CN114969830B - Privacy intersection method, system and readable storage medium - Google Patents

Privacy intersection method, system and readable storage medium Download PDF

Info

Publication number
CN114969830B
CN114969830B CN202210842629.5A CN202210842629A CN114969830B CN 114969830 B CN114969830 B CN 114969830B CN 202210842629 A CN202210842629 A CN 202210842629A CN 114969830 B CN114969830 B CN 114969830B
Authority
CN
China
Prior art keywords
data
party
intersection
held
data party
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210842629.5A
Other languages
Chinese (zh)
Other versions
CN114969830A (en
Inventor
张建华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huakong Tsingjiao Information Technology Beijing Co Ltd
Original Assignee
Huakong Tsingjiao Information Technology Beijing Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huakong Tsingjiao Information Technology Beijing Co Ltd filed Critical Huakong Tsingjiao Information Technology Beijing Co Ltd
Priority to CN202210842629.5A priority Critical patent/CN114969830B/en
Publication of CN114969830A publication Critical patent/CN114969830A/en
Application granted granted Critical
Publication of CN114969830B publication Critical patent/CN114969830B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes

Landscapes

  • Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Databases & Information Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Medical Informatics (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the invention provides a privacy interaction method, a privacy interaction system and a readable storage medium. The method comprises the following steps: each data party in the k data parties converts each original data in each held data set into mapping data to obtain each first set; each second data party respectively calculates the intersection of the first set of the first data party and the first set of the second data party to obtain a second set; each second data party filters the data set held by the second data party based on the second set of the second data party to obtain a filtered data set; performing privacy intersection on the k data parties based on respective intersection combinations to be solved to obtain privacy intersection results; the intersection to be solved of the first data party is combined into the data set held by the first data party, and the intersection to be solved of the second data party is combined into the filtered data set held by the second data party. On the basis of protecting the data privacy security, the embodiment of the invention reduces the data volume of privacy intersection calculation and improves the efficiency of privacy intersection.

Description

Privacy intersection method, system and readable storage medium
Technical Field
The invention relates to the field of multi-party secure computing, in particular to a privacy intersection method, a privacy intersection system and a readable storage medium.
Background
Multi-party security Computation (MPC) refers to a method in which multiple parties work together to compute the result of a function without revealing the input data of each party of the function, and the computed result is disclosed to one or more parties. For example, a typical application of multi-party secure computing is privacy intersection (PSI). Privacy intersection may be understood as determining the intersection of data between multiple parties on the premise of privacy protection.
When the data volumes of the data parties for privacy negotiation are greatly different, for example, the privacy negotiation needs to be performed on the data set held by the data party a and the data set held by the data party B. Assuming that there are 10 million data in the data set of the data party a and 1 million data in the data set of the data party B, the 10 million data and the 1 million data need to be subjected to ciphertext comparison, and therefore, the calculation amount and the calculation time of privacy exchange are determined by the 1 million data of the data party B. However, intersection of 10 ten thousand data and 1 hundred million data is obtained, and the intersection is certainly not larger than 10 ten thousand data, so that when the data volumes of a plurality of data parties for privacy intersection are greatly different, a large amount of unnecessary calculation needs to be performed, and the efficiency of privacy intersection is further influenced.
Disclosure of Invention
The embodiment of the invention provides a privacy intersection method, a privacy intersection system and a readable storage medium, which can reduce the data volume of privacy intersection calculation on the basis of protecting the data privacy security, and further improve the privacy intersection efficiency.
In a first aspect, an embodiment of the present invention discloses a privacy disclosure method, where the method is configured to perform privacy disclosure on a data set held by k data parties, where k is an integer greater than or equal to 2, the k data parties include a first data party and a second data party, the first data party is a party with the smallest data amount among the k data parties, and the second data party is another data party except the first data party among the k data parties, and the method includes:
each data party in the k data parties converts each original data in the data set held by each data party into mapping data to obtain a first set of each data party;
the first data party sends a first set of the first data party to each second data party;
each second data party respectively calculates the intersection of the first set of the first data party and the first set of the second data party to obtain a second set;
each second data party filters the data set held by the second data party based on the second set of the second data party to obtain a filtered data set;
the k data parties carry out privacy intersection on the basis of respective intersection combinations to be solved to obtain privacy intersection results; the intersection set to be solved of the first data party is a data set held by the first data party, and the intersection set to be solved of the second data party is a filtered data set held by the second data party.
In a second aspect, an embodiment of the present invention discloses a privacy deal system, where the system includes k data parties, the system is configured to perform privacy deal on a data set held by the k data parties, k is an integer greater than or equal to 2, the k data parties include a first data party and a second data party, the first data party is a party with the smallest data amount among the k data parties, and the second data party is another data party except the first data party among the k data parties, where,
the first data party is used for converting each original data in the data set held by the first data party into mapping data to obtain a first set of the first data party, and sending the first set of the first data party to each second data party;
each second data party is used for converting each original data in the data set held by the second data party into mapping data to obtain a first set of the second data party, calculating an intersection of the first set of the first data party and the first set of the second data party to obtain a second set of the second data party, and filtering the data set held by the second data party based on the second set of the second data party to obtain a filtered data set of the second data party;
the first data party is further used for carrying out privacy intersection on the basis of the intersection set to be solved of the first data party and the intersection set to be solved of each second data party on the basis of the second data party to be solved of the second data party to obtain a privacy intersection result, and the intersection set to be solved of the first data party is a data set held by the first data party;
each second data party is further configured to perform privacy intersection based on the intersection set to be solved of the second data party and the intersection set to be solved of the first data party based on the first data party to be solved, so as to obtain a privacy intersection result, and the intersection set to be solved of the second data party is a filtered data set held by the second data party.
In a third aspect, embodiments of the present invention disclose an apparatus for privacy negotiation, comprising a memory, and one or more programs, wherein the one or more programs are stored in the memory and configured to be executed by one or more processors, and the one or more programs comprise instructions for performing one or more of the privacy negotiation methods described in the preceding paragraphs.
In a fourth aspect, embodiments of the invention disclose a readable storage medium having instructions stored thereon, which, when executed by one or more processors of an apparatus, cause the apparatus to perform a privacy rendezvous method as described in one or more of the preceding claims.
The embodiment of the invention has the following advantages:
the embodiment of the invention provides a privacy intersection method, which is characterized in that before privacy intersection is carried out on data sets held by k data parties, the data sets of a second data party are filtered through interaction between a first data party and a second data party so as to filter most non-intersection data, so that the data amount participating in privacy intersection calculation can be greatly reduced, the calculation time is shortened, and the privacy intersection efficiency is improved. The first data party is the party with the smallest data volume in the k data parties, and the second data party is the other data parties except the first data party in the k data parties. In the embodiment of the invention, each data party in the k data parties converts each original data in the respective held data set into mapping data to obtain a respective first set; the first data party sends the first set of the first data party to each second data party, and each second data party respectively calculates the intersection of the first set of the first data party and the first set of the first data party to obtain a second set; each second data party filters the data set held by the second data party based on the second set of the second data party to obtain the filtered data set, so that most of non-intersection data can be filtered. Because the mapping data obtained through conversion is sent to the second data party by the first data party, the mapping data can only contain partial characteristics of the original data, even if the second data party obtains the mapping data of the first data party, the original data of the first data party cannot be obtained through reduction, and privacy and safety of the data can be protected.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments of the present invention will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without inventive labor.
FIG. 1 is a flow chart of the steps of one embodiment of a privacy rendezvous method of the present invention;
FIG. 2 is a block diagram of an embodiment of a privacy negotiation system of the present invention;
FIG. 3 is a block diagram of an apparatus 800 for privacy negotiation of the present invention;
fig. 4 is a schematic diagram of a server in some embodiments of the invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The terms first, second and the like in the description and in the claims of the present invention are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It will be appreciated that the data so used may be interchanged under appropriate circumstances such that embodiments of the invention may be practiced other than those illustrated or described herein, and that the objects identified as "first," "second," etc. are generally a class of objects and do not limit the number of objects, e.g., a first object may be one or more. Furthermore, the term "and/or" in the specification and claims is used to describe an association relationship of associated objects, meaning that three relationships may exist, e.g., a and/or B, may mean: a exists alone, A and B exist simultaneously, and B exists alone. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship. The term "plurality" in the embodiments of the present invention means two or more, and other terms are similar thereto.
Referring to fig. 1, a flowchart illustrating steps of an embodiment of a privacy rendezvous method according to the present invention is shown, where the method may be used to perform privacy rendezvous on a data set held by k data parties, where k is an integer greater than or equal to 2, where the k data parties include a first data party and a second data party, the first data party is a party with the smallest data amount among the k data parties, and the second data party is another data party except the first data party among the k data parties, and the method may include the following steps:
step 101, each data party in the k data parties converts each original data in each held data set into mapping data to obtain each first set;
102, the first data party sends a first set of the first data party to each second data party;
103, each second data party respectively calculates the intersection of the first set of the first data party and the first set of the second data party to obtain a second set;
104, each second data party filters the data set held by the second data party based on the second set of the second data party to obtain a filtered data set;
105, performing privacy intersection on the k data parties based on respective intersection combinations to be solved to obtain privacy intersection results; the intersection set to be solved of the first data party is a data set held by the first data party, and the intersection set to be solved of the second data party is a filtered data set held by the second data party.
The embodiment of the invention provides a privacy intersection method, which comprises the steps of performing data pre-filtering on data sets before performing privacy intersection on the data sets held by k data parties, filtering the data set of a second data party through interaction between a first data party and a second data party to filter most non-intersection data, and performing privacy intersection by using the filtered data, so that the data amount participating in privacy intersection calculation can be greatly reduced, and the privacy intersection efficiency can be improved. The first data party is the party with the minimum data volume in the k data parties, and the second data party is the other data parties except the first data party in the k data parties. The embodiment of the invention is particularly suitable for the scene of unbalanced data sets of a plurality of data parties, namely the scene of large data quantity difference of the plurality of data parties.
k is an integer greater than or equal to 2, and for convenience of description, in the embodiment of the present invention, two data sides (k = 2) are mainly used as an example for description, and scenes of three or more data sides (k > 2) may be referred to each other.
The privacy intersection method provided by the embodiment of the invention can be applied to a big data sharing scene, and by carrying out privacy intersection on the data sets respectively held by a plurality of data parties, fusion of multi-party data can be realized on the basis of avoiding the risk of sensitive data leakage, so that operations such as collection, processing and analysis of business data generated by multiple parties can be carried out, an information isolated island is solved, and the application value of mass business data in a plurality of network services is improved.
When calculating an intersection of data sets held by k data parties, first, the k data parties respectively convert original data in the respective held data sets into mapping data according to the same mapping conversion mode to obtain respective first sets. In the embodiment of the present invention, data in a data set held by each of k data parties is referred to as original data, and data obtained by performing mapping conversion on the original data is referred to as mapping data. Then, the first data party sends the first set of the first data party to each second data party, and the second data parties screen the data sets of the second data parties based on the first set of the first data party and the first set of the second data parties, so that most of non-intersection data are filtered. And finally, performing privacy intersection based on the filtered data set, so that the data volume participating in privacy calculation can be greatly reduced.
In an optional embodiment of the present invention, the original data in the data set may be an index string, and the index string may include, but is not limited to, at least one of a user identifier and an identity card identifier.
The index character string can be a long character string, in the multi-party security calculation, the character string is used as an index to carry out privacy intersection, so that a set intersection of privacy protection is obtained, and the intersection of a multi-party data set can be obtained under the condition that original data of a data party is not leaked. For example, in a privacy-driven scenario for user information, the index string used as a match may be a long string of characters such as a user identification (e.g., a user ID), an identification card identification (e.g., an identification card number), and so forth. Further, the original data in the data sets held by the k data parties may be ciphertext.
Firstly, each of the k data parties converts each original data in the respective held data set into mapping data to obtain a respective first set. The embodiment of the present invention does not limit the manner of converting the original data into the mapping data. Furthermore, for a certain original data, after the original data is converted into mapping data, the mapping data only contains partial characteristics of the original data, so that even if other participants acquire the mapping data, the original data cannot be restored, and the privacy and safety of the data can be protected.
In an optional embodiment of the present invention, each of the k data parties converts each original data in the respective held data set into mapping data, which may include:
step S11, each data party in the k data parties encrypts and converts each original data in a data set held by each data party into intermediate data with a first length based on a preset encryption algorithm;
step S12, each of the k data parties intercepts a second length from a preset position for each intermediate data held by the data party, to obtain mapping data corresponding to each original data held by each data party, where the second length is smaller than the first length.
In particular implementations, the raw data may be of different data types and different lengths, e.g., some raw data are of a numeric type, some raw data are of a string type, etc. And the k data parties respectively encrypt each original data in the data set held by each data party and convert the original data into intermediate data with uniform type and uniform length. The embodiment of the invention does not limit the preset encryption algorithm, and the first length is different according to different encryption algorithms. It should be noted that the k data parties encrypt and convert each original data in the data set held by each data party into intermediate data of the first length, and the same encryption algorithm is used, that is, the k data parties map and convert each original data in the data set held by each data party in the same mapping and converting manner.
In an optional embodiment of the present invention, the preset encryption Algorithm may be an MD5 (MD 5 Message-Digest Algorithm, MD5 information Digest Algorithm), and the k data parties respectively perform MD5 encryption on each original data in the respective held data sets, so as to obtain 16-bit intermediate data with a first length of 32 bits. It is understood that, in a specific implementation, the preset encryption algorithm is not limited to the MD5 algorithm, and may also include the SHA256 algorithm, etc. Of course, the intermediate data obtained by the encryption conversion is not limited to 16 systems, and may be 64 systems. The first length is also not limited to 32 bits, such as 64 bits.
In one example, suppose a privacy deal needs to be made with a data set held by data party a and a data set held by data party B. The data set held by data side a contains 1 piece of original data, and the data set held by data side a is assumed to be [15865898373 ]. The data set held by the data side B includes 15 pieces of original data, and it is assumed that the data set held by the data side B is [15865898373,13192741819,14515252782,18976000020,13290162439,18841572994,13537804295,13323065307,15931853528,18088384931,13982068286,18273269583,13948064268,13809418878,15029351528 ]. In this example, data party a is a first data party and data party B is a second data party. And the data party A and the data party B respectively convert the original data in the data sets held by the data parties A and B into mapping data to obtain respective first sets.
Referring to table 1, a specific illustration of converting each original data in the data set of the data side a into the intermediate data is shown, and referring to table 2, a specific illustration of converting each original data in the data set of the data side B into the intermediate data is shown.
TABLE 1
Figure 740963DEST_PATH_IMAGE001
TABLE 2
Figure 251579DEST_PATH_IMAGE002
For each intermediate data that each of the k data parties holds for itself in step S12, respectively intercepting a second length from a preset position, to obtain mapping data corresponding to each original data that each data party holds.
In a specific implementation, after the original data is encrypted by the MD5, as long as the complete 32-bit MD5 value is not sent to the opposite party, the opposite party can not accurately deduce the original data even if 31 bits of the MD5 value are obtained. Generally, the longer the second length, the more data is filtered out, but the more information is exposed to the other party, and therefore, in a specific application, the second length can be set according to actual requirements.
The embodiment of the invention does not limit the preset position. And each data party in the k data parties can intercept the same second length from the same preset position for respective intermediate data.
In an optional embodiment of the present invention, the cutting the second length from the preset position may include: the second length is truncated backward from the first bit of the intermediate data or truncated forward from the last bit of the intermediate data.
In this example, the mapping data is exemplified by cutting the second length from the last bit of the intermediate data forward, and it is assumed that the second length is 6 bits. Taking the original data 15865898373 of the data side a as an example, the intermediate data (MD 5 value of the original data) corresponding to the original data is a8435e381ee867f37171637315a822a5, and the mapping data obtained by cutting 6 bits from the last bit of the intermediate data is a822a 5.
Referring to table 3, a specific illustration of each original data in the data set of data party a being converted into mapping data is shown, and referring to table 4, a specific illustration of each original data in the data set of data party B being converted into mapping data is shown.
TABLE 3
Figure 234578DEST_PATH_IMAGE003
TABLE 4
Figure 223263DEST_PATH_IMAGE004
In this example, the first set of the first data party (data party a) is [ a822a5 ]. The first set of the second data party (data party B) is [ a822a5, a822a5, a822a5, a822a5, a822a5, a822a5, a822a5, a822a5, a822a1, a8229e, a82272, 000000, 000001, 000002, 000003 ].
In the embodiment of the invention, the original data, the intermediate data and the mapping data have a corresponding relation, and the data side can determine the original data corresponding to the mapping data according to the corresponding relation.
In this example, a first data party (data party a) sends a first set of itself to a second data party (data party B). And the data party B calculates the intersection of the first set of the data party A and the first set of the data party B to obtain a second set. As can be seen from tables 3 and 4, the second set calculated by the data side B is [ a822a5 ].
Because the first set is mapping data, the mapping data only contains partial characteristics of the original data, and the second data party is difficult to recover the original data of the first data party through the mapping data of the first data party, the mapping data in the first set can be plaintext, and the second data party calculates the intersection of the first set of the first data party and the first set of the second data party based on the plaintext, so that the calculation efficiency can be improved.
The second data party (data party B) filters the data sets held by itself based on its second set to obtain filtered data sets. The purpose of the filtering is to filter out non-intersecting (non-second set) raw data from the data set of the second data party to reduce unnecessary computation in subsequent privacy intersection.
In an optional embodiment of the present invention, the filtering, by each second data party, the data set held by the second data party based on the second set of the second data party to obtain a filtered data set may include:
for each second data party, the second data party compares the mapping data corresponding to each original data in the held data set with the mapping data in the held second set, and filters out target data from the held data set to obtain a filtered data set of the second data party, wherein the mapping data corresponding to the target data does not exist in the second set of the second data party.
In this example, the second set calculated by the data party B is [ a822a5], and the data party B compares the mapping data corresponding to each original data in the held data set with the mapping data in the second set, and filters out the target data from the held data set. The comparison process is performed locally on the data party B, so that the comparison process can be performed in the clear, and the data party B can determine that the target data in the data set of the data party B includes 15931853528,18088384931,13982068286,18273269583,13948064268,13809418878 and 15029351528, and the mapping data corresponding to the target data are not in the second set [ a822a5 ]. That is, the data side B retains only the original data of which the mapping data is a822a5, that is, retains only the following original data 15865898373,13192741819,14515252782,18976000020,13290162439,18841572994,13537804295, and 13323065307, and filters out 7 original data.
After the data set of each second data party is filtered, each data party obtains respective intersection set to be solved. And each data party performs privacy intersection on the basis of the respective intersection combination to be solved to obtain a privacy intersection result. In this example, the waiting intersections of data parties A are combined into the data sets they hold [15865898373], and the waiting intersections of data parties B are combined into the filtered data sets they hold [15865898373,13192741819,14515252782,18976000020,13290162439,18841572994,13537804295,13323065307 ]. And the data party A and the data party B carry out privacy intersection on the basis of respective intersection combinations to be solved, and the privacy intersection result obtained is an intersection 15865898373.
In this example, the privacy intersection calculation between 1 piece of data and 15 pieces of data is originally reduced to the privacy intersection calculation between 1 piece of data and 8 pieces of data, so that the data volume participating in the privacy intersection calculation is greatly reduced.
In the embodiment of the invention, the first data party uses the original data set of the first data party, and the second data party uses the filtered data set of the second data party to carry out privacy negotiation. The embodiment of the present invention does not limit the specific method of privacy negotiation, and for example, a method based on Diffie-Hellman key exchange or a method based on careless transmission may be adopted.
It should be noted that, in the above example, the privacy agreement is performed by two data parties, and the embodiment of the present invention is also applicable to a scene larger than two data parties.
Illustratively, suppose that three parties, namely a data party a, B and C, perform privacy negotiation, and suppose that the data amount of the data party a is the minimum, the data party a is a first data party, and both the data party B and C are second data parties. And the data party A, the data party B and the data party C respectively convert the original data in the data sets held by the data parties into mapping data to obtain respective first sets. The data side A sends the first set of itself to the data side B and the data side C respectively. And the data party B calculates the intersection of the first set of the data party A and the first set of the data party B to obtain a second set, and the second set is used for filtering the data set held by the data party B to obtain a filtered data set. And the data party C calculates the intersection of the first set of the data party A and the first set of the data party C to obtain a second set, and the second set is used for filtering the data set held by the data party C to obtain a filtered data set. And the data party A performs privacy intersection on the basis of the original data set, the data party B performs privacy intersection on the basis of the filtered data set, and the data party C performs privacy intersection on the basis of the filtered data set to obtain a privacy intersection result.
To sum up, the embodiment of the present invention provides a privacy deal method, where before performing privacy deal on data sets held by k data parties, the data sets of the second data party are filtered through interaction between the first data party and the second data party to filter out most non-intersection data, so that the amount of data participating in privacy deal calculation can be greatly reduced, thereby reducing calculation time and improving privacy deal efficiency. The first data party is the party with the smallest data volume in the k data parties, and the second data party is the other data parties except the first data party in the k data parties. In the embodiment of the invention, each data party in the k data parties converts each original data in the respective held data set into mapping data to obtain a respective first set; the first data party sends the first set of the first data party to each second data party, and each second data party respectively calculates the intersection of the first set of the first data party and the first set of the first data party to obtain a second set; each second data party filters the data set held by the second data party based on the second set of the second data party to obtain the filtered data set, and therefore most of non-intersection data can be filtered. Because the mapping data obtained through conversion is sent to the second data party by the first data party, the mapping data can only contain partial characteristics of the original data, even if the second data party obtains the mapping data of the first data party, the original data of the first data party cannot be obtained through reduction, and privacy and safety of the data can be protected.
It should be noted that, for simplicity of description, the method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present invention is not limited by the illustrated order of acts, as some steps may occur in other orders or concurrently in accordance with the embodiments of the present invention. Further, those skilled in the art will appreciate that the embodiments described in the specification are presently preferred and that no particular act is required to implement the invention.
Referring to fig. 2, a block diagram of an embodiment of a privacy deal system according to the present invention is shown, where the system includes k data parties, where k is an integer greater than or equal to 2, the k data parties include a first data party 201 and a second data party 202, the first data party is a party with the smallest data amount among the k data parties, and the second data party is another data party except the first data party among the k data parties, where,
the first data party 201 is configured to convert each original data in the data set held by the first data party into mapping data, obtain a first set of the first data party, and send the first set of the first data party to each second data party;
each second data party 202 is configured to convert each original data in the respective held data set into mapping data to obtain a respective first set, calculate an intersection between the first set of the first data party and the own first set to obtain an own second set, and filter the own held data set based on the own second set to obtain an own filtered data set;
the first data party 201 is further configured to perform privacy intersection based on the intersection set to be solved of the first data party and perform privacy intersection based on the intersection set to be solved of the second data party, so as to obtain a privacy intersection result, where the intersection set to be solved of the first data party is a data set held by the first data party;
each second data party 202 is further configured to perform privacy intersection based on the intersection set to be solved of itself and the intersection set to be solved of itself of the first data party, so as to obtain a privacy intersection result, where the intersection set to be solved of the second data party is a filtered data set held by the second data party.
Optionally, each of the k data parties is specifically configured to encrypt and convert each original data in a data set held by the data party into intermediate data of a first length based on a preset encryption algorithm, and intercept a second length from a preset position for each intermediate data held by the data party, to obtain mapping data corresponding to each original data held by each data party, where the second length is smaller than the first length.
It is understood that each of the k data parties includes a first data party and a second data party.
Optionally, each of the k data parties is specifically configured to intercept the second length from the first bit of the intermediate data backward, or intercept the second length from the last bit of the intermediate data forward.
Optionally, each second data party is specifically configured to compare mapping data corresponding to each original data in the data set held by the second data party with mapping data in the second set held by the second data party, and filter out target data from the data set held by the second data party to obtain a filtered data set of the second data party, where the mapping data corresponding to the target data does not exist in the second set of the second data party.
The embodiment of the invention provides a privacy intersection system, which is characterized in that before privacy intersection is carried out on data sets held by k data parties, the data sets of a second data party are filtered through interaction between a first data party and a second data party so as to filter most non-intersection data, so that the data volume participating in privacy intersection calculation can be greatly reduced, the calculation time is reduced, and the privacy intersection efficiency is improved. The first data party is the party with the smallest data volume in the k data parties, and the second data party is the other data parties except the first data party in the k data parties. In the embodiment of the invention, each data party in k data parties converts each original data in each held data set into mapping data to obtain each first set; the first data party sends the first set of the first data party to each second data party, and each second data party respectively calculates the intersection of the first set of the first data party and the first set of the first data party to obtain a second set; each second data party filters the data set held by the second data party based on the second set of the second data party to obtain the filtered data set, and therefore most of non-intersection data can be filtered. Because the mapping data obtained through conversion is sent to the second data party by the first data party, the mapping data can only contain partial characteristics of the original data, even if the second data party obtains the mapping data of the first data party, the original data of the first data party cannot be obtained through reduction, and privacy and safety of the data can be protected.
For the device embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, refer to the partial description of the method embodiment.
The embodiments in the present specification are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.
With regard to the apparatus in the above embodiment, the specific manner in which each module performs the operation has been described in detail in the embodiment related to the method, and will not be described in detail here.
An embodiment of the present invention provides an apparatus for privacy interaction, comprising a memory, and one or more programs, wherein the one or more programs are stored in the memory, and the one or more programs are configured to be executed by one or more processors and comprise instructions for performing the privacy interaction method described in one or more embodiments above.
Fig. 3 is a block diagram illustrating an apparatus 800 for privacy intersection in accordance with an example embodiment. For example, the apparatus 800 may be a mobile phone, a computer, a digital broadcast terminal, a messaging device, a game console, a tablet device, a medical device, an exercise device, a personal digital assistant, and the like.
Referring to fig. 3, the apparatus 800 may include one or more of the following components: processing component 802, memory 804, power component 806, multimedia component 808, audio component 810, input/output (I/O) interface 812, sensor component 814, and communication component 816.
The processing component 802 generally controls overall operation of the device 800, such as operations associated with display, telephone calls, data communications, camera operations, and recording operations. The processing elements 802 may include one or more processors 820 to execute instructions to perform all or a portion of the steps of the methods described above. Further, the processing component 802 can include one or more modules that facilitate interaction between the processing component 802 and other components. For example, the processing component 802 can include a multimedia module to facilitate interaction between the multimedia component 808 and the processing component 802.
The memory 804 is configured to store various types of data to support operation at the device 800. Examples of such data include instructions for any application or method operating on device 800, contact data, phonebook data, messages, pictures, videos, and so forth. The memory 804 may be implemented by any type or combination of volatile or non-volatile memory devices such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disks.
Power components 806 provide power to the various components of device 800. The power components 806 may include a power management system, one or more power supplies, and other components associated with generating, managing, and distributing power for the device 800.
The multimedia component 808 includes a screen that provides an output interface between the device 800 and a user. In some embodiments, the screen may include a Liquid Crystal Display (LCD) and a Touch Panel (TP). If the screen includes a touch panel, the screen may be implemented as a touch screen to receive an input signal from a user. The touch panel includes one or more touch sensors to sense touch, slide, and gestures on the touch panel. The touch sensor may not only sense the boundary of a touch or slide action, but also detect the duration and pressure associated with the touch or slide operation. In some embodiments, the multimedia component 808 includes a front facing camera and/or a rear facing camera. The front-facing camera and/or the rear-facing camera may receive external multimedia data when the device 800 is in an operating mode, such as a shooting mode or a video mode. Each front camera and rear camera may be a fixed optical lens system or have a focal length and optical zoom capability.
The audio component 810 is configured to output and/or input audio signals. For example, the audio component 810 includes a Microphone (MIC) configured to receive external audio signals when the apparatus 800 is in an operational mode, such as a call mode, a recording mode, and a voice information processing mode. The received audio signal may further be stored in the memory 804 or transmitted via the communication component 816. In some embodiments, audio component 810 also includes a speaker for outputting audio signals.
The I/O interface 812 provides an interface between the processing component 802 and peripheral interface modules, which may be keyboards, click wheels, buttons, etc. These buttons may include, but are not limited to: a home button, a volume button, a start button, and a lock button.
The sensor assembly 814 includes one or more sensors for providing various aspects of state assessment for the device 800. For example, the sensor assembly 814 may detect the open/closed state of the device 800, the relative positioning of components, such as a display and keypad of the apparatus 800, the sensor assembly 814 may also search for a change in the position of the apparatus 800 or a component of the apparatus 800, the presence or absence of user contact with the apparatus 800, orientation or acceleration/deceleration of the apparatus 800, and a change in the temperature of the apparatus 800. Sensor assembly 814 may include a proximity sensor configured to detect the presence of a nearby object without any physical contact. The sensor assembly 814 may also include a light sensor, such as a CMOS or CCD image sensor, for use in imaging applications. In some embodiments, the sensor assembly 814 may also include an acceleration sensor, a gyroscope sensor, a magnetic sensor, a pressure sensor, or a temperature sensor.
The communication component 816 is configured to facilitate communications between the apparatus 800 and other devices in a wired or wireless manner. The device 800 may access a wireless network based on a communication standard, such as WiFi, 2G or 3G, or a combination thereof. In an exemplary embodiment, the communication component 816 receives a broadcast signal or broadcast related information from an external broadcast management system via a broadcast channel. In an exemplary embodiment, the communication component 816 further includes a Near Field Communication (NFC) module to facilitate short-range communications. For example, the NFC module may be implemented based on radio frequency information processing (RFID) technology, infrared data association (IrDA) technology, Ultra Wideband (UWB) technology, Bluetooth (BT) technology, and other technologies.
In an exemplary embodiment, the apparatus 800 may be implemented by one or more Application Specific Integrated Circuits (ASICs), Digital Signal Processors (DSPs), Digital Signal Processing Devices (DSPDs), Programmable Logic Devices (PLDs), Field Programmable Gate Arrays (FPGAs), controllers, micro-controllers, microprocessors or other electronic components for performing the above-described methods.
In an exemplary embodiment, a non-transitory computer-readable storage medium comprising instructions, such as the memory 804 comprising instructions, executable by the processor 820 of the device 800 to perform the above-described method is also provided. For example, the non-transitory computer readable storage medium may be a ROM, a Random Access Memory (RAM), a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and the like.
Fig. 4 is a schematic diagram of a server in some embodiments of the invention. The server 1900 may vary widely by configuration or performance and may include one or more Central Processing Units (CPUs) 1922 (e.g., one or more processors) and memory 1932, one or more storage media 1930 (e.g., one or more mass storage devices) storing applications 1942 or data 1944. Memory 1932 and storage medium 1930 can be, among other things, transient or persistent storage. The program stored in the storage medium 1930 may include one or more modules (not shown), each of which may include a series of instructions operating on a server. Still further, a central processor 1922 may be provided in communication with the storage medium 1930 to execute a series of instruction operations in the storage medium 1930 on the server 1900.
The server 1900 may also include one or more power supplies 1926, one or more wired or wireless network interfaces 1950, one or more input-output interfaces 1958, one or more keyboards 1956, and/or one or more operating systems 1941, such as Windows Server, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM, etc.
A non-transitory computer readable storage medium having instructions therein, which when executed by a processor of an apparatus (server or terminal), enable the apparatus to perform the privacy rendezvous method shown in fig. 1.
A non-transitory computer-readable storage medium, wherein instructions in the storage medium, when executed by a processor of an apparatus (server or terminal), enable the apparatus to perform the description of the privacy assignment method in the embodiment corresponding to fig. 1, and therefore, the description thereof will not be repeated herein. In addition, the beneficial effects of the same method are not described in detail. For technical details not disclosed in the embodiments of the computer program product or the computer program referred to in the present application, reference is made to the description of the embodiments of the method of the present application.
Further, it should be noted that: embodiments of the present application also provide a computer program product or computer program, which may include computer instructions, which may be stored in a computer-readable storage medium. The processor of the computer device reads the computer instruction from the computer-readable storage medium, and the processor can execute the computer instruction, so that the computer device executes the description of the privacy submission method in the embodiment corresponding to fig. 1, which is described above, and therefore, details are not repeated here. In addition, the beneficial effects of the same method are not described in detail. For technical details not disclosed in the embodiments of the computer program product or the computer program referred to in the present application, reference is made to the description of the embodiments of the method of the present application.
Other embodiments of the invention will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This invention is intended to cover any variations, uses, or adaptations of the invention following, in general, the principles of the invention and including such departures from the present disclosure as come within known or customary practice within the art to which the invention pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the invention being indicated by the following claims.
It will be understood that the invention is not limited to the precise arrangements that have been described above and shown in the drawings, and that various modifications and changes can be made without departing from the scope thereof. The scope of the invention is limited only by the appended claims.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and should not be taken as limiting the scope of the present invention, which is intended to cover any modifications, equivalents, improvements, etc. within the spirit and scope of the present invention.
The privacy intersection method, the privacy intersection system, the device for privacy intersection and the readable storage medium provided by the invention are described in detail, specific examples are applied in the text to explain the principles and the implementation of the invention, and the description of the above embodiments is only used to help understand the method and the core idea of the invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, the specific embodiments and the application range may be changed, and in summary, the content of the present specification should not be construed as a limitation to the present invention.

Claims (10)

1. A privacy intersection method is used for privacy intersection of data sets held by k data parties, wherein k is an integer greater than or equal to 2, the k data parties include a first data party and a second data party, the first data party is the party with the smallest data quantity in the k data parties, and the second data party is the other data parties except the first data party in the k data parties, and the method comprises the following steps:
each data party in the k data parties converts each original data in the data set held by each data party into mapping data to obtain a first set of each data party;
the first data party sends a first set of the first data party to each second data party;
each second data party respectively calculates the intersection of the first set of the first data party and the first set of the second data party to obtain a second set;
each second data party filters the data set held by the second data party based on the second set of the second data party to obtain a filtered data set;
the k data parties carry out privacy intersection based on respective intersection sets to be solved to obtain privacy intersection results; the intersection set to be solved of the first data party is a data set held by the first data party, and the intersection set to be solved of the second data party is a filtered data set held by the second data party.
2. The method of claim 1, wherein each of the k data parties converts each of the original data in the respective held data set into mapping data, and comprises:
each data party in the k data parties encrypts and converts each original data in a data set held by the data party into intermediate data with a first length based on a preset encryption algorithm;
and each data party in the k data parties intercepts a second length from a preset position for each intermediate data held by the data party, so as to obtain mapping data corresponding to each original data held by each data party, wherein the second length is smaller than the first length.
3. The method of claim 2, wherein said intercepting the second length from the preset position comprises:
the second length is truncated backward from the first bit of the intermediate data or truncated forward from the last bit of the intermediate data.
4. The method of claim 1, wherein each second data party filters its own data set based on its own second set to obtain a filtered data set, including:
for each second data party, the second data party compares the mapping data corresponding to each original data in the held data set with the mapping data in the held second set, and filters out target data from the held data set to obtain a filtered data set of the second data party, wherein the mapping data corresponding to the target data does not exist in the second set of the second data party.
5. A privacy deal system, characterized in that the system includes k data parties, the system is used for privacy deal of data sets held by the k data parties, k is an integer greater than or equal to 2, the k data parties include a first data party and a second data party, the first data party is the party with the smallest data amount in the k data parties, the second data party is the other data parties except the first data party, wherein,
the first data side is used for converting each original data in the data set held by the first data side into mapping data to obtain a first set of the first data side, and sending the first set of the first data side to each second data side;
each second data party is used for converting each original data in the data set held by the second data party into mapping data to obtain a respective first set, calculating an intersection of the first set of the first data party and the first set of the second data party to obtain a second set of the second data party, and filtering the data set held by the second data party based on the second set of the second data party to obtain a filtered data set of the second data party;
the first data party is also used for carrying out privacy intersection based on the intersection set to be solved of the first data party and the intersection set to be solved of each second data party based on the second data party to be solved of the second data party to obtain a privacy intersection result, and the intersection set to be solved of the first data party is a data set held by the first data party;
each second data party is further configured to perform privacy intersection based on the intersection set to be solved of the second data party and the intersection set to be solved of the first data party based on the first data party to be solved, so as to obtain a privacy intersection result, and the intersection set to be solved of the second data party is a filtered data set held by the second data party.
6. The system according to claim 5, wherein each of the k data parties is specifically configured to encrypt and convert each original data in the data set held by itself into intermediate data of a first length based on a preset encryption algorithm, and intercept a second length from a preset position for each intermediate data held by itself, so as to obtain mapping data corresponding to each original data held by each data party, where the second length is smaller than the first length.
7. The system according to claim 6, wherein each of the k data parties is configured to intercept the second length backward from a first bit of the intermediate data or forward from a last bit of the intermediate data.
8. The system according to claim 5, wherein each second data party is specifically configured to compare mapping data corresponding to each original data in the data set held by the second data party with mapping data in the second set held by the second data party, and filter out target data from the data set held by the second data party to obtain a filtered data set of the second data party, where the mapping data corresponding to the target data does not exist in the second set of the second data party.
9. An apparatus for privacy claiming, comprising a memory, and one or more programs, wherein the one or more programs are stored in the memory and configured to be executed by the one or more processors, the one or more programs comprising instructions for performing the privacy claiming method of any one of claims 1-4.
10. A readable storage medium having stored thereon instructions that, when executed by one or more processors of an apparatus, cause the apparatus to perform the privacy claiming method of any one of claims 1 to 4.
CN202210842629.5A 2022-07-18 2022-07-18 Privacy intersection method, system and readable storage medium Active CN114969830B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210842629.5A CN114969830B (en) 2022-07-18 2022-07-18 Privacy intersection method, system and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210842629.5A CN114969830B (en) 2022-07-18 2022-07-18 Privacy intersection method, system and readable storage medium

Publications (2)

Publication Number Publication Date
CN114969830A CN114969830A (en) 2022-08-30
CN114969830B true CN114969830B (en) 2022-09-30

Family

ID=82969457

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210842629.5A Active CN114969830B (en) 2022-07-18 2022-07-18 Privacy intersection method, system and readable storage medium

Country Status (1)

Country Link
CN (1) CN114969830B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115935438B (en) * 2023-02-03 2023-05-23 杭州金智塔科技有限公司 Data privacy exchange system and method
CN116244753B (en) * 2023-05-12 2023-08-15 建信金融科技有限责任公司 Method, device, equipment and storage medium for intersection of private data

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114328504A (en) * 2021-08-27 2022-04-12 腾讯科技(深圳)有限公司 Data joint query method, device, equipment and computer readable storage medium
CN114329578A (en) * 2021-11-25 2022-04-12 光之树(北京)科技有限公司 Data processing method, device and system
WO2022076605A1 (en) * 2020-10-07 2022-04-14 Visa International Service Association Secure and scalable private set intersection for large datasets
CN114444124A (en) * 2022-01-28 2022-05-06 杭州复杂美科技有限公司 Bloom filter-based privacy set intersection method, device and storage medium

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2022076605A1 (en) * 2020-10-07 2022-04-14 Visa International Service Association Secure and scalable private set intersection for large datasets
CN114328504A (en) * 2021-08-27 2022-04-12 腾讯科技(深圳)有限公司 Data joint query method, device, equipment and computer readable storage medium
CN114329578A (en) * 2021-11-25 2022-04-12 光之树(北京)科技有限公司 Data processing method, device and system
CN114444124A (en) * 2022-01-28 2022-05-06 杭州复杂美科技有限公司 Bloom filter-based privacy set intersection method, device and storage medium

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
面向大数据应用的隐私保护技术进展;吴振刚;《电信网技术》;20160215(第02期);全文 *

Also Published As

Publication number Publication date
CN114969830A (en) 2022-08-30

Similar Documents

Publication Publication Date Title
CN114969830B (en) Privacy intersection method, system and readable storage medium
CN114978512B (en) Privacy intersection method and device and readable storage medium
CN107959757B (en) User information processing method and device, APP server and terminal equipment
CN113254956A (en) Data processing method and device and data processing device
CN113449325B (en) Data processing method and device and data processing device
CN115396100B (en) Careless random disorganizing method and system based on secret sharing
CN114840568B (en) Ciphertext sorting method and device and ciphertext sorting device
CN112861175A (en) Data processing method and device and data processing device
CN113315631A (en) Data processing method and device and data processing device
CN113094744A (en) Information processing method, service platform, device for information processing and multi-party secure computing system
CN113014625A (en) Task processing method and device for task processing
CN115085912A (en) Ciphertext computing method and device for ciphertext computing
CN114884645A (en) Privacy calculation method and device and readable storage medium
CN112464257B (en) Data detection method and device for data detection
CN114666048A (en) Data processing method and device, electronic equipment and storage medium
CN112487415B (en) Method and device for detecting security of computing task
CN113051610A (en) Data processing method and device and data processing device
CN116401423A (en) Method, device, equipment and medium for determining median based on secure multiparty calculation
CN115617897B (en) Data type conversion method and multi-party secure computing system
CN114448631B (en) Multi-party security computing method, system and device for multi-party security computing
CN114885038B (en) Encryption protocol conversion method, result acquisition node and privacy calculation node
CN114996752A (en) Multiparty privacy intersection method and device and multiparty privacy intersection device
CN112685747B (en) Data processing method and device and data processing device
CN114969164B (en) Data query method and device and readable storage medium
CN112711744A (en) Processing method and device for computing task and processing device for computing task

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant