## **Guide**

Privacy computing technology is a frontier development direction of cryptography, filling the gap in the privacy of data in computing, and creating a complete closed loop based on cryptography information security system for cloud computing, distributed computing networks and blockchains. Applications such as technology provide a privacy foundation. This topic will briefly describe privacy computing techniques and analyze their origins, technical directions and application prospects.

## **Summary**

With the continuous development of information technology, data has gradually become an important asset for governments, enterprises and individuals. Its discovery, storage, processing and use have become more and more important, and privacy needs have gradually emerged. **Privacy computing is a technique in which data or computing methods remain encrypted and are not disclosed to other partners. The technology of computing cooperation fills in the gaps in the processing and use of information since the advent of cryptography** **.** At the current stage, the cryptographic level of privacy computing mainly includes major homomorphic encryption, multi-party security computing, and zero-knowledge proof.

**The cryptographic function that satisfies the homomorphism can perform an operation on the encrypted data without decrypting the original data, and provides the computing power for the encrypted data.** The full homomorphic encryption algorithm refers to any operation rule given by the algorithm, and the corresponding operation rules for the encrypted data can be constructed by the algorithm, and the homomorphism is satisfied. Fully homomorphic encryption is a relatively basic privacy computing technology with a wide range of applications, but its current computational efficiency is low and has certain limitations.

- The United States is difficult to block China's blockchain technology - China and the United States blockchain technology strength hard competition
- Sweep the haze of physical delivery futures debut, Bakkt cash delivery bitcoin contract hotly opened
- Beijing's "regulation sandbox" experiment is about to begin, and the road to blockchain compliance begins?
- Lightning Network ushers in "the most significant technological progress" in 2019, and multi-path payment is about to go online, solving the problem of large payments
- How many blocks of the blockchain company have a daily limit of more than 100 in the “chain”?
- The original copyright of the Japanese anime "The Attacking Giant" image was sold through the blockchain

**Secure multiparty computing solves the problem of how to safely calculate agreed functions and get verifiable results without the parties involved in the calculations leaking their own input and without a trusted third party.** The main purpose of the main solution of secure multi-party computing is to solve the problem of collaborative computing under the premise of protecting privacy by mutual distrust participants. It also has its own limitations, which does not guarantee the honesty of the participants, nor can it prevent the participants from entering maliciously.

**A zero-knowledge proof is an algorithm that proves to a third party that it does own a particular piece of data without revealing private data.** It is mostly used for anonymous blockchain to hide transaction details and achieve anonymity.

**Privacy computing has broad prospects in the three directions of cloud computing, distributed computing networks and blockchains.** Privacy computing allows data to remain encrypted during the cloud computing process, improving data security during the calculation process. Privacy computing also makes private data chaining possible and also ensures its verifiability through blockchain technology.

**Risk warning: technology has bottlenecks, landing application is not as expected**

## **table of Contents**

**1 Privacy Computing: Another Dimension of Encryption Technology**

**2 Main technical directions: full homomorphic encryption, secure multi-party computing and zero-knowledge proof**

2.1 Fully homomorphic encryption

2.2 Secure multi-party computing

2.3 Zero knowledge proof

**3 Application prospects**

3.1 Secure Cloud Computing

3.2 Distributed Computing Network

3.3 Encrypted chain data and hidden transaction information

## **text**

Privacy computing technology is a frontier development direction of cryptography, filling the gap in the privacy of data in computing, and creating a complete closed loop based on cryptography information security system for cloud computing, distributed computing networks and blockchains. Applications such as technology provide a privacy foundation. This topic will briefly describe privacy computing techniques and analyze their origins, technical directions and application prospects.

**1 Privacy Computing: Another Dimension of Encryption Technology**

**With the continuous development of information technology, data has gradually become an important asset for governments, enterprises and individuals. Its discovery, storage, processing and use have become more and more important, and privacy needs have gradually emerged.** The development of data science has enabled the application of data to expand, and the corresponding cooperation has begun to emerge, and privacy issues have followed. For example, a company may need to use the partner's data to form a certain judgment or result, and the partner is not willing to give their data to others completely, and the company does not want its own query conditions or analysis methods to be known by the partner; When using cloud computing resources, users also want their data and algorithms to be kept secret. However, in reality, they have to upload all the content, which exposes them to the risk of disclosure. With the development of cloud computing and blockchain, the need for privacy computing has emerged. This combination of cryptography and computational science has once again attracted everyone's attention.

**Privacy computing is a technique for calculating data and verifying the results of calculations while ensuring that data providers do not disclose sensitive data.**

Contemporary cryptography originated in 1977, Ron Rivest, Adi Shamir and Leonard Adleman invented the asymmetric encryption (also known as public key encryption) algorithm RSA. RSA utilizes the asymmetry of the current computer decomposition factor calculation difficulty, and designs a public key encryption system with public key for encryption and private key for decryption. The private key does not appear in the data transmission link, which greatly improves the encrypted data. Security of the transmission. The RSA algorithm was published on April 3, 1977, the Passover of the Jewish nation. As Moses went out of Egypt, human encryption technology broke through the long-term bottleneck and reached a new stage.

**Cryptography converts data into ciphertext state through mathematical theory. The private key cannot read its content, which solves the problem of privacy storage and communication in an insecure environment, but there is a gap in the use of the link.** By the time the information is used, the data in the encrypted state during the communication and storage process has to be decrypted for query and calculation. Therefore, the cryptography-based information encryption system has a blank in the use of the link, and it is not yet possible to form a closed-loop encryption system. When the information owner has to submit data to use a third-party service, he is exposed to the risk of information leakage, and the encryption status of other links loses its meaning. In response to this situation, the academic community has carried out research on data calculation in the encrypted state, which is what we call privacy computing.

**In 1978, Ron Rivest, Leonard Adleman, and Michael L. Dertouzos proposed the homomorphic encryption problem, and in the same year proposed the algorithm RSA that satisfies the multiplicative homomorphism.** Prior to this, cryptography research focused on the static security of data in the process of storage and transmission, and the problem of homomorphic encryption introduced the research of encryption technology from static to dynamic, which is a huge theoretical innovation and also created. The first of its privacy calculations.

**In 1982, the Chinese Turing Award winner Yao Zhizhi pioneered the proposed millionaire problem and introduced the concept of multi-party security computing.** In his paper "Protocols for Secure Computations", Yao Zhizhi raised the issue of a millionaire, that is, how two millionaires compare richer people without a trusted third party and without revealing their property.

**In the 1980s, MIT researchers Shafi Goldwasser, Silvio Micali, and Charles Rackoff proposed the concept of zero-knowledge proof.** The zero-knowledge proof involves two parties: the prover and the verifier. Its purpose is to solve the problem of how the prover proves to the verifier that he owns a particular piece of data, but the proof process cannot reveal any information about the data.

Through the continuous research and development of the academic circle, the privacy calculation represented by the full homomorphic calculation, the safe multi-party calculation and the zero-knowledge proof has achieved certain results, and it has become one of the hot issues in cryptography research.

**2 Main technical directions: full homomorphic encryption, secure multi-party computing and zero-knowledge proof**

At present, the cryptographic level of privacy computing mainly includes three major technologies: Full Homomorphic Encryption (FHE), Secure Multi-Party Computation (sMPC), and Zero-knowledge Proof. direction. In addition, there are trusted execution environments, indistinguishable confusion, and so on. This topic will analyze the full homomorphic encryption, secure multi-party computing and zero-knowledge proof, and analyze their advantages and disadvantages.

**2.1 Fully homomorphic encryption**

In the era of symmetric encryption algorithms before the advent of the RSA algorithm, encrypting and decrypting data followed the same rules. The key elements of symmetric encryption include the encryption algorithm and the key, the data sender encrypts the data with a specific key, and sends the encrypted data and key to the recipient. In the process of transmission, there is a risk that the encrypted data or key will be intercepted. Once the encryption algorithm is cracked, if the key is not replaced in time, the subsequent communication process between the two parties is no longer secure.

**Asymmetric encryption guarantees the security of data storage and transmission.** The asymmetric encryption algorithm generates a pair of public and private keys, the public key is used to encrypt data, and the private key is used to decrypt the data encrypted by the corresponding public key. In the above example, the data receiver only needs to disclose the public key to the sender, and the sender encrypts the data using the recipient's public key, and the receiver uses the private key to decrypt it. The two parties do not need to exchange information about the private key during the entire encryption and decryption process, so the security is very high.

**Homomorphic encryption guarantees the security of the data calculation process and provides the ability to process encrypted data.** If you want to process the raw data, you usually need to decrypt the data first. If the party performing the calculation process is untrustworthy, then the previous encryption and decryption process is in vain.

The homomorphism is originally a concept in abstract algebra. The encryption function f is used to represent the process of obtaining the ciphertext S from the original data M, and f^(-1) is the inverse operation, that is, the decryption process:

If some kind of operation "+" can be performed between the original data S1 and S2, and the operation result is still processed by the encryption function, it is satisfied

It is said that the encryption function f satisfies the homomorphism of the operation "+". The "+" here represents an abstract arithmetic rule, which can be the addition, multiplication, etc. that we are familiar with.

**An encryption function that satisfies the homomorphism can perform an operation on the encrypted data without decrypting the original data.** Calculate the encrypted data and get the result:

The computing service requester decrypts the received result and obtains the result:

It is equal to the direct result of the original data. Common asymmetric encryption algorithms RSA and ECC are additive homomorphisms.

**The full homomorphic encryption algorithm refers to any operation rule given by the algorithm, and the corresponding operation rules for the encrypted data can be constructed by the algorithm, and the homomorphic requirement is met.**

**The fully homomorphic encryption algorithm can be divided into three categories according to the development stage.** In 2009, Craig Gentry presented the first algorithmic implementation of Fully Homomorphic Encryption (FHE) in the paper "Fully Homomorphic Encryption Using Ideal Lattices", which is also the first to satisfy the additive homomorphism and Multiplication homomorphic encryption algorithm. But Gentry's algorithm is extremely inefficient. According to tests, the algorithm takes 30 minutes to perform a single bit operation, which is far from meeting the needs of large-scale applications.

Brakerski and Vinod Vaikuntanathan made improvements based on the first-generation fully homomorphic encryption algorithm and proposed the BGV algorithm in 2011. Its mathematical foundation is the asymmetry of the difficulty of solving the RLWE (Ring Learning-with-errors) problem.

Craig Gendry, Amit Sahai, and Brent Waters published the GSW13 algorithm in 2013 to further optimize the homomorphic multiplication algorithm. The current mainstream homomorphic encryption computing systems use the latter two types of encryption algorithms.

**Fully homomorphic encryption is a relatively basic privacy computing technology with a wide range of potential applications.** The fully homomorphic encryption technology implements the direct operation of ciphertext and solves the privacy problem in computing cooperation. With fully homomorphic encryption, the demand for computing resources can send privacy-related data to a non-trusted third party such as a cloud server or computing company in a cipher text state and complete the calculation without worrying about any information security issues.

**Existing solutions have a large efficiency loss and are not yet commercially available on a large scale.** At present, some algorithms have improved to a certain extent compared with Gentry's original algorithm. For example, the BGV algorithm proposed by Smart et al. abandoned Bootstrapping and adopted the die-change technology and private key exchange technology. In a certain sense, a breakthrough has been achieved. The best fully homomorphic encryption algorithm. However, from the perspective of absolute performance, the efficiency of the current fully homomorphic encryption algorithm is still very low, and the computing resources consumed by the same operation are about six orders of magnitude higher than the plaintext. Therefore, full homomorphic encryption is still a technology in the research and experimental stage, which is not enough for commercial applications. In the future, the landing of fully homomorphic encryption technology depends on the emergence of higher efficiency algorithms. On the other hand, it will benefit from the improvement of computing power of devices. It may gradually be applied from key data and eventually expanded to more. Calculate the scene.

**Homomorphic encryption itself has certain limitations.** All intermediate results of homomorphic encryption are encrypted, so the server cannot make any decisions on the intermediate values, that is, all conditional branches need to be calculated, so all operations can only be included in the function, increasing the complexity of the function. And will cause performance loss.

M.Van Dijk and A.Juels have demonstrated that homomorphic encryption must be performed under the same key, and there is a possibility of collusion in multi-party cooperation, so full homomorphic encryption is usually suitable for collaborative computing, and currently can prevent collusion attacks. State encryption security calculation efficiency is lower than other general protocols.

**2.2 Secure multi-party computing**

**Secure multiparty computing solves the problem of how to safely calculate agreed functions and obtain verifiable results without involving the parties involved in the calculation without revealing their own input and without a trusted third party.** For example, in the millionaire problem, two rich people can each encrypt their own property status X and Y as input. Through a specific algorithm, both parties can get a reliable comparison of X and Y, but they cannot know each other's property. .

The garbled circuits proposed by Yao Zhizhi are a solution for two-party computing. Goldreich, Micali and Wigderson have studied and developed them, and have become one of the hot issues in the field of cryptography.

The secure multi-party computing also has the following application scenario: splitting a key K that needs to be encrypted into n different parts, and keeping them in different participants, the parties do not know the part that other people keep. The content of the key K can be completely recovered by using at least t parts (2 <= t <= n) of the n parts, and such a key storage method is also called a (t, n) threshold signature.

**The main purpose of secure multi-party computing is to solve the problem of collaborative computing by mutual distrust participants under the premise of protecting privacy.** In the real world, there are often situations in which collaborative computing situations where participants want to use their data to get some results, but are reluctant to disclose their data to others. The design concept of safe multi-party computing satisfies the objective needs of participants in real economic cooperation who want to obtain cooperative benefits but do not want to be exposed their own data. It has a large potential market space. Its main application areas include electronic election, electronic auction, asset custody. Wait.

**Most secure multi-party computing solutions require the honesty of the participants.** In a secure multi-party computing study, participants are usually divided into honest, semi-honest, and attackers. Honest people provide the right data and do not attempt to steal input from others; semi-honest people provide the right data and are willing to obtain input from others without adverse consequences; the attacker provides false data to disrupt cooperation and attempts to steal input from others. Most of the relatively efficient and secure multi-party computing protocols are only secure in situations where most of the participants are honest or semi-honest, and only the SPDZ line of research results can be guaranteed if most of the participants are attackers. Security and correctness. A secure multi-party computing protocol should at least be able to operate with all participants being semi-honest in order to adapt to the realities of the market economy and protect the privacy of participants. Malicious attackers do not expect to get the right results, so they rely more on the design of incentives to limit them.

**In addition to the correctness of the results and the privacy of the input, the secure multi-party computing protocol also guarantees fairness between the participants.** That is, the calculation results can only be obtained or not available to everyone, in order to deal with the possible early termination behavior of the attacker.

**The limitations of secure multi-party computing are: low efficiency; the authenticity of the input of the participants cannot be guaranteed.** It is not possible to prevent participants from maliciously constructing input and guessing other people's input from the results.

**2.3 Zero knowledge proof**

**Zero-knowledge proof is an algorithm that proves that a certifier does not disclose private data and proves that it does own specific data to any third party. It is divided into interactive and non-interactive.** The zero-knowledge proof algorithm has the following characteristics:

**Completeness.** If the prover and the verifier are honest and the prover does have specific data, the verification must pass.

**stability.** If the prover does not have specific data, it is almost impossible for an honest prover to pass the verification.

**Zero knowledge.** After the verification process is over, the verifier will not get any information about the data.

In asymmetric encryption, a concept similar to zero-knowledge proof has emerged. If someone needs to prove that he is indeed the holder of a particular private key, he can have the verifier randomly generate a number and sign the number with the private key. If the signature can be verified by the corresponding public key, then the proof passes. Throughout the process, the holder's private key will not be revealed. However, since the public key and the private key are in one-to-one correspondence, it is easy for the third party to associate the private key holder with the public key as long as the verification process is completed.

**ZK-SNARK (Zero-knowledge succint non-interactive arguments of knowledge) is a classic non-interactive zero-knowledge proof algorithm, which is applied in the anonymous transaction of anonymous digital certificate ZCash.** The core technology of zk-SNARK has a certain connection with homomorphic encryption and multi-party security computing. The sender of the ZCash anonymous transaction can prove the legality of the transaction to the verifier without revealing the details of the transaction amount and address.

Zero-knowledge proof is an advanced application of cryptography, but not all problems can be verified by a zero-knowledge proof algorithm. Goldreich, Micali and Wigderson proved that there must be a zero-knowledge proof algorithm for the problem of verifying the correctness of the solution (NP problem) in polynomial time.

**3 Application prospects**

At present, privacy computing technology is less efficient and has fewer practical commercial applications. With the continuous development of technology, cloud computing, blockchain and even distributed computing networks have gradually entered the field of vision. People's attention to data security has provided an urgent need for the application of privacy computing. Privacy computing will have broad application prospects in the three directions of secure cloud computing, distributed computing networks and encrypted blockchains.

**3.1 Secure Cloud Computing**

**Cloud computing has greatly improved the utilization efficiency of computing resources, and the market scale has grown rapidly, which has broad development prospects.** With the development of information technology, the network communication speed and server computing power have gradually increased, and the cloud computing industry has developed rapidly. On the one hand, cloud computing services avoid the waste of resources for individuals and enterprises to repeatedly purchase hardware devices by renting computing resources. People can no longer have many hardware with lower frequency of use, and instead rent online computing resources that are ready to go. The service provider's hardware can also maintain high usage rate and improve the efficiency of resource allocation. On the other hand, cloud computing service providers have a large amount of computing hardware, which can provide suitable operating environment and timely maintenance for these devices. The construction of the data center will greatly reduce the cost of unit computing resources and play a scale effect. These advantages of cloud computing have led to rapid development in recent years, and have now formed a market size of approximately $260.2 billion. Cloud computing technology has been widely recognized by various industries. It has a very rich application scenario and broad development space, which will greatly change the way of computing resources.

**However, the use of cloud computing services inevitably sacrifices privacy.** Currently, in the process of using cloud computing services, user data is stored in the form of clear text at the cloud service provider. On the one hand, data will inevitably be acquired by cloud computing providers. Although there are relevant laws and regulations, ordinary users are always at a disadvantage in the game with oligopolistic enterprises. On the other hand, although there are security measures, they are on the cloud server. Data is still likely to be acquired by ghosts and hackers. Although cloud computing improves the efficiency of computing resources, data security cannot be guaranteed.

**Privacy computing can keep data encrypted during the cloud computing process, avoiding being accessed by service providers and other third parties, and greatly improving data security in the cloud computing process.** Traditional cryptography cannot guarantee security in data computing, and privacy computing technology fills this gap, making various data collaborations, including cloud computing, more secure and private. Confidential data can be calculated by the cloud computing service provider through the full homomorphic encryption algorithm without directly transmitting the plaintext data. Through secure multi-party computing, data owners can confidently perform collaborative calculations without worrying that their data will be acquired by partners or third parties. Privacy computing will greatly expand the application scenarios of cloud computing.

**3.2 Distributed Computing Network**

**Distributed computing network is a high-level form of cloud computing, which uses a wide range of computing resources to form a distributed computing network.** As the performance of personal computing devices increases and the number of Internet node accesses increases, so does the redundancy of network computing capabilities. People's idle mobile phones, computers and other devices can be effectively reused through distributed computing networks. With the continuous development of communication technology, the bandwidth of the network has gradually increased, and the establishment of distributed computing networks has gradually evolved from theory to reality.

**Distributed computing networks can prevent cloud computing oligopoly computing resources.** The scale effect of cloud computing is very obvious. The development of the oligopoly will inevitably form in the later stage. After people's habits are formed, these enterprises will raise prices and obtain high monopoly profits. It is difficult for the public to fully enjoy the benefits brought by efficiency improvement. Distributed computing networks are different from cloud computing in that they utilize resource computing resources. Individuals do not give up ownership of computing resources, but only mutual help and resource sharing on the network. Enterprises may hold higher computing power, but it is difficult to form a monopolistic advantage compared to the power of all human computing devices integrated by distributed computing networks. Any attempt to obtain monopoly profits is against the world's computing power and does not have economic rationality.

**Privacy computing provides information security assurance for distributed computing networks.** Distributed computing networks are likely to exist in a peer-to-peer fashion, with the allocation of computing resources directly between nodes. The security issues are particularly important. In this form, data will be sent directly from the demand node of the computing resource to the untrusted provider node, and data security will face greater challenges than cloud computing. If privacy computing can be used, the information security problem of distributed computing networks can be fundamentally solved. On the one hand, users can safely use other people's computing resources, on the other hand, they can perform computing cooperation without publicizing data. Greatly enrich the application scenarios of distributed computing networks.

**3.3 Encryption chain data and hidden transaction information**

**Blockchain can provide trusted distributed accounting, greatly reducing the cost of trust, but facing the dilemma of data verifiability and privacy on the chain.** The blockchain realizes non-tamperable distributed accounting through the consensus mechanism, which provides a reliable new form of trust for the value Internet, which will greatly promote the development of online assets and change the Internet and even the economy with trust as the entry point. The ecology of society. However, the information on the chain is open to everyone, and privacy is greatly sacrificed.

**Concerns about data privacy limit the scope of application of smart contracts.** Smart contracts running on the blockchain brought the blockchain into the 2.0 era, enabling many functions beyond payment settlement. However, the credibility of running on the smart contract chain is also at the expense of privacy. All processing records can be found on the blockchain, and the scope of application is limited by data sensitivity.

**Privacy computing makes private data chaining possible and also ensures its verifiability through blockchain technology.** By using privacy computing technology, data can be identified, processed, and calculated while maintaining an encrypted state, and the dilemma between the credibility and privacy of the information chain will be resolved. Through the techniques of full homomorphic encryption, secure multi-party computing and zero-knowledge proof, people use the blockchain for information verification without revealing the original sensitive data.

**The efficiency of privacy calculations is lower than conventional calculations.** The combination of privacy computing and blockchain will solve the problem of data verifiability and privacy, and greatly expand the use of blockchain. But going to commercial still needs hardware computing power or technological breakthroughs.

**Note:**

For some reasons, some of the nouns in this article are not very accurate, such as: pass, digital pass, digital currency, currency, token, Crowdsale, etc. If you have any questions, you can call us to discuss.

**This article is original for the General Research Institute (ID: TokenRoll).** **Unauthorized reproduction is prohibited.**

General Information Institute × FENBUSHI DIGITAL

Text: Song Shuangjie, CFA; Sun Hanru; Wu Zhenyu

Special Advisor: Shen Bo; Rin; JX