CN111737757B - Method and device for performing secure operation on private data - Google Patents
Method and device for performing secure operation on private data Download PDFInfo
- Publication number
- CN111737757B CN111737757B CN202010759933.4A CN202010759933A CN111737757B CN 111737757 B CN111737757 B CN 111737757B CN 202010759933 A CN202010759933 A CN 202010759933A CN 111737757 B CN111737757 B CN 111737757B
- Authority
- CN
- China
- Prior art keywords
- value
- privacy
- comparison result
- fragment
- integer
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 48
- 239000012634 fragment Substances 0.000 claims abstract description 154
- 238000012545 processing Methods 0.000 claims abstract description 65
- 238000005192 partition Methods 0.000 claims description 9
- 239000000654 additive Substances 0.000 claims description 8
- 230000000996 additive effect Effects 0.000 claims description 8
- 238000004590 computer program Methods 0.000 claims description 3
- 238000010586 diagram Methods 0.000 description 7
- 230000008569 process Effects 0.000 description 6
- 230000006870 function Effects 0.000 description 4
- 238000012805 post-processing Methods 0.000 description 4
- 238000004458 analytical method Methods 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Computer Security & Cryptography (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Medical Informatics (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
An embodiment of the present specification provides a method and an apparatus for performing secure operation on private data, where the method includes: the first party compares the first privacy fragment with a first threshold value to obtain a first comparison result; generating a first integer by a first operation on a first privacy tile and a first intermediate value; the first integer of the first party is compared with the second integer of the second party to obtain a first fragment of a safety comparison result; wherein the second integer is generated by a second operation of the second party on the addition inverse of the second privacy slice and the second intermediate value; the second party has a second slice of the security comparison result; processing the first fragment of the safety comparison result according to a first processing mode corresponding to the first comparison result to obtain the first fragment of the final result of comparison operation between the privacy data and 0; the second party has a second fragment of the final result. The performance can be improved when security operations are performed on private data.
Description
Technical Field
One or more embodiments of the present specification relate to the field of computers, and more particularly, to a method and apparatus for performing secure operations on private data.
Background
The secure multi-party computation is also called multi-party secure computation, namely, a plurality of parties compute the result of a function together without revealing the input data of each party of the function, and the computed result is disclosed to one or more parties. Where the input data for the parties is often private data.
Secret sharing (secret sharing), also called secret splitting, secret sharing, is a cryptographic technique originally used for the management of secret information. The basic principle is to split a secret (e.g. a key) into multiple shards (shares), also called shares, which are respectively handed to different people for storage. Only if the number of people exceeding the threshold number combines their fragments, the secret can be recovered; no secret information can be recovered from less than a threshold number of slices. In multi-party security computing, the number of thresholds is typically the same as the number of participants.
When secret sharing is used for safe multiparty computation, sometimes a safe comparison operation needs to be performed, that is, under the condition that private data is not leaked, comparison operation is performed on the private data, and the safety comparison performance of the prior art is poor.
Accordingly, improved solutions are desired that can improve performance when performing secure operations on private data.
Disclosure of Invention
One or more embodiments of the present specification describe a method and apparatus for performing a secure operation on private data, which can improve performance when performing a secure operation on private data.
In a first aspect, a method for performing secure operation on private data is provided, where the private data is split into a first privacy segment and a second privacy segment based on a secret sharing manner, the first privacy segment is distributed on a first party, the second privacy segment is distributed on a second party, and both the first privacy segment and the second privacy segment belong to a modulo n space; the method is performed by the first party and comprises:
comparing the first privacy fragment with a first threshold value to obtain a first comparison result;
generating a first integer by a first operation on the first privacy segment and a first intermediate value; the first intermediate value is determined according to the first comparison result, the value range of the private data and a modulus space n;
the first integer of the first party is compared with the second integer of the second party to obtain a first fragment of a safety comparison result; the second integer is generated by a second operation of the second party on an addition inverse element of the second privacy fragment and a second intermediate value, and the second intermediate value is determined according to a result of comparison between the second privacy fragment and a second threshold value, the value range and the modulo space n; the second party has a second slice of the secure comparison result;
processing the first fragment of the safety comparison result according to a first processing mode corresponding to the first comparison result to obtain the first fragment of a final result of comparison operation between the privacy data and 0; the second party has a second tile of the final result.
In a possible implementation manner, the value range includes a minimum value and a maximum value, the minimum value is an addition inverse of a first numerical value, the maximum value is a second numerical value, the first numerical value and the second numerical value are both greater than 0, and a sum of the first numerical value, the second numerical value and 1 is less than or equal to n.
Further, the sum of the first threshold and the second threshold is greater than or equal to n minus 2 and less than n; the first threshold is greater than or equal to the second value and less than or equal to n minus the first value; the second threshold is greater than or equal to the second value and less than or equal to n minus the first value.
Further, the generating a first integer by a first operation on the first privacy segment and a first intermediate value includes:
if the first comparison result shows that the first privacy segment is smaller than or equal to the first threshold, setting the first intermediate value to be 0; taking the first privacy segment as the first integer;
if the first comparison result shows that the first privacy segment is larger than the first threshold, the first intermediate value is set as a third value minus n; the first privacy segment plus the third value minus n is taken as the first integer.
Further, the third value is greater than the second value and less than or equal to n minus the first value; the third value is greater than or equal to the first value.
Further, the safety comparison result specifically includes: and safely comparing the first integer of the self with the second integer of the second party to obtain a comparison result of whether the first integer is smaller than the second integer.
Further, the processing the first fragment of the security comparison result according to the first processing manner corresponding to the first comparison result to obtain the first fragment of the final result of the comparison operation between the private data and 0 includes:
if the first comparison result shows that the first privacy segment is smaller than or equal to the first threshold, taking the first segment of the security comparison result as the first segment of the final result;
and if the first comparison result shows that the first privacy fragment is larger than the first threshold value, taking a result of performing exclusive-or operation on 1 and the first fragment of the security comparison result as the first fragment of the final result.
In a second aspect, a method for performing secure operation on private data is provided, where the private data is split into a first privacy segment and a second privacy segment based on a secret sharing manner, the first privacy segment is distributed on a first party, the second privacy segment is distributed on a second party, and both the first privacy segment and the second privacy segment belong to a modulo n space; the method is performed by the second party, comprising:
comparing the second privacy fragment with a second threshold value to obtain a second comparison result;
generating a second integer by a second operation on an additive inverse of the second privacy slice and a second intermediate value; the second intermediate value is determined according to the second comparison result, the value range of the privacy data and the modulo space n;
the second integer of the first party is compared with the first integer of the first party in a safety mode to obtain a second fragment of a safety comparison result; the first integer is generated by the first party through a first operation on the first privacy fragment and a first intermediate value, and the first intermediate value is determined according to a comparison result of the first privacy fragment and a first threshold value, the value range and the modulo space n; the first party has a first slice of the security comparison result;
processing the second fragment of the safety comparison result according to a second processing mode corresponding to the second comparison result to obtain a second fragment of a final result of comparison operation between the privacy data and 0; the first party has a first segment of the final result.
In a possible implementation manner, the value range includes a minimum value and a maximum value, the minimum value is an addition inverse of a first numerical value, the maximum value is a second numerical value, the first numerical value and the second numerical value are both greater than 0, and a sum of the first numerical value, the second numerical value and 1 is less than or equal to n.
Further, the sum of the first threshold and the second threshold is greater than or equal to n minus 2 and less than n; the first threshold is greater than or equal to the second value and less than or equal to n minus the first value; the second threshold is greater than or equal to the second value and less than or equal to n minus the first value.
Further, the generating a second integer by a second operation on the additive inverse of the second privacy slice and a second intermediate value includes:
if the second comparison result shows that the second privacy segment is smaller than or equal to the second threshold value, setting the second intermediate value as a third numerical value; subtracting the second privacy slice from the third value as the second integer;
if the second comparison result shows that the second privacy segment is larger than the second threshold value, setting the second intermediate value as n; subtracting the second privacy slice from n as the second integer.
Further, the third value is greater than the second value and less than or equal to n minus the first value; the third value is greater than or equal to the first value.
Further, the safety comparison result specifically includes: and safely comparing the second integer of the present with the first integer of the first party to obtain a comparison result of whether the first integer is smaller than the second integer.
Further, the processing the second segment of the security comparison result according to a second processing manner corresponding to the second comparison result to obtain a second segment of a final result of the comparison operation between the private data and 0 includes:
if the second comparison result shows that the second privacy segment is smaller than or equal to the second threshold value, taking the second segment of the security comparison result as the second segment of the final result;
and if the second comparison result shows that the second privacy fragment is larger than the second threshold value, taking the result of carrying out XOR operation on 1 and the second fragment of the safety comparison result as the second fragment of the final result.
In a third aspect, an apparatus for performing secure operations on private data is provided, where the private data is split into a first privacy segment and a second privacy segment based on a secret sharing manner, the first privacy segment is distributed on a first party, the second privacy segment is distributed on a second party, and both the first privacy segment and the second privacy segment belong to a modulo n space; the device is disposed on the first party, and includes:
the first comparison unit is used for comparing the first privacy segment with a first threshold value to obtain a first comparison result;
a generating unit configured to generate a first integer by a first operation on the first privacy segment and a first intermediate value; the first intermediate value is determined according to a first comparison result obtained by the first comparison unit, a value range of the private data and a modulus space n;
a second comparing unit configured to perform a secure comparison between the first integer generated by the generating unit of the second party and the second integer of the second party to obtain a first slice of a secure comparison result; the second integer is generated by a second operation of the second party on an addition inverse element of the second privacy fragment and a second intermediate value, and the second intermediate value is determined according to a result of comparison between the second privacy fragment and a second threshold value, the value range and the modulo space n; the second party has a second slice of the secure comparison result;
the processing unit is used for processing the first fragment of the safety comparison result obtained by the second comparison unit according to a first processing mode corresponding to the first comparison result to obtain a first fragment of a final result of comparison operation between the privacy data and 0; the second party has a second tile of the final result.
In a fourth aspect, an apparatus for performing secure operations on private data is provided, where the private data is split into a first privacy segment and a second privacy segment based on a secret sharing manner, the first privacy segment is distributed in a first party, the second privacy segment is distributed in a second party, and both the first privacy segment and the second privacy segment belong to a modulo n space; the device set up in the second side includes:
the first comparison unit is used for comparing the second privacy segment with a second threshold value to obtain a second comparison result;
a generating unit configured to generate a second integer by a second operation on an addition inverse and a second intermediate value of the second privacy slice; the second intermediate value is determined according to a second comparison result obtained by the first comparison unit, the value range of the privacy data and the modulo space n;
a second comparing unit configured to perform a security comparison between the second integer generated by the generating unit of the second party and the first integer of the first party to obtain a second slice of a security comparison result; the first integer is generated by the first party through a first operation on the first privacy fragment and a first intermediate value, and the first intermediate value is determined according to a comparison result of the first privacy fragment and a first threshold value, the value range and the modulo space n; the first party has a first slice of the security comparison result;
the processing unit is used for processing the second fragment of the safety comparison result obtained by the second comparison unit according to a second processing mode corresponding to the second comparison result to obtain a second fragment of a final result of comparison operation between the privacy data and 0; the first party has a first segment of the final result.
In a fifth aspect, there is provided a computer readable storage medium having stored thereon a computer program which, when executed in a computer, causes the computer to perform the method of the first or second aspect.
In a sixth aspect, there is provided a computing device comprising a memory having stored therein executable code, and a processor that when executing the executable code, implements the method of the first or second aspect.
According to the method and the device provided by the embodiment of the specification, the private data is split into the first private fragment and the second private fragment based on a secret sharing mode, the first private fragment is distributed in a first party, the second private fragment is distributed in a second party, and the first private fragment and the second private fragment both belong to a modulo n space; a first party generates a first integer based on a comparison result of a first privacy fragment and a first threshold, a second party generates a second integer based on a comparison result of a second privacy fragment and a second threshold, and the first integer of the first party and the second integer of the second party are safely compared to obtain a fragment of a safety comparison result; and processing according to the fragments of the safety comparison result to obtain the fragments of the final result of the comparison operation between the privacy data and 0. As can be seen from the above, in the embodiment of the present specification, the first party and the second party only need to perform a security comparison once to obtain the final result, so that the performance can be improved when performing a security operation on private data.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
FIG. 1 is a schematic diagram illustrating an implementation scenario of an embodiment disclosed herein;
FIG. 2 illustrates a flow diagram of a method of performing a secure operation on private data, according to one embodiment;
FIG. 3 illustrates a flow diagram of a method of performing a secure operation on private data, according to another embodiment;
FIG. 4 shows a schematic block diagram of an apparatus for performing secure operations on private data, according to one embodiment;
fig. 5 shows a schematic block diagram of an apparatus for performing secure operations on private data according to another embodiment.
Detailed Description
The scheme provided by the specification is described below with reference to the accompanying drawings.
Fig. 1 is a schematic view of an implementation scenario of an embodiment disclosed in this specification. This implementation scenario involves performing secure operations on private data. The private data is divided into a plurality of fragments based on a secret sharing mode, and the fragments of the private data are distributed in multiple parties. It is understood that the above-mentioned parties may be two or more parties, e.g., three parties, four parties, etc. In this embodiment of the present description, an example is described in which private data is split into two segments, and the two segments of the private data are distributed in two parties. Referring to fig. 1, a comparison operation is performed on the private data x, specifically, the private data x and 0 may be compared, that is, a result of solving y = (x > =0), and it can be understood that if x > =0, y = 1; if x <0, y = 0. The first party 11 has a modulo n shard x1 of private data x and the second party 12 has a modulo n shard x2 of private data x. After the comparison operation, the first party 11 obtains a slice y1 modulo 2 of the comparison result y, and the second party 12 obtains a slice y2 modulo 2 of the comparison result y. The first party and the second party are only for distinguishing the two parties, and the first party may be referred to as the P1 party, the second party may be referred to as the P2 party, and so on.
In the embodiments of the present specification, the meaning of the privacy data is not limited. The privacy data may represent a value corresponding to one item of privacy information, for example, the privacy data is 15, and the income representing the user is 15 ten thousand yuan; the privacy data may also represent values corresponding to a plurality of items of privacy information, for example, the privacy data is a vector, and each bit of the vector represents different privacy information, for example, a first bit of the vector represents whether the age of the user belongs to a preset age interval, and a second bit of the vector represents whether the income of the user belongs to a preset income interval.
It will be appreciated that the private data may be any data that is not convenient to disclose, and may be, but is not limited to, data representing personal information of the user, or trade secrets or the like.
Secret sharing modulo 2, the power of modulo 2, a modulo prime number, or the product of modulo a number of different prime numbers allows for the splitting and operation over a limited space. The security comparison is a common secure multiparty computation, and one common security comparison requirement is: x is a signed integer and has a value in the range of [ -p', p ]. Wherein p >0, p '> 0, and p + p' +1= < n. According to secret sharing, there is x1+ x2% n = x, y 1+ y 2% 2= y. Modulo-2 spatial addition is an exclusive or, and then y1 XOR y2= y. According to the above:
if x > =0, then x% n is in the [0, p ] interval, x1+ x2 is either in the [0, p ] interval or in the [ n, n + p ] interval;
otherwise, if x <0, then x% n is in the [ n-p ', n) interval, x1+ x2 is either in the [ n-p ', n) interval or in the [2n-p ', 2n-1) interval.
If n is the k-th power of 2, and the k-th bits of [0, p ] and [ n, n + p ] are both 0, y can be calculated by safely calculating x1+ x2 and extracting the sign bit (k-th bit) of the result. When n is not the power of 2, multiple security comparison operations are usually required to determine whether x1+ x2 is in the [0, p ] interval or the [ n, n + p ] interval to perform security computation y, i.e., x1= < p-x2, x1> = n-x2, and x1= < n + p-x2), which results in poor performance.
In the embodiment of the present specification, when comparing the private data x and 0, the number of times of secure comparison may be reduced, thereby improving performance.
Fig. 2 shows a flowchart of a method for performing a secure operation on private data according to an embodiment, which may be based on the implementation scenario shown in fig. 1, where the private data is split into a first privacy segment and a second privacy segment based on a secret sharing manner, the first privacy segment is distributed on a first party, the second privacy segment is distributed on a second party, and both the first privacy segment and the second privacy segment belong to a modulo-n space; the method is performed by the first party. As shown in fig. 2, the method for performing secure operation on private data in this embodiment includes the following steps: step 21, comparing the first privacy segment with a first threshold value to obtain a first comparison result; step 22, generating a first integer by a first operation on the first privacy segment and a first intermediate value; the first intermediate value is determined according to the first comparison result, the value range of the private data and a modulus space n; step 23, comparing the first integer of the self with the second integer of the second party to obtain a first fragment of a safety comparison result; the second integer is generated by a second operation of the second party on an addition inverse element of the second privacy fragment and a second intermediate value, and the second intermediate value is determined according to a result of comparison between the second privacy fragment and a second threshold value, the value range and the modulo space n; the second party has a second slice of the secure comparison result; step 24, processing the first fragment of the safety comparison result according to a first processing mode corresponding to the first comparison result to obtain a first fragment of a final result of comparison operation between the privacy data and 0; the second party has a second tile of the final result. Specific execution modes of the above steps are described below.
First, in step 21, the first privacy segment is compared with a first threshold to obtain a first comparison result. It is to be appreciated that, accordingly, the second party compares the second privacy segment with a second threshold to obtain a second comparison result.
In one example, the range of values of the private data includes a minimum value and a maximum value, the minimum value is an additive inverse of a first value, the maximum value is a second value, the first value and the second value are both greater than 0, and a sum of the first value, the second value and 1 is less than or equal to n.
Further, the sum of the first threshold and the second threshold is greater than or equal to n minus 2 and less than n; the first threshold is greater than or equal to the second value and less than or equal to n minus the first value; the second threshold is greater than or equal to the second value and less than or equal to n minus the first value.
For example, the range of values of the privacy data x is [ -p', p ]. Wherein p >0, p '> 0, and p + p' +1= < n. The selection of the first threshold t1 and the second threshold t2 needs to satisfy the following conditions: n > t1+ t2> = n-2; n-p' > = t1> = p; n-p' > = t2> = p.
Then, in step 22, a first integer is generated by a first operation on the first privacy segment and a first intermediate value; and the first intermediate value is determined according to the first comparison result, the value range of the private data and the modulus space n. Accordingly, the second party may generate a second integer based on the second privacy segment.
In one example, the generating a first integer by a first operation on the first privacy segment and a first intermediate value comprises:
if the first comparison result shows that the first privacy segment is smaller than or equal to the first threshold, setting the first intermediate value to be 0; taking the first privacy segment as the first integer;
if the first comparison result shows that the first privacy segment is larger than the first threshold, the first intermediate value is set as a third value minus n; the first privacy segment plus the third value minus n is taken as the first integer.
For example, the first privacy slice is x1, the first threshold is t1, the first integer is a, and the third value is q. If x1= < t1, first party a = x 1; otherwise, the first equation a = x1+ q-n.
In this example, the first operation is specifically an addition operation, but the first operation is not limited to this. Alternatively, the first operation may be based on the addition operation and multiply the result of the addition operation by a preset value, for example, the preset value may be 2 or 3.
For example, the first privacy partition is x1, the first threshold is t1, the first integer is a, the third value is q, and the preset value is 2. If x1= < t1, first order a =2x 1; otherwise, the first party a =2 (x1+ q-n).
Further, the third value is greater than the second value and less than or equal to n minus the first value; the third value is greater than or equal to the first value.
For example, the first value is p', the second value is p, and the third value is q. The selection of the third value q needs to satisfy the condition: n-p' > = q > p; q > = p'.
Then, in step 23, the first integer of the second party is compared with the second integer of the first party to obtain a first segment of a safety comparison result; the second integer is generated by a second operation of the second party on an addition inverse element of the second privacy fragment and a second intermediate value, and the second intermediate value is determined according to a result of comparison between the second privacy fragment and a second threshold value, the value range and the modulo space n; the second party has a second slice of the secure comparison result. It will be appreciated that the first and second integers, and accordingly, the private data, are not revealed during the secure comparison.
In the embodiments of the present specification, the first operation and the second operation have a corresponding relationship, for example, when the first operation is an addition operation, the second operation is also an addition operation; for example, if the first operation is based on addition and then multiplies the result of the addition by a predetermined value, the second operation is based on addition and then multiplies the result of the addition by the predetermined value.
In one example, the safety comparison result specifically includes: and safely comparing the first integer of the self with the second integer of the second party to obtain a comparison result of whether the first integer is smaller than the second integer.
In another example, the safety comparison result may be: and safely comparing the first integer of the self with the second integer of the second party to obtain a comparison result of whether the first integer is greater than or equal to the second integer.
It is understood that the meaning of the safety comparison result is different, which may affect the subsequent processing manner or may affect the meaning of the final result.
Finally, in step 24, processing the first fragment of the security comparison result according to a first processing mode corresponding to the first comparison result, so as to obtain a first fragment of a final result of comparison operation between the privacy data and 0; the second party has a second tile of the final result. It is understood that the final result may be used to indicate whether the privacy data is greater than or equal to 0, or the final result may be used to indicate whether the privacy data is less than 0.
In one example, the processing the first segment of the security comparison result according to the first processing manner corresponding to the first comparison result to obtain the first segment of the final result of the comparison operation between the private data and 0 includes:
if the first comparison result shows that the first privacy segment is smaller than or equal to the first threshold, taking the first segment of the security comparison result as the first segment of the final result;
and if the first comparison result shows that the first privacy fragment is larger than the first threshold value, taking a result of performing exclusive-or operation on 1 and the first fragment of the security comparison result as the first fragment of the final result.
Fig. 3 shows a flowchart of a method for performing a security operation on private data according to another embodiment, which may be based on the implementation scenario shown in fig. 1, where the private data is split into a first privacy segment and a second privacy segment based on a secret sharing manner, the first privacy segment is distributed on a first party, the second privacy segment is distributed on a second party, and both the first privacy segment and the second privacy segment belong to a modulo-n space; the method is performed by the second party. As shown in fig. 3, the method for performing secure operation on private data in this embodiment includes the following steps: step 31, comparing the second privacy segment with a second threshold value to obtain a second comparison result; step 32, generating a second integer by a second operation on the addition inverse of the second privacy slice and a second intermediate value; the second intermediate value is determined according to the second comparison result, the value range of the privacy data and the modulo space n; step 33, comparing the second integer of the present recipe with the first integer of the first recipe to obtain a second segment of the safety comparison result; the first integer is generated by the first party through a first operation on the first privacy fragment and a first intermediate value, and the first intermediate value is determined according to a comparison result of the first privacy fragment and a first threshold value, the value range and the modulo space n; the first party has a first slice of the security comparison result; step 34, processing the second fragment of the safety comparison result according to a second processing mode corresponding to the second comparison result to obtain a second fragment of a final result of comparison operation between the privacy data and 0; the first party has a first segment of the final result. Specific execution modes of the above steps are described below.
First, in step 31, the second privacy segment is compared with a second threshold to obtain a second comparison result. It is to be appreciated that, accordingly, the first party compares the first privacy segment with the first threshold to obtain a first comparison result.
In one example, the range of values of the private data includes a minimum value and a maximum value, the minimum value is an additive inverse of a first value, the maximum value is a second value, the first value and the second value are both greater than 0, and a sum of the first value, the second value and 1 is less than or equal to n.
Further, the sum of the first threshold and the second threshold is greater than or equal to n minus 2 and less than n; the first threshold is greater than or equal to the second value and less than or equal to n minus the first value; the second threshold is greater than or equal to the second value and less than or equal to n minus the first value.
Then generating a second integer by a second operation on the additive inverse of the second privacy slice and a second intermediate value, step 32; and the second intermediate value is determined according to the second comparison result, the value range of the privacy data and the modulo space n. Accordingly, the first party may generate the first integer based on the first privacy segment.
In one example, the generating a second integer by a second operation on an additive inverse of the second privacy slice and a second intermediate value comprises:
if the second comparison result shows that the second privacy segment is smaller than or equal to the second threshold value, setting the second intermediate value as a third numerical value; subtracting the second privacy slice from the third value as the second integer;
if the second comparison result shows that the second privacy segment is larger than the second threshold value, setting the second intermediate value as n; subtracting the second privacy slice from n as the second integer.
In this example, the second operation is specifically an addition operation, but the second operation is not limited to this. Alternatively, the second operation may be based on the addition operation and multiply the result of the addition operation by a preset value, for example, the preset value may be 2 or 3.
Further, the third value is greater than the second value and less than or equal to n minus the first value; the third value is greater than or equal to the first value.
Next, in step 33, the second integer of the present embodiment is compared with the first integer of the first embodiment to obtain a second segment of the safety comparison result; the first integer is generated by the first party through a first operation on the first privacy fragment and a first intermediate value, and the first intermediate value is determined according to a comparison result of the first privacy fragment and a first threshold value, the value range and the modulo space n; the first party has a first slice of the security comparison result. It will be appreciated that the first and second integers, and accordingly, the private data, are not revealed during the secure comparison.
In one example, the safety comparison result specifically includes: and safely comparing the second integer of the present with the first integer of the first party to obtain a comparison result of whether the first integer is smaller than the second integer.
In another example, the safety comparison result may be: and safely comparing the second integer of the present with the first integer of the first party to obtain a comparison result of whether the first integer is greater than or equal to the second integer.
It is understood that the meaning of the safety comparison result is different, which may affect the subsequent processing manner or may affect the meaning of the final result.
Finally, in step 34, processing the second fragment of the security comparison result according to a second processing mode corresponding to the second comparison result, so as to obtain a second fragment of a final result of the comparison operation between the privacy data and 0; the first party has a first segment of the final result. It is understood that the final result may be used to indicate whether the privacy data is greater than or equal to 0, or the final result may be used to indicate whether the privacy data is less than 0.
In one example, the processing the second segment of the security comparison result according to a second processing manner corresponding to the second comparison result to obtain a second segment of a final result of the comparison operation between the private data and 0 includes:
if the second comparison result shows that the second privacy segment is smaller than or equal to the second threshold value, taking the second segment of the security comparison result as the second segment of the final result;
and if the second comparison result shows that the second privacy fragment is larger than the second threshold value, taking the result of carrying out XOR operation on 1 and the second fragment of the safety comparison result as the second fragment of the final result.
According to the method provided by the embodiment of the specification, the private data is split into a first private fragment and a second private fragment based on a secret sharing mode, the first private fragment is distributed in a first party, the second private fragment is distributed in a second party, and the first private fragment and the second private fragment both belong to a modulo n space; a first party generates a first integer based on a comparison result of a first privacy fragment and a first threshold, a second party generates a second integer based on a comparison result of a second privacy fragment and a second threshold, and the first integer of the first party and the second integer of the second party are safely compared to obtain a fragment of a safety comparison result; and processing according to the fragments of the safety comparison result to obtain the fragments of the final result of the comparison operation between the privacy data and 0. As can be seen from the above, in the embodiment of the present specification, the first party and the second party only need to perform a security comparison once to obtain the final result, so that the performance can be improved when performing a security operation on private data.
It should be noted that the private data is split into a first private segment and a second private segment based on a secret sharing manner, the first private segment is distributed to a first party, the second private segment is distributed to a second party, neither the first party nor the second party can independently calculate a comparison result between the private data and 0, and the first party and the second party are required to cooperate to determine the comparison result. The following is illustrated by a specific example:
p1 holds a slice x1 of modulo n of x, P2 holds a slice x2 of modulo n of x, and through a series of arithmetic processes, P1 obtains a slice y1 of modulo 2 of y = (x > =0), and P2 holds a slice y2 of modulo 2 of y.
The operation process can comprise the following steps:
firstly, P1 generates an integer a according to x1 and a threshold t1, P2 generates an integer b according to x2 and a threshold t2, and the generation rule is as follows:
if x1= < t1, P1 has a = x 1; otherwise, P1 has a = x1+ q-n;
if x2= < t2, P2 has b = q-x 2; otherwise, P1 has b = n-x 2.
Then P1 and P2 perform a safety comparison a < b, both sides obtain the modulo-2 fragment of the comparison result c, P1 obtains c1, and P2 obtains c 2. The safety comparison a < b can adopt one of the existing safety comparison technologies.
Then P1 and P2 each generate y's shard from its c's shard, x's shard. The generation rule is as follows:
if x1= < t1, P1 has y1= c 1; otherwise, let y1=1 XOR c 1;
if x2= < t2, P2 has y2= c 2; otherwise, let y2=1 XOR c 2.
In the operation process, t1, t2 and q are positive integers, and the values meet the following value conditions:
n>t1+t2>=n-2;n-p’>=t1>=p;n-p’>=t2>=p;n-p’>=q>p;q>=p’。
for example: the values of t1, t2 and q are q = p +1, and t1= t2= p; according to the above value conditions, n >2p and n > =2p ', n is minimum desirable max (2p +1,2 p'). The requirement can be met by choosing n large enough. Generally, n is preferably p + p '+ 1 at a minimum, and p' are approximately equal, so that n need not be increased or n need only be slightly increased if the requirement is met.
The above operation process of the embodiment of the present specification is proved by the following correctness:
the first privacy partition of the privacy data x is x1, the second privacy partition of the privacy data x is x2, and the value of x1+ x2 may only fall within 4 intervals: [0, p ], [ n, n + p ], [ n-p ', n), [2 n-p', 2 n-1). If and only if the value of x1+ x2 falls in the first 2 intervals, x > = 0; if and only if the value of x1+ x2 falls in the last 2 intervals, x < 0. The analysis of four values of x1 and x2 is as follows:
if x1= < t1 and x2= < t2, then there is: x1+ x2= < t1+ t2< n. In this case, the values of x1+ x2 may only fall between [0, p ] and [ n-p', n), and x > =0 is valid for x1+ x2 in the [0, p ] interval, which is equivalent to x1< q-x 2. When x1= < t1 and x2= < t2, the present specification example makes a = x1, b = q-x2, and the calculated y is just x1< q-x 2.
If x1= < t1 and x2> t2, then there is: p = < t2< x1+ x2< t1+ n = <2 n-p'. Therefore, p < x1+ x2<2n-p ', x1+ x2 may only fall between [ n-p', n ] and [ n, n + p ]. In this case, x > =0 is true equivalent to | (x1< n-x 2). x1= < t1 and x2> t2, the specification example has a = x1, b = n-x2, calculated c is x1< n-x2, calculated y = y1 XOR y2= c1 XOR 1 XOR c 2= | = | (x1< n-x 2). Wherein | is the logical negation sign.
If x1> t1 and x2= < t2, then there is: p = < t1< x1+ x2< t2+ n = <2 n-p'. Therefore, p < x1+ x2<2n-p ', x1+ x2 may only fall between [ n-p', n ] and [ n, n + p ]. In this case, x > =0 is true equivalent to | (x1< n-x 2). x1> t1 and x2= < t2, the present specification example has a = x1+ q-n, b = q-x2, calculated c is x1+ q-n < q-x2, calculated y =1 XOR c = | = | (x1+ q-n < q-x2) = | (x1< n-x 2).
If x1> t1 and x2> t2, then there are: n = < t1+ t2+2= < x1+ x 2. The values of x1+ x2 may only fall between n, n + p and 2 n-p', 2 n-1). In this case, x > =0 is valid equivalent to x1+ x2<2 n-q. x1> t1 and x2= < t2, the present specification example has a = x1+ q-n, b = n-x2, calculated c is x1+ q-n < n-x2, calculated y =1 XOR c = x1+ q-n < n-x2= x1+ x2<2 n-q.
The embodiment of the present specification can be used for safety comparison of x > =0 and also can be used for safety comparison of x <0, and in a specific example, the example of safety comparison of x > =0 is described, and based on the above example, an example of safety comparison of x <0 can be obtained by simply changing the example. For example, an example of a security comparison of x <0 can be obtained by merely replacing the security comparison of "a < b" with the security comparison of "a > = b". For another example, only: the two parties generate fragments of x '= -x1% n and x' 2= -x2% n; both sides perform the security calculation of x' > =0, and an example of security comparison of x <0 can be obtained.
In addition, it should be noted that the selection of the first threshold and the second threshold, the selection of a and b, and the post-processing after comparing a with b may also be replaced by other ways, and are not limited to the illustrated examples. For example, the comparison between a and b is fixed as >, < =or > =, and the corresponding threshold selection, selection of a and b, and post-processing after comparison between a and b are also modified. In the example, thresholds t1 and t2 are set for x1 and x2, respectively, and more thresholds can be set for x1 or/and x2, and corresponding threshold selection, selection of a and b, and post-processing after comparison of a and b are also modified.
In the method provided in the embodiment of the present specification, two security computing parties each generate one number to perform security comparison, and generate a fragment of x > =0 based on the result of the security comparison: and determining the number of the fragments participating in the safety comparison according to the value of the fragment of the x, and determining how to perform post-processing on the safety comparison result according to the value of the fragment of the x.
According to an embodiment of another aspect, an apparatus for performing secure operations on private data is further provided, where the private data is split into a first privacy segment and a second privacy segment based on a secret sharing manner, the first privacy segment is distributed on a first party, the second privacy segment is distributed on a second party, and both the first privacy segment and the second privacy segment belong to a modulo n space; the device is arranged on the first party and is used for executing the actions executed by the first party in the method provided by the embodiment of the specification. Fig. 4 shows a schematic block diagram of an apparatus for performing secure operations on private data according to one embodiment. As shown in fig. 4, the apparatus 400 includes:
a first comparing unit 41, configured to compare the first privacy segment with a first threshold to obtain a first comparison result;
a generating unit 42, configured to generate a first integer by a first operation on the first privacy segment and a first intermediate value; the first intermediate value is determined according to a first comparison result obtained by the first comparing unit 41, a value range of the private data, and a modulo space n;
a second comparing unit 43, configured to perform a secure comparison between the first integer generated by the generating unit 42 of the second party and the second integer of the second party, so as to obtain a first slice of a secure comparison result; the second integer is generated by a second operation of the second party on an addition inverse element of the second privacy fragment and a second intermediate value, and the second intermediate value is determined according to a result of comparison between the second privacy fragment and a second threshold value, the value range and the modulo space n; the second party has a second slice of the secure comparison result;
a processing unit 44, configured to process the first segment of the security comparison result obtained by the second comparing unit 43 according to a first processing manner corresponding to the first comparison result, so as to obtain a first segment of a final result of comparison operation between the private data and 0; the second party has a second tile of the final result.
Optionally, as an embodiment, the value range includes a minimum value and a maximum value, the minimum value is an addition inverse of a first numerical value, the maximum value is a second numerical value, both the first numerical value and the second numerical value are greater than 0, and a sum of the first numerical value, the second numerical value, and 1 is less than or equal to n.
Further, the sum of the first threshold and the second threshold is greater than or equal to n minus 2 and less than n; the first threshold is greater than or equal to the second value and less than or equal to n minus the first value; the second threshold is greater than or equal to the second value and less than or equal to n minus the first value.
Further, the generating unit 42 includes:
a first generating subunit, configured to set the first intermediate value to 0 if the first comparison result indicates that the first privacy segment is smaller than or equal to the first threshold; taking the first privacy segment as the first integer;
a second generating subunit, configured to set the first intermediate value as a third value minus n if the first comparison result indicates that the first privacy segment is greater than the first threshold; the first privacy segment plus the third value minus n is taken as the first integer.
Further, the third value is greater than the second value and less than or equal to n minus the first value; the third value is greater than or equal to the first value.
Further, the safety comparison result specifically includes: and safely comparing the first integer of the self with the second integer of the second party to obtain a comparison result of whether the first integer is smaller than the second integer.
Further, the processing unit 44 includes:
a first processing subunit, configured to, if the first comparison result indicates that the first privacy partition is smaller than or equal to the first threshold, take the first partition of the security comparison result as the first partition of the final result;
and the second processing subunit is configured to, if the first comparison result indicates that the first privacy segment is greater than the first threshold, take a result of performing an exclusive or operation on 1 and the first segment of the security comparison result as the first segment of the final result.
According to an embodiment of another aspect, an apparatus for performing secure operations on private data is further provided, where the private data is split into a first privacy segment and a second privacy segment based on a secret sharing manner, the first privacy segment is distributed on a first party, the second privacy segment is distributed on a second party, and both the first privacy segment and the second privacy segment belong to a modulo n space; the device is arranged on the second party and is used for executing the actions executed by the second party in the method provided by the embodiment of the specification. Fig. 5 shows a schematic block diagram of an apparatus for performing secure operations on private data according to another embodiment. As shown in fig. 5, the apparatus 500 includes:
a first comparing unit 51, configured to compare the second privacy segment with a second threshold to obtain a second comparison result;
a generating unit 52, configured to generate a second integer by a second operation on the addition inverse of the second privacy slice and a second intermediate value; the second intermediate value is determined according to a second comparison result obtained by the first comparing unit 51, and a value range and a modulo space n of the private data;
a second comparing unit 53 for performing a security comparison between the second integer generated by the generating unit 52 of the present embodiment and the first integer of the first embodiment to obtain a second slice of a security comparison result; the first integer is generated by the first party through a first operation on the first privacy fragment and a first intermediate value, and the first intermediate value is determined according to a comparison result of the first privacy fragment and a first threshold value, the value range and the modulo space n; the first party has a first slice of the security comparison result;
a processing unit 54, configured to process the second fragment of the security comparison result obtained by the second comparing unit 53 according to a second processing manner corresponding to the second comparison result, so as to obtain a second fragment of a final result of comparison operation between the private data and 0; the first party has a first segment of the final result.
Optionally, as an embodiment, the value range includes a minimum value and a maximum value, the minimum value is an addition inverse of a first numerical value, the maximum value is a second numerical value, both the first numerical value and the second numerical value are greater than 0, and a sum of the first numerical value, the second numerical value, and 1 is less than or equal to n.
Further, the sum of the first threshold and the second threshold is greater than or equal to n minus 2 and less than n; the first threshold is greater than or equal to the second value and less than or equal to n minus the first value; the second threshold is greater than or equal to the second value and less than or equal to n minus the first value.
Further, the generating unit 52 includes:
a first generating subunit, configured to set the second intermediate value to a third value if the second comparison result indicates that the second privacy segment is smaller than or equal to the second threshold value; subtracting the second privacy slice from the third value as the second integer;
a second generating subunit, configured to set the second intermediate value to n if the second comparison result indicates that the second privacy segment is greater than the second threshold; subtracting the second privacy slice from n as the second integer.
Further, the third value is greater than the second value and less than or equal to n minus the first value; the third value is greater than or equal to the first value.
Further, the safety comparison result specifically includes: and safely comparing the second integer of the present with the first integer of the first party to obtain a comparison result of whether the first integer is smaller than the second integer.
Further, the processing unit 54 includes:
a first processing subunit, configured to, if the second comparison result indicates that the second privacy segment is smaller than or equal to the second threshold, take the second segment of the security comparison result as the second segment of the final result;
and the second processing subunit is configured to, if the second comparison result indicates that the second privacy segment is greater than the second threshold, use a result of performing an exclusive or operation on 1 and the second segment of the security comparison result as the second segment of the final result.
According to the device provided by the embodiment of the specification, the private data is split into a first private fragment and a second private fragment based on a secret sharing mode, the first private fragment is distributed on a first party, the second private fragment is distributed on a second party, and the first private fragment and the second private fragment both belong to a modulo n space; the first party generation unit 42 generates a first integer based on the comparison result of the first privacy fragment and the first threshold, the second party generation unit 52 generates a second integer based on the comparison result of the second privacy fragment and the second threshold, and the first party second comparison unit 43 performs secure comparison on the first integer of the first party and the second integer of the second party to obtain a fragment of a secure comparison result; the processing unit 44 of the first party and the processing unit 54 of the second party perform processing according to the fragment of the security comparison result to obtain a fragment of a final result of the comparison operation between the private data and 0. As can be seen from the above, in the embodiment of the present specification, the first party and the second party only need to perform a security comparison once to obtain the final result, so that the performance can be improved when performing a security operation on private data.
According to an embodiment of another aspect, there is also provided a computer-readable storage medium having stored thereon a computer program which, when executed in a computer, causes the computer to perform the method described in connection with fig. 2 or fig. 3.
According to an embodiment of yet another aspect, there is also provided a computing device comprising a memory having stored therein executable code, and a processor that, when executing the executable code, implements the method described in connection with fig. 2 or fig. 3.
Those skilled in the art will recognize that, in one or more of the examples described above, the functions described in this invention may be implemented in hardware, software, firmware, or any combination thereof. When implemented in software, the functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium.
The above-mentioned embodiments, objects, technical solutions and advantages of the present invention are further described in detail, it should be understood that the above-mentioned embodiments are only exemplary embodiments of the present invention, and are not intended to limit the scope of the present invention, and any modifications, equivalent substitutions, improvements and the like made on the basis of the technical solutions of the present invention should be included in the scope of the present invention.
Claims (22)
1. A method for carrying out security operation on private data is characterized in that the private data is divided into a first private fragment and a second private fragment based on a secret sharing mode, the first private fragment is distributed on a first party, the second private fragment is distributed on a second party, and the first private fragment and the second private fragment both belong to a modulo n space; the method is performed by the first party and comprises:
comparing the first privacy fragment with a first threshold value to obtain a first comparison result;
generating a first integer by a first operation on the first privacy segment and a first intermediate value; the first intermediate value is determined according to the first comparison result, the value range of the private data and a modulus space n;
the first integer of the first party is compared with the second integer of the second party to obtain a first fragment of a safety comparison result; the second integer is generated by a second operation of the second party on an addition inverse element of the second privacy fragment and a second intermediate value, and the second intermediate value is determined according to a result of comparison between the second privacy fragment and a second threshold value, the value range and the modulo space n; the second party has a second slice of the secure comparison result;
processing the first fragment of the safety comparison result according to a first processing mode corresponding to the first comparison result to obtain the first fragment of a final result of comparison operation between the privacy data and 0; the second party has a second tile of the final result;
the value range comprises a minimum value and a maximum value, the minimum value is an addition inverse element of a first numerical value, the maximum value is a second numerical value, the first numerical value and the second numerical value are both greater than 0, and the sum of the first numerical value, the second numerical value and 1 is less than or equal to n;
wherein the sum of the first threshold and the second threshold is greater than or equal to n minus 2 and less than n; the first threshold is greater than or equal to the second value and less than or equal to n minus the first value; the second threshold is greater than or equal to the second value and less than or equal to n minus the first value.
2. The method of claim 1, wherein the generating a first integer by a first operation on the first privacy tile and a first intermediate value comprises:
if the first comparison result shows that the first privacy segment is smaller than or equal to the first threshold, setting the first intermediate value to be 0; taking the first privacy segment as the first integer;
if the first comparison result shows that the first privacy segment is larger than the first threshold, the first intermediate value is set as a third value minus n; the first privacy segment plus the third value minus n is taken as the first integer.
3. The method of claim 2, wherein the third value is greater than the second value and less than or equal to n minus the first value; the third value is greater than or equal to the first value.
4. The method of claim 3, wherein the security comparison result is specifically: and safely comparing the first integer of the self with the second integer of the second party to obtain a comparison result of whether the first integer is smaller than the second integer.
5. The method of claim 4, wherein the processing the first slice of the security comparison result according to the first processing manner corresponding to the first comparison result to obtain the first slice of the final result of the comparison operation between the private data and 0 comprises:
if the first comparison result shows that the first privacy segment is smaller than or equal to the first threshold, taking the first segment of the security comparison result as the first segment of the final result;
and if the first comparison result shows that the first privacy fragment is larger than the first threshold value, taking a result of performing exclusive-or operation on 1 and the first fragment of the security comparison result as the first fragment of the final result.
6. A method for carrying out security operation on private data is characterized in that the private data is divided into a first private fragment and a second private fragment based on a secret sharing mode, the first private fragment is distributed on a first party, the second private fragment is distributed on a second party, and the first private fragment and the second private fragment both belong to a modulo n space; the method is performed by the second party, comprising:
comparing the second privacy fragment with a second threshold value to obtain a second comparison result;
generating a second integer by a second operation on an additive inverse of the second privacy slice and a second intermediate value; the second intermediate value is determined according to the second comparison result, the value range of the privacy data and the modulo space n;
the second integer of the first party is compared with the first integer of the first party in a safety mode to obtain a second fragment of a safety comparison result; the first integer is generated by the first party through a first operation on the first privacy fragment and a first intermediate value, and the first intermediate value is determined according to a comparison result of the first privacy fragment and a first threshold value, the value range and the modulo space n; the first party has a first slice of the security comparison result;
processing the second fragment of the safety comparison result according to a second processing mode corresponding to the second comparison result to obtain a second fragment of a final result of comparison operation between the privacy data and 0; the first party has a first segment of the final result;
the value range comprises a minimum value and a maximum value, the minimum value is an addition inverse element of a first numerical value, the maximum value is a second numerical value, the first numerical value and the second numerical value are both greater than 0, and the sum of the first numerical value, the second numerical value and 1 is less than or equal to n;
wherein the sum of the first threshold and the second threshold is greater than or equal to n minus 2 and less than n; the first threshold is greater than or equal to the second value and less than or equal to n minus the first value; the second threshold is greater than or equal to the second value and less than or equal to n minus the first value.
7. The method of claim 6, wherein the generating a second integer by a second operation on an additive inverse and a second intermediate value of the second privacy slice comprises:
if the second comparison result shows that the second privacy segment is smaller than or equal to the second threshold value, setting the second intermediate value as a third numerical value; subtracting the second privacy slice from the third value as the second integer;
if the second comparison result shows that the second privacy segment is larger than the second threshold value, setting the second intermediate value as n; subtracting the second privacy slice from n as the second integer.
8. The method of claim 7, wherein the third value is greater than the second value and less than or equal to n minus the first value; the third value is greater than or equal to the first value.
9. The method of claim 8, wherein the security comparison result is specifically: and safely comparing the second integer of the present with the first integer of the first party to obtain a comparison result of whether the first integer is smaller than the second integer.
10. The method as claimed in claim 9, wherein the processing the second slice of the security comparison result according to the second processing manner corresponding to the second comparison result to obtain the second slice of the final result of the comparison operation between the privacy data and 0 includes:
if the second comparison result shows that the second privacy segment is smaller than or equal to the second threshold value, taking the second segment of the security comparison result as the second segment of the final result;
and if the second comparison result shows that the second privacy fragment is larger than the second threshold value, taking the result of carrying out XOR operation on 1 and the second fragment of the safety comparison result as the second fragment of the final result.
11. The device for performing secure operation on private data is used for splitting the private data into a first private fragment and a second private fragment based on a secret sharing mode, wherein the first private fragment is distributed on a first party, the second private fragment is distributed on a second party, and the first private fragment and the second private fragment both belong to a modulo n space; the device is disposed on the first party, and includes:
the first comparison unit is used for comparing the first privacy segment with a first threshold value to obtain a first comparison result;
a generating unit configured to generate a first integer by a first operation on the first privacy segment and a first intermediate value; the first intermediate value is determined according to a first comparison result obtained by the first comparison unit, a value range of the private data and a modulus space n;
a second comparing unit configured to perform a secure comparison between the first integer generated by the generating unit of the second party and the second integer of the second party to obtain a first slice of a secure comparison result; the second integer is generated by a second operation of the second party on an addition inverse element of the second privacy fragment and a second intermediate value, and the second intermediate value is determined according to a result of comparison between the second privacy fragment and a second threshold value, the value range and the modulo space n; the second party has a second slice of the secure comparison result;
the processing unit is used for processing the first fragment of the safety comparison result obtained by the second comparison unit according to a first processing mode corresponding to the first comparison result to obtain a first fragment of a final result of comparison operation between the privacy data and 0; the second party has a second tile of the final result;
the value range comprises a minimum value and a maximum value, the minimum value is an addition inverse element of a first numerical value, the maximum value is a second numerical value, the first numerical value and the second numerical value are both greater than 0, and the sum of the first numerical value, the second numerical value and 1 is less than or equal to n;
wherein the sum of the first threshold and the second threshold is greater than or equal to n minus 2 and less than n; the first threshold is greater than or equal to the second value and less than or equal to n minus the first value; the second threshold is greater than or equal to the second value and less than or equal to n minus the first value.
12. The apparatus of claim 11, wherein the generating unit comprises:
a first generating subunit, configured to set the first intermediate value to 0 if the first comparison result indicates that the first privacy segment is smaller than or equal to the first threshold; taking the first privacy segment as the first integer;
a second generating subunit, configured to set the first intermediate value as a third value minus n if the first comparison result indicates that the first privacy segment is greater than the first threshold; the first privacy segment plus the third value minus n is taken as the first integer.
13. The apparatus of claim 12, wherein the third value is greater than the second value and less than or equal to n minus the first value; the third value is greater than or equal to the first value.
14. The apparatus according to claim 13, wherein the security comparison result is specifically: and safely comparing the first integer of the self with the second integer of the second party to obtain a comparison result of whether the first integer is smaller than the second integer.
15. The apparatus of claim 14, wherein the processing unit comprises:
a first processing subunit, configured to, if the first comparison result indicates that the first privacy partition is smaller than or equal to the first threshold, take the first partition of the security comparison result as the first partition of the final result;
and the second processing subunit is configured to, if the first comparison result indicates that the first privacy segment is greater than the first threshold, take a result of performing an exclusive or operation on 1 and the first segment of the security comparison result as the first segment of the final result.
16. The device for performing secure operation on private data is used for splitting the private data into a first private fragment and a second private fragment based on a secret sharing mode, wherein the first private fragment is distributed on a first party, the second private fragment is distributed on a second party, and the first private fragment and the second private fragment both belong to a modulo n space; the device set up in the second side includes:
the first comparison unit is used for comparing the second privacy segment with a second threshold value to obtain a second comparison result;
a generating unit, configured to generate a second integer by a second operation on an addition inverse of the second privacy slice and a second intermediate value; the second intermediate value is determined according to a second comparison result obtained by the first comparison unit, the value range of the privacy data and the modulo space n;
a second comparing unit configured to perform a security comparison between the second integer generated by the generating unit of the second party and the first integer of the first party to obtain a second slice of a security comparison result; the first integer is generated by the first party through a first operation on the first privacy fragment and a first intermediate value, and the first intermediate value is determined according to a comparison result of the first privacy fragment and a first threshold value, the value range and the modulo space n; the first party has a first slice of the security comparison result;
the processing unit is used for processing the second fragment of the safety comparison result obtained by the second comparison unit according to a second processing mode corresponding to the second comparison result to obtain a second fragment of a final result of comparison operation between the privacy data and 0; the first party has a first segment of the final result;
the value range comprises a minimum value and a maximum value, the minimum value is an addition inverse element of a first numerical value, the maximum value is a second numerical value, the first numerical value and the second numerical value are both greater than 0, and the sum of the first numerical value, the second numerical value and 1 is less than or equal to n;
wherein the sum of the first threshold and the second threshold is greater than or equal to n minus 2 and less than n; the first threshold is greater than or equal to the second value and less than or equal to n minus the first value; the second threshold is greater than or equal to the second value and less than or equal to n minus the first value.
17. The apparatus of claim 16, wherein the generating unit comprises:
a first generating subunit, configured to set the second intermediate value to a third value if the second comparison result indicates that the second privacy segment is smaller than or equal to the second threshold value; subtracting the second privacy slice from the third value as the second integer;
a second generating subunit, configured to set the second intermediate value to n if the second comparison result indicates that the second privacy segment is greater than the second threshold; subtracting the second privacy slice from n as the second integer.
18. The apparatus of claim 17, wherein the third value is greater than the second value and less than or equal to n minus the first value; the third value is greater than or equal to the first value.
19. The apparatus according to claim 18, wherein the security comparison result is specifically: and safely comparing the second integer of the present with the first integer of the first party to obtain a comparison result of whether the first integer is smaller than the second integer.
20. The apparatus of claim 19, wherein the processing unit comprises:
a first processing subunit, configured to, if the second comparison result indicates that the second privacy segment is smaller than or equal to the second threshold, take the second segment of the security comparison result as the second segment of the final result;
and the second processing subunit is configured to, if the second comparison result indicates that the second privacy segment is greater than the second threshold, use a result of performing an exclusive or operation on 1 and the second segment of the security comparison result as the second segment of the final result.
21. A computer-readable storage medium, on which a computer program is stored which, when executed in a computer, causes the computer to carry out the method of any one of claims 1-10.
22. A computing device comprising a memory having stored therein executable code and a processor that, when executing the executable code, implements the method of any of claims 1-10.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010759933.4A CN111737757B (en) | 2020-07-31 | 2020-07-31 | Method and device for performing secure operation on private data |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010759933.4A CN111737757B (en) | 2020-07-31 | 2020-07-31 | Method and device for performing secure operation on private data |
Publications (2)
Publication Number | Publication Date |
---|---|
CN111737757A CN111737757A (en) | 2020-10-02 |
CN111737757B true CN111737757B (en) | 2020-11-17 |
Family
ID=72656898
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010759933.4A Active CN111737757B (en) | 2020-07-31 | 2020-07-31 | Method and device for performing secure operation on private data |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111737757B (en) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113836595B (en) * | 2021-09-26 | 2023-11-14 | 支付宝(杭州)信息技术有限公司 | Method, device and system for two-party safety comparison |
CN113708930B (en) * | 2021-10-20 | 2022-01-21 | 杭州趣链科技有限公司 | Data comparison method, device, equipment and medium for private data |
CN114726511B (en) * | 2022-03-08 | 2024-03-22 | 支付宝(杭州)信息技术有限公司 | Data processing method and device |
CN115617897B (en) * | 2022-11-04 | 2023-03-14 | 华控清交信息科技(北京)有限公司 | Data type conversion method and multi-party secure computing system |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8891772B2 (en) * | 2011-06-17 | 2014-11-18 | Microsoft Corporation | Cloud key escrow system |
US10505723B1 (en) * | 2017-04-26 | 2019-12-10 | Wells Fargo Bank, N.A. | Secret sharing information management and security system |
CN110263294B (en) * | 2019-05-23 | 2020-08-04 | 阿里巴巴集团控股有限公司 | Method and device for determining loss function value and electronic equipment |
CN110472439B (en) * | 2019-08-09 | 2023-08-22 | 创新先进技术有限公司 | Model parameter determining method and device and electronic equipment |
CN110569228B (en) * | 2019-08-09 | 2020-08-04 | 阿里巴巴集团控股有限公司 | Model parameter determination method and device and electronic equipment |
CN110555315B (en) * | 2019-08-09 | 2021-04-09 | 创新先进技术有限公司 | Model parameter updating method and device based on secret sharing algorithm and electronic equipment |
-
2020
- 2020-07-31 CN CN202010759933.4A patent/CN111737757B/en active Active
Also Published As
Publication number | Publication date |
---|---|
CN111737757A (en) | 2020-10-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111737757B (en) | Method and device for performing secure operation on private data | |
CN111539026B (en) | Method and device for performing secure operation on private data | |
CN111523145B (en) | Method and device for performing secure operation on private data | |
Bauer et al. | Horizontal collision correlation attack on elliptic curves: –Extended Version– | |
US9772821B2 (en) | Cryptography method comprising an operation of multiplication by a scalar or an exponentiation | |
US7908641B2 (en) | Modular exponentiation with randomized exponent | |
CN111737767B (en) | Method and device for performing secure operation on private data | |
CN113591146B (en) | Efficient and safe two-party computing system and computing method based on cooperation | |
KR101194837B1 (en) | Cryptographic apparatus and method for fast computation of blinding-exponent DPA countermeasure | |
US8817973B2 (en) | Encrypting method having countermeasure function against power analyzing attacks | |
CN111523144A (en) | Method and device for performing secure operation aiming at private data of multiple parties | |
CN113722734B (en) | Method, device and system for determining selection result fragments by two-party safety selection | |
CN108875416B (en) | Elliptic curve multiple point operation method and device | |
EP3698262B1 (en) | Protecting modular inversion operation from external monitoring attacks | |
CN113470126A (en) | Novel image encryption method based on hyperchaos for scrambling related to plaintext pixel dynamic | |
CN107888385B (en) | RSA modulus generation method, RSA key generation method, computer device, and medium | |
CN115906126A (en) | Data processing method and device in multi-party security computing | |
Silde | Comparative study of ECC libraries for embedded devices | |
US9419789B2 (en) | Method and apparatus for scalar multiplication secure against differential power attacks | |
Ming et al. | Revealing the weakness of addition chain based masked SBox implementations | |
CN114221753B (en) | Key data processing method and electronic equipment | |
CN113836595B (en) | Method, device and system for two-party safety comparison | |
CN113836596B (en) | Method, device and system for determining selection result fragments by two-party safety selection | |
CN113868716A (en) | Boolean circuit for merging and splitting data slices | |
Brown | CM55: special prime-field elliptic curves almost optimizing den Boer's reduction between Diffie-Hellman and discrete logs |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right | ||
TR01 | Transfer of patent right |
Effective date of registration: 20240929 Address after: Room 803, floor 8, No. 618 Wai Road, Huangpu District, Shanghai 200010 Patentee after: Ant blockchain Technology (Shanghai) Co.,Ltd. Country or region after: China Address before: 310000 801-11 section B, 8th floor, 556 Xixi Road, Xihu District, Hangzhou City, Zhejiang Province Patentee before: Alipay (Hangzhou) Information Technology Co.,Ltd. Country or region before: China |