CN111049847A - Method and device for performing service processing based on interval judgment of private data - Google Patents

Method and device for performing service processing based on interval judgment of private data Download PDF

Info

Publication number
CN111049847A
CN111049847A CN201911328124.1A CN201911328124A CN111049847A CN 111049847 A CN111049847 A CN 111049847A CN 201911328124 A CN201911328124 A CN 201911328124A CN 111049847 A CN111049847 A CN 111049847A
Authority
CN
China
Prior art keywords
result
sub
party
sum
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201911328124.1A
Other languages
Chinese (zh)
Other versions
CN111049847B (en
Inventor
张祺智
李漓春
殷山
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ant Blockchain Technology Shanghai Co Ltd
Original Assignee
Alipay Hangzhou Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alipay Hangzhou Information Technology Co Ltd filed Critical Alipay Hangzhou Information Technology Co Ltd
Priority to CN201911328124.1A priority Critical patent/CN111049847B/en
Publication of CN111049847A publication Critical patent/CN111049847A/en
Application granted granted Critical
Publication of CN111049847B publication Critical patent/CN111049847B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • H04L63/0421Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/46Secure multiparty computation, e.g. millionaire problem

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The embodiment of the specification provides a method and a device for performing business processing based on interval judgment of private data, which can judge whether the private data stored in a sum sharing mode in two data parties belong to a given interval or not in the business processing process of multi-party security calculation, and represent the private data and the sum data of the sum sharing mode as 0, 2N-1) number of intervals, whereby a decision problem of private data in a given interval is translated into a sum data stored on one of the data sides at [0, 2 ]NWithin-1) the difference pair 2 of the end point value of the given interval and the sum data stored by the other data sideNThe method greatly reduces the communication traffic of two data sides and improves the processing efficiency of the interval judgment problem.

Description

Method and device for performing service processing based on interval judgment of private data
Technical Field
One or more embodiments of the present disclosure relate to the field of computer technologies, and in particular, to a method and an apparatus for performing service processing based on interval determination of private data in multi-party security computing.
Background
The secure multi-party computation is also called multi-party secure computation, namely, a plurality of parties compute the result of a function together without revealing the input data of each party of the function, and the computed result is disclosed to one or more parties. For example, a typical application of secure multi-party computing is joint statistical analysis and machine learning of privacy-preserving multi-party data. Secure multiparty computation enables computation of statistics and/or machine learning results based on party federated data for participating parties without exposing the respective raw data. The function of the multi-party secure computation is an arithmetic function (such as addition), a machine learning algorithm, and so on.
In order to protect private data, the results of secure computations by two data parties can often be stored in a shared form by both parties. And the form of sharing can be expressed as: x ═ xL+xRmod 2N. Wherein x isLStored in the first party A, xRStored in the second party B, xL、xRIs [0, 2 ]N-1) of the same. x is the number ofL、xRStored separately on two data sides, A cannot know xRAnd B does not know xL. In the safe calculation process of the sharing form, the sharing form is kept for calculation, and the A party cannot deduce x all the time in the calculation processRAnd the B party can not deduce x all the timeL
In a multi-party secure computing platform, it is often necessary for multiple parties to jointly determine a numerical range of private data stored in a shared form. In the conventional technology, the problem is generally converted into a problem that private data and two end points of an interval are respectively subjected to induction comparison from 1 st bit to N th bit, one state variable of each bit is calculated from low bit to high bit one by one to obtain a final result, at least 2N times of interaction (N times of each end point value) is required, the number of interaction times is excessive, and the result of each induction calculation needs to depend on the result of the previous time, so that the efficiency is not high.
Therefore, an improved scheme is desired, which can reduce the number of interactions and improve the efficiency when determining the value range of the private data in a multi-party combined manner.
Disclosure of Invention
The method and the device for service processing based on interval judgment of private data, which are described in one or more embodiments of the present specification, can be used for solving one or more problems mentioned in the background section.
According to a first aspect, there is provided a method of business processing based on interval decision of private data to be decided by a processing unit of a business processing model whether or not to belong to a given interval in multiparty security computation, the private data including first sum data stored at a first party and second sum data stored at a second party, the first sum data and the second sum data being pair 2 for the private dataNModulo-sum-sharing, the given interval being an interval greater than or equal to a first endpoint value and less than a second endpoint value, the method being performed by the first party and comprising: comparing, with the second party, the first sum data with a size of a first one of the following items determined by the second party via a secure comparison protocol: a difference pair 2 of the first endpoint value and the second sum dataNThe security comparison further generates a second sub-result at the second party, the first sub-result and the second sub-result being first comparison results in a sum-sharing form; comparing, by a secure comparison protocol, the first sum data with the second party to a size determined by the second party of: difference pair 2 of the second endpoint value and the second sum dataNThe security comparison further generates a fourth sub-result at the second party, the third sub-result and the fourth sub-result being second comparison results in a form of sum sharing; detecting the satisfaction condition of the first comparison result and the second comparison result to a preset condition with the second party to obtain a fifth sub-result, wherein the safety detection of the time also generates a sixth sub-result on the second party, and the fifth sub-result and the sixth sub-result are third detection results in a sum sharing form; according to the third detection result, obtaining a seventh sub-result with the second party by using an inadvertent transmission protocol based on the size judgment result of the first item and the second item by the second party, wherein the seventh sub-result and an eighth sub-result generated by the second party areAnd a determination result of the sharing form; and providing the seventh sub-result to a business processing model, so that a processing unit in the business processing model performs business processing on the judgment result obtained based on the seventh sub-result and the eighth sub-result, wherein the eighth sub-result is provided to the business processing model by the second party.
According to one embodiment, the secure comparison protocol is an inadvertent transport protocol.
According to one embodiment, the first sum data is compared with the second party to the size of the first item by: to generate [0, 2N) A first random number of intervals as the first sub-result; and determining a first random mapping according to the first random number, wherein the first random mapping maps the numerical value which is greater than or equal to the first sum data into the difference between a preset non-zero value and the first random number, and maps the numerical value which is smaller than the first sum data into the difference between a zero value and the first random number, so that the first item is processed through the first random mapping to obtain a second sub-result under the condition of an accidental transmission protocol.
According to one embodiment, the first sum data and the second term are compared with the second party by:
to generate [0, 2N) A second random number of intervals as the third sub-result;
and determining a second random mapping according to the second random number, wherein the second random mapping maps the numerical value smaller than the first sum data into the difference between a preset non-zero value and the second random number, and maps the numerical value larger than or equal to the first sum data into the difference between a zero value and the second random number, so that the second item is processed through the second random mapping to obtain a fourth sub-result under the condition of an accidental transmission protocol.
According to one embodiment, the predetermined condition comprises a first predetermined condition corresponding to the first term being less than the second term: the first sum data is greater than or equal to the first term, while the first sum data is less than the second term; the safety detection of the satisfaction condition of the first comparison result and the second comparison result to the predetermined condition, and obtaining a fifth sub-result includes: determining a product of the first sub-result and the third sub-result as a first candidate; determining a first product of a first sub-result and a fourth sub-result through the shared safe multiplication to obtain first sub-product data serving as a second candidate item, wherein the first sub-product data and second sub-product data generated by the second party are in a sum sharing form of the first product; determining a second product of the second sub-result and the third sub-result through the shared safe multiplication to obtain third sub-product data serving as a third candidate item, wherein the third sub-product data and fourth sub-product data generated by the second party are in a sum sharing form of the second product; determining that the fifth sub-result includes a sum of the first candidate, the second candidate, and the third candidate.
According to one embodiment, the predetermined condition comprises a second predetermined condition corresponding to the first term being greater than the second term: the first sum data is less than the first term, and one and only one of the first sum data is greater than or equal to the second term; the safety detection of the satisfaction condition of the first comparison result and the second comparison result to the predetermined condition, and obtaining a fifth sub-result includes: determining a product of the first sub-result and the third sub-result as a first candidate; the safe multiplication which is carried out and shared with the second party determines a first product of a first sub-result and a fourth sub-result to obtain first sub-product data serving as a second candidate item, wherein the first sub-product data and second sub-product data generated by the second party are in a sum sharing form of the first product; the safe multiplication which is carried out and shared with the second party determines a second product of a second sub-result and a third sub-result to obtain third sub-product data serving as a third candidate item, wherein the third sub-product data and fourth sub-product data generated by the second party are in a sum sharing form of the second product; determining a fifth sub-result comprises a difference of a sum of the first sub-result, the third sub-result, and a sum of the first candidate, the second candidate, and the third candidate.
According to one implementationFor example, the obtaining, according to the third detection result, a seventh sub-result with the second party by using an oblivious transfer protocol based on a result of size determination of the first item and the second item by the second party includes: to generate [0, 2N) A third random number of intervals as the seventh sub-result; and determining a third condition mapping which takes the size judgment results of the first item and the second item as conditions according to the third random number, wherein the third condition mapping is used for mapping a second numerical value which is stored in the second party and corresponds to the size judgment result conditions into the difference between a first numerical value which corresponds to the size judgment result in the fifth sub-result and the seventh sub-result and adding the sum of the second numerical value to obtain an eighth sub-result under the condition of the size judgment result.
According to one embodiment, the business process model is a neural network model and the processing unit is a neuron in a neural network, the business process comprising determining a function value of an activation function of the neuron.
According to one embodiment, the service processing model is a tree model, the processing units are nodes in the tree model, and the service processing includes determining whether a service branch condition of the tree model is satisfied.
According to a second aspect, there is provided a method of business processing based on interval decision of private data to be decided by a processing unit of a business processing model whether or not to belong to a given interval in multiparty security computation, the private data including first sum data stored at a first party and second sum data stored at a second party, the first sum data and the second sum data being pair 2 for the private dataNModulo and sharing form, the given interval being an interval greater than or equal to a first endpoint value and less than a second endpoint value, the method being performed by the second party and comprising: determining a first term of: a difference pair 2 of the first endpoint value and the second sum dataNAnd comparing said first item with said first party via a secure comparison protocol with said first and said data size to obtain a second sub-result, which isThe second sub-result is a second comparison result in a form shared by the first sub-result and the second sub-result; determining the following second term: difference pair 2 of the second endpoint value and the second sum dataNAnd comparing the size of the second item and the first sum data with the first party via a secure comparison protocol: obtaining a fourth sub-result, wherein the safety comparison also generates a third sub-result at the first party, and the third sub-result and the fourth sub-result are second comparison results in a form of sum sharing; obtaining a sixth sub-result according to the satisfaction of the first comparison result and the second comparison result of the first party safety detection on a preset condition, wherein the safety detection of the time also generates a fifth sub-result on the first party, and the fifth sub-result and the sixth sub-result are third detection results in a sum sharing form; according to the third detection result, obtaining an eighth sub-result with the first party by using an inadvertent transmission protocol based on the size judgment results of the first item and the second item, wherein the eighth sub-result and a seventh sub-result generated by the first party are judgment results in a sum sharing form; and providing the eighth sub-result to a business processing model, so that a processing unit in the business processing model performs business processing on the judgment result obtained based on the seventh sub-result and the eighth sub-result, wherein the seventh sub-result is provided to the business processing model by the first party.
According to a third aspect, there is provided an apparatus for performing business processing based on section determination of private data to be determined by a processing unit of a business processing model whether or not to belong to a given section in multiparty security computation, the private data including first sum data stored at a first party and second sum data stored at a second party, the first sum data and the second sum data being pair 2 for the private dataNModulo sum sharing, the given interval being an interval greater than or equal to a first endpoint value and less than a second endpoint value, the apparatus being provided at the first party, the apparatus comprising:
a first comparison unit havingComparing, by a secure comparison protocol, the first sum data with a size of a first one of the following items determined by the second party: a difference pair 2 of the first endpoint value and the second sum dataNThe security comparison further generates a second sub-result at the second party, the first sub-result and the second sub-result being first comparison results in a sum-sharing form;
a second comparison unit configured to compare the first sum data with the second party through a secure comparison protocol with a size of a second item determined by the second party: difference pair 2 of the second endpoint value and the second sum dataNThe security comparison further generates a fourth sub-result at the second party, the third sub-result and the fourth sub-result being second comparison results in a form of sum sharing;
the detection unit is configured to perform security detection on the first comparison result and the second comparison result of the second party according to satisfaction of a predetermined condition to obtain a fifth sub-result, wherein the security detection also generates a sixth sub-result on the second party, and the fifth sub-result and the sixth sub-result are third detection results in a sum sharing form;
a determination unit configured to obtain, according to a third detection result, a seventh sub-result with the second party using an inadvertent transmission protocol based on a size determination result of the first item and the second item by the second party, the seventh sub-result and an eighth sub-result generated at the second party being determination results in a sum-sharing form;
and the providing unit is configured to provide the seventh sub-result to a business processing model, so that the processing unit in the business processing model performs business processing on the judgment result obtained based on the seventh sub-result and the eighth sub-result, and the eighth sub-result is provided to the business processing model by the second party.
According to a fourth aspect, there is provided an apparatus for performing business processing based on section judgment of private data to be subjected to business processing in multiparty security calculationA processing unit of the model determines whether data belonging to a given interval, said private data comprising first sum data stored at a first party and second sum data stored at a second party, said first sum data and said second sum data being for said private data, pair 2NModulo sum sharing, the given interval being an interval greater than or equal to a first endpoint value and less than a second endpoint value, the apparatus being located at the second party, the apparatus comprising:
a first comparison unit configured to determine a first term of: a difference pair 2 of the first endpoint value and the second sum dataNComparing the first item with the first sum data size through a security comparison protocol with the first party to obtain a second sub-result, wherein the security comparison also generates a first sub-result at the first party, and the first sub-result and the second sub-result are first comparison results in a sum sharing form;
a second comparison unit configured to determine a second term of: difference pair 2 of the second endpoint value and the second sum dataNAnd comparing the size of the second item and the first sum data with the first party via a secure comparison protocol: obtaining a fourth sub-result, wherein the safety comparison also generates a third sub-result at the first party, and the third sub-result and the fourth sub-result are second comparison results in a form of sum sharing;
the detection unit is configured to perform security detection on the first party according to the first comparison result and the second comparison result, and obtain a sixth sub-result according to the satisfaction condition of the first comparison result and the second comparison result to a predetermined condition, wherein the security detection also generates a fifth sub-result on the first party, and the fifth sub-result and the sixth sub-result are third detection results in a sum sharing form;
a determination unit configured to obtain, according to a third detection result, an eighth sub-result with the first party using an inadvertent transmission protocol based on a size determination result of the first item and the second item, the eighth sub-result and a seventh sub-result generated at the first party being a determination result in a sum-sharing form;
a providing unit configured to provide the eighth sub-result to a business processing model, so that a processing unit in the business processing model performs business processing on the determination result obtained based on the seventh sub-result and the eighth sub-result, where the seventh sub-result is provided to the business processing model by the first party.
According to a third aspect, there is provided a computer readable storage medium having stored thereon a computer program which, when executed in a computer, causes the computer to perform the method of the first or second aspect.
According to a fourth aspect, there is provided a computing device comprising a memory and a processor, wherein the memory has stored therein executable code, and the processor, when executing the executable code, implements the method of the first or second aspect.
The embodiment of the specification provides a method and a device for performing business processing based on interval judgment of private data, which can judge whether the private data stored in a sum sharing mode in two data parties belong to a given interval or not in the business processing process of multi-party security calculation, and represent the private data and the sum data of the sum sharing mode as 0, 2N-1) number of intervals, whereby a decision problem of private data in a given interval is translated into a sum data stored on one of the data sides at [0, 2 ]NWithin-1) the difference pair 2 of the end point value of the given interval and the sum data stored by the other data sideNThe method greatly reduces the communication traffic of two data sides and improves the processing efficiency of the interval judgment problem.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
FIG. 1 is a schematic diagram illustrating an implementation scenario of an embodiment of the present description;
FIG. 2 is a schematic diagram illustrating a transformation principle of a section decision problem under an implementation architecture of the present specification;
FIG. 3 illustrates a flow diagram for business processing based on interval determination of private data, according to one embodiment;
FIG. 4 is a flow diagram illustrating a business process based on interval determination of private data according to another embodiment;
fig. 5 shows a schematic block diagram of an apparatus for performing service processing based on interval judgment of private data, which is respectively provided for two data parties, and an interaction diagram thereof according to an embodiment.
Detailed Description
The scheme provided by the specification is described below with reference to the accompanying drawings.
First, a description will be given of an embodiment of the present invention with reference to fig. 1. As shown in fig. 1, in this implementation scenario, each of the plurality of data parties has its own data. These data parties may communicate data with each other, for example, jointly performing secure data operations. That is, when the data parties do not acquire the data of the other parties, the data calculation is performed. Operations herein are, for example, addition, multiplication, logical operations (and, or, not), and so on. It will be appreciated that subtraction and addition may be translated into each other, and multiplication and division may be translated into each other.
The computing platform may be a platform provided in the trusted third party device, or may be a platform provided in one of the plurality of data parties or distributed among the plurality of data parties. The computing platform can perform data interaction with various data parties. The computing platform may be provided with a business process model for the business process, such as a machine learning model, a logical operations model, and so forth. In the process of business processing, the judgment of whether the data stored in a shared form on two data sides belongs to a certain interval or not may be involved.
Taking the numerical range related to the multiparty joint judgment of the private data x as an example, the private data x is data to be subjected to numerical range judgment through a processing unit of the business processing model, and the private data can be in a form of sharing in advanceStored on data side 1 and data side 2, where data side 1 stores xLData side 2 stores xRAnd a shared storage mode, i.e. x ═ xL+xR)mod 2NThat is, x is the interval [0, 2 ]N) When the number above, and x in shared formLAnd xRAre all within the interval [0, 2N) Storage of the number above, xLAnd xRAfter summing, shift to the interval [0, 2 ]N) To obtain x.
It should be noted that the number of data parties shown in fig. 1 is only an example, and in practical applications, the number of data parties is two or more, and is set according to actual requirements, and is not limited herein.
The embodiments of the present specification can provide a solution to the interval decision problem, i.e. give [0, 2 [ ]N) If the integer x in the interval is stored in the form of a sum share in the first party (e.g. the data party 1 in fig. 1) and the second party (e.g. the data party 2 in fig. 1), how to safely and efficiently calculate whether x belongs to a given interval [ t, s ], and the result (0 or 1) is still stored in the form of a sum share in the first party and the second party. T and s may be interval endpoint values provided by the processing unit of the service processing model, which do not belong to private data and may be obtained by the first party and the second party, respectively.
In accordance with the inventive concepts of the present specification, in a sum-sharing fashion, a determination of x ∈ [ t, s) can be translated into xL∈[(t-xR)mod 2N,(s-xR)mod 2N) And (4) judging. However, in the shared form, xLAnd xRAre all oriented to [0, 2 ]N) The translation is performed, and the value of the translation from 0 to left may be from 2NIs circulated into the interval [0, 2 ]N) From 2 toNThe values from 0 are also cyclically shifted into [0, 2 ]N) Thus, although s > t, (s-x)R)mod 2NNot necessarily greater than (t-x)R)mod 2N
Thus, as shown in FIG. 2, in (s-x)R)mod 2N≥(t-xR)mod 2NIn the case of (1), the problem of t ≦ x < s may be translated into:
xL≥(t-xR)mod 2Nand xL<(s-xR)mod 2NAt the same time, i.e. xLFalls within the interval 201 shown in fig. 2;
in (s-x)R)mod 2N<(t-xR)mod 2NIn the case of (1), the problem of t ≦ x < s may be translated into:
xL<(t-xR)mod 2Nor xL≥(s-xR)mod 2NOne is true, namely xLFalls within either interval 202 or interval 203 shown in fig. 2.
Further, let d denote (s-x)R)mod 2NAnd (t-x)R)mod 2NThe size of (s-x) is determinedR)mod 2N>(t-xR)mod 2NAnd (s-x)R)mod 2N<(t-xR)mod 2ND may take different values when true, e.g., (s-x)R)mod 2N>(t-xR)mod 2NConsider proposition, which is true when d is a first predetermined value, such as 1, otherwise d can be a second predetermined value, such as 0.
Similarly, if the condition is satisfied as indicated by the first predetermined value and the condition is not satisfied as indicated by the second predetermined value, then: let u denote xL≥(t-xR)mod 2NResult of discrimination of (1), xL≥(t-xR)mod 2NWhen the u is a first preset value, otherwise, the u is a second preset value; let v denote xL<(s-xR)mod 2NResult of discrimination of (1), xL<(s-xR)mod 2NV is a first predetermined value when true, otherwise v is a second predetermined value. Thus, x ∈ [ t, s) further translates into either u and v both being a first predetermined value when d takes a first predetermined value, or one of u and v being a non-first predetermined value (zero value) when d takes a second predetermined value. For convenience of operation, the first predetermined value and the second predetermined value are one 0 and one is a non-zero value, such as 1. Assuming that the first predetermined value is a non-zero value, u and v are both the first predetermined value and are represented as (u)&v) is a non-zero value and one of u and v is a non-first predetermined value, denoted (! u or! v) — (u + v) - (u)&v) is a non-zero value. The embodiment of the specification adopts the first stepThe predetermined value is a non-zero value 1, but the case of interchanging the first predetermined value and the second predetermined value 0 or the non-zero value is not excluded, and the description thereof is omitted.
The following describes in detail a specific process of performing service processing based on interval judgment of private data, in conjunction with the above principle.
Fig. 3 shows a flow diagram of a method for traffic handling based on interval decision of private data according to one embodiment. The private data here may be data to be determined by the processing unit of the business process model whether or not to belong to a given section in security calculation of a plurality of data parties. The method may perform interval judgment on the private data stored in the first party and the second party in a shared manner. The private data may include, for example, first sum data (e.g., x) stored by the first partyL) Second sum data (e.g., x) stored by the second partyR). The private data is [0, 2 ]N) An integer of [0 ], 2, the first sum data and the second sum data are both [0, 2 ]N) An integer in between. The given interval is: an interval greater than or equal to the first endpoint value (e.g., t) and less than the second endpoint value (e.g., s). The process illustrated in FIG. 3 may be triggered by business process logic of a business process model of a computing platform and executed by a relevant data party. Fig. 3 shows the execution flow of the first party.
Fig. 3 shows an execution flow of a first party in a method for performing business processing based on section judgment of private data, and the method comprises the following steps: step 301, comparing the first sum data with the second party through a secure comparison protocol with the size of the following first item determined by the second party: difference pair 2 of first endpoint value and second sum dataNThe security comparison also generates a second sub-result at the second party, the first sub-result and the second sub-result are first comparison results in a sum sharing form; step 302, comparing the first sum data with the second party through a secure comparison protocol to a size of a second term determined by the second party as follows: difference pair 2 of second endpoint value and second sum dataNThe security comparison also generates a fourth sub-result at the second party, and the third sub-result and the fourth sub-result are second comparison results in a form of sum sharing; in a step 303, the process is executed,whether the first comparison result and the second comparison result meet the preset conditions or not is detected safely with the second party, and a fifth sub-result is obtained, wherein the safety detection also generates a sixth sub-result on the second party, and the fifth sub-result and the sixth sub-result are third detection results in a sum sharing mode; step 304, according to the third detection result, obtaining a seventh sub-result with the second party by using an inadvertent transmission protocol based on the size judgment result of the second party on the first item and the second item, wherein the seventh sub-result and an eighth sub-result generated at the second party are judgment results in a sum sharing form; and 305, providing the seventh sub-result to the service processing model, so that the processing unit in the service processing model sums the seventh sub-result and the eighth sub-result to obtain a judgment result for service processing, and providing the eighth sub-result to the service processing model by the second party.
First, in step 301, the first sum data is compared with the second party by a secure comparison protocol with the size of the following first term determined by the second party: difference pair 2 of first endpoint value and second sum dataNObtaining a first sub-result. Wherein the secure comparison further generates a second sub-result at the second party, the first sub-result and the second sub-result being the first comparison result in a sum-sharing form.
It will be appreciated that in the sum-share form, one of the two data parties may generate a random number and a mapping by which one result associated with the random number is retained locally and the other data is mapped as an argument to the other result represented by the random number that is stored in the sum-share form with the local result. Here, the mapping may be randomly selected according to a condition, or may be predefined, and is not limited herein. By running the oblivious transfer protocol, the other result is obtained on the other data side without the current data side acquiring the other data side as an argument and without the other data side acquiring the mapping. The results obtained are also in shared form. The first comparison result is, for example, u in the foregoing principle, and the first sub-result may be uLStored on the first side, the second sub-result may be uRAnd stored at the second party. u. ofLAnd uRIn the form of u and shared, i.e. u ═ uL+uRmod2N
According to one embodiment, the secure comparison protocol may be a bitwise comparison protocol. That is, the first sum data in the first party and the first item in the second party are subjected to the secure comparison bit by bit based on the secure comparison result of the previous bit in order from the lower bit to the upper bit. This approach requires multiple data interactions by the two data parties.
According to one embodiment, the secure comparison protocol may be an Oblivious Transfer protocol (OT) or the like. An inadvertent transmission is a secure computing protocol that is executed by both parties. For example, one party (sender) holds the input of k secrets, the other party (receiver) holds a secret option i; the protocol execution results in the recipient getting the ith input and the other inputs of the sender and the recipient's i are always kept secret from the sender. The protocol can be implemented by various algorithms, and the adopted cryptographic techniques (such as symmetric encryption, asymmetric encryption and the like) are different and are not illustrated here. The first comparison result may be obtained through one interaction of the first party and the second party by means of an oblivious transmission protocol.
The first party may generate a [0, 2 ]N) A first random number of the interval, and taking the first random number as a first sub-result (u)L) Additionally, a first random map is generated, which may map values greater than or equal to the first sum data as a difference between a predetermined non-zero value (e.g., the aforementioned first predetermined value) and the first random number, and values less than the first sum data as a difference between a zero value and the first random number. The first party may also take the inverse of the first random number as the first sub-result (u)L) The first random map generated at this time may map a value greater than or equal to the first sum data as a sum of a predetermined non-zero value (e.g., the aforementioned first predetermined value) and the first random number, and map a value smaller than the first sum data as a sum of a zero value and the first random number. The first random mapping may also be in other forms, which may be determined from the generated first random number and the relationship of the first random number and the first sub-result, with the purpose of:
so thatLess than xLIs subjected to the first random mapping to a zero value (second predetermined value) greater than or equal to xLIs mapped to a non-zero value (first predetermined value).
Thus, under the oblivious transfer protocol, the first party and the second party do not know the specific first random mapping at the second party by running the oblivious transfer protocol, the first party does not know the difference pair 2 of the first endpoint value and the second sum dataNIn the case of the modulus (u), a second sub-result (u) is generated at the second party which is not known to the first partyR). Thus, the first sub-result and the second sub-result are in the form of a sum of the first comparison result and are shared when the first sum data is greater than or equal to a difference of the first end value and the second sum data, pair 2NModulus (x)L≥(t-xR)mod 2N) The sum of the first sub-result and the second sub-result is a predetermined non-zero value when not, and is zero value otherwise.
On the other hand, in step 302, the first sum data is compared with the second party by a secure comparison protocol to the size of the following second term determined by the second party: difference pair 2 of second endpoint value and second sum dataNAnd (4) obtaining a third sub-result. Wherein the secure comparison further generates a fourth sub-result at the second party, and the third sub-result and the fourth sub-result are the second comparison result in a form shared by the second party.
The second comparison result is, for example, v in the above principle, and the first sub-result is denoted as vLStored on the first side, the second sub-result is denoted vRAnd stored at the second party. v. ofLAnd vRIn the form of v and shared, i.e. v ═ vL+vRmod2N
The comparison process by the secure comparison protocol is similar to the first sub-result and the second sub-result obtained in step 301. In the example of an inadvertent transmission, in a specific example, the first party may generate a [0, 2 ]N) A second random number of the interval and using the second random number as a second sub-result (v)L) Simultaneously generating a second random mapping that maps values less than the first sum to predetermined non-zero values and second random mappingsA difference of two random numbers, a value greater than or equal to the first sum data is mapped as a difference of zero and the second random number. The second random mapping is determined based on a relationship between the second random number and the third sub-result, and may be in other mapping manners, such that:
[0,xL) Is mapped to a non-zero value, greater than or equal to xLThe number of (d) is zero after the mapping.
Thus, by running the oblivious transport protocol, the first and second parties do not know the specific second random mapping at the second party, and the first party does not know the difference pair 2 of the second endpoint value and the second sum dataNIn the case of the modulus (v), a fourth sub-result (v) is generated at the second party which is not known to the first partyR). Thus, the third sub-result and the fourth sub-result are in the form of a sum, and when the first sum data is less than the difference pair 2 of the second end value and the second sum dataNModulus (x)L<(s-xR)mod 2N) The second comparison result may be a non-zero value when, otherwise, the second comparison result may be a zero value.
Next, in step 303, a fifth sub-result is obtained according to the satisfaction of the first comparison result and the second comparison result of the security check of the second party to the predetermined condition, wherein the security check also generates a sixth sub-result at the second party, and the fifth sub-result and the sixth sub-result are third detection results in a form of sum sharing.
As will be readily understood from the foregoing principles, in the second term (s-x)R)mod 2NWith the first term (t-x)R)mod2NThe first comparison result and the second comparison result are different from each other in the magnitude relation of the first comparison result and the second comparison result. The first and second items relate to t being non-private data, xRIs the private data of the second party and therefore the result can be determined separately by the second party.
According to the foregoing principle, the first term is smaller than the second term ((t-x)R)mod 2N<(s-xR)mod 2N) In this case, the predetermined condition may include a first predetermined condition: the first sum is greater than or equal to the first term, while the first sum is less thanThe second term. That is, whether or not the private data x is the section 201 shown in fig. 2. If the first comparison result and the second comparison result satisfy a predetermined condition in the case where the first item is smaller than the second item, it is indicated that the private data belongs to the given interval. In the process of the security calculation, the first party and the second party cannot know the data of the other party, and the process of the step is still determined in a sharing mode. Optionally, the first comparison result and the second comparison result satisfy a predetermined condition, and the sum of the fifth sub-result and the sixth sub-result is a non-zero value, otherwise is a value of 0.
According to one embodiment, xL≥(t-xR)mod 2NAnd xL<(s-xR)mod 2NWhen the two propositions are true at the same time, the third detection result is the logical AND result of the first comparison result and the second comparison result, namely (u)&v). Suppose u is uL+uR,v=vL+vRAnd then:
(u&v)=(uL+uR)×(vL+vR)=uLvL+uLvR+uRvL+uRvR
wherein u isLvLIs the product of the first sub-result and the third sub-result, and may be determined separately by the first party, uRvRIs the product of the second sub-result and the fourth sub-result, and can be determined separately by the second party, uLvRIs the product of the first sub-result and the fourth sub-result, uRvLIs the product of the second sub-result and the third sub-result, uLvRAnd uRvLMay be determined by the first party and the second party using secure multiplication.
The secure multiplication is performed by, for example, secret sharing multiplication. In the secret sharing multiplication, the multiplication of two numbers can be converted into a sum operation, and one operation result is obtained on the first party and the second party respectively, and the sum of the two operation results is the multiplication result of the two numbers. In this specification embodiment, two operation results may be stored in the first party and the second party, respectively, and the first party and the second party cannot know the operation result of the other party each other. For convenience of description, the two operation results may be referred to as sub-product data.
At this time, the process of determining the fifth sub-result may include:
determining a product u of the first sub-result and the third sub-resultLvLAs a first candidate;
determining a first product u of a first sub-result and a fourth sub-result by a shared secure multiplicationLvRObtaining a first sub-product data (u)LvR)LAs a second candidate, the first sub-product data and the second sub-product data (u) generated by the second partyLvR)RIs a first product uLvRAnd shared forms of (1);
determining a second product u of the second sub-result and the third sub-result by a shared secure multiplicationRvLObtaining a third sub-product data (u)RvL)LAs a third candidate, wherein the third sub-product data (u)RvL)LFourth sub-product data (u) with the second partyRvL)RIs the second product uRvLAnd shared forms of (1);
the fifth sub-result may comprise the first value w under the first predetermined conditionL: first candidate uLvLThe second candidate (u)LvR)LAnd the third candidate (u)RvL)LAnd (4) summing.
Accordingly, if u is to beRvRAs an independent candidate for the second party, the sixth sub-result determined by the second party may comprise the second value w under the first predetermined conditionR: second sub-product data (u)LvR)RFourth sub-product data (u)RvL)RIndependent candidate item uRvRAnd (4) summing. The first value and the second value are values in a sum-sharing form.
On the other hand, according to the foregoing principle, in the first term, the second term ((t-x)R)mod 2N>(s-xR)mod 2N) In this case, the predetermined condition may include a second predetermined condition: the first sum data is smaller than the first term, or the first sum data is greater than or equal to the second term, and only one of the first sum data and the second sum data is true. That is, whether or not the private data x is located in the section 202 or 203 shown in fig. 2. If the first comparison result and the second comparison result satisfy a predetermined condition in the case where the first item is larger than the second item, it is indicated that the private data belongs to the given interval.
Since the first party and the second party cannot know the data of the other party in the security calculation process, the satisfaction of the predetermined condition is determined in a sum sharing manner here. Optionally, the first comparison result and the second comparison result satisfy a predetermined condition, and the sum of the fifth sub-result and the sixth sub-result is a non-zero value, otherwise is a value of 0.
At this time, the second predetermined condition may be expressed as: (| u or | v) ═ u + v) - (u & v), i.e., one of u and v is true, and excludes the case where u and v are true at the same time.
Since u and v are data stored in a form of sum sharing between the first party and the second party, u-uL+uR,v=vL+vRAnd then: (| u or | v) ═ u + v) - (u)&v)=uL+vL-(u&v)L+uR+vR-(u&v)R. Wherein (u)&v)LAnd (u)&v)RThe same method may be adopted for detecting the detection result when the first predetermined condition is satisfied and the shared detection result, which is not described herein again.
If it is to (u)&v)LAs a fourth candidate, the fifth sub-result may comprise, under the second predetermined condition, the third value z under the second predetermined conditionL: the sum of the first sub-result, the third sub-result and the fourth candidate. In the same way, will (u)&v)RAs a fifth candidate for the second party determination, a sixth sub-result of the second party determination may comprise a fourth value z of the second predetermined conditionR: the sum of the second sub-result, the fourth sub-result, and the difference of the fifth candidate. The third value and the fourth value are numerical values in a sum sharing form.
Is easy to understand due toThe determination result of the magnitude relation between the one item and the second item is determined by the second party, and the first party cannot acquire the determination result data, so that, in one possible design, the first party may determine both the first value w of the fifth sub-result under the first predetermined condition in this stepLAlso, a second value z of the fifth sub-result under a second predetermined condition is determinedL. Accordingly, the second party may also determine the second value w of the corresponding sixth sub-result under the first predetermined condition in order to protect its own data from leakageRAnd a fourth value z under a second predetermined conditionR
Then, according to the third detection result, a seventh sub-result is obtained with the second party by using an inadvertent transmission protocol based on the size determination result of the second party on the first item and the second item, and the seventh sub-result and the eighth sub-result generated at the second party are determination results in a sum sharing format, via step 304.
It is understood that the second party has different size determination results for the first item and the second item, and the predetermined conditions satisfied by the first comparison result and the second comparison result are also different, and therefore, when determining the determination result using the inadvertent transmission protocol, the determination can be performed based on the size determination results for the first item and the second item. For example, in an oblivious transfer protocol, a condition map is generated by a first party, the size determination results for the first item and the second item are taken as conditions, different determination results correspond to different maps, or the second party generates a map according to the size determination results for the first item and the second item, and so on.
According to one possible design, [0, 2 ] may be generated by a first partyN) And a third random number of the interval is used as a seventh sub-result, and then a third condition mapping taking the size judgment results of the first item and the second item as conditions is used for mapping a second numerical value which is stored in the second party and corresponds to the size judgment result conditions into the difference between the first numerical value and the seventh sub-result which correspond to the size judgment result in the fifth sub-result under the specific size judgment result conditions, and adding the sum of the second numerical value to obtain an eighth sub-result. The second value may be the second value or the fourth value, and the first value may beTo be the aforementioned first value or third value. Specifically, the method comprises the following steps: when the size determination result provided by the second party is that the first term is greater than the second term, the second value may be the second value, and the first value may be the first value; the second value may be a fourth value and the first value may be a third value when the size determination result provided by the second party is that the first term is smaller than the second term.
As a specific example, the third condition mapping is, for example:
F(q)=wL+wR–rLq is a true value;
F(q)=vL+vR–rLand q is zero.
Wherein q is the second term (s-x) from the second partyR)mod 2NAnd a first term (t-x)R)mod 2NThe condition variable determined by the size judgment result of (2), for example, the size judgment result is determined to be a true value (non-zero value) in the case where the second term is larger than the first term, and the size judgment result is determined to be a zero value in the case where the second term is smaller than the first term. w is aL、wRRespectively corresponding numerical values in the fifth sub-result and corresponding numerical values in the sixth sub-result when the size determination result indicates that the second term is larger than the first term. v. ofL、vRRespectively corresponding numerical values in the fifth sub-result and corresponding numerical values in the sixth sub-result when the size determination result indicates that the second term is smaller than the first term. r isLIs the seventh sub-result (i.e., the third random number).
Thus, in an alternative embodiment, when the inadvertent transmission protocol is running, the second party may provide w according to the size determination result of the second item and the first itemROr vRAnd obtaining an eighth sub-result by the mapping of the third condition. Such that: the result with the sum of the eighth sub-result and the seventh sub-result being a non-zero value or a zero value is consistent with the result with the sum of the corresponding values in the fifth sub-result and the sixth sub-result being a non-zero value or a zero value.
Optionally, when the inadvertent transmission protocol is running, the second party may provide the size determination result, w, for the second item and the first item at the same timeRAnd vRFor the third condition mapping process to obtain the eighth sub-result.
According to another possible design, it is also possible for the second party to be able to operate according to the pair (s-x)R)mod 2N、(t-xR)mod2NAnd (4) generating a random number and a mapping according to the size judgment result. For example:
second party generates [0, 2 ]N) And taking a fourth random number of the interval as an eighth sub-result, and generating a fourth random mapping according to the size judgment results of the first item and the second item, wherein the fourth random mapping is used for mapping a first numerical value corresponding to the size judgment result condition and stored in the first party into the difference between a second numerical value corresponding to the size judgment result in the sixth sub-result and the seventh sub-result, and adding the sum of the first numerical value to obtain the eighth sub-result. For example in (s-x)R)mod 2N>(t-xR)mod 2NIn the case of (3), the fourth random mapping is:
F=wL+wR–rR
processing w of the first party by the fourth random mapping via the oblivious transport protocolLA ninth sub-result r can be obtainedL
In (s-x)R)mod 2N<(t-xR)mod 2NIn this case, the fourth random mapping may be:
F=vL+vR–rR
processing v of the first party by the fourth random mapping via the oblivious transport protocolLA ninth sub-result r can be obtainedL
It may be understood that the mapping given herein is only a specific example, and in a specific embodiment, the mapping may also be in any other mapping form that can meet the requirement, and details are not described herein.
Next, in step 305, the seventh sub-result is provided to the business process model, so that the processing unit in the business process model performs business process on the determination result obtained based on the seventh sub-result and the eighth sub-result. The eighth sub-result may be provided to the business process model by the second party. Wherein the private data comprises first and second sum data stored in a shared form.
The seventh sub-result and the eighth sub-result are distributed and stored in the first party and the second party in a shared manner, and the first party and the second party cannot know the storage content of the other party, so that when the service processing model needs to judge whether the private data belongs to a given interval, the seventh sub-result and the eighth sub-result can be obtained from the first party and the second party respectively, and are added or added to the 2 nd sub-resultNAnd performing modulo calculation to obtain the judgment result.
It is understood that in (s-x)R)mod 2N>(t-xR)mod 2NIn the case of (a), the result of the determination obtained by the business process model is associated with a first predetermined condition (u)&v) from w in the fifth sub-resultLAnd w in the sixth sub-resultRThe determined third detection result is consistent in (s-x)R)mod 2N<(t-xR)mod 2NIn the case of (1), the judgment result obtained by the business process model and v in the fifth sub-result under the second predetermined condition (u or v)LAnd v in the sixth sub-resultRAnd determining that the third detection result is consistent.
In an alternative implementation manner, when the obtained determination result is a true value, the service processing model may obtain a determination result that the privacy data falls within a given interval (e.g., t ≦ x < s), otherwise, the service processing model may obtain a determination result that the privacy data does not fall within the given interval, e.g., [ t, s ].
Under the implementation framework of the present specification, the business processing model can be various processing models, such as a neural network model, a tree model, a logical operation model, and so on.
According to one embodiment, the business process model is a neural network model and the processing units may be neurons in the neural network. The business processing performed may include, among other things, determining function values for activation functions of neurons of the neural network model. For example, the interval determination result is taken as an input value of the corresponding neuron.
According to another embodiment, the business process model is a tree model, the processing elements may be nodes in the tree model, and the business process may include determining whether a business branch condition of the tree model is true. For example, when the private data falls within a given interval, the traffic branching condition of the tree model is established, otherwise it is not established.
In other embodiments, the business model may be other models, which are not illustrated here.
It should be noted that, in the embodiments of the present specification, the first party and the second party are used to distinguish two data parties for comparing the consistency of the private data, and are not limited by names. Each time the comparison result obtained and shared by the protocol is inadvertently transmitted, the first party may be used as the initiator, or the second party may be used as the initiator, and the initiator may be the party that generates the random number and the relevant mapping in the foregoing embodiment.
In the above process, the number of interactions between the first party and the second party may be reduced to 1 in step 301, 1 in step 302, a small number of detections in step 303, and 1 in step 304, which is 3+ a small number, and when N is larger (e.g. N is 50) compared to 2N in the conventional art, the number of interactions is greatly reduced.
As shown in fig. 4, a flow of a method for performing business processing based on interval judgment of private data performed by a second party is shown. This flow is performed in cooperation with the flow performed by the first party shown in fig. 3. The method for performing service processing based on interval judgment of private data shown in fig. 4 comprises the following steps:
step 401, determine the first of the following: difference pair 2 of first endpoint value and second sum dataNAnd comparing the first item with the first and second data sizes through a secure comparison protocol with the first party to obtain a second sub-result, wherein the secure comparison also generates a first sub-result at the first party, and the first sub-result and the second sub-result are the first comparison result in a form of a sum sharing.
Step 402, the following second term is determined: difference pair 2 of second endpoint value and second sum dataNAnd comparing the second item with the first item by means of a secure comparison protocol with the first partyAnd obtaining a fourth sub-result, wherein the safety comparison also generates a third sub-result on the first party, and the third sub-result and the fourth sub-result are second comparison results in a form of sum sharing.
And step 403, obtaining a sixth sub-result according to the satisfaction of the first comparison result and the second comparison result of the security check of the first party to the predetermined condition, wherein the security check also generates a fifth sub-result on the first party, and the fifth sub-result and the sixth sub-result are third detection results in a sum sharing form.
And 404, obtaining an eighth sub-result according to the third detection result and the first party by using an inadvertent transmission protocol based on the size judgment results of the first item and the second item, wherein the eighth sub-result and the seventh sub-result generated by the first party are judgment results in a sum sharing mode.
Step 405, providing the eighth sub-result to the service processing model, so that the processing unit in the service processing model performs service processing on the determination result obtained based on the seventh sub-result and the eighth sub-result, and the seventh sub-result is provided to the service processing model by the first party.
The embodiment shown in fig. 4 and the embodiment shown in fig. 3 are respectively executed by the first and second data and the data storage parties in the private data and shared form, and they cooperate with each other to complete the method for performing service processing based on interval determination of the private data, so that the corresponding description in the embodiment shown in fig. 3 is also applicable to the embodiment shown in fig. 4, and is not described again here.
Reviewing the above process, the method for performing business processing based on interval judgment of private data provided in the embodiments of the present specification, during business processing of multi-party security computation, private data to be subjected to interval judgment is stored in a first party and a second party in a form of sum sharing of first data and second sum data, and a judgment problem of the private data in a given interval is converted into a sum data stored in one of the data parties [0, 2 ]NWithin-1) the difference pair 2 of the end point value of the given interval and the sum data stored by the other data sideNThe decision problem of each interval of the modular division greatly reduces the communication traffic of two data sides and improves the interval decision questionThe efficiency of the problem processing.
According to another embodiment, an apparatus for performing service processing based on interval judgment of private data is also provided. The private data is data to be determined whether the data belongs to a given interval by a processing unit of a business processing model in multi-party security calculation. The private data may include first sum data stored at the first party and second sum data stored at the second party, the first sum data and the second sum data being for the private data, pair 2NAnd (3) performing modulo sum sharing, wherein the given interval is an interval which is greater than or equal to the first endpoint value and smaller than the second endpoint value.
It can be seen that, at least under the section decision problem, the first party and the second party are equal, and in a specific section decision service, the functions realized according to the cooperation are slightly distinguished. Referring to fig. 5, an apparatus 500 for performing business processing based on section judgment of private data provided on a first party, and an apparatus 600 for performing business processing based on section judgment of private data provided on a second party are shown, and their interaction diagrams are shown.
Assuming that the apparatus 500 shown in fig. 5 is provided on the first side:
a first comparison unit 51 configured to compare the first sum data with the second party by a secure comparison protocol with a size of a first item determined by the second party as follows: difference pair 2 of first endpoint value and second sum dataNThe security comparison also generates a second sub-result at the second party, the first sub-result and the second sub-result are first comparison results in a sum sharing form;
a second comparing unit 52 configured to compare the first sum data with the second party by a secure comparison protocol with the size of the following second term determined by the second party: difference pair 2 of second endpoint value and second sum dataNThe security comparison also generates a fourth sub-result at the second party, and the third sub-result and the fourth sub-result are second comparison results in a form of sum sharing;
the detection unit 53 is configured to perform security detection on the second party according to the satisfaction of the first comparison result and the second comparison result to the predetermined condition, and obtain a fifth sub-result, where the security detection also generates a sixth sub-result on the second party, and the fifth sub-result and the sixth sub-result are third detection results in a form of sum sharing;
a determination unit 54 configured to obtain, according to the third detection result, a seventh sub-result with the second party using an inadvertent transmission protocol based on the size determination result of the first item and the second item by the second party, the seventh sub-result and an eighth sub-result generated at the second party being determination results in a sum-sharing form;
and a providing unit 55 configured to provide the seventh sub-result to the business process model, so that the processing unit in the business process model performs business process on the determination result obtained based on the seventh sub-result and the eighth sub-result, and the eighth sub-result is provided to the business process model by the second party.
At this time, the apparatus 500 for performing service processing based on interval determination of private data shown in fig. 5 corresponds to the operation performed by the first party in the method embodiment shown in fig. 3, and a corresponding description for the first party in the method embodiment corresponding to fig. 3 also applies to the apparatus 500 shown in fig. 5, which is not described again here.
Assuming that the apparatus 600 shown in fig. 5 is provided to the second party, then:
a first comparing unit 61 configured to determine a first term of: difference pair 2 of first endpoint value and second sum dataNComparing the first item with the first and second data sizes through a security comparison protocol to obtain a second sub-result, wherein the security comparison also generates a first sub-result at the first party, and the first sub-result and the second sub-result are first comparison results in a sum sharing form;
a second comparison unit 62 configured to determine the following second term: difference pair 2 of second endpoint value and second sum dataNAnd comparing the second item with the first party by a secure comparison protocol to determine the size of the first sum: obtaining a fourth sub-result, wherein the safety comparison also generates a third sub-result on the first party, and the third sub-result and the fourth sub-result are second comparison results in a form of sum sharing;
the detection unit 63 is configured to detect, with the first party, satisfaction conditions of the first comparison result and the second comparison result to the predetermined condition, and obtain a sixth sub-result, where the sub-safety detection also generates a fifth sub-result on the first party, and the fifth sub-result and the sixth sub-result are third detection results in a sum sharing form;
a determination unit 64 configured to obtain, based on the third detection result, an eighth sub-result with the first party using an inadvertent transmission protocol based on the determination results of the sizes of the first item and the second item, the eighth sub-result and a seventh sub-result generated at the first party being a determination result in a form of sum sharing;
a providing unit 65 configured to provide the eighth sub-result to the business process model, so that the processing unit in the business process model performs the business process on the determination result obtained based on the seventh sub-result and the eighth sub-result, and the seventh sub-result is provided to the business process model by the first party.
At this time, the apparatus 600 for performing service processing based on interval determination of private data shown in fig. 5 corresponds to the operation performed by the second party in the method embodiment shown in fig. 3 and 4, and the corresponding description for the second party in the method embodiment corresponding to fig. 3 and 4 also applies to the apparatus 600 shown in fig. 5, and is not repeated here.
As shown in fig. 5, the apparatus 500 and the apparatus 600 provide the final and shared interval decision results to the business process model. In fig. 5, the interactions of the modules approximately represent the number of interactions involved in an interval determination process, where the detection unit may involve a small number of interactions, and the number of interactions involved in other units may be reduced to 1.
According to an embodiment of another aspect, a computer-readable storage medium is also provided, on which a computer program is stored which, when executed in a computer, causes the computer to carry out the respectively described method.
According to an embodiment of yet another aspect, there is also provided a computing device comprising a memory and a processor, the memory having stored therein executable code, the processor implementing the correspondingly described method when executing the executable code.
Those skilled in the art will recognize that, in one or more of the examples described above, the functions described in the embodiments of this specification may be implemented in hardware, software, firmware, or any combination thereof. When implemented in software, the functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium.
The above-mentioned embodiments are intended to explain the technical idea, technical solutions and advantages of the present specification in further detail, and it should be understood that the above-mentioned embodiments are merely specific embodiments of the technical idea of the present specification, and do not limit the scope of the technical idea of the present specification, and any modification, equivalent replacement, improvement, etc. made on the basis of the technical solution of the technical idea of the present specification should be included in the scope of the technical idea of the present specification.

Claims (22)

1. A method for business processing based on interval judgment of private data, wherein the private data is data to be judged whether belonging to a given interval by a processing unit of a business processing model in multi-party security calculation, the private data comprises first sum data stored in a first party and second sum data stored in a second party, and the first sum data and the second sum data are 2 pairs of the private dataNModulo-sum-sharing, the given interval being an interval greater than or equal to a first endpoint value and less than a second endpoint value, the method being performed by the first party and comprising:
comparing, with the second party, the first sum data with a size of a first one of the following items determined by the second party via a secure comparison protocol: a difference pair 2 of the first endpoint value and the second sum dataNThe security comparison further generates a second sub-result at the second party, the first sub-result and the second sub-result being first comparison results in a sum-sharing form;
comparing the first and data with the second party via a secure comparison protocolAnd a size of a second term determined by the second party of: difference pair 2 of the second endpoint value and the second sum dataNThe security comparison further generates a fourth sub-result at the second party, the third sub-result and the fourth sub-result being second comparison results in a form of sum sharing;
detecting the satisfaction condition of the first comparison result and the second comparison result to a preset condition with the second party to obtain a fifth sub-result, wherein the safety detection of the time also generates a sixth sub-result on the second party, and the fifth sub-result and the sixth sub-result are third detection results in a sum sharing form;
according to the third detection result, obtaining a seventh sub-result with the second party by using an inadvertent transmission protocol based on the size judgment result of the first item and the second item by the second party, wherein the seventh sub-result and an eighth sub-result generated by the second party are judgment results in a sum sharing form;
and providing the seventh sub-result to a business processing model, so that a processing unit in the business processing model performs business processing on the judgment result obtained based on the seventh sub-result and the eighth sub-result, wherein the eighth sub-result is provided to the business processing model by the second party.
2. The method of claim 1, wherein the secure comparison protocol is an inadvertent transport protocol.
3. The method of claim 2, wherein the first sum data is compared to the second party to the size of the first item by:
to generate [0, 2N) A first random number of intervals as the first sub-result;
and determining a first random mapping according to the first random number, wherein the first random mapping maps the numerical value which is greater than or equal to the first sum data into the difference between a preset non-zero value and the first random number, and maps the numerical value which is smaller than the first sum data into the difference between a zero value and the first random number, so that the first item is processed through the first random mapping to obtain a second sub-result under the condition of an accidental transmission protocol.
4. The method of claim 2, wherein the first sum data is compared with the second party to the size of the second item by:
to generate [0, 2N) A second random number of intervals as the third sub-result;
and determining a second random mapping according to the second random number, wherein the second random mapping maps the numerical value smaller than the first sum data into the difference between a preset non-zero value and the second random number, and maps the numerical value larger than or equal to the first sum data into the difference between a zero value and the second random number, so that the second item is processed through the second random mapping to obtain a fourth sub-result under the condition of an accidental transmission protocol.
5. The method of claim 1, wherein the predetermined condition comprises a first predetermined condition corresponding to the first term being less than the second term: the first sum data is greater than or equal to the first term, while the first sum data is less than the second term;
the detecting, by the second party, the satisfaction of the first comparison result and the second comparison result to the predetermined condition to obtain a fifth sub-result includes:
determining a product of the first sub-result and the third sub-result as a first candidate;
the safe multiplication which is carried out and shared with the second party determines a first product of a first sub-result and a fourth sub-result to obtain first sub-product data serving as a second candidate item, wherein the first sub-product data and second sub-product data generated by the second party are in a sum sharing form of the first product;
the safe multiplication which is carried out and shared with the second party determines a second product of a second sub-result and a third sub-result to obtain third sub-product data serving as a third candidate item, wherein the third sub-product data and fourth sub-product data generated by the second party are in a sum sharing form of the second product;
determining that the fifth sub-result comprises a first value: a sum of the first candidate, the second candidate, and the third candidate.
6. The method of claim 1, wherein the predetermined condition comprises a second predetermined condition corresponding to the first term being greater than the second term: the first sum data is less than the first term, and one and only one of the first sum data is greater than or equal to the second term;
the detecting, by the second party, the satisfaction of the first comparison result and the second comparison result to the predetermined condition to obtain a fifth sub-result includes:
determining a product of the first sub-result and the third sub-result as a first candidate;
the safe multiplication which is carried out and shared with the second party determines a first product of a first sub-result and a fourth sub-result to obtain first sub-product data serving as a second candidate item, wherein the first sub-product data and second sub-product data generated by the second party are in a sum sharing form of the first product;
the safe multiplication which is carried out and shared with the second party determines a second product of a second sub-result and a third sub-result to obtain third sub-product data serving as a third candidate item, wherein the third sub-product data and fourth sub-product data generated by the second party are in a sum sharing form of the second product;
determining that the fifth sub-result includes a third value: a sum of the first sub-result, the third sub-result, and a difference of the sum of the first candidate, the second candidate, and the third candidate.
7. The method of claim 1, wherein said obtaining a seventh sub-result from the third detection result with the second party using an oblivious transfer protocol based on the determination of the size of the first and second items by the second party comprises:
to generate [0, 2N) A third random number of intervals as the seventh sub-result;
and determining a third condition mapping which takes the size judgment results of the first item and the second item as conditions according to the third random number, wherein the third condition mapping is used for mapping a second numerical value corresponding to the size judgment result condition in the sixth sub-result into the difference between a first numerical value corresponding to the size judgment result in the fifth sub-result and the seventh sub-result and adding the sum of the second numerical values to obtain an eighth sub-result under the condition of the size judgment result.
8. The method of claim 1, wherein the business process model is a neural network model, the processing unit is a neuron in a neural network, and the business process comprises determining a function value of an activation function of the neuron.
9. The method of claim 1, wherein the business process model is a tree model, the processing elements are nodes in the tree model, and the business process comprises determining whether a business branch condition of the tree model holds.
10. A method for business processing based on interval judgment of private data, wherein the private data is data to be judged whether belonging to a given interval by a processing unit of a business processing model in multi-party security calculation, the private data comprises first sum data stored in a first party and second sum data stored in a second party, and the first sum data and the second sum data are 2 pairs of the private dataNModulo and sharing form, the given interval being an interval greater than or equal to a first endpoint value and less than a second endpoint value, the method being performed by the second party and comprising:
determining a first term of: a difference pair 2 of the first endpoint value and the second sum dataNAnd with said first partyComparing the first item with the first sum data size through a secure comparison protocol to obtain a second sub-result, wherein the secure comparison also generates a first sub-result at the first party, and the first sub-result and the second sub-result are first comparison results in a sum sharing form;
determining the following second term: difference pair 2 of the second endpoint value and the second sum dataNAnd comparing the size of the second item and the first sum data with the first party via a secure comparison protocol: obtaining a fourth sub-result, wherein the safety comparison also generates a third sub-result at the first party, and the third sub-result and the fourth sub-result are second comparison results in a form of sum sharing;
obtaining a sixth sub-result according to the satisfaction of the first comparison result and the second comparison result of the first party safety detection on a preset condition, wherein the safety detection of the time also generates a fifth sub-result on the first party, and the fifth sub-result and the sixth sub-result are third detection results in a sum sharing form;
according to the third detection result, obtaining an eighth sub-result with the first party by using an inadvertent transmission protocol based on the size judgment results of the first item and the second item, wherein the eighth sub-result and a seventh sub-result generated by the first party are judgment results in a sum sharing form;
and providing the eighth sub-result to a business processing model, so that a processing unit in the business processing model performs business processing on the judgment result obtained based on the seventh sub-result and the eighth sub-result, wherein the seventh sub-result is provided to the business processing model by the first party.
11. An apparatus for performing business processing based on section judgment of private data to be judged whether or not to belong to a given section by a processing unit of a business processing model in multiparty security computation, the private data including first sum data stored at a first party and second sum data stored at a second party, the first sum data and the second sum data being for the section judgmentPair 2 of private dataNModulo sum sharing, the given interval being an interval greater than or equal to a first endpoint value and less than a second endpoint value, the apparatus being provided at the first party, the apparatus comprising:
a first comparison unit configured to compare the first sum data with the second party through a secure comparison protocol with a size of a first item determined by the second party as follows: a difference pair 2 of the first endpoint value and the second sum dataNThe security comparison further generates a second sub-result at the second party, the first sub-result and the second sub-result being first comparison results in a sum-sharing form;
a second comparison unit configured to compare the first sum data with the second party through a secure comparison protocol with a size of a second item determined by the second party: difference pair 2 of the second endpoint value and the second sum dataNThe security comparison further generates a fourth sub-result at the second party, the third sub-result and the fourth sub-result being second comparison results in a form of sum sharing;
the detection unit is configured to perform security detection on the first comparison result and the second comparison result of the second party according to satisfaction of a predetermined condition to obtain a fifth sub-result, wherein the security detection also generates a sixth sub-result on the second party, and the fifth sub-result and the sixth sub-result are third detection results in a sum sharing form;
a determination unit configured to obtain, according to a third detection result, a seventh sub-result with the second party using an inadvertent transmission protocol based on a size determination result of the first item and the second item by the second party, the seventh sub-result and an eighth sub-result generated at the second party being determination results in a sum-sharing form;
and the providing unit is configured to provide the seventh sub-result to a business processing model, so that the processing unit in the business processing model performs business processing on the judgment result obtained based on the seventh sub-result and the eighth sub-result, and the eighth sub-result is provided to the business processing model by the second party.
12. The apparatus of claim 11, wherein the secure comparison protocol is an inadvertent transport protocol.
13. The apparatus of claim 12, wherein the first comparing unit is further configured to compare the first sum data with the first term by:
to generate [0, 2N) A first random number of intervals as the first sub-result;
and determining a first random mapping according to the first random number, wherein the first random mapping maps the numerical value which is greater than or equal to the first sum data into the difference between a preset non-zero value and the first random number, and maps the numerical value which is smaller than the first sum data into the difference between a zero value and the first random number, so that the first item is processed through the first random mapping to obtain a second sub-result under the condition of an accidental transmission protocol.
14. The apparatus of claim 12, wherein the second comparing unit is further configured to compare the first sum data with the second term by:
to generate [0, 2N) A second random number of intervals as the third sub-result;
and determining a second random mapping according to the second random number, wherein the second random mapping maps the numerical value smaller than the first sum data into the difference between a preset non-zero value and the second random number, and maps the numerical value larger than or equal to the first sum data into the difference between a zero value and the second random number, so that the second item is processed through the second random mapping to obtain a fourth sub-result under the condition of an accidental transmission protocol.
15. The apparatus of claim 11, wherein the predetermined condition comprises a first predetermined condition corresponding to a case where the first term is less than the second term: the first sum data is greater than or equal to the first term, while the first sum data is less than the second term;
the detection unit is further configured to:
determining a product of the first sub-result and the third sub-result as a first candidate;
the safe multiplication which is carried out and shared with the second party determines a first product of a first sub-result and a fourth sub-result to obtain first sub-product data serving as a second candidate item, wherein the first sub-product data and second sub-product data generated by the second party are in a sum sharing form of the first product;
the safe multiplication which is carried out and shared with the second party determines a second product of a second sub-result and a third sub-result to obtain third sub-product data serving as a third candidate item, wherein the third sub-product data and fourth sub-product data generated by the second party are in a sum sharing form of the second product;
determining that the fifth sub-result includes a sum of the first candidate, the second candidate, and the third candidate.
16. The apparatus of claim 11, wherein the predetermined condition comprises a second predetermined condition corresponding to a case where the first term is greater than the second term: the first sum data is less than the first term, and one and only one of the first sum data is greater than or equal to the second term;
the detection unit is further configured to:
determining a product of the first sub-result and the third sub-result as a first candidate;
the safe multiplication which is carried out and shared with the second party determines a first product of a first sub-result and a fourth sub-result to obtain first sub-product data serving as a second candidate item, wherein the first sub-product data and second sub-product data generated by the second party are in a sum sharing form of the first product;
the safe multiplication which is carried out and shared with the second party determines a second product of a second sub-result and a third sub-result to obtain third sub-product data serving as a third candidate item, wherein the third sub-product data and fourth sub-product data generated by the second party are in a sum sharing form of the second product;
determining a fifth sub-result comprises a difference of a sum of the first sub-result, the third sub-result, and a sum of the first candidate, the second candidate, and the third candidate.
17. The apparatus of claim 11, wherein the determination unit is further configured to:
to generate [0, 2N) A third random number of intervals as the seventh sub-result;
and determining a third condition mapping which takes the size judgment results of the first item and the second item as conditions according to the third random number, wherein the third condition mapping is used for mapping a second numerical value which is stored in the second party and corresponds to the size judgment result conditions into the difference between a first numerical value which corresponds to the size judgment result in the fifth sub-result and the seventh sub-result and adding the sum of the second numerical value to obtain an eighth sub-result under the condition of the size judgment result.
18. The apparatus of claim 11, wherein the business process model is a neural network model, the processing unit is a neuron in a neural network, and the business process comprises determining a function value of an activation function of the neuron.
19. The apparatus of claim 11, wherein the business process model is a tree model, the processing unit is a node in the tree model, and the business process includes determining whether a business branch condition of the tree model holds.
20. The device for carrying out business processing based on interval judgment of private data, wherein the private data is judged to be yes by a processing unit of a business processing model in multi-party security calculationData belonging to a given interval, the private data comprising a first sum data stored at a first party and a second sum data stored at a second party, the first sum data and the second sum data being for the private data, pair 2NModulo sum sharing, the given interval being an interval greater than or equal to a first endpoint value and less than a second endpoint value, the apparatus being located at the second party, the apparatus comprising:
a first comparison unit configured to determine a first term of: a difference pair 2 of the first endpoint value and the second sum dataNComparing the first item with the first sum data size through a security comparison protocol with the first party to obtain a second sub-result, wherein the security comparison also generates a first sub-result at the first party, and the first sub-result and the second sub-result are first comparison results in a sum sharing form;
a second comparison unit configured to determine a second term of: difference pair 2 of the second endpoint value and the second sum dataNAnd comparing the size of the second item and the first sum data with the first party via a secure comparison protocol: obtaining a fourth sub-result, wherein the safety comparison also generates a third sub-result at the first party, and the third sub-result and the fourth sub-result are second comparison results in a form of sum sharing;
the detection unit is configured to perform security detection on the first party according to the first comparison result and the second comparison result, and obtain a sixth sub-result according to the satisfaction condition of the first comparison result and the second comparison result to a predetermined condition, wherein the security detection also generates a fifth sub-result on the first party, and the fifth sub-result and the sixth sub-result are third detection results in a sum sharing form;
a determination unit configured to obtain, according to a third detection result, an eighth sub-result with the first party using an inadvertent transmission protocol based on a size determination result of the first item and the second item, the eighth sub-result and a seventh sub-result generated at the first party being a determination result in a sum-sharing form;
a providing unit configured to provide the eighth sub-result to a business processing model, so that a processing unit in the business processing model performs business processing on the determination result obtained based on the seventh sub-result and the eighth sub-result, where the seventh sub-result is provided to the business processing model by the first party.
21. A computer-readable storage medium, on which a computer program is stored which, when executed in a computer, causes the computer to carry out the method of any one of claims 1-10.
22. A computing device comprising a memory and a processor, wherein the memory has stored therein executable code that, when executed by the processor, performs the method of any of claims 1-10.
CN201911328124.1A 2019-12-20 2019-12-20 Method and device for performing service processing based on interval judgment of private data Active CN111049847B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911328124.1A CN111049847B (en) 2019-12-20 2019-12-20 Method and device for performing service processing based on interval judgment of private data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911328124.1A CN111049847B (en) 2019-12-20 2019-12-20 Method and device for performing service processing based on interval judgment of private data

