is further described in detail below with reference to accompanying drawings and specic embodiments.
[0060] As shown in FIG. l, this scheme provides a condential computing-based method for customized balancing between security and performance of homomorphic encryption, relating to a TEE homomorphic computing server. The TEE homomorphic computing server is mainly used to provide a homomorphic encryption computing service for a request side according to a request from the request side, while the homomorphic encryption computing service employs TEE as the means for performance improvement. However, in the process of improving the performance, because the TEE may suffer from side channel attack theoretically, it is necessary to sacrice some security. In general, the computing has the best performance when all placed in the TEE, but due to the possibility of the side channel attack, it is relatively the least secure. All homomorphic encryption operations are the safest, but the performance is also the worst. In this scheme, a concept of performance and security customization of homomorphic encryption is proposed, which provides a means for achieving resource allocation based on customization while providing a homomorphic encryption computing service with security and performance customization. The handling position of the computing task is specically coordinated according to the custom demands of the user, thus achieving the custom balance between security and performance in the homomorphic encryption computing.
[0061] Specically, in this embodiment, a request side executes the following steps:
[0062] generating or acquiring a computing task M isn{m1, m2, mg, , mn}, where M represents computing task, i=1, 2, 3...., k, and mi denotes the i'th subtask;
[0063] preparing computing data D iSn{d1r dz, d3, , dn} of the computing task, where i=1,2,3....n, and di denotes the i'th data set.
[0064] The execution of the subtask mi involves partial data in a data set D, it is assumed that d,- E D , di is the computing data of the subtask mi, which is expressed as ml- = f (dl-, crypttx, N muti)> where cryptítx denotes homomorphic computing encryption parameters of the i'th subtask, abbreviated as the HE encryption parameters, including any of these parameters (when the user selects security customization, the security level exists, and when the user performs performance customization, there is no security level), such as security level, ring dimension, layer budget, multiplication depth, bootstrapping depth, rotation index, etc. N muti represents the number of multiplications performed by this subtask, and the parameter decides the denoising operation of the homomorphic computing.
[0065] After the computing data and the computing task are prepared, the user describes the security and performance demands for the homomorphic encryption computing, as shown in FIG. 2, there are two options.
[0066] Option 1:
[0067] The user selects security customization, and gives a data security level table D(S) for the computing data, which is expressed as: Di.sk(sje[1,3]){d1(sj), d2(sj), d3(s,-), d(sjn, where i'=l,2,3, , k, and div represents the i"th data set.
[0068] Plaintext data $1: non-sensitive data, which supports the computing in the plaintext form.
[0069] Sensitive data S 2: sensitive data, which supports the denoising operation to be computed in the plaintext form in the TEE.
[0070] Top-secret data S 3: top-secret data, which only supports homomorphic computing in a ciphertext mode.
[0071] Option 2: the user selects the performance customization, and provides the least performance threshold. The TEE homomorphic computing server allocates resources according to the performance threshold and a predetermined performance parameter table. The predetermined performance parameter table is obtained by the TEE homomorphic computing server through standardized testing. The predetermined performance parameter table includes HE computation time, TEE computation time and reduction in computation time of each computing operator. One computing task includes multiple subtasks, and each subtask includes one or more computing operators. The division of the subtasks can be performed by the request side, that is, the request side provides a computing task composed of the subtask sets to the TEE homomorphic computing server. The HE computation time and TEE computation time of each computing operator are obtained by testing, and the time reduction is obtained directly by subtraction. An instance is provided in the following table:
[0072] Table 1 Predetermined performance parameter table Homomorphic HE computation TEE computation Reduction in computation time computing time THE time TTEE T operator Linear THE-(add) TTH-(add) TIM-(add) TTH-(add) addition Linear THE (mutt) TTEE (muti) THE (mutt) TTEE (muti) multiplication Relinearization THE(relinearize) TTEE (relinearize) THE(relinearize) TTEE (relinearize) Bitwise THE (rotate) TTEE (rotate) THE-(rotate) rotation TTEE(rotate) complex THE(CC) TTEE(CC) THE(CC) _ TTEE(CC) conjugate (only CKKS) Bootstrap THE(bootstrap) THE(bootstrap) THE (bootstrap) denoising THE(bootstrap) operation Nonlinear THE (nonlinear) TTEE (nonlinear) THE-(nonlinear) computing TTEE (nonlinear) task (e.g., comparison, taking the maximum value / taking the minimum value, etc.)
[0073] According to Table 1, the performance enhancement factor P of the pre-allocation scheme can be obtained through the following equation: THE (M ism)
[0074] P = THE(MiSm)_T(MiSm)
[0075] where M iSm denotes time consumption of the whole computing task of a corresponding pre-allocation scheme, THE (MiSm) denotes the time consumption when the whole computing task adopts homomorphic encryption computing, and T(MiSm) denotes time saved by the corresponding pre-allocation scheme.
[0076] The application scenario of this scheme is free of doing the work related to task scheduling, and the correlation and parallel handling of the computing tasks M(iín) are not considered here.
[0077] After the user completes the preparation of the computing task and the computing data, the TEE homomorphic computing server provides the user with homomorphic encryption computing services with customized balancing between security and performance through the following methods.
[0078] The user side sends the to-be-performed computing task M is k{m1, m2, mg, , mk} to the TEE homomorphic computing server in an encrypted transmission protocol (e.g., Transport Layer Security (TLS)). The TEE homomorphic computing server, after receiving the computing task M, initializes a homomorphic encrypted computing environment H E iCTX according to homomorphic computing encryption parameters cryptítx of the subtask, and then H E 2 is sent to the request side. The request side generates an encryption key sk,- according to the H E 2, and encrypt the computing data d,- involved in the task m,- with the sk,- to generate ciphertext C ,. Finally, the encrypted computing data is provided to the TEE homomorphic computing server. The request side may generate different encryption key for the computing data corresponding to each computing task, or generate the same encryption key. During the security customization, it is preferred that the request side generates different encryption keys for the computing data corresponding to the computing tasks.
[0079] The user side submits the security and performance customization parameters to the TEE homomorphic computing server.
[0080] As shown in FIG. 3, when the user performs the security customization, the computing data is divided into multiple security levels according to the security customization parameters, and according to the security level of data involved in computing, partial corresponding computing task is executed outside or in the trusted execution environment. In this embodiment, the data is divided into three security levels according to the security customization parameters, i.e., plaintext data, sensitive data, and top-secret data. In practical applications, the data is not limited to be divided to these three types, which may be divided into two or more types.
[0081] When the computing data di of the subtask mi does not involve the top-secret data, the trusted execution environment is enabled to receive the encryption key of the computing data of the current subtask and seal the encryption key in a trusted manner for later use.
[0082] For the subtask mi only involving the plaintext data, the computing data di is the plaintext data, which is not affected by the noise, and there is no need to perform denoising operation. The corresponding computing data can be subjected to plaintext computing outside the trusted execution environment after being sent into the trusted execution environment for decryption. At this time, if the computing result needs to be returned to the request side, the computing result can be directly returned to the request side, or can be returned to the request side after being encrypted in the trusted execution environment.
[0083] When the subtask involves the top-secret data or the sensitive data, the denoising operation is required. For the homomorphic encryption computing, the nonlinear operation and the denoising operation are the most expensive in computing performance, and due to the limited TEE resource and high degree of condentiality involved in nonlinear operation, in this embodiment, all operations for the sub-tasks involving the top-secret data are performed outside the trusted execution environment by means of homomorphic encryption computing. When the number of multiplications reaches a predetermined value and denoising is required, corresponding bootstrapping denoising operation is performed according to an algorithm function types Bost / Gentry / Vercauteren / Brakerski / Fan-Vercauteren (BGV / BFV), Cheon-Kim-KimSong (CKKS), Fully Homomorphic Encryption Algorithm / Fast Fully Homomorphic Encryption over the Torus (FHEW / TFHE), etc.) in H E 2.
[0084] For the subtask involving the sensitive data but not the top-secret data, the normal computing operation is performed outside the trusted execution environment by means of homomorphic encryption computing, and the denoising operation is performed in the trusted execution environment in the plaintext form. In this way, the performance is improved the most and the security impact is minimal. The specic implementation method is as follows:
[0085] If the number of multiplications of the current subtask reaches the predetermined value N u-, the denoising operation is started.
[0086] For the subtask mi involving the sensitive data but not the top-secret data, the computing data di includes sensitive data, and may also include plaintext data, but does not include top-secret data. The TEE is used for denoising. The latest computing result and / or corresponding computing data are / is sent into the trusted execution environment for being computed in the plaintext form by using the sealed key in the trusted execution environment, and are / is denoised and then re- encrypted to continue homomorphic encryption computing outside the trusted execution environment. The plaintext denoising performance in the TEE environment is three orders of magnitude higher than denoising operation in the homomorphic computing, which can greatly improve the operation efciency.
[0087] The above steps are repeated until the computing task M is completed, then the computed ciphertext (including the nal computing result, or the computing results of certain / some / all subtasks in the middle as required) is sent to the request side, and the TEE environment is informed that the computing task has been completed, and the sealed encryption key is synchronously destructed.
[0088] As shown in FIG. 4, when the user performs the performance customization, the resources are dynamically allocated according to the performance custom parameter, thus computing partial computing task in the trusted execution environment in the plaintext form and performing partial computing task outside the trusted execution environment by means of homomorphic encryption computing under the condition of meeting the custom performance requirements of the user. The performance custom parameters include a performance threshold, and the resources are dynamically allocated through the following modes:
[0089] acquiring multiple computing operators of the computing task;
[0090] acquiring a predetermined performance parameter table of the current computing task;
[0091] dynamically allocating the resources according to the predetermined performance parameter table to generate multiple pre-allocation schemes, and determining an optimal allocation scheme according to the performance enhancement factor P of each pre-allocation scheme;
[0092] selecting the performance enhancement factor P which is greater than or equal to the performance threshold and is the smallest among the multiple pre-allocation schemes, and determining a pre-allocation scheme corresponding to the performance enhancement factor P selected as a nal scheme; and
[0093] executing each corresponding computing operator in the trusted execution environment or outside the trusted execution environment according to the determined allocation scheme.
[0094] In the above allocation process, the TEE resources are allocated in a way that an operator with big reduction in computation time T has high priority, and then multiple pre-allocation schemes are generated by combining the predetermined performance parameter table. That is, the operator with small time consumption reduction T, such as a linear operation, is allocated to perform homomorphic encryption computing outside the trusted execution environment. Different pre-allocation schemes are acquired by adjusting an execution position of the operator with big time consumption reduction T, such as bootstrap denoising operation, nonlinear operation, and then different homomorphic computing operators are allocated with the computing environments (HE environment / TEE environment) according to the performance enhancement factor P of the pre-allocation scheme to form a computing task resource allocation table, as shown in Table 2. Only all operators with big time consumption reduction T still cannot meet the performance requirements when allocated to be executed in the TEE, it is considered to allocate the operators with small time consumption reduction T to the TEE to generate multiple pre-allocation schemes. Otherwise, the pre-allocation scheme with P which is the least and greater than the performance threshold is selected from multiple pre-allocation schemes in which only operators with the big time consumption reduction T is allocated in TEE.
[0095] Table 2 Computing resource task allocation table . __ ___ ___ __
[0096] When the TEE resource is enabled for the computing task, the users side sends the encryption key of the computing data to the TEE environment on the server side, and the encryption key is sealed in the TEE using the sealing (trusted sealing) technology for later use.
[0097] Similarly, after the computing task M is completed, the ciphertext obtained by computing (including the nal computing result, or the computing results of certain / some / all subtasks in the middle as required) is sent to the request side, and the TEE environment is informed that the computing task has been completed, and the sealed encryption key is destructed synchronously.
[0098] If the homomorphic encryption computing is performed outside the trusted execution environment, the encrypted computing data is used to participate in the homomorphic encryption computing. If the corresponding computing is executed in the trusted execution environment, the trusted execution environment performs plaintext computing after decrypting the required computing data with the encryption key acquired in advance.
[0099] If the computing of the current operator requires the computing results of one or more previous operators, the computing results of the corresponding one or more previous operators are also used as the computing data of the current operator. Taking Table 2 as an example, when subtask m1 is executed, a linear computing operator thereof performs homomorphic encryption computing outside the trusted execution environment, while a denoising operation and a nonlinear operation are performed in the trusted execution environment by means of plaintext computing. The computing data required by the denoising operation and the nonlinear operation can be sent to the TEE, and the computing data of the subtask can be directly sent into the TEE environment, and is decrypted for corresponding computing operation. If the computing result of the linear computing is needed, the computing result of the linear computing is also sent into the TEE as the computing data of the denoising operation and the nonlinear operation to be decrypted to participate in the following computing.
[0100] If the computing result that needs to be returned to the request side is obtained in the trusted execution environment, the computing result is encrypted with the corresponding encryption key in the trusted execution environment, and then returned to the request side. If the computing result is acquired outside the trusted execution environment through homomorphic encryption computing, the computing result can be directly returned to the request side. The request side uses a corresponding decryption algorithm to decrypt the computing result based on a corresponding encryption key or a private key of the encryption key. If it is the latter, the encryption key is a public key, or a public-private key pair formed by the public key and the private key.
[0101] It should be noted that this embodiment is only an example, and the scope of protection claimed by the present disclosure is not limited to the above example, but should be subject to the claims. For example, in the above example, the computing task is divided by the request side, and in a practical application, the computing task can also be divided by the TEE homomorphic computing server according to predetermined rules. For example, the above data security level is divided into three levels, and in a practical application, the data security level can also be divided into two or more levels. For example, in the above example, the computing result is encrypted by the encryption key of the request side, and the request side can directly use its own key for decryption. In a practical application, the computing result can be encrypted by the server using other keys, and then the decryption mode and / or the decryption key is provided to the request side through in some secure form. Even in the above example, the computing result is encrypted and transmitted to the request side. In a practical application, if only the data used in the computing has privacy requirements, but the result has no privacy requirements, the result can also be sent to the request side in plaintext, and so on.
[0102] Specic embodiments described in this embodiment are only illustrative of the spirit of the present disclosure. According to the present disclosure, those skilled in the art can make various modications or supplements to the described specic embodiments or replace them in a similar way, without departing from the spirit of the present disclosure or exceeding the scope dened in the appended claims.
Claims
1. Confidential IT-based method for the adjusted balance bridge the gap between security and performance of homomorphic encryption, including: receiving an IT task, a security adjustment parameter and a power adjustment parameter, and encrypted computer data; adjusting one of the safety and performance by a user based on a corresponding safety adjustment parameter and the power adjustment parameter; when the user performs the safety adjustment, distribute the IT data in a multitude of security levels according to the security adjustment parameter, and according to the security levels of the data involved in IT, performing partially corresponding IT task outside a reliable execution environment and perform partially corresponding IT task in the reliable execution environment; when the user performs the power adjustment, dynamic allocating resources according to the power adjustment parameter, performing partial corresponding IT task in the reliable execution environment and perform partial IT task outside the reliable execution environment with a capability requirement adjusted by the user who is satisfied; and returning an IT result to a requesting side.
2. A method according to claim 1, wherein the computer data is distributed are classified into three safety levels according to the safety adjustment parameter, containing full-text data, sensitive data and highly classified data; the computer task contains a multitude of sub-tasks; for a sub-task that only concerns the full text data, the full text computing is performed in full-text form outside the reliable execution environment; for a sub-task that relates to the sensitive data but not the highly confidential information, the treatment is carried out in full text form in the reliable execution environment; and for a sub-task involving the highly secret data, homomorphic encryption computing is performed outside the trusted execution environment.
3. Method according to claim 2, wherein when the computer data of a sub-task not involving highly classified information, the reliable execution environment an encryption key of the computer data of a current sub-task receives and performs reliable sealing.
4. Method according to claim 3, wherein for the sub-task that relates on sensitive data but not on top secret data, a normal IT operation is executed outside the trusted execution environment by means of homomorphic encryption computer science, and a denoising operation is performed in full text form in the reliable execution environment; and for the sub-task dealing with the highly classified data, all operations be executed outside the trusted execution environment using homomorphic encryption computer science.
5. The method of claim 4, further comprising the steps of: when the safety adjustment is performed by the user, if a number of multiplications of the current subtask reaches a predetermined value, a get rid of noise operation is started; if the current subtask contains sensitive data but not top secret data is concerned, when starting the noise removal operation, sending a final IT result and / or corresponding IT data in the reliable execution environment for denoising, and then re-encrypting the denoised stripped IT result and / or data for continuous execution of homomorphic encryption computer science outside the trusted execution environment; if the current sub-task involves highly classified information, after the starting the denoising operation, continuing to perform the denoising operation of homomorphic encryption computing outside the trusted execution environment; and if the current sub-task only concerns full text, execute full-text informatics outside the reliable execution environment after sending corresponding computer data into the trusted execution environment for decryption.
6. The method of claim 1, wherein the reliable execution environment receives an encryption key of the computer data and a reliable seal performs.
7. The method of claim 6, wherein the power adjustment parameter is a asset threshold, and resources are dynamically allocated along the following paths become: obtaining a multitude of IT operators from a current computer science task; obtain a predetermined power parameter table of the current computer science task, where the predetermined power parameter table homomorphic encryption (HE) computer science time contains, reliable execution environment (TEE) computer science time and calculation time difference of each computer operator; and dynamic resource allocation according to predetermined power parameter table to generate a multitude of pre-allocated schedules, and determine an optimal allocation scheme according to a power improvement factor P for each pre-assigned schedule; P : THE(MiSm) THE(Mi5m)T(Mi5m) ; Where M represents 15m of time consumed by a complete IT task of a according to allocation scheme, THE(M 15m) represents time consumption of homomorphic encryption computer science for the complete computer science task and T (M 15m) time shows able to to be saved with a corresponding pre-allocation scheme.
8. A method according to claim 7, wherein a power increase factor P which is greater than or equal to the power threshold and the smaller of which is below the multiple of pre- assigned schedules are selected, and the pre-assigned schedule that corresponds to the power increase factor P is determined as a final schedule; and each corresponding computer operator is executed in one of the reliable execution environment and outside the trusted execution environment according to the specific allocation scheme.
9. The method of claim 8, wherein a plurality of pre-assigned schemas are generated according to the following methods: reduction of IT time consumption of each IT operator of the current IT task according to the predetermined power parameter table; ordering the computer operators in descending order according to the computer science time consumption reductions to obtain an operator row, and assign top Zx-Zy IT operators with the greatest time consumption reduction in the reliable execution environment to obtain a pre-assigned schedule A; calculating the power increase factor P of the current pre-allocated scheme, if the power increase factor P is greater than the power threshold, random removing an IT operator from the top Zx'Zy IT operators or according to a predefined rule to obtain a new pre-assigned schedule Bl, and if the power increase factor P is less than the power threshold at that time, determining the pre-assigned schemeA as final scheme; otherwise, continue with random removal of an IT operator or according to the predetermined rule to create a new pre- To obtain the assigned scheme B2, repeat in the same manner until the power increase factor P is less than or equal to the power threshold; if the power increase is factor P is less than the power threshold, set a pre-assigned schedule in advance as a final schedule, and if the power increase factor P is equal to the power threshold, set the current pre-assigned schedule as the final schedule; if the asset increase factor P is less than the asset threshold, allocate of an IT operator from one of Z x-1 and Z y+l in the reliable execution environment to obtain a new pre-allocated schedule C1, and if the power increase factor If P is still less than the power threshold at that time, continue removing of one IT operator from both sides of the Zx-Zy IT operators of the operator row and allocating it in the reliable IT environment to create a new pre- To obtain the assigned scheme C2, repeat in a similar manner until the power increase factor P is greater than or equal to the power threshold, and setting the current pre- assigned schedule as final schedule; and if the power increase factor P is equal to the power threshold, determine that the pre-assigned schedule A is the final schedule. The method of claim 1, further comprising the steps of: after receiving the encrypted computer data, if the homomorphic encryption computing is performed outside the trusted execution environment, use making the encrypted computer data participate in the homomorphic encryption computer science; if a corresponding calculation is performed in the reliable execution environment, decrypt, by the trusted execution environment, of the corresponding computer data with a previously obtained encryption key, and then performing full-text IT; receiving the IT data encrypted by a requesting party with the encryption key, and a required encryption key, where encryption keys of respective sub-tasks are one of the same or various, when processing the data of a particular sub-task highly secret data contains, the encryption key of the given sub-task is different from that of the other sub-tasks; and after the current IT task is completed, return one or more encryption computer science results on the requesting side for decryption by the requesting party side with a corresponding encryption key or a private key of the corresponding encryption key thereby obtaining a full-text IT result. FIG. 1