CN111539041B - Safety selection method and system - Google Patents
Safety selection method and system Download PDFInfo
- Publication number
- CN111539041B CN111539041B CN202010651278.0A CN202010651278A CN111539041B CN 111539041 B CN111539041 B CN 111539041B CN 202010651278 A CN202010651278 A CN 202010651278A CN 111539041 B CN111539041 B CN 111539041B
- Authority
- CN
- China
- Prior art keywords
- result
- group
- party
- belonging
- slice
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
Abstract
The method can be used for reducing the interaction times and lightening the transmission pressure of the system compared with the prior scheme, and on the other hand, the two parties can not reveal privacy data of each party in the processing process to protect the data security of each party.
Description
Technical Field
The present disclosure relates to the field of information security, and in particular, to a security selection method and system based on privacy protection of two parties.
Background
The secure multi-party computation is also called multi-party secure computation, namely, a plurality of parties jointly compute the result of a function without revealing the input data of the parties of the function, and the computed result is stored in a plurality of parties or is disclosed to one or more parties in a shared form. Therefore, through secure multiparty computation, the participating parties can be allowed to compute the results of the functions without exposing the respective raw data.
The safety selection can be regarded as a multi-party safety calculation implementation of a specific function (namely, a selection problem), and under the condition of a large amount of calculation, if the number of interaction times in the safety selection step is too large, the transmission pressure of the system is too large.
Disclosure of Invention
One of the embodiments of the present specification provides a security selection question processing method, where a security selection question participant includes a first party and a second party, and the security selection question is described as selecting a first result element m when a condition element a =1, and selecting a second result element n when the condition element a = 0; the conditional element a, the first result element m and the second result element n of the security selection problem are respectively stored in a first party and a second party in a sharing shard, the sharing shard of the first result element and the sharing shard of the second result element both belong to a first group, the sharing shard of the conditional element belongs to a second group, and the method is executed by any one of the parties of the security selection problem and comprises the following steps: determining a first segment of a first result elementFirst slice with second result elementIs the first slice of the equivalent result element(ii) a A first slice based on the condition elementGenerating a first intermediate element; wherein possible values of the first intermediate element belong to a third group; the number of bits of the storage unit for storing the elements in the third group is smaller than the number of bits of the storage unit for storing the elements in the first group; a first slice based on the condition elementFirst slice of the equivalent result elementObtaining a first intermediate value(ii) a First intermediate valueBelong to a first group; based on the first intermediate element and the first intermediate valueCooperatively calculating with another party according to the multi-party safety calculation protocol to obtain the first fragment of the cross result(ii) a First slice based on equivalent result elementsWith the first segment of the cross resultComputing a first slice of the initial selection result(ii) a First segmentation based on the initial selection resultAnd a first fragment of the second result elementA first slice of the result of the security selection problem is computed.
One of the embodiments of the present specification provides a secure selection question processing system, where a secure selection question participant includes a first party and a second party, and the secure selection question is described as selecting a first result element m when a condition element a =1, and selecting a second result element n when the condition element a = 0; the conditional element a, the first result element m and the second result element n of the security selection problem are respectively stored in a first party and a second party in a sharing fragment, the sharing fragment of the first result element and the sharing fragment of the second result element both belong to a first group, the sharing fragment of the conditional element belongs to a second group, the number of bits of a storage unit for storing the elements in the first group is greater than the number of bits of a storage unit for storing the elements in the second group, and the method comprises the following steps: an equivalent result element obtaining module to determine a first slice of a first result elementFirst slice with second result elementIs the first slice of the equivalent result element(ii) a A first intermediate element acquisition module to obtain a first slice based on the conditional elementGenerating a first intermediate element; wherein the value of the first intermediate element belongs to a third group; the number of bits of the storage unit for storing the elements in the third group is smaller than the number of bits of the storage unit for storing the elements in the first group; a first intermediate value obtaining module for obtaining a first slice based on the condition elementFirst slice of the equivalent result elementObtaining a first intermediate value(ii) a First intermediate valueBelong to a first group; a cross result obtaining module for obtaining a first intermediate value based on the first intermediate elementCooperatively calculating with another party according to the multi-party safety calculation protocol to obtain the first fragment of the cross result(ii) a An initial selection result obtaining module for a first slice based on equivalent result elementsWith the first segment of the cross resultComputing a first slice of the initial selection result(ii) a Problem result acquisition module forFirst segmentation based on the initial selection resultAnd a first fragment of the second result elementA first slice of the result of the security selection problem is computed.
One of the embodiments of the present specification provides a security selection issue processing apparatus, which includes a processor and a storage medium, where the storage medium is used to store computer instructions, and the processor is used to execute at least a part of the computer instructions to implement the method.
In some embodiments of the present specification, there is also provided a multi-party secure computing method, wherein the multi-party secure computing protocol is a cross G-module computing protocol, and the cross G-module computing participants include two parties, one of the parties having a first element belonging to a finite group GWith a second element belonging to finite group AThe other party having a third element belonging to the finite group GAnd a fourth element belonging to finite group AThe finite group A has a G-mode structure, the effect of the finite group G on the finite group A meets the distribution law, and the crossed G-mode calculation is described as the two-party cooperative calculationThe calculation result and the sharing fragment are stored in the two parties; in the cross G-module computing protocol, the limited group G is the third group and the limited groupA is the first group of the plurality of groups,which comprises the following steps: obtaining a first random number belonging to a finite group GA second random number belonging to the finite group AAnd a first intermediate slice(ii) a The first intermediate segmentAnd a second intermediate shard with a second partyThe shared shards are the sums of the random number operation results and belong to a limited group A; the result of the random number operation is based onObtaining; wherein h1 represents the third random number belonging to the finite group G,a fourth random number representing the other party belonging to finite group a; sending first transmission data belonging to a finite group GTo the other party; the first transmission dataBased onObtaining; obtaining a second number of transmissions of said other party belonging to a finite group GAccording to(ii) a The second transmission dataBased onObtaining; sending third transmission data belonging to finite group ATo the other party, the third transmission dataBased onObtaining; acquiring fourth transmission data of the other party belonging to finite group A(ii) a The fourth transmission dataBased onObtaining; based onObtaining a first slice of the cross result。
Drawings
The present description will be further explained by way of exemplary embodiments, which will be described in detail by way of the accompanying drawings. These embodiments are not intended to be limiting, and in these embodiments like numerals are used to indicate like structures, wherein:
FIG. 1 is a schematic diagram of an application scenario of a security selection issue processing system, according to some embodiments of the present description;
FIG. 2 is a schematic diagram illustrating an interaction flow of a first party with a second party to compute a security selection problem according to some embodiments of the present description;
FIG. 3 is a schematic diagram of an interaction flow for two parties to perform a cross G-module calculation in accordance with some embodiments of the present description;
FIG. 4 is a block diagram of a security selection issue processing system in accordance with some embodiments of the present description.
Detailed Description
In order to more clearly illustrate the technical solutions of the embodiments of the present disclosure, the drawings used in the description of the embodiments will be briefly described below. It is obvious that the drawings in the following description are only examples or embodiments of the present description, and that for a person skilled in the art, the present description can also be applied to other similar scenarios on the basis of these drawings without inventive effort. Unless otherwise apparent from the context, or otherwise indicated, like reference numbers in the figures refer to the same structure or operation.
It should be understood that "system", "apparatus", "unit" and/or "module" as used herein is a method for distinguishing different components, elements, parts, portions or assemblies at different levels. However, other words may be substituted by other expressions if they accomplish the same purpose.
As used in this specification and the appended claims, the terms "a," "an," "the," and/or "the" are not intended to be inclusive in the singular, but rather are intended to be inclusive in the plural, unless the context clearly dictates otherwise. In general, the terms "comprises" and "comprising" merely indicate that steps and elements are included which are explicitly identified, that the steps and elements do not form an exclusive list, and that a method or apparatus may include other steps or elements.
Flow charts are used in this description to illustrate operations performed by a system according to embodiments of the present description. It should be understood that the preceding or following operations are not necessarily performed in the exact order in which they are performed. Rather, the various steps may be processed in reverse order or simultaneously. Meanwhile, other operations may be added to the processes, or a certain step or several steps of operations may be removed from the processes.
For the purpose of illustrating embodiments of the present specification, reference will first be made to the mathematical knowledge involved therein.
In mathematics, a "group" in mathematics means an algebraic structure having a binary operation satisfying a closed property, satisfying a binding law, having a unit element and an inverse element, and includes an abelian group, homomorphism and conjugate class. Where the sign of the binary operation may be generally used as a sign of a multiplication sign "+" (which may be omitted when unambiguous) or an addition sign "+", it is noted that the binary operation is not necessarily equivalent to a multiplication or an addition in a four-way operation. The result of several elements through one or more binary operations may be referred to as a sum.
The binary operation of the group satisfies: 1. closed law, for any element a, b in G, a × b is still in G; 2. binding law, for any elements a, b and c in G, (a × b) × c = a (b × c); 3. there are unit cells, element e is present in G, such that a _ e = e _ a; 4. there is an inverse element, where for any element a in G, b is present in G, such that a × b = b × a = e, a, b are inverse elements of each other, where e is a unit element. It should be noted that e may be called zero and the inverse may be called negative for the binary operation denoted by "+", and a + (inverse of b) may be denoted by a-b for any of the elements a, b in G. The order of the group operations is important, element a is combined with element b, and the result is not necessarily the same as combining element b with element a; that is, the commutative law a × b = b × a is not always true, and the group satisfying the commutative law is called an abelian group (commutative group), and the group not satisfying the commutative law is called a non-abelian group (non-commutative group), and the abelian group is composed of its own set G and a binary operation.
In mathematics, a mapping is often equivalent to a function. For example, assuming that a and B are two non-empty sets, if for any element x in a, there is always a uniquely determined element y in B corresponding to it according to some rule (or law) f, the corresponding rule f is called a mapping from a to B. Notation f: a → B, the image with y as x, denoted as y = f (x), and the original image with x as y, the set a as the domain of the mapping f, and the set B as the cosomain of f.
In mathematics, a group G is given, wherein the G mode refers to an Abelian group M generated after the group G is compatible with an Abelian group structure in M. Wherein for eachAll have unique definite product gAnd for anyAll the requirements are that: (1) g · (a + n) = ga + gn, (2), G · (ma) = (gm) · a, (3), ka = a, k is a unit element in the group G, and M is called left G modulo; if ga = a, M is called the trivial left G modulus.
Further, the present description relates to a quotient group based on integer abelian group, the mathematical representation of which may be G: = Z/nZ, where Z is a set of integers, n is any positive integer, nZ is a subgroup of Z made up of all multiples of n, quotient Z/nZ is a cyclic group of order n modulo the remainder of n, equivalent to mod n.
It should be noted that since a computing device usually uses a fixed number (e.g. bit) to store the value generated during the computation process, the multi-party collaborative computation frequently uses modulo group addition, group multiplication, group subtraction, and so on. In this specification, unless otherwise specified, the mathematical expression relating to the symbols can be understood with priority as group addition, group multiplication, and group subtraction, rather than as a four-way operation. The number of bits of a memory cell of a computing device storing a group element may be determined by the size of the group, and for a given group, the more the group element, the more bits of the memory cell used to store the group element, and it is not difficult to understand that the greater the amount of traffic in transmitting the group element. Elements between different groups cannot be directly operated on, and one group element needs to be converted to obtain an equivalent value of the group element in another group, and the operation with the element is completed in the other group. In this specification, for the sake of brevity, the foregoing conversion is already completed by default when describing the operation of two group elements.
In some distributed scenarios, a multi-party secure computation is required to obtain a target operation result, the target operation may be secure multiplication, secure analog conversion or secure selection, and security may refer to correctness of an output result and confidentiality of input information and output information. For example, in some machine learning scenarios, one party holds private feature data and the other holds private tag data. If the target operation result on the private data (feature data/tag data) is directly calculated, the private data may be deduced backwards once the target operation result is leaked. Therefore, one party can divide the private data x held by the party into two parts, and one part is reservedAnd mixing the other partThe information is sent to the other party,andhas a total value of x, i.eAndin the form of x and shares. Then, the two parties operate a safety calculation protocol to respectively obtain one fragment of the target operation result. The sum of the fragments obtained by the two parties is the target operation result, and if an attacker wants to know the private data, the fragments of the two parties need to be obtained. In the prior art, some secure multi-party computing processes involve a selection problem, which is generally described as, when the condition element a =1,a first result element m is selected and when the condition element a =0, a second result element n is selected. For example only, in a scenario where multi-party prediction is performed using a tree model, two parties respectively hold a split threshold of a node of the tree model, corresponding left and right leaf node scores, and a sum sharing slice of feature values of corresponding features. An exemplary equivalent focused prediction process includes selecting a left leaf node score when the eigenvalue is greater than the split threshold and selecting a right leaf node score when the eigenvalue is not greater than the split threshold. It will be appreciated that the result of comparing the feature value to the split threshold may be reduced to a binary case with conditional element =1 or 0. When the data relate to privacy security, the two parties need to complete the selection on the premise of not revealing privacy fragments of the parties based on a multi-party security calculation principle. The general selection problem can be equivalent to calculating a (m-n) + n, and further, the general safety selection problem can be converted into a special safety problem, so the above formula can be further equivalent to az and z = m-n, after az is obtained by calculation, the result of the general selection problem can be obtained by adding a second result element n. Generally, the value of the condition element is only two, which means that the group (e.g., the second group) to which the condition element belongs may have only two elements, and may occupy less storage space inside the computing device. The value of the result element is wider, which means that the group (e.g., the first group) to which the result element belongs has more elements and occupies more storage space in the content of the computing device. In some embodiments, the two parties may convert the conditional element fragment located in the second group into the first group through a security mode conversion protocol, and then calculate az with the other party according to a multi-party security multiplication protocol, so as to obtain a sum sharing fragment of az, and finally, the two parties add the sum sharing fragment of az to the sum sharing fragment of the second result element n, so as to obtain a result fragment of a general selection problem. However, this approach requires both parties to complete 3 rounds of interaction. Specifically, one round of interaction is involved in the safe mode conversion calculation link, and two rounds of interaction are involved in the safe multiplication calculation link, so that the total interaction is 3 rounds, and huge interaction times can be generated in the case of facing a large number of calculation scenes.
Embodiments in this specification provide another security selection problem processing method and system based on a multi-party security computing protocol with fewer interactions.
FIG. 1 is a schematic diagram of an application scenario of a computing system in accordance with some embodiments of the present description.
As shown in fig. 1, computing system 100 may include computing device 110, computing device 120, and network 140, computing device 110 and computing device 120 may be two-party devices participating in two-party secure computing.
The computing device may include various types of computing-capable devices, such as a server. In some embodiments, the servers may be independent servers or groups of servers, which may be centralized or distributed. In some embodiments, the server may be regional or remote. In some embodiments, the server may execute on a cloud platform. For example, the cloud platform may include one or any combination of a private cloud, a public cloud, a hybrid cloud, a community cloud, a decentralized cloud, an internal cloud, and the like.
In some embodiments, the computing system 100 may also include a semi-trusted third party device 130, and the semi-trusted third party device 130 may assist the two-party computing device in running a secure computing protocol, e.g., the semi-trusted third party device 130 may generate a random number, compute a shard value, distribute the random number and/or shard value to the computing device 110, the computing device 120, and/or the like.
FIG. 2 is a schematic diagram illustrating an interaction flow of a first party (e.g., computing device 110) computing a security selection problem with a second party (e.g., computing device 120) in accordance with some embodiments of the present description.
In some embodiments, the security selection issue may be described as selecting a first result element m when the condition element a =1 and a second result element n when the condition element a = 0. The security selection problem participant comprises a first party and a second party. The condition element a, the first result element m, and the second result element n are stored in both sides in a sum sharing manner, respectively.
In the security selection problem, the sum-shared shard of the first result element m and the sum-shared shard of the second result element n may both belong to a first group, wherein the first group may be any limited group. For example, the first result element m comprises a first fragmentAnd a second sectionThe second result element n comprises the first fragmentAnd a second sectionWherein、Is stored on the first party and is stored on the second party,、and storing the data in the second party.
The sum of the conditional elements a sharing the slice belongs to a second group, wherein the second group may also be any finite group. For example only, conditional element a may comprise a first tileAnd a second segment, wherein,stored on the first party and stored on the second party.
In some embodiments, the first group is a first quotient Z/NZ and the second group is a second quotient Z/2Z, N being an integer greater than 2. The first quotient group and the second quotient group are Abelian groups. From the above mathematical knowledge, the first quotient Z/NZ is an N-th order cyclic group modulo the remainder of N, and the first quotient Z/NZ has N elements, which can be expressed as {0,1,2, …, N-1 }; the second quotient Z/2Z is a 2 nd order cyclic group modulo the remainder of 2, so that 2 elements of the second quotient Z/2Z can be represented as {0,1 }. It will be appreciated that in a computing device, the number of memory cell bits storing a conditional element tile may be less or much less than the memory cell locations storing the result element tile.
As can be seen from fig. 2, when the security selection problem processing is performed, the flows executed by both the users are symmetrical. That is, the process 200 (including steps 210-250) may be performed by any of the security selection problem participants. When one of the parties is the first party, the other party is the second party. For convenience of description, the following description is made in terms of a first aspect, and the process 200 may include:
In some embodiments, the security selection issues may be divided into two categories, general security selection issues and special security selection issues. In some embodiments, the general security selection problem may be described as: safe calculation if a =1 then m else n. The condition element a, the first result element m and the second result element n are stored in a sum sharing mode on two sides, and the selected result is still stored in the sum sharing mode on the two sides. In some embodiments, the general security selection problem may be expressed as a (m-n) + n, for which the result may be known to be equivalent to the result of the security calculation if a =1 then m else n.
In some embodiments, the special security selection issue may be described as: secure computation if a =1 then z else 0, where the condition element a, the result element z are stored on both sides in a shared form. In some embodiments, the special security selection problem may be denoted as az, for which the result is known to be equivalent to the result of the security calculation if a =1 then z else 0.
In some embodiments, the computation may be simplified by reducing the general security selection problem to a special selection problem. Let z = m-n, then there is az + n = a (m-n) + n, i.e. the sum of the result of the special safety selection problem and n is equivalent to the result of the general safety selection problem. In some embodiments, the difference z between the first result element m and the second result element n is defined as an equivalent result element.
In some embodiments, the first party holds the first piece of the first result elementFirst slice with second result elementSo that the first fragment of the equivalent result element zCan be expressed as:
in some embodiments, the second party holds a second slice of the first result elementSecond segmentation with second result elementSo that the second slice of the result element z is equivalentCan be expressed as:
it should be noted that the steps performed in the flow 200 by the first party and the second party are symmetrical, that is, the second party shares the second piece of the form data according to the second piece of the form data held and shared by the second party. Therefore, the second party needs to perform the calculation according to the same rule as the calculation performed by the first party, unless otherwise described below.
From the foregoing, the first fragment of the conditional elementBelonging to the second group, in some embodiments the first intermediate element is designed to have a smaller number of bits than the memory cells of the elements in the first group. In some embodiments, the value of the first intermediate element may be assigned to the third group.
In some embodiments, the continuation of the first group as the first quotient group Z-An example of NZ, the first intermediate element may be represented asIt is clear that this time the third group is { -1,1}, and it can be seen that the number of bits of the memory location for storing the elements in the third group is less than the number of bits of the memory location for storing the elements in the first group.
It should be appreciated that the second party may, in a similar way, be based on the second fragmentation of the conditional elementA second intermediate element is obtained, which accordingly also belongs to the third group.
Two slices of the equivalent result element z are respectively reserved by two parties and kept secret from the other party. To avoid direct simultaneous possession of one partyAndresulting in a leakage of results, which may be based on a first fragmentation of a condition element in some embodimentsFirst slice of equivalent result elementsGenerating a first intermediate value。
In some embodiments, when the first intermediate element is pressedWhen calculating, the first intermediate valueThe result of (d) can be equivalent to a result calculated by:
wherein the content of the first and second substances,the equivalent value of the first intermediate element is expressed, and the formula (3) can be equivalent toWhen the temperature of the water is higher than the set temperature,when is coming into contact with. First slice of equivalent result elementsBelong to a first group, so that a first intermediate valueAlso belong to the first group.
It should be appreciated that the second party may, in a similar way, be based on the second fragmentation of the conditional elementSecond slice of equivalent result elementObtaining a second intermediate valueCorresponding, second intermediate valueAlso belong to the first group.
The other party, the second party, performs a symmetric computation with respect to the first party, and in some embodiments, the second party holds a second intermediate element and a second intermediate value in step 230The first party is based on the first intermediate element and the first intermediate valueA second party holds a second intermediate element and a second intermediate valueAnd performing collaborative calculation according to a multi-party safety calculation protocol to obtain a cross result. In some embodiments, the interleaved result is stored in a shared-sum form with the first slice of the interleaved result of both partiesSecond slice stored in first side, interleaved resultAnd storing the data in the second party. The two parties can cooperatively calculate the cross result obtained according to the multi-party security calculation protocol without revealing privacy information of each party, and can realize interaction of equivalent result elements.
In some embodiments, specifically, the crossover result can be equivalently expressed as:
wherein, in the formula (4)An equivalent value representing a second intermediate element held by the second party,representing a second intermediate value held by the second party.
In some embodiments, a first slice of the interleaved result is obtainedThe collaborative calculation is performed according to the cross-G-module calculation protocol. With respect to the cross-G-module computing protocol, further reference may be made to the associated description of FIG. 3.
In some embodiments, the initial selection result is equivalent toAnd an . Wherein the content of the first and second substances,equivalent to the crossover result.
In some embodiments, a first slice of the result is initially selectedMay be a pairGet rounded or right upwardAnd rounding down. Note that in some embodiments, it is possible to select the result as being equivalent to az, which is necessarily an integer based on the group properties of the conditional element and the result element (the elements are integers), and therefore in some embodiments, when the result is equivalent to azIn the case of a fractional number, it is either forensically or rounded down.
In some embodiments, the second party is based on a second slice of equivalent result elementsWith the first segment of the cross resultSecond segmentation of the initial selection result obtainedMay be a pairGet rounded or right upwardRounding down, it should be noted that when the first slice of the result is initially selectedWhen rounding up is adopted in calculation, the second segment of the result is initially selectedAdopting downward rounding; when the first slice of the result is initially selectedWhen rounding-down is adopted in calculation, the second segment of the result is initially selectedBy rounding up, the first segment of the initial selection result is guaranteedAnd a second slice of the initial selection resultAnd the sum, i.e., the correctness of the initial selection result. Both parties can agree in advance on the initial selection results of the parties and the rounding mode of the shared fragment.
At step 260, a first segment of the result of the security selection problem is determined. In some embodiments, step 240 may be performed by the issue results acquisition module 460.
In some embodiments, a first tile based on the initial selection resultAnd a first fragment of the second result elementA first slice of the result of the security selection problem is determined.
In some embodiments, referring to step 210, the result of the security selection problem is az + n = a (m-n) + n, i.e. the first slice of the result of the security selection problem is the first slice of the initial selection resultAnd a first fragment of the second result elementThe sum of (a) and (b).
In some embodiments, the second party determines a second slice of the result of the security selection issue, the second slice of the result of the security selection issue being the second slice of the initial selection resultAnd a first fragment of the second result elementThe sum of (a) and (b).
At this time, the first party and the second party have already completed the security selection problem, and the first fragment and the second fragment of the result of the security selection problem are the result of the security selection problem, and meanwhile, the first party and the second party do not obtain any other data, so that the privacy data of the parties are protected.
In some embodiments of the present description, there is also provided a multi-party secure computing method or cross-G-module computing protocol, said multi-party secure computing participants comprising two parties, one of which has a first party belonging to a finite group GElement(s)With a second element belonging to finite group AThe other party having a third element belonging to the finite group GAnd a fourth element belonging to finite group AThe limited group A has a G-mode structure, the function of the limited group G on the limited group A meets the distribution law, and the multi-party safe computing task is the cooperative computing of the two partiesAnd the calculation result and the sharing fragment are stored in the two parties.
FIG. 3 is a schematic diagram of an interaction flow for two parties to perform a cross G-module computation in accordance with some embodiments of the present description.
In some embodiments, one of the parties in the protocol 300 may be a first party in the process 200 and the other party is a second party in the process 200. The third group corresponds to a finite group G, the first group corresponds to a finite group A,。
it should be noted that the role of the finite group G on the finite group a can be interpreted as that there is a mapping G × a → a, and if the finite group G includes the element G and the finite group a includes the element a, then the image of (G, a) under the mapping is referred to as the role of G on a, and is denoted as ga.
Specifically, the steps of the cross G-module computing protocol 300 include:
In some embodiments, the first random numberA second random numberA third random numberAnd the fourth random numberFirst intermediate segmentAnd a second intermediate sliceGenerated by a third party. In some embodiments, the third party may be the semi-trusted third party device 130, and in some embodiments, the shared segment and the random number operation result in step 231 may also be calculated by the third party.
In some embodiments, the other party is based onSecond section for obtaining cross result,Namely the crossover result. The principle of the protocol can be expressed as:
in some embodiments, the cross-G-module computing protocol may be expressed in step 220 as finite group G being the third group and finite group A being the first group, whereinIn some embodiments, the cross-over junction is calculated as in equation (4)And (5) fruit.
From the above steps, only one interaction is needed for the cross G-module computing protocol. Therefore, combining the aforementioned mathematical knowledge, the communication traffic is reduced accordingly.
It should be noted that the above description related to the flow 200 is only for illustration and description, and does not limit the applicable scope of the present specification. Various modifications and alterations to flow 200 will be apparent to those skilled in the art in light of this description. However, such modifications and variations are intended to be within the scope of the present description. For example, when the security selection problem is a special security selection problem, the second result element n is 0, so in some embodiments, step 210 and step 260 may not be executed, and the equivalent calculation result az of the special security selection problem is obtained directly through steps 220 to 250; further, for example, in step 233, third transmission data belonging to the finite group a is transmittedTo the other party, fourth transmission data belonging to the finite group A of the other party is acquiredAnd does not represent sending the third transmission data firstTo the other party, and acquires the fourth transmission data of the other partyIn actual execution, the transmission may be performed first and then the acquisition may be performed, the acquisition may be performed first and then the transmission may be performed, or the acquisition may be performed simultaneously with the transmission.
FIG. 4 is a block diagram of a security selection issue processing system in accordance with some embodiments of the present description.
As shown in fig. 4, the security selection issue processing system 400 may include an equivalent result element obtaining module 410, a first intermediate element obtaining module 420, a first intermediate value obtaining module 430, a crossing result obtaining module 440, an initial selection result obtaining module 450, and an issue result obtaining module 460. These modules may also be implemented as an application or a set of instructions that are read and executed by a processing engine. Further, a module may be any combination of hardware circuitry and applications/instructions. For example, a module may be part of a processor when a processing engine or processor executes an application/set of instructions.
Equivalent result element obtaining module 410 may be used to determine a first tile of a first result elementFirst slice with second result elementIs the first slice of the equivalent result element。
Further description of (a) may be found elsewhere in this specification (e.g., in step 210 and its associated description), and will not be described herein.
The first intermediate element acquisition module 420 may be configured to obtain a first slice based on the conditional elementGenerating a first intermediate element; wherein the value of the first intermediate element belongs to a third group; the number of bits of the memory cells for storing the elements in the third group is less than the number of bits of the memory cells for storing the elements in the first group.
More details about the first intermediate element can be found elsewhere in this specification (e.g., in step 220 and its related description), and are not repeated here.
The first intermediate value obtaining module 430 may be configured to obtain a first slice based on the condition elementFirst slice of the equivalent result elementObtaining a first intermediate value(ii) a First intermediate valueBelong to a first group.
Further description of the first intermediate value can be found elsewhere in this specification (e.g., in step 230 and its related description), and will not be repeated herein.
The interleaving result obtaining module 440 may be configured to obtain the first intermediate element and the first intermediate numerical value based on the first intermediate elementCooperatively calculating with another party according to the multi-party safety calculation protocol to obtain the first fragment of the cross result。
More details about the crossover result can be found elsewhere in this specification (e.g., in step 240 and its related description), and are not repeated here.
The initial selection result acquisition module 450 may be configured to obtain a first tile based on equivalent result elementsWith the first segment of the cross resultComputing a first slice of the initial selection result。
Further description of the initial selection result can be found elsewhere in this specification (e.g., in step 250 and its related description), and will not be repeated herein.
Question result acquisition module 460 may be used to obtain a first slice based on the initial selection resultAnd a first fragment of the second result elementA first slice of the result of the security selection problem is computed.
Further description of the problem results can be found elsewhere in this specification (e.g., in step 260 and its related description), and will not be repeated herein.
In some embodiments, the first intermediate element acquisition module comprises: computingObtaining the first intermediate element; the first slice based on the condition elementFirst slice of the equivalent result elementObtaining a first intermediate valueThe method comprises the following steps: push buttonThe first intermediate value is calculated.
In some embodiments, the crossover result is equivalently expressed as(ii) a Wherein the content of the first and second substances,a second intermediate element representing the other party,a second intermediate value representing the other party.
In some embodiments, the first slice based on equivalent result elementsWith the first segment of the cross resultComputing a first slice of the initial selection resultThe method comprises the following steps: to pairGet rounded or right upwardRounding down to obtain a first slice of the initial selection result(ii) a The first segment of the result of the security selection problem is the first segment of the initial selection resultAnd a first fragment of the second result elementThe sum of (a) and (b).
In some embodiments, the first group is a first quotient group Z/NZ, the second group is a second quotient group Z/2Z, the third group is { -1,1}, and N is an integer greater than 2.
In some embodiments, the multi-party secure computing protocol is a cross-G-module computing protocol, the cross-G-module computing participants comprising two parties, one of the parties having a first element belonging to a finite group GWith a second element belonging to finite group AThe other party having a third element belonging to the finite group GAnd a fourth element belonging to finite group AThe finite group A has a G-mode structure, the effect of the finite group G on the finite group A meets the distribution law, and the crossed G-mode calculation is described as the two-party cooperative calculationThe calculation result and the sharing fragment are stored in the two parties; in the cross G-module computing protocol, the finite group G is the third group, the finite group A is the first group,which comprises the following steps: obtaining a first random number belonging to a finite group GA second random number belonging to the finite group AAnd a first intermediate slice(ii) a The first intermediate segmentAnd a second intermediate shard with a second partySharding for sum of random number operation resultsAll belong to finite group A; the result of the random number operation is based onObtaining; wherein the content of the first and second substances,a third random number representing the other party belonging to the finite group G,a fourth random number representing the other party belonging to finite group a; sending first transmission data belonging to a finite group GTo the other party; the first transmission dataBased onObtaining; acquiring second transmission data of the other party belonging to the finite group G(ii) a The second transmission dataBased onObtaining; sending third transmission data belonging to finite group ATo the other party, the third transmission dataBased onObtaining; acquiring fourth transmission data of the other party belonging to finite group A(ii) a The fourth transmission dataBased onObtaining; based onObtaining a first slice of the cross result。
In some embodiments, the first random numberA second random numberA third random numberAnd the fourth random numberFirst intermediate segmentAnd a second intermediate sliceGenerated by a third party.
It should be understood that the apparatus shown in fig. 4 and its modules may be implemented in various ways. For example, in some embodiments, an apparatus and its modules may be implemented by hardware, software, or a combination of software and hardware. Wherein the hardware portion may be implemented using dedicated logic; the software portions may then be stored in a memory for execution by a suitable instruction execution device, such as a microprocessor or specially designed hardware. Those skilled in the art will appreciate that the methods and apparatus described above may be implemented using computer executable instructions and/or embodied in processor control code, such code being provided for example on a carrier medium such as a diskette, CD-or DVD-ROM, a programmable memory such as read-only memory (firmware) or a data carrier such as an optical or electronic signal carrier. The apparatus and modules thereof in this specification may be implemented not only by hardware circuits such as very large scale integrated circuits or gate arrays, semiconductors such as logic chips, transistors, or programmable hardware devices such as field programmable gate arrays, programmable logic devices, etc., but also by software executed by various types of processors, for example, or by a combination of the above hardware circuits and software (e.g., firmware).
It should be noted that the above descriptions of the apparatus and the modules thereof are only for convenience of description, and should not be construed as limiting the present disclosure to the scope of the illustrated embodiments. It will be appreciated by those skilled in the art that, having the benefit of the teachings of this apparatus, any combination of the various modules or sub-apparatus may be configured to connect to other modules without departing from such teachings. For example, the first intermediate element obtaining module 420 and the first intermediate value obtaining module 430 in fig. 4 may be the same module; in addition, the equivalent result element obtaining module 410, the first intermediate element obtaining module 420, the first intermediate value obtaining module 430, the initial selection result obtaining module 450, and the problem result obtaining module 460 may all be the same module, and any module may perform the required calculation. For another example, each module in the system may be located on the same server, or may belong to different servers. Such variations are within the scope of the present disclosure.
The foregoing description has been directed to specific embodiments of this disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
The beneficial effects that may be brought by the embodiments of the present description include, but are not limited to: (1) in the process of carrying out safety selection calculation, the participator can obtain the problem result only by once interaction based on the safety selection problem processing method, and compared with the prior scheme, the method has the advantages that the interaction times are reduced, and the transmission pressure of the system is reduced; (2) the two parties do not reveal the privacy data of each party in the processing process, and the data security of each party is protected.
It is to be noted that different embodiments may produce different advantages, and in different embodiments, any one or combination of the above advantages may be produced, or any other advantages may be obtained.
Having thus described the basic concept, it will be apparent to those skilled in the art that the foregoing detailed disclosure is to be regarded as illustrative only and not as limiting the present specification. Various modifications, improvements and adaptations to the present description may occur to those skilled in the art, although not explicitly described herein. Such modifications, improvements and adaptations are proposed in the present specification and thus fall within the spirit and scope of the exemplary embodiments of the present specification.
Also, the description uses specific words to describe embodiments of the description. Reference throughout this specification to "one embodiment," "an embodiment," and/or "some embodiments" means that a particular feature, structure, or characteristic described in connection with at least one embodiment of the specification is included. Therefore, it is emphasized and should be appreciated that two or more references to "an embodiment" or "one embodiment" or "an alternative embodiment" in various places throughout this specification are not necessarily all referring to the same embodiment. Furthermore, some features, structures, or characteristics of one or more embodiments of the specification may be combined as appropriate.
Additionally, the order in which the elements and sequences of the process are recited in the specification, the use of alphanumeric characters, or other designations, is not intended to limit the order in which the processes and methods of the specification occur, unless otherwise specified in the claims. While various presently contemplated embodiments of the invention have been discussed in the foregoing disclosure by way of example, it is to be understood that such detail is solely for that purpose and that the appended claims are not limited to the disclosed embodiments, but, on the contrary, are intended to cover all modifications and equivalent arrangements that are within the spirit and scope of the embodiments herein. For example, although the system components described above may be implemented by hardware devices, they may also be implemented by software-only solutions, such as installing the described system on an existing server or mobile device.
Similarly, it should be noted that in the preceding description of embodiments of the present specification, various features are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure aiding in the understanding of one or more of the embodiments. This method of disclosure, however, is not intended to imply that more features than are expressly recited in a claim. Indeed, the embodiments may be characterized as having less than all of the features of a single embodiment disclosed above.
Numerals describing the number of components, attributes, etc. are used in some embodiments, it being understood that such numerals used in the description of the embodiments are modified in some instances by the use of the modifier "about", "approximately" or "substantially". Unless otherwise indicated, "about", "approximately" or "substantially" indicates that the number allows a variation of ± 20%. Accordingly, in some embodiments, the numerical parameters used in the specification and claims are approximations that may vary depending upon the desired properties of the individual embodiments. In some embodiments, the numerical parameter should take into account the specified significant digits and employ a general digit preserving approach. Notwithstanding that the numerical ranges and parameters setting forth the broad scope of the range are approximations, in the specific examples, such numerical values are set forth as precisely as possible within the scope of the application.
For each patent, patent application publication, and other material, such as articles, books, specifications, publications, documents, etc., cited in this specification, the entire contents of each are hereby incorporated by reference into this specification. Except where the application history document does not conform to or conflict with the contents of the present specification, it is to be understood that the application history document, as used herein in the present specification or appended claims, is intended to define the broadest scope of the present specification (whether presently or later in the specification) rather than the broadest scope of the present specification. It is to be understood that the descriptions, definitions and/or uses of terms in the accompanying materials of this specification shall control if they are inconsistent or contrary to the descriptions and/or uses of terms in this specification.
Finally, it should be understood that the embodiments described herein are merely illustrative of the principles of the embodiments of the present disclosure. Other variations are also possible within the scope of the present description. Thus, by way of example, and not limitation, alternative configurations of the embodiments of the specification can be considered consistent with the teachings of the specification. Accordingly, the embodiments of the present description are not limited to only those embodiments explicitly described and depicted herein.
Claims (17)
1. A security selection question processing method, a security selection question participant comprising a first party and a second party, the security selection question being described as selecting a first result element m when a condition element a =1 and a second result element n when a condition element a = 0; the conditional element a, the first result element m and the second result element n of the security selection problem are respectively stored in a first party and a second party in a sharing shard, the sharing shard of the first result element and the sharing shard of the second result element both belong to a first group, the sharing shard of the conditional element belongs to a second group, and the method is executed by any one of the parties of the security selection problem and comprises the following steps:
determining a first segment of a first result elementFirst slice with second result elementIs the first slice of the equivalent result element;
A first slice based on the condition elementGenerating a first intermediate element; wherein the value of the first intermediate element belongs to a third group;
a first slice based on the condition elementFirst slice of the equivalent result elementObtaining a first intermediate value(ii) a First intermediate valueBelong to a first group;
based on the first intermediate element and the first intermediate valueCooperatively calculating with another party according to the multi-party safety calculation protocol to obtain the first fragment of the cross result;
First slice based on equivalent result elementsWith the first segment of the cross resultComputing a first slice of the initial selection result;
2. The method of claim 1, wherein the first slice based on the condition elementGenerating a first intermediate element comprising:
the first slice based on the condition elementFirst slice of the equivalent result elementObtaining a first intermediate valueThe method comprises the following steps:
4. The method of claim 3, wherein the first tile based on equivalent result elementsWith the first segment of the cross resultComputing a first slice of the initial selection resultThe method comprises the following steps:
to pairGet rounded or right upwardDownwards facingRounding to obtain a first segment of the initial selection result;
5. The method of claim 1, wherein the first group is a first quotient Z/NZ, the second group is a second quotient Z/2Z, the third group is { -1,1}, and N is an integer greater than 2.
6. The method of claim 1, wherein the multi-party secure computing protocol is a cross-G-module computing protocol, the cross-G-module computing participants comprising two parties, one of which has a first element belonging to a finite group GWith a second element belonging to finite group AThe other party having a third element belonging to the finite group GAnd a fourth element belonging to finite group AThe finite group A has a G-mode structure, and the effect of the finite group G on the finite group A meets the distribution law, and the crossed G-module calculation is described as the two partiesCollaborative computingThe calculation result and the sharing fragment are stored in the two parties;
in the cross G-module computing protocol, the finite group G is the third group, the finite group A is the first group,which comprises the following steps:
obtaining a first random number belonging to a finite group GA second random number belonging to the finite group AAnd a first intermediate slice(ii) a The first intermediate segmentSecond intermediate sharding with a second partyThe shared shards are the sums of the random number operation results and belong to a limited group A; the result of the random number operation is based onObtaining; wherein the content of the first and second substances,a third random number representing the other party belonging to the finite group G,denotes said anotherA fourth random number of one of the first random numbers belonging to the finite group A;
sending first transmission data belonging to a finite group GTo the other party; the first transmission dataBased onObtaining;
acquiring second transmission data of the other party belonging to the finite group G(ii) a The second transmission dataBased onObtaining;
sending third transmission data belonging to finite group ATo the other party, the third transmission dataBased onObtaining;
acquiring fourth transmission data of the other party belonging to finite group A(ii) a The fourth transmission dataBased onObtaining;
8. A security selection problem handling system, a security selection problem participant comprising a first party and a second party, the security selection problem being described as selecting a first result element m when a condition element a =1 and selecting a second result element n when a condition element a = 0; the conditional element a, the first result element m and the second result element n of the security selection problem are respectively stored in a first party and a second party in a sharing fragment, the sharing fragment of the first result element and the sharing fragment of the second result element both belong to a first group, the sharing fragment of the conditional element belongs to a second group, the number of bits of a storage unit for storing the elements in the first group is greater than the number of bits of a storage unit for storing the elements in the second group, and the method comprises the following steps:
an equivalent result element obtaining module to determine a first slice of a first result elementFirst slice with second result elementIs the first slice of the equivalent result element;
A first intermediate element acquisition module to obtain a first slice based on the conditional elementGenerating a first intermediate element; wherein the value of the first intermediate element belongs to a third group; the number of bits of the storage unit for storing the elements in the third group is smaller than the number of bits of the storage unit for storing the elements in the first group;
a first intermediate value obtaining module for obtaining a first slice based on the condition elementFirst slice of the equivalent result elementObtaining a first intermediate value(ii) a First intermediate valueBelong to a first group;
a cross result obtaining module for obtaining a first intermediate value based on the first intermediate elementCooperatively calculating with another party according to the multi-party safety calculation protocol to obtain the first fragment of the cross result;
An initial selection result obtaining module for a first slice based on equivalent result elementsWith the first segment of the cross resultComputing a first slice of the initial selection result;
11. The system of claim 10, wherein the initial selection result acquisition module is further configured to:
to pairGet rounded or right upwardRounding down to obtain a first slice of the initial selection result;
12. The system of claim 8, wherein the first group is a first quotient group Z/NZ, the second group is a second quotient group Z/2Z, the third group is { -1,1}, and N is an integer greater than 2.
13. The system of claim 8, wherein the multi-party secure computing protocol is a cross-G-module computing protocol, the cross-G-module computing participants comprising two parties, one of which has a first element belonging to a finite group GWith a second element belonging to finite group AThe other party having a third element belonging to the finite group GAnd a fourth element belonging to finite group AThe finite group A has a G-mode structure, the effect of the finite group G on the finite group A meets the distribution law, and the crossed G-mode calculation is described as the two-party cooperative calculationMeter for measuringCalculating results and sharing fragments are stored in the two parties;
in the cross G-module computing protocol, the finite group G is the third group, the finite group A is the first group,the cross result obtaining module is further configured to:
obtaining a first random number belonging to a finite group GA second random number belonging to the finite group AAnd a first intermediate slice(ii) a The first intermediate segmentSecond intermediate sharding with a second partyThe shared shards are the sums of the random number operation results and belong to a limited group A; the result of the random number operation is based onObtaining; wherein h1 represents the third random number belonging to the finite group G,a fourth random number representing the other party belonging to finite group a;
sending first transmission data belonging to a finite group GTo the other endOne side; the first transmission dataBased onObtaining;
acquiring second transmission data of the other party belonging to the finite group G(ii) a The second transmission dataBased onObtaining;
sending third transmission data belonging to finite group ATo the other party, the third transmission dataBased onObtaining;
acquiring fourth transmission data of the other party belonging to finite group A(ii) a The fourth transmission dataBased onTo obtain;
15. A security selection issue processing apparatus comprising a processor and a storage medium storing computer instructions, the processor being configured to execute at least a portion of the computer instructions to implement the method of any one of claims 1-7.
16. A multi-party secure computing method, wherein the multi-party secure computing participates inThe party with the group includes two parties, one of which has a first element belonging to the finite group GWith a second element belonging to finite group AThe other party having a third element belonging to the finite group GAnd a fourth element belonging to finite group AWherein, the finite group A has a G-mode structure, and the role of the finite group G on the finite group A meets the distribution law, and the multiparty safety calculation is described as the cross result of the two-party cooperative calculationThe calculation result and the sharing fragment are stored in the two parties;
the method comprises the following steps:
obtaining a first random number belonging to a finite group GA second random number belonging to the finite group AAnd a first intermediate slice(ii) a The first intermediate segmentSecond intermediate sharding with a second partyThe shared shards are the sums of the random number operation results and belong to a limited group A; the result of the random number operation is based onObtaining; wherein the content of the first and second substances,a third random number representing the other party belonging to the finite group G,a fourth random number representing the other party belonging to finite group a;
sending first transmission data belonging to a finite group GTo the other party; the first transmission dataBased onObtaining;
acquiring second transmission data of the other party belonging to the finite group G(ii) a The second transmission dataBased onObtaining;
sending third transmission data belonging to finite group ATo the other party, the third transmission dataBased onObtaining;
acquiring fourth transmission data of the other party belonging to finite group A(ii) a The fourth transmission dataBased onObtaining;
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010651278.0A CN111539041B (en) | 2020-07-08 | 2020-07-08 | Safety selection method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010651278.0A CN111539041B (en) | 2020-07-08 | 2020-07-08 | Safety selection method and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111539041A CN111539041A (en) | 2020-08-14 |
CN111539041B true CN111539041B (en) | 2020-11-13 |
Family
ID=71976478
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010651278.0A Active CN111539041B (en) | 2020-07-08 | 2020-07-08 | Safety selection method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111539041B (en) |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112416213B (en) * | 2020-12-02 | 2022-05-17 | 浙江诺诺网络科技有限公司 | List checking method, list checking device and storage medium |
CN113158239B (en) * | 2021-03-31 | 2022-04-26 | 支付宝(杭州)信息技术有限公司 | Selection problem processing method for protecting data privacy |
CN112989421A (en) * | 2021-03-31 | 2021-06-18 | 支付宝(杭州)信息技术有限公司 | Method and system for processing safety selection problem |
CN113094763B (en) * | 2021-04-12 | 2022-03-29 | 支付宝(杭州)信息技术有限公司 | Selection problem processing method and system for protecting data privacy |
CN113158254B (en) * | 2021-05-18 | 2022-06-24 | 支付宝(杭州)信息技术有限公司 | Selection problem processing method and system for protecting data privacy |
CN113836596A (en) * | 2021-09-26 | 2021-12-24 | 支付宝(杭州)信息技术有限公司 | Method, device and system for determining selection result fragmentation by two-party security selection |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109388960A (en) * | 2018-10-24 | 2019-02-26 | 全链通有限公司 | Information sharing and multi-party computations model based on block chain |
WO2019128567A1 (en) * | 2017-12-29 | 2019-07-04 | 阿里巴巴集团控股有限公司 | Data auditing method and device |
CN110058843A (en) * | 2019-03-27 | 2019-07-26 | 阿里巴巴集团控股有限公司 | Generation method, device and the server of pseudo random number |
CN110661764A (en) * | 2018-06-29 | 2020-01-07 | 阿里巴巴集团控股有限公司 | Input acquisition method and device of secure multi-party computing protocol |
CN111008256A (en) * | 2019-10-29 | 2020-04-14 | 矩阵元技术(深圳)有限公司 | Spatial data distribution pattern analysis method based on safe multi-party calculation |
CN111523143A (en) * | 2020-07-03 | 2020-08-11 | 支付宝(杭州)信息技术有限公司 | Method and device for clustering private data of multiple parties |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110909356B (en) * | 2018-09-18 | 2022-02-01 | 百度在线网络技术(北京)有限公司 | Secure multiparty computing method, apparatus, device and computer readable medium |
-
2020
- 2020-07-08 CN CN202010651278.0A patent/CN111539041B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2019128567A1 (en) * | 2017-12-29 | 2019-07-04 | 阿里巴巴集团控股有限公司 | Data auditing method and device |
CN110661764A (en) * | 2018-06-29 | 2020-01-07 | 阿里巴巴集团控股有限公司 | Input acquisition method and device of secure multi-party computing protocol |
CN109388960A (en) * | 2018-10-24 | 2019-02-26 | 全链通有限公司 | Information sharing and multi-party computations model based on block chain |
CN110058843A (en) * | 2019-03-27 | 2019-07-26 | 阿里巴巴集团控股有限公司 | Generation method, device and the server of pseudo random number |
CN111008256A (en) * | 2019-10-29 | 2020-04-14 | 矩阵元技术(深圳)有限公司 | Spatial data distribution pattern analysis method based on safe multi-party calculation |
CN111523143A (en) * | 2020-07-03 | 2020-08-11 | 支付宝(杭州)信息技术有限公司 | Method and device for clustering private data of multiple parties |
Also Published As
Publication number | Publication date |
---|---|
CN111539041A (en) | 2020-08-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111539041B (en) | Safety selection method and system | |
Hao et al. | Efficient and privacy-enhanced federated learning for industrial artificial intelligence | |
Kalpana et al. | Shifted adaption homomorphism encryption for mobile and cloud learning | |
Zhang et al. | A privacy-preserving and verifiable federated learning scheme | |
CN111475854B (en) | Collaborative computing method and system for protecting data privacy of two parties | |
Dong et al. | Eastfly: Efficient and secure ternary federated learning | |
De Cock et al. | High performance logistic regression for privacy-preserving genome analysis | |
Ishikawa et al. | Efficient card-based protocols for generating a hidden random permutation without fixed points | |
CN107196926B (en) | Cloud outsourcing privacy set comparison method and device | |
CN113158239B (en) | Selection problem processing method for protecting data privacy | |
EP3035587B1 (en) | Hypersphere-based multivariable public key signature/verification system and method | |
CN107040385A (en) | A kind of realization method and system of the signature verification algorithm based on SM2 elliptic curves | |
CN108718231A (en) | A kind of full homomorphic cryptography method, apparatus and computer readable storage medium | |
CN112532383B (en) | Privacy protection calculation method based on secret sharing | |
CN111783129A (en) | Data processing method and system for protecting privacy | |
Zhang et al. | OAC-HAS: outsourced access control with hidden access structures in fog-enhanced IoT systems | |
Wang et al. | Verifiable threshold scheme in multi-secret sharing distributions upon extensions of ECC | |
Aslan et al. | Algebraic construction of cryptographically good binary linear transformations | |
CN107888385B (en) | RSA modulus generation method, RSA key generation method, computer device, and medium | |
Luo et al. | SVFL: Efficient secure aggregation and verification for cross-silo federated learning | |
CN113094763B (en) | Selection problem processing method and system for protecting data privacy | |
WO2010123151A2 (en) | Pairing arithmetic device, pairing arithmetic method and recording medium having pairing arithmetic program recorded thereon | |
Courtois | Low-complexity key recovery attacks on GOST block cipher | |
CN112989421A (en) | Method and system for processing safety selection problem | |
CN105099693B (en) | A kind of transmission method and transmitting device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 40035830 Country of ref document: HK |