CN111046408A - Judgment result processing method, query method, device, electronic equipment and system - Google Patents

Judgment result processing method, query method, device, electronic equipment and system Download PDF

Info

Publication number
CN111046408A
CN111046408A CN201911284322.2A CN201911284322A CN111046408A CN 111046408 A CN111046408 A CN 111046408A CN 201911284322 A CN201911284322 A CN 201911284322A CN 111046408 A CN111046408 A CN 111046408A
Authority
CN
China
Prior art keywords
judgment
ciphertext
judgment result
result
target
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201911284322.2A
Other languages
Chinese (zh)
Inventor
李漓春
赵原
张祺智
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alipay Hangzhou Information Technology Co Ltd
Original Assignee
Alipay Hangzhou Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alipay Hangzhou Information Technology Co Ltd filed Critical Alipay Hangzhou Information Technology Co Ltd
Priority to CN201911284322.2A priority Critical patent/CN111046408A/en
Publication of CN111046408A publication Critical patent/CN111046408A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • Databases & Information Systems (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

Embodiments of a method, an apparatus, an electronic device, and a system for processing a determination result are provided. The query method comprises the following steps: inquiring a judgment result ciphertext from a ciphertext set according to the specific value of the judgment object to obtain a target judgment result ciphertext, wherein the ciphertext set comprises at least one judgment result ciphertext corresponding to the value of the judgment object; and sending the target judgment result ciphertext to the judgment condition party. One or more embodiments of the present specification may determine, by secure multiparty computation, a determination result of the determination condition corresponding to the specific value of the determination object by cooperation of the determination condition and the data party on the premise that the determination condition does not leak the determination condition of the data party and the specific value of the data party does not leak the specific value of the data party, thereby implementing privacy protection.

