Data processing method and apparatus, chip, medium, product, and electronic device

By integrating multiple plaintext data into a vector for encryption and using a rotation key and scaling factor for bootstrapping, the problems of increased noise and resource consumption in fully homomorphic encryption computation are solved, achieving efficient homomorphic encryption computation.

WO2026137898A1PCT designated stage Publication Date: 2026-07-02HUAWEI TECH CO LTD

Patent Information

Authority / Receiving Office
WO · WO
Patent Type
Applications
Current Assignee / Owner
HUAWEI TECH CO LTD
Filing Date
2025-08-14
Publication Date
2026-07-02

AI Technical Summary

Technical Problem

In fully homomorphic encryption computation, as the number of computations increases, the noise in the ciphertext gradually increases, leading to the problem that the computation result cannot be decrypted. Especially when the amount of data to be computed is large, the bootstrap operation consumes too much computing resources and is inefficient.

Method used

Multiple plaintext data are integrated into a plaintext vector for encryption. The ciphertext vector is then subjected to a bootstrap operation using a rotation key and a scaling factor to reduce noise and shrink the dimensionality, thus avoiding direct processing of individual plaintext data and improving the efficiency of the bootstrap operation.

Benefits of technology

This effectively reduces the noise value of the ciphertext vector, ensuring that the final result can be correctly decrypted, and improving the efficiency and accuracy of homomorphic encryption calculation.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN2025114777_02072026_PF_FP_ABST
    Figure CN2025114777_02072026_PF_FP_ABST
Patent Text Reader

Abstract

The present application is applied to the technical field of computers, and provides a data processing method and apparatus, a chip, a medium, a product, and an electronic device. The method comprises: for r pieces of plaintext data to undergo computation, generating an r-dimensional plaintext vector m, and encrypting the plaintext vector m to obtain a ciphertext vector c. A computing device can perform homomorphic encryption computation on the basis of the ciphertext vector c without the need to sequentially process individual pieces of plaintext data. Moreover, when the computing device performs the homomorphic encryption computation on the ciphertext vector c, a bootstrapping operation is further performed on the basis of a ciphertext vector ct and a bootstrap key BK, and a scaling factor is introduced into the process of the bootstrapping operation, such that a finally generated new ciphertext vector ct' has a reduced dimension. Thus, the present invention avoids the problem that directly performing a bootstrapping operation by using a ciphertext vector causes the updated ciphertext vector to have a large dimension, which in turn leads to an increased computational load for subsequent homomorphic encryption computation.
Need to check novelty before this filing date? Find Prior Art

Description

Data processing methods, devices, chips, media, products, and electronic equipment

[0001] This application claims priority to Chinese Patent Application No. 202411955909.2, filed on December 25, 2024, entitled “Data Processing Method, Apparatus, Chip, Medium, Product and Electronic Equipment”, the entire contents of which are incorporated herein by reference. Technical Field

[0002] This application relates to the field of computer technology, and more particularly to a data processing method, apparatus, chip, medium, product, and electronic device. Background Technology

[0003] Traditional encryption algorithms allow initial data to be transmitted and stored in ciphertext. However, during computation, the initial data must still be decrypted into plaintext before computation can be performed. Therefore, attackers can maliciously steal the initial data during computation. Fully homomorphic encryption (FHE), on the other hand, allows computation to be completed entirely in ciphertext; the input data, intermediate results, and final result are all ciphertext. Therefore, FHE allows users to complete computations using additional computing equipment while ensuring data security.

[0004] In fully homomorphic encryption computation, each computation adds noise to the ciphertext. As the number of computations increases, the noise grows larger, potentially leading to the inability to decrypt the result correctly. To mitigate this issue of increasing noise causing decryption failure, a bootstrapping operation can be employed to reduce ciphertext noise during computation. This bootstrapping operation involves using a bootstrap key to homomorphically decrypt intermediate results during computation. However, instead of directly obtaining the plaintext of the intermediate result, it yields a ciphertext with less noise. This less noisy intermediate result is identical to the original plaintext encrypted by that intermediate result, only with less noise. This less noisy intermediate result can then be used for subsequent computations.

[0005] However, when the amount of data to be calculated is large, the amount of ciphertext data to be operated on during the fully homomorphic encryption calculation process is also large. Therefore, during the calculation process, a large number of intermediate results need to be bootstrapping, which will occupy a lot of storage space and computing resources of the computing device. Summary of the Invention

[0006] In view of the above, this application provides a data processing method, apparatus, chip, medium, product, and electronic device.

[0007] In a first aspect, a data processing method is provided, comprising: obtaining a first ciphertext vector, wherein the first ciphertext vector is obtained by encrypting a plaintext vector using a first key under a first encryption method, and the plaintext vector contains at least one plaintext data; determining a second ciphertext vector generated after the first ciphertext vector has undergone T rounds of operations; determining a scaling factor based on a first modulus and a second modulus, wherein the first modulus is the modulus of the first ciphertext vector, the second modulus is the modulus of a rotation key, and the rotation key is obtained based on the first key; processing the second ciphertext vector into a third ciphertext vector based on the rotation key and the scaling factor, wherein the noise value of the third ciphertext vector is less than the noise value of the second ciphertext vector; and performing L rounds of operations based on the third ciphertext vector to generate a ciphertext result corresponding to the plaintext data after T+L rounds of operations, wherein L is a positive integer greater than T.

[0008] In the above scheme, the electronic device can aggregate the plaintext data to be computed into a plaintext vector, and then encrypt this plaintext vector to obtain a ciphertext vector. The computing device can then perform homomorphic encryption computation based on this ciphertext vector, without having to process individual plaintext data sequentially, thus improving the efficiency of homomorphic encryption computation.

[0009] During multi-round homomorphic ciphertext computation, as the noise value of the ciphertext vector gradually increases, electronic devices can perform a bootstrapping operation to reduce the noise value of the intermediate computation results' ciphertext vectors. Furthermore, to avoid the computational complexity and low efficiency of bootstrapping operations on large-dimensional ciphertext vectors, a scaling factor can be used to reduce the dimensionality of the ciphertext vector. This scaling factor is determined based on the first modulus of the ciphertext vector and the second modulus used in generating the bootstrapping key. Therefore, the ciphertext vector can be bootstrapping using a rotation key generated based on the first key and the scaling factor. This reduces the dimensionality of the ciphertext vector during the bootstrapping operation, improving its efficiency. The resulting updated ciphertext vector also has a lower dimensionality, further improving the efficiency of subsequent homomorphic encryption computations.

[0010] Furthermore, by bootstrapping the ciphertext vector using this method, a ciphertext vector with lower noise can be obtained. Subsequent homomorphic encryption calculations on this ciphertext vector also result in a ciphertext with lower noise, ensuring that the final ciphertext can be correctly decrypted into the corresponding plaintext.

[0011] In conjunction with the first aspect, in some implementations, the second ciphertext vector is processed into a third ciphertext vector based on the detection that the first noise value contained in the second ciphertext vector is greater than the noise threshold, and / or the number of rounds T after which the first ciphertext vector has been processed is greater than a preset number.

[0012] In the above scheme, the triggering condition for bootstrapping the intermediate result of homomorphic encryption computation can be that the noise value of the intermediate result is high, for example, greater than a noise threshold. Another triggering condition is that the number of rounds of homomorphic encryption computation has reached a preset number; for example, the electronic device can perform a bootstrapping operation after each round. This reduces the noise value of the ciphertext vector during homomorphic encryption computation, ensuring that the final ciphertext can be correctly decrypted into the corresponding plaintext.

[0013] In conjunction with the first aspect, in some implementations, the method further includes: determining a scaling factor based on the ratio of the first modulus to the second modulus.

[0014] In the above scheme, the scaling factor is determined based on the first modulus of the ciphertext vector and the second modulus used in generating the bootstrap key. Since the first modulus is usually smaller than the second modulus, the scaling factor is a value less than 1. Therefore, by using the scaling factor in the bootstrap operation, the dimensionality of the ciphertext vector can be reduced, the computational complexity decreased, the efficiency of the bootstrap operation improved, and the overall homomorphic encryption computation efficiency increased.

[0015] In conjunction with the first aspect, in some implementations, the method further includes: encrypting the first key using a second encryption method to obtain a bootstrap key, the second encryption method including a modulo operation based on a second modulus; and obtaining the public key corresponding to the first key; and generating a rotation key based on the bootstrap key, the public key, and preset polynomial coefficients.

[0016] In the above scheme, a rotation key can be obtained by encrypting the first key. The electronic device can then perform bootstrapping on the ciphertext vector based on the rotation key; this bootstrapping operation is a homomorphic decryption process. Since the homomorphic decryption process does not directly use the first key used to encrypt the ciphertext vector, but instead uses the rotation key processed from the first key, this decryption process does not directly yield the corresponding plaintext result, but rather a new ciphertext result with lower noise. This reduces the noise value of the ciphertext vector during the homomorphic encryption calculation, ensuring that the final ciphertext result can be correctly decrypted into the corresponding plaintext result.

[0017] In conjunction with the first aspect, in some implementations, the method further includes: performing a modulo operation based on the product of the rotation vector, rotation key, and scaling factor of the (i-1)th round to obtain the rotation vector of the i-th round, wherein the rotation vector of the i-th round is determined based on the second ciphertext vector and preset polynomial coefficients; selecting a target ciphertext vector corresponding to the output format of the first encryption method from the rotation vector of the n-th round, and determining a third ciphertext vector based on the target ciphertext vector, wherein i is a positive integer less than n, and n is the dimension of the first key.

[0018] In the above scheme, a bootstrapping operation can be performed based on the ciphertext vector to be bootstrapping (i.e., the second ciphertext vector), the rotation key, and the scaling factor. This results in a ciphertext vector with smaller dimensions and lower noise. This reduces the noise in the ciphertext vector during homomorphic encryption computation, ensuring the final ciphertext can be correctly decrypted into the corresponding plaintext, and also improves the efficiency of homomorphic encryption computation.

[0019] In conjunction with the first aspect, in some implementations, the method further includes: using the target ciphertext vector as the third ciphertext vector; or, adjusting the dimension of the target ciphertext vector to the dimension of the second ciphertext vector, and / or adjusting the modulus of the target ciphertext vector to the modulus of the second ciphertext vector to obtain the third ciphertext vector.

[0020] In the above scheme, after the electronic device obtains the ciphertext vector after the bootstrapping operation, it can adjust the format of the ciphertext vector, making its dimension and / or modulus consistent with the ciphertext vector. This ensures that the computing device can directly perform subsequent homomorphic encryption calculations on the ciphertext vector after the bootstrapping operation.

[0021] In conjunction with the first aspect, in some implementations, the first encryption method includes the Modular Learning with Error (MLWE) algorithm, and the second encryption method includes the Multimodal Fully Homomorphic Encryption (MGSW) algorithm.

[0022] Secondly, this application provides a data processing apparatus, comprising: an acquisition unit, a determination unit, a processing unit, and a generation unit. The acquisition unit acquires a first ciphertext vector, which is obtained by encrypting a plaintext vector using a first key under a first encryption method, and the plaintext vector contains at least one piece of plaintext data. The determination unit determines a second ciphertext vector generated after the first ciphertext vector undergoes T rounds of computation. The determination unit further determines a scaling factor based on a first modulus and a second modulus, wherein the first modulus is the modulus of the first ciphertext vector, and the second modulus is the modulus of a rotation key, which is obtained based on the first key. The processing unit further processes the second ciphertext vector into a third ciphertext vector based on the rotation key and the scaling factor, wherein the noise value of the third ciphertext vector is less than the noise value of the second ciphertext vector. The generation unit performs L rounds of computation based on the third ciphertext vector to generate a ciphertext result corresponding to the plaintext data after T+L rounds of computation, where L is a positive integer greater than T.

[0023] In conjunction with the second aspect, in some implementations, the processing unit is further configured to process the second ciphertext vector into a third ciphertext vector if the noise value of the second ciphertext vector is greater than a noise threshold and / or the number of rounds T of the first ciphertext vector being processed is greater than a preset number.

[0024] In conjunction with the second aspect, in some implementations, the determining unit is also used to determine the scaling factor based on the ratio of the first modulus and the second modulus.

[0025] In conjunction with the second aspect, in some implementations, the determining unit is further used to encrypt the first key using a second encryption method to obtain a bootstrap key, the second encryption method including a modulo operation based on a second modulus; the obtaining unit is further used to obtain the public key corresponding to the first key; and the generating unit is further used to generate a rotation key based on the bootstrap key, the public key, and preset polynomial coefficients.

[0026] In conjunction with the second aspect, in some implementations, the determining unit is further configured to perform a modulo operation based on the product of the rotation vector, rotation key, and scaling factor of the (i-1)th round to obtain the rotation vector of the i-th round, wherein the rotation vector of the 1st round is determined based on the second ciphertext vector and preset polynomial coefficients; the determining unit is further configured to select a target ciphertext vector corresponding to the output format of the first encryption method from the rotation vector of the nth round, and determine a third ciphertext vector based on the target ciphertext vector, wherein i is a positive integer less than n, and n is the dimension of the first key.

[0027] In conjunction with the second aspect, in some implementations, the determining unit is also used to use the target ciphertext vector as the third ciphertext vector; or, the determining unit is also used to adjust the dimension of the target ciphertext vector to the dimension of the second ciphertext vector, and / or adjust the modulus of the target ciphertext vector to the modulus of the second ciphertext vector to obtain the third ciphertext vector.

[0028] In conjunction with the second aspect, in some implementations, the first encryption method includes the Modular Learning with Error (MLWE) algorithm, and the second encryption method includes the Multimodal Fully Homomorphic Encryption (MGSW) algorithm.

[0029] Thirdly, this application provides a chip including a processor and a data interface, wherein the processor reads instructions stored in memory through the data interface to execute the method described in the first aspect.

[0030] Fourthly, this application provides an electronic device including a processor and a memory, the memory for storing instructions, and the processor for executing the instructions, wherein when the processor executes the instructions, it performs the method described in the first aspect.

[0031] Fifthly, this application provides a computer-readable storage medium storing instructions that, when executed on an electronic device, perform the method described in the first aspect.

[0032] In a sixth aspect, this application provides a computer program product including computer instructions, which, when executed by an electronic device, cause the electronic device to perform the method described in the first aspect. Attached Figure Description

[0033] To more clearly illustrate the technical solutions in the embodiments of this application, the accompanying drawings used in the description of the embodiments will be briefly introduced below.

[0034] Figure 1 is a schematic diagram of an application scenario of fully homomorphic encryption computation provided in an embodiment of this application;

[0035] Figure 2 is a schematic diagram of a fully homomorphic encryption computation process provided in an embodiment of this application;

[0036] Figure 3 is a schematic diagram of an application scenario of bootstrapping operation in fully homomorphic encryption computation provided by an embodiment of this application;

[0037] Figure 4 is a schematic diagram of the structure of a data processing system provided in an embodiment of this application;

[0038] Figure 5 is a flowchart illustrating a fully homomorphic encryption method provided in an embodiment of this application;

[0039] Figure 6 is a schematic diagram of the structure of a data processing device provided in an embodiment of this application;

[0040] Figure 7 is a schematic diagram of the structure of an electronic device provided in an embodiment of this application. Detailed Implementation

[0041] The illustrative embodiments of this application include, but are not limited to, data processing methods, apparatus, chips, media, products, and electronic devices.

[0042] First, the fully homomorphic encryption involved in the embodiments of this application will be introduced.

[0043] Fully homomorphic encryption is an encryption method that allows various computations to be performed on encrypted data. In this method, a user equipment (UE) can encrypt data and send it to a computing device for computation. The computing device can then perform encrypted computations based on the encrypted data, obtain encrypted results, and return these results to the UE. The UE then decrypts the encrypted results to obtain the final computation result.

[0044] For example, as shown in Figure 1, taking the user device as client 100 and the computing device as server 200, client 100 can generate a key and encrypt data based on the key to obtain encrypted data, which is then sent to server 200 via the network. After receiving the encrypted data, server 200 can perform calculations based on the encrypted data to obtain the encrypted calculation result (hereinafter referred to as ciphertext), and return the ciphertext to client 100. After receiving the ciphertext, client 100 decrypts the ciphertext based on the key to obtain the decrypted calculation result plaintext (hereinafter referred to as plaintext), which is the final calculation result. In this way, it can be ensured that server 200 performs encrypted calculations throughout the calculation process, and other devices cannot obtain the data content and corresponding calculation results sent by client 100 from server 200, thereby improving the privacy and security of data calculation.

[0045] Here, client 100 can refer to the client of the target application, which can be an application that can output calculation results based on user input data, such as query applications, identity verification applications, financial applications, shopping applications, game applications, social applications, interactive entertainment applications, etc. Optionally, the above-mentioned target application has encryption and decryption capabilities.

[0046] Client 100 can also be a terminal with the target application installed, such as an electronic device like a mobile phone, tablet, game console, multimedia playback device, personal computer (PC), or vehicle terminal.

[0047] Server 200 is the party providing fully homomorphic computing capabilities. For example, Server 200 can be a server providing data (such as knowledge data, product data, financial data, etc.) and / or computing power. Server 200 can also be a third-party platform, or a backend server for a third-party platform, etc. The third-party platform can be a platform for information retrieval, identity verification, cloud computing, etc., and the backend server can be a single server, a server cluster consisting of multiple servers, or a cloud computing service center. Server 200 can also have encryption and decryption capabilities.

[0048] In some examples, server 200 can also process multiple data simultaneously. For example, client 100 can send multiple data to be computed to server 200, or server 200 can receive and process data to be computed from multiple clients. For example, referring to the schematic diagram of fully homomorphic encryption shown in Figure 2, multiple initial plaintext data m1, m2, ... m... can be stored in the plaintext space (e.g., the storage space of client 100 mentioned above).n After encryption, the ciphertext data Enc(m1, m2, ... m) is obtained. n ), where n is a positive integer. In the ciphertext space (e.g., the storage space of the aforementioned server 200), for the ciphertext data Enc(m1, m2, ... m... n Perform specific ciphertext calculations to obtain the ciphertext Enc(f(m1, m2, ... m)). n Then, in the plaintext space, the resulting ciphertext Enc(f(m1, m2, ... m)) can be... n The plaintext result obtained after decryption is f(m1, m2, ... m). n ).

[0049] It should be understood that the plaintext f(m1, m2, ... m) obtained through fully homomorphic encryption computation n ), and directly access plaintext data m1, m2, ... m n The same calculation yields the result f(m1, m2, ... m). n The result is the same. That is, the result obtained by encrypting the data, performing operations on the encrypted data, and then decrypting it is the same as the result obtained by performing the same calculation operation without encrypting the data.

[0050] As mentioned earlier, fully homomorphic encryption computation may require multiple rounds of computation on the encrypted data. As the number of computations increases, the noise in the intermediate computation results also gradually increases. For example, as shown in Figure 3, if G rounds of computation are required on the data, where G is a positive integer, in the encrypted data Enc(m1, m2, ... m... n After the first F calculations, where F is a positive integer, the intermediate result Enc(f) is obtained. k (m1, m2, ... m n If the noise value of the intermediate result exceeds the noise threshold, and further calculations are performed on the intermediate result, the ciphertext result will be unable to be decrypted to obtain the correct plaintext result, resulting in an incorrect calculation result.

[0051] In some examples, the computing device can process the intermediate result Enc(f) k (m1, m2, ... m) n First, a bootstrapping operation is performed, using the bootstrapping key BK to process the intermediate result Enc(f). k (m1, m2, ... m n Homomorphic decryption is performed to obtain the homomorphically decrypted Enc(f) k '(m1, m2, ... m n It should be understood that Enc(f) k '(m1, m2, ... m nIt's still ciphertext, but the noise level is higher than Enc(f). k (m1, m2, ... m n The noise level is low. Then, the computing device further calculates based on Enc(f) k '(m1, m2, ... m n The subsequent GF calculations are performed to finally obtain Enc(f) L (m1, m2, ... m n Enc(f) L (m1, m2, ... m n Because the noise level is low, it can be decrypted into the corresponding plaintext result f. L (m1, m2, ... m n ).

[0052] However, when the amount of plaintext data to be calculated is large, the amount of ciphertext data is also large, i.e., m1, m2, ... m n The large value of n in the algorithm leads to the need for multiple rounds of computation for each ciphertext data. For each intermediate result of the ciphertext data, a corresponding bootstrap key may need to be generated, and the bootstrap operation on the intermediate result may be performed using this key. Since the bootstrap operation is complex and requires significant computing resources, performing numerous bootstrap operations reduces the efficiency of homomorphic encryption computation on the computing device.

[0053] Therefore, to address the problem of low efficiency in homomorphic encryption computation due to the large volume of plaintext data to be computed, this application provides a data processing method. For r plaintext data to be computed, an r-dimensional plaintext vector m can be generated, where r is a positive integer. This plaintext vector m is then encrypted to obtain a ciphertext vector c. The computing device can perform homomorphic encryption computation based on this ciphertext vector c, without needing to process individual plaintext data sequentially, thus improving computational efficiency. Furthermore, during the homomorphic encryption computation of the ciphertext vector c, the computing device will also perform homomorphic encryption computation based on the ciphertext vector c. t Perform a bootstrapping operation on the bootstrap key BK and the ciphertext vector c. t The ciphertext vector c with less noise is updated. t The computing device will generate a rotation key (EK) based on the bootstrap key after encryption, and use the rotation key EK and the ciphertext vector c. t Perform an outer product, introducing a scaling factor during the outer product process, so that the final generated new ciphertext vector c tThe dimension of ' is relatively small. Therefore, this avoids the problem of directly using a large-dimensional ciphertext vector for bootstrapping operations, which would result in a large-dimensional updated ciphertext vector and consequently increase the computational cost of subsequent homomorphic encryption. The computing device can also process the updated ciphertext vector c... t 'Perform subsequent calculations to obtain the ciphertext result, and return the ciphertext result to the user equipment. The user equipment uses the ciphertext vector c with lower noise as the basis for the calculation.' t 'It can decrypt to obtain the plaintext of the corresponding calculation result, ensuring the accuracy of the final calculation result.'

[0054] In some embodiments, the scaling factor is determined based on the modulus Q of the ciphertext vector c and the modulus T used in generating the bootstrap key. For example, the scaling factor can be the ratio Q / T of the modulus Q and the modulus T, where the modulus Q is less than the modulus T. Furthermore, the scaling factor is a positive number less than 1, such that when the ciphertext vector c is scaled according to the rotation key EK and the scaling factor... t During the update process, the ciphertext vector c can be reduced. t 'Dimension'.

[0055] In other embodiments, the ciphertext vector c corresponding to the plaintext vector m can be generated by the user equipment based on a module learning with errors (MLWE) algorithm. Furthermore, the modulus in the MLWE algorithm is Q, and the coefficients of the ciphertext vector c obtained by the user equipment are in the range [-Q / 2, Q / 2]. The bootstrap key can be obtained by the computing device based on a module gentry sahai water (MGSW) algorithm. Furthermore, the modulus in the MGSW algorithm is T.

[0056] In other embodiments, the computing device obtains the updated ciphertext vector c. t After that, the ciphertext vector c can also be processed. t Adjust the format of ' to change the ciphertext vector c t The dimension and / or modulus of ' are adjusted to match the ciphertext vector c. t Consistency. This ensures that the computing device can directly process the ciphertext vector c after the bootstrapping operation. t 'Perform subsequent homomorphic encryption calculations.'

[0057] In summary, the data processing method provided in this application allows for the homomorphic encryption computation and bootstrapping operation of multiple plaintext data sets within a single plaintext vector. This eliminates the need for separate homomorphic encryption processing of individual plaintext data, reducing the number of data read / write operations. Furthermore, the bootstrapping operation eliminates the need to generate a corresponding bootstrapping key for each intermediate result of the ciphertext data, improving the efficiency of the bootstrapping operation and consequently enhancing the overall efficiency of the homomorphic encryption computation.

[0058] Furthermore, since multiple plaintext data sets are aggregated into a single plaintext vector, the resulting ciphertext vector has a large dimension. During bootstrapping operations, a large ciphertext vector leads to high computational complexity when operations such as matrix multiplication are involved. Consequently, bootstrapping operations on large-dimensional ciphertext vectors are less efficient than those on smaller-dimensional ciphertext vectors. To further improve the efficiency of bootstrapping operations, the dimension of the ciphertext vector can be reduced by a scaling factor. This decreases the computational complexity of the bootstrapping operation and subsequent homomorphic encryption calculations, thereby increasing the processing efficiency of the bootstrapping operation and improving the overall efficiency of homomorphic encryption.

[0059] The data processing system provided in this application is described in detail below. This data processing system includes an encryption module 410, a homomorphic encryption calculation module 420, a bootstrap module 430, and a decryption module 440. The encryption module 410 and decryption module 440 can be configured in the aforementioned user equipment, and the homomorphic encryption calculation module 420 and bootstrap module 430 can be configured in the aforementioned computing equipment.

[0060] The encryption module 410 is used to generate an r-dimensional plaintext vector m based on the acquired r plaintext data to be calculated. Furthermore, the encryption module 410 also generates a secret key (sk) for encrypting the plaintext vector m, and encrypts the plaintext vector m using the secret key sk to obtain a ciphertext vector c.

[0061] The secret key can be generated based on a random number s and an identity matrix of dimension r. For example, the encryption module 410 generates the secret key sk using the algorithm KeyGen(1... λ This can include selecting a random number s←χ k×r And generating secret keys based on random numbers I is an identity matrix of dimension r, and k is the dimension of the ring.

[0062] In some embodiments, s can also be a ternary matrix, for example, s:=({-1,0,1}).

[0063] In other embodiments, the encryption module 410 can generate a ciphertext vector c according to the MLWE algorithm. Specifically, the encryption module 410 can encrypt the plaintext vector m by superimposing a small noise vector e on the plaintext vector m according to the secret key sk and the additional parameter t. The algorithm used by the encryption module 410 to encrypt the ciphertext vector can be... For details, please refer to the following formula (1).

[0064] The additional parameter t controls the magnitude of the noise superimposed during the encryption process. a is a uniform random vector; for example, a can be represented as... e is a small noise vector; for example, e can be represented as Furthermore, the obtained ciphertext vector c belongs to Its coefficient is in the interval [-Q / 2, Q / 2].

[0065] The encryption module 410 will also send the ciphertext vector c to the homomorphic encryption calculation module 420, which will then perform a series of homomorphic encryption calculations on the ciphertext vector c.

[0066] Because noise gradually increases during homomorphic encryption computation, the data processing system may also include a bootstrap module 430. The homomorphic encryption computation module 420 may send an instruction to the bootstrap module 430 to perform a bootstrap operation after each round of computation. Alternatively, the homomorphic encryption computation module 420 may send an instruction to the bootstrap module 430 to perform a bootstrap operation after a preset number of rounds.

[0067] In some embodiments, the data processing system may further include a noise detection module for detecting the magnitude of noise values ​​in the calculated intermediate results. For example, the noise detection module may detect the noise value of the intermediate results using a bootstrap (BTS) algorithm. When the noise value of the intermediate results exceeds a noise threshold, the noise detection module will send an instruction to the bootstrap module 430 to bootstrap the intermediate results, so that the bootstrap module 430 obtains updated intermediate results.

[0068] For example, the homomorphic encryption computation module 420 obtains an intermediate result (e.g., ciphertext vector c). t When the noise detection module detects the ciphertext vector c, t If the noise value is greater than the noise threshold, the bootstrap module 430 will process the ciphertext vector c. t Perform bootstrapping to obtain the ciphertext vector c. t '.

[0069] The following describes the bootstrap module 430 pairs of ciphertext vectors c. t The bootstrapping process is described below. The bootstrapping module 430 includes: a bootstrapping key generation unit 431, a blind rotation module 432, a sample extraction module 433, and a format conversion module 434.

[0070] The bootstrap key generation unit 431 generates each element s in the secret key vector s. i The corresponding bootstrap key is generated using the MGSW algorithm. The MGSW algorithm is based on each element s in the secret key vector s. iGiven a message vector m, a uniform random matrix A and a small noise vector E are sampled to generate a ciphertext matrix C. For example, the MGSW algorithm (MGSW.Enc) For more details, please refer to the following formula (2).

[0071] in, This means placing the message vector m on the diagonal of the matrix.

[0072] The bootstrap key can be represented as... n is the dimension of the secret key. During the generation of the bootstrap key, for BK... 0i If the value of the i-th component si of the secret key vector s is greater than 0, then BK 0i Encrypt the value 1. Otherwise, if the value of the i-th component si of the secret key vector s is less than or equal to 0, BK 0i Encrypt the value 1. For BK 1i If the i-th component s of the secret key vector s i If the value is less than 0, then BK 1i Encrypt the value 1. Otherwise, if the i-th component s of the secret key vector s i The value of BK is greater than 0. 1i Encrypt the value 0. For example, the bootstrap key. For more details, please refer to the following formula (3).

[0073] The blind rotation module 432 is used to generate a rotation key EK based on the bootstrap key, and to encrypt the ciphertext vector c based on the rotation key EK and the rotation amplitude a. t Perform blind rotation. This allows for the rotation of the ciphertext vector c without decrypting it. t In the case of ciphertext vector c t Perform a rotation operation. This will make the ciphertext vector c... t Rearrange or adjust the elements to reduce noise.

[0074] To facilitate the calculation of blind rotation operations, the ciphertext vector c t It can also be expressed in the form shown in formula (4) below.

[0075] Here, vector a is a common random vector whose elements are usually drawn from a finite field. The vector b is randomly selected from the data. It is calculated by taking the inner product (dot product) of vector a and the secret key vector s, and then adding the error vector e sampled from the small noise distribution and the scaling value of the plaintext vector m.

[0076] The blind rotation module 432 can perform rotation on the ciphertext vector c based on the rotation key EK and the rotation amplitude a.t Perform blind rotation, specifically including: for the bootstrap key calculate the corresponding rotation key EK for i from 1 to n respectively, where the rotation key EK can be obtained from the preset polynomial coefficient testv, the bootstrap key, and the public key G, and the public key G can be a key stored in both the user device and the computing device. For example, the preset polynomial coefficient testv can refer to the following formula (5), and the calculation method of the rotation key EK can specifically refer to the following formula (6).

[0077] Then, the blind rotation module 432 performs blind rotation on the ciphertext vector c t to obtain ACC i , where ACC0 can be obtained from the ciphertext vector ct and the preset polynomial coefficient testv. For example, it can specifically refer to the following formula (7). [[ID=​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​​After that, ACC can be n ACC is a result of blind rotation.

[0081] The sample extraction module 433 is used to extract vectors conforming to the standard LWE form from the blind rotation result ACC. The algorithm of the sample extraction module 433 is SampleExtract(c t ), used to input a ciphertext c t When ∈MLWE(a′), output a ciphertext c. t ′∈LWE(Round(z)), where Round is the LWE rounding in the decryption step. The vector extracted by the sample extraction module 433 can also be represented as (b0,a0). For example, the calculation method of (b0,a0) can also refer to the following formula (9).

[0082] The format conversion module 434 is used to adjust the dimension and / or modulus of the vector extracted by the sample extraction module 433 to match the ciphertext vector c. t With a consistent form, the ciphertext vector c is finally obtained. t The format conversion module 434 first converts (b0, a0) with Q. ks Multiply the ratios of / Q, then round the product and apply it to pattern Q. ks Take the modulus. For example, you can refer to the following formula (10).

[0083] Among them, Q ks This is the modulus of the KS key. The KS key can be used with the KeySwitch(c) key switching algorithm. t The KSK is calculated. For a given input with dimension k... N LWE ciphertext c t ∈LWE sk (m) and a key switching key KSK, its output is c t ′∈LWE s (m). For example, the format conversion module 434 can obtain (b′,a′) based on the following formula (11). (b′,a′)←KeySwitch((b,a),KSK) (11)

[0084] The format conversion module 434 then converts (b′, a′) with q / Q. ks Multiply the ratios, then round the product and take the modulus of the pattern q. For example, you can refer to the following formula (12).

[0085] The (b″, a″) obtained by the format conversion module 434 is the ciphertext vector c. tPerform bootstrapping to obtain the ciphertext vector c. t The format conversion module 434 will also convert the ciphertext vector c t 'Send to homomorphic encryption calculation module 420 for subsequent calculation.'

[0086] It should be understood that when the homomorphic encryption computation module 420 performs a computation on the ciphertext vector c... t During subsequent calculations, the bootstrap module 430 will also perform the aforementioned bootstrap operation after each round of homomorphic encryption calculation, or after each preset number of rounds, to update the intermediate results. For details, please refer to the relevant description of the bootstrap module 430 above; it will not be repeated here.

[0087] After the homomorphic encryption computation module 420 completes all calculations, the generated ciphertext result will be sent to the decryption module 440. The decryption module 440 can then decrypt the ciphertext result based on the secret key sk and the ciphertext result c. L Decryption yields the plaintext result.

[0088] For example, decryption module 440 for ciphertext result c L In the case of a matrix, the MGSW decryption algorithm can be used, based on the ciphertext result c. L Decrypt using the secret key sk, for example, you can refer to the following formula (13).

[0089] Among them, the decryption module 440 can decrypt c L Input the first column of C into MGSW.Dec(), and you can get the plaintext result.

[0090] For the ciphertext result c L In the case of a vector, the decryption module 440 can use the MLWE decryption algorithm, based on the ciphertext result c. L、 The secret key sk and the additional parameter t are used for decryption, for example, the following formula (14) can be referred to.

[0091] Among them, c L As the first column of C, then the plaintext result is obtained.

[0092] In summary, the data processing system provided in this application allows for the homomorphic encryption computation and bootstrapping operation of multiple plaintext data sets within a single plaintext vector. Furthermore, during the bootstrapping operation, to avoid low computational efficiency due to the large dimension of the ciphertext vector, a scaling factor is used to reduce the size of the ciphertext vector, thereby increasing the processing efficiency of the bootstrapping operation and improving the overall efficiency of the homomorphic encryption computation.

[0093] Furthermore, in the aforementioned data processing system, since for all j∈{0,1} and i∈[1,n], BK ji Each coefficient of the error term is an independent sub-Gaussian distribution with the same parameter r, and the key switching algorithm KeySwitch(c t The error term r of KSK) ks Since the distribution is also subgaussian, the final output of the homomorphic encryption computation after the bootstrapping operation belongs to LWE4(m), and the error term is e. BTS Each of its coefficients follows a sub-Gaussian distribution. Each system has the same parameters less than... Where r1: 3n + 2knN + 12 + 8kNn 2 r2: r3: r4: 2πn+3. This means that the final calculation result has a small error, allowing the ciphertext result to be correctly decrypted into the corresponding plaintext calculation result.

[0094] The following describes a data processing method provided in this application. This data processing method can be applied to user equipment and computing devices. For example, the user equipment can be a client 100 as shown in Figure 1, and the computing device can be a server 200 as shown in Figure 1. As shown in Figure 5, the data processing method includes:

[0095] S501: The user equipment generates a ciphertext vector c based on at least one plaintext data to be computed.

[0096] After acquiring multiple data points to be computed, the user equipment (UE) can generate a plaintext vector m based on these data points. The UE also generates a secret key sk to encrypt the plaintext vector m, and then encrypts the plaintext vector m using the secret key sk to obtain a ciphertext vector c. Furthermore, the UE stores the secret key sk for subsequent decryption of the ciphertext result.

[0097] Optionally, the user equipment can generate the ciphertext vector c according to the MLWE algorithm. For details, please refer to the aforementioned description of the encryption module 410, which will not be repeated here.

[0098] S502: The user equipment sends the ciphertext vector c to the computing device.

[0099] User equipment can send the ciphertext vector c to the computing device based on the network connection between the user equipment and the computing device.

[0100] S503: The computing device performs homomorphic encryption computation based on the ciphertext vector c.

[0101] The computing device can process the ciphertext vector c according to the tasks required by the user device. To ensure that other devices cannot steal the plaintext data provided by the user device from the computing device, the computing device will use homomorphic encryption to compute the ciphertext vector. That is to say, the intermediate results and the output results generated by the computing device during the computation process are all in ciphertext form.

[0102] S504: The computing device, based on the detection of a preset condition, processes the ciphertext vector c. t Perform a bootstrapping operation to generate the updated ciphertext vector c. t '.

[0103] Because the noise in the computation results gradually increases during homomorphic encryption, the computing device can perform a bootstrapping operation after each round of computation, or after a preset number of rounds. Alternatively, the computing device can also detect the noise value of the intermediate results obtained from the computation, and perform a bootstrapping operation to reduce the noise value of the intermediate results when the noise value of the intermediate results exceeds a noise threshold. The computing device's ciphertext vector c t Perform a bootstrapping operation, including generating a bootstrapping key BK, generating a rotation key EK based on the bootstrapping key BK, and using the rotation key EK to process the ciphertext vector c. t Perform blind rotation, extract the ciphertext vector conforming to the LWE format from the result of the blind rotation, and finally obtain the new ciphertext vector c. t It should be understood that the new ciphertext vector c t The noise is lower after blind rotation, which is beneficial for decoding the final ciphertext result.

[0104] The computing device base uses a rotation key EK and a ciphertext vector c. t Blind rotation is performed by taking an outer product, and a scaling factor is introduced during the outer product process to ensure that the final generated ciphertext vector c t The dimension of ' is relatively small. This scaling factor is determined based on the modulus Q of the ciphertext vector c and the modulus T used in the process of generating the bootstrap key.

[0105] In some embodiments, the computing device obtains the updated ciphertext vector c t After that, the ciphertext vector c can also be processed. t Adjust the format of ' to change the ciphertext vector c t The dimension and / or modulus of ' are adjusted to match the ciphertext vector c. t Consistent.

[0106] For details, please refer to the aforementioned description of the bootstrap module 430, which will not be repeated here.

[0107] S505: The computing device is based on the updated ciphertext vector c t', then perform subsequent homomorphic encryption calculations to obtain the ciphertext result c. L .

[0108] The computing device processes the ciphertext vector c t After reducing the noise, the subsequent homomorphic encryption computation will continue. It should be understood that in subsequent rounds of homomorphic encryption computation, if the computing device detects that the noise value of the intermediate result is greater than the noise threshold, the computing device can also perform a bootstrapping operation on the intermediate result to reduce the noise of the intermediate result.

[0109] S506: The computing device will encrypt the result c L Returned to the user device.

[0110] S507: User equipment based on ciphertext result c L The calculation result is obtained by decryption.

[0111] The user equipment is based on the received ciphertext result c L And the secret key sk generated in S501, decrypted to obtain the ciphertext result c. L The corresponding plaintext result is the final calculation result.

[0112] In summary, the data processing method provided in this application allows for the homomorphic encryption computation and bootstrapping operation to be performed on a single plaintext vector from multiple plaintext data sets. Furthermore, during the bootstrapping operation, to avoid the computational inefficiency caused by a large ciphertext vector dimension, the size of the ciphertext vector is reduced using a scaling factor. This results in higher processing efficiency for the bootstrapping operation and improves the overall efficiency of the homomorphic encryption computation.

[0113] The following describes a method for implementing the above-described S504 or bootstrap module 430 in some embodiments. This method employs a homomorphic NAND gate, where the output of the homomorphic NAND is the negation of the logical AND of the two inputs. Furthermore, a homomorphic NAND output LWE2(NAND(m1,m2)) can be obtained by homomorphically adding two ciphertexts LWE4(m1) and LWE4(m2) modulo q. Additionally, if the norm of the error between the two input LWEs is constrained to... The norm of the output LWE error is then constrained to...

[0114] Furthermore, for a homomorphic NAND gate, two PVW08 LWE ciphertexts ct1∈LWE can be input. 4 (m1) and ct2∈LWE 4 (m2), the c of the two ciphertext vector outputs is obtained through the following formula (15). t For details, please refer to the following formula (15).

[0115] Then for c t To perform bootstrapping, enter the bootstrapping key. And the key switching key KSK, can be used to obtain the bootstrapping result ct = BTS(ct, [BK 0i BK 1i ],KSK).

[0116] In this way, logic gate operations (such as NAND gates) can be implemented in homomorphic encryption systems, and the availability of ciphertext can be maintained through bootstrapping operations, enabling more computational tasks to be performed in the encrypted state.

[0117] The following describes a data processing apparatus provided in an embodiment of this application. As shown in FIG6, the data processing apparatus 600 includes an acquisition unit 610, a determination unit 620, a processing unit 630, and a generation unit 640.

[0118] The acquisition unit 610 is used to acquire a first ciphertext vector, which is obtained by encrypting a plaintext vector using a first key under a first encryption method. The plaintext vector contains at least one plaintext data.

[0119] The determining unit 620 is used to determine the second ciphertext vector generated after the first ciphertext vector has undergone T rounds of operation; the determining unit 620 is also used to determine the scaling factor based on the first modulus and the second modulus, the first modulus being the modulus of the first ciphertext vector, the second modulus being the modulus of the rotation key, and the rotation key being obtained based on the first key.

[0120] The processing unit 630 is also used to process the second ciphertext vector into a third ciphertext vector based on the rotation key and the scaling factor, wherein the noise value of the third ciphertext vector is less than the noise value of the second ciphertext vector.

[0121] The generation unit 640 is used to perform L rounds of operations based on the third ciphertext vector to generate the ciphertext result corresponding to the plaintext data after T+L rounds of operations, where L is a positive integer greater than T.

[0122] In some embodiments, the processing unit 630 is further configured to process the second ciphertext vector into a third ciphertext vector based on the detection that the noise value of the second ciphertext vector is greater than a noise threshold, and / or the number of rounds T after which the first ciphertext vector has been processed is greater than a preset number.

[0123] In other embodiments, the determining unit 620 is further configured to determine a scaling factor based on the ratio of the first modulus to the second modulus.

[0124] In other embodiments, the determining unit 620 is further configured to encrypt the first key using a second encryption method to obtain a bootstrap key, the second encryption method including a modulo operation based on a second modulus. The obtaining unit 610 is further configured to obtain the public key corresponding to the first key. The generating unit 640 is further configured to generate a rotation key based on the bootstrap key, the public key, and preset polynomial coefficients.

[0125] In other embodiments, the determining unit 620 is further configured to perform a modulo operation based on the product of the rotation vector, rotation key, and scaling factor of the (i-1)th round to obtain the rotation vector of the i-th round, wherein the rotation vector of the i-th round is determined based on the second ciphertext vector and preset polynomial coefficients. The determining unit 620 is further configured to select a target ciphertext vector corresponding to the output format of the first encryption method from the rotation vector of the n-th round, and to determine a third ciphertext vector based on the target ciphertext vector, wherein i is a positive integer less than n, and n is the dimension of the first key.

[0126] In some other embodiments, the determining unit 620 is further configured to use the target ciphertext vector as the third ciphertext vector; or, the determining unit 620 is further configured to adjust the dimension of the target ciphertext vector to the dimension of the second ciphertext vector, and / or adjust the modulus of the target ciphertext vector to the modulus of the second ciphertext vector to obtain the third ciphertext vector.

[0127] In other embodiments, the first encryption method includes the Modular Learning with Error (MLWE) algorithm, and the second encryption method includes the Multimodal Fully Homomorphic Encryption (MGSW) algorithm.

[0128] In summary, the data processing apparatus 600 provided in this application can perform homomorphic encryption computation and bootstrapping operations on multiple plaintext data sets within a single plaintext vector. Furthermore, during the bootstrapping operation, the size of the ciphertext vector is reduced by a scaling factor, thereby increasing the processing efficiency of the bootstrapping operation and improving the overall efficiency of the homomorphic encryption computation.

[0129] The methods of the embodiments of this application have been described in detail above. In order to facilitate better implementation of the above-described solutions of the embodiments of this application, relevant equipment for cooperating in implementing the above solutions is also provided below.

[0130] Figure 7 is a schematic diagram of the structure of an electronic device 700 provided in this application. The electronic device 700 can be a user device (e.g., client 100) or a computing device (e.g., server 200) as described above. As shown in Figure 7, the electronic device 700 includes a processor 710, a communication interface 720, and a memory 730. The processor 710, communication interface 720, and memory 730 can be interconnected via an internal bus 740, or they can communicate via wireless transmission or other means. This embodiment of the application takes the connection via bus 740 as an example. Bus 740 can be a peripheral component interconnect express (PCIe) bus, or an extended industry standard architecture (EISA) bus, a unified bus (Ubus or UB), a compute express link (CXL), a cache coherent interconnect for accelerators (CCIX), etc. Bus 740 can be divided into an address bus, a data bus, a control bus, etc. In addition to the data bus, bus 740 can also include a power bus, a control bus, and a status signal bus. However, for clarity, all buses are labeled as bus 740 in the diagram.

[0131] Processor 710 may consist of at least one general-purpose processor, such as a central processing unit (CPU), or a combination of a CPU and hardware chips. The aforementioned hardware chips may be application-specific integrated circuits (ASICs), programmable logic devices (PLDs), or combinations thereof. The aforementioned PLDs may be complex programmable logic devices (CPLDs), field-programmable gate arrays (FPGAs), generic array logic (GALs), or any combination thereof. Processor 710 executes various types of digital storage instructions, such as digital storage instructions in software or firmware stored in memory 730, enabling electronic device 700 to provide a variety of services.

[0132] The memory 730 is used to store program code, which is controlled by the processor 710 to execute the processing steps of the data processing method in the above embodiments. The program code may include one or more software modules, which may be the software modules provided in the embodiment of FIG4, such as the encryption module 410, the homomorphic encryption calculation module 420, the bootstrap module 430, and the decryption module 440.

[0133] The memory 730 may include volatile memory, such as random access memory (RAM); the memory 730 may also include non-volatile memory (NVM), such as read-only memory (ROM), flash memory, hard disk drive (HDD), or solid-state drive (SSD); the memory 730 may also include combinations of the above types. The memory 730 may store program code, specifically executing steps S501-S507 and their optional steps in the embodiment of FIG5, which will not be described in detail here.

[0134] The communication interface 720 can be an internal interface (such as a high-speed serial computer expansion bus), a wired interface (such as an Ethernet interface), or a wireless interface (such as a cellular network interface or a wireless LAN interface) for communicating with other devices or modules.

[0135] It should be noted that Figure 7 is merely one possible implementation of an embodiment of this application. In practical applications, the electronic device 700 may include more or fewer components, which is not limited here. For content not shown or described in the embodiments of this application, please refer to the relevant descriptions in the aforementioned embodiment of Figure 5, which will not be repeated here.

[0136] It should be understood that this embodiment can be implemented using a general-purpose physical server, such as an ARM server or an x86 server, or it can be implemented using a virtual machine based on a general-purpose physical server combined with NFV technology. A virtual machine refers to a complete computer system with complete hardware system functions simulated by software and running in a completely isolated environment. This application does not make any specific limitations.

[0137] The electronic device 700 shown in Figure 7 can also be a computer cluster consisting of at least one server, which is not specifically limited in this application.

[0138] This application also provides a computer-readable storage medium storing instructions that, when executed on a processor, implement the method flow shown in FIG5. In some embodiments, the computer-readable storage medium may be a non-transitory computer-readable storage medium, which may include non-volatile media such as ROM, or certain volatile media such as some RAM.

[0139] This application also provides a computer program product, in which the method flow shown in FIG5 is implemented when the computer program product is run on a processor.

[0140] This application embodiment also provides a chip, which includes a processor and a data interface. The processor reads instructions stored in the memory through the data interface to execute the method flow shown in FIG5.

[0141] The above embodiments can be implemented, in whole or in part, by software, hardware, firmware, or any other combination thereof. When implemented using software, the above embodiments can be implemented, in whole or in part, as a computer program product. A computer program product includes one or more computer instructions. When the computer program instructions are loaded or executed on a computer, all or part of the flow or function according to the embodiments of the present invention is generated. The computer can be a general-purpose computer, a special-purpose computer, a computer network, or other programmable device. The computer instructions can be stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another. For example, computer instructions can be transmitted from one website, computer, server, or data center to another website, computer, server, or data center via wired (e.g., coaxial cable, fiber optic, digital subscriber line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.) means. The computer-readable storage medium can be any available medium that a computer can access or a data storage device such as a server or data center that includes one or more sets of available media. The available media can be magnetic media (e.g., floppy disks, hard disks, magnetic tapes), optical media (e.g., high-density digital video discs (DVDs), or semiconductor media. The semiconductor media can be an SSD.

[0142] The above are merely specific embodiments of the present invention, but the scope of protection of the present invention is not limited thereto. Any person skilled in the art can easily conceive of various equivalent modifications or substitutions within the technical scope disclosed in the present invention, and such modifications or substitutions should be covered within the scope of protection of the present invention.

Claims

1. A data processing method, characterized in that, The method includes: Obtain a first ciphertext vector, which is obtained by encrypting a plaintext vector using a first key under a first encryption method, and the plaintext vector contains at least one plaintext data. Determine the second ciphertext vector generated after the first ciphertext vector has undergone T rounds of computation; The scaling factor is determined based on a first modulus and a second modulus, wherein the first modulus is the modulus of the first ciphertext vector, and the second modulus is the modulus of the rotation key, which is obtained based on the first key; Based on the rotation key and the scaling factor, the second ciphertext vector is processed into a third ciphertext vector, and the noise value of the third ciphertext vector is less than the noise value of the second ciphertext vector. Based on the third ciphertext vector, L rounds of operations are performed to generate the ciphertext result corresponding to the plaintext data after T+L rounds of operations, where L is a positive integer greater than T.

2. The method according to claim 1, characterized in that, The step of processing the second ciphertext vector into a third ciphertext vector includes: Based on the detection that the noise value of the second ciphertext vector is greater than the noise threshold, and / or the number of rounds T after which the first ciphertext vector has been processed is greater than a preset number, the second ciphertext vector is processed into the third ciphertext vector.

3. The method according to claim 1 or 2, characterized in that, The determination of the scaling factor based on the first modulus and the second modulus includes: The scaling factor is determined based on the ratio of the first modulus to the second modulus.

4. The method according to any one of claims 1 to 3, characterized in that, The method further includes: The first key is encrypted using a second encryption method to obtain a bootstrap key, the second encryption method including a modulo operation based on the second modulus; and the public key corresponding to the first key is obtained. The rotation key is generated based on the bootstrap key, the public key, and the preset polynomial coefficients.

5. The method according to claim 4, characterized in that, The step of processing the second ciphertext vector into a third ciphertext vector based on the rotation key and the scaling factor includes: Based on the product of the rotation vector of round (i-1), the rotation key, and the scaling factor, a modulo operation based on the first modulus is performed to obtain the rotation vector of round (i-1). The rotation vector of round (i-1) is determined based on the second ciphertext vector and the preset polynomial coefficients. Select the target ciphertext vector corresponding to the output format of the first encryption method from the rotation vector of the nth round, and determine the third ciphertext vector based on the target ciphertext vector, where i is a positive integer less than n and n is the dimension of the first key.

6. The method according to claim 5, characterized in that, Determining the third ciphertext vector based on the target ciphertext vector includes: Use the target ciphertext vector as the third ciphertext vector; or... The third ciphertext vector is obtained by adjusting the dimension of the target ciphertext vector to the dimension of the second ciphertext vector and / or adjusting the modulus of the target ciphertext vector to the modulus of the second ciphertext vector.

7. The method according to any one of claims 4 to 6, characterized in that, The first encryption method includes the Modular Learning with Error (MLWE) algorithm, and the second encryption method includes the Multimodal Fully Homomorphic Encryption (MGSW) algorithm.

8. A data processing apparatus, characterized in that, The device includes: an acquisition unit, a determination unit, a processing unit, and a generation unit, wherein, The acquisition unit is used to acquire a first ciphertext vector, which is obtained by encrypting a plaintext vector using a first key under a first encryption method. The plaintext vector contains at least one plaintext data. The determining unit is used to determine the second ciphertext vector generated after the first ciphertext vector has undergone T rounds of operation; The determining unit is further configured to determine a scaling factor based on a first modulus and a second modulus, wherein the first modulus is the modulus of the first ciphertext vector, the second modulus is the modulus of the rotation key, and the rotation key is obtained based on the first key; The processing unit is further configured to process the second ciphertext vector into a third ciphertext vector based on the rotation key and the scaling factor, wherein the noise value of the third ciphertext vector is less than the noise value of the second ciphertext vector. The generation unit is used to perform L rounds of operations based on the third ciphertext vector to generate the ciphertext result corresponding to the plaintext data after T+L rounds of operations, where L is a positive integer greater than T.

9. The apparatus according to claim 8, characterized in that, The processing unit is further configured to process the second ciphertext vector into the third ciphertext vector based on the detection that the noise value of the second ciphertext vector is greater than a noise threshold, and / or the number of rounds T after which the first ciphertext vector has been processed is greater than a preset number.

10. The apparatus according to claim 8 or 9, characterized in that, The determining unit is further configured to determine the scaling factor based on the ratio of the first modulus to the second modulus.

11. The apparatus according to any one of claims 8 to 10, characterized in that, The determining unit is further configured to encrypt the first key using a second encryption method to obtain a bootstrap key, wherein the second encryption method includes a modulo operation based on the second modulus; The acquisition unit is further configured to acquire the public key corresponding to the first key; The generation unit is also used to generate the rotation key based on the bootstrap key, the public key, and preset polynomial coefficients.

12. The apparatus according to claim 11, characterized in that, The determining unit is further configured to perform a modulo operation based on the first modulus based on the product of the rotation vector of the (i-1)th round, the rotation key, and the scaling factor, to obtain the rotation vector of the i-th round, wherein the rotation vector of the first round is determined based on the second ciphertext vector and the preset polynomial coefficients; The determining unit is further configured to select a target ciphertext vector corresponding to the output format of the first encryption method from the rotation vector of the nth round, and to determine the third ciphertext vector based on the target ciphertext vector, where i is a positive integer less than n and n is the dimension of the first key.

13. The apparatus according to claim 12, characterized in that, The determining unit is further configured to use the target ciphertext vector as the third ciphertext vector; or... The determining unit is further configured to adjust the dimension of the target ciphertext vector to the dimension of the second ciphertext vector, and / or adjust the modulus of the target ciphertext vector to the modulus of the second ciphertext vector to obtain the third ciphertext vector.

14. The apparatus according to any one of claims 11 to 13, characterized in that, The first encryption method includes the Modular Learning with Error (MLWE) algorithm, and the second encryption method includes the Multimodal Fully Homomorphic Encryption (MGSW) algorithm.

15. A chip, characterized in that, The chip includes a processor and a data interface, wherein the processor reads instructions stored in the memory through the data interface to execute the method as described in any one of claims 1 to 7.

16. An electronic device, characterized in that, It includes a processor and a memory, the memory being used to store instructions, the processor being used to execute the instructions, and when the processor executes the instructions, it performs the method as described in any one of claims 1 to 7.

17. A computer-readable storage medium, characterized in that, Includes instructions that, when executed on an electronic device, cause the electronic device to perform the method as described in any one of claims 1 to 7.

18. A computer program product, characterized in that, The computer program product includes computer instructions that, when executed by an electronic device, enable the electronic device to perform the method as described in any one of claims 1 to 7.