CN108134668B - Dot product protocol processing method, computer device and storage medium - Google Patents
Dot product protocol processing method, computer device and storage medium Download PDFInfo
- Publication number
- CN108134668B CN108134668B CN201711451381.5A CN201711451381A CN108134668B CN 108134668 B CN108134668 B CN 108134668B CN 201711451381 A CN201711451381 A CN 201711451381A CN 108134668 B CN108134668 B CN 108134668B
- Authority
- CN
- China
- Prior art keywords
- matrix
- participant
- component
- order matrix
- order
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0827—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving distinctive intermediate devices or communication paths
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/10—Complex mathematical operations
- G06F17/16—Matrix or vector computation, e.g. matrix-matrix or matrix-vector multiplication, matrix factorization
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
Landscapes
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Mathematical Physics (AREA)
- General Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mathematical Analysis (AREA)
- Data Mining & Analysis (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Mathematical Optimization (AREA)
- Theoretical Computer Science (AREA)
- Pure & Applied Mathematics (AREA)
- Computational Mathematics (AREA)
- Algebra (AREA)
- Databases & Information Systems (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Information Transfer Between Computers (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
A dot-product protocol processing method, computer device, and medium, the method of one embodiment comprising: the method comprises the steps that a current participant obtains a current participant input vector, and an N-order matrix I and an N-order matrix II are constructed according to the current participant input vector; performing matrix sharing interactive processing on the current participant and an opposite-end participant to obtain a current participant sharing matrix component, wherein the current participant sharing matrix component and the opposite-end participant sharing matrix component obtained by the opposite-end participant share a dot product protocol sharing matrix, and the dot product protocol sharing matrix is the sum of the product of the first N-order matrix and the third N-order matrix of the opposite-end participant and the product of the second N-order matrix and the fourth N-order matrix of the opposite-end participant; the current participant determines an element value of a designated main diagonal element of the current participant shared matrix component as a dot product protocol component result of the current participant. The scheme of the embodiment improves the safety performance and has higher execution efficiency.
Description
Technical Field
The present invention relates to the field of cryptography, and in particular, to a dot product protocol processing method, a computer device, and a computer storage medium.
Background
Dot product operation is also called vector inner product, for vector
Sum vector
The dot product operation is defined as:
if Alice holds the vector
Bob holding vector
The safe two-party calculation dot product means that Alice and Bob carry out interaction for a plurality of times according to a certain protocol step, so that Alice obtains a component spABob obtains a component spBAnd satisfy the relationship
The two-party safe calculation vector dot product is a basic component of safe multi-party calculation, but the current protocol for calculating the vector dot product has low execution efficiency or cannot be applied to vectors with any input length, and has safety defects.
Disclosure of Invention
Based on this, it is necessary to provide a dot-product protocol processing method, a computer device, and a computer storage medium to improve security.
A dot product protocol processing method, comprising:
the method comprises the steps that a current participant obtains a current participant input vector, and an N-order matrix I and an N-order matrix II are constructed according to the current participant input vector;
performing matrix sharing interactive processing on the current participant and an opposite-end participant to obtain a current participant sharing matrix component, wherein the current participant sharing matrix component and the opposite-end participant sharing matrix component obtained by the opposite-end participant share a dot product protocol sharing matrix, and the dot product protocol sharing matrix is the sum of the product of the first N-order matrix and the third N-order matrix of the opposite-end participant and the product of the second N-order matrix and the fourth N-order matrix of the opposite-end participant;
the current participant determines an element value of a designated main diagonal element of the current participant shared matrix component as a dot product protocol component result of the current participant.
A dot product protocol processing method, comprising:
a first participant acquires a first input vector and constructs a first N-order matrix and a second N-order matrix according to the first input vector; the second participant acquires a second input vector and constructs a third N-order matrix and a fourth N-order matrix according to the second input vector;
the first participant and the second participant perform matrix sharing interaction processing, the first participant obtains a first participant shared matrix component, the second participant obtains a second participant shared matrix component, the first participant shared matrix component and the second participant shared matrix component share a dot product protocol shared matrix, and the dot product protocol shared matrix is the sum of the product of the first nth order matrix and the third nth order matrix and the product of the second nth order matrix and the fourth nth order matrix;
the first participant determining element values of designated primary diagonal elements of the first participant-shared matrix component as dot product protocol component results for the first participant; the second participant determining element values of the designated primary diagonal elements of the second participant-shared matrix component as dot product protocol component results of the second participant.
A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the steps of the method when executing the program.
A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the above-mentioned method.
The dot product protocol processing method, the computer device and the storage medium in the above embodiments complete the processing procedure of the dot product protocol in a matrix manner, and based on the matrix manner, vectors with any length can be input, so that the security performance is improved, and the execution efficiency of the protocol is further improved through the linear algebra operation in the matrix configuration manner.
Drawings
FIG. 1 is a schematic diagram of an application environment of the embodiment;
FIG. 2 is a flow diagram that illustrates a method for dot product protocol processing, in one embodiment;
FIG. 3 is a flow diagram of a dot product protocol processing method in another embodiment;
FIG. 4 is a flow diagram of matrix sharing interaction processing in one particular example;
FIG. 5 is a flow diagram illustrating elimination of random matrices in a specific example;
FIG. 6 is a schematic diagram illustrating an interaction flow of a dot-product protocol processing method in a specific example;
FIG. 7 is a diagram illustrating an internal configuration of a computer device, according to an embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
Fig. 1 is an application environment diagram of a dot-product protocol processing method in one embodiment. Referring to fig. 1, the dot product protocol processing method involves two devices, i.e., a device 101 and a device 102, and in some embodiments, the device 102 may also be a server, so as to implement the processing of the dot product protocol between the terminal and the server. The devices 101 and 102 may specifically be a desktop terminal, a mobile terminal, and other devices that can or are used to execute a dot product protocol to determine a dot product, and when the device 102 is a server, it may be an independent server or a server cluster composed of multiple servers.
Fig. 2 is a schematic flow chart of a dot-product protocol processing method in an embodiment, which is described by taking the example of the method applied to one of the processing devices, such as the device 101 or the device 102 shown in fig. 1.
As shown in fig. 2, the dot product protocol processing method in this embodiment includes steps S201 to S203.
Step S201: and the current participant acquires the input vector of the current participant and constructs a first N-order matrix and a second N-order matrix according to the input vector of the current participant.
In a specific example, the current participant input vector may be an M-dimensional input vector, and in this case, the manner of constructing the first and second N-th order matrices according to the current participant input vector may include: and randomly generating an M-dimensional random vector I, and constructing an N-order matrix I and an N-order matrix II according to the current participant input vector and the M-dimensional random vector I. Specifically, K elements in the M-dimensional input vector and M-K elements in the M-dimensional random vector one may be extracted to construct an N-order matrix one, and the remaining M-K elements in the M-dimensional input vector and the remaining K elements in the M-dimensional random vector one may be extracted to construct an N-order matrix two.