Description

Judgment result processing method, query method, device, electronic equipment and system
Technical Field
The embodiment of the specification relates to the technical field of computers, in particular to a judgment result processing method, a judgment result query method, a judgment result processing device, electronic equipment and a judgment result system.
Background
In practical business, one party usually has a judgment condition (hereinafter, referred to as a judgment condition party) requiring confidentiality, and the other party has private data (hereinafter, referred to as a data party) requiring confidentiality. How to determine the judgment result of the judgment condition corresponding to the private data in cooperation under the condition that the judgment condition party does not leak the judgment condition and the data party does not leak the private data is a technical problem which needs to be solved urgently at present.
Disclosure of Invention
The embodiment of the specification provides a judgment result processing method, an inquiry device, an electronic device and a system, so that under the condition that the judgment condition party does not leak the judgment condition and the data party does not leak the private data, the judgment result corresponding to the private data of the judgment condition is determined in a cooperative manner.
In order to achieve the above purpose, one or more embodiments in the present specification provide the following technical solutions.
According to a first aspect of one or more embodiments of the present specification, there is provided a determination result processing method applied to a determination condition side, including: constructing a judgment result set, wherein the judgment result set comprises at least one judgment result obtained according to the judgment condition, and each judgment result corresponds to at least one value of a judgment object; encrypting the judgment result in the judgment result set to obtain a ciphertext set; and sending the ciphertext set to a data side.
According to a second aspect of one or more embodiments of the present specification, there is provided a query method applied to a data side, including: inquiring a judgment result ciphertext from a ciphertext set according to the specific value of the judgment object to obtain a target judgment result ciphertext, wherein the ciphertext set comprises at least one judgment result ciphertext corresponding to the value of the judgment object; and sending the target judgment result ciphertext to the judgment condition party.
According to a third aspect of one or more embodiments of the present specification, there is provided a query method applied to a data side, including: inquiring a judgment result ciphertext from a ciphertext set according to the specific value of the judgment object to obtain a target judgment result ciphertext, wherein the ciphertext set comprises at least one judgment result ciphertext corresponding to the value of the judgment object; generating a first share of the target determination result, the first share including a random number; calculating a second share of ciphertext of the target judgment result according to the target judgment result ciphertext and the first share; and sending the ciphertext of the second share of the target judgment result to the judgment conditional party.
According to a fourth aspect of one or more embodiments of the present specification, there is provided a determination result processing apparatus applied to a determination condition side, including: the construction unit is used for constructing a judgment result set, wherein the judgment result set comprises at least one judgment result obtained according to the judgment condition, and each judgment result corresponds to at least one value of a judgment object; the encryption unit is used for encrypting the judgment result in the judgment result set to obtain a ciphertext set; and the sending unit is used for sending the ciphertext set to a data party.
According to a fifth aspect of one or more embodiments of the present specification, there is provided a query apparatus applied to a data side, including: the query unit is used for querying a judgment result ciphertext from a ciphertext set according to a specific value of a judgment object to obtain a target judgment result ciphertext, wherein the ciphertext set comprises at least one judgment result ciphertext corresponding to the value of the judgment object; and the sending unit is used for sending the target judgment result ciphertext to the judgment condition party.
According to a sixth aspect of one or more embodiments of the present specification, there is provided a query apparatus applied to a data side, including: the query unit is used for querying a judgment result ciphertext from a ciphertext set according to a specific value of a judgment object to obtain a target judgment result ciphertext, wherein the ciphertext set comprises at least one judgment result ciphertext corresponding to the value of the judgment object; a generation unit configured to generate a first share of a target determination result, the first share including a random number; the calculation unit is used for calculating the ciphertext of a second share of the target judgment result according to the target judgment result ciphertext and the first share; and the sending unit is used for sending the ciphertext of the second share of the target judgment result to the judgment conditional party.
According to a seventh aspect of one or more embodiments of the present specification, there is provided an electronic device comprising: at least one processor; a memory storing program instructions configured to be suitable for execution by the at least one processor, the program instructions comprising instructions for performing the method steps of the first, second or third aspect.
According to an eighth aspect of one or more embodiments of the present specification, there is provided a query system including a data side and a judgment condition side; the data side is provided with the device of the fifth aspect; and the judgment condition party is used for receiving the target judgment result ciphertext and decrypting the target judgment result ciphertext to obtain a target judgment result.
According to a ninth aspect of one or more embodiments of the present specification, there is provided a query system including a data side and a judgment condition side; the data side is provided with the apparatus of the sixth aspect; and the judgment condition party is used for receiving the ciphertext of the second share of the target judgment result and decrypting the ciphertext of the second share of the target judgment result to obtain the second share of the target judgment result.
As can be seen from the above technical solutions provided in the embodiments of the present specification, through secure multiparty computation, on the premise that the determination condition party does not leak the determination condition of itself and the data party does not leak the specific value of itself, the determination result of the determination condition corresponding to the specific value of the determination object can be determined by cooperation of the determination condition party and the data party, thereby implementing privacy protection.
Drawings
In order to more clearly illustrate the embodiments of the present specification or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below, the drawings in the following description are only some embodiments described in the present specification, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a flow diagram of a query method in one embodiment of the present description;
FIG. 2 is a schematic diagram of a decision tree according to an embodiment of the present disclosure;
FIG. 3 is a flow diagram of a query method in one embodiment of the present description;
FIG. 4 is a flowchart illustrating a method for processing a determination result according to an embodiment of the present disclosure;
FIG. 5 is a flow diagram of a query method in one embodiment of the present description;
FIG. 6 is a flow diagram of a query method in one embodiment of the present description;
fig. 7 is a functional structure diagram of a determination result processing apparatus according to an embodiment of the present disclosure;
fig. 8 is a functional structure diagram of an inquiry apparatus according to an embodiment of the present disclosure;
fig. 9 is a functional structure diagram of an inquiry apparatus according to an embodiment of the present disclosure;
fig. 10 is a functional structure diagram of an electronic device according to an embodiment of the present disclosure.
Detailed Description
The technical solutions in the embodiments of the present disclosure will be clearly and completely described below with reference to the drawings in the embodiments of the present disclosure, and it is obvious that the described embodiments are only a part of the embodiments of the present disclosure, and not all of the embodiments. All other embodiments obtained by a person skilled in the art based on the embodiments in the present specification without any inventive step should fall within the scope of protection of the present specification. It should be understood that the term "unique correspondence" in this specification can be understood as a one-to-one correspondence. For example, a unique correspondence to B may be understood as a one-to-one correspondence between a and B.
This specification provides one embodiment of a query system. The query system may include a determining conditional party and a data party.
In some embodiments, the determination condition party may be a server, a mobile phone, a tablet computer, or a personal computer; alternatively, the system may be a system including a plurality of devices, for example, a server cluster including a plurality of servers. The judgment condition party may hold a judgment condition. The judgment condition may include a comparison judgment condition, an attribution judgment condition, and the like. And the comparison judgment condition is used for determining the size relationship between the value of the judgment object and the threshold value. The comparison determination condition may include a greater than determination condition, a greater than or equal to determination condition, an equal to determination condition, a less than or equal to determination condition, and the like. For example, the greater-than determination condition may be x > t, where x represents a value of a determination target, and t represents a threshold. The attribution judgment condition is used for determining an attribution relationship between a value of a judgment object and a data set, and the data set may include at least one data element. For example, the attribution judgment condition may be x ∈ s, where x represents a value of a judgment object, and s represents a data set.
The determination condition may include a relational operator and reference data. Specifically, the determination condition may be a comparison determination condition, the relationship operator may be a comparison operator, the comparison operator may include a greater than operator, a greater than or equal to operator, an equal to operator, a less than or equal to operator, and the like, and the reference data may be a threshold. Alternatively, the determination condition may be an attribution determination condition, the relational operator may be an attribution operator, and the reference data may be a data set.
The judgment object may have at least one value. The value may be a numerical value; alternatively, it may be a character; alternatively, other information (e.g., text) may also be present. For example, in some service scenarios, the judgment object may be used to indicate the income status of the user, and the value of the judgment object may be the annual income value of the user. For another example, in some service scenarios, the determination object may be used to represent a property status of a user, a value of the determination object may be 0 or 1, where 0 represents that the user does not own a property, and 1 represents that the user does not own a property.
At least one judgment result can be obtained according to the judgment condition, and each judgment result can correspond to at least one value of a judgment object. In practical application, a value of a judgment object and reference data are operated according to an operation mode represented by a relational operator, so that a judgment result of a judgment condition can be obtained. The judgment result can be a numerical value; alternatively, the characters may be used. For example, the determination result may be a value 0 or a value 1, where a value 0 indicates that the determination condition is not satisfied, and a value 1 indicates that the determination condition is not satisfied. For another example, the determination result may be a character False or a character True, where the character False indicates that the determination condition is not satisfied, and the character True indicates that the determination condition is satisfied.
In some embodiments, the data party may be a server, a mobile phone, a tablet computer, or a personal computer; alternatively, the system may be a system including a plurality of devices, for example, a server cluster including a plurality of servers. The data side can hold a specific value of the judgment object.
In some embodiments, the determining conditional Party and the data Party may be both parties performing Secure Multi-Party computing (SMC). Secure multi-party computing may be used to solve the problem of privacy-preserving cooperative computing among a group of mutually untrusted parties. Specifically, the judgment condition party and the data party may perform cooperative calculation to obtain a judgment result of the judgment condition corresponding to a specific value of the judgment object. For privacy protection, in the course of cooperative computing, the judgment condition party cannot leak the judgment conditions (such as the relation operators and/or the reference data) held by the data party to the data party, and the data party cannot leak the specific values of the judgment objects held by the data party to the judgment condition party.
In practical applications, the process of obtaining the determination result by the data party and the determination condition party through cooperative computing may be an independent computing task, or may be a part of a large computing task. In some example scenarios, the determination conditional party may be a financial institution, such as a bank, a third party payment institution, and so on. The financial institution may hold a data processing model, which may include a decision tree model, a score card model, etc., and which may include at least one judgment condition. The data party may be a big data company that may hold privacy data of the user's property status, marital status, income status, and the like. The financial institution and the big data company may perform cooperative calculations to obtain a prediction result of a data processing model so that the financial institution can evaluate whether to borrow the user based on the prediction result. In order to obtain the prediction result, the financial institution and the big data company need to cooperate to obtain the judgment result of the judgment condition in the data processing model corresponding to the specific value of the judgment object. The process of obtaining the judgment result by the cooperative calculation can be regarded as a part of a large calculation task (obtaining the prediction result of the data processing model). The process of obtaining the prediction result by the financial institution and the big data company through cooperative calculation will be described in detail in the following scenario example.
The present specification provides one embodiment of a query method. The query method may include a deployment phase and an implementation phase, the deployment phase may include steps S101 to S107, and the implementation phase may include steps S109 to S113. The method steps of the deployment phase are not necessary. For example, the method steps of the deployment phase may be executed in advance, so that when the determination result corresponding to the specific value of the determination object needs to be determined, only the method steps of the implementation phase need to be executed.
With the query method of the present embodiment, the judgment condition side can obtain a judgment result (hereinafter referred to as a target judgment result) of the judgment condition corresponding to a specific value of the judgment target.
Please refer to fig. 1. The query method may include the following steps.
Step S101: and the judgment condition party constructs a judgment result set.
In some embodiments, the determination result set may be implemented by a data table, a linear table, a queue, a stack, or a graph. The judgment result set may include at least one judgment result obtained according to the judgment condition, and each judgment result may correspond to at least one value of the judgment object. The process of constructing the judgment result set is described in the following cases.
Case (one): and constructing a judgment result set according to a judgment condition and the value of a judgment object.
The judgment result set may include at least one judgment result obtained according to the judgment condition, and each judgment result may correspond to at least one value of the judgment object. The judgment result may include at least one of: a first type judgment result and a second type judgment result. The first type judgment result is used for indicating that the judgment condition is not satisfied, and the second type judgment result is used for indicating that the judgment condition is satisfied. The first type of determination result may be represented by a value of 0, for example, and the second type of determination result may be represented by a value of 1, for example. Of course, the value 0 and the value 1 are merely examples, and other values may be actually used.
In practical applications, the judgment condition side may know at least one value of the judgment object (the judgment condition side may know all possible values of the judgment object, or may know a part of all possible values of the judgment object). It is worth mentioning that the data party may hold a specific value of the at least one value. For privacy protection, the judgment condition party does not know the specific value held by the data party. The judgment condition party can participate in the operation of the judgment condition on the at least one value to obtain at least one judgment result as the judgment result in the judgment result set.
Case (ii): and constructing a judgment result set according to a plurality of judgment conditions and the value of one judgment object.
The determination result set may include a plurality of subsets. Each subset may uniquely correspond to one judgment condition, and may include at least one judgment result obtained according to the judgment condition. Each judgment result may correspond to at least one value of the judgment object. The judgment result may include at least one of: a first type judgment result and a second type judgment result.
In practical applications, the judgment condition side may know at least one value of the judgment object. For each judgment condition, the judgment condition party can participate in the operation of the judgment condition by the at least one value to obtain at least one judgment result as the judgment result in the subset. The subset may be a subset corresponding to the determination condition.
For example, the judgment condition side may hold a judgment condition x ═ 1, y < 2, and z ∈ s, and s ∈ {1,3 }. The value of the judgment object o1 may be 0, 1,2, or 3. The judgment condition may construct a judgment result set as shown in table 1 below.
TABLE 1
Judgment object o1 0 1 2 3
The judgment condition x is 1 0 1 0 0
The judgment condition y is less than 2 1 1 0 0
Judging condition z ∈ s 0 1 0 1
The determination result set shown in table 1 may include 4 subsets.
The second row of table 1 may constitute a subset. The subset corresponds to the determination condition x ═ 1, and may specifically include determination results 0 and 1. The determination result 0 corresponds to the values 0, 2, and 3 of the determination object o1, and the determination result 1 corresponds to the value 1 of the determination object o 1.
The third row of table 1 may constitute another subset. The subset corresponds to the judgment condition y < 2, and may specifically include judgment results 0 and 1. The determination result 0 corresponds to the values 2 and 3 of the determination object o1, and the determination result 1 corresponds to the values 0 and 1 of the determination object o 1.
The fourth row of table 1 may constitute another subset. The subset corresponds to the determination condition z ∈ s, and may specifically include determination results 0 and 1. The determination result 0 corresponds to the values 0 and 2 of the determination object o1, and the determination result 1 corresponds to the values 1 and 3 of the determination object o 1.
Case (three): and constructing a judgment result set according to one judgment condition and the values of a plurality of judgment objects.
The judgment result set may include at least one judgment result obtained according to the judgment condition, and each judgment result may correspond to at least one value of at least one judgment object. The judgment result may include at least one of: a first type judgment result, a second type judgment result and a preset value. The preset value will be described in detail in the following process.
The plurality of determination objects may include a target determination object associated with the determination condition and other determination objects unrelated to the determination condition. The values of the target judgment objects participate in the operation of the judgment conditions, and the values of other judgment objects do not participate in the operation of the judgment conditions. Therefore, the other judgment objects can be used for confusing the target judgment object, so that a data side does not know which judgment objects in the plurality of judgment objects take values to participate in the operation of the judgment condition, and the privacy protection is enhanced.
In practical applications, the judgment condition side may know at least one value of the judgment object. For each judgment condition, the judgment condition party can participate in the operation of the judgment condition on at least one value of a target judgment object to obtain at least one judgment result as a judgment result in the judgment result set; the preset value can be used as a judgment result corresponding to the values of other judgment objects in the judgment result set. The preset value may be 0, for example. Of course, the preset value can be other values.
For example, the judgment condition side may hold the judgment condition x equal to 1. The judgment objects o1, o2 and o3 may all take values of 0, 1 or 2. The determination object o1 is a target determination object associated with the determination condition x being 1, and the determination objects o2 and o3 are other determination objects unrelated to the determination condition x being 1. The judgment condition may construct a judgment result set as shown in table 2 below.
TABLE 2
Figure BDA0002317579980000071
The judgment result set shown in table 2 may include judgment results 0 and 1. The determination result 0 may correspond to the values 0 and 2 of the determination object o1, and the values 0, 1, and 2 of the determination objects o2 and o 3. The determination result 1 may correspond to the value 1 of the determination object o 1. The judgment result corresponding to the value of the judgment object o1 is obtained according to the judgment condition x being 1, and the judgment results corresponding to the values of the judgment objects o2 and o3 are preset values.
Case (four): and constructing a judgment result set according to the plurality of judgment conditions and the values of the plurality of judgment objects.
The determination result set may include a plurality of subsets. Each subset may uniquely correspond to one judgment condition, and may include at least one judgment result obtained according to the judgment condition. Each judgment result may correspond to at least one value of at least one judgment object. The judgment result may include at least one of: a first type judgment result, a second type judgment result and a preset value.
For each of the plurality of determination conditions, the plurality of determination objects may include a target determination object associated with the determination condition and other determination objects unrelated to the determination condition. The values of the target judgment object participate in the operation of the judgment condition, and the values of other judgment objects do not participate in the operation of the judgment condition. Therefore, the other judgment objects can be confused with the target judgment object, so that a data side does not know which judgment objects take values to participate in the operation of which judgment conditions, and the privacy protection is enhanced.
In practical applications, the judgment condition side may know at least one value of the judgment object. For each judgment condition, the judgment condition party may take a target judgment object associated with the judgment condition as a first specific judgment object, and may participate in the operation of the judgment condition on at least one value of the first specific judgment object to obtain at least one judgment result as a judgment result in the subset; other judgment objects irrelevant to the judgment condition can be used as second specific judgment objects, and the preset value can be used as a judgment result corresponding to the value of the second specific judgment object in the subset. The subset may be a subset corresponding to the determination condition. The preset value may be 0, for example. Of course, the preset value can be other values.
For example, the judgment condition party may hold a judgment condition x ═ 1, y < 2, and z ∈ s, and s ∈ {1,2 }. The judgment objects o1, o2 and o3 may all take values of 0, 1 or 2. With the determination condition x being 1, the determination object o1 is a target determination object associated with the determination condition, and the determination objects o2 and o3 are other determination objects unrelated to the determination condition. For the determination condition y < 2, the determination object o2 is a target determination object associated with the determination condition, and the determination objects o1 and o3 are other determination objects unrelated to the determination condition. For the judgment condition z > 1, the judgment object o3 is a target judgment object associated with the judgment condition, and the judgment objects o1 and o2 are other judgment objects unrelated to the judgment condition. The judgment condition may construct a judgment result set as shown in table 3 below.
TABLE 3
Figure BDA0002317579980000081
The decision result set shown in table 3 includes 3 sub-sets.
The third row of table 3 may constitute a subset. The subset may correspond to the determination condition x ═ 1, and may specifically include determination results 0 and 1. The determination result 0 corresponds to the values 0 and 2 of the determination object o1, the values 0, 1, and 2 of the determination objects o2 and o3, and the determination result 1 corresponds to the value 1 of the determination object o 1. The judgment result corresponding to the value of the judgment object o1 is obtained according to the judgment condition x being 1, and the judgment results corresponding to the values of the judgment object o2 and the judgment object o3 are preset values.
The fourth row of table 3 may constitute another subset. The subset may correspond to the determination condition y < 2, and may specifically include determination results 0 and 1. The determination result 0 corresponds to the values 0, 1, and 2 of the determination objects o1 and o3 and the value 2 of the determination object o2, and the determination result 1 corresponds to the values 0 and 1 of the determination object o 2. The judgment result corresponding to the value of the judgment object o2 is obtained according to the judgment condition y < 2, and the judgment results corresponding to the values of the judgment object o1 and the judgment object o3 are preset values.
The fifth row of table 3 may constitute another subset. The subset may correspond to the determination condition z ∈ s, and specifically may include determination results 0 and 1. The determination result 0 corresponds to the values 0, 1, and 2 of the determination objects o1 and o2 and the value 0 of the determination object o3, and the determination result 1 corresponds to the values 1 and 2 of the determination object o 3. The judgment result corresponding to the value of the judgment object o3 is obtained according to the judgment condition z e s, and the judgment results corresponding to the values of the judgment object o1 and the judgment object o2 are preset values.
Step S103: and the judgment condition party encrypts the judgment result in the judgment result set to obtain a ciphertext set.
In some embodiments, the judgment condition party may encrypt the judgment result in the judgment result set by using an encryption algorithm. The encryption algorithm may include a deterministic encryption algorithm and an indeterminate encryption algorithm. A deterministic encryption algorithm refers to: and encrypting the same plaintext data for multiple times by adopting an encryption algorithm, wherein the obtained multiple encryption results are the same. The uncertain encryption algorithm refers to: the same plaintext data is encrypted for multiple times by adopting an encryption algorithm, and multiple encryption results obtained can be different. The encryption algorithm may include a symmetric encryption algorithm and an asymmetric encryption algorithm. The symmetric encryption algorithm includes, but is not limited to, DES algorithm, AES algorithm, IDEA algorithm, etc., and the asymmetric encryption algorithm includes, but is not limited to, RSA algorithm, ECC (Elliptic Curve encryption algorithm), etc. The encryption algorithm may comprise a homomorphic encryption algorithm. The homomorphic encryption algorithm may include a Paillier algorithm, an Okamoto-Uchiyama algorithm, a Damgard-Jurik algorithm, and the like. Homomorphic Encryption (Homomorphic Encryption) is an Encryption technique. It allows the direct operation on the ciphertext data to yield a result that is still encrypted, and the decryption results to be the same as the same operation on the plaintext data. The homomorphic encryption algorithm may include an additive homomorphic encryption algorithm, a multiplicative homomorphic encryption algorithm, and the like.
In some embodiments, the ciphertext set may be implemented as a data table, a linear table, a queue, a stack, or a graph. The ciphertext set may include at least one judgment result ciphertext corresponding to the judgment object value. In practical application, the judgment condition party can encrypt each judgment result in the judgment result set once to obtain a judgment result ciphertext; the value corresponding to the judgment result can be used as the value corresponding to the judgment result ciphertext. Or, the judgment condition party may encrypt each judgment result in the judgment result set at least once to obtain at least one judgment result ciphertext. The number of times of encryption can be equal to the number of values corresponding to the judgment result, so that each judgment result ciphertext can uniquely correspond to one value. It should be noted that the judgment condition side may preferentially employ an uncertain encryption algorithm to encrypt the judgment result at least once, so that a plurality of different judgment result ciphertexts may be obtained for the same judgment result, thereby preventing the data side from guessing the specific judgment condition according to whether the judgment result ciphertexts are the same or not.
In some embodiments, the set of determination results may include directly including at least one determination result. So that the ciphertext set may directly include at least one determination result ciphertext. Alternatively, the determination result set may include a plurality of subsets, and each subset may include a plurality of determination results. Thus, the ciphertext set may include a plurality of sub-ciphertext sets, and each sub-ciphertext set may include a plurality of decision-result ciphertexts.
For example, the judgment condition side encrypts the judgment results in the judgment result set shown in table 1 to obtain the ciphertext set shown in table 4 below.
TABLE 4
Figure BDA0002317579980000091
Figure BDA0002317579980000101
The ciphertext set shown in table 4 may include 3 sub-ciphertext sets.
The third row of table 4 may constitute a set of sub-ciphertexts. The sub-ciphertext set may include the determination result ciphertexts E (0) and E (1). The judgment result ciphertext E (0) may correspond to the values 0, 2, and 3 of the judgment object o 1. The judgment result ciphertext E (1) may correspond to the value 1 of the judgment object o 1.
The fourth row of table 4 may constitute another set of sub-ciphertexts. The sub-ciphertext set may include the determination result ciphertexts E (0) and E (1). The judgment result ciphertext E (0) may correspond to the values 2 and 3 of the judgment object o 1. The judgment result ciphertext E (1) may correspond to the values 0 and 1 of the judgment object o 1.
The fifth line of table 4 may constitute another set of sub-ciphertexts. The sub-ciphertext set may include the determination result ciphertexts E (0) and E (1). The judgment result ciphertext E (0) may correspond to the values 0 and 2 of the judgment object o 1. The judgment result ciphertext E (1) may correspond to the values 1 and 3 of the judgment object o 1.
For example, the judgment condition side encrypts the judgment results in the judgment result set shown in table 2 to obtain a ciphertext set shown in table 5 below.
TABLE 5
Figure BDA0002317579980000102
The ciphertext set shown in table 5 may include the determination result ciphertexts E (0) and E (1). The judgment result ciphertext E (0) may correspond to the values 0 and 2 of the judgment object o1, and the values 0, 1, and 2 of the judgment objects o2 and o 3. The judgment result ciphertext E (1) may correspond to the value 1 of the judgment object o 1.
For example, the judgment condition side encrypts the judgment results in the judgment result set shown in table 3 to obtain a ciphertext set shown in table 6 below.
TABLE 6
Figure BDA0002317579980000103
The ciphertext set shown in table 6 includes 3 subsets.
The third row of table 6 may constitute a set of sub-ciphertexts. The sub-ciphertext set may comprise the result of the determination ciphertext Ex_o10(0)、Ex_o11(1)、Ex_o12(0)、Ex_o20(0)、Ex_o21(0)、Ex_o22(0)、Ex_o30(0)、Ex_o31(0)、Ex_o32(0). Judgment result ciphertext Ex_o10(0) May correspond to the value 0 of the judgment object o 1. Judgment result ciphertext Ex_o11(1) May correspond to the value 1 of the judgment object o 1. Judgment result ciphertext Ex_o12(0) May correspond to the value 2 of the determination object o 1. Judgment result ciphertext Ex_o20(0) May correspond to the value 0 of the judgment object o 2. Judgment result ciphertext Ex_o21(0) May correspond to the value 1 of the judgment object o 2. Judgment result ciphertext Ex_o22(0) May correspond to the value 2 of the determination object o 2. Judgment result ciphertext Ex_o30(0) May correspond to the value 0 of the judgment object o 3. Judgment result ciphertext Ex_o31(0) May correspond to the value 1 of the judgment object o 3. Judgment result ciphertext Ex_o32(0) May correspond to the value 2 of the determination object o 3.
The fourth row of table 6 may constitute another set of sub-ciphertexts. The sub-ciphertext set may comprise the result of the determination ciphertext Ey_o10(0)、Ey_o11(0)、Ey_o12(0)、Ey_o20(1)、Ey_o21(1)、Ey_o22(0)、Ey_o30(0)、Ey_o31(0)、Ey_o32(0). Judgment result ciphertext Ey_o10(0) May correspond to the value 0 of the judgment object o 1. Judgment result ciphertext Ey_o11(0) May correspond to the value 1 of the judgment object o 1. Judgment result ciphertext Ey_o12(0) May correspond to the value 2 of the determination object o 1. Judgment result ciphertext Ey_o20(1) May correspond to the value 0 of the judgment object o 2. Judgment result ciphertext Ey_o21(1) May correspond to the value 1 of the judgment object o 2. Judgment result ciphertext Ey_o22(0) May correspond to the value 2 of the determination object o 2. Judgment result ciphertext Ey_o30(0) May correspond to the value 0 of the judgment object o 3. Judgment result ciphertext Ey_o31(0) May correspond to the value 1 of the judgment object o 3. Judgment result ciphertext Ey_o32(0) May correspond to the value 2 of the determination object o 3.
The fifth line of table 6 may constitute another set of sub-ciphertexts. The sub-ciphertext set may comprise the result of the determination ciphertext Ez_o10(0)、Ez_o11(0)、Ez_o12(0)、Ez_o20(0)、Ez_o21(0)、Ez_o22(0)、Ez_o30(0)、Ez_o31(1)、Ez_o32(1). Judgment result ciphertext Ez_o10(0) May correspond to the value 0 of the judgment object o 1. Judgment result ciphertext Ez_o11(0) Can be paired with judgmentThe value of o1 corresponds to 1. Judgment result ciphertext Ez_o12(0) May correspond to the value 2 of the determination object o 1. Judgment result ciphertext Ez_o20(0) May correspond to the value 0 of the judgment object o 2. Judgment result ciphertext Ez_o21(0) May correspond to the value 1 of the judgment object o 2. Judgment result ciphertext Ez_o22(0) May correspond to the value 2 of the determination object o 2. Judgment result ciphertext Ez_o30(0) May correspond to the value 0 of the judgment object o 3. Judgment result ciphertext Ez_o31(1) May correspond to the value 1 of the judgment object o 3. Judgment result ciphertext Ez_o32(1) May correspond to the value 2 of the determination object o 3.
Step S105: and the judgment condition direction sends the ciphertext set to the data side.
Step S107: the data side receives the ciphertext set.
Step S109: and the data side inquires the judgment result ciphertext from the ciphertext set according to the specific value of the judgment object.
In some embodiments, the data party may hold a specific value of the judgment object; and inquiring the judgment result ciphertext from the ciphertext set according to the specific value of the judgment object to obtain the target judgment result ciphertext. The target judgment result ciphertext is obtained by inquiring the ciphertext set, so that a complex mathematical calculation process can be avoided, and the target judgment result obtaining efficiency is improved.
In some embodiments of this embodiment, the data side may hold a specific value of a judgment object. The ciphertext set may directly include the plurality of determination result ciphertexts. Therefore, the data side can inquire the judgment result ciphertext from the ciphertext set according to the specific value of the judgment object to obtain a target judgment result ciphertext.
Thus, through step S109, the data side can obtain a target judgment result ciphertext.
In some embodiments of this embodiment, the data side may hold a specific value of a judgment object. The ciphertext set may include a plurality of sub-ciphertext sets, each of which may include a plurality of decision-result ciphertexts. Therefore, the data side can query the judgment result ciphertext from the plurality of sub-ciphertext sets according to the specific value of the judgment object to obtain a plurality of target judgment result ciphertexts. The data side can specifically obtain a target judgment result ciphertext from each sub ciphertext set through query.
Thus, through step S109, the data side can obtain a plurality of target determination result ciphertexts.
In some embodiments of this embodiment, the data side may hold specific values of a plurality of judgment objects. The ciphertext set may directly include the plurality of determination result ciphertexts. Therefore, the data side can query the judgment result ciphertext from the ciphertext set according to the specific values of the plurality of judgment objects to obtain a plurality of target judgment result ciphertexts; and homomorphic summation processing can be carried out on the multiple target judgment result ciphertexts to obtain a summation result.
Thus, the data side can obtain a summation result through step S109.
In some embodiments of this embodiment, the data side may hold specific values of a plurality of judgment objects. The ciphertext set may include a plurality of sub-ciphertext sets, each of which may include a plurality of decision-result ciphertexts. Thus, for each sub-ciphertext set, the data side can query the judgment result ciphertext from the sub-ciphertext set according to the specific values of the plurality of judgment objects to obtain a plurality of target judgment result ciphertexts; and homomorphic summation processing can be carried out on the multiple target judgment result ciphertexts to obtain a summation result.
Thus, the data side can obtain a plurality of summation results through step S109.
Step S111: and the data direction judgment condition party sends the target judgment result ciphertext.
In some embodiments, the data side may send one or more target judgment result ciphertexts to the judgment condition side; alternatively, one or more summation results may be sent to the judgment condition side. The summation result is obtained by homomorphic summation of a plurality of target judgment result ciphertexts. It should be noted that, since the summation result is obtained by adding a plurality of target judgment result ciphertexts and the target judgment result ciphertexts are calculated by the homomorphic encryption algorithm, the summation result may also be a cipher text.
Step S113: and the judgment condition party receives the target judgment result ciphertext and decrypts the target judgment result ciphertext to obtain a target judgment result.
In some embodiments, the target judgment result ciphertext may be decrypted to obtain the target judgment result. Each target judgment result corresponds to one judgment condition held by the judgment condition party.
In some embodiments, the determining conditional party may receive one or more summation results; the received one or more summation results may be decrypted to obtain one or more target determination results. Each target judgment result corresponds to one judgment condition held by the judgment condition party.
According to the query method, through safe multi-party calculation, on the premise that the judgment condition party does not leak the judgment condition of the judgment condition party and the data party does not leak the specific value of the judgment condition party, the judgment result of the judgment condition corresponding to the specific value of the judgment object can be determined through cooperation of the judgment condition party and the data party, and therefore privacy protection is achieved.
The following describes an implementation of the above embodiment with reference to a specific scenario example.
In the present scenario example, the determination conditional party may be a financial institution, for example, a bank, a third party payment institution, or the like. The financial institution may hold a data processing model, which may include a decision tree model, a score card model, etc., and which may include at least one judgment condition.
Fig. 2 shows a decision tree model that may include 7 nodes, nodes 1,2, 3, 4, 5, 6, 7, etc. Nodes 1,3, 4 are split nodes (nodes capable of splitting down), and nodes 2, 5, 6, 7 are leaf nodes (nodes not capable of splitting down).
The judgment conditions corresponding to the split nodes 1,3, 4 can be as shown in table 7 below.
TABLE 7
Split node Judgment of conditions
Node 1 u==1
Node 3 v==1
Node 4 w≥80
u is a value of the judgment object o1, the judgment object o1 is used for indicating the property status of the user, u may be a value of 0 or 1, the value of 0 indicates that the property is not owned, and the value of 1 indicates that the property is not owned. v is a value of the object of judgment o2, the object of judgment o2 indicates the status of the user's marriage, v may be a value of 0 or 1, a value of 0 indicates marriage, and a value of 1 indicates not marriage. w is a value of the determination object o3, the determination object o3 indicates the income state of the user, and w may be an annual income value of the user.
The prediction results corresponding to the leaf nodes 2, 5, 6, 7 may be as shown in table 8 below.
TABLE 8
Leaf node Predicted results
Node
2 Can repay the borrowed money
Node
5 Can repay the borrowed money
Node
6 Can repay the borrowed money
Node
7 Non-repayment of borrowed money
In this scenario example, the data party may be a big data company. The big data company may hold privacy data such as the user's property status, marital status, and income status.
In this scenario example, the financial institution and the big data company may perform a collaborative calculation to obtain a prediction result of the data processing model, so that the financial institution can evaluate whether to borrow the user based on the prediction result. In the process of cooperative computing, the financial institution cannot leak the data processing model (such as the judgment condition corresponding to the split node 1,3, 4) owned by the financial institution to the big data company, and the big data company cannot leak the user data owned by the financial institution to the financial institution.
Taking the decision tree model shown in fig. 2 as an example, a process of obtaining the prediction result of the decision tree model by performing cooperative calculation between the financial institution and the big data company will be described below.
The financial institution may construct a judgment result set corresponding to the split node 1 according to at least one value of the judgment condition u ═ 1 and the judgment object o1 corresponding to the split node 1; the judgment results in the judgment result set corresponding to the split node 1 can be encrypted to obtain the ciphertext set corresponding to the split node 1. Similarly, the financial institution may construct a determination result set corresponding to the split node 2 according to at least one value of the determination object o2 and the determination condition v ═ 1 corresponding to the split node 2; the judgment results in the judgment result set corresponding to the split node 2 can be encrypted to obtain the ciphertext set corresponding to the split node 2. The financial institution can construct a judgment result set corresponding to the split node 3 according to at least one value of the judgment condition w not less than 80 and the judgment object o3 corresponding to the split node 3; the judgment results in the judgment result set corresponding to the split node 3 can be encrypted to obtain the ciphertext set corresponding to the split node 3.
The financial institution may send the ciphertext set corresponding to split node 1 to the big data company. The big data company can receive the ciphertext set corresponding to the split node 1; according to the specific value of the judgment object o1 held by the user, a judgment result ciphertext can be inquired from the ciphertext set; the queried judgment result ciphertext may be transmitted to the financial institution. The financial institution may receive the judgment result ciphertext; the received judgment result ciphertext can be decrypted to obtain a judgment result corresponding to the specific value of the judgment object o1 with the judgment condition u being 1; the right branch may be selected according to the decision result obtained by decryption to reach the splitting node 3.
The financial institution may send the ciphertext set corresponding to split node 3 to the big data company. The big data company can receive the ciphertext set corresponding to the split node 3; according to the specific value of the judgment object o2 held by the user, a judgment result ciphertext can be inquired from the ciphertext set; the queried judgment result ciphertext may be transmitted to the financial institution. The financial institution may receive the judgment result ciphertext; the received judgment result ciphertext can be decrypted to obtain a judgment result corresponding to the specific value of the judgment object o2 with the judgment condition v being 1; the left branch may be selected based on the decision result from the decryption to reach the splitting node 4.
The financial institution may send the ciphertext sets corresponding to split nodes 4 to the big data company. The big data company can receive the ciphertext set corresponding to the split node 4; according to the specific value of the judgment object o3 held by the user, a judgment result ciphertext can be inquired from the ciphertext set; the queried judgment result ciphertext may be transmitted to the financial institution. The financial institution may receive the judgment result ciphertext; the received judgment result ciphertext can be decrypted to obtain a judgment result corresponding to the specific value of the judgment object o3 with the judgment condition w being more than or equal to 80; the left branch may be selected according to the decision result obtained by decryption to reach the leaf node 5.
The leaf node 5 may correspond to the prediction result "borrowing may be repayed". The financial institution thus obtains the prediction of the decision tree model "borrowing may be repayed".
The present specification provides another embodiment of a query method. The query method may include a deployment phase and an implementation phase, the deployment phase may include steps S201 to S207, and the implementation phase may include steps S209 to S217. The method steps of the deployment phase are not necessary. For example, the method steps of the deployment phase may be executed in advance, so that when the determination result corresponding to the specific value of the determination object needs to be determined, only the method steps of the implementation phase need to be executed.
By the query method of the embodiment, both the data side and the judgment condition side can obtain one share of the target judgment result. For convenience of description, the share obtained by the data side is hereinafter referred to as a first share, and the share obtained by the judgment condition side is hereinafter referred to as a second share. The sum of the first share and the second share is equal to a target judgment result. The decisioning-conditional party and the data party may continue subsequent business processes based on the respective held shares. In some example scenarios, the data party may send the first share to the determining conditional party. Judging that a conditional party can receive the first share; the first share and the second share may be added to obtain a target determination result. In other example scenarios, the data side and the determining condition side may use techniques such as inadvertent transmission or garbled circuit to obtain the first share by the determining condition side. The judgment condition party may add the first share and the second share to obtain a target judgment result. In some example scenarios, the determining conditional party may send the second share to the data party. The data side may receive the second share; the second share and the first share may be added to obtain a target determination result. In other example scenarios, the data side and the determination condition side may obtain the second share by using techniques such as inadvertent transmission or garbled circuit. The data side may add the second share and the first share to obtain a target determination result.
Please refer to fig. 3. The query method may include the following steps.
Step S201: and the judgment condition party constructs a judgment result set.
Step S203: and the judgment condition party encrypts the judgment result in the judgment result set to obtain a ciphertext set.
In some embodiments, the process of encrypting the determination results in the determination result set by the determination condition party may refer to step S103 in the previous embodiment. For example, the judgment condition party may encrypt the judgment results in the judgment result set by using an asymmetric encryption algorithm with homomorphism. Specifically, for example, the judgment condition party may hold a pair of public and private keys, a public key of the pair of public and private keys being used for homomorphic encryption, and a private key of the pair of public and private keys being used for decryption. The judgment condition party can encrypt the judgment result in the judgment result set by using the public key.
Step S205: and the judgment condition direction sends the ciphertext set to the data side.
Step S207: the data side receives the ciphertext set.
Step S209: and the data side inquires the judgment result ciphertext from the ciphertext set according to the specific value of the judgment object.
The target judgment result ciphertext is obtained by inquiring the ciphertext set, so that a complex mathematical calculation process can be avoided, and the target judgment result obtaining efficiency is improved.
Step S211: the data side generates a first share of the target determination.
In some embodiments, the first share may include a random number.
In some embodiments of this embodiment, the data side may obtain a target judgment result ciphertext through step S209. The data side can thus generate a random number as the first share of the target decision. And the target judgment result is a plaintext corresponding to the target judgment result ciphertext.
In some embodiments of the present embodiment, the data side may obtain a plurality of target determination result ciphertexts through step S209. The data side may thus generate a plurality of random numbers as the first share of the plurality of target determinations. And the target judgment result is a plaintext corresponding to the target judgment result ciphertext.
In some embodiments of this embodiment, a summation result may be obtained by the data side, via step S209. Since the summation result is obtained by adding a plurality of target judgment result ciphertexts and the target judgment result ciphertexts are calculated by a homomorphic encryption algorithm, the summation result can also be a cipher text. The data side can thus generate a random number as the first share of the target decision. And the target judgment result is a plaintext corresponding to the summation result.
In some embodiments of the present embodiment, the data side may obtain a plurality of summation results, via step S209. The data side may thus generate a plurality of random numbers as the first share of the plurality of target determinations. And the target judgment result is a plaintext corresponding to the summation result.
Step S213: and the data side calculates the ciphertext of a second share of the target judgment result according to the target judgment result ciphertext and the first share.
In some embodiments, the data side may obtain a target judgment result ciphertext through step S209. The data side may generate a random number as a first share of a target determination result, via step S211. Thus, the data side can calculate the ciphertext of the second share of the target judgment result according to the target judgment result ciphertext and the first share.
The data side can calculate the ciphertext of the second share of the target judgment result in any mode.
In some scenario examples, the data party may encrypt the first share with a public key of the judgment condition party using a homomorphic encryption algorithm to obtain a ciphertext of the first share of the target judgment result; the target judgment result ciphertext and the ciphertext of the first share of the target judgment result may be homomorphically subtracted to obtain the ciphertext of the second share of the target judgment result. For example, the data party may use the public key of the judgment condition party to the first quota < tr >)0Encrypting to obtain a ciphertext E (tr) of a first share of the target judgment result0) (ii) a The target judgment result ciphertext E (tr) and the ciphertext E (< tr >) of the first share of the target judgment result0) Homomorphic subtraction is carried out to obtain ciphertext E (tr) -E (tr >) of the second share of the target judgment result0)=E(tr-<tr>0)=E(<tr>1). In other scenario examples, the data side may directly calculate the ciphertext of the second share of the target determination result according to the public key of the determination condition side and by using a homomorphic encryption algorithm according to the target determination result ciphertext and the first share. For example, the data side may use a homomorphic encryption algorithm based on the target determination result ciphertext E (tr) and the first share < tr > (m @, k) according to the public key of the determination condition side0Directly calculating the ciphertext E (< tr >) of the second share of the target judgment result1)。
In some embodiments, the data side may obtain a plurality of target determination result ciphertexts through step S209. Through step S211, the data side may generate a plurality of random numbers as the first shares of the plurality of target determination results, respectively. In this way, the data side can calculate the ciphertext of the second share of the target judgment results according to the target judgment result ciphertexts and the first share of the target judgment results. Specifically, for each target judgment result ciphertext, the data side may calculate a second share of the target judgment result ciphertext according to the target judgment result ciphertext and a first share of the target judgment result.
In some embodiments, the data side may obtain a summation result, via step S209. The data side may generate a random number as a first share of a target determination result, via step S211. The data side can calculate the ciphertext of the second share of the target judgment result according to the summation result and the first share.
In some embodiments, the data side may obtain a plurality of summation results, via step S209. Through step S211, the data side may generate a plurality of random numbers as the first shares of the plurality of target determination results, respectively. In this way, the data side can calculate the ciphertext of the second share of the target judgment results according to the summation results and the first share of the target judgment results. Specifically, for each summation result, the data side may calculate a ciphertext of a second share of a target determination result according to the summation result and the first share of the target determination result.
Step S215: and the data direction judgment conditional party sends the ciphertext of the second share of the target judgment result.
Step S217: and the judgment condition party receives the ciphertext of the second share of the target judgment result and decrypts the ciphertext of the second share of the target judgment result to obtain the second share of the target judgment result.
In some embodiments, the data side may send one or more second shares of ciphertext of the target determination to the determination conditional side. The judgment condition party can receive one or more cipher texts of the second share of the target judgment result; the ciphertext of the second share of the one or more target outcomes may be decrypted to obtain the second share of the one or more target outcomes. The sum of the first share of each target judgment result and the second share of the target judgment result is equal to the target judgment result, and the target judgment result corresponds to a judgment condition held by a judgment condition party.
In some example scenarios, the party with judgment conditions may decrypt the ciphertext of the second share of the one or more target judgments according to the private key to obtain the second share of the one or more target judgments. For example, the judgment condition party may judge the ciphertext E (< tr >) of the second share of the target judgment result according to the private key1) Decrypting to obtain the second share < tr > of the target judgment result1
According to the query method, through safe multi-party calculation, on the premise that the judgment condition party does not leak the judgment condition of the judgment condition party and the data party does not leak the specific value of the judgment condition party, the judgment result of the judgment condition corresponding to the specific value of the judgment object can be determined through cooperation of the judgment condition party and the data party, and therefore privacy protection is achieved.
Please refer to fig. 4. Based on the same inventive concept, the present specification also provides an embodiment of a determination result processing method. The embodiment takes the judgment condition side as the execution subject and may include the following steps.
Step S301: and constructing a judgment result set.
In some embodiments, the determination result set may include at least one determination result obtained according to the determination condition, and each determination result may correspond to at least one value of the determination object.
Step S303: and encrypting the judgment result in the judgment result set to obtain a ciphertext set.
Step S305: and sending the ciphertext set to a data side.
In the judgment result processing method of this embodiment, the judgment condition party may construct a judgment result set; the judgment results in the judgment result set can be encrypted to obtain a ciphertext set; the set of ciphertexts may be transmitted to a data party. This facilitates the data side to query the ciphertext set.
Please refer to fig. 5. The present specification also provides another embodiment of a query method based on the same inventive concept. The embodiment takes a data side as an execution subject and can comprise the following steps.
Step S401: and inquiring a judgment result ciphertext from the ciphertext set according to the specific value of the judgment object to obtain a target judgment result ciphertext, wherein the ciphertext set comprises at least one judgment result ciphertext corresponding to the value of the judgment object.
Step S403: and sending the target judgment result ciphertext to the judgment condition party.
According to the query method, through safe multi-party calculation, on the premise that the judgment condition party does not leak the judgment condition of the judgment condition party and the data party does not leak the specific value of the judgment condition party, the judgment result of the judgment condition corresponding to the specific value of the judgment object can be determined through cooperation of the judgment condition party and the data party, and therefore privacy protection is achieved.
Please refer to fig. 6. The present specification also provides another embodiment of a query method based on the same inventive concept. The embodiment takes a data side as an execution subject and can comprise the following steps.
Step S501: and inquiring a judgment result ciphertext from the ciphertext set according to the specific value of the judgment object to obtain a target judgment result ciphertext, wherein the ciphertext set comprises at least one judgment result ciphertext corresponding to the value of the judgment object.
Step S503: a first share of the target determination is generated, the first share including a random number.
Step S505: and calculating the ciphertext of a second share of the target judgment result according to the target judgment result ciphertext and the first share.
Step S507: and sending the ciphertext of the second share of the target judgment result to the judgment conditional party.
According to the query method, through safe multi-party calculation, on the premise that the judgment condition party does not leak the judgment condition of the judgment condition party and the data party does not leak the specific value of the judgment condition party, the judgment result of the judgment condition corresponding to the specific value of the judgment object can be determined through cooperation of the judgment condition party and the data party, and therefore privacy protection is achieved.
Please refer to fig. 7. The present specification also provides an embodiment of a determination result processing apparatus based on the same inventive concept. The apparatus may be applied to determine a conditional party, and may include the following elements.
A constructing unit 601, configured to construct a judgment result set, where the judgment result set includes at least one judgment result obtained according to a judgment condition, and each judgment result corresponds to at least one value of a judgment object;
an encrypting unit 603, configured to encrypt the determination result in the determination result set to obtain a ciphertext set;
a sending unit 605, configured to send the ciphertext set to a data party.
Please refer to fig. 8. The present specification also provides an embodiment of a query device based on the same inventive concept. The apparatus may be applied to a data side and may include the following elements.
A query unit 701, configured to query a judgment result ciphertext from a ciphertext set according to a specific value of a judgment object to obtain a target judgment result ciphertext, where the ciphertext set includes at least one judgment result ciphertext corresponding to the value of the judgment object;
a sending unit 703, configured to send the target judgment result ciphertext to the judgment condition party.
Please refer to fig. 9. The present specification also provides another embodiment of the inquiring device based on the same inventive concept. The apparatus may be applied to a data side and may include the following elements.
The query unit 801 is configured to query a judgment result ciphertext from a ciphertext set according to a specific value of a judgment object to obtain a target judgment result ciphertext, where the ciphertext set includes at least one judgment result ciphertext corresponding to the value of the judgment object;
a generating unit 803, configured to generate a first share of the target determination result, where the first share includes a random number;
a calculating unit 805, configured to calculate a ciphertext of a second share of the target determination result according to the target determination result ciphertext and the first share;
a sending unit 807 for sending the ciphertext of the second share of the target determination result to the determination conditional party.
An embodiment of an electronic device of the present description is described below. Fig. 10 is a schematic diagram of a hardware configuration of the electronic apparatus in this embodiment. As shown in fig. 10, the electronic device may include one or more processors (only one of which is shown), memory, and a transmission module. Of course, it is understood by those skilled in the art that the hardware structure shown in fig. 10 is only an illustration, and does not limit the hardware structure of the electronic device. In practice the electronic device may also comprise more or fewer component elements than those shown in fig. 10; or have a different configuration than that shown in fig. 10.
The memory may comprise high speed random access memory; alternatively, non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory may also be included. Of course, the memory may also comprise a remotely located network memory. The remotely located network storage may be connected to the blockchain client through a network such as the internet, an intranet, a local area network, a mobile communications network, or the like. The memory may be used to store program instructions or modules of application software, such as the program instructions or modules of the embodiments corresponding to fig. 4, fig. 5, or fig. 6 of this specification.
The processor may be implemented in any suitable way. For example, the processor may take the form of, for example, a microprocessor or processor and a computer-readable medium that stores computer-readable program code (e.g., software or firmware) executable by the (micro) processor, logic gates, switches, an Application Specific Integrated Circuit (ASIC), a programmable logic controller, an embedded microcontroller, and so forth. The processor may read and execute the program instructions or modules in the memory.
The transmission module may be used for data transmission via a network, for example via a network such as the internet, an intranet, a local area network, a mobile communication network, etc.
This specification also provides one embodiment of a computer storage medium. The computer storage medium includes, but is not limited to, a Random Access Memory (RAM), a Read-Only Memory (ROM), a Cache (Cache), a Hard Disk (HDD), a Memory Card (Memory Card), and the like. The computer storage medium stores computer program instructions. The computer program instructions when executed implement: the program instructions or modules of the embodiments corresponding to fig. 4, fig. 5, or fig. 6 in this specification.
It should be noted that, in the present specification, each embodiment is described in a progressive manner, and the same or similar parts in each embodiment may be referred to each other, and each embodiment focuses on differences from other embodiments. In particular, as for the method embodiment (for example, the embodiments corresponding to fig. 4, fig. 5, and fig. 6), the apparatus embodiment, the electronic device embodiment, and the computer storage medium embodiment which are implemented on a single side, since they are substantially similar to the method embodiment, the description is relatively simple, and for the relevant points, reference may be made to the partial description of the method embodiment. In addition, it is understood that one skilled in the art, after reading this specification document, may conceive of any combination of some or all of the embodiments listed in this specification without the need for inventive faculty, which combinations are also within the scope of the disclosure and protection of this specification.
In the 90 s of the 20 th century, improvements in a technology could clearly distinguish between improvements in hardware (e.g., improvements in circuit structures such as diodes, transistors, switches, etc.) and improvements in software (improvements in process flow). However, as technology advances, many of today's process flow improvements have been seen as direct improvements in hardware circuit architecture. Designers almost always obtain the corresponding hardware circuit structure by programming an improved method flow into the hardware circuit. Thus, it cannot be said that an improvement in the process flow cannot be realized by hardware physical modules. For example, a Programmable Logic Device (PLD), such as a Field Programmable Gate Array (FPGA), is an integrated circuit whose Logic functions are determined by programming the Device by a user. A digital system is "integrated" on a PLD by the designer's own programming without requiring the chip manufacturer to design and fabricate application-specific integrated circuit chips. Furthermore, nowadays, instead of manually making an integrated Circuit chip, such Programming is often implemented by "logic compiler" software, which is similar to a software compiler used in program development and writing, but the original code before compiling is also written by a specific Programming Language, which is called Hardware Description Language (HDL), and HDL is not only one but many, such as abel (advanced Boolean Expression Language), ahdl (alternate Language Description Language), traffic, pl (core unified Programming Language), HDCal, JHDL (Java Hardware Description Language), langue, Lola, HDL, laspam, hardsradware (Hardware Description Language), vhjhd (Hardware Description Language), and vhigh-Language, which are currently used in most popular applications. It will also be apparent to those skilled in the art that hardware circuitry that implements the logical method flows can be readily obtained by merely slightly programming the method flows into an integrated circuit using the hardware description languages described above.
The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. One typical implementation device is a computer. In particular, the computer may be, for example, a personal computer, a laptop computer, a cellular telephone, a camera phone, a smartphone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.
From the above description of the embodiments, it is clear to those skilled in the art that the present specification can be implemented by software plus a necessary general hardware platform. Based on such understanding, the technical solutions of the present specification may be essentially or partially implemented in the form of software products, which may be stored in a storage medium, such as ROM/RAM, magnetic disk, optical disk, etc., and include instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments of the present specification.
The description is operational with numerous general purpose or special purpose computing system environments or configurations. For example: personal computers, server computers, hand-held or portable devices, tablet-type devices, multiprocessor systems, microprocessor-based systems, set top boxes, programmable consumer electronics, network PCs, minicomputers, mainframe computers, distributed computing environments that include any of the above systems or devices, and the like.
This description may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The specification may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
While the specification has been described with examples, those skilled in the art will appreciate that there are numerous variations and permutations of the specification that do not depart from the spirit of the specification, and it is intended that the appended claims include such variations and modifications that do not depart from the spirit of the specification.

Claims (26)

1. A judgment result processing method is applied to a judgment condition party and comprises the following steps:
constructing a judgment result set, wherein the judgment result set comprises at least one judgment result obtained according to the judgment condition, and each judgment result corresponds to at least one value of a judgment object;
encrypting the judgment result in the judgment result set to obtain a ciphertext set;
and sending the ciphertext set to a data side.
2. The method of claim 1, wherein the set of judgment results is constructed by values of a judgment object, and each judgment result corresponds to at least one value of the judgment object.
3. The method according to claim 2, wherein the number of the judgment conditions is one, and the judgment result set comprises at least one judgment result obtained according to the judgment conditions; alternatively, the first and second electrodes may be,
the number of the judgment conditions is multiple, the judgment result set comprises multiple subsets, each subset corresponds to one judgment condition and comprises at least one judgment result obtained according to the judgment condition.
4. The method according to claim 1, wherein the judgment result set is constructed by values of a plurality of judgment objects, and each judgment result corresponds to at least one value of at least one judgment object.
5. The method of claim 4, wherein the number of said determination conditions is one; the plurality of judgment objects include a target judgment object associated with the judgment condition and other judgment objects unrelated to the judgment condition;
in the judgment result set, the judgment result corresponding to the value of the target judgment object is obtained according to the judgment condition, and the judgment results corresponding to the values of other judgment objects are preset values.
6. The method according to claim 4, wherein the number of the judgment conditions is multiple, the judgment result set comprises multiple subsets, each subset corresponds to one judgment condition and comprises at least one judgment result obtained according to the judgment condition;
for each subset, the plurality of judgment objects comprise a target judgment object associated with the judgment condition corresponding to the subset and other judgment objects irrelevant to the judgment condition corresponding to the subset; in the subset, the judgment result corresponding to the value of the target judgment object is obtained according to the judgment condition corresponding to the subset, and the judgment results corresponding to the values of other judgment objects are preset values.
7. The method of claim 1, wherein encrypting the determination results in the set of determination results comprises:
and carrying out homomorphic encryption on the judgment results in the judgment result set.
8. The method of claim 1, wherein the determination condition comprises at least one of:
and comparing the judging condition with the attribution judging condition.
9. A query method is applied to a data side and comprises the following steps:
inquiring a judgment result ciphertext from a ciphertext set according to the specific value of the judgment object to obtain a target judgment result ciphertext, wherein the ciphertext set comprises at least one judgment result ciphertext corresponding to the value of the judgment object;
and sending the target judgment result ciphertext to the judgment condition party.
10. The method of claim 9, wherein the judgment result ciphertext is calculated according to a homomorphic encryption algorithm.
11. The method of claim 9, wherein said searching the ciphertext of the result of the determination from the set of ciphertexts comprises:
and inquiring the judgment result ciphertext from the ciphertext set according to a specific value of a judgment object to obtain a target judgment result ciphertext.
12. The method of claim 9, wherein the ciphertext set comprises a plurality of sub-ciphertext sets, each sub-ciphertext set comprising at least one predicate result ciphertext corresponding to a predicate object value;
the searching the judgment result ciphertext from the ciphertext set includes:
and inquiring the judgment result ciphertext from the plurality of sub-ciphertext sets according to the specific value of a judgment object to obtain a plurality of target judgment result ciphertexts.
13. The method of claim 9, wherein said searching the ciphertext of the result of the determination from the set of ciphertexts comprises:
inquiring a judgment result ciphertext from the ciphertext set according to the specific values of the plurality of judgment objects to obtain a plurality of target judgment result ciphertexts, and performing homomorphic summation processing on the plurality of target judgment result ciphertexts;
the sending of the target judgment result ciphertext to the judgment conditional party comprises:
and sending the summation result to the judgment condition party.
14. The method of claim 9, wherein the ciphertext set comprises a plurality of sub-ciphertext sets, each sub-ciphertext set comprising at least one predicate result ciphertext corresponding to a predicate object value;
the searching the judgment result ciphertext from the ciphertext set includes:
for each sub-ciphertext set, inquiring a judgment result ciphertext from the sub-ciphertext set according to specific values of a plurality of judgment objects to obtain a plurality of target judgment result ciphertexts, and performing homomorphic summation processing on the plurality of target judgment result ciphertexts;
the sending of the target judgment result ciphertext to the judgment conditional party comprises:
and sending a plurality of summation results to the judgment condition party.
15. A query method is applied to a data side and comprises the following steps:
inquiring a judgment result ciphertext from a ciphertext set according to the specific value of the judgment object to obtain a target judgment result ciphertext, wherein the ciphertext set comprises at least one judgment result ciphertext corresponding to the value of the judgment object;
generating a first share of the target determination result, the first share including a random number;
calculating a second share of ciphertext of the target judgment result according to the target judgment result ciphertext and the first share;
and sending the ciphertext of the second share of the target judgment result to the judgment conditional party.
16. The method of claim 15, wherein the judgment result ciphertext is calculated according to a homomorphic encryption algorithm.
17. The method of claim 15, wherein the querying the set of ciphertext to determine the result ciphertext comprises:
and inquiring the judgment result ciphertext from the ciphertext set according to a specific value of a judgment object to obtain a target judgment result ciphertext.
18. The method of claim 15, wherein the ciphertext set comprises a plurality of sub-ciphertext sets, each sub-ciphertext set comprising at least one predicate result ciphertext corresponding to a predicate object value;
the searching the judgment result ciphertext from the ciphertext set includes:
inquiring judgment result ciphertext from the plurality of sub-ciphertext sets according to a specific value of a judgment object to obtain a plurality of target judgment result ciphertexts;
the generating a first share of the target determination result includes:
generating a first share of the plurality of target determination results;
the calculating of the ciphertext of the second share of the target judgment result includes:
and calculating the ciphertext of the second share of the target judgment results according to the target judgment result ciphertexts and the first share of the target judgment results.
19. The method of claim 15, wherein the querying the set of ciphertext to determine the result ciphertext comprises:
inquiring a judgment result ciphertext from the ciphertext set according to the specific values of the plurality of judgment objects to obtain a plurality of target judgment result ciphertexts, and performing homomorphic summation processing on the plurality of target judgment result ciphertexts;
the calculating of the ciphertext of the second share of the target judgment result includes:
and calculating the ciphertext of the second share of the target judgment result according to the summation result and the first share.
20. The method of claim 15, wherein the ciphertext set comprises a plurality of sub-ciphertext sets, each sub-ciphertext set comprising at least one predicate result ciphertext corresponding to a predicate object value;
the searching the judgment result ciphertext from the ciphertext set includes:
for each sub-ciphertext set, inquiring a judgment result ciphertext from the sub-ciphertext set according to specific values of a plurality of judgment objects to obtain a plurality of target judgment result ciphertexts, and performing homomorphic summation processing on the plurality of target judgment result ciphertexts;
the generating a first share of the target determination result includes:
generating a first share of the plurality of target determination results;
the calculating of the ciphertext of the second share of the target judgment result includes:
and calculating ciphertext of a second share of the plurality of target judgment results according to the plurality of summation results and the first share of the plurality of target judgment results.
21. A judgment result processing device applied to a judgment condition side includes:
the construction unit is used for constructing a judgment result set, wherein the judgment result set comprises at least one judgment result obtained according to the judgment condition, and each judgment result corresponds to at least one value of a judgment object;
the encryption unit is used for encrypting the judgment result in the judgment result set to obtain a ciphertext set;
and the sending unit is used for sending the ciphertext set to a data party.
22. An inquiry apparatus applied to a data side, comprising:
the query unit is used for querying a judgment result ciphertext from a ciphertext set according to a specific value of a judgment object to obtain a target judgment result ciphertext, wherein the ciphertext set comprises at least one judgment result ciphertext corresponding to the value of the judgment object;
and the sending unit is used for sending the target judgment result ciphertext to the judgment condition party.
23. An inquiry apparatus applied to a data side, comprising:
the query unit is used for querying a judgment result ciphertext from a ciphertext set according to a specific value of a judgment object to obtain a target judgment result ciphertext, wherein the ciphertext set comprises at least one judgment result ciphertext corresponding to the value of the judgment object;
a generation unit configured to generate a first share of a target determination result, the first share including a random number;
the calculation unit is used for calculating the ciphertext of a second share of the target judgment result according to the target judgment result ciphertext and the first share;
and the sending unit is used for sending the ciphertext of the second share of the target judgment result to the judgment conditional party.
24. An electronic device, comprising:
at least one processor;
a memory storing program instructions configured for execution by the at least one processor, the program instructions comprising instructions for performing the method of any of claims 1-20.
25. An inquiry system comprises a data party and a judgment condition party;
the data side is provided with the device of claim 22;
and the judgment condition party is used for receiving the target judgment result ciphertext and decrypting the target judgment result ciphertext to obtain a target judgment result.
26. An inquiry system comprises a data party and a judgment condition party;
the data side is provided with the device of claim 23;
and the judgment condition party is used for receiving the ciphertext of the second share of the target judgment result and decrypting the ciphertext of the second share of the target judgment result to obtain the second share of the target judgment result.
CN201911284322.2A 2019-12-13 2019-12-13 Judgment result processing method, query method, device, electronic equipment and system Pending CN111046408A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911284322.2A CN111046408A (en) 2019-12-13 2019-12-13 Judgment result processing method, query method, device, electronic equipment and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911284322.2A CN111046408A (en) 2019-12-13 2019-12-13 Judgment result processing method, query method, device, electronic equipment and system

Publications (1)

Publication Number Publication Date
CN111046408A true CN111046408A (en) 2020-04-21

Family

ID=70236187

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911284322.2A Pending CN111046408A (en) 2019-12-13 2019-12-13 Judgment result processing method, query method, device, electronic equipment and system

Country Status (1)

Country Link
CN (1) CN111046408A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112232639A (en) * 2020-09-22 2021-01-15 支付宝(杭州)信息技术有限公司 Statistical method and device and electronic equipment
CN113807530A (en) * 2020-09-24 2021-12-17 京东科技控股股份有限公司 Information processing system, method and device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110414567A (en) * 2019-07-01 2019-11-05 阿里巴巴集团控股有限公司 Data processing method, device and electronic equipment
CN110427969A (en) * 2019-07-01 2019-11-08 阿里巴巴集团控股有限公司 Data processing method, device and electronic equipment
CN110457912A (en) * 2019-07-01 2019-11-15 阿里巴巴集团控股有限公司 Data processing method, device and electronic equipment

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110414567A (en) * 2019-07-01 2019-11-05 阿里巴巴集团控股有限公司 Data processing method, device and electronic equipment
CN110427969A (en) * 2019-07-01 2019-11-08 阿里巴巴集团控股有限公司 Data processing method, device and electronic equipment
CN110457912A (en) * 2019-07-01 2019-11-15 阿里巴巴集团控股有限公司 Data processing method, device and electronic equipment

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112232639A (en) * 2020-09-22 2021-01-15 支付宝(杭州)信息技术有限公司 Statistical method and device and electronic equipment
CN113807530A (en) * 2020-09-24 2021-12-17 京东科技控股股份有限公司 Information processing system, method and device
CN113807530B (en) * 2020-09-24 2024-02-06 京东科技控股股份有限公司 Information processing system, method and device

Similar Documents

Publication Publication Date Title
CN110457912B (en) Data processing method and device and electronic equipment
WO2020034754A1 (en) Secure multi-party computation method and apparatus, and electronic device
Liu et al. Toward highly secure yet efficient KNN classification scheme on outsourced cloud data
CN111125727B (en) Confusion circuit generation method, prediction result determination method, device and electronic equipment
TW202013928A (en) Multi-party security computing method and apparatus, and electronic device
CN110414567B (en) Data processing method and device and electronic equipment
WO2020006302A1 (en) Method and apparatus for obtaining input of secure multiparty computation protocol
CN110427969B (en) Data processing method and device and electronic equipment
US11323255B2 (en) Methods and systems for encryption and homomorphic encryption systems using Geometric Algebra and Hensel codes
CN112287377A (en) Model training method based on federal learning, computer equipment and storage medium
Gupta et al. Pretzel: Email encryption and provider-supplied functions are compatible
CN111741020B (en) Public data set determination method, device and system based on data privacy protection
CN110391895B (en) Data preprocessing method, ciphertext data acquisition method, device and electronic equipment
CN111428887A (en) Model training control method, device and system based on multiple computing nodes
US20220374544A1 (en) Secure aggregation of information using federated learning
CN110061957A (en) Data encryption, decryption method, user terminal, server and data management system
CN111143862B (en) Data processing method, query method, device, electronic equipment and system
CN112788001A (en) Data encryption-based data processing service processing method, device and equipment
CN111046408A (en) Judgment result processing method, query method, device, electronic equipment and system
CN111046431B (en) Data processing method, query method, device, electronic equipment and system
Jammula et al. Hybrid lightweight cryptography with attribute-based encryption standard for secure and scalable IoT system
CN111159730B (en) Data processing method, query method, device, electronic equipment and system
Park et al. PKIS: practical keyword index search on cloud datacenter
Peng et al. On the security of fully homomorphic encryption for data privacy in Internet of Things
Tosun et al. FSDS: A practical and fully secure document similarity search over encrypted data with lightweight client

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination