CN111177790B - Collaborative computing method, system and device for protecting data privacy of two parties - Google Patents

Collaborative computing method, system and device for protecting data privacy of two parties Download PDF

Info

Publication number
CN111177790B
CN111177790B CN202010276651.9A CN202010276651A CN111177790B CN 111177790 B CN111177790 B CN 111177790B CN 202010276651 A CN202010276651 A CN 202010276651A CN 111177790 B CN111177790 B CN 111177790B
Authority
CN
China
Prior art keywords
slice
value
party
fragment
computing device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010276651.9A
Other languages
Chinese (zh)
Other versions
CN111177790A (en
Inventor
张祺智
李漓春
殷山
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alipay Hangzhou Information Technology Co Ltd
Original Assignee
Alipay Hangzhou Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alipay Hangzhou Information Technology Co Ltd filed Critical Alipay Hangzhou Information Technology Co Ltd
Priority to CN202010276651.9A priority Critical patent/CN111177790B/en
Publication of CN111177790A publication Critical patent/CN111177790A/en
Application granted granted Critical
Publication of CN111177790B publication Critical patent/CN111177790B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes

Abstract

Embodiments in the present specification provide a collaborative computing method, system, and apparatus for protecting privacy of data in two parties, which can be applied to model training. The exponent of the exponent function value calculated by the two parties in cooperation is negatively correlated with privacy data, the privacy data comprising a first fragment and a second fragment of the input quotient group, wherein the first fragment is stored in a computing device of the first party, and the second fragment is stored in a computing device of the second party. And the two parties respectively obtain the fragments of the first comparison result of the private data relative to the target threshold value through safe comparison, and respectively perform modulus operation on the fragments of the private data relative to the target threshold value to obtain a modulus operation result. And through safety calculation, the two parties obtain output fragments of the two parties based on the modulus result of the two parties, and respectively obtain the fragments of the equivalent value of the index function value in the output quotient group based on the fragments of the first comparison result of the two parties and the output fragments of the two parties. And when the private data is not less than the target threshold, the first comparison result enables the equivalent value to be 0.

Description

Collaborative computing method, system and device for protecting data privacy of two parties
Technical Field
The embodiment of the specification relates to the technical field of information, in particular to a collaborative computing method, a collaborative computing system and a collaborative computing device for protecting data privacy of two sides.
Background
In some scenarios, the privacy data is split into multiple shares, each of which is executed by multiple participants to avoid privacy disclosure. In the process of jointly calculating the function value of the privacy data by multiple parties, the accuracy of a calculation result is ensured, and the privacy is effectively protected.
It is desirable to provide a scheme that enables secure computation of an exponential function value of private data by two parties.
Disclosure of Invention
One of the embodiments of the present specification provides a collaborative computing method for protecting privacy of data of two parties, where an index of an index function value of collaborative computing of two parties is negatively related to private data, the private data includes a first fragment and a second fragment input into a business group, the first fragment of the private data is stored in a computing device of the first party, and the second fragment of the private data is stored in a computing device of the second party; the method is performed by a computing device of a first party, comprising: interacting with a computing device of a second party according to a secure comparison protocol to obtain a first slice of a first comparison result of the private data against a target threshold; performing modulo on the first fragment of the private data relative to a target threshold to obtain a first modulo result; interacting with the computing device of the second party according to the secure computing protocol to obtain a first output fragment based on the first modulo result and a second modulo result stored in the computing device of the second party; interacting with computing equipment of a second party according to a safety computing protocol to obtain a first fragment of an equivalent value of the index function value in an output business group based on a first fragment and a first output fragment of a first comparison result, and a second fragment and a second output fragment of the first comparison result stored in the computing equipment of the second party; and when the private data is not less than the target threshold, the first comparison result enables the equivalent value to be 0.
One of the embodiments of the present specification provides a collaborative computing system for protecting privacy of data of two parties, wherein an index of an index function value of collaborative computing of the two parties is negatively correlated with private data, the private data includes a first fragment and a second fragment input into a business group, the first fragment of the private data is stored in a computing device of the first party, and the second fragment of the private data is stored in a computing device of the second party; the system is implemented on a computing device of a first party, comprising: a first security comparison module to interact with a computing device of a second party according to a security comparison protocol to obtain a first segment of a first comparison result of private data against a target threshold; the first modulus taking module is used for taking the modulus of the first fragment of the private data relative to the target threshold value to obtain a first modulus taking result; the first output fragment computing module is used for interacting with the computing equipment of the second party according to the secure computing protocol to obtain a first output fragment based on the first modulus result and a second modulus result stored in the computing equipment of the second party; the first equivalent calculation module is used for interacting with the computing equipment of the second party according to a secure calculation protocol so as to obtain a first fragment of an equivalent value of the index function value in the output business group based on the first fragment and the first output fragment of the first comparison result and the second fragment and the second output fragment of the first comparison result stored in the computing equipment of the second party; and when the private data is not less than the target threshold, the first comparison result enables the equivalent value to be 0.
One of the embodiments of the present specification provides a collaborative computing apparatus for protecting privacy of data on two sides, including a processor and a storage device, where the storage device is configured to store instructions, and when the processor executes the instructions, the collaborative computing method for protecting privacy of data on two sides as described in any one of the embodiments of the present specification is implemented.
Drawings
The present description will be further explained by way of exemplary embodiments, which will be described in detail by way of the accompanying drawings. These embodiments are not intended to be limiting, and in these embodiments like numerals are used to indicate like structures, wherein:
FIG. 1 is a schematic diagram of an application scenario of a computing system in accordance with some embodiments of the present description;
FIG. 2 is an exemplary flow diagram of a collaborative computing method for protecting privacy of data on two sides, according to some embodiments of the present description;
FIG. 3 is an exemplary flow diagram illustrating the calculation of a first output slice z _ L according to some embodiments of the present description;
FIG. 4 is a block diagram illustrating the calculation of a first possible value y according to some embodiments of the present disclosure0First segment y of0L and a second possible value y1First segment y of1An exemplary flow chart of a method of _ L;
FIG. 5 is a schematic diagram illustrating a bitwise truncation according to some embodiments of the present description;
FIG. 6 is an interaction diagram of a secure multiplication protocol, shown in accordance with some embodiments of the present description;
FIG. 7 is an exemplary block diagram of a collaborative computing system that protects privacy of data on two sides, according to some embodiments of the present description.
Detailed Description
In order to more clearly illustrate the technical solutions of the embodiments of the present disclosure, the drawings used in the description of the embodiments will be briefly described below. It is obvious that the drawings in the following description are only examples or embodiments of the present description, and that for a person skilled in the art, the present description can also be applied to other similar scenarios on the basis of these drawings without inventive effort. Unless otherwise apparent from the context, or otherwise indicated, like reference numbers in the figures refer to the same structure or operation.
It should be understood that "system", "device", "unit" and/or "module" as used herein is a method for distinguishing different components, elements, parts, portions or assemblies at different levels. However, other words may be substituted by other expressions if they accomplish the same purpose.
As used in this specification and the appended claims, the terms "a," "an," "the," and/or "the" are not intended to be inclusive in the singular, but rather are intended to be inclusive in the plural, unless the context clearly dictates otherwise. In general, the terms "comprises" and "comprising" merely indicate that steps and elements are included which are explicitly identified, that the steps and elements do not form an exclusive list, and that a method or apparatus may include other steps or elements.
Flow charts are used in this description to illustrate operations performed by a system according to embodiments of the present description. It should be understood that the preceding or following operations are not necessarily performed in the exact order in which they are performed. Rather, the various steps may be processed in reverse order or simultaneously. Meanwhile, other operations may be added to the processes, or a certain step or several steps of operations may be removed from the processes.
For the purpose of illustrating embodiments of the present specification, reference will first be made to the mathematical knowledge involved therein.
In mathematics, a group (hereinafter denoted by G) defines a binary operation, which may generally be represented by a multiplication symbol "+" (omitted when unambiguous) or an addition symbol "+" as the symbol of the binary operation, but it should be noted that the binary operation is not necessarily equivalent to a multiplication or an addition in a four-way operation. The result of several elements through one or more binary operations may be referred to as a sum.
The binary operation of the group satisfies: 1. closed law, for any element a, b in G, a × b is still in G; 2. binding law, for any element a, b in G, (a × b) × c = a × b × c); 3. there are unit cells, the element e is present in G, such that e a = a e = a; 4. there is an inverse element, and for any element a in G, b exists in G, so that a × b = b × a = e, and a and b are inverse elements of each other. It should be noted that e may be called zero and the inverse may be called negative for the binary operation denoted by "+", and a + (inverse of b) may be denoted by a-b for any of the elements a, b in G. The abelian group has, in addition to the above 4 properties, also the commutative law, i.e. a + b = b + a for any element a, b in the abelian group.
Further, the present specification relates to a quotient group based on an integer abelian group, the mathematical representation of which may be G: =2- kZ/2N-kZ, where Z is a set of integers, k is a non-negative integer, N is a positive integer and N-k>0. The element in the quotient G is a non-negative binary fixed point number, the decimal place of the element has k bits and the integer place of the element has N-k bits, and 1N-bit (bit) storage unit can be used in the computing equipment to store the value of any fixed point number in the quotient G. The binary operation of quotient group G includes group addition and group multiplication: the mathematical representation of the group addition is (a + b) mod2N-kIn the unambiguous condition, the operation can be simplified into a + b, mod represents that the value on the left side is modulo with the value on the right side, and the plus of the former belongs to the four arithmetic operations; the mathematical representation of the group multiplication is (a × b) mod2N-kWhen the ambiguity is not clear, the operation can be simplified into a, b or ab, and the former's' belongs to four rules of operation.
It should be noted that unless it is defined in the present specification that the sum is based on group addition/the product is based on group multiplication, the sum/product should be understood as a concept in a four-way operation. In addition, since the sum values in the four arithmetic operations are directly expressed by the sum values in the present specification, the sum values based on the group addition and the slices based on the group addition can be directly simplified into the sum values and the slices in the present specification without causing ambiguity.
For example, in some machine learning scenarios, one party holds private feature data and the other party holds private tag data, and when a function value related to private data (feature data/tag data) is directly calculated, the function value may cause the private data to be deduced backwards once the function value is leaked.
Specifically, in scenarios such as logistic regression, neural networks, etc., two-way safe computation of an exponential function whose exponent is inversely related to the input (e.g., e whose base is the natural logarithm e) is required-x) The value of (c). With e-x(also denoted by exp (-x)), x denotes private data as input, x _ L is the input patch of the first party, x _ R is the input patch of the second party, assuming x _ L, x _ R, and x are all in the quotient group 2-kZ/2N-kIn Z, i.e., x = (x _ L + x _ R) mod2 is satisfiedN-k. Note that e-xMay be based on e-x_LAnd e-x_RThe product of (a), i.e. the output fragmentation of the first party may be based on e-x_LTo obtain, the output sharding of the second party may be based on e-x_RThus obtaining the product. Due to e-xWhen the input slice of either party is too large, the output slice takes 0, resulting in the sum of the output slices of both parties being 0, possibly with e-xWhen N =64, k =16, x =0, x _ L = x _ R =2, for example47When due to e-x_L=e-x_R<2-64If e is to be-x_LAnd e-x_RStored as a number of N bit (bit) fixed points, then e-x_LAnd e-x_RAre both stored as 0, resulting in a sum of 0 for both output slices, but in reality e is-x=1。
Embodiments in this specification provide a collaborative computing method, system, and apparatus for protecting privacy of data in two parties, and compute a slice of an index function value according to the size of private data and its slice, so as to ensure the accuracy of a computation result while protecting the privacy of data.
FIG. 1 is a schematic diagram of an application scenario of a computing system in accordance with some embodiments of the present description. As shown in fig. 1, computing system 100 may include computing device 110, computing device 120, and network 140, computing device 110 and computing device 120 may be two-party devices participating in two-party secure computing.
The computing device may include various types of computing-capable devices, such as a server. In some embodiments, the servers may be independent servers or groups of servers, which may be centralized or distributed. In some embodiments, the server may be regional or remote. In some embodiments, the server may execute on a cloud platform. For example, the cloud platform may include one or any combination of a private cloud, a public cloud, a hybrid cloud, a community cloud, a decentralized cloud, an internal cloud, and the like.
For example, network 140 may include a cable network, a wired network, a fiber optic network, a telecommunications network, AN intranet, the Internet, a local area network (L AN), a Wide Area Network (WAN), a wireless local area network (W L AN), a Metropolitan Area Network (MAN), a Public Switched Telephone Network (PSTN), a Bluetooth network, a ZigBee network (ZigBee), Near Field Communication (NFC), AN intra-device bus, AN intra-device line, a cable connection, and the like, or any combination thereof.
In some embodiments, computing system 100 may also include a random number server 130, and random number server 130 may assist two-party computing devices in running a secure computing protocol, such as a secure multiplication protocol. For details of the secure multiplication protocol, reference may be made to fig. 6 and its associated description.
FIG. 2 is an exemplary flow diagram illustrating a collaborative computing method for protecting privacy of data at two parties according to some embodiments of the present description private data x includes a first shard x _ L and a second shard x _ R, x _ L stored on a computing device 110 of the first party, x _ R storedThe result of the computation is referred to herein as the equivalent of the exponential function value, which may be equal to the approximation of the exponential function value in the output quotient, which may take part in subsequent operations instead of the exponential function value itself in practical applications-kZ/2N-kZ, where k is a non-negative integer, N is the number of binary bits of a memory cell in the computing device and N-k>0. In some embodiments, the exponential function may be e-xThe output quotient group may be 2-N+1Z/2Z, the output quotient including e-x(x is not less than 0) value range (0, 1)]. The process 200 may be performed by the first party's computing device 110 and the process flow of the second party's computing device 120 may refer to the process 200. The process 200 may include:
step 210, interacting with the second party's computing device 120 according to a secure comparison protocol to obtain a first segment s _ L of a first comparison result s of the private data against a target threshold, in some embodiments, step 210 may be implemented by the first secure comparison module 710.
The scaling value may be a value of the privacy data when the exponential function value is approximated to be 0 in the output quotient group. By an exponential function e-xFor example, according to the lemma: if m>log2N+log2(ln2), then exp (-2)m)<2-NIt can be deduced that: when x is more than or equal to 2mWhen e is present-xIn the export group 2-N+1Approximate value in Z/2Z is 0, where 2mI.e. the target threshold. In some embodiments, m = floor (log) may be made2N+log2(ln2)) +1, where floor denotes rounding down.
It should be understood that the second party' S computing device 120 may obtain the second slice S _ R of the first comparison result S after interaction, and the sum of the S _ L and the S _ R, i.e. S, in the subsequent step S240, the value of the first comparison result S may be designed, etc., so that the sum of the first slice h _ L and the second slice h _ R of the equivalent value h of the exponential function value is 0 when the private data is not less than the target threshold value.
In some embodiments, a particular implementation of a security comparison protocol may be found in the literature "GeofroyCountau. New Protocols for Secure Equipment and Computer Security. applied cryptography and Network Security. L creation Notes in Computer Science Volume10892 II. Page 303-320.2018." (New protocol for GeofroyCountau. Security equivalent testing and comparison. applied to cryptography and Network security. Computer Science lecture Volume10892 II. Page 303 to Page 320. version 2018).
Step 220, modulo the first tile x _ L with respect to a target threshold to obtain a first modulo result x _ L'.
It should be appreciated that the second party's computing device 120 may modulo the second slice x _ R with respect to the target threshold to yield a second modulo result x _ R'.
After modulus taking, the obtained first modulus taking result x _ L 'and second modulus taking result x _ R' are smaller than a target threshold value, so that the approximate values of the exponential function values of x _ L 'and x _ R' in an output quotient group are not 0, and the exponential function e is used-xFor example, x _ L and x _ R are relative to 2mAfter removal of the mold, e- x_L'And e- x_R'In the export group 2-N+1The approximate values in Z/2Z are not 0.
Step 230, interacting with the second party's computing device 120 according to a secure computing protocol to obtain a first output shard z _ L based on the first modulo result x _ L' and a second modulo result x _ R 'stored at the second party's computing device 120 in some embodiments, step 230 may be implemented by first output shard computing module 730.
It should be appreciated that the second party's computing device 120 will obtain a second output slice z _ R.
Then, the security calculation in step 230 only needs to ensure the accuracy of the obtained combined value of the first output slice z _ L and the second output slice z _ R compared with the actual value of the index function value in case that the private data is smaller than the target threshold.
With regard to specific implementations of step 230, reference may be made to fig. 3 and its associated description.
Step 240 of interacting with the second party's computing device 120 according to a secure computing protocol to obtain a first slice h _ L of the equivalent value h of the exponent function value based on the first slice s _ L, the first output slice z _ L of the first comparison result s, and the second slice s _ R, the second output slice z _ R of the first comparison result s stored at the second party's computing device 120, step 240 may be performed by the first equivalence computation module 740, in some embodiments.
It should be understood that the second party's computing device 120 will obtain a first fragment h _ L of the equivalent value h of the exponential function value, note that h, h _ L, h _ R all belong to the output quotient group, hi some embodiments, the first comparison result s and its fragment may occupy 1 n (bit) storage units, specifically, the quotient group Z/2NElements in Z.
In some embodiments, when the private data is not less than the target threshold, s =0 (i.e., the sum of s _ L and s _ R is 0), and when the private data is less than the target threshold, s =1 (i.e., the sum of s _ L and s _ R is 1). accordingly, h _ L + h _ R = (s _ L1 + s _ R) (z _ L2 + z _ R), in combination with the nature of the cluster, h _ L + h _ R = s _ L4 = z _ L + s _ L ± z _ R + s _ R × z _ L + s _ R × 7, where "+" and "" are signs of group addition and group multiplication, respectively, in this polynomial, s _ L × z _ L may be calculated locally at the first computing device 110, s _ R120, and a second slice of the first and second slice L, thus, a second slice of the first and second slice 363, a second slice 368 _ s _ R598 _ R L may be calculated locally at the same as a second slice, a second slice 363, a second slice of the first slice, a second slice 3628, a second slice of the second slice, a second slice 363 _ s _ R3, a third slice, a 363, a third slice of the second slice, a third slice of the second slice, a third slice of the second slice, a third slice of the second slice, a third slice of.
It is noted that in some embodiments, flow 200 implies m<N-k, in fact, when m = N-k, it is not necessary to perform steps 210, 220 and 240, and both parties may also perform secure computations based on the first slice x _ L and the second slice x _ R to obtain the first slice h _ L and the second slice h _ R as results, and the computing manner may refer to the related description of step 230. specifically, the computing device 110 of the first party may perform step 230 with the first slice x _ L as the first modulo result x _ L '(the computing device 120 of the second party accordingly uses the second slice x _ R as the second modulo result x _ R'), to obtain the first output slice z _ L as the first slice h _ L (the computing device 120 of the second party accordingly obtains the second output slice z _ R as the first slice h _ R)>N-k, the two parties can directly and securely calculate the product of the index function value of the first partition x _ L and the index function value of the second partition x _ R, the computing device 110 of the first party obtains the first partition (i.e. the first partition h _ L) of the equivalent value of the product in the output quotient group, and the computing device 120 of the second party obtains the second partition (i.e. the first partition h _ R) of the equivalent value of the product in the output quotient group-xFor example, the first party calculates e- x_L'The second party calculates e- x_R'. Two parties calculate safely, the first party gets e- x_L'*e- x_R'In the first segment (i.e., the first segment h _ L) in the exported quotient group, the second party gets e- x_L'*e- x_R'The second slice (i.e. the second slice h _ R) in the output quotient group can be calculated by referring to fig. 6 and the related description thereof. Of course, when m.gtoreq.N-k, according to m<The same calculation result can be obtained when the calculation mode is N-k, and when m is>In the case of N-k, the same calculation result can be obtained in the calculation method when m = N-k.
In addition, both parties' computing devices may use 1N-bit (bit) storage unit to hold a slice of the first comparison result to keep consistent with the number of binary bits of the first output slice z _ L and the second output slice z _ R that are simultaneously participating in the computation.
FIG. 3 is an exemplary flow diagram illustrating the calculation of a first output slice z _ L according to some embodiments of the present description flow 300 may be performed by a computing device of a first party, flow 300 may include:
step 310, interacting with the computing device 120 of the second party according to the secure comparison protocol to obtain a first slice t _ L of a second comparison result t, the second comparison result t being a comparison result of a sum of the first modulo result x _ L 'and the second modulo result x _ R' with respect to the target threshold.
Step 320, interacting with the computing device 120 of the second party according to the secure computing protocol to obtain a first possible value y in the output quotient based on the first modulo result x _ L 'and the second modulo result x _ R' stored in the computing device 120 of the second party0First segment y of0L and a second possible value y1First segment y of1_L。
Wherein, when the privacy data x is less than the target threshold: first possible value y0The sum of the first modulus result and the second modulus result is equal value of the exponential function value in the output quotient group when the sum is smaller than the target threshold value, and the second possible value y1And outputting the equivalent value of the exponential function value in the output quotient group when the sum value of the first modulus result and the second modulus result is not less than the target threshold value.
It is to be understood that the computing device 120 of the second party will obtain a second slice t _ R, a first possible value y, of the second comparison result t0Second segment y of0R and a second possible value y1Second segment y of1_R。
As mentioned previously, the interaction in step 230 need only ensure that the combined value of the obtained first output slice and the second output slice is more accurate than the actual value of the exponential function value of the private data if the private data is less than the target thresholdM is x _ L '+ x _ R'<M, x = x _ L '+ x _ R'; x _ L '+ x _ R' ≧ M, x = x _ L '+ x _ R' -M<M), it is necessary to further distinguish x _ L '+ x _ R'<M and x _ L '+ x _ R' ≧ M0And a second possible value y1One for each of these two cases. By an exponential function e-xFor example, the first possible value y0And a second possible value y1Can be reacted with e-x_L'*e-x_R'And exp (2)m)e-x_L'*e-x_R'And correspond to each other.
With respect to calculating the first possible value y0First segment y of0L and a second possible value y1First segment y of1The specific manner of _ L can be found in fig. 4 and its associated description.
Step 330, interacting with the computing device 120 of the second party according to the secure computing protocol to base the first slice t _ L, the first possible value y, of the second comparison result t on0First segment y of0L, second possible value y1First segment y of1L, and a second slice t _ R of a second comparison result t, a first possible value y, stored on the computing device 120 of the second party0Second segment y of0R, the second possible value y1Second segment y of1R, obtaining a first output slice z _ L.
It should be appreciated that the second party's computing device 120 will obtain a second output slice z _ R. In some embodiments, the second comparison result t and its fragment may occupy 1 n (bit) storage units, specifically, may be a quotient group Z/2NElements in Z.
In some embodiments, both parties can safely calculate t x y0+(1-t)*y1=(t_L +t_R)*(y0_L+ y0_R)+(1-(t_L +t_R))*(y1_L+ y1R) to obtain a first output slice z _ L and a second output slice z _ R, wherein t _ L denotes the first slice of the second comparison result, t _ R denotes the second slice of the second comparison result, y0A L denotes a first fragment of a first possible value, y0R represents a second fragment of the first possible value, y1A L denotes a first fragment of the second possible value, y1It is mentioned before that, when the private data x is smaller than the target threshold M, the first possible value is the equivalent value of the exponential function value in the output quotient group when the sum of the first modulo result and the second modulo result is smaller than the target threshold, and the second possible value is the equivalent value of the exponential function value in the output quotient group when the sum of the first modulo result and the second modulo result is not smaller than the target threshold, whereby x _ L ' + x _ R ' may be such that '<M, t =1, x _ L '+ x _ R' ≧ M, t =0<M), all of x _ L ' + x _ R ' are satisfied '<M is also x _ L '+ x _ R' ≧ M, and the sum of the first output slice z _ L and the second output slice z _ R obtained by the two-party security computation is equal to the equivalent value h of the exponential function value in the output quotient group.
Similarly to step 240, (t _ L + t _ R) × (y)0_L+ y0_R)+(1-(t_L +t_R))*(y1_L+y1R) and calculating additive fragments of corresponding products by using a safe multiplication protocol for product terms related to private values of the two parties, wherein the two parties respectively execute one fragment.
FIG. 4 is a block diagram illustrating the calculation of a first possible value y according to some embodiments of the present disclosure0First segment y of0L and a second possible value y1First segment y of1Flow 400 may be performed by the computing device 110 of the first party, flow 400 may include:
step 410, calculating an exponential function value of the first modulo result x _ L' to obtain a first value u _ L.
It should be appreciated that the second party's computing device 120 may calculate the exponential function value of the second modulo result x _ R' to obtain the second value u _ R.
In some embodiments, the first numerical value u _ L and the second numerical value u _ R may be stored in a computing device as floating point numbers.
And step 420, amplifying the first numerical value u _ L according to a preset proportion to obtain a first amplification result v _ L in the target quotient group, wherein the first amplification result v _ L meets the preset precision.
It should be understood that the computing device 120 of the second party would amplify the second value u _ R by the predetermined ratio to obtain a second amplified result v _ R, and the second amplified result v _ R satisfies the predetermined precision.
In some embodiments, the predetermined precision may depend on the number of binary bits used to store the calculation results. For example, the exponential function is e-x,m=floor(log2N+log2(ln2)) +1, floor denotes rounding down, target threshold 2m=2Nln2, assuming that the computing device uses N-bit (bit) storage units to hold the computation results, the first and second values can be input separately to the function floor (2)3N-1x) to obtain the first amplification result v _ L and the second amplification result v _ r in the target quotient group, take the first value u _ L as an example, since u _ L = e-x_L'>exp(-2m)≥2-2NThen 23N-1e-x_L'>2N-1I.e. if a sufficient number of N-bit (bit) memory cells are used to store 23N-1e-x_L'The stored rounding result has at least N-bit (bit) significant digits.
Considering that two subsequent parties are to safely calculate v _ L v _ R based on v _ L and v _ R in the same quotient group (namely a target quotient group), the numerical range of the target quotient group can be determined based on the influence of amplification and multiplication on numerical values-xFor example, the maximum values of v _ L and v _ R obtained after amplification are both 23N-1V _ L v _ R has a maximum value of 26N-2V _ L, v _ R may be held using at least 6N-bit (bit) storage units in some embodiments, v _ L, v _ R may be held using 6N-bit (bit) storage units and the target quotient group may be Z/26NZ。
Step 430, interacting with the computing device 120 of the second party according to the secure computing protocol to obtain a first segment w of v _ L × v _ R in the target business community0_L。
v _ L v _ R denotes firstThe product of the expanded result v _ L and the second expanded result v _ R it is understood that the second party's computing device 120 will obtain a second slice w of v _ L v _ R in the target quotient group0R. in addition, v _ L v _ R and its slice w0_L、w0R corresponds to x _ L '+ x _ R'<M。
First segment w relating to calculating v _ L v _ R in target quotient group0Reference is made to fig. 6 and its associated description for a specific implementation of _ L.
Step 440, based on the target threshold M and the first segment w of v _ L v _ R in the target quotient group0L, obtaining a first value w to be processed in the target quotient group1_L。
It should be appreciated that the second party's computing device 120 will be based on the target threshold M and the second segment w of v _ L v _ R in the target quotient group0R, obtaining a second value w to be processed in the target business group1R. In addition, w1_L、w1R is equal to or more than M corresponding to x _ L '+ x _ R', if the influence of rounding on the numerical value is ignored, w1_L、w1R and w0_L、w0R differs by a multiple of the exponential function value of the target threshold M. By an exponential function e-xFor example, the first party may calculate floor (exp (2)m)w0L) to obtain a target business group Z/26NFirst value w to be processed in Z1L, second party can calculate floor (exp (2)m)w0R) to obtain a target business group Z/26NFirst value w to be processed in Z1_R。
Step 450, dividing the first segment w of v _ L v _ R in the target quotient group0L is truncated by bit to obtain the first possible value y in the output quotient group0First segment y of0_L。
It should be appreciated that the second party's computing device 120 will fragment w the second segment of v _ L v _ R in the target business cluster0Truncating R according to bits to obtain a first possible value y in the output quotient group0Second segment y of0_R。
Step 460, the first value w to be processed in the target quotient group1L is truncated by bit to obtain a second possible value y in the output quotient group1First segment y of1_L。
It should be understood that the second party's computing device 120 will be targetedSecond pending value w in the quotient group1Truncating R according to bits to obtain a second possible value y in the output quotient group1Second segment y of1_R。
From the foregoing, it can be seen that the first segment w in the target business group0L, first value w to be processed1L and a second section w0R and a second pending value w1Since _ R is obtained by amplifying and multiplying numerical values, and occupies a large number of memory cells (the numerical value accuracy is too high), it is desirable to store the above numerical values in a small number of memory cells by the truncation process, and to ensure the accuracy of the result and the required numerical value accuracy at the time of truncation.
By an exponential function e-xFor example, the target business group may be Z/26NZ, the first segment w therein0L, first value w to be processed1L and a second section w0R and a second pending value w1R occupies 6N-bit (bit) storage units, and the precision requirement can be met by using 1N-bit (bit) storage unit for the first output fragment and the second output fragment. Based on this, N bits (bit) can be reserved after bit (bit) truncation.
On the basis of reserving N bits (bit), bit-wise (bit) truncation also needs to ensure that the truncated binary bits do not influence the accuracy of the result. Taking into account e to be calculated-xThe value range of (private data x is a non-negative number) is (0, 1)]Numerical value to be truncated (first slice w)0L, first value w to be processed1L and a second section w0R and a second pending value w1Any of R) occupies 6N-bit (bit) memory cells, which can be considered as quotient Z/26NThe element in Z, if neglecting the influence of rounding on the value in the calculation process, compares the value to be truncated with the value e to be calculated-xIs enlarged by 26N-2Multiple, therefore, if one wants to make the truncated numerical value to be truncated and the resultant value can recover e-xThe size of (2) is required to reduce the value to be truncated by 26N-2However, since the numerical value is always stored in 6N-bit (bit) storage units (the binary number stored by each bit is not changed), the numerical value to be truncated only needs to be regarded as the quotient group 2-(6N-2)Z/22Elements in Z. ExaminationTaking into account e to be calculated-xHas a value range of (0, 1)]Therefore, as shown in fig. 5, taking the fixed point number storage mode that the decimal point is located between the second bit and the third bit (the highest bit is the first bit) of the storage unit (e.g., 6 × N bit), the highest bit of the numerical value to be truncated can be truncated, and since N bits (bits) are reserved after truncation, truncation processing can be performed at the lower bit (specifically, 5N-1 bits in succession from the lowest bit is truncated), and only N-1 bits (bits) after the decimal point are reserved, the numerical value obtained by truncation can be regarded as the output quotient group 2-(N-1)Z/2Z. It should be noted that the truncation of the lower bits may result in a sum of two power values of 2-(N-1)A deviation of the numerical value of (2)-(N-1)Numerical deviations of this magnitude have negligible effect on the accuracy of the calculated results.
FIG. 6 is an interaction diagram of a secure multiplication protocol, shown in accordance with some embodiments of the present description. The secure multiplication protocol can convert the product of two private numerical values based on group multiplication into two fragments based on group addition, and the two parties respectively execute one fragment, and the private numerical value of any party cannot be revealed in the calculation process. As shown in fig. 6, the first-party computing device 110 stores a secret value a, the second-party computing device stores a secret value b, both parties want to securely calculate a b, and the first-party computing device 110 obtains a first slice c of a b0The second party's computing device 120 obtains a first fragment c of a b1. Since the secure multiplication protocol follows group addition and group multiplication, the values involved in fig. 6 (e.g., a, b, c, e, f, u, v, z) and their shards all belong to the same quotient group. The calculation process is described in detail below.
The random number server 130 generates a first random number u to be transmitted to the first party's computing device 110 and a second random number v to be transmitted to the second party's computing device 120. The random number server 130 calculates uv and splits uv into a first fragment z to be sent to the first party's computing device 1100And a second slice z to be sent to the second party's computing device 1201。u、v、z0、z1Satisfies uv = z0+z1. The random number server 130 combines the first random number u and the first slice z0Sending to the first party's computing device 110 a second random number v and a second slice z1To the second party's computing device 120.
The first party's computing device 110 computes a-u (denoted as e) and sends e to the second party's computing device 120. The second party's computing device 120 computes b-v (denoted as f) and sends f to the first party's computing device 110.
The first party's computing device 110 calculates uf + z0First segment c as a-b0. The second party's computing device 120 calculates eb + z1First segment c as a-b1. Can be calculated, c0+c1=uf+eb+z0+z1= uf + eb + uz = u (b-v) + (a-u) b + uz = ab, i.e. c0+c1=ab。
It should be noted that in the above description of the secure multiplication protocol, "-" denotes the left element + (negative of the right element), "+" is the sign of the group addition, "-" is the sign of the group multiplication and may be omitted.
In order to more intuitively understand the embodiments of the present specification, a specific example of a two-party safe calculation of the index function value is provided below.
Suppose that: exponential function of e-xThe bit number of the storage unit of the computing device is N =4, and the target threshold value M =2m=4(m=floor(log2N+log2(ln2)) +1 = 2), the private data x, the first tile x _ L, the second tile x _ R are located in the input quotient Z/24Z,x=210=00102,x_L =(24-1)10=11112,x_R =(22-1)10=00112The output quotient group is 2-3Z/2Z。
Based on this, the value calculated by the first party's computing device 110 includes the first modulo result x _ L' = (2)2-1)10=00112First value u _ L = e-x_L'=e-3(saved as a floating point number), first amplified value v _ L = floor (2)3N-1u_L)=floor(211e-3)=10110=0000 0000 0000 0000 0110 01012. The values calculated by the second party's computing device 120 include: second modulo result x _ R' = (2)2-1)10=00112Second value u _ R = e-x_R'=e-3(saved as a floating point number), second amplified value v _ R = floor (2)3N-1u_R)=floor(211e-3)=10110=0000 0000 0000 0000 0110 01012
Further, the two-party computing device securely computes v _ L v _ r with the assistance of the random number server 130, wherein it is assumed that the random number server generates the first random number u = 000000000000000000000001 to be sent to2And a second random number v = 000000000000000000000001 to be transmitted to the computing device 120 of the second party2. The random number server 130 calculates uv and splits uv into a first fragment z to be sent to the first party's computing device 1100=0000 00000000 0000 0000 00012And a second slice z to be sent to the second party's computing device 1201=0000 00000000 0000 0000 00002
The first party's computing device 110 calculates e = u _ L-u = 0000000000000000011001002And sends e to the second party's computing device 120. The second party's computing device 120 calculates f = u _ R-v = 0000000000000000011001002And sends f to the first party's computing device 110 computes a first slice w of v _ L v _ R0_L=uf+z0=0000 0000 0000 0000 0110 01012The second party's computing device 120 computes a second slice w of v _ L v _ R0_R=eb+z1=0000 0000 0010 0111 0111 01002. The computing device 110 of the first party calculates a first value w to be processed1_L=floor(e4w0_L)=0000 0000 0001 0101 100010102The second party's computing device 120 calculates a second pending value w1_R=floor(e4w0_R)= 0000 1000 0110 1010 0001 00012. The computing device 110 of the first party truncates by bit to get w1A first fragment y giving a second possible value after _ L1_L=0.0002Of 1 atThe two-party computing device 120 truncates by bit to obtain w1Second fragment y giving a second possible value after R1_R=0.0012
Due to x<M and x _ L '+ x _ R' ≧ M, the sum of the first slice h _ L of the equivalent value of the exponential function value computed by the computing device 110 of the first party and the second slice h _ R of the equivalent value of the exponential function value computed by the computing device 120 of the second party, h = h _ L + h _ R = y1_L+y1_R=0.0012
Can obtain 0.0012True value e of the value of the relative exponential function-2Error of about 0.010310Error is less than 2-4Satisfy export group 2-3Z/2Z corresponding accuracy.
It should be noted that the above description of the flow is for illustration and description only and does not limit the scope of the application of the present specification. Various modifications and alterations to one or more of the processes may be made by those skilled in the art in light of the present disclosure. However, such modifications and variations are intended to be within the scope of the present description.
FIG. 7 is an exemplary block diagram of a collaborative computing system that protects privacy of data on two sides, according to some embodiments of the present description. The system 700 may be implemented on a computing device 110 of a first party. As shown in fig. 7, the system 700 may include a first security comparison module 710, a first modulus module 720, a first output patch computation module 730, and a first equivalence computation module 740.
In some embodiments, the first secure comparison module 710 may be operative to interact with the computing device 120 of the second party according to a secure comparison protocol to obtain a first slice s _ L of the first comparison result s of the private data against the target threshold.
In some embodiments, the first modulo module 720 may be configured to modulo the first tile x _ L with respect to a target threshold to obtain a first modulo result x _ L'.
In some embodiments, the first output slice computation module 730 may be configured to interact with the second party's computing device 120 according to a secure computing protocol to obtain the first output slice z _ L based on the first modulo result x _ L', a second modulo result x _ R 'stored at the second party's computing device 120.
In some embodiments, the first equivalence computation module 740 may be configured to interact with the second party's computing device 120 according to a secure computing protocol to obtain a first slice h _ L of the equivalent value h of the exponent function value based on the first slice s _ L, the first output slice z _ L of the first comparison result s, and the second slice s _ R, the second output slice z _ R of the first comparison result s stored at the second party's computing device 120.
It should be appreciated that the collaborative computing system and its modules implemented on the second party's computing device 120 to protect both parties' data privacy have the same or similar functionality as the system 700 and its modules. In particular, the system implemented on the second party's computing device 120 may include a second security comparison module, a second modulo module, a second output shard computation module, and a second equivalent computation module.
In some embodiments, the second secure comparison module may be configured to interact with the computing device 110 of the first party according to a secure comparison protocol to obtain a second slice s _ R of the first comparison result s of the private data against the target threshold.
In some embodiments, the second modulo module may be configured to modulo the second slice x _ R with respect to the target threshold to obtain a second modulo result x _ R'.
In some embodiments, the second output slice computation module may be configured to interact with the computing device 110 of the first party according to a secure computing protocol to obtain the second output slice z _ R based on the second modulo result x _ R ', the first modulo result x _ L' stored at the computing device 110 of the first party.
In some embodiments, the second equivalent computation module may be configured to interact with the computing device 110 of the first party according to a secure computation protocol to obtain a second slice h _ R of the equivalent value h of the exponent function value based on the second slice s _ R, the second output slice z _ R of the first comparison result s, and the second slice s _ R, the first output slice z _ R of the first comparison result s stored at the computing device 110 of the first party.
Further details regarding the system and its modules implemented on the two-party computing devices may be found in fig. 2 and its associated description, which are not repeated herein.
It should be understood that the system and its modules disclosed in this specification may be implemented in a variety of ways. For example, in some embodiments, the system and its modules may be implemented in hardware, software, or a combination of software and hardware. Wherein the hardware portion may be implemented using dedicated logic; the software portions may be stored in a memory for execution by a suitable instruction execution system, such as a microprocessor or specially designed hardware. Those skilled in the art will appreciate that the methods and systems described above may be implemented using computer executable instructions and/or embodied in processor control code, such code being provided, for example, on a carrier medium such as a diskette, CD-or DVD-ROM, a programmable memory such as read-only memory (firmware), or a data carrier such as an optical or electronic signal carrier. The system and its modules in this specification may be implemented not only by hardware circuits such as very large scale integrated circuits or gate arrays, semiconductors such as logic chips, transistors, or programmable hardware devices such as field programmable gate arrays, programmable logic devices, etc., but also by software executed by various types of processors, for example, or by a combination of the above hardware circuits and software (e.g., firmware).
It should be noted that the above description of the system and its modules is for convenience only and should not limit the present disclosure to the illustrated embodiments. It will be appreciated by those skilled in the art that, given the teachings of the system, any combination of modules or sub-system configurations may be used to connect to other modules without departing from such teachings. For example, in some embodiments, the security comparison module and the modulus extraction module may be two modules or may be combined into one module. Such variations are within the scope of the present disclosure.
The beneficial effects that may be brought by the embodiments of the present description include, but are not limited to: (1) in the calculation process, the final calculation result and part of the intermediate calculation results are stored in the calculation devices of the two sides in a fragmentation mode, so that privacy disclosure can be effectively avoided; (2) by designing the processes of value taking, amplification, truncation and the like of the comparison result, the calculation result can be ensured to meet certain precision under various value taking conditions of the private data and the fragments thereof. It is to be noted that different embodiments may produce different advantages, and in different embodiments, any one or combination of the above advantages may be produced, or any other advantages may be obtained.
Having thus described the basic concept, it will be apparent to those skilled in the art that the foregoing detailed disclosure is to be considered merely illustrative and not restrictive of the embodiments herein. Various modifications, improvements and adaptations to the embodiments described herein may occur to those skilled in the art, although not explicitly described herein. Such modifications, improvements and adaptations are proposed in the embodiments of the present specification and thus fall within the spirit and scope of the exemplary embodiments of the present specification.
Also, the description uses specific words to describe embodiments of the description. Reference throughout this specification to "one embodiment," "an embodiment," and/or "some embodiments" means that a particular feature, structure, or characteristic described in connection with at least one embodiment of the specification is included. Therefore, it is emphasized and should be appreciated that two or more references to "an embodiment" or "one embodiment" or "an alternative embodiment" in various places throughout this specification are not necessarily all referring to the same embodiment. Furthermore, some features, structures, or characteristics of one or more embodiments of the specification may be combined as appropriate.
Moreover, those skilled in the art will appreciate that aspects of the embodiments of the present description may be illustrated and described in terms of several patentable species or situations, including any new and useful combination of processes, machines, manufacture, or materials, or any new and useful improvement thereof. Accordingly, aspects of embodiments of the present description may be carried out entirely by hardware, entirely by software (including firmware, resident software, micro-code, etc.), or by a combination of hardware and software. The above hardware or software may be referred to as "data block," module, "" engine, "" unit, "" component, "or" system. Furthermore, aspects of the embodiments of the present specification may be represented as a computer product, including computer readable program code, embodied in one or more computer readable media.
The computer storage medium may comprise a propagated data signal with the computer program code embodied therewith, for example, on baseband or as part of a carrier wave. The propagated signal may take any of a variety of forms, including electromagnetic, optical, etc., or any suitable combination. A computer storage medium may be any computer-readable medium that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code located on a computer storage medium may be propagated over any suitable medium, including radio, cable, fiber optic cable, RF, or the like, or any combination of the preceding.
Computer program code required for operation of portions of embodiments of the present description may be written in any one or more programming languages, including AN object oriented programming language such as Java, Scala, Smalltalk, Eiffel, JADE, Emerald, C + +, C #, VB.NET, Python, and the like, a conventional procedural programming language such as C, VisualBasic, Fortran2003, Perl, COBO L2002, PHP, ABAP, a dynamic programming language such as Python, Ruby, and Groovy, or other programming languages, and the like.
In addition, unless explicitly stated in the claims, the order of processing elements and sequences, use of numbers and letters, or use of other names in the embodiments of the present specification are not intended to limit the order of the processes and methods in the embodiments of the present specification. While various presently contemplated embodiments of the invention have been discussed in the foregoing disclosure by way of example, it is to be understood that such detail is solely for that purpose and that the appended claims are not limited to the disclosed embodiments, but, on the contrary, are intended to cover all modifications and equivalent arrangements that are within the spirit and scope of the embodiments herein. For example, although the system components described above may be implemented by hardware devices, they may also be implemented by software-only solutions, such as installing the described system on an existing processing device or mobile device.
Similarly, it should be noted that in the preceding description of embodiments of the specification, various features are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more embodiments of the invention. This method of disclosure, however, is not intended to imply that more features are required than are expressly recited in the claims. Indeed, the embodiments may be characterized as having less than all of the features of a single embodiment disclosed above.
For each patent, patent application publication, and other material, such as articles, books, specifications, publications, documents, etc., cited in this specification, the entire contents of each are hereby incorporated by reference into this specification. Except where the application is inconsistent or conflicting with the present disclosure, as may be the case with the broadest limitation of the claims that follow (whether present or appended to the present specification). It is to be understood that the descriptions, definitions and/or uses of terms in the accompanying materials of this specification shall control if they are inconsistent or contrary to the descriptions and/or uses of terms in this specification.
Finally, it should be understood that the embodiments described herein are merely illustrative of the principles of the embodiments of the present disclosure. Other variations are possible within the scope of the embodiments of the present description. Thus, by way of example, and not limitation, alternative configurations of the embodiments of the specification can be considered consistent with the teachings of the specification. Accordingly, the embodiments of the present description are not limited to only those embodiments explicitly described and depicted herein.

Claims (11)

1. A cooperative computing method for protecting privacy of data of two parties is disclosed, wherein an index of an index function value of cooperative computing of the two parties is negatively related to private data, the private data comprises a first fragment and a second fragment which are input into a business group, the first fragment of the private data is stored in computing equipment of the first party, and the second fragment of the private data is stored in computing equipment of the second party; the method is performed by a computing device of a first party, comprising:
interacting with a computing device of a second party according to a secure comparison protocol to obtain a first slice of a first comparison result of the private data against a target threshold;
performing modulo on the first fragment of the private data relative to a target threshold to obtain a first modulo result;
interacting with the computing device of the second party according to the secure computing protocol to obtain a first output fragment based on the first modulo result and a second modulo result stored in the computing device of the second party;
interacting with computing equipment of a second party according to a safety computing protocol to obtain a first fragment of an equivalent value of the index function value in an output business group based on a first fragment and a first output fragment of a first comparison result, and a second fragment and a second output fragment of the first comparison result stored in the computing equipment of the second party; and when the private data is not less than the target threshold, the first comparison result enables the equivalent value to be 0.
2. The method of claim 1, wherein the interacting with the computing device of the second party according to the secure computing protocol to obtain the first output slice based on the first modulo result and a second modulo result stored at the computing device of the second party comprises:
interacting with computing equipment of a second party according to a safety comparison protocol to obtain a first fragment of a second comparison result, wherein the second comparison result is a comparison result of a sum value of the first modulus result and the second modulus result relative to a target threshold value;
interacting with the computing device of the second party according to the secure computing protocol to obtain a first slice of the first possible value and a first slice of the second possible value based on the first modulo result and a second modulo result stored in the computing device of the second party, wherein when the private data is less than the target threshold: the first possible value is an equivalent value of the exponential function value in the output quotient group when the sum value of the first modulus result and the second modulus result is smaller than the target threshold value, and the second possible value is an equivalent value of the exponential function value in the output quotient group when the sum value of the first modulus result and the second modulus result is not smaller than the target threshold value;
interacting with the computing device of the second party according to the secure computing protocol to obtain a first output slice based on the first slice of the second comparison result, the first slice of the first possible value, the first slice of the second possible value, and the second slice of the second comparison result, the second slice of the first possible value, the second slice of the second possible value, stored at the computing device of the second party.
3. The method of claim 2, wherein the interacting with the computing device of the second party according to the secure computing protocol to obtain the first slice of the first possible value and the first slice of the second possible value based on the first modulo result and a second modulo result stored in the computing device of the second party comprises:
calculating an exponential function value of the first modulus result to obtain a first numerical value;
amplifying the first numerical value according to a preset proportion to obtain a first amplification result in the target commodity group, wherein the first amplification result meets the preset precision;
interacting with the computing device of the second party according to a secure computing protocol to obtain a first fragment of a target product in the target business group, the target product being a product of the first amplification result and a second amplification result stored in the computing device of the second party;
obtaining a first value to be processed in a target quotient group based on a first segment of a target threshold and a target product;
truncating the first fragment of the target product according to bits to obtain a first fragment of the first possible value;
and truncating the first value to be processed according to bits to obtain a first fragment of a second possible value in the output quotient group.
4. The method of claim 3, wherein the exponential function value is e-xX is the privacy data and the target threshold is 2mWherein m = floor (log)2N+log2(ln2)) +1, N is the number of bits of the memory location in the computing device.
5. The method of claim 4, wherein the preset ratio is 23N-1
6. The method of claim 5, wherein the target business group is Z/26NZ, wherein Z represents a set of integers.
7. The method of claim 6, wherein the output quotient group is 2-N+1Z/2Z;
The bitwise truncation includes: truncate the most significant bit and truncate the consecutive 5N-1 bits from the least significant bit.
8. The method of claim 2, wherein the interacting with the computing device of the second party according to the secure computing protocol to obtain the first output slice based on the first slice of the second comparison result, the first slice of the first possible value, the first slice of the second possible value, and the second slice of the second comparison result, the second slice of the first possible value, the second slice of the second possible value stored at the computing device of the second party comprises:
interacting with the computing device of the second party according to the secure computing protocol to obtain (t _ L + t _ R) × (y)0_L+ y0_R)+(1-(t_L+t_R))*(y1_L+ y1R), as the first output slice, wherein t _ L denotes the first slice of the second comparison result, t _ R denotes the second slice of the second comparison result, y0A L denotes a first fragment of a first possible value, y0R represents a second fragment of the first possible value, y1A L denotes a first fragment of the second possible value, y1R represents the second fragment of the second possible value, -represents the left element + (negative of the right element), + represents the group addition, -, represents the group multiplication;
and when the sum of the first modulus result and the second modulus result is not less than the target threshold, t _ L + t _ R = 0.
9. The method of claim 1, wherein interacting with the computing device of the second party according to the secure computing protocol to obtain a first slice of an equivalent value of the exponent function value in the output quotient group based on the first slice of the first comparison result, the first output slice, and the second slice of the first comparison result, the second output slice, stored at the computing device of the second party, comprises:
interacting with a computing device of a second party according to a secure computing protocol to obtain a first slice of (z _ L + z _ R) (s _ L + s _ R) as a first slice of the equivalent value, wherein z _ L represents a first output slice, z _ R represents a second output slice, s _ L represents a first slice of a first comparison result, s _ R represents a second slice of the first comparison result, + represents a group addition, and represents a group multiplication;
s _ L + s _ R =1 when the private data is less than the target threshold, and s _ L + s _ R =0 when the private data is not less than the target threshold.
10. A collaborative computing system for protecting privacy of data of two parties is disclosed, wherein an index of an index function value of collaborative computing of the two parties is negatively related to private data, the private data comprises a first fragment and a second fragment which are input into a business group, the first fragment of the private data is stored in a computing device of the first party, and the second fragment of the private data is stored in a computing device of the second party; the system is implemented on a computing device of a first party, comprising:
a first security comparison module to interact with a computing device of a second party according to a security comparison protocol to obtain a first segment of a first comparison result of private data against a target threshold;
the first modulus taking module is used for taking the modulus of the first fragment of the private data relative to the target threshold value to obtain a first modulus taking result;
the first output fragment computing module is used for interacting with the computing equipment of the second party according to the secure computing protocol to obtain a first output fragment based on the first modulus result and a second modulus result stored in the computing equipment of the second party;
the first equivalent calculation module is used for interacting with the computing equipment of the second party according to a secure calculation protocol so as to obtain a first fragment of an equivalent value of the index function value in the output business group based on the first fragment and the first output fragment of the first comparison result and the second fragment and the second output fragment of the first comparison result stored in the computing equipment of the second party; and when the private data is not less than the target threshold, the first comparison result enables the equivalent value to be 0.
11. A collaborative computing apparatus that protects privacy of data on both sides, comprising a processor and a storage device for storing instructions that, when executed by the processor, implement the method of any of claims 1-9.
CN202010276651.9A 2020-04-10 2020-04-10 Collaborative computing method, system and device for protecting data privacy of two parties Active CN111177790B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010276651.9A CN111177790B (en) 2020-04-10 2020-04-10 Collaborative computing method, system and device for protecting data privacy of two parties

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010276651.9A CN111177790B (en) 2020-04-10 2020-04-10 Collaborative computing method, system and device for protecting data privacy of two parties

Publications (2)

Publication Number Publication Date
CN111177790A CN111177790A (en) 2020-05-19
CN111177790B true CN111177790B (en) 2020-07-10

Family

ID=70647265

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010276651.9A Active CN111177790B (en) 2020-04-10 2020-04-10 Collaborative computing method, system and device for protecting data privacy of two parties

Country Status (1)

Country Link
CN (1) CN111177790B (en)

Families Citing this family (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111539026B (en) * 2020-06-19 2020-09-29 支付宝(杭州)信息技术有限公司 Method and device for performing secure operation on private data
CN111475854B (en) * 2020-06-24 2020-10-20 支付宝(杭州)信息技术有限公司 Collaborative computing method and system for protecting data privacy of two parties
CN111783129A (en) * 2020-07-24 2020-10-16 支付宝(杭州)信息技术有限公司 Data processing method and system for protecting privacy
CN112463332A (en) * 2020-12-01 2021-03-09 华控清交信息科技(北京)有限公司 Data processing method, ciphertext computing system and device for data processing
CN112737772B (en) * 2020-12-25 2022-10-25 山东师范大学 Security statistical method, terminal device and system for private set intersection data
CN113158239B (en) * 2021-03-31 2022-04-26 支付宝(杭州)信息技术有限公司 Selection problem processing method for protecting data privacy
CN112989420B (en) * 2021-03-31 2022-05-10 支付宝(杭州)信息技术有限公司 Method and system for determining correlation coefficient for protecting data privacy
CN112989421A (en) * 2021-03-31 2021-06-18 支付宝(杭州)信息技术有限公司 Method and system for processing safety selection problem
CN113094763B (en) * 2021-04-12 2022-03-29 支付宝(杭州)信息技术有限公司 Selection problem processing method and system for protecting data privacy
CN113065162B (en) * 2021-04-25 2022-05-17 支付宝(杭州)信息技术有限公司 Method and device for processing private data in shared form
CN113158254B (en) * 2021-05-18 2022-06-24 支付宝(杭州)信息技术有限公司 Selection problem processing method and system for protecting data privacy
CN113761469A (en) * 2021-08-10 2021-12-07 支付宝(杭州)信息技术有限公司 Highest bit carry calculation method for protecting data privacy
CN113806818A (en) * 2021-09-02 2021-12-17 支付宝(杭州)信息技术有限公司 Boolean circuit for two-party safety selection
CN114244497B (en) * 2021-12-09 2024-02-13 支付宝(杭州)信息技术有限公司 Method and device for generating split chips by combining two parties

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102394784A (en) * 2011-11-21 2012-03-28 北京邮电大学 Distributed Top-k query method based on privacy maintenance
JP2012216904A (en) * 2011-03-31 2012-11-08 Kddi Corp Distribution routing processing device and computer program
US10211980B1 (en) * 2018-03-28 2019-02-19 Bar Ilan University Method for lattice-based decryption of data
CN109359470A (en) * 2018-08-14 2019-02-19 阿里巴巴集团控股有限公司 Secure calculation method and device, electronic equipment
CN110166446A (en) * 2019-05-13 2019-08-23 矩阵元技术(深圳)有限公司 A kind of implementation method at the geographical weighted average center based on multi-party computations
CN110537191A (en) * 2017-03-22 2019-12-03 维萨国际服务协会 Secret protection machine learning

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2012216904A (en) * 2011-03-31 2012-11-08 Kddi Corp Distribution routing processing device and computer program
CN102394784A (en) * 2011-11-21 2012-03-28 北京邮电大学 Distributed Top-k query method based on privacy maintenance
CN110537191A (en) * 2017-03-22 2019-12-03 维萨国际服务协会 Secret protection machine learning
US10211980B1 (en) * 2018-03-28 2019-02-19 Bar Ilan University Method for lattice-based decryption of data
CN109359470A (en) * 2018-08-14 2019-02-19 阿里巴巴集团控股有限公司 Secure calculation method and device, electronic equipment
CN110166446A (en) * 2019-05-13 2019-08-23 矩阵元技术(深圳)有限公司 A kind of implementation method at the geographical weighted average center based on multi-party computations

Also Published As

Publication number Publication date
CN111177790A (en) 2020-05-19

Similar Documents

Publication Publication Date Title
CN111177790B (en) Collaborative computing method, system and device for protecting data privacy of two parties
CN111475854B (en) Collaborative computing method and system for protecting data privacy of two parties
CN113158239B (en) Selection problem processing method for protecting data privacy
CN112732297B (en) Method and device for updating federal learning model, electronic equipment and storage medium
CN111539041B (en) Safety selection method and system
CN111783129A (en) Data processing method and system for protecting privacy
US11003769B2 (en) Elliptic curve point multiplication operation method and apparatus
CN112464155A (en) Data processing method, multi-party security computing system and electronic equipment
CN114491629A (en) Privacy-protecting graph neural network training method and system
CN114021734B (en) Parameter calculation device, system and method for federal learning and privacy calculation
CN113055153B (en) Data encryption method, system and medium based on fully homomorphic encryption algorithm
CN113949510A (en) Privacy-protecting multi-party security computing method and system
Markovskyi et al. Secure modular exponentiation in cloud systems
CN106716344A (en) Exponent splitting for cryptographic operations
CN113094763A (en) Selection problem processing method and system for protecting data privacy
CN113158254B (en) Selection problem processing method and system for protecting data privacy
CN113761469A (en) Highest bit carry calculation method for protecting data privacy
CN112990260B (en) Model evaluation method and system based on multi-party security calculation
CN114721623A (en) Multi-party secure division
CN114880693A (en) Method and device for generating activation function, electronic equipment and readable medium
WO2015199675A1 (en) System and method for securing scalar multiplication against differential power attacks
CN112989421A (en) Method and system for processing safety selection problem
Ajeena The Graphs for Elliptic Curve Cryptography
US20230074513A1 (en) Protection of a cryptographic operation
CN116738494B (en) Model training method and device for multiparty security calculation based on secret sharing

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
REG Reference to a national code

Ref country code: HK

Ref legal event code: DE

Ref document number: 40029338

Country of ref document: HK