In a specific example, the current participant input vector may be a 2M-dimensional input vector, and in this case, the manner of constructing the first and second N-th order matrices according to the current participant input vector may include: and extracting M elements in the 2M dimensional input vector to construct the first N-order matrix, and extracting the rest M elements in the 2M dimensional input vector to construct the second N-order matrix. The value of M may be set in conjunction with actual technical needs, and may be set to N in one specific example.
It is understood that in other embodiments, the current participant may have other input vector forms, and other different N-th order matrices may be constructed based on the difference of the dimension N of the input vector of the current participant.
Step S202: performing matrix sharing interactive processing on a current participant and an opposite-end participant to obtain a current participant sharing matrix component, wherein the current participant sharing matrix component and the opposite-end participant sharing matrix component obtained by the opposite-end participant share a dot product protocol sharing matrix, and the dot product protocol sharing matrix is the sum of a product of the first N-order matrix and a third N-order matrix of the opposite-end participant and a product of the second N-order matrix and a fourth N-order matrix of the opposite-end participant.
In one embodiment, before the matrix sharing interaction processing between the current participant and the opposite participant, the method further includes the following steps: the current participant generates a reversible nth order matrix. The reversible N-order matrix can be generated in a random mode, and after the reversible N-order matrix is generated randomly, the inverse matrix of the reversible N-order matrix can be calculated.
At this time, when the current participant and the opposite-end participant perform matrix sharing interactive processing, the current participant performs matrix sharing interactive processing with the opposite-end participant based on the first N-order matrix, the second N-order matrix and the reversible N-order matrix, so as to obtain a current participant sharing matrix component. Thus, by introducing a reversible matrix, data sent during an interaction can be obfuscated to further improve security.
In another embodiment, before the current participant and the opposite participant perform the matrix sharing interaction process, the method may further include the steps of: the current participant generates a random N-th order matrix.
At this time, when the current participant and the opposite-end participant perform matrix sharing interaction processing, the current participant may perform matrix sharing interaction processing with the opposite-end participant based on the N-order matrix one, the N-order matrix two, the reversible N-order matrix, and the random N-order matrix, to obtain the current participant sharing matrix component. Therefore, by introducing the random matrix, the data sent in the interaction process can be further confused, and the safety is further improved.
Step S203: the current participant determines an element value of a designated main diagonal element of the current participant shared matrix component as a dot product protocol component result of the current participant.
Based on the dot product protocol processing method in the embodiment, the processing process of the dot product protocol is completed in a matrix mode, vectors with any length can be input in the matrix mode, the safety performance is improved, and the execution efficiency of the protocol is higher through the operation of linear algebra in the matrix construction mode.
In an embodiment, when the current participant performs matrix sharing interaction processing with the opposite participant based on the first N-order matrix, the second N-order matrix, the reversible N-order matrix, and the random N-order matrix, and obtains the current participant shared matrix component, the following method may be used:
the current participant determines a current-end intermediate component according to the reversible N-order matrix, the random N-order matrix and the first N-order matrix, and sends the current-end intermediate component to the opposite-end participant; in a specific example, the front-end intermediate component may include: determining a first product result according to the reversible N-order matrix and the N-order matrix, and determining a second product result according to the reversible N-order matrix and the random N-order matrix;
the current participant receives the opposite-end intermediate component returned by the opposite-end participant, and determines a current-end interaction result component according to the opposite-end intermediate component and the second N-order matrix; taking the example that the current-end intermediate component includes the first product result and the second product result, the opposite-end intermediate component may also include two corresponding product results, which may be referred to as the third product result and the fourth product result; in a specific example, when the current participant determines the current-end interaction result component according to the opposite-end intermediate component and the nth-order matrix two, the following method may be adopted: determining the sum of the result obtained by multiplying the third product result by the second N-order matrix and the fourth product result as the interaction result component of the current end;
based on the first interaction result component and the second interaction result component, the current participant eliminates the randomness of the random N-order matrix to obtain the sharing matrix component of the current participant.
Therefore, based on the introduced random N-order matrix, the randomness of the random N-order matrix is eliminated, and the accuracy of an output result is ensured. In one specific example, the introduced reversible nth order matrix can be eliminated at the peer participants. And the random N-order matrix introduced by the opposite-end participant can be eliminated at the current participant.
In an embodiment, the current participant eliminates randomness of the random N-th order matrix, and when obtaining the component of the shared matrix of the current participant, the following method may be specifically adopted:
the current participant determines a current-end initial matrix component according to the current-end interaction result component and the reversible N-order matrix, and sends the current-end initial matrix component to the opposite-end participant; in a specific example, the current participant may determine the current-end initial matrix component by combining a coefficient matrix according to the current-end interaction result component and the reversible N-th order matrix, where the coefficient matrix may be a matrix constructed by coefficients of an independent linear equation set and agreed by the current participant and the opposite-end participant;
and the current participant receives the opposite terminal initial matrix component returned by the opposite terminal participant, and eliminates the random N-order matrix according to the current terminal interaction result component and the opposite terminal initial matrix component to obtain the current participant shared matrix component.
Fig. 3 is a flow chart showing a dot product protocol processing method in another embodiment, which is described by taking a scheme involving a two-end interactive process as an example. In the following embodiments, the first party may be any one of the devices 1 and 2 shown in fig. 1, and correspondingly, the second party is another device shown in fig. 1.
As shown in fig. 3, the dot product protocol processing method in this embodiment includes steps S301 to S304.
Step S301: a first participant acquires an input vector (for distinguishing from an input vector acquired by a second participant, the first participant is called as a first input vector in the embodiment and the following embodiments), and an nth order matrix first and an nth order matrix second of the first participant are constructed according to the first input vector (for distinguishing from two nth order matrices constructed by the second participant, the first nth order matrix and the second nth order matrix are called as the first nth order matrix and the second nth order matrix in the embodiment and the following embodiments); the second participant acquires an input vector (referred to as a second input vector in the present embodiment and the following embodiments for distinction from the first input vector), and constructs an N-th order matrix first and an N-th order matrix second of the second participant from the second input vector (referred to as a third N-th order matrix and a fourth N-th order matrix in the present embodiment and the following embodiments for distinction from the first N-th order matrix and the second N-th order matrix).
In a specific example, the first input vector of the first participant and the second input vector of the second participant may be an M-dimensional input vector, or may be a 2M-dimensional input vector.
When the first input vector and the second input vector are both M-dimensional input vectors, taking M as 4 and N as 2 as examples, the first input vector of the first participant may be denoted as X ═ X11,X12,X21,X22]At this time, the first party can randomly generate an M-dimensional random vector(to distinguish from the M-dimensional random vector randomly generated by the second participant, this embodiment and the following embodiments are referred to as a first M-dimensional random vector), which may be denoted as W ═ W11,W12,W21,W22]. A first nth order matrix and a second nth order matrix may then be constructed based on the first input vector X and the first M-dimensional random vector W.
When constructing the first nth order matrix and the second nth order matrix, specific manners may include: and extracting K elements in the first input vector and M-K elements in the first M-dimensional random vector to construct a first N-order matrix, and extracting the rest M-K elements in the first input vector and the rest K elements in the first M-dimensional random vector to construct a second N-order matrix. Taking K as 2 as an example, based on the first input vector X and the first M-dimensional random vector, a first N-order matrix can be constructed
And second N-order matrix
The second input vector of the second participant may be denoted as Y ═ Y11,Y12,Y21,Y22]At this time, the second party may randomly generate an M-dimensional random vector (referred to as a second M-dimensional random vector in the present embodiment and the following embodiments), and the second M-dimensional random vector may be denoted as Z ═ Z11,Z12,Z21,Z22]. A third nth order matrix and a fourth nth order matrix may then be constructed based on the second input vector Y and the second M-dimensional random vector Z.
When constructing the third nth order matrix and the fourth nth order matrix, specific manners may include: and extracting K elements in the second input vector and M-K elements in the second M-dimensional random vector to construct a third N-order matrix, and extracting the rest M-K elements in the second input vector and the rest K elements in the second M-dimensional random vector to construct a fourth N-order matrix. Taking K as 2 as an example, based on the second input vector Y and the second M-dimensional random vector, a third N-order matrix can be constructed
And fourth order-N matrix
When the input vector of the first participant is a 2M-dimensional input vector, when constructing the first N-th order matrix and the second N-th order matrix from the first input vector, the following procedure may be adopted: m elements in the 2M-dimensional input vector of the first participant are extracted to construct a first N-order matrix, and the remaining M elements in the 2M-dimensional input vector of the first participant are extracted to construct a second N-order matrix.
Taking N as 4 for example, the first input vector is X ═ X11,X12,W11,W12,X21,X22,W21,W22]The elements may be extracted directly from the vector, or may be extracted after dividing the vector into two M-dimensional vectors. E.g. it can be divided into a first M-dimensional vector X1=[X11,X12,W11,W12]And a second M-dimensional vector X2=[X21,X22,W21,W22]. Based on the first M-dimensional vector X1And a second M-dimensional vector X2A first N-order matrix can be constructed
And second N-order matrix
When the input vector of the second participant is a 2M-dimensional input vector, when constructing the third N-order matrix and the fourth N-order matrix from the second input vector, the following procedure may be adopted: and extracting M elements in the 2M-dimensional input vector of the second participant to construct a third N-order matrix, and extracting the rest M elements in the 2M-dimensional input vector of the second participant to construct a fourth N-order matrix.
Taking N as 4 as an example, the second input vector may beY=[Y11,Y12,Z11,Z12,Y21,Y22,Z21,Z22]The elements may be extracted directly from the vector, or may be extracted after dividing the vector into two M-dimensional vectors. E.g. it can be divided into a third M-dimensional vector Y1=[Y11,Y12,Z11,Z12]And a fourth M-dimensional vector Y2=[Y21,Y22,Z21,Z22]Then based on the third M-dimensional vector Y1And a fourth M-dimensional vector Y2A third N-th order matrix can be constructed
And fourth order-N matrix
It is understood that in other embodiments, the first participant and the second participant may have other input vector forms, and different nth order matrices may be constructed based on the difference of the dimension N of the input vector.
Step S302: the first participant and the second participant perform matrix sharing interaction processing, the first participant obtains a first participant shared matrix component, the second participant obtains a second participant shared matrix component, the first participant shared matrix component and the second participant shared matrix component share a dot product protocol shared matrix, and the dot product protocol shared matrix is the sum of the product of the first nth order matrix and the third nth order matrix and the product of the second nth order matrix and the fourth nth order matrix.
In one embodiment, before the matrix sharing interaction processing between the current participant and the opposite participant, the method further includes the following steps:
the first participant generates a first reversible nth order matrix; the second participant generates a second invertible nth order matrix. The first reversible N-order matrix and the second reversible N-order matrix can be generated in a random mode and generated randomlyAfter the first reversible N-order matrix and the second reversible N-order matrix, the corresponding inverse matrices can be respectively calculated. If the first participant randomly generates a first reversible N-order matrix P and calculates its inverse matrix P-1The second party may generate a second invertible N matrix Q and calculate its inverse Q-1。
At this time, when a first participant and the second participant perform matrix sharing interaction processing, the first participant performs matrix sharing interaction processing based on the first nth order matrix, the second nth order matrix, and the first reversible nth order matrix, the second participant performs matrix sharing interaction processing based on the third nth order matrix, the fourth nth order matrix, and the second reversible nth order matrix, the first participant obtains the first participant shared matrix component, and the second participant obtains the second participant shared matrix component.
Thus, by introducing a reversible matrix, data sent during an interaction can be obfuscated to further improve security.
In one embodiment, before the matrix sharing interaction processing between the current participant and the opposite participant, the method further includes the following steps:
the first participant randomly generates a first random N-order matrix; the second participant randomly generates a second random nth order matrix.
At this time, when the first participant and the second participant perform matrix sharing interaction processing, the first participant performs matrix sharing interaction processing based on the first N-order matrix, the second N-order matrix, the first reversible N-order matrix, and the first random N-order matrix, the second participant performs matrix sharing interaction processing based on the third N-order matrix, the fourth N-order matrix, the second reversible N-order matrix, and the second random N-order matrix, the first participant obtains the first participant shared matrix component, and the second participant obtains the second participant shared matrix component.
Therefore, by introducing the random matrix, the data sent in the interaction process can be further confused, and the safety is further improved.
Step S303: the first participant determining element values of designated primary diagonal elements of the first participant-shared matrix component as dot product protocol component results for the first participant; the second participant determining element values of the designated primary diagonal elements of the second participant-shared matrix component as dot product protocol component results of the second participant.
Based on the dot product protocol processing method in the embodiment, the processing process of the dot product protocol is completed in a matrix mode, and vectors with any length can be input in the matrix mode, so that the safety performance is improved, the safety requirement is met, and the execution efficiency of the protocol is higher through the linear algebra operation in the matrix construction mode.
In an embodiment, when the first participant performs matrix sharing interaction processing based on the first N-th order matrix, the second N-th order matrix, the first reversible N-th order matrix, and the first random N-th order matrix, and the second participant performs matrix sharing interaction processing based on the third N-th order matrix, the fourth N-th order matrix, the second reversible N-th order matrix, and the second random N-th order matrix, the following method may be adopted, and specifically, the method includes steps S401 to S404 shown in fig. 4.
Step S401: the first participant determines a first intermediate component according to the first reversible nth order matrix, the first random nth order matrix, and the first nth order matrix; and the second participant determines a second intermediate component according to the second reversible N-order matrix, the second random N-order matrix and the fourth N-order matrix.
In one embodiment, the first intermediate component may include: a first product result determined according to the first reversible N-order matrix and the first N-order matrix, and a second product result determined according to the first reversible N-order matrix and the first random N-order matrix. The second intermediate component may include: a third product result determined according to the second reversible N-order matrix and the fourth N-order matrix, and a fourth product result determined according to the second reversible N-order matrix and the second random N-order matrix.
Step S402: the first participant exchanges the first intermediate component and the second intermediate component with the second participant.
