Essential Skills for Java Architects of Luban College
1 Introduction
With the rapid development of mobile Internet, users have generated a lot of data while enjoying the convenience of life brought by the Internet. Enterprises, medical institutions, financial institutions, etc. have a large number of user data resources. This centralized data storage method is not only worrying in terms of security and privacy, but also has problems due to the lack of a collaborative mechanism for data privacy computing. The concept of "data islands" has gradually become prominent. The current centralized storage is not conducive to the security and privacy protection of user data, and cannot truly guarantee the user's data ownership and data usage rights.
Information leakage and illegal use caused by this centralized storage abound. For example, Facebook leaked 50 million user data, which was used to accurately place election advertisements; Verison data leakage resulted in the loss of 14 million user information; Uber leaked the personal data of 57 million customers and drivers. The problem we are committed to solving is how to make data truly in the hands of users, and how to make full use of the value of data in the early stages of ensuring user privacy.
The MAP cross-chain protocol can provide users with private computing functions. Symmetric encryption technology is used to realize distributed encrypted storage of user data. Through the blockchain interoperability and smart scripts of the MAP cross-chain protocol, we can achieve authorized access to encrypted data, and can directly implement the privacy transmission function. Combined with the hardware support of TEE, we can realize the function of private computing.
Privacy calculation based on the MAP cross-chain protocol has a wide range of applications. With the development of blockchain technology, more and more data is online. The privacy calculation function of the MAP cross-chain protocol provides privacy guarantee for data interaction on the chain. In the medical field, the privacy computing function can process the encrypted data of the hospital, which is one of the important technologies to realize intelligent medical treatment. In the financial field, the privacy computing function can collect and process encrypted data authorized by users.
2. Privacy computing
Privacy computing is a computing cooperation technology. The premise is that data or computing methods must remain encrypted and not leaked to other partners.
Advanced java training, MAP cross-chain protocol, Luban Academy, java source code learning
Privacy computing covers all computing operations of information owners, information forwarders and information receivers during the entire life cycle, such as information collection, storage, processing, release (including exchange), destruction, etc.
Currently, the commonly used privacy calculation methods are homomorphic encryption, secure multi-party computing, trusted execution environment, differential privacy, zero-knowledge proof, etc. Privacy computing provides a privacy foundation for data processing for cloud computing, distributed computing, blockchain and other technology applications.
Especially in the blockchain, we can use the public verifiability of the blockchain to place privacy calculations off-chain, and realize data processing for off-chain privacy calculations and public verification on the chain. Privacy computing can solve the current "data island" problem of all parties' data, and make full use of the practical value brought by big data more fully and safely. In the following chapters, we will introduce some common private computing technologies
2.1 Fully homomorphic encryption
We first introduce homomorphic encryption technology. As one of the components provided by MAP in the future, it will become one of the core technologies of private computing on MAP.
Fully homomorphic encryption refers to the ability to calculate ciphertext without a private key. In other words, for any valid f and plaintext m, there is a special attribute f(Enc(m))=Enc(f(m)).
Advanced java training, MAP cross-chain protocol, Luban Academy, java source code learning
It enables fully homomorphic encryption to have a wide range of theoretical and practical applications, such as cloud computing security, secure multi-party computing, and privacy protection in machine learning.
Rivest raised the issue of fully homomorphic encryption in 1978, and it was not until 2009 that Gentry constructed the first fully homomorphic encryption scheme. Combining abstract algebra and cryptography knowledge, a clever algebraic structure is formed: ideal lattices are used.
Since 2009, there have been many completely homomorphic encryption schemes and their implementation and optimization. The first-generation homomorphic encryption scheme follows Gentry's construction method. In essence, these schemes are based on the ideal of the ring. Although homomorphic decryption is the cornerstone of homomorphic encryption, the efficiency of homomorphic decryption is very low
Advanced java training, MAP cross-chain protocol, Luban Academy, java source code learning
The second-generation homomorphic encryption scheme is very simple based on LWE / ring-LWE. It breaks the original framework of establishing a fully homomorphic encryption scheme based on Gentry, which can execute polynomial-level deep circuits and can satisfy most applications.
The typical representative program is the BGV program. Through various optimizations, the asymptotic complexity of the original scheme is t⋅polylog(λ). In actual operation, the BGV scheme on the ring LWE takes the AES scheme as the test object and uses the ciphertext encapsulation technology. The 10-round operation of the entire AES takes about 36 hours, and the average operation of each AES ciphertext block takes about 40 minutes, which is two orders of magnitude faster than the original Gentry-Halevi implementation. Of course, if we want to obtain a fully homomorphic encryption scheme, we still have to rely on homomorphic decryption technology. In 2013, Gentry et al. proposed a fully homomorphic encryption scheme based on approximate feature vectors. After that, the most famous programs are the CKKS program and the BFV program.
2.2 Trusted execution environment
Trusted Execution Environment (TEE) is a concept proposed by GlobalPlatform (GP). Different from the above-mentioned method of implementing private computing through cryptographic technology, the core idea of TEE is to establish a secure hardware area and collect data in this area for calculation to achieve the purpose of private computing.
TEE is isolated from the traditional REE, and can only transmit data through a specific entry, so it can be protected by hardware mechanisms, so that a trusted execution environment can be realized. At the same time, TEE has high operating efficiency. First of all, the operation of TEE can monopolize all CPU performance. Secondly, TEE can communicate with REE quickly while ensuring that REE will not read its own memory. In addition, TEE supports the parallelism of multiple processes and multiple applications.
TEE usually uses asymmetric encryption in privacy calculations, uses TEE public keys to encrypt user data, and then transmits the data to a trusted execution environment. After decryption, the data will be processed, and the result will finally be sent out. Compared with the aforementioned privacy calculations that rely only on encryption, TEE has higher computational and computational efficiency, but its performance is limited by memory issues and hardware levels.
Currently, TEE has not formed its own technical standards or specifications. Different manufacturers will design a trusted execution environment according to different needs. Common trusted execution environments include Intel SGX, AMD SEV, ARM TrustZone and Keystone/OpenTEE.
If you want to learn more about the professional knowledge of java architects, you can join the JAVA architects exchange group: 1037935907, all of them are peers, there are resources to share including but not limited to (distributed architecture, high scalability, high performance, high concurrency , Jvm performance tuning, Spring, MyBatis, Nginx source code analysis, Redis, ActiveMQ, Mycat, Netty, Kafka, Mysql, Zookeeper, Tomcat, Docker, Dubbo, Nginx). Engineers from one to five years are welcome to join. Use every minute and every second of your time to learn to improve yourself. Don't use "no time" to hide your mental laziness! Try hard while you are young, and give your future self an explanation!