Publications (2)

Publication Number Publication Date
CN111049847A true CN111049847A (en) 2020-04-21
CN111049847B CN111049847B (en) 2021-09-14

Family

ID=70238260

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911328124.1A Active CN111049847B (en) 2019-12-20 2019-12-20 Method and device for performing service processing based on interval judgment of private data

Country Status (1)

Country Link
CN (1) CN111049847B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113067694A (en) * 2021-03-31 2021-07-02 支付宝(杭州)信息技术有限公司 Method, device and equipment for comparing safety of two parties in communication optimization
CN114422116A (en) * 2021-12-14 2022-04-29 阿里巴巴(中国)有限公司 Data processing method and device
WO2023169079A1 (en) * 2022-03-08 2023-09-14 支付宝(杭州)信息技术有限公司 Data processing

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108712429A (en) * 2018-05-24 2018-10-26 西安电子科技大学 The method for secret protection of data is calculated based on block chain cloud outsourcing
CN109067538A (en) * 2018-07-06 2018-12-21 数安时代科技股份有限公司 Safety protocol method, computer equipment and storage medium
US20180373834A1 (en) * 2017-06-27 2018-12-27 Hyunghoon Cho Secure genome crowdsourcing for large-scale association studies
EP3428647A1 (en) * 2017-07-12 2019-01-16 Consejo Superior de Investigaciones Científicas (CSIC) Expression signature for glioma diagnosis and/or prognosis in a subject

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180373834A1 (en) * 2017-06-27 2018-12-27 Hyunghoon Cho Secure genome crowdsourcing for large-scale association studies
EP3428647A1 (en) * 2017-07-12 2019-01-16 Consejo Superior de Investigaciones Científicas (CSIC) Expression signature for glioma diagnosis and/or prognosis in a subject
CN108712429A (en) * 2018-05-24 2018-10-26 西安电子科技大学 The method for secret protection of data is calculated based on block chain cloud outsourcing
CN109067538A (en) * 2018-07-06 2018-12-21 数安时代科技股份有限公司 Safety protocol method, computer equipment and storage medium

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
KINJAL PATEL: "Secure Multiparty Computation using Secret", 《IEEE》 *
宋春芝等: "高效可验证的隐私保护推荐系统", 《华东师范大学学报(自然科学版)》 *
窦家维等: "区间位置关系的保密判定", 《计算机学报》 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113067694A (en) * 2021-03-31 2021-07-02 支付宝(杭州)信息技术有限公司 Method, device and equipment for comparing safety of two parties in communication optimization
CN114422116A (en) * 2021-12-14 2022-04-29 阿里巴巴(中国)有限公司 Data processing method and device
CN114422116B (en) * 2021-12-14 2023-11-28 阿里巴巴(中国)有限公司 Data processing method and device
WO2023169079A1 (en) * 2022-03-08 2023-09-14 支付宝(杭州)信息技术有限公司 Data processing

Also Published As

Publication number Publication date
CN111049847B (en) 2021-09-14

Similar Documents

Publication Publication Date Title
CN111049847B (en) Method and device for performing service processing based on interval judgment of private data
Patra et al. BLAZE: blazing fast privacy-preserving machine learning
CN111512589B (en) Method for fast secure multiparty inner product with SPDZ
Esposito et al. Securing collaborative deep learning in industrial applications within adversarial scenarios
US11620109B2 (en) Converting a boolean masked value to an arithmetically masked value for cryptographic operations
WO2022237450A1 (en) Secure multi-party computation method and apparatus, and device and storage medium
CN110166446B (en) Method for realizing geographical weighted average center based on safe multi-party calculation
CN111008406B (en) Method and device for performing service processing based on consistency detection of private data
US11658799B2 (en) Exponent splitting for cryptographic operations
CN111737757B (en) Method and device for performing secure operation on private data
CN108933650B (en) Data encryption and decryption method and device
Huang et al. Multi-party quantum private comparison with an almost-dishonest third party
CN111026359B (en) Method and device for judging numerical range of private data in multi-party combination manner
CN111523144A (en) Method and device for performing secure operation aiming at private data of multiple parties
WO2022251341A1 (en) Multi-party computation for many computers
CN114021734B (en) Parameter calculation device, system and method for federal learning and privacy calculation
KR101407220B1 (en) A method of efficient secure function evaluation using resettable tamper-resistant hardware tokens
CN114021198A (en) Method and device for determining common data for protecting data privacy
CN114036572A (en) Privacy intersection method and device
CN114429223B (en) Heterogeneous model building method and device
CN114154200A (en) Privacy set merging method and system based on exchangeable weak pseudorandom function
CN113849806A (en) Task execution method and device in multi-party security computing
CN112560106A (en) Method, device and system for processing privacy matrix
CN113836595A (en) Method, device and system for comparing two parties safely
Zentai et al. A Multiparty Commutative Hashing Protocol based on the Discrete Logarithm Problem

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20240929

Address after: Room 803, floor 8, No. 618 Wai Road, Huangpu District, Shanghai 200010

Patentee after: Ant blockchain Technology (Shanghai) Co.,Ltd.

Country or region after: China

Address before: 310000 801-11 section B, 8th floor, 556 Xixi Road, Xihu District, Hangzhou City, Zhejiang Province

Patentee before: Alipay (Hangzhou) Information Technology Co.,Ltd.

Country or region before: China