The first participant and the second participant may exchange the first intermediate component and the second intermediate component without any order. If the first participant determines the first intermediate component, the first intermediate component may be sent to the second participant immediately, or the first intermediate component may be sent to the second participant after a specified condition (e.g., time or other possible condition) is met. Correspondingly, after the second participant determines the second intermediate component, the second intermediate component may be immediately sent to the first participant, or the second intermediate component may be sent to the first participant after the relevant condition is satisfied. The specified conditions of the first party and the second party may be the same or different. The present embodiment does not limit the manner in which the first participant exchanges the first intermediate component and the second intermediate component with the second participant.
Step S403: the first participant determines a first interaction result component according to the second intermediate component and the second N-order matrix, and the second participant determines a second interaction result component according to the first intermediate component and the third N-order matrix;
in one embodiment, taking the example that the first intermediate component includes the first multiplication result and the second multiplication result, and the second intermediate component includes the third multiplication result and the fourth multiplication result, the following procedure may be adopted when the first participant determines the first interaction result component according to the second intermediate component and the second N-th-order matrix: and determining the sum of the result obtained by multiplying the third multiplication result by the second N-order matrix and the fourth multiplication result as the first interaction result component. Correspondingly, when the second participant determines the second interaction result component according to the first intermediate component and the third N-order matrix, the following manner may be sampled: and determining the sum of the result obtained by multiplying the first multiplication result by the third N-order matrix and the second multiplication result as a second interaction result component.
Step S404: based on the first interaction result component and the second interaction result component, the randomness of the first reversible nth order matrix, the first random nth order matrix, the second reversible nth order matrix and the second random nth order matrix is eliminated by the first participant and the second participant, the first participant obtains a first participant sharing matrix component, and the second participant obtains a second participant sharing matrix component.
In a specific example, the step of eliminating the randomness of the first reversible nth order matrix, the first random nth order matrix, the second reversible nth order matrix, and the second random nth order matrix in step S404 may include steps S4041 to S4043 as follows.
Step S4041: the first participant determines a first initial matrix component according to the first interaction result component and an inverse matrix of the first reversible Nth-order matrix; and the second participant determines a second initial matrix component according to the second interaction result component and the inverse matrix of the second reversible Nth-order matrix.
In one specific example, the first participant may determine the first initial matrix component from the first interaction result component, an inverse of the first invertible nth order matrix, in conjunction with a coefficient matrix. In this particular example, the coefficient matrix may be a matrix constructed from coefficients of independent linear equations set agreed upon by the first participant and the second participant.
At this time, when the first participant determines the first initial matrix component according to the coefficient matrix, the first interaction result component, and the first invertible N-order matrix, the following procedure may be adopted: and determining the product of the coefficient matrix and the first interaction result component and the sum of the transpose matrix of the inverse matrix of the first reversible Nth-order matrix as a first initial matrix component.
Correspondingly, the second participant may determine the second initial matrix component according to the second interaction result component, the inverse matrix of the second reversible nth order matrix, and the transpose matrix of the coefficient matrix.
At this time, in a specific example, when the second participant determines the second initial matrix component according to the coefficient matrix, the second interaction result component, and the second invertible N-order matrix, the following may be performed: subtracting the product of the transpose of the coefficient matrix and the second interaction result component from the transpose of the inverse of the second reversible nth order matrix, and determining the obtained difference as the second initial matrix component.
Step S4042: the first participant exchanges the first initial matrix component and the second initial matrix component with the second participant.
The first and second initial matrix components may be exchanged between the first and second participants without any order. For example, after the first participant determines the first initial matrix component, the first initial matrix component may be immediately sent to the second participant, or the first initial matrix component may be sent to the second participant after a specified condition (e.g., time or other possible condition) is satisfied. Correspondingly, after the second participant determines the second initial matrix component, the second initial matrix component may be immediately sent to the first participant, or the second initial matrix component may be sent to the first participant after the correlation condition is satisfied. The specified conditions of the first party and the second party may be the same or different. The present embodiment does not limit the way in which the first and second participants exchange the first and second initial matrix components.
Step S4043: the first participant eliminates the first random N-order matrix and the second reversible N-order matrix according to the first interaction result component and the second initial matrix component, and determines a first participant shared matrix component; and the second participant eliminates the second random N-order matrix and the first reversible N-order matrix according to the second interaction result component and the first initial matrix component, and determines the second participant shared matrix component.
In a specific example, when the first participant eliminates the first random N-th order matrix and the second reversible N-th order matrix according to the first interaction result component and the second initial matrix component, the following method may be adopted: and multiplying the transposed matrix of the first interaction result component by the second initial matrix component, and then subtracting the result of the first random N-order matrix to determine the result as the first participant shared matrix component.
Correspondingly, in a specific example, when the second party eliminates the second random N-order matrix and the first reversible N-order matrix according to the second interaction result component and the first initial matrix component, the following method may be adopted: and multiplying the transposed matrix of the first initial matrix component by the second interaction result component, and then subtracting the result of the second random N-order matrix to determine the result as a second participant shared matrix component.
Based on the embodiments described above, taking the dot product protocol of a single set of operations as an example, it is assumed that the elements participating in the operations contain x1、x2、y1、y2By introducing a random number mu1、μ2、μ3、μ4、λ1、λ2、λ3、λ4These elements x1、x2、y1、y2And encoding random numbers into a matrix, wherein the following matrix can be obtained:
wherein μ in said matrix1~μ4And λ1~λ4Is a random number.
Then calculate
In combination with the above formula, if A can be obtained1×B1+B2×A2The element in the upper left corner contains the result x of the vector dot product to be calculated1y1+x2y2。
In this single set of input dot product protocols, only the upper left corner element of the matrix is utilized to output the result. Based on this basic principle, it is possible to generalize to the case of each element on the main diagonal of the matrix.
Assume that there are two sets of inputs: x is the number of1、x2、y1、y2;x′1、x′2、y′1、y′2Encoding them separately into matrices, one can get:
then calculate
Thus, x can be obtained at the top left corner element of the matrix1y1+x2y2The lower right corner element can obtain x'1y′1+x′2y′2Thus, 2 independent sets of dot product operation results can be obtained.
It can be understood that the exemplary method can also be generalized to an N-th order matrix, so that N sets of dot product operation results can be output simultaneously in one protocol interaction process.
Accordingly, the following detailed description is made with reference to one specific example, and fig. 6 is a schematic diagram correspondingly illustrating an interaction flow of the dot product protocol processing method in the specific example. In this specific example, the first party is Alice, and the second party is Bob. In this specific example, taking the above-mentioned N-th order matrix as a 2-th order matrix and M as 4 as an example, Alice and Bob both input 2 sets of input vectors.
In this example, the first participant Alice enters 2 sets of vectors: x1=[X11,X12,W11,W12],X2=[X21,X22,W21,W22](ii) a The second party Bob enters 2 sets of vectors: y is1=[Y11,Y12,Z11,Z12],Y2=[Y21,Y22,Z21,Z22]。
It is understood that in other examples, Alice may input information intoAmount X ═ X11,X12,W11,W12,X21,X22,W21,W22]And dividing the vector into two groups of vectors: x1=[X11,X12,W11,W12]And X2=[X21,X22,W21,W22]. Bob may also input the vector Y ═ Y11,Y12,Z11,Z12,Y21,Y22,Z21,Z22]And dividing the vector to obtain two groups of vectors: y is1=[Y11,Y12,Z11,Z12]And Y2=[Y21,Y22,Z21,Z22]。
In other examples, Alice may also input vector X ═ X11,X12,X21,X22]And by introducing a random number W11,W12,W21,W22The elements and random numbers in the input vector are distributed, so that two groups of vectors are obtained: x1=[X11,X12,W11,W12]And X2=[X21,X22,W21,W22]. Correspondingly, Bob may also input vector Y ═ Y11,Y12,Y21,Y22]And by introducing a random number Z11,Z12,Z21,Z22The elements and random numbers in the input vector are distributed, so that two groups of vectors are obtained: y is1=[Y11,Y12,Z11,Z12]And a fourth M-dimensional vector Y2=[Y21,Y22,Z21,Z22]。
Based on the execution of the dot product protocol processing result of the scheme of the embodiment, 2 groups of dot product calculation results can be shared: alice obtains Sa[i]Bob obtains Sb[i]And satisfies the relationship:
in addition, in the embodiment with the introduced random number, it is also necessary to satisfy the relationship that the introduced random number is eliminated after the dot product protocol-based processing, such as the introduced random number W described above11,Wi2,W21,W22,Z11,Z12,Z21,Z22In the embodiment of (1), needs to satisfy
To eliminate random numbers.
As shown in FIG. 6, in this particular example, the first participant Alice obtains two sets of vectors X1=[X11,X12,W11,W12],X2=[X21,X22,W21,W22]Then, a first and a second order matrix can be constructed
Second order matrix
Correspondingly, the second party Bob obtains two sets of vectors Y1=[Y11,Y12,Z11,Z12],Y2=[Y21,Y22,Z21,Z22]Thereafter, a third second order matrix may be constructed
And a fourth second order matrix
On the other hand, Alice generates a random second order reversible matrix (first reversible second order matrix) P and calculates its inverse matrix P-1. Bob generates a random second order reversible matrix Q (second reversible second order matrix) and calculates its inverse Q-1。
In addition, Alice selects a random second order matrix (first random second order matrix) D1Bob selects a random second order matrix (second random second order matrix) D2。
It is understood that in practical technical implementation, taking Alice as an example, the first second-order matrix a1And a second order matrix A2Construction of (3), Generation of reversible second-order matrix P and inverse matrix P thereof-1And a random second order matrix D1The three can be selected without any sequence. Correspondingly, for Bob, the first second order matrix a1And a second order matrix A2Structure of (3), generation of reversible second order matrix Q and inverse matrix Q thereof-1And a random second order matrix D2The three can be selected without any sequence.
Then, the process of performing the matrix sharing interaction process between Alice and Bob may be started, so that Alice obtains the first participant sharing matrix component SaBob obtains the second participant shared matrix component SbI.e. the first party shares the matrix component SaSharing a matrix component S with a second participantbAnd sharing a dot product protocol sharing matrix which is the sum of the product of the first N-order matrix and the third N-order matrix and the product of the second N-order matrix and the fourth N-order matrix. Namely Sa+Sb=A1×B1+B2×A2。
The specific matrix sharing interaction process may be performed in such a way that a first round of interaction process is first started.
Alice is based on reversible twoOrder matrix P, random second order matrix D1And a first second order matrix A1Determining a first intermediate component, the first intermediate component comprising: reversible second-order matrix P and first second-order matrix A1First product result P × a1And a reversible second order matrix P and a random second order matrix D1Second product result P × D1Then the first intermediate component P × A1And P × D1Sent to Bob.
Bob receives the first intermediate component, and then according to the first intermediate component (P × A)1And P × D1) And a third second-order matrix B1Determining the second interaction result component XB, which may specifically be calculated by using the following formula:
XB=(P×A1)×B1+(P×D1)=P×(A1×B1+D1)。
in the second round of interaction process, Bob carries out the second random second-order matrix D according to the second reversible second-order matrix Q2And the fourth second order matrix determines B2A second intermediate component, the second intermediate component comprising: determining B by the second reversible second-order matrix Q and the fourth second-order matrix2Is the third product result of Q B2And a second reversible quadratic matrix Q and a second random quadratic matrix D2Is Q × D2. Then the second intermediate component QXB2And QxD2And sending the data to Alice.
After receiving the second intermediate component, Alice receives the second intermediate component according to the second intermediate component (QXB)2And QxD2) And a second order matrix A2Determining the first interaction result component XA may specifically be calculated using the following formula:
XA=(Q×B2)×A2+(Q×D2)=Q×(B2×A2+D2)。
after the two interactive processes are completed, the subsequent dot product calculation process can be executed. It will be appreciated that the above exchanges the first intermediate component (P A)1And P × D1) And exchanging the second intermediate component (QXB)2And QxD2) In this example, the exchange is done on the fly (Alice calculates the first intermediate)Intermediate component (P × A)1And P × D1) Then immediately sent to Bob, who calculates the second intermediate component (QXB)2And QxD2) And then immediately sent to Alice) as an example, the order may not be sorted in the actual technology implementation. As one specific example, the first intermediate component (P × a) may be simultaneously paired1And P × D1) And a second intermediate component (QXB)2And QxD2) And exchanging is carried out so as to reduce the number of interaction between the two parties and improve the processing efficiency.
In performing the dot product calculation, Alice and Bob agree on a set of parameters cijThese parameters may be coefficients of independent linear equations (e.g., all c)ijAll are small prime numbers) based on these parameters cijConfigurable coefficient matrix
Then, Alice determines a first initial matrix component U according to the coefficient matrix C, the first interaction result component XA, and an inverse matrix of the first reversible second-order matrix P, which may specifically be calculated by using the following formula:
U=(P-1)T+C×XA。
bob determines a second initial matrix component V according to the coefficient matrix C, the second interaction result component XB, and the inverse matrix of the second reversible second-order matrix Q, which may specifically be calculated by using the following formula:
V=(Q-1)T-CT×XB。
it is to be understood that in other embodiments, the calculation of the first initial matrix component U and the second initial matrix component V may be implemented in other manners.
And after calculating the first initial matrix component U, the Alice sends the first initial matrix component U to Bob.
And after calculating the second initial matrix component V, Bob sends the second initial matrix component V to Alice.
It can be understood that, when the first initial matrix component U and the second initial matrix component V are exchanged, in this example, the exchange is performed immediately (Alice calculates the first initial matrix component U and then immediately sends it to Bob, and Bob calculates the second initial matrix component V and then immediately sends it to Alice) as an example, and the order may not be different in the actual technical implementation. As a specific example, the first initial matrix component U and the second initial matrix component V may be exchanged at the same time, so as to reduce the number of interactions between the two parties and improve the processing efficiency.
After receiving the second initial matrix component V, Alice receives the second initial matrix component V according to the first interaction result component XA, the second initial matrix component V and the first random second-order matrix D1Determining a first participant shared matrix component SaTo eliminate the introduced second reversible second-order matrix Q and the first random second-order matrix D1Specifically, the following formula can be used for calculation:
it should be noted that the element (—) in the above formula indicates that the specific result is not concerned in the calculation process, and is not intended to limit the specific value. Elements (—) in the formulae below have similar meanings.
Bob receives the first initial matrix component U, and then according to the second interaction result component XB, the first initial matrix component XB and the second random second-order matrix D2Determining the second participant-shared matrix component SbTo eliminate the introduced first reversible second-order matrix P and second random second-order matrix D2Specifically, the following method can be adopted:
it is understood that in other embodiments, the introduced first random second-order matrix D may be implemented in other manners1And a second random second order matrix D2Elimination of (2).
First participant sharing matrix component S determined based on AliceaAnd a second party determined by Bob share a matrix component SbIt can be determined that Alice and Bob share the matrix:
therefore, Alice and Bob only need to select 2 elements of the main diagonal line of the shared matrix component held by themselves, which are respectively the addition sharing of the dot product operation results of 2 groups of input vectors:
thus, lie shares the first participant with the matrix component SaDetermines the element value of the designated master diagonal element as the dot product protocol component result for the first participant, Bob shares the matrix component S with the second participantbIs determined as the dot product protocol component result of the second participant.
As described above, Alice may choose to share a matrix component S with a first participantaAs a result of the dot product protocol component, Bob correspondingly selects the second participant shared matrix component SbAs its dot product protocol component result. The specific value of i may be agreed by Alice and Bob, preset, or determined in other manners.
Taking i as 1 as an example, Alice selects Sa[1]As a result of its dot product protocol components, Bob selects Sb[1]As the result of the dot product protocol component, the additive sharing of the dot product operation result is realized
Taking i as 2 as an example, Alice selects Sa[2]As a result of its dot product protocol components, Bob selects Sb[2]As the result of the dot product protocol component, the additive sharing of the dot product operation result is realized
It can be understood that the above example is only described by taking a second-order matrix as an example, and the processing procedure of the dot product protocol in this embodiment can be generalized to a third-order matrix or a higher-order matrix, and has scalability. For an N (N is a positive integer greater than or equal to 2) order matrix, after a protocol processing process is executed once, vector dot product operation with N elements can be realized, and a plurality of groups of dot product operation results are output at the same time, so that a mechanism for concurrent execution is provided.
Based on the example as described above, the processing procedures of the two parties are the same, a completely symmetrical protocol structure is realized, the number of random numbers introduced by any party is the same as the number of published equations, and therefore, the advantages of any party in terms of security are equivalent. And a large number of random numbers can be introduced to confuse input vectors based on the inverse matrix, so that the safety condition that the number of independent variables is more than the number of public equations is met, and the safety is improved.
Based on the examples described above, there is also provided in one embodiment a computer device comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, wherein the processor when executing the program implements the method of any one of the embodiments described above.
FIG. 7 is a diagram illustrating an internal structure of a computer device in one embodiment. The computer device may specifically be device 101 (or device 102) in fig. 1. As shown in fig. 7, the computer apparatus includes a processor, a memory, a network interface, and an input device connected through a system bus. Wherein the memory includes a non-volatile storage medium and an internal memory. The non-volatile storage medium of the computer device stores an operating system and may also store a computer program that, when executed by the processor, causes the processor to implement the dot-product protocol processing method. The internal memory may also have a computer program stored therein, which when executed by the processor, causes the processor to perform a dot product protocol processing method.
Those skilled in the art will appreciate that the architecture shown in fig. 7 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.
It will be understood by those skilled in the art that all or part of the processes in the methods of the embodiments described above may be implemented by a computer program, which is stored in a non-volatile computer readable storage medium, and in the embodiments of the present invention, the program may be stored in the storage medium of a computer system and executed by at least one processor in the computer system to implement the processes of the embodiments including the methods described above. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), or the like.
Accordingly, in an embodiment, a storage medium is further provided, on which a computer program is stored, wherein the program, when executed by a processor, implements the dot-product protocol processing method according to any one of the above embodiments.
The technical features of the embodiments described above may be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the embodiments described above are not described, but should be considered as being within the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present invention, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the inventive concept, which falls within the scope of the present invention. Therefore, the protection scope of the present patent shall be subject to the appended claims.
Claims (12)
1. A dot product protocol processing method, the method comprising:
the method comprises the steps that a current participant obtains a current participant input vector, and an N-order matrix I and an N-order matrix II are constructed according to the current participant input vector; wherein if the current participant input vector comprises (x)1、x2) Then the first N-order matrix is
The second N-order matrix is
Wherein, mu1、μ2、μ3、μ4Is a random number, or, if the current participant input vector comprises (x)1、x2)、(x′1、x′2) The first N-order matrix is
The second N-order matrix is
The current participant and the opposite-end participant carry out matrix sharing interactive processing to obtain a current participant sharing matrix component, and the current participant sharing matrix component and the opposite-end participant sharing moment obtained by the opposite-end participantThe array components share a dot product protocol sharing matrix, wherein the dot product protocol sharing matrix is the sum of the product of the first N-order matrix and the third N-order matrix of the opposite-end participant and the product of the fourth N-order matrix of the opposite-end participant and the second N-order matrix; wherein the Nth order matrix is
The fourth order matrix is
Wherein (y)1、y2) Is the input vector of the opposite party, lambda1、λ2、λ3、λ4As a random number, the current participant shared matrix component is
Or the third N-order matrix is
The N-order matrix is four
Wherein (y)1、y2)、(y′1、y′2) The input vectors are respectively the input vectors of the opposite party, and the current party sharing matrix component is
The current participant determines the element value of the designated position element of the current participant shared matrix component as the dot product protocol component result of the current participantWherein the current participant sharing matrix component is
When the element value of the specified position element is x1y1+x2y2The current participant sharing matrix component is
When the element value of the specified position element is x1y1+x2y2Or x'1y′1+x′2y′2;
The method for performing matrix sharing interactive processing on the current participant and the opposite participant, and obtaining the current participant sharing matrix component comprises the following steps:
the current participant determines a current-end intermediate component according to the reversible N-order matrix, the random N-order matrix and the N-order matrix I, and sends the current-end intermediate component to the opposite-end participant; the front-end intermediate component includes: determining a first product result according to the reversible N-order matrix and the N-order matrix, and determining a second product result according to the reversible N-order matrix and the random N-order matrix;
the current participant receives an opposite-end intermediate component returned by the opposite-end participant, and determines a current-end interaction result component according to the opposite-end intermediate component and the second N-order matrix; the peer intermediate component includes: a third product result determined according to the opposite-end reversible N-order matrix and the N-order matrix, and a fourth product result determined according to the opposite-end reversible N-order matrix and the opposite-end random N-order matrix; the current-end interaction result component is the sum of the result obtained by multiplying the third product result by the second N-order matrix and the fourth product result;
based on the current end interaction result component, the current participant eliminates the randomness of the random N-order matrix to obtain a current participant shared matrix component;
the current participant eliminates the randomness of the random N-order matrix, and the manner of obtaining the current participant shared matrix component comprises:
the current participant determines a current-end initial matrix component according to the current-end interaction result component and the reversible N-order matrix, and sends the current-end initial matrix component to the opposite-end participant; the current-end initial matrix component is determined according to the current-end interaction result component and the reversible N-order matrix combination coefficient matrix, and the coefficient matrix is a matrix which is agreed by the current participant and the opposite participant and is constructed according to coefficients of an independent linear equation set;
and the current participant receives an opposite terminal initial matrix component returned by the opposite terminal participant, the random N-order matrix is eliminated according to the current terminal interaction result component and the opposite terminal initial matrix component, the current participant shared matrix component is obtained, the opposite terminal initial matrix component is determined according to the opposite terminal interaction result component and an inverse matrix of an opposite terminal reversible N-order matrix by combining the coefficient matrix, and the opposite terminal interaction result component is determined according to the current terminal intermediate component and the N-order matrix.
2. The method of claim 1, wherein:
if the current participant input vector is an M-dimensional input vector X ═ X11,X12,X21,X22]M is 4; the method for constructing the first N-order matrix and the second N-order matrix according to the input vector of the current participant comprises the following steps: randomly generating an M-dimensional random vector-W ═ W11,W12,W21,W22]Extracting 2 elements in the M-dimensional input vector X and 2 elements in the M-dimensional random vector W to construct the N-order matrix I
Extracting the remaining 2 elements of the M-dimensional input vector X and the remaining 2 elements of the M-dimensional random vector WConstructing the N-order matrix II
In this case, the Nth order matrix is
The fourth order matrix is
[Y11,Y12,Y21,Y22]For the input vector of the opposite end participant, [ Z11,Z12,Z21,Z22]A vector randomly generated for the peer participant.
3. The method of claim 1, wherein:
if the current participant input vector comprises a 2M-dimensional input vector X ═ X11,X12,W11,W12,X21,X22,W21,W22]And when M is 4, constructing an N-order matrix I and an N-order matrix II according to the current participant input vector in a mode comprising the following steps: splitting a 2M-dimensional input vector X into a first M-dimensional vector X1=[X11,X12,W11,W12]And a second M-dimensional vector X2=[X21,X22,W21,W22]And based on a first M-dimensional vector X1Constructing the first N-order matrix
Based on the second M-dimensional vector X2Constructing the N-order matrix II
In this case, the N-order matrix 3 is
The N-order matrix 4 is
[Y11,Y12,Z11,Z12,Y21,Y22,Z21,Z22]Is the input vector of the opposite end participant.
4. A method according to any one of claims 1 to 3, characterized in that:
before matrix sharing interaction processing is carried out on the current participant and the opposite-end participant, the method further comprises the following steps: the current participant generates the invertible nth order matrix.
5. The method of claim 4, wherein:
before matrix sharing interaction processing is carried out on the current participant and the opposite-end participant, the method further comprises the following steps: the current participant generates the random N-th order matrix.
6. A dot product protocol processing method, the method comprising:
a first participant acquires a first input vector and constructs a first N-order matrix and a second N-order matrix according to the first input vector; the second participant acquires a second input vector and constructs a third N-order matrix and a fourth N-order matrix according to the second input vector; wherein if the first input vector is (x)1、x2) The second input vector is (y)1、y2) Then the first N-order matrix is
The second N-order matrix is
Said N isOrder matrix is three
The fourth order matrix is
Wherein, mu1、μ2、μ3、μ4、λ1、λ2、λ3、λ4Is a random number, or, if the first input vector is (x)1、x2)、(x′1、x′2) The second input vector is (y)1、y2)、(y′1、y′2) Then the first N-order matrix is
The second N-order matrix is
The Nth order matrix is
The N-order matrix is four
The first participant and the second participant perform matrix sharing interactive processing, the first participant obtains a first participant shared matrix component, the second participant obtains a second participant shared matrix component, the first participant shared matrix component and the second participant shared matrix component share a dot product protocol shared matrix, the dot product protocol shared matrix is the sum of the product of the first Nth order matrix and the third Nth order matrix and the product of the fourth Nth order matrix and the second Nth order matrix, and the current participant shared matrix component is the sum of the first Nth order matrix and the third Nth order matrix
Or, the current participant sharing matrix component is
The first participant determining element values of specified position elements of the first participant-shared matrix component as dot product protocol component results of the first participant; the second participant determining element values of the designated position elements of the second participant-shared matrix component as dot product protocol component results of the second participant; wherein the current participant sharing matrix component is
When the element value of the specified position element is x1y1+x2y2The current participant sharing matrix component is
When the element value of the specified position element is x1y1+x2y2Or x'1y′1+x′2y′2;
The first participant determines a first intermediate component according to a first reversible N-order matrix, a first random N-order matrix and the first N-order matrix; the second participant determines a second intermediate component according to a second reversible N-order matrix, a second random N-order matrix and the fourth N-order matrix; the first intermediate component includes: the second intermediate component may include a first product result determined from the first reversible N-order matrix and the first N-order matrix, and a second product result determined from the first reversible N-order matrix and the first random N-order matrix: a third product result determined according to the second reversible N-order matrix and the fourth N-order matrix, and a fourth product result determined according to the second reversible N-order matrix and the second random N-order matrix;
the first participant exchanging the first intermediate component and the second intermediate component with the second participant;
the first participant determines a first interaction result component according to the second intermediate component and the second N-order matrix, and the second participant determines a second interaction result component according to the first intermediate component and the third N-order matrix; the first interaction result component is a sum of a result obtained by multiplying the third multiplication result by the second N-th order matrix and the fourth multiplication result, and the second interaction result component is a sum of a result obtained by multiplying the first multiplication result by the third N-th order matrix and the second multiplication result;
based on the first interaction result component and the second interaction result component, the randomness of the first reversible nth order matrix, the first random nth order matrix, the second reversible nth order matrix and the second random nth order matrix is eliminated by the first participant and the second participant, the first participant obtains a first participant sharing matrix component, and the second participant obtains a second participant sharing matrix component;
based on the first interaction result component and the second interaction result component, the first participant and the second participant eliminate randomness of the first invertible nth order matrix, the first random nth order matrix, the second invertible nth order matrix, and the second random nth order matrix, the first participant obtains a first participant sharing matrix component, and the second participant obtains a second participant sharing matrix component, including:
the first participant determines a first initial matrix component according to the first interaction result component and an inverse matrix of the first reversible Nth-order matrix; the second participant determines a second initial matrix component according to the second interaction result component and the inverse matrix of the second reversible Nth-order matrix; the first initial matrix component is determined by combining a coefficient matrix according to the first interaction result component and an inverse matrix of the first reversible Nth-order matrix, the second initial matrix component is determined by combining a coefficient matrix according to the second interaction result component and an inverse matrix of the second reversible Nth-order matrix, and the coefficient matrix is a matrix which is agreed by the first participant and the second participant and is constructed according to coefficients of an independent linear equation set;
the first participant exchanging the first initial matrix component and the second initial matrix component with the second participant;
the first participant eliminates the first random N-order matrix and the second reversible N-order matrix according to the first interaction result component and the second initial matrix component, and determines a first participant sharing matrix component; and the second participant eliminates the second random N-order matrix and the first reversible N-order matrix according to the second interaction result component and the first initial matrix component, and determines the second participant shared matrix component.
7. The method of claim 6, wherein:
if the first input vector is an M-dimensional input vector X ═ X11,X12,X21,X22]And when M is 4, the first participant constructing a first nth order matrix and a second nth order matrix according to the first input vector comprises: the first participant randomly generates a first M-dimensional random vector W ═ W11,W12,W21,W22]Extracting 2 elements in the M-dimensional input vector X and 2 elements in the M-dimensional random vector W to construct the first N-order matrix
Extracting the remaining 2 elements in the M-dimensional input vector X and the remaining 2 elements in the M-dimensional random vector W to construct the second N-order matrix
The second input vector is an M-dimensional input vector Y ═ Y11,Y12,Y21,Y22]And when M is 4, the second participant constructing a third nth order matrix and a fourth nth order matrix according to the second input vector comprises: the second participant randomly generates a second M-dimensional random vector Z ═ Z11,Z12,Z21,Z22]Extracting 2 elements in the second input vector Y and 2 elements in the second M-dimensional random vector Z to construct a third Nth-order matrix B1=
Extracting the remaining 2 elements in the second input vector Y and the remaining 2 elements in the second M-dimensional random vector Z to construct the fourth N-order matrix
8. The method of claim 6, wherein:
the first input vector comprises a 2M-dimensional input vector X ═ X11,X12,W11,W12,X21,X22,W21,W22]And when M is 4, the first participant constructing a first nth order matrix and a second nth order matrix according to the first input vector comprises: splitting a 2M-dimensional input vector X into a first M-dimensional vector X1=[X11,X12,W11,W12]And a second M-dimensional vector X2=[X21,X22,W21,W22]Based on a first M-dimensional vector X1Constructing a first N-order matrix
Based on a second M-dimensional vector X2Constructing the second N-order matrix
If the second input vector comprises a 2M-dimensional input vector Y ═ Y11,Y12,Z11,Z12,Y21,Y22,Z21,Z22]The method for the second participant to construct the third nth order matrix and the fourth nth order matrix according to the second input vector includes: splitting a 2M-dimensional input vector Y into a third M-dimensional vector Y1=[Y11,Y12,Z11,Z12]And a fourth M-dimensional vector Y2=[Y21,Y22,Z21,Z22]Based on a third M-dimensional vector Y1Constructing a third N-order matrix
Based on the fourth M-dimensional vector Y2Constructing the fourth N-order matrix
9. The method according to any one of claims 6 to 8, characterized in that:
before the first participant and the second participant perform matrix sharing interaction processing, the method further comprises the following steps: the first participant generates the first invertible nth order matrix; the second participant generates the second invertible nth order matrix.
10. The method of claim 9, wherein:
before the first participant and the second participant perform matrix sharing interaction processing, the method further comprises the following steps: the first participant randomly generates the first random N-order matrix; the second participant randomly generates the second random nth order matrix.
11. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the steps of the method according to any of claims 1 to 10 are implemented by the processor when executing the program.
12. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 10.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711451381.5A CN108134668B (en) | 2017-12-27 | 2017-12-27 | Dot product protocol processing method, computer device and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711451381.5A CN108134668B (en) | 2017-12-27 | 2017-12-27 | Dot product protocol processing method, computer device and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108134668A CN108134668A (en) | 2018-06-08 |
| CN108134668B true CN108134668B (en) | 2022-03-04 |
Family
ID=62393014
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711451381.5A Active CN108134668B (en) | 2017-12-27 | 2017-12-27 | Dot product protocol processing method, computer device and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108134668B (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2002024268A (en) * | 2000-06-12 | 2002-01-25 | Internatl Business Mach Corp <Ibm> | Method for retrieving and ranking document from database, computer system, and recording medium |
| CN104823203A (en) * | 2013-09-16 | 2015-08-05 | 眼验有限责任公司 | Biometric template security and key generation |
-
2017
- 2017-12-27 CN CN201711451381.5A patent/CN108134668B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2002024268A (en) * | 2000-06-12 | 2002-01-25 | Internatl Business Mach Corp <Ibm> | Method for retrieving and ranking document from database, computer system, and recording medium |
| CN104823203A (en) * | 2013-09-16 | 2015-08-05 | 眼验有限责任公司 | Biometric template security and key generation |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108134668A (en) | 2018-06-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Rathee et al. | Cryptflow2: Practical 2-party secure inference | |
| Wagh et al. | Securenn: Efficient and private neural network training | |
| CN111512589B (en) | Method for fast secure multiparty inner product with SPDZ | |
| Ghodsi et al. | Cryptonas: Private inference on a relu budget | |
| Liang et al. | Semi-device-independent bounds on entanglement | |
| Beigi et al. | Simplified instantaneous non-local quantum computation with applications to position-based cryptography | |
| CN108809623B (en) | Secure multiparty computing method, device and system | |
| Han et al. | Privacy-preserving gradient-descent methods | |
| EP2965462A1 (en) | Privacy-preserving ridge regression using partially homomorphic encryption and masks | |
| JP6973868B2 (en) | Secret calculation methods, devices, and programs | |
| Berta et al. | Quantum to classical randomness extractors | |
| JP7147073B2 (en) | A more efficient post-quantum signature | |
| CN107888385B (en) | RSA modulus generation method, RSA key generation method, computer device, and medium | |
| CN112883387A (en) | Privacy protection method for machine-learning-oriented whole process | |
| CN114691167A (en) | Method and device for updating machine learning model | |
| CN110826089A (en) | Verifiable outsourcing computing method, client and cloud computing system for realizing safety and high efficiency of large-scale matrix multiplication | |
| Brenner et al. | Optimal wire cutting with classical communication | |
| CN115842627A (en) | Decision tree evaluation method, device, equipment and medium based on secure multi-party computation | |
| CN108134668B (en) | Dot product protocol processing method, computer device and storage medium | |
| CN114756815A (en) | Triple generation method and system for multi-party secure computing | |
| Liu et al. | Secure and verifiable outsourcing protocol for non-negative matrix factorisation | |
| Liu et al. | Secure Two-Party Decision Tree Classification Based on Function Secret Sharing | |
| Cheng et al. | Secure Similar Sequence Query over Multi-source Genomic Data on Cloud | |
| Obimbo et al. | A Parallel Algorithm for determining the inverse of a matrix for use in blockcipher encryption/decryption | |
| Vedadi et al. | Polydot coded privacy preserving multi-party computation at the edge |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |