WO2023240934A1 - Security processing method and apparatus for privacy vector - Google Patents

Security processing method and apparatus for privacy vector Download PDF

Info

Publication number
WO2023240934A1
WO2023240934A1 PCT/CN2022/135285 CN2022135285W WO2023240934A1 WO 2023240934 A1 WO2023240934 A1 WO 2023240934A1 CN 2022135285 W CN2022135285 W CN 2022135285W WO 2023240934 A1 WO2023240934 A1 WO 2023240934A1
Authority
WO
WIPO (PCT)
Prior art keywords
fragment
scalar
slice
party
difference
Prior art date
Application number
PCT/CN2022/135285
Other languages
French (fr)
Chinese (zh)
Inventor
李漓春
张祺智
Original Assignee
蚂蚁区块链科技(上海)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 蚂蚁区块链科技(上海)有限公司 filed Critical 蚂蚁区块链科技(上海)有限公司
Publication of WO2023240934A1 publication Critical patent/WO2023240934A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters

Definitions

  • One or more embodiments of this specification relate to the field of computers, and in particular, to methods and devices for secure processing of privacy vectors.
  • the privacy vector is a one-hot encoding vector, which is distributed between two parties in the form of sum and sharing. Either party knows the plaintext vector.
  • the privacy vector needs to be protected, that is, the value of k cannot be leaked, secure multi-party computation needs to be used to achieve it.
  • One or more embodiments of this specification describe a secure processing method and device for privacy vectors, which can reduce communication volume during secure processing of privacy vectors.
  • a secure processing method for privacy vectors is provided.
  • the privacy vector is a one-hot encoding vector, which is distributed between the first party and the second party in the form of sum sharing.
  • the method is used to obtain the The vector inner product result of the privacy vector and the plaintext vector is performed by any party, including:
  • a safe multiplication operation is jointly performed , obtain the first slice of the vector inner product result, which corresponds to the product of the first scalar and the second scalar.
  • obtaining the local slice of the privacy vector in modulo 2 space includes:
  • the fragments of the modulo q1 space of the privacy vector held by the party are converted into the fragments of the modulo 2 space.
  • determining the first sign bit used to identify a positive number or a negative number according to its corresponding index includes:
  • the first sign bit is determined to be -1.
  • determining the first slice of the first scalar according to the first summation result and the first sign bit includes:
  • the first constant is taken modulo to obtain the first slice of the first scalar.
  • the value of the second lowest bit of the first scalar is different.
  • the first constant is a power of 2 and is not less than 4.
  • determining the first slice of the second scalar according to the second summation result and the first sign bit includes:
  • the safe multiplication operation includes:
  • the first fragment of the first random number, the first fragment of the second random number, and the first fragment of the random multiplication result from a third party; the second fragment of the first random number, and the second fragment of the second random number.
  • the second fragment of the fragmentation and random multiplication results is obtained by the other party; where the random multiplication result is the product of the first random number and the second random number;
  • the second fragment of the first difference value is the second fragment of the first scalar and the second fragment of the first random number.
  • the difference between two slices; the second slice of the second difference is the difference between the second slice of the second scalar and the second slice of the second random number;
  • the first difference the second difference, the first fragment of the first random number, the first fragment of the second random number, and the first fragment of the random multiplication result
  • the first The first slice of the product of the scalar and the second scalar; the other party gets the second slice of the product.
  • a secure processing device for privacy vectors is provided.
  • the privacy vector is a one-hot encoding vector, which is distributed between the first party and the second party in a shared form.
  • the device is used to obtain the privacy vector.
  • An acquisition unit used to acquire the local slices of the privacy vector in modulo 2 space
  • An accumulation calculation unit is used to accumulate each bit of the own slice obtained by the acquisition unit to obtain the first summation result
  • the sign determination unit is used to determine the first sign bit used to identify the positive number or the negative number according to the corresponding index of the party;
  • a first scalar determination unit configured to determine the first slice of the first scalar based on the first summation result obtained by the accumulation calculation unit and the first sign bit obtained by the sign determination unit;
  • An inner product calculation unit used to locally calculate the inner product of the local fragment and the plaintext vector to obtain the second summation result
  • a second scalar determination unit configured to determine the first slice of the second scalar based on the second summation result obtained by the inner product calculation unit and the first sign bit;
  • a joint operation unit configured to provide the other side with the first fragment of the first scalar obtained by the first scalar determination unit and the first fragment of the second scalar obtained by the second scalar determination unit.
  • the second slice of the first scalar and the second slice of the second scalar jointly perform a safe multiplication operation to obtain the first slice of the vector inner product result, and the vector inner product result corresponds to the first scalar sum The product of the second scalar.
  • a third aspect provides a computer-readable storage medium on which a computer program is stored.
  • the computer program is executed in a computer, the computer is caused to perform the method of the first aspect.
  • a fourth aspect provides a computing device, including a memory and a processor.
  • the memory stores executable code.
  • the processor executes the executable code, the method of the first aspect is implemented.
  • Figure 1 is a schematic diagram of an implementation scenario of an embodiment disclosed in this specification
  • Figure 2 shows a flow chart of a security processing method for privacy vectors according to one embodiment
  • Figure 3 shows a schematic diagram of safe multiplication in a fragmented state according to one embodiment
  • Figure 4 shows a schematic block diagram of a security processing device for privacy vectors according to one embodiment.
  • FIG 1 is a schematic diagram of an implementation scenario of an embodiment disclosed in this specification.
  • This implementation scenario involves the secure processing of privacy vectors.
  • the privacy vectors are one-hot encoding vectors, which are distributed between the first party and the second party in the form of sum sharing.
  • the method is used to obtain the privacy vectors and plaintext vectors.
  • the vector inner product result of As shown in Figure 1, the scenario for secure processing of privacy vectors involves party A and party B, or the first party and the second party, or party A and party B.
  • Each participant can be implemented as any device, platform, server or device cluster with computing and processing capabilities. Both parties must jointly determine the vector inner product result of the privacy vector and the plaintext vector while protecting the privacy vector from being leaked.
  • the vector inner product result shall be distributed to both parties in the form of sum sharing. And sharing is a specific form of secret sharing.
  • Secret sharing means that n participants split and share a secret s. After the split, each share is managed by a different participant. The secret can only be fully restored when the number of participants is not less than m.
  • Two-party arithmetic secret sharing refers to the split sharing of a secret information by two participants. A single participant cannot recover the secret information, and the shares held by both parties must be combined to fully recover the secret. Usually the recovery operation is addition on a finite ring.
  • the above secret information can also be called private data, and the secret information shared by two parties is also called private data in the form of sum sharing.
  • p represents an n-dimensional one-hot encoding vector
  • T is a public n-dimensional plaintext vector.
  • Party A holds one shard of p ⁇ p> 0
  • party B holds another shard of p ⁇ p> 1.
  • p ⁇ p> 0 + ⁇ p> 1. Both parties A and B know the plaintext vector.
  • p represents an n-dimensional vector, which is composed of n elements.
  • the slices of p can be regarded as a combination of slices of each element it contains.
  • P is a 4-dimensional vector (0 ,1,0,0), in order from right to left, if the slice of the first element 0 owned by Party A is 1, the slice of the second element 0 owned by Party A is 0, and Party A has The fragment of the third element 1 of is 1, the fragment of the fourth element 0 owned by party A is 1, then party A holds a fragment of p ⁇ p> 0 can be expressed as (1,1,0 ,1),
  • the fragment of the first element 0 that Party B has is 1, the fragment of the second element 0 that Party B has is 0, and the fragment of the third element 1 that Party B has is 0, the fragment of the fourth element 0 owned by party B is 1, then the other fragment ⁇ p> 1 held by party B can be expressed as (1,0,0,1).
  • secure processing of privacy vectors is implemented through secure multi-party computation, which is used to obtain the vector inner product result of the privacy vector and the plaintext vector.
  • Secure multi-party computation is also called multi-party secure computation, that is, multiple parties jointly calculate the result of a function without leaking the input data of each party in the function, and the calculation result is disclosed to one or more parties.
  • the embodiments of this specification propose corresponding solutions in order to reduce the communication volume during security processing of privacy vectors.
  • One-hot encoded vectors are common in statistics and machine learning, and the above calculation to determine the vector inner product result can be used in related fields.
  • the above calculation can also be used for table lookup calculation, that is, the element T[k] of the table T can be found from the input k: first convert the input k into a one-hot encoding vector p with the k-th element having a value of 1, and convert the table T is in the form of a vector, and then calculates the vector inner product result of p and T.
  • Look-up table calculations can be used to calculate functions with a single input and a limited number of input values, such as factorials.
  • Figure 2 shows a flow chart of a security processing method for privacy vectors according to one embodiment.
  • the method can be based on the implementation scenario shown in Figure 1.
  • the privacy vector is a one-hot encoding vector, which is distributed in the form of and sharing.
  • One party and the second party the method is used to obtain the vector inner product result of the privacy vector and the plaintext vector, and is executed by either party.
  • the security processing method for privacy vectors in this embodiment includes the following steps: Step 21, obtain the local fragments of the privacy vector in modulo 2 space; Step 22, obtain the local fragments of the privacy vectors Each bit is accumulated to obtain the first summation result; step 23, determine the first sign bit used to identify the positive or negative number according to the corresponding index of the local party; step 24, according to the first summation result and the The first sign bit determines the first fragment of the first scalar; Step 25, locally calculate the inner product of the local fragment and the plaintext vector to obtain the second summation result; Step 26, according to the second The summation result and the first sign bit determine the first fragment of the second scalar; step 27, based on the first fragment of the first scalar and the first fragment of the second scalar owned by the party, provide the other party with the first fragment of the second scalar.
  • the second slice of the first scalar and the second slice of the second scalar jointly perform a safe multiplication operation to obtain the first slice of the vector inner product result, and the vector inner product result corresponds to the first scalar sum The product of the second scalar.
  • step 21 obtain the local slice of the privacy vector in modulo 2 space.
  • the privacy vector p is an n-dimensional vector, which is composed of n elements
  • the slices of p can be regarded as a combination of slices of each element it contains, and the slices of each element belong to modulo 2 space.
  • any party holds a fragment ⁇ p> j of the privacy vector p.
  • a fragment of the i-th element of the privacy vector p is recorded as ⁇ p[i]> j , where j is the corresponding fragment of the party.
  • Index, i is the index of the element.
  • the indexes corresponding to the two parties are usually two integers that are adjacent in sequence. For example, the index corresponding to the first party is 0 and the index corresponding to the second party is 1; or, the index corresponding to the first party is 1 and the index corresponding to the second party is 1.
  • the index of is 2.
  • the index of each element is usually in the order of the elements in the vector from right to left, starting from 0 and increasing by 1. For an n-dimensional vector, the index of each element in the vector is from 0 to n-1.
  • obtaining the local slice of the privacy vector in modulo 2 space includes:
  • the fragments of the modulo q1 space of the privacy vector held by the party are converted into the fragments of the modulo 2 space.
  • either the first party or the second party holds the slice of the privacy vector modulo q1 space. If q1 is equal to 2, the own slice of the privacy vector in the modulo 2 space can be directly obtained. ; If q1 is not equal to 2, the fragments of the privacy vector held by the party modulo q1 space can be converted into the fragments of the party modulo 2 space through a locally performed secure modulo conversion operation. Wherein, the above secure modulo conversion operation can be performed separately on the slices of the modulo q1 space of each element of the privacy vector. It will be appreciated that secure analog conversion operations performed locally do not require communication with the other party.
  • Both parties can each determine the lowest bit (bit) of the modulo q1 space fragment of any element of their privacy vector as the modulo 2 space fragment of that element of the privacy vector. For example, if the modulo q1 space fragment of an element of the privacy vector is 1001, and its lowest bit is 1, then the modulo 2 space fragment of the element of the privacy vector is 1.
  • Each element of the privacy vector is one bit in the local slice of modulo 2 space, so the n-dimensional privacy vector is n bits in the local slice of modulo 2 space.
  • each bit of the local slice is accumulated to obtain the first summation result. It can be understood that since the local slice is in modulo 2 space, the above accumulation calculation is also performed in modulo 2 space. Any bit of the local slice has two values, which are 0 or 1 respectively. The summation result also has two values: 0 or 1.
  • any party holds a fragment ⁇ p> j of the privacy vector p, and a fragment of the i-th element of the privacy vector p is recorded as ⁇ p[i]> j , where j is the corresponding index of the party. , i is the index of the element, and the first summation result can be expressed as
  • step 23 the first sign bit used to identify a positive number or a negative number is determined according to the corresponding index of the local party. It can be understood that the indexes of the first party and the second party are different, and their first sign bits are also different.
  • determining the first sign bit used to identify a positive number or a negative number according to its corresponding index includes:
  • the first sign bit is determined to be -1.
  • j is the index corresponding to this party, and the first sign bit can be expressed as (-1) j .
  • the status of the first party and the second party is equal, so the opposite method of determining the first sign bit can also be used. For example, if the index corresponding to the own party is an odd number, then the first sign bit is determined. The sign bit is 1; if the index corresponding to the local party is an even number, the first sign bit is determined to be -1. For example, j is the index corresponding to this side, and the first sign bit can be expressed as (-1) j+1 .
  • step 24 determine the first slice of the first scalar according to the first summation result and the first sign bit. It can be understood that the manner of determining the first fragment of the first scalar is related to the desired value of the first scalar.
  • determining the first slice of the first scalar according to the first summation result and the first sign bit includes:
  • the first constant is taken modulo to obtain the first slice of the first scalar.
  • any party holds a fragment ⁇ p> j of the privacy vector p, and a fragment of the i-th element of the privacy vector p is recorded as ⁇ p[i]> j , where j is the corresponding index of the party. , i is the index of the element, and the first summation result is The first sign bit is (-1) j , the first constant is d, and the first scalar is b, then the first slice of the first scalar can be expressed as
  • the value of the second lowest bit of the first scalar is different.
  • the first scalar is b
  • the first constant is a power of 2 and is not less than 4.
  • the specific value of the first constant satisfies the above conditions, but the first constant that satisfies the above conditions does not necessarily have to be the specific value.
  • step 25 the inner product of the local fragment and the plaintext vector is calculated locally to obtain a second summation result.
  • the value of the second summation result not only depends on the value of each bit of the local fragment, but also depends on the value of each element of the plaintext vector.
  • the value of the local fragment The value of any bit can only take two values: 0 and 1, and the value of any element of the plaintext vector is the modulus space in which it is located.
  • any party holds a fragment ⁇ p> j of privacy vector p
  • a fragment of the i-th element of privacy vector p is denoted as ⁇ p[i]> j
  • the plaintext vector is represented by T
  • the plaintext The i-th element of vector T is recorded as T[i], where j is the index corresponding to this side, i is the index of the element, and the second summation result can be expressed as
  • step 26 determine the first slice of the second scalar according to the second summation result and the first sign bit. It can be understood that the manner of determining the first fragment of the second scalar is related to the desired value of the second scalar.
  • determining the first slice of the second scalar according to the second summation result and the first sign bit includes:
  • any party holds a fragment ⁇ p> j of privacy vector p
  • a fragment of the i-th element of privacy vector p is denoted as ⁇ p[i]> j
  • the plaintext vector is represented by T
  • the i-th element of vector T is recorded as T[i], where j is the index corresponding to this side, i is the index of the element, and the second summation result is
  • the first sign bit is (-1) j and the second scalar is c, then the first fragment of the second scalar can be expressed as
  • step 27 based on the first fragment of the first scalar and the first fragment of the second scalar owned by the party, and the second fragment of the first scalar and the second fragment of the second scalar provided by the other party, Safe multiplication operations are jointly performed to obtain a first slice of a vector inner product result, which corresponds to the product of the first scalar and the second scalar. It can be understood that the vector inner product result of the privacy vector and the plaintext vector can be obtained by calculating the product of the first scalar and the second scalar.
  • the privacy vector p is an n-dimensional one-hot encoding vector
  • its k-th dimension element has a value of 1
  • the other dimensional elements have a value of 0.
  • the plaintext vector T is an n-dimensional vector
  • the first scalar is represented by b
  • ⁇ x> j represents the fragment of x in the fragmented state in the jth side
  • ⁇ r> j is the second lowest bit of ⁇ b> j , which is the first bit of ⁇ b> j
  • r ⁇ r> 0 + ⁇ r> 1 .
  • the safe multiplication operation includes:
  • the first fragment of the first random number, the first fragment of the second random number, and the first fragment of the random multiplication result from a third party; the second fragment of the first random number, and the second fragment of the second random number.
  • the second fragment of the fragmentation and random multiplication results is obtained by the other party; where the random multiplication result is the product of the first random number and the second random number;
  • the second fragment of the first difference value is the second fragment of the first scalar and the second fragment of the first random number.
  • the difference between two slices; the second slice of the second difference is the difference between the second slice of the second scalar and the second slice of the second random number;
  • the first difference the second difference, the first fragment of the first random number, the first fragment of the second random number, and the first fragment of the random multiplication result
  • the first The first slice of the product of the scalar and the second scalar; the other party gets the second slice of the product.
  • Figure 3 shows a schematic diagram of safe multiplication in the fragmented state according to one embodiment.
  • f0 c0-v0
  • the first party sends e0 and f0 to the second party
  • the second party holds a fragment b1 of b
  • the second party sends e1 and f1 to the first party
  • the second party locally calculates
  • u corresponds to the aforementioned first random number
  • u0 corresponds to the first fragment of the aforementioned first random number
  • v corresponds to the aforementioned second random number
  • v0 corresponds to the first fragment of the aforementioned second random number
  • z0 corresponds to the first fragment of the random multiplication result
  • u1 corresponds to the second fragment of the first random number
  • v1 corresponds to the second fragment of the second random number
  • z1 corresponds to the second fragment of the random multiplication result
  • b corresponds to the first scalar
  • c corresponds to the second scalar.
  • the method provided by the embodiments of this specification first obtain the local fragment of the privacy vector in the modulo 2 space; then accumulate each bit of the local fragment to obtain the first summation result; and then according to the local fragment
  • the corresponding index determines the first sign bit used to identify a positive or negative number; and then determines the first slice of the first scalar based on the first summation result and the first sign bit; and then locally calculates the The inner product of the local fragment and the plaintext vector is used to obtain the second summation result; and then the first fragment of the second scalar is determined based on the second summation result and the first sign bit; finally, the first fragment of the second scalar is determined according to the second summation result and the first sign bit.
  • the first fragment of the first scalar and the first fragment of the second scalar owned by the party are combined with the second fragment of the first scalar and the second fragment of the second scalar provided by the other party to perform a safe multiplication operation, and we get A first slice of a vector inner product result corresponding to the product of the first scalar and the second scalar.
  • the embodiments of this specification only involve local calculations and safe multiplication operations of scalars. No communication is required in local calculations. The communication amount of safe multiplication operations of scalars is very small.
  • a secure processing device for a privacy vector is also provided.
  • the privacy vector is a one-hot encoding vector, which is distributed between the first party and the second party in the form of sharing.
  • the device uses After obtaining the vector inner product result of the privacy vector and the plaintext vector, the device is arranged on either side, and the device is used to perform the actions performed by any one of the methods provided by the embodiment shown in Figure 2 of this specification.
  • Figure 4 shows a schematic block diagram of a security processing device for privacy vectors according to one embodiment. As shown in Figure 4, the device 400 includes:
  • the acquisition unit 41 is used to acquire the local slices of the privacy vector in modulo 2 space;
  • the accumulation calculation unit 42 is used to accumulate each bit of the own slice obtained by the acquisition unit 41 to obtain the first summation result
  • the sign determination unit 43 is used to determine the first sign bit used to identify a positive number or a negative number according to its corresponding index
  • the first scalar determination unit 44 is configured to determine the first slice of the first scalar according to the first summation result obtained by the accumulation calculation unit 42 and the first sign bit obtained by the sign determination unit;
  • the inner product calculation unit 45 is used to locally calculate the inner product of the local fragment and the plaintext vector to obtain the second summation result
  • the second scalar determination unit 46 is configured to determine the first slice of the second scalar according to the second summation result obtained by the inner product calculation unit 45 and the first sign bit;
  • the joint operation unit 47 is configured to use the first slice of the first scalar obtained by the first scalar determination unit 44 and the first slice of the second scalar obtained by the second scalar determination unit 46, Combined with the second fragment of the first scalar and the second fragment of the second scalar provided by the other party, a safe multiplication operation is performed to obtain the first fragment of the vector inner product result, and the vector inner product result corresponds to the first fragment of the vector inner product.
  • the product of one scalar and the second scalar is configured to use the first slice of the first scalar obtained by the first scalar determination unit 44 and the first slice of the second scalar obtained by the second scalar determination unit 46, Combined with the second fragment of the first scalar and the second fragment of the second scalar provided by the other party, a safe multiplication operation is performed to obtain the first fragment of the vector inner product result, and the vector inner product result corresponds to the first fragment of the vector inner product.
  • the acquisition unit 41 is specifically configured to convert the fragments of the modulo q1 space of the privacy vector held by the party into modulo 2 space through a locally performed secure modulo conversion operation. Sharding on our side.
  • the symbol determining unit 43 is specifically configured to determine the first symbol bit to be 1 if the index corresponding to the own party is an even number; if the index corresponding to the own party is an odd number, Then it is determined that the first sign bit is -1.
  • the first scalar determination unit 44 is specifically configured to add the first sign bit to the first summation result, and then modulo the first constant to obtain the first scalar First shard.
  • the value of the second lowest bit of the first scalar is different.
  • the first constant is a power of 2 and is not less than 4.
  • the second scalar determination unit 46 is specifically configured to add the first sign bit to the second summation result to obtain the first slice of the second scalar.
  • the joint operation unit 47 is specifically used for:
  • the first fragment of the first random number, the first fragment of the second random number, and the first fragment of the random multiplication result from a third party; the second fragment of the first random number, and the second fragment of the second random number.
  • the second fragment of the fragmentation and random multiplication results is obtained by the other party; where the random multiplication result is the product of the first random number and the second random number;
  • the second fragment of the first difference value is the second fragment of the first scalar and the second fragment of the first random number.
  • the difference between two slices; the second slice of the second difference is the difference between the second slice of the second scalar and the second slice of the second random number;
  • the first difference the second difference, the first fragment of the first random number, the first fragment of the second random number, and the first fragment of the random multiplication result
  • the first The first slice of the product of the scalar and the second scalar; the other party gets the second slice of the product.
  • the acquisition unit 41 obtains the local slice of the privacy vector in the modulo 2 space; then the accumulation calculation unit 42 accumulates each bit of the local slice to obtain the first and the result; then the sign determination unit 43 determines the first sign bit used to identify the positive or negative number according to its corresponding index; the first scalar determination unit 44 then determines the first sign bit according to the first summation result and the first sign bit to determine the first fragment of the first scalar; then the inner product calculation unit 45 locally calculates the inner product of the local fragment and the plaintext vector to obtain a second summation result; the second scalar determination unit 46 then calculates The second summation result and the first sign bit determine the first slice of the second scalar; finally, the joint operation unit 47 has the first slice of the first scalar and the first slice of the second scalar.
  • the fragments are combined with the second fragment of the first scalar and the second fragment of the second scalar provided by the other party to perform a safe multiplication operation to obtain the first fragment of the vector inner product result.
  • the vector inner product result corresponds to The product of the first scalar and the second scalar.
  • a computer-readable storage medium is also provided, a computer program is stored thereon, and when the computer program is executed in a computer, the computer is caused to perform the method described in conjunction with FIG. 2 .
  • a computing device including a memory and a processor, executable code is stored in the memory, and when the processor executes the executable code, the method described in conjunction with FIG. 2 is implemented. method.
  • the functions described in the present invention can be implemented by hardware, software, firmware, or any combination thereof.
  • the functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium.

Abstract

Provided in the embodiments of the present description are a security processing method and apparatus for a privacy vector, which method and apparatus are implemented by using secure muti-party computation. The method comprises: acquiring a present-party fragment of a privacy vector in a modulus-2 space; accumulating all bits of the present-party fragment to obtain a first summation result; determining a first sign bit according to an index corresponding to a present party; determining a first fragment of a first scalar according to the first summation result and the first sign bit; locally calculating an inner product of the present-party fragment and a plaintext vector, so as to obtain a second summation result; determining a first fragment of a second scalar according to the second summation result and the first sign bit; and jointly performing secure multiplication on the basis of the first fragment of the first scalar, the first fragment of the second scalar, and a second fragment of the first scalar and a second fragment of the second scalar, which are provided by an opposite party, so as to obtain a first fragment of a vector inner product result, wherein the vector inner product result corresponds to a product of the first scalar and the second scalar. Therefore, the communication volume can be reduced in security processing for a privacy vector.

Description

针对隐私向量的安全处理方法和装置Security processing method and device for privacy vectors
本申请要求于2022年06月14日提交中国国家知识产权局、申请号为202210667898.2、申请名称为“针对隐私向量的安全处理方法和装置”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims priority to the Chinese patent application submitted to the State Intellectual Property Office of China on June 14, 2022, with application number 202210667898.2 and the application title "Secure processing method and device for privacy vectors", the entire content of which is incorporated by reference. in this application.
技术领域Technical field
本说明书一个或多个实施例涉及计算机领域,尤其涉及针对隐私向量的安全处理方法和装置。One or more embodiments of this specification relate to the field of computers, and in particular, to methods and devices for secure processing of privacy vectors.
背景技术Background technique
当前很多场景下都会涉及确定隐私向量与明文向量的向量内积结果,隐私向量为独热编码向量,其以和共享的形式分布于两方,两方中的任一方均知晓明文向量。独热编码向量即One-hot向量,是一个某一维元素取值为1,其他维元素取值全为0的向量。若该独热编码向量的第k维元素取值为1,明文向量为T,则上述向量内积结果h=T[k],即T的第k维元素值。在确定向量内积结果的计算中,由于需要保护隐私向量,也就是说,不能泄露k的数值,因此需要采用安全多方计算来实现。Many current scenarios involve determining the vector inner product result of the privacy vector and the plaintext vector. The privacy vector is a one-hot encoding vector, which is distributed between two parties in the form of sum and sharing. Either party knows the plaintext vector. One-hot encoding vector is a One-hot vector, which is a vector whose elements in one dimension are 1 and the elements in other dimensions are all 0. If the k-th dimensional element of the one-hot encoding vector has a value of 1 and the plaintext vector is T, then the above vector inner product result h=T[k], which is the k-th dimensional element value of T. In the calculation to determine the vector inner product result, since the privacy vector needs to be protected, that is, the value of k cannot be leaked, secure multi-party computation needs to be used to achieve it.
现有技术中,在确定上述向量内积结果的过程中,通信量很大。In the prior art, the communication volume is very large in the process of determining the above-mentioned vector inner product result.
因此,希望能有改进的方案,能够在针对隐私向量的安全处理中降低通信量。Therefore, it is hoped that there will be improved solutions that can reduce the traffic volume in the secure processing of privacy vectors.
发明内容Contents of the invention
本说明书一个或多个实施例描述了一种针对隐私向量的安全处理方法和装置,能够在针对隐私向量的安全处理中降低通信量。One or more embodiments of this specification describe a secure processing method and device for privacy vectors, which can reduce communication volume during secure processing of privacy vectors.
第一方面,提供了一种针对隐私向量的安全处理方法,所述隐私向量为独热编码向量,其以和共享的形式分布于第一方和第二方,所述方法用于得到所述隐私向量与明文向量的向量内积结果,由任意一方执行,包括:In the first aspect, a secure processing method for privacy vectors is provided. The privacy vector is a one-hot encoding vector, which is distributed between the first party and the second party in the form of sum sharing. The method is used to obtain the The vector inner product result of the privacy vector and the plaintext vector is performed by any party, including:
获取所述隐私向量在模2空间的本方分片;Obtain the local slice of the privacy vector in modulo 2 space;
将所述本方分片的各个位进行累加,得到第一求和结果;Accumulate the respective bits of the own slices to obtain the first summation result;
根据本方对应的索引,确定用于标识正数或负数的第一符号位;According to the corresponding index of this party, determine the first sign bit used to identify positive or negative numbers;
根据所述第一求和结果和所述第一符号位,确定第一标量的第一分片;Determine a first fragment of the first scalar according to the first summation result and the first sign bit;
本地计算所述本方分片与所述明文向量的内积,得到第二求和结果;Locally calculate the inner product of the local fragment and the plaintext vector to obtain the second summation result;
根据所述第二求和结果和所述第一符号位,确定第二标量的第一分片;Determine the first slice of the second scalar according to the second summation result and the first sign bit;
根据本方具有的第一标量的第一分片、第二标量的第一分片,与对方提供的第一标量的第二分片、第二标量的第二分片,联合进行安全乘法运算,得到向量内积结果的第一分片,所述向量内积结果对应于所述第一标量和所述第二标量的乘积。According to the first fragment of the first scalar and the first fragment of the second scalar owned by the party, and the second fragment of the first scalar and the second fragment of the second scalar provided by the other party, a safe multiplication operation is jointly performed , obtain the first slice of the vector inner product result, which corresponds to the product of the first scalar and the second scalar.
在一种可能的实施方式中,所述获取所述隐私向量在模2空间的本方分片,包括:In a possible implementation, obtaining the local slice of the privacy vector in modulo 2 space includes:
通过本地进行的安全模转换运算,将本方持有的所述隐私向量的模q1空间的分片转换为模2空间的本方分片。Through the locally performed secure modulo conversion operation, the fragments of the modulo q1 space of the privacy vector held by the party are converted into the fragments of the modulo 2 space.
在一种可能的实施方式中,所述根据本方对应的索引,确定用于标识正数或负数的第一符号位,包括:In a possible implementation, determining the first sign bit used to identify a positive number or a negative number according to its corresponding index includes:
若所述本方对应的索引为偶数,则确定第一符号位为1;If the index corresponding to the local side is an even number, then determine the first sign bit to be 1;
若所述本方对应的索引为奇数,则确定第一符号位为-1。If the index corresponding to the local party is an odd number, the first sign bit is determined to be -1.
在一种可能的实施方式中,所述根据所述第一求和结果和所述第一符号位,确定第一标量的第一分片,包括:In a possible implementation, determining the first slice of the first scalar according to the first summation result and the first sign bit includes:
将所述第一求和结果添加所述第一符号位后,对第一常数取模,得到第一标量的第一分片。After adding the first sign bit to the first summation result, the first constant is taken modulo to obtain the first slice of the first scalar.
进一步地,所述第一常数的选取需要使得以下条件成立:Further, the selection of the first constant needs to make the following conditions hold:
第一标量的第一分片的最低位与第一标量的第二分片的最低位之和为1,且不会进位;The sum of the lowest bits of the first slice of the first scalar and the lowest bit of the second slice of the first scalar is 1, and there will be no carry;
第一标量为1和-1时,第一标量的次低位的取值不同。When the first scalar is 1 and -1, the value of the second lowest bit of the first scalar is different.
进一步地,所述第一常数为2的次幂,且不小于4。Further, the first constant is a power of 2 and is not less than 4.
在一种可能的实施方式中,所述根据所述第二求和结果和所述第一符号位,确定第二标量的第一分片,包括:In a possible implementation, determining the first slice of the second scalar according to the second summation result and the first sign bit includes:
将所述第二求和结果添加所述第一符号位后,得到第二标量的第一分片。After adding the first sign bit to the second summation result, a first slice of the second scalar is obtained.
在一种可能的实施方式中,所述安全乘法运算包括:In a possible implementation, the safe multiplication operation includes:
从第三方获取第一随机数的第一分片、第二随机数的第一分片、随机乘法结果的第一分片;第一随机数的第二分片、第二随机数的第二分片、随机乘法结果的第二分片由对方获得;其中,随机乘法结果为第一随机数与第二随机数的乘积;Obtain the first fragment of the first random number, the first fragment of the second random number, and the first fragment of the random multiplication result from a third party; the second fragment of the first random number, and the second fragment of the second random number. The second fragment of the fragmentation and random multiplication results is obtained by the other party; where the random multiplication result is the product of the first random number and the second random number;
本地计算第一标量的第一分片与第一随机数的第一分片的差值,得到第一差值的第一分片;Locally calculate the difference between the first fragment of the first scalar and the first fragment of the first random number to obtain the first fragment of the first difference;
本地计算第二标量的第一分片与第二随机数的第一分片的差值,得到第二差值的第 一分片;Locally calculate the difference between the first fragment of the second scalar and the first fragment of the second random number to obtain the first fragment of the second difference;
从对方接收第一差值的第二分片和第二差值的第二分片;所述第一差值的第二分片为第一标量的第二分片与第一随机数的第二分片的差值;所述第二差值的第二分片为第二标量的第二分片与第二随机数的第二分片的差值;Receive a second fragment of the first difference value and a second fragment of the second difference value from the other party; the second fragment of the first difference value is the second fragment of the first scalar and the second fragment of the first random number. The difference between two slices; the second slice of the second difference is the difference between the second slice of the second scalar and the second slice of the second random number;
对第一差值的第一分片和第一差值的第二分片求和,得到第一差值;对第二差值的第一分片和第二差值的第二分片求和得到第二差值;Sum the first slice of the first difference and the second slice of the first difference to get the first difference; sum the first slice of the second difference and the second slice of the second difference. and get the second difference;
根据第一差值、第二差值、第一随机数的第一分片、第二随机数的第一分片、随机乘法结果的第一分片之间的本地计算,得到所述第一标量和所述第二标量的乘积的第一分片;对方得到该乘积的第二分片。According to local calculations between the first difference, the second difference, the first fragment of the first random number, the first fragment of the second random number, and the first fragment of the random multiplication result, the first The first slice of the product of the scalar and the second scalar; the other party gets the second slice of the product.
第二方面,提供一种针对隐私向量的安全处理装置,所述隐私向量为独热编码向量,其以和共享的形式分布于第一方和第二方,所述装置用于得到所述隐私向量与明文向量的向量内积结果,设置于任意一方,包括:In a second aspect, a secure processing device for privacy vectors is provided. The privacy vector is a one-hot encoding vector, which is distributed between the first party and the second party in a shared form. The device is used to obtain the privacy vector. The result of the vector inner product of the vector and the plaintext vector, set on either side, including:
获取单元,用于获取所述隐私向量在模2空间的本方分片;An acquisition unit, used to acquire the local slices of the privacy vector in modulo 2 space;
累加计算单元,用于将所述获取单元获取的本方分片的各个位进行累加,得到第一求和结果;An accumulation calculation unit is used to accumulate each bit of the own slice obtained by the acquisition unit to obtain the first summation result;
符号确定单元,用于根据本方对应的索引,确定用于标识正数或负数的第一符号位;The sign determination unit is used to determine the first sign bit used to identify the positive number or the negative number according to the corresponding index of the party;
第一标量确定单元,用于根据所述累加计算单元得到的第一求和结果和所述符号确定单元得到的第一符号位,确定第一标量的第一分片;A first scalar determination unit configured to determine the first slice of the first scalar based on the first summation result obtained by the accumulation calculation unit and the first sign bit obtained by the sign determination unit;
内积计算单元,用于本地计算所述本方分片与所述明文向量的内积,得到第二求和结果;An inner product calculation unit, used to locally calculate the inner product of the local fragment and the plaintext vector to obtain the second summation result;
第二标量确定单元,用于根据所述内积计算单元得到的第二求和结果和所述第一符号位,确定第二标量的第一分片;A second scalar determination unit configured to determine the first slice of the second scalar based on the second summation result obtained by the inner product calculation unit and the first sign bit;
联合运算单元,用于根据本方具有的所述第一标量确定单元得到的第一标量的第一分片、所述第二标量确定单元得到的第二标量的第一分片,与对方提供的第一标量的第二分片、第二标量的第二分片,联合进行安全乘法运算,得到向量内积结果的第一分片,所述向量内积结果对应于所述第一标量和所述第二标量的乘积。A joint operation unit, configured to provide the other side with the first fragment of the first scalar obtained by the first scalar determination unit and the first fragment of the second scalar obtained by the second scalar determination unit. The second slice of the first scalar and the second slice of the second scalar jointly perform a safe multiplication operation to obtain the first slice of the vector inner product result, and the vector inner product result corresponds to the first scalar sum The product of the second scalar.
第三方面,提供了一种计算机可读存储介质,其上存储有计算机程序,当所述计算机程序在计算机中执行时,令计算机执行第一方面的方法。A third aspect provides a computer-readable storage medium on which a computer program is stored. When the computer program is executed in a computer, the computer is caused to perform the method of the first aspect.
第四方面,提供了一种计算设备,包括存储器和处理器,所述存储器中存储有可执行代码,所述处理器执行所述可执行代码时,实现第一方面的方法。A fourth aspect provides a computing device, including a memory and a processor. The memory stores executable code. When the processor executes the executable code, the method of the first aspect is implemented.
通过本说明书实施例提供的方法和装置,首先获取所述隐私向量在模2空间的本方分片;然后将所述本方分片的各个位进行累加,得到第一求和结果;接着根据本方对应的索引,确定用于标识正数或负数的第一符号位;再根据所述第一求和结果和所述第一符号位,确定第一标量的第一分片;接着本地计算所述本方分片与所述明文向量的内积,得到第二求和结果;再根据所述第二求和结果和所述第一符号位,确定第二标量的第一分片;最后根据本方具有的第一标量的第一分片、第二标量的第一分片,与对方提供的第一标量的第二分片、第二标量的第二分片,联合进行安全乘法运算,得到向量内积结果的第一分片,所述向量内积结果对应于所述第一标量和所述第二标量的乘积。由上可见,本说明书实施例,仅涉及本地计算和标量的安全乘法运算,本地计算中不需要通信,标量的安全乘法运算通信量很小,通过将两个向量的安全内积转换为两个标量的安全乘法,从而能够在针对隐私向量的安全处理中降低通信量。Through the methods and devices provided by the embodiments of this specification, first obtain the local fragments of the privacy vector in the modulo 2 space; then accumulate the respective bits of the local fragments to obtain the first summation result; and then according to The corresponding index of the local party determines the first sign bit used to identify the positive or negative number; and then determines the first slice of the first scalar based on the first summation result and the first sign bit; and then calculates locally The inner product of the local fragment and the plaintext vector is used to obtain a second summation result; and then the first fragment of the second scalar is determined based on the second summation result and the first sign bit; finally According to the first fragment of the first scalar and the first fragment of the second scalar owned by the party, and the second fragment of the first scalar and the second fragment of the second scalar provided by the other party, a safe multiplication operation is jointly performed , obtain the first slice of the vector inner product result, which corresponds to the product of the first scalar and the second scalar. It can be seen from the above that the embodiments of this specification only involve local calculations and safe multiplication operations of scalars. No communication is required in local calculations. The communication amount of safe multiplication operations of scalars is very small. By converting the safe inner product of two vectors into two Secure multiplication of scalars, enabling reduced traffic in secure processing of privacy vectors.
附图说明Description of the drawings
为了更清楚地说明本发明实施例的技术方案,下面将对实施例描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其它的附图。In order to explain the technical solutions of the embodiments of the present invention more clearly, the drawings needed to be used in the description of the embodiments will be briefly introduced below. Obviously, the drawings in the following description are only some embodiments of the present invention. Those of ordinary skill in the art can also obtain other drawings based on these drawings without exerting creative efforts.
图1为本说明书披露的一个实施例的实施场景示意图;Figure 1 is a schematic diagram of an implementation scenario of an embodiment disclosed in this specification;
图2示出根据一个实施例的针对隐私向量的安全处理方法流程图;Figure 2 shows a flow chart of a security processing method for privacy vectors according to one embodiment;
图3示出根据一个实施例的分片态下的安全乘法示意图;Figure 3 shows a schematic diagram of safe multiplication in a fragmented state according to one embodiment;
图4示出根据一个实施例的针对隐私向量的安全处理装置的示意性框图。Figure 4 shows a schematic block diagram of a security processing device for privacy vectors according to one embodiment.
具体实施方式Detailed ways
下面结合附图,对本说明书提供的方案进行描述。The solutions provided in this specification will be described below in conjunction with the accompanying drawings.
图1为本说明书披露的一个实施例的实施场景示意图。该实施场景涉及针对隐私向量的安全处理,所述隐私向量为独热编码向量,其以和共享的形式分布于第一方和第二方,所述方法用于得到所述隐私向量与明文向量的向量内积结果。如图1所示,针对隐私向量的安全处理的场景涉及参与方A和参与方B,或称为第一方和第二方,或称为A方和B方。各个参与方可以实现为任何具有计算、处理能力的设备、平台、服务器或设备集群。双方要在保护隐私向量不会泄露的情况下,联合确定所述隐私向量与明文向量的向量内积结果, 该向量内积结果以和共享的形式分布于双方。和共享是秘密分享的一种具体形式。Figure 1 is a schematic diagram of an implementation scenario of an embodiment disclosed in this specification. This implementation scenario involves the secure processing of privacy vectors. The privacy vectors are one-hot encoding vectors, which are distributed between the first party and the second party in the form of sum sharing. The method is used to obtain the privacy vectors and plaintext vectors. The vector inner product result of . As shown in Figure 1, the scenario for secure processing of privacy vectors involves party A and party B, or the first party and the second party, or party A and party B. Each participant can be implemented as any device, platform, server or device cluster with computing and processing capabilities. Both parties must jointly determine the vector inner product result of the privacy vector and the plaintext vector while protecting the privacy vector from being leaked. The vector inner product result shall be distributed to both parties in the form of sum sharing. And sharing is a specific form of secret sharing.
秘密分享,是指n个参与方将一个秘密s分拆共享,分拆后的每一个份额由不同的参与者管理,只有在参与者数量不少于m时才能将秘密完整恢复。Secret sharing means that n participants split and share a secret s. After the split, each share is managed by a different participant. The secret can only be fully restored when the number of participants is not less than m.
两方算数秘密分享,是指由两个参与方分拆共享一条秘密信息,单个参与方无法恢复秘密信息,需要双方持有的份额一起才能完整恢复秘密。通常恢复运算是在有限环上的加法。上述秘密信息也可以称为隐私数据,两方算数秘密分享下的秘密信息也称为和共享形式的隐私数据。Two-party arithmetic secret sharing refers to the split sharing of a secret information by two participants. A single participant cannot recover the secret information, and the shares held by both parties must be combined to fully recover the secret. Usually the recovery operation is addition on a finite ring. The above secret information can also be called private data, and the secret information shared by two parties is also called private data in the form of sum sharing.
参照图1,p代表一个n维的独热编码向量,T为公开的n维的明文向量。A方持有p的一个分片<p> 0,B方持有p的另一个分片<p> 1,p=<p> 0+<p> 1,A方和B方均知晓明文向量T。A方和B方在不暴露隐私向量的前提下求p和T的向量内积的大小,即计算h=<p,T>,A方获得该向量内积结果的一个分片<h> 0=<<p,T>> 0,B方获得该向量内积结果的另一个分片<h> 1=<<p,T>> 1。p是一个某一维元素取值为1,其他维元素取值全为0的向量,假设p的第k维元素取值为1,则上述向量内积结果h=T[k],即T的第k维元素值。举例来说,p=(0,1,0),T=(3,5,7),则向量内积结果为5。 Referring to Figure 1, p represents an n-dimensional one-hot encoding vector, and T is a public n-dimensional plaintext vector. Party A holds one shard of p <p> 0 , and party B holds another shard of p <p> 1. p=<p> 0 +<p> 1. Both parties A and B know the plaintext vector. T. Party A and Party B find the size of the vector inner product of p and T without exposing the privacy vector, that is, calculate h = <p, T>, and Party A obtains a slice of the vector inner product result <h> 0 =<<p,T>> 0 , Party B obtains another fragment <h> 1 of the inner product result of the vector =<<p,T>> 1 . p is a vector whose elements in one dimension are 1 and elements in other dimensions are all 0. Assume that the k-th element of p is 1, then the inner product result of the above vectors is h=T[k], that is, T The kth dimension element value of . For example, p=(0,1,0), T=(3,5,7), then the vector inner product result is 5.
可以理解的是,p代表一个n维向量,其由n个元素构成,p的分片可以视为其包含的各个元素的分片组合而成,举例来说,P为一个4维向量(0,1,0,0),按照从右到左的顺序,若A方具有的第一个元素0的分片为1,A方具有的第二个元素0的分片为0,A方具有的第三个元素1的分片为1,A方具有的第四个元素0的分片为1,则A方持有p的一个分片<p> 0可以表示为(1,1,0,1),相应地,B方具有的第一个元素0的分片为1,B方具有的第二个元素0的分片为0,B方具有的第三个元素1的分片为0,B方具有的第四个元素0的分片为1,则B方持有p的另一个分片<p> 1可以表示为(1,0,0,1)。 It can be understood that p represents an n-dimensional vector, which is composed of n elements. The slices of p can be regarded as a combination of slices of each element it contains. For example, P is a 4-dimensional vector (0 ,1,0,0), in order from right to left, if the slice of the first element 0 owned by Party A is 1, the slice of the second element 0 owned by Party A is 0, and Party A has The fragment of the third element 1 of is 1, the fragment of the fourth element 0 owned by party A is 1, then party A holds a fragment of p <p> 0 can be expressed as (1,1,0 ,1), Correspondingly, the fragment of the first element 0 that Party B has is 1, the fragment of the second element 0 that Party B has is 0, and the fragment of the third element 1 that Party B has is 0, the fragment of the fourth element 0 owned by party B is 1, then the other fragment <p> 1 held by party B can be expressed as (1,0,0,1).
本说明书实施例,通过安全多方计算来实现针对隐私向量的安全处理,用于得到所述隐私向量与明文向量的向量内积结果。In the embodiment of this specification, secure processing of privacy vectors is implemented through secure multi-party computation, which is used to obtain the vector inner product result of the privacy vector and the plaintext vector.
安全多方计算又称为多方安全计算,即多方共同计算出一个函数的结果,而不泄露这个函数各方的输入数据,计算的结果公开给其中的一方或多方。Secure multi-party computation is also called multi-party secure computation, that is, multiple parties jointly calculate the result of a function without leaking the input data of each party in the function, and the calculation result is disclosed to one or more parties.
本说明书实施例,为了在针对隐私向量的安全处理中降低通信量,提出相应的解决方案。The embodiments of this specification propose corresponding solutions in order to reduce the communication volume during security processing of privacy vectors.
独热编码向量在统计和机器学习中常见,上述确定向量内积结果的计算可用于相关领域。上述计算也可用于查表计算,即由输入k查得表T的元素T[k]:先将输入k转为第k维元素取值为1的独热编码向量p,以及将表T转换为向量的形式,再计算p和T的向 量内积结果。查表计算可用于计算阶乘等单输入且输入取值数量较有限的函数。One-hot encoded vectors are common in statistics and machine learning, and the above calculation to determine the vector inner product result can be used in related fields. The above calculation can also be used for table lookup calculation, that is, the element T[k] of the table T can be found from the input k: first convert the input k into a one-hot encoding vector p with the k-th element having a value of 1, and convert the table T is in the form of a vector, and then calculates the vector inner product result of p and T. Look-up table calculations can be used to calculate functions with a single input and a limited number of input values, such as factorials.
图2示出根据一个实施例的针对隐私向量的安全处理方法流程图,该方法可以基于图1所示的实施场景,所述隐私向量为独热编码向量,其以和共享的形式分布于第一方和第二方,所述方法用于得到所述隐私向量与明文向量的向量内积结果,由任意一方执行。如图2所示,该实施例中针对隐私向量的安全处理方法包括以下步骤:步骤21,获取所述隐私向量在模2空间的本方分片;步骤22,将所述本方分片的各个位进行累加,得到第一求和结果;步骤23,根据本方对应的索引,确定用于标识正数或负数的第一符号位;步骤24,根据所述第一求和结果和所述第一符号位,确定第一标量的第一分片;步骤25,本地计算所述本方分片与所述明文向量的内积,得到第二求和结果;步骤26,根据所述第二求和结果和所述第一符号位,确定第二标量的第一分片;步骤27,根据本方具有的第一标量的第一分片、第二标量的第一分片,与对方提供的第一标量的第二分片、第二标量的第二分片,联合进行安全乘法运算,得到向量内积结果的第一分片,所述向量内积结果对应于所述第一标量和所述第二标量的乘积。下面描述以上各个步骤的具体执行方式。Figure 2 shows a flow chart of a security processing method for privacy vectors according to one embodiment. The method can be based on the implementation scenario shown in Figure 1. The privacy vector is a one-hot encoding vector, which is distributed in the form of and sharing. One party and the second party, the method is used to obtain the vector inner product result of the privacy vector and the plaintext vector, and is executed by either party. As shown in Figure 2, the security processing method for privacy vectors in this embodiment includes the following steps: Step 21, obtain the local fragments of the privacy vector in modulo 2 space; Step 22, obtain the local fragments of the privacy vectors Each bit is accumulated to obtain the first summation result; step 23, determine the first sign bit used to identify the positive or negative number according to the corresponding index of the local party; step 24, according to the first summation result and the The first sign bit determines the first fragment of the first scalar; Step 25, locally calculate the inner product of the local fragment and the plaintext vector to obtain the second summation result; Step 26, according to the second The summation result and the first sign bit determine the first fragment of the second scalar; step 27, based on the first fragment of the first scalar and the first fragment of the second scalar owned by the party, provide the other party with the first fragment of the second scalar. The second slice of the first scalar and the second slice of the second scalar jointly perform a safe multiplication operation to obtain the first slice of the vector inner product result, and the vector inner product result corresponds to the first scalar sum The product of the second scalar. The specific execution methods of each of the above steps are described below.
首先在步骤21,获取所述隐私向量在模2空间的本方分片。可以理解的是,若隐私向量p为一个n维向量,其由n个元素构成,p的分片可以视为其包含的各个元素的分片组合而成,每个元素的分片属于模2空间。First, in step 21, obtain the local slice of the privacy vector in modulo 2 space. It can be understood that if the privacy vector p is an n-dimensional vector, which is composed of n elements, the slices of p can be regarded as a combination of slices of each element it contains, and the slices of each element belong to modulo 2 space.
本说明书实施例,任意一方持有隐私向量p的一个分片<p> j,隐私向量p的第i个元素的一个分片记为<p[i]> j,其中j为本方对应的索引,i为元素的索引。两方对应的索引通常为顺序相邻的两个整数,例如,第一方对应的索引为0,第二方对应的索引为1;或者,第一方对应的索引为1,第二方对应的索引为2。举例来说,若第一方对应的索引为0,第二方对应的索引为1,则第一方持有p的一个分片<p> 0,第二方持有p的另一个分片<p> 1,p=<p> 0+<p> 1。各元素的索引通常按照向量中元素从右至左的顺序,从0开始顺次加1,对于一个n维向量,该向量中各元素的索引从0到n-1。 In the embodiment of this specification, any party holds a fragment <p> j of the privacy vector p. A fragment of the i-th element of the privacy vector p is recorded as <p[i]> j , where j is the corresponding fragment of the party. Index, i is the index of the element. The indexes corresponding to the two parties are usually two integers that are adjacent in sequence. For example, the index corresponding to the first party is 0 and the index corresponding to the second party is 1; or, the index corresponding to the first party is 1 and the index corresponding to the second party is 1. The index of is 2. For example, if the index corresponding to the first party is 0 and the index corresponding to the second party is 1, then the first party holds one shard of p <p> 0 and the second party holds another shard of p <p> 1 , p=<p> 0 +<p> 1 . The index of each element is usually in the order of the elements in the vector from right to left, starting from 0 and increasing by 1. For an n-dimensional vector, the index of each element in the vector is from 0 to n-1.
在一个示例中,所述获取所述隐私向量在模2空间的本方分片,包括:In one example, obtaining the local slice of the privacy vector in modulo 2 space includes:
通过本地进行的安全模转换运算,将本方持有的所述隐私向量的模q1空间的分片转换为模2空间的本方分片。Through the locally performed secure modulo conversion operation, the fragments of the modulo q1 space of the privacy vector held by the party are converted into the fragments of the modulo 2 space.
该示例中,第一方和第二方中任意一方持有所述隐私向量的模q1空间的分片,若q1等于2,则可以直接获取所述隐私向量在模2空间的本方分片;若q1不等于2,则可以通过本地进行的安全模转换运算,将本方持有的所述隐私向量的模q1空间的分片转换为模2空间的本方分片。其中,可以针对所述隐私向量的各个元素的模q1空间的分片分别进行 上述安全模转换运算。可以理解的是,本地进行的安全模转换运算不需要与另一方进行通信。双方可以各自将其隐私向量的任一元素的模q1空间的分片的最低位(bit),确定为隐私向量的该元素的模2空间的分片。举例来说,隐私向量的一个元素的模q1空间的分片为1001,其最低位为1,则隐私向量的该元素的模2空间的分片为1。In this example, either the first party or the second party holds the slice of the privacy vector modulo q1 space. If q1 is equal to 2, the own slice of the privacy vector in the modulo 2 space can be directly obtained. ; If q1 is not equal to 2, the fragments of the privacy vector held by the party modulo q1 space can be converted into the fragments of the party modulo 2 space through a locally performed secure modulo conversion operation. Wherein, the above secure modulo conversion operation can be performed separately on the slices of the modulo q1 space of each element of the privacy vector. It will be appreciated that secure analog conversion operations performed locally do not require communication with the other party. Both parties can each determine the lowest bit (bit) of the modulo q1 space fragment of any element of their privacy vector as the modulo 2 space fragment of that element of the privacy vector. For example, if the modulo q1 space fragment of an element of the privacy vector is 1001, and its lowest bit is 1, then the modulo 2 space fragment of the element of the privacy vector is 1.
隐私向量的每个元素在模2空间的本方分片都是一位,因此n维的隐私向量在模2空间的本方分片是n位。Each element of the privacy vector is one bit in the local slice of modulo 2 space, so the n-dimensional privacy vector is n bits in the local slice of modulo 2 space.
然后在步骤22,将所述本方分片的各个位进行累加,得到第一求和结果。可以理解的是,由于所述本方分片在模2空间,因此上述累加计算也是在模2空间进行,所述本方分片的任意一个位有两种取值分别为0或1,第一求和结果也有两种取值分别为0或1。Then in step 22, each bit of the local slice is accumulated to obtain the first summation result. It can be understood that since the local slice is in modulo 2 space, the above accumulation calculation is also performed in modulo 2 space. Any bit of the local slice has two values, which are 0 or 1 respectively. The summation result also has two values: 0 or 1.
举例来说,任意一方持有隐私向量p的一个分片<p> j,隐私向量p的第i个元素的一个分片记为<p[i]> j,其中j为本方对应的索引,i为元素的索引,第一求和结果可以表示为
Figure PCTCN2022135285-appb-000001
For example, any party holds a fragment <p> j of the privacy vector p, and a fragment of the i-th element of the privacy vector p is recorded as <p[i]> j , where j is the corresponding index of the party. , i is the index of the element, and the first summation result can be expressed as
Figure PCTCN2022135285-appb-000001
接着在步骤23,根据本方对应的索引,确定用于标识正数或负数的第一符号位。可以理解的是,第一方和第二方两方的索引不同,其第一符号位也是不同的。Next, in step 23, the first sign bit used to identify a positive number or a negative number is determined according to the corresponding index of the local party. It can be understood that the indexes of the first party and the second party are different, and their first sign bits are also different.
在一个示例中,所述根据本方对应的索引,确定用于标识正数或负数的第一符号位,包括:In one example, determining the first sign bit used to identify a positive number or a negative number according to its corresponding index includes:
若所述本方对应的索引为偶数,则确定第一符号位为1;If the index corresponding to the local side is an even number, then determine the first sign bit to be 1;
若所述本方对应的索引为奇数,则确定第一符号位为-1。If the index corresponding to the local party is an odd number, the first sign bit is determined to be -1.
举例来说,j为本方对应的索引,第一符号位可以表示为(-1) jFor example, j is the index corresponding to this party, and the first sign bit can be expressed as (-1) j .
可以理解的是,第一方和第二方的地位是对等的,因此也可以采用相反的确定第一符号位的方式,例如,若所述本方对应的索引为奇数,则确定第一符号位为1;若所述本方对应的索引为偶数,则确定第一符号位为-1。举例来说,j为本方对应的索引,第一符号位可以表示为(-1) j+1It can be understood that the status of the first party and the second party is equal, so the opposite method of determining the first sign bit can also be used. For example, if the index corresponding to the own party is an odd number, then the first sign bit is determined. The sign bit is 1; if the index corresponding to the local party is an even number, the first sign bit is determined to be -1. For example, j is the index corresponding to this side, and the first sign bit can be expressed as (-1) j+1 .
再在步骤24,根据所述第一求和结果和所述第一符号位,确定第一标量的第一分片。可以理解的是,第一标量的第一分片的确定方式与希望得到的第一标量的取值有关。Then in step 24, determine the first slice of the first scalar according to the first summation result and the first sign bit. It can be understood that the manner of determining the first fragment of the first scalar is related to the desired value of the first scalar.
在一个示例中,所述根据所述第一求和结果和所述第一符号位,确定第一标量的第一分片,包括:In one example, determining the first slice of the first scalar according to the first summation result and the first sign bit includes:
将所述第一求和结果添加所述第一符号位后,对第一常数取模,得到第一标量的第一分片。After adding the first sign bit to the first summation result, the first constant is taken modulo to obtain the first slice of the first scalar.
举例来说,任意一方持有隐私向量p的一个分片<p> j,隐私向量p的第i个元素的一 个分片记为<p[i]> j,其中j为本方对应的索引,i为元素的索引,第一求和结果为
Figure PCTCN2022135285-appb-000002
第一符号位为(-1) j,第一常数为d,第一标量为b,则第一标量的第一分片可以表示为
Figure PCTCN2022135285-appb-000003
For example, any party holds a fragment <p> j of the privacy vector p, and a fragment of the i-th element of the privacy vector p is recorded as <p[i]> j , where j is the corresponding index of the party. , i is the index of the element, and the first summation result is
Figure PCTCN2022135285-appb-000002
The first sign bit is (-1) j , the first constant is d, and the first scalar is b, then the first slice of the first scalar can be expressed as
Figure PCTCN2022135285-appb-000003
进一步地,所述第一常数的选取需要使得以下条件成立:Further, the selection of the first constant needs to make the following conditions hold:
第一标量的第一分片的最低位与第一标量的第二分片的最低位之和为1,且不会进位;The sum of the lowest bits of the first slice of the first scalar and the lowest bit of the second slice of the first scalar is 1, and there will be no carry;
第一标量为1和-1时,第一标量的次低位的取值不同。When the first scalar is 1 and -1, the value of the second lowest bit of the first scalar is different.
举例来说,j为本方对应的索引,j=0或1,第一标量为b,则上述条件可以表示为<b> 0[0]+<b> 1[0]=1且不会进位;b为1和-1时,b[1]的取值不同。 For example, j is the index corresponding to this side, j=0 or 1, and the first scalar is b, then the above condition can be expressed as <b> 0 [0] + <b> 1 [0] = 1 and will not Carry; when b is 1 and -1, the value of b[1] is different.
进一步地,所述第一常数为2的次幂,且不小于4。Further, the first constant is a power of 2 and is not less than 4.
可以理解的是,这种第一常数的具体取值满足上述条件,但是满足上述条件的第一常数不一定必须是该具体取值。It can be understood that the specific value of the first constant satisfies the above conditions, but the first constant that satisfies the above conditions does not necessarily have to be the specific value.
接着在步骤25,本地计算所述本方分片与所述明文向量的内积,得到第二求和结果。可以理解的是,第二求和结果的取值不仅取决于所述本方分片的各个位的取值,还取决于所述明文向量的各个元素的取值,所述本方分片的任一个位的取值只有0和1两种取值,而所述明文向量的任一个元素的取值其所在的模空间。Then in step 25, the inner product of the local fragment and the plaintext vector is calculated locally to obtain a second summation result. It can be understood that the value of the second summation result not only depends on the value of each bit of the local fragment, but also depends on the value of each element of the plaintext vector. The value of the local fragment The value of any bit can only take two values: 0 and 1, and the value of any element of the plaintext vector is the modulus space in which it is located.
举例来说,任意一方持有隐私向量p的一个分片<p> j,隐私向量p的第i个元素的一个分片记为<p[i]> j,明文向量用T来表示,明文向量T的第i个元素记为T[i],其中j为本方对应的索引,i为元素的索引,第二求和结果可以表示为
Figure PCTCN2022135285-appb-000004
For example, any party holds a fragment <p> j of privacy vector p, a fragment of the i-th element of privacy vector p is denoted as <p[i]> j , the plaintext vector is represented by T, and the plaintext The i-th element of vector T is recorded as T[i], where j is the index corresponding to this side, i is the index of the element, and the second summation result can be expressed as
Figure PCTCN2022135285-appb-000004
再在步骤26,根据所述第二求和结果和所述第一符号位,确定第二标量的第一分片。可以理解的是,第二标量的第一分片的确定方式与希望得到的第二标量的取值有关。Then in step 26, determine the first slice of the second scalar according to the second summation result and the first sign bit. It can be understood that the manner of determining the first fragment of the second scalar is related to the desired value of the second scalar.
在一个示例中,所述根据所述第二求和结果和所述第一符号位,确定第二标量的第一分片,包括:In one example, determining the first slice of the second scalar according to the second summation result and the first sign bit includes:
将所述第二求和结果添加所述第一符号位后,得到第二标量的第一分片。After adding the first sign bit to the second summation result, a first slice of the second scalar is obtained.
举例来说,任意一方持有隐私向量p的一个分片<p> j,隐私向量p的第i个元素的一个分片记为<p[i]> j,明文向量用T来表示,明文向量T的第i个元素记为T[i],其中j为本方对应的索引,i为元素的索引,第二求和结果为
Figure PCTCN2022135285-appb-000005
第一符号位为(-1) j, 第二标量为c,则第二标量的第一分片可以表示为
Figure PCTCN2022135285-appb-000006
For example, any party holds a fragment <p> j of privacy vector p, a fragment of the i-th element of privacy vector p is denoted as <p[i]> j , the plaintext vector is represented by T, and the plaintext The i-th element of vector T is recorded as T[i], where j is the index corresponding to this side, i is the index of the element, and the second summation result is
Figure PCTCN2022135285-appb-000005
The first sign bit is (-1) j and the second scalar is c, then the first fragment of the second scalar can be expressed as
Figure PCTCN2022135285-appb-000006
最后在步骤27,根据本方具有的第一标量的第一分片、第二标量的第一分片,与对方提供的第一标量的第二分片、第二标量的第二分片,联合进行安全乘法运算,得到向量内积结果的第一分片,所述向量内积结果对应于所述第一标量和所述第二标量的乘积。可以理解的是,通过计算所述第一标量和所述第二标量的乘积可以得到隐私向量与明文向量的向量内积结果。Finally, in step 27, based on the first fragment of the first scalar and the first fragment of the second scalar owned by the party, and the second fragment of the first scalar and the second fragment of the second scalar provided by the other party, Safe multiplication operations are jointly performed to obtain a first slice of a vector inner product result, which corresponds to the product of the first scalar and the second scalar. It can be understood that the vector inner product result of the privacy vector and the plaintext vector can be obtained by calculating the product of the first scalar and the second scalar.
举例来说,隐私向量p为n维的独热编码向量,其第k维元素取值为1,其他维元素取值均为0,明文向量T为n维向量,隐私向量p与明文向量T的向量内积结果记为h=<p,T>=T[k],第一标量用b表示,第二标量用c表示,需要验证h=b×c,下面给出简单的证明过程。For example, the privacy vector p is an n-dimensional one-hot encoding vector, its k-th dimension element has a value of 1, and the other dimensional elements have a value of 0. The plaintext vector T is an n-dimensional vector, and the privacy vector p and the plaintext vector T The result of the vector inner product is recorded as h=<p,T>=T[k]. The first scalar is represented by b, and the second scalar is represented by c. It is necessary to verify that h=b×c. A simple proof process is given below.
假定第一标量的分片
Figure PCTCN2022135285-appb-000007
第二标量的分片
Figure PCTCN2022135285-appb-000008
其中,j=0或1;<x> j表示分片态的x在第j方的分片;另<r> j为<b> j的次低位,也就是<b> j的第1位;r=<r> 0+<r> 1Assume the slice of the first scalar
Figure PCTCN2022135285-appb-000007
slice of second scalar
Figure PCTCN2022135285-appb-000008
Among them, j=0 or 1; <x> j represents the fragment of x in the fragmented state in the jth side; and <r> j is the second lowest bit of <b> j , which is the first bit of <b>j;r=<r> 0 +<r> 1 .
若p[i]为0,则p[i]的两个分片<p[i]> 0和<p[i]> 1有两种可能的取值组合,<p[i]> 0和<p[i]> 1均为0,或者<p[i]> 0和<p[i]> 1均为1,则(-1) 0<p[i]> 0+(-1) 1<p[i]> 1=0。 If p[i] is 0, then the two slices of p[i] <p[i]> 0 and <p[i]> 1 have two possible value combinations, <p[i]> 0 and <p[i]> 1 is both 0, or <p[i]> 0 and <p[i]> 1 are both 1, then (-1) 0 <p[i]> 0 +(-1) 1 <p[i]> 1 =0.
若p的第k维元素取值为1,其他维元素取值均为0,则b=<p[k]> 0-<p[k]> 1=(-1) r,c=(-1) r×T[k],其中,r=1或0。 If the value of the k-th dimension element of p is 1 and the values of other dimensional elements are all 0, then b=<p[k]> 0 -<p[k]> 1 =(-1) r , c=(- 1) r ×T[k], where r=1 or 0.
明显地,b×c=T[k],也就是说,h=b×c。Obviously, b×c=T[k], that is, h=b×c.
此外,对于常数d选取需要满足的条件进行说明。In addition, the conditions that need to be met for the selection of constant d are explained.
假定d为4,则b的二进制位01或11,则<b> 0[0]+<b> 1[0]=1且不会进位;
Figure PCTCN2022135285-appb-000009
Figure PCTCN2022135285-appb-000010
也就是说,b为1和-1时,b[1]的取值不同。 Assume that d is 4, then the binary bit of b is 01 or 11, then <b> 0 [0] + <b> 1 [0] = 1 and there will be no carry;
Figure PCTCN2022135285-appb-000009
Figure PCTCN2022135285-appb-000010
In other words, when b is 1 and -1, the value of b[1] is different.
通过上述证明过程可知,可以通过两个标量的安全乘法运算,得到向量内积结果的分片。Through the above proof process, we can know that the slices of the vector inner product result can be obtained through safe multiplication of two scalars.
在一个示例中,所述安全乘法运算包括:In one example, the safe multiplication operation includes:
从第三方获取第一随机数的第一分片、第二随机数的第一分片、随机乘法结果的第一分片;第一随机数的第二分片、第二随机数的第二分片、随机乘法结果的第二分片由对方获得;其中,随机乘法结果为第一随机数与第二随机数的乘积;Obtain the first fragment of the first random number, the first fragment of the second random number, and the first fragment of the random multiplication result from a third party; the second fragment of the first random number, and the second fragment of the second random number. The second fragment of the fragmentation and random multiplication results is obtained by the other party; where the random multiplication result is the product of the first random number and the second random number;
本地计算第一标量的第一分片与第一随机数的第一分片的差值,得到第一差值的第 一分片;Locally calculate the difference between the first fragment of the first scalar and the first fragment of the first random number to obtain the first fragment of the first difference;
本地计算第二标量的第一分片与第二随机数的第一分片的差值,得到第二差值的第一分片;Locally calculate the difference between the first fragment of the second scalar and the first fragment of the second random number to obtain the first fragment of the second difference;
从对方接收第一差值的第二分片和第二差值的第二分片;所述第一差值的第二分片为第一标量的第二分片与第一随机数的第二分片的差值;所述第二差值的第二分片为第二标量的第二分片与第二随机数的第二分片的差值;Receive a second fragment of the first difference value and a second fragment of the second difference value from the other party; the second fragment of the first difference value is the second fragment of the first scalar and the second fragment of the first random number. The difference between two slices; the second slice of the second difference is the difference between the second slice of the second scalar and the second slice of the second random number;
对第一差值的第一分片和第一差值的第二分片求和,得到第一差值;对第二差值的第一分片和第二差值的第二分片求和得到第二差值;Sum the first slice of the first difference and the second slice of the first difference to get the first difference; sum the first slice of the second difference and the second slice of the second difference. and get the second difference;
根据第一差值、第二差值、第一随机数的第一分片、第二随机数的第一分片、随机乘法结果的第一分片之间的本地计算,得到所述第一标量和所述第二标量的乘积的第一分片;对方得到该乘积的第二分片。According to local calculations between the first difference, the second difference, the first fragment of the first random number, the first fragment of the second random number, and the first fragment of the random multiplication result, the first The first slice of the product of the scalar and the second scalar; the other party gets the second slice of the product.
图3示出根据一个实施例的分片态下的安全乘法示意图。参照图3,第三方将u0、v0、z0发送给第一方,将u1、v1、z1发送给第二方,其中,(u0+u1)×(v0+v1)=(z0+z1);第一方根据自己持有的b的一个分片b0,以及从第三方接收的u的一个分片u0,本地计算e0=b0-u0;第一方根据自己持有的c的一个分片c0,以及从第三方接收的v的一个分片v0,本地计算f0=c0-v0;第一方将e0和f0发送给第二方;第二方根据自己持有的b的一个分片b1,以及从第三方接收的u的一个分片u1,本地计算e1=b1-u1;第二方根据自己持有的c的一个分片c1,以及从第三方接收的v的一个分片v1,本地计算f1=c1-v1;第二方将e1和f1发送给第一方;第一方和第二方各自本地计算得到e=b-u,f=c-v;第一方本地计算h0=ef+u0f+ev0+z0,将h0作为bc的乘法结果的一个分片;第二方本地计算h1=u1f+ev1+z1,将h1作为bc的乘法结果的一个分片。可以证明h0+h1=ef+uf+ev+uv=(e+u)(f+v)=bc。Figure 3 shows a schematic diagram of safe multiplication in the fragmented state according to one embodiment. Referring to Figure 3, the third party sends u0, v0, z0 to the first party, and sends u1, v1, z1 to the second party, where (u0+u1)×(v0+v1)=(z0+z1); The first party locally calculates e0 = b0-u0 based on a fragment b0 of b it holds and a fragment u0 of u received from the third party; the first party calculates e0 = b0-u0 based on a fragment c0 of c it holds. , and a fragment v0 of v received from the third party, locally calculate f0 = c0-v0; the first party sends e0 and f0 to the second party; the second party holds a fragment b1 of b, And a fragment u1 of u received from the third party, the local calculation e1 = b1-u1; the second party based on a fragment c1 of c held by itself, and a fragment v1 of v received from the third party, locally Calculate f1=c1-v1; the second party sends e1 and f1 to the first party; the first party and the second party locally calculate e=b-u, f=c-v; the first party locally calculates h0=ef+u0f+ ev0+z0, use h0 as a slice of the multiplication result of bc; the second party locally calculates h1=u1f+ev1+z1, and use h1 as a slice of the multiplication result of bc. It can be proved that h0+h1=ef+uf+ev+uv=(e+u)(f+v)=bc.
可以理解的是,u对应于前述第一随机数,u0对应于前述第一随机数的第一分片,v对应于前述第二随机数,v0对应于前述第二随机数的第一分片,z0对应于随机乘法结果的第一分片,u1对应于第一随机数的第二分片,v1对应于第二随机数的第二分片,z1对应于随机乘法结果的第二分片,b对应于第一标量,c对应于第二标量。It can be understood that u corresponds to the aforementioned first random number, u0 corresponds to the first fragment of the aforementioned first random number, v corresponds to the aforementioned second random number, and v0 corresponds to the first fragment of the aforementioned second random number. , z0 corresponds to the first fragment of the random multiplication result, u1 corresponds to the second fragment of the first random number, v1 corresponds to the second fragment of the second random number, z1 corresponds to the second fragment of the random multiplication result , b corresponds to the first scalar, and c corresponds to the second scalar.
此外,需要说明的是,如果需要得到向量内积结果在模q2空间的分片,q2>2,则可以在安全乘法运算之后对结果进行模转换运算,或者,可以在安全乘法运算之前先对第一标量的分片和第二标量的分片进行模转换,以使得到的结果就是在模q2空间的分片。In addition, it should be noted that if you need to obtain the slices of the vector inner product result in the modulo q2 space, q2>2, you can perform the modulo conversion operation on the result after the safe multiplication operation, or you can perform the modular conversion operation on the result before the safe multiplication operation. The slices of the first scalar and the slices of the second scalar are modulo converted so that the result is a slice in modulo q2 space.
举例来说,b和c的分片都设为模q2空间的分片,直接计算h=bc,得到的结果就是 在模q2空间的分片。For example, the slices of b and c are both set to slices in modulo q2 space, and h = bc is calculated directly, and the result is a slice in modulo q2 space.
通过本说明书实施例提供的方法,首先获取所述隐私向量在模2空间的本方分片;然后将所述本方分片的各个位进行累加,得到第一求和结果;接着根据本方对应的索引,确定用于标识正数或负数的第一符号位;再根据所述第一求和结果和所述第一符号位,确定第一标量的第一分片;接着本地计算所述本方分片与所述明文向量的内积,得到第二求和结果;再根据所述第二求和结果和所述第一符号位,确定第二标量的第一分片;最后根据本方具有的第一标量的第一分片、第二标量的第一分片,与对方提供的第一标量的第二分片、第二标量的第二分片,联合进行安全乘法运算,得到向量内积结果的第一分片,所述向量内积结果对应于所述第一标量和所述第二标量的乘积。由上可见,本说明书实施例,仅涉及本地计算和标量的安全乘法运算,本地计算中不需要通信,标量的安全乘法运算通信量很小,通过将两个向量的安全内积转换为两个标量的安全乘法,从而能够在针对隐私向量的安全处理中降低通信量。Through the method provided by the embodiments of this specification, first obtain the local fragment of the privacy vector in the modulo 2 space; then accumulate each bit of the local fragment to obtain the first summation result; and then according to the local fragment The corresponding index determines the first sign bit used to identify a positive or negative number; and then determines the first slice of the first scalar based on the first summation result and the first sign bit; and then locally calculates the The inner product of the local fragment and the plaintext vector is used to obtain the second summation result; and then the first fragment of the second scalar is determined based on the second summation result and the first sign bit; finally, the first fragment of the second scalar is determined according to the second summation result and the first sign bit. The first fragment of the first scalar and the first fragment of the second scalar owned by the party are combined with the second fragment of the first scalar and the second fragment of the second scalar provided by the other party to perform a safe multiplication operation, and we get A first slice of a vector inner product result corresponding to the product of the first scalar and the second scalar. It can be seen from the above that the embodiments of this specification only involve local calculations and safe multiplication operations of scalars. No communication is required in local calculations. The communication amount of safe multiplication operations of scalars is very small. By converting the safe inner product of two vectors into two Secure multiplication of scalars, enabling reduced traffic in secure processing of privacy vectors.
根据另一方面的实施例,还提供一种针对隐私向量的安全处理装置,所述隐私向量为独热编码向量,其以和共享的形式分布于第一方和第二方,所述装置用于得到所述隐私向量与明文向量的向量内积结果,设置于任意一方,所述装置用于执行本说明书图2所示实施例提供的方法中任意一方执行的动作。图4示出根据一个实施例的针对隐私向量的安全处理装置的示意性框图。如图4所示,该装置400包括:According to an embodiment of another aspect, a secure processing device for a privacy vector is also provided. The privacy vector is a one-hot encoding vector, which is distributed between the first party and the second party in the form of sharing. The device uses After obtaining the vector inner product result of the privacy vector and the plaintext vector, the device is arranged on either side, and the device is used to perform the actions performed by any one of the methods provided by the embodiment shown in Figure 2 of this specification. Figure 4 shows a schematic block diagram of a security processing device for privacy vectors according to one embodiment. As shown in Figure 4, the device 400 includes:
获取单元41,用于获取所述隐私向量在模2空间的本方分片;The acquisition unit 41 is used to acquire the local slices of the privacy vector in modulo 2 space;
累加计算单元42,用于将所述获取单元41获取的本方分片的各个位进行累加,得到第一求和结果;The accumulation calculation unit 42 is used to accumulate each bit of the own slice obtained by the acquisition unit 41 to obtain the first summation result;
符号确定单元43,用于根据本方对应的索引,确定用于标识正数或负数的第一符号位;The sign determination unit 43 is used to determine the first sign bit used to identify a positive number or a negative number according to its corresponding index;
第一标量确定单元44,用于根据所述累加计算单元42得到的第一求和结果和所述符号确定单元得到的第一符号位,确定第一标量的第一分片;The first scalar determination unit 44 is configured to determine the first slice of the first scalar according to the first summation result obtained by the accumulation calculation unit 42 and the first sign bit obtained by the sign determination unit;
内积计算单元45,用于本地计算所述本方分片与所述明文向量的内积,得到第二求和结果;The inner product calculation unit 45 is used to locally calculate the inner product of the local fragment and the plaintext vector to obtain the second summation result;
第二标量确定单元46,用于根据所述内积计算单元45得到的第二求和结果和所述第一符号位,确定第二标量的第一分片;The second scalar determination unit 46 is configured to determine the first slice of the second scalar according to the second summation result obtained by the inner product calculation unit 45 and the first sign bit;
联合运算单元47,用于根据本方具有的所述第一标量确定单元44得到的第一标量的第一分片、所述第二标量确定单元46得到的第二标量的第一分片,与对方提供的第一标 量的第二分片、第二标量的第二分片,联合进行安全乘法运算,得到向量内积结果的第一分片,所述向量内积结果对应于所述第一标量和所述第二标量的乘积。The joint operation unit 47 is configured to use the first slice of the first scalar obtained by the first scalar determination unit 44 and the first slice of the second scalar obtained by the second scalar determination unit 46, Combined with the second fragment of the first scalar and the second fragment of the second scalar provided by the other party, a safe multiplication operation is performed to obtain the first fragment of the vector inner product result, and the vector inner product result corresponds to the first fragment of the vector inner product. The product of one scalar and the second scalar.
可选地,作为一个实施例,所述获取单元41,具体用于通过本地进行的安全模转换运算,将本方持有的所述隐私向量的模q1空间的分片转换为模2空间的本方分片。Optionally, as an embodiment, the acquisition unit 41 is specifically configured to convert the fragments of the modulo q1 space of the privacy vector held by the party into modulo 2 space through a locally performed secure modulo conversion operation. Sharding on our side.
可选地,作为一个实施例,所述符号确定单元43,具体用于若所述本方对应的索引为偶数,则确定第一符号位为1;若所述本方对应的索引为奇数,则确定第一符号位为-1。Optionally, as an embodiment, the symbol determining unit 43 is specifically configured to determine the first symbol bit to be 1 if the index corresponding to the own party is an even number; if the index corresponding to the own party is an odd number, Then it is determined that the first sign bit is -1.
可选地,作为一个实施例,所述第一标量确定单元44,具体用于将所述第一求和结果添加所述第一符号位后,对第一常数取模,得到第一标量的第一分片。Optionally, as an embodiment, the first scalar determination unit 44 is specifically configured to add the first sign bit to the first summation result, and then modulo the first constant to obtain the first scalar First shard.
进一步地,所述第一常数的选取需要使得以下条件成立:Further, the selection of the first constant needs to make the following conditions hold:
第一标量的第一分片的最低位与第一标量的第二分片的最低位之和为1,且不会进位;The sum of the lowest bits of the first slice of the first scalar and the lowest bit of the second slice of the first scalar is 1, and there will be no carry;
第一标量为1和-1时,第一标量的次低位的取值不同。When the first scalar is 1 and -1, the value of the second lowest bit of the first scalar is different.
进一步地,所述第一常数为2的次幂,且不小于4。Further, the first constant is a power of 2 and is not less than 4.
可选地,作为一个实施例,所述第二标量确定单元46,具体用于将所述第二求和结果添加所述第一符号位后,得到第二标量的第一分片。Optionally, as an embodiment, the second scalar determination unit 46 is specifically configured to add the first sign bit to the second summation result to obtain the first slice of the second scalar.
可选地,作为一个实施例,所述联合运算单元47,具体用于:Optionally, as an embodiment, the joint operation unit 47 is specifically used for:
从第三方获取第一随机数的第一分片、第二随机数的第一分片、随机乘法结果的第一分片;第一随机数的第二分片、第二随机数的第二分片、随机乘法结果的第二分片由对方获得;其中,随机乘法结果为第一随机数与第二随机数的乘积;Obtain the first fragment of the first random number, the first fragment of the second random number, and the first fragment of the random multiplication result from a third party; the second fragment of the first random number, and the second fragment of the second random number. The second fragment of the fragmentation and random multiplication results is obtained by the other party; where the random multiplication result is the product of the first random number and the second random number;
本地计算第一标量的第一分片与第一随机数的第一分片的差值,得到第一差值的第一分片;Locally calculate the difference between the first fragment of the first scalar and the first fragment of the first random number to obtain the first fragment of the first difference;
本地计算第二标量的第一分片与第二随机数的第一分片的差值,得到第二差值的第一分片;Locally calculate the difference between the first fragment of the second scalar and the first fragment of the second random number to obtain the first fragment of the second difference;
从对方接收第一差值的第二分片和第二差值的第二分片;所述第一差值的第二分片为第一标量的第二分片与第一随机数的第二分片的差值;所述第二差值的第二分片为第二标量的第二分片与第二随机数的第二分片的差值;Receive a second fragment of the first difference value and a second fragment of the second difference value from the other party; the second fragment of the first difference value is the second fragment of the first scalar and the second fragment of the first random number. The difference between two slices; the second slice of the second difference is the difference between the second slice of the second scalar and the second slice of the second random number;
对第一差值的第一分片和第一差值的第二分片求和,得到第一差值;对第二差值的第一分片和第二差值的第二分片求和得到第二差值;Sum the first slice of the first difference and the second slice of the first difference to get the first difference; sum the first slice of the second difference and the second slice of the second difference. and get the second difference;
根据第一差值、第二差值、第一随机数的第一分片、第二随机数的第一分片、随机乘法结果的第一分片之间的本地计算,得到所述第一标量和所述第二标量的乘积的第一分片;对方得到该乘积的第二分片。According to local calculations between the first difference, the second difference, the first fragment of the first random number, the first fragment of the second random number, and the first fragment of the random multiplication result, the first The first slice of the product of the scalar and the second scalar; the other party gets the second slice of the product.
通过本说明书实施例提供的装置,首先获取单元41获取所述隐私向量在模2空间的本方分片;然后累加计算单元42将所述本方分片的各个位进行累加,得到第一求和结果;接着符号确定单元43根据本方对应的索引,确定用于标识正数或负数的第一符号位;第一标量确定单元44再根据所述第一求和结果和所述第一符号位,确定第一标量的第一分片;接着内积计算单元45本地计算所述本方分片与所述明文向量的内积,得到第二求和结果;第二标量确定单元46再根据所述第二求和结果和所述第一符号位,确定第二标量的第一分片;最后联合运算单元47根据本方具有的第一标量的第一分片、第二标量的第一分片,与对方提供的第一标量的第二分片、第二标量的第二分片,联合进行安全乘法运算,得到向量内积结果的第一分片,所述向量内积结果对应于所述第一标量和所述第二标量的乘积。由上可见,本说明书实施例,仅涉及本地计算和标量的安全乘法运算,本地计算中不需要通信,标量的安全乘法运算通信量很小,通过将两个向量的安全内积转换为两个标量的安全乘法,从而能够在针对隐私向量的安全处理中降低通信量。Through the device provided by the embodiment of this specification, first the acquisition unit 41 obtains the local slice of the privacy vector in the modulo 2 space; then the accumulation calculation unit 42 accumulates each bit of the local slice to obtain the first and the result; then the sign determination unit 43 determines the first sign bit used to identify the positive or negative number according to its corresponding index; the first scalar determination unit 44 then determines the first sign bit according to the first summation result and the first sign bit to determine the first fragment of the first scalar; then the inner product calculation unit 45 locally calculates the inner product of the local fragment and the plaintext vector to obtain a second summation result; the second scalar determination unit 46 then calculates The second summation result and the first sign bit determine the first slice of the second scalar; finally, the joint operation unit 47 has the first slice of the first scalar and the first slice of the second scalar. The fragments are combined with the second fragment of the first scalar and the second fragment of the second scalar provided by the other party to perform a safe multiplication operation to obtain the first fragment of the vector inner product result. The vector inner product result corresponds to The product of the first scalar and the second scalar. It can be seen from the above that the embodiments of this specification only involve local calculations and safe multiplication operations of scalars. No communication is required in local calculations. The communication amount of safe multiplication operations of scalars is very small. By converting the safe inner product of two vectors into two Secure multiplication of scalars, enabling reduced traffic in secure processing of privacy vectors.
根据另一方面的实施例,还提供一种计算机可读存储介质,其上存储有计算机程序,当所述计算机程序在计算机中执行时,令计算机执行结合图2所描述的方法。According to an embodiment of another aspect, a computer-readable storage medium is also provided, a computer program is stored thereon, and when the computer program is executed in a computer, the computer is caused to perform the method described in conjunction with FIG. 2 .
根据再一方面的实施例,还提供一种计算设备,包括存储器和处理器,所述存储器中存储有可执行代码,所述处理器执行所述可执行代码时,实现结合图2所描述的方法。According to yet another aspect of the embodiment, a computing device is also provided, including a memory and a processor, executable code is stored in the memory, and when the processor executes the executable code, the method described in conjunction with FIG. 2 is implemented. method.
本领域技术人员应该可以意识到,在上述一个或多个示例中,本发明所描述的功能可以用硬件、软件、固件或它们的任意组合来实现。当使用软件实现时,可以将这些功能存储在计算机可读介质中或者作为计算机可读介质上的一个或多个指令或代码进行传输。Those skilled in the art should realize that in one or more of the above examples, the functions described in the present invention can be implemented by hardware, software, firmware, or any combination thereof. When implemented using software, the functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium.
以上所述的具体实施方式,对本发明的目的、技术方案和有益效果进行了进一步详细说明,所应理解的是,以上所述仅为本发明的具体实施方式而已,并不用于限定本发明的保护范围,凡在本发明的技术方案的基础之上,所做的任何修改、等同替换、改进等,均应包括在本发明的保护范围之内。The above-described specific embodiments further describe the objectives, technical solutions and beneficial effects of the present invention in detail. It should be understood that the above-mentioned are only specific embodiments of the present invention and are not intended to limit the scope of the present invention. Any modifications, equivalent substitutions, improvements, etc. made on the basis of the technical solution of the present invention shall be included in the protection scope of the present invention.

Claims (18)

  1. 一种针对隐私向量的安全处理方法,所述隐私向量为独热编码向量,其以和共享的形式分布于第一方和第二方,所述方法用于得到所述隐私向量与明文向量的向量内积结果,由任意一方执行,包括:A security processing method for privacy vectors. The privacy vector is a one-hot encoding vector, which is distributed between the first party and the second party in the form of sum sharing. The method is used to obtain the relationship between the privacy vector and the plaintext vector. Vector inner product results, performed by either party, including:
    获取所述隐私向量在模2空间的本方分片;Obtain the local slice of the privacy vector in modulo 2 space;
    将所述本方分片的各个位进行累加,得到第一求和结果;Accumulate the respective bits of the own slices to obtain the first summation result;
    根据本方对应的索引,确定用于标识正数或负数的第一符号位;According to the corresponding index of this party, determine the first sign bit used to identify positive or negative numbers;
    根据所述第一求和结果和所述第一符号位,确定第一标量的第一分片;Determine a first fragment of the first scalar according to the first summation result and the first sign bit;
    本地计算所述本方分片与所述明文向量的内积,得到第二求和结果;Locally calculate the inner product of the local fragment and the plaintext vector to obtain the second summation result;
    根据所述第二求和结果和所述第一符号位,确定第二标量的第一分片;Determine the first slice of the second scalar according to the second summation result and the first sign bit;
    根据本方具有的第一标量的第一分片、第二标量的第一分片,与对方提供的第一标量的第二分片、第二标量的第二分片,联合进行安全乘法运算,得到向量内积结果的第一分片,所述向量内积结果对应于所述第一标量和所述第二标量的乘积。According to the first fragment of the first scalar and the first fragment of the second scalar owned by the party, and the second fragment of the first scalar and the second fragment of the second scalar provided by the other party, a safe multiplication operation is jointly performed , obtain the first slice of the vector inner product result, which corresponds to the product of the first scalar and the second scalar.
  2. 如权利要求1所述的方法,其中,所述获取所述隐私向量在模2空间的本方分片,包括:The method according to claim 1, wherein said obtaining the local slice of the privacy vector in modulo 2 space includes:
    通过本地进行的安全模转换运算,将本方持有的所述隐私向量的模q1空间的分片转换为模2空间的本方分片。Through the locally performed secure modulo conversion operation, the fragments of the modulo q1 space of the privacy vector held by the party are converted into the fragments of the modulo 2 space.
  3. 如权利要求1所述的方法,其中,所述根据本方对应的索引,确定用于标识正数或负数的第一符号位,包括:The method according to claim 1, wherein determining the first sign bit used to identify a positive number or a negative number according to its corresponding index includes:
    若所述本方对应的索引为偶数,则确定第一符号位为1;If the index corresponding to the local side is an even number, then determine the first sign bit to be 1;
    若所述本方对应的索引为奇数,则确定第一符号位为-1。If the index corresponding to the local party is an odd number, the first sign bit is determined to be -1.
  4. 如权利要求1所述的方法,其中,所述根据所述第一求和结果和所述第一符号位,确定第一标量的第一分片,包括:The method of claim 1, wherein determining the first slice of the first scalar according to the first summation result and the first sign bit includes:
    将所述第一求和结果添加所述第一符号位后,对第一常数取模,得到第一标量的第一分片。After adding the first sign bit to the first summation result, the first constant is taken modulo to obtain the first slice of the first scalar.
  5. 如权利要求4所述的方法,其中,所述第一常数的选取需要使得以下条件成立:The method according to claim 4, wherein the selection of the first constant needs to make the following conditions hold:
    第一标量的第一分片的最低位与第一标量的第二分片的最低位之和为1,且不会进位;The sum of the lowest bits of the first slice of the first scalar and the lowest bit of the second slice of the first scalar is 1, and there will be no carry;
    第一标量为1和-1时,第一标量的次低位的取值不同。When the first scalar is 1 and -1, the value of the second lowest bit of the first scalar is different.
  6. 如权利要求5所述的方法,其中,所述第一常数为2的次幂,且不小于4。The method of claim 5, wherein the first constant is a power of 2 and not less than 4.
  7. 如权利要求1所述的方法,其中,所述根据所述第二求和结果和所述第一符号位, 确定第二标量的第一分片,包括:The method of claim 1, wherein determining the first slice of the second scalar according to the second summation result and the first sign bit includes:
    将所述第二求和结果添加所述第一符号位后,得到第二标量的第一分片。After adding the first sign bit to the second summation result, a first slice of the second scalar is obtained.
  8. 如权利要求1所述的方法,其中,所述安全乘法运算包括:The method of claim 1, wherein the safe multiplication operation includes:
    从第三方获取第一随机数的第一分片、第二随机数的第一分片、随机乘法结果的第一分片;第一随机数的第二分片、第二随机数的第二分片、随机乘法结果的第二分片由对方获得;其中,随机乘法结果为第一随机数与第二随机数的乘积;Obtain the first fragment of the first random number, the first fragment of the second random number, and the first fragment of the random multiplication result from a third party; the second fragment of the first random number, and the second fragment of the second random number. The second fragment of the fragmentation and random multiplication results is obtained by the other party; where the random multiplication result is the product of the first random number and the second random number;
    本地计算第一标量的第一分片与第一随机数的第一分片的差值,得到第一差值的第一分片;Locally calculate the difference between the first fragment of the first scalar and the first fragment of the first random number to obtain the first fragment of the first difference;
    本地计算第二标量的第一分片与第二随机数的第一分片的差值,得到第二差值的第一分片;Locally calculate the difference between the first fragment of the second scalar and the first fragment of the second random number to obtain the first fragment of the second difference;
    从对方接收第一差值的第二分片和第二差值的第二分片;所述第一差值的第二分片为第一标量的第二分片与第一随机数的第二分片的差值;所述第二差值的第二分片为第二标量的第二分片与第二随机数的第二分片的差值;Receive a second fragment of the first difference value and a second fragment of the second difference value from the other party; the second fragment of the first difference value is the second fragment of the first scalar and the second fragment of the first random number. The difference between two slices; the second slice of the second difference is the difference between the second slice of the second scalar and the second slice of the second random number;
    对第一差值的第一分片和第一差值的第二分片求和,得到第一差值;对第二差值的第一分片和第二差值的第二分片求和得到第二差值;Sum the first slice of the first difference and the second slice of the first difference to get the first difference; sum the first slice of the second difference and the second slice of the second difference. and get the second difference;
    根据第一差值、第二差值、第一随机数的第一分片、第二随机数的第一分片、随机乘法结果的第一分片之间的本地计算,得到所述第一标量和所述第二标量的乘积的第一分片;对方得到该乘积的第二分片。According to local calculations between the first difference, the second difference, the first fragment of the first random number, the first fragment of the second random number, and the first fragment of the random multiplication result, the first The first slice of the product of the scalar and the second scalar; the other party gets the second slice of the product.
  9. 一种针对隐私向量的安全处理装置,所述隐私向量为独热编码向量,其以和共享的形式分布于第一方和第二方,所述装置用于得到所述隐私向量与明文向量的向量内积结果,设置于任意一方,包括:A security processing device for privacy vectors. The privacy vector is a one-hot encoding vector, which is distributed between the first party and the second party in the form of sum sharing. The device is used to obtain the relationship between the privacy vector and the plaintext vector. Vector inner product result, set on either side, including:
    获取单元,用于获取所述隐私向量在模2空间的本方分片;An acquisition unit, used to acquire the local slices of the privacy vector in modulo 2 space;
    累加计算单元,用于将所述获取单元获取的本方分片的各个位进行累加,得到第一求和结果;An accumulation calculation unit is used to accumulate each bit of the own slice obtained by the acquisition unit to obtain the first summation result;
    符号确定单元,用于根据本方对应的索引,确定用于标识正数或负数的第一符号位;The sign determination unit is used to determine the first sign bit used to identify the positive number or the negative number according to the corresponding index of the party;
    第一标量确定单元,用于根据所述累加计算单元得到的第一求和结果和所述符号确定单元得到的第一符号位,确定第一标量的第一分片;A first scalar determination unit configured to determine the first slice of the first scalar based on the first summation result obtained by the accumulation calculation unit and the first sign bit obtained by the sign determination unit;
    内积计算单元,用于本地计算所述本方分片与所述明文向量的内积,得到第二求和结果;An inner product calculation unit, used to locally calculate the inner product of the local fragment and the plaintext vector to obtain the second summation result;
    第二标量确定单元,用于根据所述内积计算单元得到的第二求和结果和所述第一符号位,确定第二标量的第一分片;A second scalar determination unit configured to determine the first slice of the second scalar based on the second summation result obtained by the inner product calculation unit and the first sign bit;
    联合运算单元,用于根据本方具有的所述第一标量确定单元得到的第一标量的第一分片、所述第二标量确定单元得到的第二标量的第一分片,与对方提供的第一标量的第二分片、第二标量的第二分片,联合进行安全乘法运算,得到向量内积结果的第一分片,所述向量内积结果对应于所述第一标量和所述第二标量的乘积。A joint operation unit, configured to provide the other side with the first fragment of the first scalar obtained by the first scalar determination unit and the first fragment of the second scalar obtained by the second scalar determination unit. The second slice of the first scalar and the second slice of the second scalar jointly perform a safe multiplication operation to obtain the first slice of the vector inner product result, and the vector inner product result corresponds to the first scalar sum The product of the second scalar.
  10. 如权利要求9所述的装置,其中,所述获取单元,具体用于通过本地进行的安全模转换运算,将本方持有的所述隐私向量的模q1空间的分片转换为模2空间的本方分片。The device according to claim 9, wherein the acquisition unit is specifically configured to convert the fragments of the modulo q1 space of the privacy vector held by the party into the modulo 2 space through a locally performed secure modulo conversion operation. own shards.
  11. 如权利要求9所述的装置,其中,所述符号确定单元,具体用于若所述本方对应的索引为偶数,则确定第一符号位为1;若所述本方对应的索引为奇数,则确定第一符号位为-1。The device of claim 9, wherein the symbol determining unit is specifically configured to determine the first symbol bit to be 1 if the index corresponding to the local party is an even number; if the index corresponding to the local party is an odd number , then it is determined that the first sign bit is -1.
  12. 如权利要求9所述的装置,其中,所述第一标量确定单元,具体用于将所述第一求和结果添加所述第一符号位后,对第一常数取模,得到第一标量的第一分片。The device of claim 9, wherein the first scalar determination unit is specifically configured to add the first sign bit to the first summation result, and then modulo the first constant to obtain the first scalar of the first shard.
  13. 如权利要求12所述的装置,其中,所述第一常数的选取需要使得以下条件成立:The device according to claim 12, wherein the selection of the first constant needs to make the following conditions hold:
    第一标量的第一分片的最低位与第一标量的第二分片的最低位之和为1,且不会进位;The sum of the lowest bits of the first slice of the first scalar and the lowest bit of the second slice of the first scalar is 1, and there will be no carry;
    第一标量为1和-1时,第一标量的次低位的取值不同。When the first scalar is 1 and -1, the value of the second lowest bit of the first scalar is different.
  14. 如权利要求13所述的装置,其中,所述第一常数为2的次幂,且不小于4。The device of claim 13, wherein the first constant is a power of 2 and not less than 4.
  15. 如权利要求9所述的装置,其中,所述第二标量确定单元,具体用于将所述第二求和结果添加所述第一符号位后,得到第二标量的第一分片。The device of claim 9, wherein the second scalar determination unit is specifically configured to add the first sign bit to the second summation result to obtain the first slice of the second scalar.
  16. 如权利要求9所述的装置,其中,所述联合运算单元,具体用于:The device according to claim 9, wherein the joint operation unit is specifically used for:
    从第三方获取第一随机数的第一分片、第二随机数的第一分片、随机乘法结果的第一分片;第一随机数的第二分片、第二随机数的第二分片、随机乘法结果的第二分片由对方获得;其中,随机乘法结果为第一随机数与第二随机数的乘积;Obtain the first fragment of the first random number, the first fragment of the second random number, and the first fragment of the random multiplication result from a third party; the second fragment of the first random number, and the second fragment of the second random number. The second fragment of the fragmentation and random multiplication results is obtained by the other party; where the random multiplication result is the product of the first random number and the second random number;
    本地计算第一标量的第一分片与第一随机数的第一分片的差值,得到第一差值的第一分片;Locally calculate the difference between the first fragment of the first scalar and the first fragment of the first random number to obtain the first fragment of the first difference;
    本地计算第二标量的第一分片与第二随机数的第一分片的差值,得到第二差值的第一分片;Locally calculate the difference between the first fragment of the second scalar and the first fragment of the second random number to obtain the first fragment of the second difference;
    从对方接收第一差值的第二分片和第二差值的第二分片;所述第一差值的第二分片为第一标量的第二分片与第一随机数的第二分片的差值;所述第二差值的第二分片为第二标量的第二分片与第二随机数的第二分片的差值;Receive a second fragment of the first difference value and a second fragment of the second difference value from the other party; the second fragment of the first difference value is the second fragment of the first scalar and the second fragment of the first random number. The difference between two slices; the second slice of the second difference is the difference between the second slice of the second scalar and the second slice of the second random number;
    对第一差值的第一分片和第一差值的第二分片求和,得到第一差值;对第二差值的第一分片和第二差值的第二分片求和得到第二差值;Sum the first slice of the first difference and the second slice of the first difference to get the first difference; sum the first slice of the second difference and the second slice of the second difference. and get the second difference;
    根据第一差值、第二差值、第一随机数的第一分片、第二随机数的第一分片、随机乘法结果的第一分片之间的本地计算,得到所述第一标量和所述第二标量的乘积的第一分片;对方得到该乘积的第二分片。According to local calculations between the first difference, the second difference, the first fragment of the first random number, the first fragment of the second random number, and the first fragment of the random multiplication result, the first The first slice of the product of the scalar and the second scalar; the other party gets the second slice of the product.
  17. 一种计算机可读存储介质,其上存储有计算机程序,当所述计算机程序在计算机中执行时,令计算机执行权利要求1-8中任一项的所述的方法。A computer-readable storage medium on which a computer program is stored. When the computer program is executed in a computer, the computer is caused to perform the method described in any one of claims 1-8.
  18. 一种计算设备,包括存储器和处理器,所述存储器中存储有可执行代码,所述处理器执行所述可执行代码时,实现权利要求1-8中任一项的所述的方法。A computing device includes a memory and a processor. The memory stores executable code. When the processor executes the executable code, the method of any one of claims 1-8 is implemented.
PCT/CN2022/135285 2022-06-14 2022-11-30 Security processing method and apparatus for privacy vector WO2023240934A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202210667898.2A CN114978510A (en) 2022-06-14 2022-06-14 Security processing method and device for privacy vector
CN202210667898.2 2022-06-14

Publications (1)

Publication Number Publication Date
WO2023240934A1 true WO2023240934A1 (en) 2023-12-21

Family

ID=82962146

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2022/135285 WO2023240934A1 (en) 2022-06-14 2022-11-30 Security processing method and apparatus for privacy vector

Country Status (2)

Country Link
CN (1) CN114978510A (en)
WO (1) WO2023240934A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114978510A (en) * 2022-06-14 2022-08-30 蚂蚁区块链科技(上海)有限公司 Security processing method and device for privacy vector
CN116055049B (en) * 2023-04-03 2023-07-04 富算科技(上海)有限公司 Multiparty secure computing method, device, system, electronic equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180307859A1 (en) * 2013-11-01 2018-10-25 Anonos Inc. Systems and methods for enforcing centralized privacy controls in de-centralized systems
CN111885079A (en) * 2020-07-31 2020-11-03 支付宝(杭州)信息技术有限公司 Multi-party combined data processing method and device for protecting data privacy
CN113098687A (en) * 2021-04-27 2021-07-09 支付宝(杭州)信息技术有限公司 Method and device for generating data tuple of secure computing protocol
CN114978510A (en) * 2022-06-14 2022-08-30 蚂蚁区块链科技(上海)有限公司 Security processing method and device for privacy vector

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180307859A1 (en) * 2013-11-01 2018-10-25 Anonos Inc. Systems and methods for enforcing centralized privacy controls in de-centralized systems
CN111885079A (en) * 2020-07-31 2020-11-03 支付宝(杭州)信息技术有限公司 Multi-party combined data processing method and device for protecting data privacy
CN113098687A (en) * 2021-04-27 2021-07-09 支付宝(杭州)信息技术有限公司 Method and device for generating data tuple of secure computing protocol
CN114978510A (en) * 2022-06-14 2022-08-30 蚂蚁区块链科技(上海)有限公司 Security processing method and device for privacy vector

Also Published As

Publication number Publication date
CN114978510A (en) 2022-08-30

Similar Documents

Publication Publication Date Title
CN112906044B (en) Multi-party security calculation method, device, equipment and storage medium
WO2023240934A1 (en) Security processing method and apparatus for privacy vector
US9158925B2 (en) Server-aided private set intersection (PSI) with data transfer
WO2021068445A1 (en) Data processing method and apparatus, computer device, and storage medium
CN112182649A (en) Data privacy protection system based on safe two-party calculation linear regression algorithm
CN112765616A (en) Multi-party security calculation method and device, electronic equipment and storage medium
Schlegel et al. CodedPaddedFL and CodedSecAgg: Straggler mitigation and secure aggregation in federated learning
CN111555880B (en) Data collision method and device, storage medium and electronic equipment
US20230283461A1 (en) Method, device, and storage medium for determining extremum based on secure multi-party computation
CN116561787A (en) Training method and device for visual image classification model and electronic equipment
US11599681B2 (en) Bit decomposition secure computation apparatus, bit combining secure computation apparatus, method and program
US11895230B2 (en) Information processing apparatus, secure computation method, and program
US10505719B2 (en) Method and system for rateless and pollution-attack-resilient network coding
US10652217B2 (en) Method and system for rateless and pollution-attack-resilient network coding including decoder(s)
CN115510502B (en) PCA method and system for privacy protection
CN116681141A (en) Federal learning method, terminal and storage medium for privacy protection
WO2022218033A1 (en) Data processing method and apparatus
WO2019111319A1 (en) Secret equality determination system, secret equality determination method and secret equality determination program recording medium
CN115277031B (en) Data processing method and device
Hasnat et al. Color image share cryptography: A novel approach
CN117692144B (en) Privacy protection method and system for multi-party private set operation under threshold condition
US11962562B2 (en) Anonymous message board server verification
CN116821962A (en) Probability truncation method and device for protecting privacy data
CN114186105A (en) Character string comparison method, device, equipment and storage medium
Qiu et al. Efficient Privacy-Preserving Outsourced k-Means Clustering on Distributed Data

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22946600

Country of ref document: EP

Kind code of ref document: A1