CN115396100B - Careless random disorganizing method and system based on secret sharing - Google Patents

Careless random disorganizing method and system based on secret sharing Download PDF

Info

Publication number
CN115396100B
CN115396100B CN202211314434.XA CN202211314434A CN115396100B CN 115396100 B CN115396100 B CN 115396100B CN 202211314434 A CN202211314434 A CN 202211314434A CN 115396100 B CN115396100 B CN 115396100B
Authority
CN
China
Prior art keywords
participants
vector
vectors
matrix
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202211314434.XA
Other languages
Chinese (zh)
Other versions
CN115396100A (en
Inventor
刘文心
李艺
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huakong Tsingjiao Information Technology Beijing Co Ltd
Original Assignee
Huakong Tsingjiao Information Technology Beijing Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huakong Tsingjiao Information Technology Beijing Co Ltd filed Critical Huakong Tsingjiao Information Technology Beijing Co Ltd
Priority to CN202211314434.XA priority Critical patent/CN115396100B/en
Publication of CN115396100A publication Critical patent/CN115396100A/en
Application granted granted Critical
Publication of CN115396100B publication Critical patent/CN115396100B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/46Secure multiparty computation, e.g. millionaire problem

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the invention provides an accidental random scrambling method and system based on secret sharing. The method comprises the following steps: the n participants respectively generate random ordering vectors, and the length of each random ordering vector is m; the n participants carry out n rounds of iterative scrambling operations based on the fragments of the first data vectors respectively held by the n participants and the random ordering vectors respectively held by the n participants, so that the n participants obtain the fragments of second data vectors, and the second data vectors are vectors obtained by carrying out n rounds of iterative scrambling on the first data vectors according to the random ordering vectors of the n participants; in the n rounds of iterative scrambling operation, the output result of the previous round is used as the input of the next round. The embodiment of the invention can realize random data scrambling in multi-party security calculation on the premise of not revealing data privacy.

Description

Careless random disordering method and system based on secret sharing
Technical Field
The invention relates to the field of multi-party secure computing, in particular to an careless random scrambling method and system based on secret sharing.
Background
Multi-party security Computation (MPC) refers to a method in which multiple parties work together to compute the result of a function without revealing the input data of each party of the function, and the computed result is disclosed to one or more parties. Typical applications of multi-party security computing include federal learning, privacy interaction (PSI), and the like.
The federated learning refers to that each data party with data exchanges model related information in an encryption mode on the premise that protected private data are not shared and the owned data are not transmitted to the outside, so that the collaborative optimization of the federated learning model is realized. Privacy intersection may be understood as determining the data intersection between multiple parties on the premise of privacy protection.
In application scenarios such as federal learning and privacy deals based on multi-party security computing, there are situations where input data of participants need to be disturbed. How to realize data scrambling on the premise of not revealing data privacy becomes a problem to be solved urgently at present.
Disclosure of Invention
The embodiment of the invention provides an accidental random disorder method and system based on secret sharing, which can realize random disorder of data on the premise of not revealing data privacy in multi-party security calculation.
In order to solve the above problems, an embodiment of the present invention discloses a secret sharing-based random disorganizing method for carelessness, which is applied to participants in multi-party security computation, where the multi-party security computation includes n participants, the n participants hold pieces of a first data vector, the length of the first data vector is m, and the n participants include a participant S 0 ~S n-1 The method comprises the following steps:
the n participants respectively generate random ordering vectors, and the length of each random ordering vector is m;
the n participants carry out n rounds of iterative scrambling operations based on the fragments of the first data vectors respectively held by the n participants and the random ordering vectors respectively held by the n participants, so that the n participants obtain the fragments of second data vectors, and the second data vectors are vectors obtained by carrying out n rounds of iterative scrambling on the first data vectors according to the random ordering vectors of the n participants; in the n rounds of iterative scrambling operation, the output result of the previous round is used as the input of the next round.
On the other hand, the embodiment of the invention discloses a multi-party security computing system, which is used for carrying out multi-party security computing, wherein the multi-party security computing comprises n participants, the n participants hold fragments of a first data vector, the length of the first data vector is m, and the n participants comprise a participant S 0 ~S n-1 Wherein, in the step (A),
the n participants are used for respectively generating random ordering vectors, and the length of each random ordering vector is m;
the n participants are further configured to perform n rounds of iterative scrambling operations based on the fragments of the respective first data vectors and the respective random ordering vectors, so that the n participants obtain fragments of second data vectors, and the second data vectors are vectors obtained by performing n rounds of iterative scrambling on the first data vectors according to the random ordering vectors of the n participants; in the n rounds of iterative scrambling operation, the output result of the previous round is used as the input of the next round.
In yet another aspect, an embodiment of the present invention discloses a device for secret sharing based random shuffle comprising a memory, and one or more programs, wherein the one or more programs are stored in the memory and configured to be executed by one or more processors, the one or more programs comprising instructions for performing one or more of the secret sharing based random shuffle methods described above.
In yet another aspect, embodiments of the invention disclose a machine-readable storage medium having instructions stored thereon, which when executed by one or more processors of an apparatus, cause the apparatus to perform one or more of the foregoing secret sharing based random shuffle methods.
The embodiment of the invention has the following advantages:
the embodiment of the invention provides an accidental random scrambling method based on secret sharing, wherein each participant in n participants generates a random ordering vector respectively, n rounds of iterative scrambling operations are sequentially carried out on a first data vector by using the random ordering vector of each participant, in the n rounds of iterative scrambling operations, the output result of the previous round is used as the input of the next round, and the final scrambling result is obtained after the execution of the n rounds of iterative scrambling operations is finished. In the scrambling process, each participant holds the fragments of the first data vector, and the plaintext of the first data vector cannot be obtained; in addition, because each participant generates a random ordering vector and does not disclose the random ordering vector of the participant with each other, after n rounds of iterative scrambling operations are performed, each participant can only obtain one fragment of a random scrambling result (a second data vector) of the first data vector, and a plaintext of the second data vector cannot be obtained; in the n rounds of iterative scrambling operations, the output result of the previous round is used as the input of the next round, the scrambling sequence of each round is a random sequence generated by a certain participant, and after the n rounds of iterative scrambling operations, each participant cannot obtain a specific scrambling sequence, so that the scrambling randomness can be realized, and the privacy and the safety of data are ensured.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required to be used in the description of the embodiments of the present invention will be briefly introduced below, and it is obvious that the drawings in the description below are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without inventive labor.
FIG. 1 is a flow chart of the steps of an embodiment of a secret sharing based random shuffle method of the present invention;
FIG. 2 is a block diagram of a multi-party secure computing system 200 embodiment of the present invention;
FIG. 3 is a block diagram of an apparatus 800 for random unscrambling of inadvertent based on secret sharing in accordance with the present invention;
fig. 4 is a schematic diagram of a server in some embodiments of the invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be obtained by a person skilled in the art without inventive step based on the embodiments of the present invention, are within the scope of protection of the present invention.
The terms first, second and the like in the description and in the claims of the present invention are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It will be appreciated that the data so used may be interchanged under appropriate circumstances such that embodiments of the invention may be practiced other than those illustrated or described herein, and that the objects identified as "first," "second," etc. are generally a class of objects and do not limit the number of objects, e.g., a first object may be one or more. Furthermore, the term "and/or" as used in the specification and claims to describe an associative relationship of associated objects means that there may be three relationships, e.g., a and/or B, may mean: a exists alone, A and B exist simultaneously, and B exists alone. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship. The term "plurality" in the embodiments of the present invention means two or more, and other terms are similar thereto.
Referring to fig. 1, a flowchart of steps of an embodiment of an inadvertent random obfuscation method based on secret sharing according to the present invention is shown, which is applied to a participant in a multi-party security computation, where the multi-party security computation includes n participants, the n participants hold pieces of a first data vector, a length of the first data vector is m, and the n participants include a participant S 0 ~S n-1 The method may comprise the steps of:
step 101, the n participants respectively generate random sequencing vectors, and the length of the random sequencing vectors is m;
102, the n participants perform n rounds of iterative scrambling operations based on the fragments of the first data vectors and the random ordering vectors held by the n participants, so that the n participants obtain the fragments of second data vectors, and the second data vectors are vectors obtained by performing n rounds of iterative scrambling on the first data vectors according to the random ordering vectors of the n participants; in the n rounds of iterative scrambling operation, the output result of the previous round is used as the input of the next round.
The careless random scrambling method based on secret sharing provided by the embodiment of the invention can be applied to a scene that the first data vector needs to be randomly scrambled in multi-party security calculation. The first data vector and the randomly ordered vector are vector type data.
The careless random disordering method based on secret sharing can be applied to a multi-party security computing scene based on a secret sharing protocol. The Secret Share (Secret Share) protocol is an information protection protocol for Secret distribution, storage, calculation, and recovery by a plurality of parties in cryptography. Each participant can divide one data into a plurality of shares, each of which is called a share (or a fragment) and distributes the shares to other participants, and then through calculation and communication, the correct function calculation of the data can be completed and the privacy of the data of the participants can be guaranteed.
Exemplarily, the first data vector may be represented as x = { x = 0 ,..,x m-1 }, participant S j Can be expressed as a permutation function pi j E.g. pi j {0,1,2,. Eta., m-1}, or π j ({ 0,1,2,. Eta., m-1 }), j takes a value of 0 to n-1.
In the embodiment of the present invention, the random shuffle (oblivious random shuffle) is to make each participant provide a random ordering vector in turn, such as participant S j Is pi as a random ordering vector j And sequentially performing n rounds of iterative scrambling operations on the first data vector by using the random ordering vector of each participant, wherein in the n rounds of iterative scrambling operations, the output result of the previous round is used as the input of the next round, and the final ordering result is obtained after the execution of the n rounds of iterative scrambling operations is finished. Because each participant generates a random ordering vector and does not disclose the random ordering vector of the participant with each other, after n rounds of iterative scrambling operations are performed, each participant can only obtain one fragment of a random scrambling result (a second data vector) of a first data vector, each participant cannot obtain plaintext data of the first data vector and cannot obtain a specific sequence of the second data vector, and privacy and safety of data can be guaranteed.
In the embodiment of the present invention, the multi-party secure computation includes n participants, where n is an integer greater than 1. The n participants hold a slice of the first data vector. That is, the n participants each hold one slice of x. Further, since x is vector type data, x contains m elements, such as x 0 ~x m-1 Therefore, the n participants respectively hold one slice of x, that is, the n participants respectively hold one slice of each element in x. For example, for a participant S 0 It holds one slice of the first data vector x, referred to as participant S 0 Hold x 0 A segment of, participant S 0 Hold x 1 One segment of (1), and so on, participant S 0 Hold x m-1 One slice of (2). Likewise, for a participant S 1 Holding one slice of the first data vector x, referred to as participant S 1 Hold x 0 A party S 1 Hold x 1 One segment of (1), and so on, participant S 1 Hold x m-1 One slice of (2). Only obtaining S simultaneously 0 ~S n-1 The fragmentation of the first data vector x held by the n participants can be recovered to obtain x = { x = ×) 0 ,..,x m-1 The plaintext of.
The embodiment of the present invention does not limit the source of the first data vector. In an optional embodiment of the present invention, the first data vector may be owned by any one of the n participants and shared secretly to the n participants, or the first data vector may be an intermediate result generated by performing a multi-party security calculation for the n participants.
The embodiment of the invention can randomly scramble the vector data (first data vector) owned by any one or more of n participants, and in the scrambling process, the plaintext of the first data vector cannot be recovered, and the scrambled specific sequence cannot be obtained. The participants possessing the first data vector can share the first data vector in a secret mode, so that n participants respectively hold one fragment of the first data vector.
The first data vector may also be an intermediate result resulting from a multiparty security computation for the n participants. The embodiment of the invention can randomly disorder the intermediate results obtained by n participants in multi-party security calculation, and in the disorder process, the plaintext of the intermediate results cannot be recovered, and the disorder specific sequence cannot be obtained. The participants possessing the intermediate result can share the intermediate result secretly, so that n participants respectively hold one fragment of the intermediate result. The intermediate result is vector type data.
The embodiment of the invention does not limit the type of the multi-party security computation. For example, the multi-party security computation may include federal learning or privacy aggregation intersection based on secret sharing, or the like.
In a multi-party secret sharing protocol, each party may have a compute engine, which may be considered a black box. Each participant inputs the owned fragments into respective computing engine, the computing engines of the multiple participants perform multi-party security computation, the computing engines of the multiple participants perform communication and computation in the multi-party security computation process, and finally the computing engine of each participant outputs the fragments of the computation results to the corresponding participant.
In the embodiment of the present invention, the multi-party security computation includes n participants, such as a participant S 0 ~S n-1 The n participants hold a slice of a first data vector, and the length of the first data vector is m. Wherein n is an integer greater than 1.
First, the n participants locally generate respective random ordering vectors. The embodiment of the present invention does not limit the method for generating the random order vector. For example, a plaintext shuffle algorithm (e.g., knuth shuffle) may be used to generate the random order vector.
And the n participants carry out n rounds of iterative scrambling operations based on the fragments of the first data vectors respectively held and the randomly ordered vectors respectively held, and in the n rounds of iterative scrambling operations, the output result of the previous round is used as the input of the next round.
For example, by a first round of shuffle operation, the first data vector is ordered according to the participants S 0 The random ordering vectors are scrambled to obtain a first round of scrambling result. And taking the result of the first round of scrambling as the input of the second round, and executing the second round of scrambling operation. Through the second round of disordering operation, the disordering result of the first round is carried out according to the participator S 1 The random ordering vectors are scrambled to obtain the result of the second round of scrambling. And so on until n rounds of iterative shuffle operation are completed.
In an optional embodiment of the present invention, the n participants performing n rounds of iterative shuffle operations based on the respective held shards of the first data vector and the respective held randomly ordered vectors may include:
step S11, the n participators based on the fragment of the first data vector and participators S 0 The held random ordering vector is subjected to a first round of scrambling operation, so that the n participants obtain fragments of a first intermediate vector, and the first intermediate vector is the first data vector according to the participant S 0 Randomly ordering the vectors after the vectors are scrambled;
step S11, the n participators based on the respectively owned k-1 th intermediate vector slicing and participators S k-1 Carrying out the kth round of scrambling operation on the held random ordering vector to enable the n participants to obtain the k-th intermediate vector, wherein the k-th intermediate vector is the k-1 th intermediate vector according to the participant S k-1 Randomly ordering the vectors after the vectors are disordered; wherein the value of k is 2 to n.
In the embodiment of the present invention, the result obtained by the first round of scrambling operation is referred to as a first intermediate vector. It should be noted that, when the first round of shuffle operation is completed, each participant gets one slice of the first intermediate vector. Similarly, the result obtained by the second round of scrambling operation is called a second intermediate vector, and each participant obtains one slice of the second intermediate vector. And in analogy, the result obtained by the nth round of scrambling operation is called an nth intermediate vector, and each participant obtains one fragment of the nth intermediate vector. The nth intermediate vector is the second data vector, that is, the nth intermediate vector is a result obtained by performing secret sharing-based random scrambling on the first data vector.
In the embodiment of the invention, each round of scrambling operation can be regarded as a black box operation. The input to the black box operation includes data input by the n participants to the respective compute engines, and the output of the black box operation is the output of the n participant's compute engines.
For example, for a first round of shuffle operation, the input to the first round of shuffle operation includes a slice of a first data vector held by each of the n participants and the participant S 0 A held random ordering vector. Compute engine for n participantsAnd communicating by utilizing the data held by the user, and cooperatively calculating to obtain respective output results. The output of the calculation engine of each participant is a slice of a first intermediate vector, which is the first data vector according to the participant S 0 The random ordered vector of (1) is a scrambled vector. During the first round of shuffle, no plaintext is available for the first intermediate vector by any participant. Each of the n participants can only get one slice of the first intermediate vector.
For the second round of shuffle operation, the input of the second round of shuffle operation includes the slice of the first intermediate vector held by each of the n participants and the participant S 1 A held random ordering vector. The calculation engines of the n participants use the data held by the calculation engines to carry out communication, and the calculation engines cooperate to obtain respective output results. The output of the calculation engine of each participant is a slice of a second intermediate vector, which is the first intermediate vector according to the participant S 1 Randomly ordering the vectors of (a). During the second round of shuffle, no plaintext is available for the second intermediate vector by any of the participants. Each of the n participants can only get one slice of the second intermediate vector.
For the third round of shuffle operation, the input of the third round of shuffle operation includes the fragments of the second intermediate vectors held by each of the n participants and the participant S 2 A held random ordering vector. The calculation engines of the n participants communicate by using data held by the calculation engines, and the calculation engines cooperatively calculate to obtain respective output results. The output of the calculation engine of each participant is a slice of a third intermediate vector, which is the second intermediate vector according to the participant S 2 The random ordered vector of (1) is a scrambled vector. During the third round of shuffle operation, no plaintext is available for the third intermediate vector by any of the participants. Each of the n participants can only get one slice of the third intermediate vector.
And repeating the steps until the nth round of scrambling operation is completed, wherein the n participants obtain the nth intermediate vector fragment, namely, the n participants obtain the second data vector fragment.
In an optional embodiment of the invention, the n participants are based on a respective holding fragmentation of the first data vector and on a participant S 0 The holding random ordering vector is subjected to a first round of scrambling operation, which may include:
step S21, the participant S 0 Generating a first matrix and a second matrix; the first matrix is (p) 0 ,p 1 ,...,p m-1 ) T Wherein p is i = (i, i., i), wherein the value of i is 0 to m-1; the second matrix is (ind, ind,..., ind) T Wherein ind is the participant S 0 A held random ordering vector; the first matrix and the second matrix are m × m matrices;
step S22, the participant S 0 Performing plaintext comparison operation on the first matrix and the second matrix locally to obtain a first comparison result matrix;
step S23, the participant S 0 Secret sharing is carried out on the first comparison result matrix, so that the n participants obtain fragments of the first comparison result matrix;
step S24, the n participants perform secret sharing multiplication operation based on the fragments of the first data vector and the fragments of the first comparison result matrix, so that the n participants obtain the fragment of the first intermediate vector.
In the embodiment of the invention, each round of scrambling operation is a process in which n participants sequentially execute an inadvertent random scrambling method based on secret sharing according to a random ordering vector of one of the participants.
Using the first round of shuffle as an example, participant S 0 The first matrix and the second matrix may be generated locally. The first matrix is (p) 0 ,p 1 ,...,p m-1 ) T Wherein p is i And (i, i,.., i), wherein the value of i is 0 to m-1.
In an embodiment of the invention, it is assumed that a participant S j GeneratingRandom order vector pi j ({ 0,1,2,. Eta., m-1 }), and converting π j ({ 0,1,2,. Eta., m-1 }) is denoted as ind, and the second matrix is denoted as (ind, ind,. Eta., ind) T . In the first round of shuffle operation, the participant S 0 Locally generating a second matrix, the ind in the second matrix being the participant S 0 A held random ordering vector. In the second round of shuffle operation, the participant S 1 The first matrix and the second matrix are locally generated. Participant S 1 The first matrix and the participant S are generated 0 The first generated matrix is the same, participant S 1 Ind in the generated second matrix is participant S 1 A held random ordering vector. In the third round of shuffle operation, the participant S 2 The first matrix and the second matrix are generated locally and so on. The first matrix and the second matrix are m × m matrices.
Example one, assume n =3,m =4. Exemplarily, let the first data vector be x, let x = (x) 0 ,x 1 ,x 2 ,x 3 ) (ii) a Party S to be participated j Is recorded as pi j And j is 0 to n-1. Secret sharing, a first data vector (x) 0 ,x 1 ,x 2 ,x 3 ) Is divided into three shards, one shard being held by each of the three participants.
In example one, let 3 participants be S 0 、S 1 And S 2 Participant S 0 Locally generating a first matrix, if the first matrix is denoted as p _ matrix, then p _ matrix = (p) 0 ,p 1 ,p 2 ,p 3 ) T . Wherein p is 0 =(0,0,0,0),p 1 =(1,1,1,1),p 2 =(2,2,2,2),p 3 = (3,3,3,3). Suppose that party S will be involved 0 And the generated first matrix is marked as p _ matrix _0, then:
Figure 883557DEST_PATH_IMAGE001
the first matrix p _ matrix _0 is an m × m matrix, and the element values in the first matrix p _ matrix _0 may be plaintext.
Participant S 0 Locally generating a second matrix, if the second matrix is denoted as ind _ matrix, then ind _ matrix = (ind, ind,. Multidata nd) T . Suppose S 0 The generated random ordering vector is pi 0 Indel = (3,2,1,0), then ind = (3,2,1,0). Party S to be participated 0 And the generated second matrix is denoted as ind _ matrix _0, then:
Figure 269539DEST_PATH_IMAGE002
the second matrix ind _ matrix _0 is an m × m matrix, and the element values in the second matrix ind _ matrix _0 may be plaintext.
Participant S 0 And carrying out plaintext comparison operation on the generated first matrix p _ matrix _0 and the second matrix ind _ matrix _0 locally to obtain a first comparison result matrix. Such as party S 0 And marking the obtained first comparison result matrix as cmp _ matrix _0, and then:
Figure 314855DEST_PATH_IMAGE003
participant S 0 Locally comparing the elements at each corresponding position in the first matrix p _ matrix _0 and the second matrix ind _ matrix _0, and if the two elements at the same position are equal, recording the value of the element at the position in the first comparison result matrix cmp _ matrix _0 as 1, otherwise recording the value of the element as 0.
The first comparison result matrix cmp _ matrix _0 is an m × m matrix, and the element values in the first comparison result matrix cmp _ matrix _0 may be plaintext.
Participant S 0 Secret sharing is carried out on the first comparison result matrix cmp _ matrix _0 obtained through calculation, so that the n participants obtain the fragments of the first comparison result matrix cmp _ matrix _ 0; the n participants perform secret sharing multiplication operation based on the fragments of the first data vector x and the fragments of the first comparison result matrix cmp _ matrix _0, so that the n participants obtain the fragments of the first intermediate vector.
In example one, participant S 0 Secret sharing is carried out on the first comparison result matrix cmp _ matrix _0, and a participant S 1 And S 2 Slices of the first comparison result matrix cmp _ matrix _0 are received but the plaintext of the first comparison result matrix cmp _ matrix _0 is not known. Participant S 0 、S 1 And S 2 And the three parties execute the secret sharing matrix multiplication operation to respectively obtain the first intermediate vector fragments.
Such as denoting the first intermediate vector as res 0 Then res 0 =(x 3 ,x 2 ,x 1 ,x 0 ). Participant S 0 、S 1 And S 2 Each having res 0 One slice of (2).
In this embodiment of the present invention, the n participants perform a secret sharing multiplication operation based on the respective holding fragments of the first data vector and the first comparison result matrix, and the multiplication operation may be regarded as a black box operation. The input to the black box operation includes data input by the n participants to the respective computing engines, and the output of the black box operation is the output of the n participant's computing engines. The inputs to the multiplication operation include a slice of a first data vector held by each of the n participant inputs and a slice of a first comparison result matrix held by each of the n participant inputs. The calculation engines of the n participants use the data held by the calculation engines to carry out communication, and the calculation engines cooperate to obtain respective output results. The output of the computing engine of each participant is a slice of a first intermediate vector, which is the first data vector according to participant S 0 The random ordered vector of (1) is a scrambled vector. During this multiplication operation no plaintext is available for the first intermediate vector by any of the participants. Each of the n participants can only get one slice of the first intermediate vector.
In a specific implementation, the n participants perform a secret-sharing multiplication operation based on the respective holding fragments of the first data vector and the first comparison result matrix, and the multiplication operation may be implemented by calling a secret-sharing matrix multiplier or by directly calling a multiplier. Illustratively, the way of invoking the secret-shared matrix multiplier may be implemented by OT (Oblivious Transfer) or fully homomorphic generation of matrix Beaver triples. The way of directly calling the multiplicative operator can be realized by converting the matrix multiplication into m × k × n multiplications and k additions. The embodiment of the invention does not limit the internal implementation of the secret sharing matrix multiplication operator, the secret sharing matrix multiplication operator is used as a black box operator to be called, and the existing algorithm and the algorithm which will appear in the future and can realize the matrix multiplication function can be used as the embodiment of the invention.
A second round of shuffle operation is next performed. The scramble operation of the k-th round is the same as the scramble operation of the first round in steps, and is different in input data. For example, the input data of the first round of shuffle operation is a slice of the first data vector held by each of the n participants, and the input data of the second round of shuffle operation is a slice of the first intermediate vector held by each of the n participants. In addition, in the kth round of shuffle operation, the party S k-1 Generating a first matrix and a second matrix of m multiplied by m, carrying out plaintext comparison operation on the generated first matrix and second matrix locally to obtain a first comparison result matrix, and carrying out secret sharing on the first comparison result matrix.
In a second round of shuffle operation, the participant S 1 Locally generating a first matrix, which is assumed to be p _ matrix _1, then p _ matrix _1= (p) 0 ,p 1 ,p 2 ,p 3 ) T . Wherein p is 0 =(0,0,0,0),p 1 = (1,1,1,1),p 2 =(2,2,2,2),p 3 = (3,3,3,3). Namely:
Figure 37960DEST_PATH_IMAGE004
participant S 1 Locally generating a second matrix, let it be denoted ind _ matrix _1, then ind _ matrix _1= (ind, ind,..., ind) T . Suppose S 1 The generated random ordering vector is pi 1 = (2,1,0,3), then ind = (2,1,0,3). Namely:
Figure 117912DEST_PATH_IMAGE005
participant S 1 Performing plaintext comparison operation on the first matrix p _ matrix _1 and the second matrix ind _ matrix _1 generated by the first matrix p _ matrix _1 locally to obtain a first comparison result matrix cmp _ matrix _1, and then:
Figure 409216DEST_PATH_IMAGE006
participant S 1 Locally comparing the elements of each corresponding position in the first matrix p _ matrix _1 and the second matrix ind _ matrix _1, and if two elements of the same position are equal, recording the value of the element of the position in the first comparison result matrix cmp _ matrix _1 as 1, otherwise, recording as 0.
Participant S 1 Secret sharing is carried out on the first comparison result matrix cmp _ matrix _1 obtained through calculation, so that the n participants obtain the fragments of the first comparison result matrix cmp _ matrix _ 1; the n participants perform a secret sharing multiplication operation based on the slices of the first intermediate vector and the slices of the first comparison result matrix cmp _ matrix _1, so that the n participants obtain the slices of the second intermediate vector.
In example one, participant S 1 Secret sharing is carried out on the first comparison result matrix cmp _ matrix _1, and a participant S 0 And S 2 Slices of the first comparison result matrix cmp _ matrix _1 are received but the plaintext of the first comparison result matrix cmp _ matrix _1 is not known. Participant S 0 、S 1 And S 2 And the three parties execute the secret sharing matrix multiplication operation to respectively obtain the second intermediate vector fragments.
If the second intermediate vector is recorded as res 1 Then res 1 =(x 1 ,x 2 ,x 3 ,x 0 ). Participant S 0 、S 1 And S 2 Each having res 1 One slice of (2).
The third round of shuffle operation is performed next.
Participant S 2 If the first matrix is generated locally, as p _ matrix _2, then p _ matrix _2= (p) 0 ,p 1 ,p 2 ,p 3 ) T . Wherein p is 0 =(0,0,0,0),p 1 = (1,1,1,1),p 2 =(2,2,2,2),p 3 = (3,3,3,3). Namely:
Figure 754878DEST_PATH_IMAGE007
participant S 2 Locally generating a second matrix, if denoted as ind _ matrix _2, ind _ matrix _2= (ind, ind,..., ind) T . Suppose S 2 The generated random ordering vector is pi 2 = (1,3,2,0), then ind = (1,3,2,0). Namely:
Figure 219357DEST_PATH_IMAGE008
participant S 2 Performing plaintext comparison operation on the first matrix p _ matrix _2 and the second matrix ind _ matrix _2 generated by the first matrix p _ matrix _2 locally to obtain a first comparison result matrix cmp _ matrix _2, and then:
Figure 91498DEST_PATH_IMAGE009
participant S 2 Locally comparing the elements of each corresponding position in the first matrix p _ matrix _2 and the second matrix ind _ matrix _2, and if two elements of the same position are equal, recording the value of the element of the position in the first comparison result matrix cmp _ matrix _2 as 1, otherwise, recording as 0.
Participant S 2 Secret sharing is performed on the first comparison result matrix cmp _ matrix _2 obtained through calculation, so that the n participants obtain fragments of the first comparison result matrix cmp _ matrix _ 2; the n participants are based on the respective second intermediate vector's segment and the first ratioAnd the fragments of the comparison result matrix cmp _ matrix _2 are subjected to secret sharing multiplication operation, so that the n participants obtain the fragments of the third intermediate vector.
In example one, participant S 2 Secret sharing is carried out on the first comparison result matrix cmp _ matrix _2, and a participant S 0 And S 1 The slice of the first comparison result matrix cmp _ matrix _2 is received but the plaintext of the first comparison result matrix cmp _ matrix _2 is not known. Participant S 0 、S 1 And S 2 And the three parties execute the secret sharing matrix multiplication operation to respectively obtain the fragments of the third intermediate vector.
Such as denoting the third intermediate vector as res 2 Then res 2 =(x 2 ,x 0 ,x 3 ,x 1 ). Participant S 0 、S 1 And S 2 Each having res 2 One slice of (2).
At this time, n rounds of iterative shuffle operation are performed and the participant S 0 、S 1 And S 2 The third parties respectively hold the second data vector (res) 2 ) One slice of (2).
In example one, the first data vector x = (x) 0 ,x 1 ,x 2 ,x 3 ) Second data vector res 2 =(x 2 ,x 0 ,x 3 ,x 1 ). And the second data vector is a vector obtained by performing n rounds of iterative scrambling on the first data vector according to the random ordering vectors of the n participants. Because each participant generates a random ordering vector and the random ordering vectors of the participants are not disclosed mutually, the random ordering vector generated by each participant is only used as one round of disorder sequence, after n iterations of disorder, any participant cannot obtain a specific disorder sequence, and the privacy and safety of data can be ensured.
In an optional embodiment of the present invention, the n participants further hold a slice of a third data vector, and the method may further include:
step S31, taking the second data vector as a target sorting vector;
step S32, the n participants execute an inadvertent shuffle operation based on secret sharing based on the fragments of the target ordering vectors held by the n participants and the fragments of the third data vectors held by the n participants, so that the n participants obtain the fragments of a fourth data vector, where the fourth data vector is a vector in which the third data vector is shuffled according to the target ordering vectors.
After the random scrambling method based on secret sharing is executed, the first data vector can be randomly scrambled, and each participant can obtain one fragment of a random scrambling result (second data vector). Furthermore, the second data vector can be used as a target sorting vector, and the third data vector is subjected to careless scrambling based on secret sharing. In the process of the careless disorder, the specific disorder sequence is not provided by a certain participant but obtained by performing repeated iterative computation in a secret sharing mode, so that the randomness of the careless disorder can be realized, any participant cannot know the specific disorder sequence, and the privacy and the safety of data can be further ensured.
In summary, an embodiment of the present invention provides an inadvertent random scrambling method based on secret sharing, where each of n participants generates a random ordering vector, and the random ordering vector of each participant is used to sequentially perform n rounds of iterative scrambling operations on a first data vector, where in the n rounds of iterative scrambling operations, an output result of a previous round is used as an input of a next round, and after the n rounds of iterative scrambling operations are performed, a final scrambling result is obtained. In the scrambling process, each participant holds the fragments of the first data vector, and the plaintext of the first data vector cannot be obtained; in addition, because each participant generates a random ordering vector and does not disclose the random ordering vector of the participant with each other, after n rounds of iterative scrambling operations are performed, each participant can only obtain one fragment of a random scrambling result (a second data vector) of the first data vector, and a plaintext of the second data vector cannot be obtained; in the n rounds of iterative scrambling operations, the output result of the previous round is used as the input of the next round, the scrambling sequence of each round is a random sequence generated by a certain participant, and after the n rounds of iterative scrambling operations, each participant cannot obtain a specific scrambling sequence, so that the scrambling randomness can be realized, and the privacy and the safety of data are ensured.
It should be noted that for simplicity of description, the method embodiments are shown as a series of combinations of acts, but those skilled in the art will recognize that the embodiments are not limited by the order of acts, as some steps may occur in other orders or concurrently in accordance with the embodiments. Further, those skilled in the art will appreciate that the embodiments described in the specification are presently preferred and that no particular act is required to implement the invention.
Referring to FIG. 2, a block diagram of a multi-party secure computing system 200 for performing multi-party secure computing according to an embodiment of the present invention is shown, where the multi-party secure computing system includes n parties, where the n parties hold pieces of a first data vector, the length of the first data vector is m, and the n parties include party S 0 ~S n-1 Wherein, in the step (A),
the n participants are used for respectively generating random sequencing vectors, and the length of each random sequencing vector is m;
the n participants are further configured to perform n rounds of iterative scrambling operations based on the fragments of the respective first data vectors and the respective random ordering vectors, so that the n participants obtain fragments of second data vectors, and the second data vectors are vectors obtained by performing n rounds of iterative scrambling on the first data vectors according to the random ordering vectors of the n participants; in the n rounds of iterative scrambling operation, the output result of the previous round is used as the input of the next round.
Optionally, the n participants are specifically for sharding based on the respective owned first data vector and participant S 0 The held random ordering vector carries out a first round of scrambling operation, so that the n participants obtain a first intermediate vector fragment, and the first intermediate vectorAccording to the participant S for the first data vector 0 Randomly ordering the vectors after the vectors are disordered; sharding based on the respectively owned k-1 th intermediate vector and participant S k-1 Carrying out the kth round of scrambling operation on the held random ordering vectors to enable the n participants to obtain the k-th intermediate vector fragment, wherein the k-th intermediate vector is the k-1-th intermediate vector according to the participant S k-1 Randomly ordering the vectors after the vectors are disordered; wherein the value of k is 2 to n.
Optionally, the participant S 0 In particular for generating a first matrix and a second matrix; the first matrix is (p) 0 ,p 1 ,...,p m-1 ) T Wherein p is i = i, i), i having a value of 0 to m-1; the second matrix is (ind, ind,. Ang) T Wherein ind is the participant S 0 A held random ordering vector; the first matrix and the second matrix are m × m matrices; performing plaintext comparison operation on the first matrix and the second matrix locally to obtain a first comparison result matrix; secret sharing is carried out on the first comparison result matrix, so that the n participants obtain fragments of the first comparison result matrix;
the n participants are specifically configured to perform secret sharing multiplication operation based on the fragments of the first data vector and the fragments of the first comparison result matrix, so that the n participants obtain the fragment of the first intermediate vector.
Optionally, the n participants hold a slice of a third data vector, and use the second data vector as a target ordering vector;
the n participants are further configured to execute an inadvertent shuffle operation based on secret sharing based on the fragments of the target ordering vectors held by the respective participants and the fragments of the third data vectors held by the respective participants, so that the n participants obtain the fragments of a fourth data vector, and the fourth data vector is a vector obtained by shuffling the third data vector according to the target ordering vectors.
Optionally, the first data vector is owned by any one of the n participants and shared secretly to the n participants, or the first data vector is an intermediate result generated by performing multi-party security computation on the n participants.
In the embodiment of the present invention, the random disorder (oblivious random shuffle) is to sequentially provide a random ordering vector for each participant, and sequentially perform n rounds of iterative disorder operations on a first data vector by using the random ordering vector of each participant, where in the n rounds of iterative disorder operations, an output result of a previous round is used as an input of a next round, and after the execution of the n rounds of iterative disorder operations is completed, a final disorder result is obtained. Because each participant generates a random ordering vector and does not disclose the random ordering vector of the participant, after n rounds of iterative scrambling operations are performed, each participant can only obtain one fragment of a random scrambling result (a second data vector) of a first data vector, each participant cannot obtain plaintext data of the first data vector and cannot obtain a specific sequence of the second data vector, and privacy and safety of data can be guaranteed.
In summary, the embodiment of the present invention provides a multi-party secure computing system, which can be used to implement an inadvertent random obfuscation method based on secret sharing. The multi-party safety computing system comprises n participants, wherein each participant in the n participants generates a random ordering vector respectively, n rounds of iterative scrambling operations are sequentially carried out on a first data vector by using the random ordering vector of each participant, in the n rounds of iterative scrambling operations, the output result of the previous round is used as the input of the next round, and the final scrambling result is obtained after the execution of the n rounds of iterative scrambling operations is finished. In the scrambling process, each participant holds the fragments of the first data vector, and the plaintext of the first data vector cannot be obtained; in addition, because each participant generates a random ordering vector and does not disclose the random ordering vectors of the participant, after n rounds of iterative scrambling operations are performed, each participant can only obtain one fragment of a random scrambling result (a second data vector) of a first data vector, and cannot obtain a plaintext of the second data vector; in the n rounds of iterative scrambling operations, the output result of the previous round is used as the input of the next round, the scrambling sequence of each round is a random sequence generated by a certain participant, and after the n rounds of iterative scrambling operations, each participant cannot obtain the specific scrambling sequence, so that the scrambling randomness can be realized, and the privacy and the safety of data are ensured.
For the system embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, refer to the partial description of the method embodiment.
The embodiments in the present specification are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.
With regard to the system in the above embodiment, the specific manner in which each module performs the operation has been described in detail in the embodiment related to the method, and will not be elaborated here.
An embodiment of the present invention provides a device for secret sharing based random shuffle comprising a memory, and one or more programs, wherein the one or more programs are stored in the memory and configured to be executed by one or more processors comprises instructions for performing the secret sharing based shuffle method described in one or more of the above embodiments.
Fig. 3 is a block diagram illustrating an apparatus 800 for random shuffle of carelessness based on secret sharing in accordance with an exemplary embodiment. For example, the apparatus 800 may be a mobile phone, a computer, a digital broadcast terminal, a messaging device, a game console, a tablet device, a medical device, an exercise device, a personal digital assistant, and the like.
Referring to fig. 3, the apparatus 800 may include one or more of the following components: processing component 802, memory 804, power component 806, multimedia component 808, audio component 810, input/output (I/O) interface 812, sensor component 814, and communication component 816.
The processing component 802 generally controls overall operation of the device 800, such as operations associated with display, telephone calls, data communications, camera operations, and recording operations. The processing elements 802 may include one or more processors 820 to execute instructions to perform all or a portion of the steps of the methods described above. Further, the processing component 802 can include one or more modules that facilitate interaction between the processing component 802 and other components. For example, the processing component 802 can include a multimedia module to facilitate interaction between the multimedia component 808 and the processing component 802.
The memory 804 is configured to store various types of data to support operation at the device 800. Examples of such data include instructions for any application or method operating on device 800, contact data, phonebook data, messages, pictures, videos, and so forth. The memory 804 may be implemented by any type or combination of volatile or non-volatile memory devices such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disks.
Power components 806 provide power to the various components of device 800. The power components 806 may include a power management system, one or more power supplies, and other components associated with generating, managing, and distributing power for the apparatus 800.
The multimedia component 808 includes a screen that provides an output interface between the device 800 and a user. In some embodiments, the screen may include a Liquid Crystal Display (LCD) and a Touch Panel (TP). If the screen includes a touch panel, the screen may be implemented as a touch screen to receive an input signal from a user. The touch panel includes one or more touch sensors to sense touch, slide, and gestures on the touch panel. The touch sensor may not only sense the boundary of a touch or slide action, but also detect the duration and pressure associated with the touch or slide operation. In some embodiments, the multimedia component 808 includes a front facing camera and/or a rear facing camera. The front-facing camera and/or the rear-facing camera may receive external multimedia data when the device 800 is in an operating mode, such as a shooting mode or a video mode. Each front camera and rear camera may be a fixed optical lens system or have a focal length and optical zoom capability.
The audio component 810 is configured to output and/or input audio signals. For example, the audio component 810 includes a Microphone (MIC) configured to receive external audio signals when the apparatus 800 is in an operational mode, such as a call mode, a recording mode, and a voice information processing mode. The received audio signal may further be stored in the memory 804 or transmitted via the communication component 816. In some embodiments, audio component 810 also includes a speaker for outputting audio signals.
The I/O interface 812 provides an interface between the processing component 802 and peripheral interface modules, which may be keyboards, click wheels, buttons, etc. These buttons may include, but are not limited to: a home button, a volume button, a start button, and a lock button.
The sensor assembly 814 includes one or more sensors for providing various aspects of state assessment for the device 800. For example, the sensor assembly 814 may detect the open/closed state of the device 800, the relative positioning of components, such as a display and keypad of the apparatus 800, the sensor assembly 814 may also search for a change in the position of the apparatus 800 or a component of the apparatus 800, the presence or absence of user contact with the apparatus 800, orientation or acceleration/deceleration of the apparatus 800, and a change in the temperature of the apparatus 800. Sensor assembly 814 may include a proximity sensor configured to detect the presence of a nearby object without any physical contact. The sensor assembly 814 may also include a light sensor, such as a CMOS or CCD image sensor, for use in imaging applications. In some embodiments, the sensor assembly 814 may also include an acceleration sensor, a gyroscope sensor, a magnetic sensor, a pressure sensor, or a temperature sensor.
The communication component 816 is configured to facilitate communications between the apparatus 800 and other devices in a wired or wireless manner. The device 800 may access a wireless network based on a communication standard, such as WiFi,2G or 3G, or a combination thereof. In an exemplary embodiment, the communication component 816 receives broadcast signals or broadcast related information from an external broadcast management system via a broadcast channel. In an exemplary embodiment, the communication component 816 further includes a Near Field Communication (NFC) module to facilitate short-range communications. For example, the NFC module may be implemented based on radio frequency information processing (RFID) technology, infrared data association (IrDA) technology, ultra Wideband (UWB) technology, bluetooth (BT) technology, and other technologies.
In an exemplary embodiment, the apparatus 800 may be implemented by one or more Application Specific Integrated Circuits (ASICs), digital Signal Processors (DSPs), digital Signal Processing Devices (DSPDs), programmable Logic Devices (PLDs), field Programmable Gate Arrays (FPGAs), controllers, micro-controllers, microprocessors or other electronic components for performing the above-described methods.
In an exemplary embodiment, a non-transitory computer-readable storage medium comprising instructions, such as the memory 804 comprising instructions, executable by the processor 820 of the device 800 to perform the above-described method is also provided. For example, the non-transitory computer readable storage medium may be a ROM, a Random Access Memory (RAM), a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and the like.
Fig. 4 is a schematic diagram of a server in some embodiments of the invention. The server 1900, which may vary considerably in configuration or performance, may include one or more Central Processing Units (CPUs) 1922 (e.g., one or more processors) and memory 1932, one or more storage media 1930 (e.g., one or more mass storage devices) storing applications 1942 or data 1944. Memory 1932 and storage medium 1930 can be, among other things, transient or persistent storage. The program stored in the storage medium 1930 may include one or more modules (not shown), each of which may include a series of instructions operating on a server. Still further, a central processor 1922 may be provided in communication with the storage medium 1930 to execute a series of instruction operations in the storage medium 1930 on the server 1900.
The server 1900 may also include one or more power supplies 1926, one or more wired or wireless network interfaces 1950, one or more input-output interfaces 1958, one or more keyboards 1956, and/or one or more operating systems 1941, such as Windows Server, mac OS XTM, unixTM, linuxTM, freeBSDTM, etc.
A non-transitory computer readable storage medium in which instructions, when executed by a processor of a device (server or terminal), enable the device to perform the secret sharing based random shuffle method shown in fig. 1.
A non-transitory computer-readable storage medium, wherein instructions in the storage medium, when executed by a processor of a device (server or terminal), enable the device to perform the description of the inadvertent random obfuscation method based on secret sharing in the embodiment corresponding to fig. 1, and therefore, the description will not be repeated here. In addition, the beneficial effects of the same method are not described in detail. For technical details not disclosed in the embodiments of the computer program product or the computer program referred to in the present application, reference is made to the description of the embodiments of the method of the present application.
Further, it should be noted that: embodiments of the present application also provide a computer program product or computer program, which may include computer instructions, which may be stored in a computer-readable storage medium. The processor of the computer device reads the computer instruction from the computer-readable storage medium, and the processor can execute the computer instruction, so that the computer device executes the description of the inadvertent random scrambling method based on secret sharing in the embodiment corresponding to fig. 1, which is described above, and therefore, details are not repeated here. In addition, the beneficial effects of the same method are not described in detail. For technical details not disclosed in the embodiments of the computer program product or the computer program referred to in the present application, reference is made to the description of the embodiments of the method of the present application.
Other embodiments of the invention will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This invention is intended to cover any variations, uses, or adaptations of the invention following, in general, the principles of the invention and including such departures from the present disclosure as come within known or customary practice within the art to which the invention pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the invention being indicated by the following claims.
It will be understood that the invention is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the invention is limited only by the appended claims.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.
The method for random disturbance of carelessness based on secret sharing, the multi-party secure computing system, the device for random disturbance of carelessness based on secret sharing and the readable storage medium provided by the invention are introduced in detail, specific examples are applied in the text to explain the principle and the implementation mode of the invention, and the description of the embodiment is only used for helping to understand the method and the core idea of the invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, the specific embodiments and the application range may be changed, and in summary, the content of the present specification should not be construed as a limitation to the present invention.

Claims (10)

1. An accidental random scrambling method based on secret sharing is characterized by being applied to participants in multi-party security computing, wherein the multi-party security computing comprises n participants, the n participants hold fragments of a first data vector, and the length of the first data vector ism, the n participants including a participant S 0 ~S n-1 The method comprises the following steps:
the n participants respectively generate random sequencing vectors, and the length of each random sequencing vector is m;
the n participants carry out n rounds of iterative scrambling operations based on the fragments of the first data vectors respectively held by the n participants and the random ordering vectors respectively held by the n participants, so that the n participants obtain the fragments of second data vectors, and the second data vectors are vectors obtained by carrying out n rounds of iterative scrambling on the first data vectors according to the random ordering vectors of the n participants; in the n rounds of iterative scrambling operation, the output result of the previous round is used as the input of the next round;
the n participants hold a slice of a third data vector, the method further comprising:
taking the second data vector as a target ordering vector;
the n participants execute careless scrambling operation based on secret sharing based on the fragments of the target ordering vectors and the fragments of the third data vectors, so that the n participants obtain the fragments of the fourth data vectors, and the fourth data vectors are the vectors of the third data vectors after being scrambled according to the target ordering vectors.
2. The method of claim 1, wherein the n participants perform n iterations of the shuffle operation based on the respective held shards of the first data vector and the respective held randomly ordered vectors, comprising:
the n participants are based on the respective holding fragmentation of the first data vector and on the participant S 0 The held random ordering vector is subjected to a first round of scrambling operation, so that the n participants obtain fragments of a first intermediate vector, and the first intermediate vector is the first data vector according to the participant S 0 Randomly ordering the vectors after the vectors are scrambled;
the n participants are based on the respective holding piece of the k-1 intermediate vector and the participant S k-1 Held byRandomly ordering vectors to carry out a kth round of scrambling operation, so that the n participants obtain a kth intermediate vector fragment, wherein the kth intermediate vector is the kth-1 intermediate vector according to the participant S k-1 Randomly ordering the vectors after the vectors are disordered; wherein the value of k is 2 to n.
3. The method of claim 2, wherein the n participants are based on a respective self-contained shard of the first data vector and a participant S 0 The held random ordering vector carries out a first round of scrambling operation, which comprises the following steps:
the participant S 0 Generating a first matrix and a second matrix; the first matrix is (p) 0 ,p 1 ,...,p m-1 ) T Wherein p is i = i, i), i having a value of 0 to m-1; the second matrix is (ind, ind,. Ang) T Wherein ind is the participant S 0 A held random ordering vector; the first matrix and the second matrix are m × m matrices;
the participant S 0 Performing plaintext comparison operation on the first matrix and the second matrix locally to obtain a first comparison result matrix;
the participant S 0 Secret sharing is carried out on the first comparison result matrix, so that the n participants obtain fragments of the first comparison result matrix;
and the n participants carry out secret sharing multiplication operation based on the fragments of the first data vector and the fragments of the first comparison result matrix, so that the n participants obtain the fragments of the first intermediate vector.
4. The method of claim 1, wherein the first data vector is owned by any one of the n participants and shared secretly to the n participants, or wherein the first data vector is an intermediate result of a multi-party security computation performed by the n participants.
5. A multi-party secure computing system is characterized in that the multi-party secure computing system is used for performing multi-party secure computing, the multi-party secure computing comprises n parties, the n parties hold fragments of a first data vector, the length of the first data vector is m, and the n parties comprise a party S 0 ~S n-1 Wherein, in the step (A),
the n participants are used for respectively generating random ordering vectors, and the length of each random ordering vector is m;
the n participants are further configured to perform n rounds of iterative scrambling operations based on the fragments of the respective first data vectors and the respective random ordering vectors, so that the n participants obtain fragments of second data vectors, and the second data vectors are vectors obtained by performing n rounds of iterative scrambling on the first data vectors according to the random ordering vectors of the n participants; in the n rounds of iterative scrambling operation, the output result of the previous round is used as the input of the next round;
the n participants hold the fragments of a third data vector and take the second data vector as a target sorting vector;
the n participants are further configured to execute an inadvertent shuffle operation based on secret sharing based on the fragments of the target ordering vectors held by the respective participants and the fragments of the third data vectors held by the respective participants, so that the n participants obtain the fragments of a fourth data vector, and the fourth data vector is a vector obtained by shuffling the third data vector according to the target ordering vectors.
6. The multi-party secure computing system of claim 5,
the n participants are specifically for a sharding based on a respective held first data vector and a participant S 0 Carrying out a first round of scrambling operation on the held random ordering vector to enable the n participants to obtain a fragment of a first intermediate vector, wherein the first intermediate vector is the first data vector according to the participant S 0 Randomly ordering the vectors after the vectors are scrambled; based on the respective ownedSharding of k-1 intermediate vectors and participants S k-1 Carrying out the kth round of scrambling operation on the held random ordering vectors to enable the n participants to obtain the k-th intermediate vector fragment, wherein the k-th intermediate vector is the k-1-th intermediate vector according to the participant S k-1 Randomly ordering the vectors after the vectors are scrambled; wherein the value of k is 2 to n.
7. The multi-party secure computing system of claim 6,
the participant S 0 In particular for generating a first matrix and a second matrix; the first matrix is (p) 0 ,p 1 ,...,p m-1 ) T Wherein p is i = i, i), i having a value of 0 to m-1; the second matrix is (ind, ind,..., ind) T Wherein ind is the participant S 0 A held random ordering vector; the first matrix and the second matrix are m × m matrices; performing plaintext comparison operation on the first matrix and the second matrix locally to obtain a first comparison result matrix; secret sharing is carried out on the first comparison result matrix, so that the n participants obtain fragments of the first comparison result matrix;
the n participants are specifically configured to perform secret sharing multiplication operation based on the fragments of the first data vector and the fragments of the first comparison result matrix, so that the n participants obtain the fragment of the first intermediate vector.
8. The multi-party secure computing system of claim 5, wherein the first data vector is owned by any one of the n parties and shared secretly to the n parties, or wherein the first data vector is an intermediate result generated by the n parties performing multi-party secure computing.
9. An apparatus for secret sharing based random shuffle of carelessness comprising a memory, and one or more programs, wherein the one or more programs are stored in the memory and configured to be executed by one or more processors, the one or more programs comprising instructions for performing the secret sharing based shuffle method of any of claims 1-4.
10. A readable storage medium having stored thereon instructions that, when executed by one or more processors of an apparatus, cause the apparatus to perform the secret sharing based method of casual random obfuscation as defined in any one of claims 1 to 4.
CN202211314434.XA 2022-10-26 2022-10-26 Careless random disorganizing method and system based on secret sharing Active CN115396100B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211314434.XA CN115396100B (en) 2022-10-26 2022-10-26 Careless random disorganizing method and system based on secret sharing

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211314434.XA CN115396100B (en) 2022-10-26 2022-10-26 Careless random disorganizing method and system based on secret sharing

Publications (2)

Publication Number Publication Date
CN115396100A CN115396100A (en) 2022-11-25
CN115396100B true CN115396100B (en) 2023-01-06

Family

ID=84128895

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211314434.XA Active CN115396100B (en) 2022-10-26 2022-10-26 Careless random disorganizing method and system based on secret sharing

Country Status (1)

Country Link
CN (1) CN115396100B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115630711B (en) * 2022-12-19 2023-04-07 华控清交信息科技(北京)有限公司 XGboost model training method and multi-party security computing platform
CN115719094B (en) * 2023-01-06 2023-04-28 腾讯科技(深圳)有限公司 Model training method, device, equipment and storage medium based on federal learning
CN115941181B (en) * 2023-02-02 2023-05-12 华控清交信息科技(北京)有限公司 Out-of-order secret sharing method, system and readable storage medium

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112700031A (en) * 2020-12-12 2021-04-23 同济大学 XGboost prediction model training method for protecting multi-party data privacy
CN113111569A (en) * 2021-03-08 2021-07-13 支付宝(杭州)信息技术有限公司 Disorder processing method, model training method, device and computing equipment
WO2021220278A1 (en) * 2020-04-27 2021-11-04 B.G. Negev Technologies And Applications Ltd., At Ben-Gurion University System and method for fast, post-quantum blockchain concensus generation and smart contracts execution
CN114282255A (en) * 2022-03-04 2022-04-05 支付宝(杭州)信息技术有限公司 Sorting sequence merging method and system based on secret sharing
CN114282076A (en) * 2022-03-04 2022-04-05 支付宝(杭州)信息技术有限公司 Sorting method and system based on secret sharing
CN114327371A (en) * 2022-03-04 2022-04-12 支付宝(杭州)信息技术有限公司 Secret sharing-based multi-key sorting method and system
CN114584294A (en) * 2022-02-28 2022-06-03 淘宝(中国)软件有限公司 Method and device for careless scattered arrangement
CN115080615A (en) * 2022-06-07 2022-09-20 蚂蚁区块链科技(上海)有限公司 Data query method and device based on multi-party security calculation

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021220278A1 (en) * 2020-04-27 2021-11-04 B.G. Negev Technologies And Applications Ltd., At Ben-Gurion University System and method for fast, post-quantum blockchain concensus generation and smart contracts execution
CN112700031A (en) * 2020-12-12 2021-04-23 同济大学 XGboost prediction model training method for protecting multi-party data privacy
CN113111569A (en) * 2021-03-08 2021-07-13 支付宝(杭州)信息技术有限公司 Disorder processing method, model training method, device and computing equipment
CN114584294A (en) * 2022-02-28 2022-06-03 淘宝(中国)软件有限公司 Method and device for careless scattered arrangement
CN114282255A (en) * 2022-03-04 2022-04-05 支付宝(杭州)信息技术有限公司 Sorting sequence merging method and system based on secret sharing
CN114282076A (en) * 2022-03-04 2022-04-05 支付宝(杭州)信息技术有限公司 Sorting method and system based on secret sharing
CN114327371A (en) * 2022-03-04 2022-04-12 支付宝(杭州)信息技术有限公司 Secret sharing-based multi-key sorting method and system
CN115080615A (en) * 2022-06-07 2022-09-20 蚂蚁区块链科技(上海)有限公司 Data query method and device based on multi-party security calculation

Also Published As

Publication number Publication date
CN115396100A (en) 2022-11-25

Similar Documents

Publication Publication Date Title
CN115396100B (en) Careless random disorganizing method and system based on secret sharing
CN114756886B (en) Method and device for inquiring hiding trace
CN115396101B (en) Secret sharing based careless disorganizing method and system
CN113449325B (en) Data processing method and device and data processing device
CN114301594B (en) Inadvertent transmission method, multi-party secure computing platform and device for inadvertent transmission
CN115967491B (en) Privacy intersection method, system and readable storage medium
CN112688779B (en) Data processing method and device and data processing device
CN114884645B (en) Privacy calculation method and device and readable storage medium
CN114969830B (en) Privacy intersection method, system and readable storage medium
CN114401154A (en) Data processing method and device, ciphertext calculation engine and device for data processing
CN115085912A (en) Ciphertext computing method and device for ciphertext computing
CN112307056A (en) Data processing method and device and data processing device
CN114662686A (en) Neural network model training method and device and safety computing platform
CN115941181B (en) Out-of-order secret sharing method, system and readable storage medium
CN112464257A (en) Data detection method and device for data detection
CN114448631B (en) Multi-party security computing method, system and device for multi-party security computing
CN114885038B (en) Encryption protocol conversion method, result acquisition node and privacy calculation node
CN116401423A (en) Method, device, equipment and medium for determining median based on secure multiparty calculation
CN116305206A (en) Secure multiparty computing method, device, electronic equipment and storage medium
CN112468290B (en) Data processing method and device and data processing device
CN112580064B (en) Data processing method and device and data processing device
CN112861145A (en) Data processing method and device and data processing device
CN114969164B (en) Data query method and device and readable storage medium
CN114448630B (en) Multi-party secure computing method, system and device for multi-party secure computing
CN114881248B (en) Two-party horizontal federal learning method and device for two-party horizontal federal learning

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant