CN-116506100-B - Privacy calculation method and system based on TEE and FHE technology

Abstract

The application discloses a privacy calculation method and a privacy calculation system based on a TEE and FHE technology. The method comprises the steps of firstly determining a key management party and generating a key in a trusted area, after the key is generated, sending a public key to other participants in an untrusted area by the key management party, encrypting obtained plaintext data by using the public key by a data party and sending ciphertext data to a calculation party, carrying out joint calculation on the ciphertext data by the calculation party to obtain a ciphertext result, and sending the ciphertext result to the key management party, finally obtaining the ciphertext result in the untrusted area by the key management party, decrypting the ciphertext result in the trusted area to obtain a plaintext result, and sending the plaintext result to other data parties in the untrusted area. The method improves the security of FHE application, reduces the trust assumption requirement of a key manager, and simultaneously gives consideration to the operation performance and the security cost of FHE application.

Inventors

• PAN GUANGMING

Assignees

• 翼健(上海)信息科技有限公司
• 翼方健数(北京)信息科技有限公司

Dates

Publication Date

20260508

Application Date

20230406

Claims (8)

1. 1. A privacy computing method based on TEE and FHE techniques, the method comprising: Determining a key management party from all the participants in the homomorphic encryption environment, and generating a key in a trusted area through the key management party, wherein the key comprises a private key and a public key; After the key is generated, the key management party calls a network sending function in an untrusted area to send the public key to other parties, wherein the other parties comprise a data party and a computing party; the data side acquires plaintext data of a target computing task, encrypts the acquired plaintext data by utilizing a public key to obtain ciphertext data, and sends the ciphertext data to the computing side; The computing side performs joint computation on the ciphertext data sent by each data side to obtain ciphertext results of the target computing task, and sends the ciphertext results to the key management side; The key management side decrypts the ciphertext result in the trusted area according to the ciphertext result uploaded by the calculation side and obtained by the calling function in the untrusted area to obtain a plaintext result of the target calculation task, and calls a network sending function in the untrusted area to send the plaintext result to other data sides; determining a key manager among all participants in the fully homomorphic encryption environment, generating a key in a trusted area by the key manager, comprising: generating an FHE private key according to the security parameters, and storing the private key in a full homomorphic encryption environment; Generating a corresponding FHE encryption public key through the FHE private key; Determining a re-linear key which is needed to be used in the calculation process of generating the ciphertext by the FHE private key; and sending the FHE encryption public key and the re-linear key to other parties.
2. 2. The method of claim 1, wherein a key manager is determined among the parties in the fully homomorphic encryption environment, and wherein a key is generated in the trusted area by the key manager, the method further comprising: And determining a trusted area and an untrusted area of the key management party, wherein the trusted area at least comprises an encrypted memory area and an encrypted hardware chip area.
3. 3. The method of privacy computation based on TEE and FHE techniques of claim 2, wherein determining trusted and untrusted areas of the key manager comprises: And determining a trusted region by using an Intel SGX TEE technology, and taking other regions of the memory as untrusted regions.
4. 4. A privacy computing system based on TEE and FHE technology, characterized in that it comprises a key manager, a data party and a computing party, in particular: After obtaining a ciphertext structure uploaded by a calculator, decrypting a ciphertext result obtained by the calculator according to the calling function in an untrusted area to obtain a plaintext result of a target calculation task, and calling a network sending function in the untrusted area to send the plaintext result to other data parties, wherein the secret key comprises a private key and a public key, the other parties comprise the data parties and the calculator, and the secret key manager determines through each party in a full homomorphic encryption environment; The data side is used for acquiring plaintext data of a target computing task, encrypting the acquired plaintext data by utilizing a public key to obtain ciphertext data, and transmitting the ciphertext data to the computing side; the computing side is used for carrying out joint computation on the ciphertext data sent by each data side to obtain ciphertext results of the target computing task, and sending the ciphertext results to the key management side; a key manager generates a key within a trusted region, comprising: generating an FHE private key according to the security parameters, and storing the private key in a full homomorphic encryption environment; Generating a corresponding FHE encryption public key through the FHE private key; Determining a re-linear key which is needed to be used in the calculation process of generating the ciphertext by the FHE private key; and sending the FHE encryption public key and the re-linear key to other parties.
5. 5. The TEE and FHE technology based privacy computing system of claim 4, wherein the key manager further comprises: And determining a trusted area and an untrusted area, wherein the trusted area at least comprises an encrypted memory area and an encrypted hardware chip area.
6. 6. The TEE and FHE technology based privacy computing system of claim 5, wherein determining trusted and untrusted areas of the key manager comprises: And determining a trusted region by using an Intel SGX TEE technology, and taking other regions of the memory as untrusted regions.
7. 7. An electronic device comprising a memory and a processor, the memory storing a computer program which, when executed by the processor, implements the TEE and FHE technology based privacy calculation method of any of claims 1 to 3.
8. 8. A computer readable storage medium, having stored thereon a computer program which, when executed by a processor, implements a privacy calculation method based on TEE and FHE techniques as claimed in any one of claims 1 to 3.

Description

Privacy calculation method and system based on TEE and FHE technology Technical Field The invention relates to the field of data processing, in particular to a privacy computing method and system based on a TEE (technology-based element) and FHE (field-based element) technology. Background Fully homomorphic encryption (Fullyhomomorphic Encryption, FHE) is a novel privacy preserving technology, which can be used for computing based on encrypted data, and is commonly used in applications such as computing power outsourcing. The FHE application comprises a plurality of participants, wherein the data side provides original plaintext data and encrypts the original plaintext data, the calculation side provides calculation power and calculates ciphertext, the key management side generates an FHE algorithm to public and private keys and decrypts the ciphertext result to obtain a final plaintext result. The FHE application basic steps comprise that a key management party randomly generates a public key and a private key according to input algorithm parameters, the key management party sends the public key to each data party and each computing party, each data party sends ciphertext data to the computing party, the computing party carries out encryption computation on the ciphertext data to obtain a ciphertext result, the key management party decrypts the ciphertext result through the private key to obtain a plaintext result, and the plaintext result is sent to each data party. In the FHE application described above, the trust assumption of the key manager is related to the data security of each other party, and once the private key responsible for the key manager is leaked, it means that the ciphertext data of the other parties will be totally leaked from the original ciphertext data. The core security point of FHE applications is thus the guarantee of private key security. Currently, 2 private key protection schemes are available to ensure the data security of FHE application, namely 1) a trusted party is selected as a key manager and is responsible for key generation and management. The secure assumption of this scheme is that the key manager neither actively disuses (other participants collude) the private key nor passively disuses (e.g. is attacked) the private key, which results in leakage of the private key, 2) the private key is managed by MPC technology, that is, simply the private key is kept by multiple participants, some of which are kept by each participant, and the complete key can be recovered only when the participants participate in concert. The security assumption of the scheme is that partial participants do not cause key leakage even if they do not, so that the security of data of other non-doing parties can be ensured. In the two FHE private key protection schemes, the trust assumption of the first scheme on the participants is too high, and the complete trust of other data parties is difficult to obtain in reality, so that the cooperative wish of each participant is influenced, and the trust assumption of the second scheme is low and the security is high, but the additional calculation overhead of key protection to the value is realized through the MPC, so that the original FHE calculation performance is seriously influenced. Disclosure of Invention Based on the above, the embodiment of the application provides a privacy computing method and a privacy computing system based on a TEE and FHE technology, which can realize key management through the TEE technology, increase key security, reduce trust hypothesis requirements on a key manager, and improve security protection capability of the key manager, so that an attacker can be reduced from the whole running environment of a participant to the TEE. In a first aspect, a privacy calculation method based on TEE and FHE technologies is provided, the method including: Determining a key management party from all the participants in the homomorphic encryption environment, and generating a key in a trusted area through the key management party, wherein the key comprises a private key and a public key; After the key is generated, the key management party calls a network sending function in an untrusted area to send the public key to other parties, wherein the other parties comprise a data party and a computing party; the data side acquires plaintext data of a target computing task, encrypts the acquired plaintext data by utilizing a public key to obtain ciphertext data, and sends the ciphertext data to the computing side; The computing side performs joint computation on the ciphertext data sent by each data side to obtain ciphertext results of the target computing task, and sends the ciphertext results to the key management side; And the key management party decrypts the ciphertext result in the trusted area according to the ciphertext result uploaded by the computing party and obtained by the calling function in the untrusted area to obtain a plaintext r