CN109525386A - A method of based on the privately owned intersection of Paillier homomorphic cryptography and - Google Patents

A method of based on the privately owned intersection of Paillier homomorphic cryptography and Download PDF

Info

Publication number
CN109525386A
CN109525386A CN201811442107.6A CN201811442107A CN109525386A CN 109525386 A CN109525386 A CN 109525386A CN 201811442107 A CN201811442107 A CN 201811442107A CN 109525386 A CN109525386 A CN 109525386A
Authority
CN
China
Prior art keywords
intersection
user
sides
ciphertext
cipher
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811442107.6A
Other languages
Chinese (zh)
Other versions
CN109525386B (en
Inventor
周福才
周搏洋
王强
吴淇毓
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Northeastern University China
Original Assignee
Northeastern University China
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Northeastern University China filed Critical Northeastern University China
Priority to CN201811442107.6A priority Critical patent/CN109525386B/en
Publication of CN109525386A publication Critical patent/CN109525386A/en
Application granted granted Critical
Publication of CN109525386B publication Critical patent/CN109525386B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/008Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The present invention provides a kind of method based on the privately owned intersection sum of Paillier homomorphic cryptography, is related to cyberspace security and privacy protection technique field.The agreement of agreement and reversed privately owned intersection sum including the privately owned intersection sum based on Paillier homomorphic cryptography, in the agreement of privately owned intersection sum, both sides negotiate to encrypt about the basis instrument for encrypting privately owned intersection sum and by three-wheel, final 2 side using private key decryption acquire intersection and, in the agreement of reversed privately owned intersection sum, both sides negotiate about the basis instrument for encrypting reversed privately owned intersection sum and encrypt by two-wheeled, then 2 sides using private key decrypt intersection with disturbing factors and and judge whether intersection radix size is able to enter third round and decrypts, if meeting condition 1 side remove disturbing factors acquire intersection and.This method using modular arithmetic property propose ciphertext splitting scheme, efficiency with higher, and agreement both sides can accurately calculate intersection cardinal sum intersection and, avoid habit thinking calculate the information leakage that may cause two-by-two.

Description

A method of based on the privately owned intersection of Paillier homomorphic cryptography and
Technical field
The present invention relates to cyberspace security and privacy protection technique fields, and in particular to one kind is based on Paillier homomorphism The method for encrypting privately owned intersection sum.
Background technique
In recent years, data show the trend of explosive growth, and data volume and data class become to become increasingly complex, largely Valuable customer information, personal privacy record, the operation data of enterprise is constantly mined.When this data is broken out Generation, the Privacy Protection under big data are just particularly important.
Privacy set intersection (Private Set Intersection, PSI) is an important association of multi-party computations View.Participate in calculating two sides or multi-party input data set, but can only obtain intersection as a result, cannot get any letter except intersection Breath.Related protocol only allows whether the particular community of this several sides' understanding intersection, such as the radix of intersection or the size of intersection surpass Cross certain threshold values.Various methods have been proposed in pervious work, including using semi-honesty model and malice model Agreement.
Summary of the invention
In view of the problems of the existing technology, the present invention provides a kind of based on the privately owned intersection sum of Paillier homomorphic cryptography Method, including based on the privately owned intersection sum of Paillier homomorphic cryptography agreement and based on Paillier homomorphic cryptography it is reversely privately owned The agreement of intersection sum, there are two participants in above-mentioned two agreement --- 1 side and 2 sides, wherein " privately owned intersection and agreement " Be hold the privately owned input data set containing user identifier in both sides, and wherein the data set of a side also additionally containing with it is every The related integer value of a user identifier, both sides want the radix for understanding intersection and the basis with the sum of intersection relative integers value On, do not allow both sides know intersection actual user's identifier or another party's data additional information it is (big in addition to intersection It is small), i.e. the privacy information of user, by " privately owned intersection and agreement " obtain the result is that 1 side can only access the radix of intersection, And 2 sides can only access intersection and;And " reversed privately owned intersection and agreement " if be then that intersection is too small is just being handed over by discovery Collection and the mode for terminating communication before, it is ensured that the minimum value of intersection number of elements passes through to protect the privacy information of user " reversed privately owned intersection and agreement " obtain the result is that both sides can access the radix of intersection, and only 1 can access friendship Collection and.
To achieve the goals above, a method of and, including be based on based on the privately owned intersection of Paillier homomorphic cryptography The agreement of the privately owned intersection sum of Paillier homomorphic cryptography and agreement based on the reversely privately owned intersection sum of Paillier homomorphic cryptography;
(1) agreement based on the privately owned intersection sum of Paillier homomorphic cryptography, comprising the following steps:
Step 1: both sides negotiate about the basis instrument for encrypting privately owned intersection sum, the specific steps are as follows:
Step 1.1: both sides negotiate setting security parameter λ, group G ∈ G (λ), user identifier space U=U (λ) and random Prophesy machine RO:U → G, wherein user identifier is mapped in the random element of crowd G by random oracle RO;
Hold the input set U of m user identifier in the step side 1.2:11={ ui}i∈[m], wherein i-th of user of 1 side ui∈U;
Hold n user identifier and therewith the set { (v of the relative integers value of expected pairing in the step side 1.3:2j, tj)}j∈[n], wherein j-th of user v of 2 sidesj∈ U and therewith the relative integers value t of expected pairingi∈Z+, Z+For positive integer, make Privately owned intersection and ∑ tjIt is suitble to the Paillier message space of security parameter λ, and defines U2={ vj}j∈[n]
Step 1.4: each party a chooses a random secret exponent k in group Ga
The step side 1.5:2 generates a new key pair using Pai.Gen (λ) function in Pailler encipherment scheme (pk, sk), and public key pk is shared with 1 side;
The step side 2:1 encrypts the user identifier set U of oneself1And random ordering issues 2 sides, the specific steps are as follows:
The step side 2.1:1 is by each user u in oneself user identifier setiApplied to random oracle RO, then Use key k1It encrypts, is obtained through the encrypted 1 side user ciphertext of 1 side for the first time
The step side 2.2:1 is by encrypted user's ciphertext cipheru1The set of compositionRandom ordering issues 2 Side;
The step side 3:2 encrypts the user data and the user identifier set U of oneself that 1 side sends2And random ordering issues 1 Side, the specific steps are as follows:
The step side 3.1:2 uses key k2To each of receiving through the encrypted 1 side user ciphertext of 1 sideElement carries out secondary encryption, obtains both sides jointly to the ciphertext after 1 side's user encryption
The step side 3.2:2 is by both sides jointly to the ciphertext cipher after 1 side's user encryptionu12The set of compositionRandom ordering issues 1 side;
The step side 3.3:2 uses key k2To set element (v will be inputtedj, tj) each user identifier v of centeringjIt is applied to Element after random oracle RO mapping is encrypted, and reuses Paillier public key pk to input set element (vj, tj) centering With each user identifier vjIt is expected that the relative integers value t of pairingjIt is encrypted, is obtained through the encrypted 2 side user ciphertext of 2 sidesWith the ciphertext cipher of the integer value through the encrypted 2 side user pairing of 2 sidest2=Pai (tj) right;
The step side 3.4:2 is by encrypted user's ciphertext cipherv2With paired integer value ciphertext ciphert2It is right The set of compositionRandom ordering issues 1 side;
The step side 4:1 encrypts the data that 2 sides send and acquires cipherv12With cipheru12Intersection H, further according to set H Obtain with intersection match integer value and ciphertext Pai (SH) and be sent to 2 sides, the specific steps are as follows:
The step side 4.1:1 uses key k1To receiving through the encrypted user's ciphertext cipher of 2 sidesv2With it is paired Integer value ciphertext ciphert2To the set of compositionIn each elementIt carries out secondary Encryption, obtains both sides jointly to the ciphertext cipher after 2 side's user encryptionsv12With paired integer value ciphertext ciphert2It is right
The step side 4.2:1 calculates cipherv12With cipheru12Intersection H:
Step 4.3: for each element h in set H, integer value ciphertext cipher that 1 side will match with ht2=Pai (tj) be multiplied, obtain to homomorphism with the integer value of intersection pairing and SHCiphertext Pai (SH): Pai (SH)=Pai (∑j∈Htj) =Pai.Sum ({ Pai (tj)}j∈H);
The step side 4.4:1 by the integer value matched with intersection and SHCiphertext Pai (SH) it is sent to 2 sides;
The integer value with intersection pairing for the Paillier encryption that the step side 5:2 is received using Paillier private key sk decryption And SHCiphertext Pai (SH), obtain with the integer value of intersection pairing and SH
(2) agreement based on the reversely privately owned intersection sum of Paillier homomorphic cryptography, comprising the following steps:
S1: both sides negotiate about the basis instrument for encrypting privately owned intersection sum, the specific steps are as follows:
S1.1: both sides negotiate setting security parameter λ, group G ∈ G (λ), user identifier space U=U (λ) and random pre- Speech machine RO:U → G, wherein user identifier is mapped in the random element of crowd G by random oracle RO;
Hold the input set U of m user identifier in the side S1.2:11={ ui}i∈[m], wherein i-th of user u of 1 sidei ∈U;
Hold n user identifier and therewith the set { (v of the relative integers value of expected pairing in the side S1.3:2j, tj)}j∈[n], Wherein, j-th of user v of 2 sidesj∈ U and therewith the relative integers value t of expected pairingj∈Z+, Z+For positive integer, make privately owned intersection With ∑ tjIt is suitble to the Paillier message space of security parameter λ, and defines the input set U of 2 side's user identifiers2= {vj}j∈[n]
S1.4: each party a chooses a random secret exponent k in group Ga
The side S1.5:2 using Pai.Gen (λ) function in Pailler encipherment scheme generate a new key pair (pk, Sk), and by public key pk it is shared with 1 side;
The side S2:2 encrypts the user identifier set U of oneself2And 1 side is issued in order, the specific steps are as follows:
The side S2.1:2 uses key k2To set element (v will be inputtedj, tj) each user identifier v of centeringjApplied to The element of machine prophesy machine RO is encrypted, and reuses Paillier public key pk to input set element (vj, tj) centering and each use Family identifier vjIt is expected that the relative integers value t of pairingjIt is encrypted, is obtained through the encrypted 2 side user ciphertext of 2 sidesWith the ciphertext cipher of the integer value through the encrypted 2 side user pairing of 2 sidest2=Pai (tj) right;
The side S2.2:2 is by encrypted user's ciphertext cipherv2With paired integer value ciphertext ciphert2To composition Set1 side is issued in order;
The side S3:1 encrypts the user data and the user identifier set U of oneself that 2 sides send1And 2 sides are issued in order, Specific step is as follows:
The side S3.1:1 uses key k1To receiving through the encrypted user's ciphertext cipher of 2 sidesv2With it is paired Integer value ciphertext ciphert2To the set of compositionEach ofElement carries out secondary add It is close, both sides are obtained jointly to the ciphertext after 2 side's user encryptionsAnd under Paillier modulus N, with Choose to machine mapping (j → rj), wherein rj∈Z+, pass through Pai (tj+rj)=Pai (tj)×Pai(rj) homomorphism to receiving Each ofIn element with user identifier vjIt is expected that the relative integers value t of pairingjDisposably filled Encryption, finally obtains both sides jointly to the ciphertext cipher after 2 side's user encryptionsv12With paired integer value ciphertext through filling out The cipher filledtr2It is right
The side S3.2:1 saves mapping (j → rj) and by both sides jointly to the ciphertext cipher after 2 side's user encryptionsv12With with Pairing the cipher that is filled through of integer value ciphertexttr2To the set of compositionIt sends out in order To 2 sides;
The side S3.3:1 uses key k1To the user u that will be inputted in set 1iApplied to the member after random oracle RO mapping Element is encrypted, and is obtained through the encrypted 1 side user ciphertext of 1 side
The side S3.4:1 is by encrypted user's ciphertext cipheru1The set of compositionRandom ordering issues 2 sides;
The side S4:2 encrypts the data that 1 side sends and acquires cipherv12With cipheru12Intersection indexed set J, then to subscript Set J is filled encryption and obtains with the integer value of intersection pairing and SJrAnd it is sent to 1 side, the specific steps are as follows:
The side S4.1:2 uses key k2To each of receiving through the encrypted 1 side user ciphertext of 1 side Secondary encryption is carried out, obtains both sides jointly to the ciphertext after 1 side's user encryption
The side S4.2:2 calculates cipherv12With cipheru12The indexed set J of intersection:
S4.3: judging whether intersection radix is less than given threshold, if so, 2 side's termination protocols, if it is not, then continuing S4.4;
The side S4.4:2 is by the corresponding all elements Pai (t of subscript in indexed set Jj+rj) be multiplied, reuse private key sk solution It is close, obtain with the disposable integer value matched with intersection for filling encryption and SJr=∑j∈Jtj+rj
The side S4.5:2 by encryption and the integer value of intersection pairing and SJrAnd indexed set J is sent to 1 side;
The side S5:1 calculate with intersection pairing integer value and
Beneficial effects of the present invention:
The present invention proposes a kind of method based on the privately owned intersection sum of Paillier homomorphic cryptography, studies and uses and is based on The algorithm of Paillier homomorphic cryptography proposes ciphertext splitting scheme using the property of modular arithmetic, encrypts, have after plaintext is divided Higher efficiency and encrypted result in plain text can be obtained without decryption.By this method offer based on Paillier homomorphism The agreement of privately owned intersection sum and the agreement based on the reversely privately owned intersection sum of Paillier homomorphic cryptography are encrypted, agreement both sides can Accurately calculate intersection cardinal sum intersection and, avoid habit thinking calculate the information leakage that may cause two-by-two, reversed In privately owned intersection and agreement, if discovery cardinal of the set is too small, to prevent intersection and being got by one party, to be inferred to certain The privacy information of user leads to the leakage of privacy of user, by the way of termination protocol, effectively prevent the leakage problem of privacy, And during using based on Paillier homomorphic cryptography, wherein a side randomly selects mapping to encrypted user's id correlation Integer value carries out blinding processing, acquires intersection with before, is removing the blind factor further according to mapping, substantially increase the safety of agreement Property.
Detailed description of the invention
Fig. 1 is privately owned intersection and diagram of protocol architecture in the embodiment of the present invention;
Fig. 2 is privately owned intersection and agreement timing diagram in the embodiment of the present invention;
Fig. 3 is privately owned intersection and agreement flow chart in the embodiment of the present invention;
Fig. 4 is reversed privately owned intersection and diagram of protocol architecture in the embodiment of the present invention;
Fig. 5 is reversed privately owned intersection and agreement timing diagram in the embodiment of the present invention;
Fig. 6 is reversed privately owned intersection and agreement flow chart in the embodiment of the present invention.
Specific embodiment
It is right in the following with reference to the drawings and specific embodiments in order to be more clear the purpose of the present invention, technical solution and advantage The present invention is described in further details.Described herein specific examples are only used to explain the present invention, is not used to limit this Invention.
A method of based on the privately owned intersection of Paillier homomorphic cryptography and, including it is privately owned based on Paillier homomorphic cryptography The agreement of intersection sum and agreement based on the reversely privately owned intersection sum of Paillier homomorphic cryptography;
(1) agreement based on the privately owned intersection sum of Paillier homomorphic cryptography
In the present embodiment, the framework based on the privately owned intersection of Paillier homomorphic cryptography and agreement is as shown in Figure 1, in privately owned friendship In collection and agreement, two sides input oneself all user resource identifier set, and 1 side obtains the radix of intersection when output, and 2 sides obtain To intersection and.Two sides of privately owned intersection and agreement realize the process for the sum that seeks common ground by setting and three-wheel interaction, such as Fig. 2 institute Show.
Figure it is seen that link is being arranged in both sides, with regard to a security parameter λ and a group G ∈ G (λ) and a use Reach an agreement at family identifier space U=U (λ).Both sides can use a random oracle RO:U → G.The first round, 1 side use k1 The user identifier set for encrypting oneself, sends it to 2 sides.Second wheel, 2 sides use k2Encrypt the set and use k that 1 side sends2 The user identifier set of oneself is encrypted with pk, and sends it to 1 side.Cipher is calculated in 1 sidev12With cipheru12's Intersection H.Encrypted set H is sent to 2 sides by third round, 1 side, and 2 sides acquire the integer value matched with intersection using sk decryption Sum, i.e. intersection and SH
In the present embodiment, for convenience of subsequent descriptions, expression as shown in Table 1 and explanation are provided.
The denotational description communicated between each entity of table 1
Detailed process is as shown in Figure 3, comprising the following steps:
Step 1: both sides negotiate about the basis instrument for encrypting privately owned intersection sum, the specific steps are as follows:
Step 1.1: both sides negotiate setting security parameter λ, group G ∈ G (λ), user identifier space U=U (λ) and random Prophesy machine RO:U → G, wherein user identifier is mapped in the random element of crowd G by random oracle RO;
Hold the input set U of m user identifier in the step side 1.2:11={ ui}i∈[m], wherein i-th of user of 1 side ui∈U;
Hold n user identifier and therewith the set { (v of the relative integers value of expected pairing in the step side 1.3:2j, tj)}j∈[n], wherein j-th of user v of 2 sidesj∈ U and therewith the relative integers value t of expected pairingj∈Z+, Z+For positive integer, make Privately owned intersection and ∑ tjIt is suitble to the Paillier message space of security parameter λ, and defines U2={ vj}j∈[n]
Step 1.4: each party a chooses a random secret exponent k in group Ga
The step side 1.5:2 generates a new key pair using Pai.Gen (λ) function in Pailler encipherment scheme (pk, sk), and public key pk is shared with 1 side;
The step side 2:1 encrypts the user identifier set U of oneself1And random ordering issues 2 sides, the specific steps are as follows:
The step side 2.1:1 is by each user u in oneself user identifier setiApplied to random oracle RO, then Use key k1It encrypts, is obtained through the encrypted 1 side user ciphertext of 1 side for the first time
The step side 2.2:1 is by encrypted user's ciphertext cipheru1The set of compositionRandom ordering issues 2 Side;
The step side 3:2 encrypts the user data and the user identifier set U of oneself that 1 side sends2And random ordering issues 1 Side, the specific steps are as follows:
The step side 3.1:2 uses key k2To each of receiving through the encrypted 1 side user ciphertext of 1 sideElement carries out secondary encryption, obtains both sides jointly to the ciphertext after 1 side's user encryption
The step side 3.2:2 is by both sides jointly to the ciphertext cipher after 1 side's user encryptionu12The set of compositionRandom ordering issues 1 side;
The step side 3.3:2 uses key k2To set element (v will be inputtedj, tj) each user identifier v of centeringjIt is applied to Element after random oracle RO mapping is encrypted, and reuses Paillier public key pk to input set element (vj, tj) centering With each user identifier vjIt is expected that the relative integers value t of pairingjIt is encrypted, is obtained through the encrypted 2 side user ciphertext of 2 sidesWith the ciphertext cipher of the integer value through the encrypted 2 side user pairing of 2 sidest2=Pai (tj) right;
The step side 3.4:2 is by encrypted user's ciphertext cipherv2With paired integer value ciphertext ciphert2It is right The set of compositionRandom ordering issues 1 side;
The step side 4:1 encrypts the data that 2 sides send and acquires cipherv12With cipheru12Intersection H, further according to set H Obtain with intersection match integer value and ciphertext Pai (SH) and be sent to 2 sides, the specific steps are as follows:
The step side 4.1:1 uses key k1To receiving through the encrypted user's ciphertext cipher of 2 sidesv2With it is paired Integer value ciphertext ciphert2To the set of compositionIn each elementIt carries out secondary Encryption, obtains both sides jointly to the ciphertext cipher after 2 side's user encryptionsvl2With paired integer value ciphertext ciphert2It is right
The step side 4.2:1 calculates cipherv12With cipheru12Intersection H:
Step 4.3: for each element h in set H, integer value ciphertext cipher that 1 side will match with ht2=Pai (tj) be multiplied, obtain to homomorphism with the integer value of intersection pairing and SHCiphertext Pai (SH): Pai (SH)=Pai (∑j∈Htj) =Pai.Sum ({ Pai (tj)}j∈H);
The step side 4.4:1 by the integer value matched with intersection and SHCiphertext Pai (SH) it is sent to 2 sides;
The integer value with intersection pairing for the Paillier encryption that the step side 5:2 is received using Paillier private key sk decryption And SHCiphertext Pai (SH), obtain intersection and SH
(2) agreement based on the reversely privately owned intersection sum of Paillier homomorphic cryptography
In the present embodiment, based on Paillier homomorphic cryptography reversely the framework of privately owned intersection and agreement as shown in figure 4, anti- Into privately owned intersection and agreement, two sides equally input oneself all user resource identifier set, if intersection radix when output It is too small with regard to termination protocol.Otherwise, 1 side obtain intersection radix and intersection and, 2 sides obtain the radix of intersection.Reversed privately owned friendship Two sides of collection and agreement realize the process for the sum that seeks common ground by setting and three-wheel interaction, as shown in Figure 5.
From fig. 5, it can be seen that link is being arranged in both sides, with regard to a security parameter λ and a group G ∈ G (λ) and a use Reach an agreement at family identifier space U=U (λ).Both sides can use a random oracle RO:U → G.The first round, 2 sides use k2 The user identifier set that oneself is encrypted with pk, sends it to 1 side.Second wheel, 1 side use k1Encrypt the user identifier of oneself Gather, each element in the set sent for 2 sides uses k1After encrypting user identifier, be added a disturbing factors, and by its It is sent to 2 sides.Cipher is calculated in 2 sidesv12With cipheru12The indexed set J of intersection, and decrypt band using sk and thanks for your hospitality The random factor with intersection pairing integer value and SJr, the termination protocol if intersection radix is too small.Third round, 2 sides thanks for your hospitality band The random factor with intersection pairing integer value and SJrAnd indexed set J is sent to 1 side, 1 side remove disturbing factors acquire with The sum of the integer value of intersection pairing, i.e. intersection and SJ
Detailed process is as shown in Figure 6, comprising the following steps:
S1: both sides negotiate about the basis instrument for encrypting privately owned intersection sum, the specific steps are as follows:
S1.1: both sides negotiate setting security parameter λ, group G ∈ G (λ), user identifier space U=U (λ) and random pre- Speech machine RO:U → G, wherein user identifier is mapped in the random element of crowd G by random oracle RO;
Hold the input set U of m user identifier in the side S1.2:11={ ui}i∈[m], wherein i-th of user u of 1 sidei ∈U;
Hold n user identifier and therewith the set { (v of the relative integers value of expected pairing in the side S1.3:2j, tj)}j∈[n], Wherein, j-th of user v of 2 sidesj∈ U and therewith the relative integers value t of expected pairingj∈Z+, Z+For positive integer, make privately owned intersection With ∑ tjIt is suitble to the Paillier message space of security parameter λ, and defines the input set U of 2 side's user identifiers2= {vj}j∈[n]
S1.4: each party a chooses a random secret exponent k in group Ga
The side S1.5:2 using Pai.Gen (λ) function in Pailler encipherment scheme generate a new key pair (pk, Sk), and by public key pk it is shared with 1 side;
The side S2:2 encrypts the user identifier set U of oneself2And 1 side is issued in order, the specific steps are as follows:
The side S2.1:2 uses key k2To set element (v will be inputtedj, tj) each user identifier v of centeringjApplied to The element of machine prophesy machine RO is encrypted, and reuses Paillier public key pk to input set element (vj, tj) centering and each use Family identifier vjIt is expected that the relative integers value t of pairingjIt is encrypted, is obtained through the encrypted 2 side user ciphertext of 2 sidesWith the ciphertext cipher of the integer value through the encrypted 2 side user pairing of 2 sidest2=Pai (tj) right;
The side S2.2:2 is by encrypted user's ciphertext cipherv2With paired integer value ciphertext ciphert2To composition Set1 side is issued in order;
The side S3:1 encrypts the user data and the user identifier set U of oneself that 2 sides send1And 2 sides are issued in order, Specific step is as follows:
The side S3.1:1 uses key k1To receiving through the encrypted user's ciphertext cipher of 2 sidesv2With it is paired Integer value ciphertext ciphert2To the set of compositionEach ofElement carries out secondary add It is close, both sides are obtained jointly to the ciphertext after 2 side's user encryptionsAnd under Paillier modulus N, with Choose to machine mapping (j → rj), wherein rj∈Z+, pass through Pai (tj+rj)=Pai (tj)×Pai(rj) homomorphism to receiving Each ofIn element with user identifier vjIt is expected that the relative integers value t of pairingjDisposably filled Encryption, finally obtains both sides jointly to the ciphertext cipher after 2 side's user encryptionsv12With paired integer value ciphertext through filling out The cipher filledtr2It is right
The side S3.2:1 saves mapping (j → ri) and by both sides jointly to the ciphertext cipher after 2 side's user encryptionsv12With with Pairing the cipher that is filled through of integer value ciphertexttr2To the set of compositionIt sends out in order To 2 sides;
The side S3.3:1 uses key k1To the user u that will be inputted in set 1iApplied to the member after random oracle RO mapping Element is encrypted, and is obtained through the encrypted 1 side user ciphertext of 1 side
The side S3.4:1 is by encrypted user's ciphertext cipheru1The set of compositionRandom ordering issues 2 sides;
The side S4:2 encrypt the data sent of 1 side and acquire with the integer value of intersection pairing and indexed set J, then to subscript Set J is filled encryption and obtains with the integer value of intersection pairing and SJrAnd it is sent to 1 side, the specific steps are as follows:
The side S4.1:2 uses key k2To each of receiving through the encrypted 1 side user ciphertext of 1 sideSecondary encryption is carried out, obtains both sides jointly to the ciphertext after 1 side's user encryption
The side S4.2:2 calculates cipherv12With cipheru12The indexed set J of intersection:
S4.3: judging whether intersection radix is less than given threshold, if so, 2 side's termination protocols, if it is not, then continuing S4.4;
The side S4.4:2 is by the corresponding all elements Pai (t of subscript in indexed set Jj+rj) be multiplied, reuse private key sk solution It is close, obtain with the disposable integer value matched with intersection for filling encryption and SJr=∑j∈Jtj+rj
The side S4.5:2 by encryption and the integer value of intersection pairing and SJrAnd indexed set J is sent to 1 side;
The side S5:1 calculate with intersection pairing integer value and
Finally, it should be noted that the above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although Present invention has been described in detail with reference to the aforementioned embodiments, those skilled in the art should understand that;It still may be used To modify to technical solution documented by previous embodiment, or some or all of the technical features are equal Replacement;Thus these are modified or replaceed, defined by the claims in the present invention that it does not separate the essence of the corresponding technical solution Range.

Claims (7)

1. a kind of method based on the privately owned intersection sum of Paillier homomorphic cryptography, which is characterized in that including same based on Paillier The privately owned intersection of state encryption and agreement and reversed privately owned intersection and agreement based on Paillier homomorphic cryptography;
(1) privately owned intersection and agreement based on Paillier homomorphic cryptography, comprising the following steps:
Step 1: both sides negotiate about the basis instrument for encrypting privately owned intersection sum, the specific steps are as follows:
Step 1.1: both sides negotiate setting security parameter λ, group G ∈ G (λ), user identifier space U=U (λ) and random oracle Machine RO:U → G, wherein user identifier is mapped in the random element of crowd G by random oracle RO;
Hold the input set U of m user identifier in the step side 1.2:11={ ui}i∈[m], wherein i-th of user u of 1 sidei∈ U;
Hold n user identifier and therewith the set { (v of the relative integers value of expected pairing in the step side 1.3:2j, tj)}j∈[n], Wherein, j-th of user v of 2 sidesj∈ U and therewith the relative integers value t of expected pairingj∈Z+, Z+For positive integer, make privately owned intersection With ∑ tjIt is suitble to the Paillier message space of security parameter λ, and defines U2={ vj}j∈[n]
Step 1.4: each party a chooses a random secret exponent k in group Ga
The step side 1.5:2 using Pai.Gen (λ) function in Pailler encipherment scheme generate a new key pair (pk, Sk), and by public key pk it is shared with 1 side;
The step side 2:1 encrypts the user identifier set U of oneself1And random ordering issues 2 sides;
The step side 3:2 encrypts the user data and the user identifier set U of oneself that 1 side sends2And random ordering issues 1 side;
The step side 4:1 encrypts the data that 2 sides send and acquires cipherv12With cipheru12Intersection H, obtained further according to set H With intersection pairing integer value and ciphertext Pai (SH) and be sent to 2 sides;
The step side 5:2 using Paillier private key sk decryption receive Paillier encryption with intersection pairing integer value and SHCiphertext Pai (SH), obtain with the integer value of intersection pairing and SH
(2) reversed privately owned intersection and agreement based on Paillier homomorphic cryptography, comprising the following steps:
S1: both sides negotiate about the basis instrument for encrypting privately owned intersection sum, the specific steps are as follows:
S1.1: both sides negotiate setting security parameter λ, group G ∈ G (λ), user identifier space U=U (λ) and random oracle RO:U → G, wherein user identifier is mapped in the random element of crowd G by random oracle RO;
Hold the input set U of m user identifier in the side S1.2:11={ ui}i∈[m], wherein i-th of user u of 1 sidei∈U;
Hold n user identifier and therewith the set { (v of the relative integers value of expected pairing in the side S1.3:2j, tj)}j∈[n], In, j-th of user v of 2 sidesj∈ U and therewith the relative integers value t of expected pairingj∈Z+, Z+For positive integer, make privately owned intersection and ∑tjIt is suitble to the Paillier message space of security parameter λ, and defines the input set U of 2 side's user identifiers2={ vj}j∈[n]
S1.4: each party a chooses a random secret exponent k in group Ga
The side S1.5:2 generates a new key pair (pk, sk) using Pai.Gen (λ) function in Pailler encipherment scheme, and Public key pk is shared with 1 side;
The side S2:2 encrypts the user identifier set U of oneself2And 1 side is issued in order;
The side S3:1 encrypts the user data and the user identifier set U of oneself that 2 sides send1And 2 sides are issued in order;
The side S4:2 encrypts the data that 1 side sends and acquires cipherv12With cipheru12The indexed set J of intersection, then to subscript collection Conjunction J is filled encryption and obtains with the integer value of intersection pairing and SJrAnd it is sent to 1 side;
The side S5:1 calculate with intersection pairing integer value and
2. the method according to claim 1 based on the privately owned intersection sum of Paillier homomorphic cryptography, which is characterized in that described Step 2 the following steps are included:
The step side 2.1:1 is by each user u in oneself user identifier setiApplied to random oracle RO, then using close Key k1It encrypts, is obtained through the encrypted 1 side user ciphertext of 1 side for the first time
The step side 2.2:1 is by encrypted user's ciphertext cipheru1The set of compositionRandom ordering issues 2 sides.
3. the method according to claim 1 based on the privately owned intersection sum of Paillier homomorphic cryptography, which is characterized in that described Step 3 the following steps are included:
The step side 3.1:2 uses key k2To each of receiving through the encrypted 1 side user ciphertext of 1 sideElement carries out secondary encryption, obtains both sides jointly to the ciphertext after 1 side's user encryption
The step side 3.2:2 is by both sides jointly to the ciphertext cipher after 1 side's user encryptionu12The set of composition Random ordering issues 1 side;
The step side 3.3:2 uses key k2To set element (v will be inputtedj, tj) each user identifier v of centeringjApplied to random Element after prophesy machine RO mapping is encrypted, and reuses Paillier public key pk to input set element (vj, tj) centering and every A user identifier vjIt is expected that the relative integers value t of pairingjIt is encrypted, is obtained through the encrypted 2 side user ciphertext of 2 sidesWith the ciphertext cipher of the integer value through the encrypted 2 side user pairing of 2 sidest2=Pai (tj) right;
The step side 3.4:2 is by encrypted user's ciphertext cipherv2With paired integer value ciphertext ciphert2To composition SetRandom ordering issues 1 side.
4. the method according to claim 1 based on the privately owned intersection sum of Paillier homomorphic cryptography, which is characterized in that described Step 4 the following steps are included:
The step side 4.1:1 uses key k1To receiving through the encrypted user's ciphertext cipher of 2 sidesv2With it is paired whole Numerical value ciphertext ciphert2To the set of compositionIn each elementCarry out secondary add It is close, both sides are obtained jointly to the ciphertext cipher after 2 side's user encryptionsv12With paired integer value ciphertext ciphert2It is right
The step side 4.2:1 calculates cipherv12With cipheru12Intersection H:
Step 4.3: for each element h in set H, integer value ciphertext cipher that 1 side will match with ht2=Pai (tj) phase Multiply, obtains to homomorphism with the integer value of intersection pairing and SHCiphertext Pai (SH): Pai (SH)=Pai (∑j∈Htj)= Pai.Sum({Pai(tj)}j∈H);
The step side 4.4:1 by the integer value matched with intersection and SHCiphertext Pai (SH) it is sent to 2 sides.
5. the method according to claim 1 based on the privately owned intersection sum of Paillier homomorphic cryptography, which is characterized in that described S2 the following steps are included:
The side S2.1:2 uses key k2To set element (v will be inputtedj, tj) each user identifier v of centeringjApplied to random oracle The element of machine RO is encrypted, and reuses Paillier public key pk to input set element (vj, tj) centering and each user identifier Accord with vjIt is expected that the relative integers value t of pairingjIt is encrypted, is obtained through the encrypted 2 side user ciphertext of 2 sidesWith the ciphertext cipher of the integer value through the encrypted 2 side user pairing of 2 sidest2=Pai (tj) right;
The side S2.2:2 is by encrypted user's ciphertext cipherv2With paired integer value ciphertext ciphert2To the collection of composition It closes1 side is issued in order.
6. the method according to claim 1 based on the privately owned intersection sum of Paillier homomorphic cryptography, which is characterized in that described S3 the following steps are included:
The side S3.1:1 uses key k1To receiving through the encrypted user's ciphertext cipher of 2 sidesv2With paired integer It is worth ciphertext ciphert2To the set of compositionEach ofElement carries out secondary encryption, Both sides are obtained jointly to the ciphertext after 2 side's user encryptionsAnd under Paillier modulus N, at random Choose mapping (j → r in groundj), wherein rj∈Z+, pass through Pai (tj+rj)=Pai (tj)×Pai(rj) homomorphism to receiving EachIn element with user identifier vjIt is expected that the relative integers value t of pairingjDisposable filling is carried out to add It is close, both sides are finally obtained jointly to the ciphertext cipher after 2 side's user encryptionsv12It is filled through with paired integer value ciphertext Ciphertr2It is right
The side S3.2:1 saves mapping (j → rj) and by both sides jointly to the ciphertext cipher after 2 side's user encryptionsv12With it is paired The cipher that is filled through of integer value ciphertexttr2To the set of composition2 sides are issued in order;
The side S3.3:1 uses key k1To the user u that will be inputted in set 1iApplied to random oracle RO mapping after element into Row encryption, obtains through the encrypted 1 side user ciphertext of 1 side
The side S3.4:1 is by encrypted user's ciphertext cipheru1The set of compositionRandom ordering issues 2 sides.
7. the method according to claim 1 based on the privately owned intersection sum of Paillier homomorphic cryptography, which is characterized in that described S4 the following steps are included:
The side S4.1:2 uses key k2To each of receiving through the encrypted 1 side user ciphertext of 1 sideInto The secondary encryption of row, obtains both sides jointly to the ciphertext after 1 side's user encryption
The side S4.2:2 calculates cipherv12With cipheru12The indexed set J of intersection:
S4.3: judging whether intersection radix is less than given threshold, if so, 2 side's termination protocols, if it is not, then continuing S4.4;
The side S4.4:2 is by the corresponding all elements Pai (t of subscript in indexed set Jj+rj) be multiplied, private key sk decryption is reused, is obtained To band disposable filling encryption and the integer value of intersection pairing and
The side S4.5:2 by encryption and the integer value of intersection pairing and SJrAnd indexed set J is sent to 1 side.
CN201811442107.6A 2018-11-29 2018-11-29 Paillier homomorphic encryption private aggregation and method based on Paillier Active CN109525386B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811442107.6A CN109525386B (en) 2018-11-29 2018-11-29 Paillier homomorphic encryption private aggregation and method based on Paillier

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811442107.6A CN109525386B (en) 2018-11-29 2018-11-29 Paillier homomorphic encryption private aggregation and method based on Paillier

Publications (2)

Publication Number Publication Date
CN109525386A true CN109525386A (en) 2019-03-26
CN109525386B CN109525386B (en) 2021-05-18

Family

ID=65794521

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811442107.6A Active CN109525386B (en) 2018-11-29 2018-11-29 Paillier homomorphic encryption private aggregation and method based on Paillier

Country Status (1)

Country Link
CN (1) CN109525386B (en)

Cited By (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110086717A (en) * 2019-04-30 2019-08-02 阿里巴巴集团控股有限公司 For carrying out the matched methods, devices and systems of data safety
CN110324321A (en) * 2019-06-18 2019-10-11 阿里巴巴集团控股有限公司 Data processing method and device
CN110399741A (en) * 2019-07-29 2019-11-01 深圳前海微众银行股份有限公司 Data alignment method, equipment and computer readable storage medium
CN110535622A (en) * 2019-08-01 2019-12-03 阿里巴巴集团控股有限公司 Data processing method, device and electronic equipment
CN111641603A (en) * 2020-05-15 2020-09-08 北京青牛技术股份有限公司 Privacy set intersection data interaction method and system based on homomorphic encryption
CN111741020A (en) * 2020-07-31 2020-10-02 支付宝(杭州)信息技术有限公司 Public data set determination method, device and system based on data privacy protection
CN111832050A (en) * 2020-07-10 2020-10-27 深圳致星科技有限公司 Paillier encryption scheme based on FPGA chip implementation for federal learning
CN111931221A (en) * 2020-09-25 2020-11-13 支付宝(杭州)信息技术有限公司 Data processing method and device and server
US10885203B2 (en) * 2019-08-01 2021-01-05 Advanced New Technologies Co., Ltd. Encrypted data exchange
CN112434329A (en) * 2020-10-23 2021-03-02 上海点融信息科技有限责任公司 Private data intersection acquisition method, computing device and storage medium
CN112651042A (en) * 2020-12-23 2021-04-13 上海同态信息科技有限责任公司 Intersection solving method based on trusted third-party private data
CN113034276A (en) * 2020-12-29 2021-06-25 上海能链众合科技有限公司 Block chain privacy transaction solution method
CN113032848A (en) * 2021-05-20 2021-06-25 华控清交信息科技(北京)有限公司 Data processing method and chip for data processing
CN113179150A (en) * 2021-04-26 2021-07-27 杭州宇链科技有限公司 Homomorphic privacy set intersection method based on order preserving function
KR102284877B1 (en) * 2020-12-14 2021-07-30 세종대학교산학협력단 Efficient functional encryption for set intersection
CN113343255A (en) * 2021-06-04 2021-09-03 百融云创科技股份有限公司 Data interaction method based on privacy protection
CN113434888A (en) * 2021-07-06 2021-09-24 建信金融科技有限责任公司 Data sharing method, device, equipment and system
CN113806795A (en) * 2021-08-10 2021-12-17 中国科学院信息工程研究所 Two-party privacy set union calculation method and device
CN114826546A (en) * 2022-04-02 2022-07-29 支付宝(杭州)信息技术有限公司 Transaction data processing method and device
CN116595562A (en) * 2023-06-06 2023-08-15 北京火山引擎科技有限公司 Data processing method and electronic equipment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130010950A1 (en) * 2011-07-08 2013-01-10 Sap Ag Public-Key Encrypted Bloom Filters With Applications To Private Set Intersection
CN107124268A (en) * 2017-04-01 2017-09-01 中国人民武装警察部队工程大学 A kind of privacy set common factor computational methods for resisting malicious attack
CN107196926A (en) * 2017-04-29 2017-09-22 河南师范大学 A kind of cloud outsourcing privacy set comparative approach and device
CN108055118A (en) * 2017-12-11 2018-05-18 东北大学 A kind of diagram data intersection computational methods of secret protection
CN108737115A (en) * 2018-06-20 2018-11-02 湖北工业大学 A kind of efficient privately owned property set intersection method for solving with secret protection

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130010950A1 (en) * 2011-07-08 2013-01-10 Sap Ag Public-Key Encrypted Bloom Filters With Applications To Private Set Intersection
CN107124268A (en) * 2017-04-01 2017-09-01 中国人民武装警察部队工程大学 A kind of privacy set common factor computational methods for resisting malicious attack
CN107196926A (en) * 2017-04-29 2017-09-22 河南师范大学 A kind of cloud outsourcing privacy set comparative approach and device
CN108055118A (en) * 2017-12-11 2018-05-18 东北大学 A kind of diagram data intersection computational methods of secret protection
CN108737115A (en) * 2018-06-20 2018-11-02 湖北工业大学 A kind of efficient privately owned property set intersection method for solving with secret protection

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
李福祥 等: "基于双线性映射的公共可验证外包计算方案", 《东北大学学报(自然科学版)》 *

Cited By (29)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110086717B (en) * 2019-04-30 2021-06-22 创新先进技术有限公司 Method, device and system for data security matching
CN110086717A (en) * 2019-04-30 2019-08-02 阿里巴巴集团控股有限公司 For carrying out the matched methods, devices and systems of data safety
CN110324321A (en) * 2019-06-18 2019-10-11 阿里巴巴集团控股有限公司 Data processing method and device
CN110324321B (en) * 2019-06-18 2021-07-13 创新先进技术有限公司 Data processing method and device
CN110399741A (en) * 2019-07-29 2019-11-01 深圳前海微众银行股份有限公司 Data alignment method, equipment and computer readable storage medium
CN110535622A (en) * 2019-08-01 2019-12-03 阿里巴巴集团控股有限公司 Data processing method, device and electronic equipment
TWI740399B (en) * 2019-08-01 2021-09-21 開曼群島商創新先進技術有限公司 Data processing method, device and electronic equipment
US10885203B2 (en) * 2019-08-01 2021-01-05 Advanced New Technologies Co., Ltd. Encrypted data exchange
WO2021017420A1 (en) * 2019-08-01 2021-02-04 创新先进技术有限公司 Data processing method and apparatus, and electronic device
CN111641603A (en) * 2020-05-15 2020-09-08 北京青牛技术股份有限公司 Privacy set intersection data interaction method and system based on homomorphic encryption
CN111641603B (en) * 2020-05-15 2022-07-01 北京青牛技术股份有限公司 Privacy set intersection data interaction method and system based on homomorphic encryption
CN111832050A (en) * 2020-07-10 2020-10-27 深圳致星科技有限公司 Paillier encryption scheme based on FPGA chip implementation for federal learning
CN111741020A (en) * 2020-07-31 2020-10-02 支付宝(杭州)信息技术有限公司 Public data set determination method, device and system based on data privacy protection
CN111931221A (en) * 2020-09-25 2020-11-13 支付宝(杭州)信息技术有限公司 Data processing method and device and server
CN112434329A (en) * 2020-10-23 2021-03-02 上海点融信息科技有限责任公司 Private data intersection acquisition method, computing device and storage medium
KR102284877B1 (en) * 2020-12-14 2021-07-30 세종대학교산학협력단 Efficient functional encryption for set intersection
CN112651042A (en) * 2020-12-23 2021-04-13 上海同态信息科技有限责任公司 Intersection solving method based on trusted third-party private data
CN113034276A (en) * 2020-12-29 2021-06-25 上海能链众合科技有限公司 Block chain privacy transaction solution method
CN113179150A (en) * 2021-04-26 2021-07-27 杭州宇链科技有限公司 Homomorphic privacy set intersection method based on order preserving function
CN113179150B (en) * 2021-04-26 2022-07-01 杭州宇链科技有限公司 Homomorphic privacy set intersection method based on order preserving function
CN113032848A (en) * 2021-05-20 2021-06-25 华控清交信息科技(北京)有限公司 Data processing method and chip for data processing
CN113343255A (en) * 2021-06-04 2021-09-03 百融云创科技股份有限公司 Data interaction method based on privacy protection
CN113343255B (en) * 2021-06-04 2024-06-25 百融云创科技股份有限公司 Data interaction method based on privacy protection
CN113434888A (en) * 2021-07-06 2021-09-24 建信金融科技有限责任公司 Data sharing method, device, equipment and system
CN113806795A (en) * 2021-08-10 2021-12-17 中国科学院信息工程研究所 Two-party privacy set union calculation method and device
CN113806795B (en) * 2021-08-10 2024-03-01 中国科学院信息工程研究所 Two-party privacy set union calculation method and device
CN114826546A (en) * 2022-04-02 2022-07-29 支付宝(杭州)信息技术有限公司 Transaction data processing method and device
CN116595562A (en) * 2023-06-06 2023-08-15 北京火山引擎科技有限公司 Data processing method and electronic equipment
CN116595562B (en) * 2023-06-06 2024-07-19 北京火山引擎科技有限公司 Data processing method and electronic equipment

Also Published As

Publication number Publication date
CN109525386B (en) 2021-05-18

Similar Documents

Publication Publication Date Title
CN109525386A (en) A method of based on the privately owned intersection of Paillier homomorphic cryptography and
Xue et al. Security improvement on an anonymous key agreement protocol based on chaotic maps
Niu et al. An anonymous key agreement protocol based on chaotic maps
Tseng et al. A chaotic maps-based key agreement protocol that preserves user anonymity
CN105307165B (en) Communication means, server-side and client based on mobile application
US8195932B2 (en) Authentication and encryption for secure data transmission
CN107196926A (en) A kind of cloud outsourcing privacy set comparative approach and device
CA2548229A1 (en) Enabling stateless server-based pre-shared secrets
CN105610793A (en) Outsourced data encrypted storage and cryptograph query system and application method therefor
CN105306492A (en) Asynchronous key negotiation method and device aiming at secure instant messaging
CN114008967A (en) Authenticated lattice-based key agreement or key encapsulation
Abusukhon et al. New direction of cryptography: A review on text-to-image encryption algorithms based on RGB color value
US6640303B1 (en) System and method for encryption using transparent keys
CN109543434A (en) Block chain information encryption method, decryption method, storage method and device
CN107483505A (en) The method and system that a kind of privacy of user in Video chat is protected
CN111510464B (en) Epidemic situation information sharing method and system for protecting user privacy
CN111404953A (en) Message encryption method, message decryption method, related devices and related systems
CN104158880A (en) User-end cloud data sharing solution
CN101808089A (en) Secret data transmission protection method based on isomorphism of asymmetrical encryption algorithm
CN105025036B (en) A kind of Cognitive Aptitude Test value Internet-based encryption and transmission method
Olumide et al. A hybrid encryption model for secure cloud computing
Wang et al. Key escrow protocol based on a tripartite authenticated key agreement and threshold cryptography
CN108599923A (en) The implementation method of data efficient safe transmission between cloud computing server
CN107493287A (en) Industry control network data security system
Gaur et al. A comparative study and analysis of cryptographic algorithms: RSA, DES, AES, BLOWFISH, 3-DES, and TWOFISH

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant