CN112580072A - Data set intersection method and device - Google Patents
Data set intersection method and device Download PDFInfo
- Publication number
- CN112580072A CN112580072A CN202011449167.8A CN202011449167A CN112580072A CN 112580072 A CN112580072 A CN 112580072A CN 202011449167 A CN202011449167 A CN 202011449167A CN 112580072 A CN112580072 A CN 112580072A
- Authority
- CN
- China
- Prior art keywords
- key
- data set
- ciphertext
- layer
- leaf node
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
Abstract
The invention discloses a data set intersection method and a device, wherein the method comprises the steps that a sender generates a first ciphertext and a second ciphertext and informs a receiver of the meanings of the first ciphertext and the second ciphertext, a key tree of a first data set is generated based on elements in the first data set, the ciphertext of a key on each layer of leaf node in the key tree is determined, the first ciphertext and the second ciphertext are encrypted according to the key of the last layer of leaf node in the key tree of the first data set to obtain a ciphertext set, the ciphertext set is sent to the receiver, and the ciphertext of the key on each layer of leaf node in the key tree is transmitted to the receiver by using an oblivious transmission protocol. By generating a ciphertext and a key for each set element, the two parties obtain the key of the intersection element after interaction, and the ciphertext of the intersection element is obtained by decryption with the key, so that the privacy of the two party sets can be ensured in the intersection process, and finally only one party set owner can obtain the ciphertext of the intersection result.
Description
Technical Field
The invention relates to the technical field of financial science and technology, in particular to a data set intersection method and device.
Background
With the development of computer technology, more and more technologies are applied in the financial field, and the traditional financial industry is gradually changing to financial technology, but due to the requirements of the financial industry on safety and real-time performance, higher requirements are also put forward on the technologies. In the data processing process in the financial field, data set intersection is an important research problem.
The existing technical scheme is that two parties firstly confuse own sets through encryption, hashing, bloom filters and other methods, then the two parties intersect the two confused sets through interaction to obtain a confusion intersection, and at least one of the parties has the capacity of recovering confusion, so that a plaintext result of the intersection of two persons is obtained. Because the prior art directly mixes the plaintext of the set elements, the plaintext of the intersection elements can be directly obtained by recovering the mixing after the mixed set is obtained. Through the above description, it can be known that the prior art can only ensure the data privacy of the intersection parties except for the intersection data in the intersection process, and finally at least one participant can directly obtain the plaintext of the intersection data. And some existing solutions additionally rely on an external trusted third party.
Disclosure of Invention
The embodiment of the invention provides a data set submitting method and device, which are used for solving the problem that in the prior art, data privacy cannot be guaranteed by both data submitting parties, protecting the data privacy in the data set submitting process and enabling a sender not to determine data received by a receiver.
In a first aspect, an embodiment of the present invention provides a data set intersection method, including:
the sender generates a first ciphertext and a second ciphertext and informs the receiver of the meanings of the first ciphertext and the second ciphertext;
the sender generates a key tree of a first data set based on elements in the first data set;
determining, by the sender, based on a key tree of the first data set, a ciphertext of a key at each layer of leaf nodes in the key tree;
the sender encrypts the first ciphertext and the second ciphertext according to the key of the last layer of leaf node in the key tree of the first data set to obtain a ciphertext set, and sends the ciphertext set to the receiver;
and the sender transmits the cipher text of the key on each layer of leaf node in the key tree to the receiver by using an oblivious transmission protocol, so that the receiver determines the key corresponding to the element in the second data set according to the element in the second data set and then decrypts the element in the cipher text set, and determines the element which has intersection with the first data set in the second data set.
In the technical scheme, a ciphertext and a key are generated for each set element, the two parties obtain the key of the intersection element after interaction, and the ciphertext of the intersection element is obtained by decryption through the key, so that the privacy of the two parties can be ensured in the intersection process, and finally, only one party set owner can obtain the ciphertext of the intersection result.
Optionally, the generating, by the sender, a key tree of the first data set based on the elements in the first data set includes:
the sender generates a key of a leaf node at the layer 1 of a key tree of the first data set according to the value of the 1 st significant bit of each element in the first data set;
the sender generates leaf node keys of layers except the layer 1 in the key tree of the first data set according to the values of the valid bits of the elements in the first data set based on the keys of the leaf nodes of the layer 1 in the key tree of the first data set.
Optionally, the generating, by the sender, leaf node keys of layers other than the layer 1 in the key tree of the first data set according to values of valid bits of elements in the first data set based on a key of a leaf node of the layer 1 in the key tree of the first data set, includes:
if there is a leaf node in a cascade state for the value of the first i + 1-bit significant bit of each element in the first data set, the sender generates a key of a valid leaf node in the i +1 th layer of the key tree of the first data set according to the value of the first i + 1-bit significant bit;
if no leaf node in a cascade state exists in the values of the first i + 1-bit valid bits of the elements in the first data set, the sender determines whether an invalid leaf node exists in the ith layer of the key tree of the first data set, if so, determines the key of the invalid leaf node in the ith layer as the key of the invalid leaf node in the (i +1) th layer of the key tree of the first data set, otherwise, randomly generates the key of the invalid leaf node in the (i +1) th layer of the key tree of the first data set;
wherein i is an integer greater than or equal to 1.
Optionally, the determining, by the sender, a ciphertext of a key on a leaf node of each layer in the key tree based on the key tree of the first data set includes:
for a key on a level 1 leaf node of a key tree of the first data set, the sender determining a key on a level 1 leaf node of a key tree of the first data set as a ciphertext of the key on the level 1 leaf node of the key tree of the first data set;
based on the ciphertext of the key on the leaf node at the layer 1 of the key tree of the first data set, the sender sequentially encrypts the key of the leaf node with the same value as the first i +1 significant bit of each element in the layer i of the key tree of the first data set by using the key of the leaf node with the same value as the first i +1 significant bit of each element in the layer i +1 to obtain the ciphertext of the key on the leaf node with the same value as the first i +1 significant bit of each element in the layer i +1 of the key tree of the first data set.
Optionally, the encrypting the first ciphertext and the second ciphertext by the sender according to the key of the last layer of leaf node in the key tree of the first data set to obtain a ciphertext set, where the encrypting is performed by:
the sender encrypts the first ciphertext by using keys of leaf nodes in the last layer of a key tree of the first data set, wherein the leaf nodes are the same as the values of the elements of the first data set, and then puts the first ciphertext into the ciphertext set;
the sender encrypts the second ciphertext by using the keys of leaf nodes with different values from the elements of the first data set in the last layer of the key tree of the first data set, then puts the second ciphertext into the ciphertext set, and complements the number of the ciphertexts of the ciphertext set;
and determining the number of the ciphertexts in the cipher text set by the number of bits of the value of each element in the first data set.
Optionally, the transmitting the ciphertext of the key on the leaf node of each layer in the key tree to the receiving side by using an oblivious transmission protocol, including:
and the sender sequentially transmits the cipher text of the key on the leaf node of each layer to the receiver through multiple rounds of inadvertent transmission according to the layer number of the leaf node of the key tree, so that the receiver sequentially inputs each bit of effective bits of the values of the elements in the second data set to obtain the cipher text of the key on the leaf node of the key tree corresponding to each bit of effective bits.
In a second aspect, an embodiment of the present invention provides a data set intersection apparatus, including:
the processing unit is used for generating a first ciphertext and a second ciphertext and informing a receiver of the meanings of the first ciphertext and the second ciphertext; generating a key tree of a first data set based on elements in the first data set; determining a cipher text of a key on each layer of leaf nodes in the key tree based on the key tree of the first data set; encrypting the first ciphertext and the second ciphertext according to the key of the last layer of leaf nodes in the key tree of the first data set to obtain a ciphertext set, and sending the ciphertext set to the receiver;
a transmission unit, configured to transmit a ciphertext of a key on each layer of leaf node in the key tree to the receiver using an oblivious transmission protocol, so that the receiver determines, according to an element in a second data set, a key corresponding to an element in the second data set, and then decrypts the element in the ciphertext set, thereby determining an element in the second data set that has an intersection with the first data set.
Optionally, the processing unit is specifically configured to:
generating keys of leaf nodes of a layer 1 of a key tree of the first data set according to the value of the 1 st significant bit of each element in the first data set;
and generating leaf node keys of layers except the layer 1 in the key tree of the first data set according to the values of the valid bits of the elements in the first data set based on the keys of the leaf nodes of the layer 1 in the key tree of the first data set.
Optionally, the processing unit is specifically configured to:
if a leaf node in a cascade state exists in the first i + 1-bit valid bit value of each element in the first data set, generating a key of a valid leaf node in the i +1 th layer of a key tree of the first data set according to the first i + 1-bit valid bit value;
if the value of the first i + 1-bit valid bit of each element in the first data set does not have a leaf node in a cascade state, determining whether an invalid leaf node exists in the ith layer of a key tree of the first data set, if so, determining a key of the invalid leaf node in the ith layer as the key of the invalid leaf node in the (i +1) th layer of the key tree of the first data set, otherwise, randomly generating the key of the invalid leaf node in the (i +1) th layer of the key tree of the first data set;
wherein i is an integer greater than or equal to 1.
Optionally, the processing unit is specifically configured to:
determining, for a key on a level 1 leaf node of a key tree of the first data set, a key on a level 1 leaf node of the key tree of the first data set as a ciphertext of the key on the level 1 leaf node of the key tree of the first data set;
based on the ciphertext of the key on the leaf node at the layer 1 of the key tree of the first data set, sequentially encrypting the key of the leaf node with the same value as the first i +1 significant bit of each element in the layer i of the key tree of the first data set by using the key of the leaf node with the same value as the first i +1 significant bit of each element in the layer i +1 to obtain the ciphertext of the key on the leaf node with the same value as the first i +1 significant bit of each element in the layer i +1 of the key tree of the first data set;
wherein i is an integer greater than or equal to 1.
Optionally, the processing unit is specifically configured to:
respectively encrypting the first ciphertext by using keys of leaf nodes in the last layer of a key tree of the first data set, wherein the leaf nodes are the same as the values of the elements of the first data set, and then putting the first ciphertext into the ciphertext set;
respectively encrypting the second ciphertext by using keys of leaf nodes with different values from the elements of the first data set in the last layer of a key tree of the first data set, then putting the second ciphertext into the ciphertext set, and complementing the number of the ciphertexts of the ciphertext set;
and determining the number of the ciphertexts in the cipher text set by the number of bits of the value of each element in the first data set.
Optionally, the transmission unit is specifically configured to:
and sequentially transmitting the cipher text of the key on the leaf node of each layer to the receiver through multiple rounds of accidental transmission according to the layer number of the leaf node of the key tree, so that the receiver sequentially inputs each bit of effective bits of the values of the elements in the second data set to obtain the cipher text of the key on the leaf node of the key tree corresponding to each bit of effective bits.
In a third aspect, an embodiment of the present invention further provides a computing device, including:
a memory for storing program instructions;
and the processor is used for calling the program instruction stored in the memory and executing the data set intersection method according to the obtained program.
In a fourth aspect, an embodiment of the present invention further provides a computer-readable non-volatile storage medium, which includes computer-readable instructions, and when the computer-readable instructions are read and executed by a computer, the computer is caused to execute the data set intersection method.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a schematic diagram of a system architecture according to an embodiment of the present invention;
fig. 2 is a schematic flow chart of a data set intersection method according to an embodiment of the present invention;
FIG. 3 is a diagram of a key tree according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a data set intersection apparatus according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the present invention will be described in further detail with reference to the accompanying drawings, and it is apparent that the described embodiments are only a part of the embodiments of the present invention, not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 is a system architecture provided in an embodiment of the present invention. As shown in fig. 1, the system architecture may be a server 100, and the server 100 may include a processor 110, a communication interface 120, and a memory 130.
The communication interface 120 is used for communicating with a terminal device, and transceiving information transmitted by the terminal device to implement communication.
The processor 110 is a control center of the server 100, connects various parts of the entire server 100 using various interfaces and lines, performs various functions of the server 100 and processes data by running or executing software programs and/or modules stored in the memory 130 and calling data stored in the memory 130. Alternatively, processor 110 may include one or more processing units.
The memory 130 may be used to store software programs and modules, and the processor 110 executes various functional applications and data processing by operating the software programs and modules stored in the memory 130. The memory 130 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function, and the like; the storage data area may store data created according to a business process, and the like. Further, the memory 130 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device.
It should be noted that the structure shown in fig. 1 is only an example, and the embodiment of the present invention is not limited thereto.
Based on the above description, fig. 2 shows in detail a flow of a data set submitting method according to an embodiment of the present invention, where the flow may be executed by a data set submitting apparatus.
As shown in fig. 2, the process specifically includes:
In an embodiment of the invention, the first ciphertext is used to indicate that the receiver determines that there are elements that intersect the sender's data set, and the second ciphertext is used to indicate that the receiver determines that there are elements that do not intersect the sender's data set.
The first data set is a sender's data set and the receiver's data set is a second data set. The number of elements in the two sets is the same, the elements are in a character string form, and the character strings of the elements in the two sets are the same in length and can be any length.
First, the sender needs to randomly generate the first ciphertext and the second ciphertext, and may use 0 or 1 to represent the first ciphertext and the second ciphertext.
Then, the sender generates the key tree of the first data set based on the elements in the first data set, specifically, the sender generates the keys of the leaf nodes at the layer 1 of the key tree of the first data set according to the value of the 1 st significant bit of each element in the first data set. And then generating leaf node keys of layers except the layer 1 in the key tree of the first data set according to the values of the valid bits of the elements in the first data set based on the keys of the leaf nodes of the layer 1 in the key tree of the first data set.
When the leaf node keys of layers except the layer 1 in the key tree are generated, the leaf nodes in a cascade state mainly exist for the values of the first i + 1-bit valid bits of the elements in the first data set, and the sender generates the keys of the valid leaf nodes in the layer i +1 of the key tree of the first data set according to the values of the first i + 1-bit valid bits. And aiming at the fact that the leaf nodes in the cascade state do not exist in the values of the first i + 1-bit valid bits of the elements in the first data set, the sender determines whether invalid leaf nodes exist in the ith layer of the key tree of the first data set, if so, the keys of the invalid leaf nodes in the ith layer are determined as the keys of the invalid leaf nodes in the (i +1) -th layer of the key tree of the first data set, and if not, the keys of the invalid leaf nodes in the (i +1) -th layer of the key tree of the first data set are randomly generated. Wherein i is an integer greater than or equal to 1. The key generation algorithm in the embodiment of the present invention may be a key generation algorithm Gen.
For example, when the tree has multiple levels, the key on the leaf node of each level can be calculated according to the following formula. The relationship between the key of the (i +1) th layer and the key of the (i) th layer is as follows:
for each key k _ t of the existing i-th layer, a key k _ (t | | b) of the i + 1-th layer is calculated, wherein t | | b represents concatenation, and b is 0 or 1.
1) If the first i +1 bit valid bit of the set Y is t | | b, S uses a key generation algorithm Gen to calculate to obtain a key k;
2) if the first i + 1-bit valid bit of the set Y is not t | | b, S uses a key generation algorithm Gen to calculate to obtain a key k _ (i +1) ×;
3) if k _ t is already the key k _ i in the i-th layer, k _ (i +1) ═ k _ i in the i + 1-th layer, the key k _ (i +1) is obtained without further calculation using the key generation algorithm Gen.
After the key tree is obtained, the ciphertext of each key in the key tree may be calculated, and specifically, for the key at the leaf node of the layer 1 of the key tree of the first data set, the sender determines the key at the leaf node of the layer 1 of the key tree of the first data set as the ciphertext of the key at the leaf node of the layer 1 of the key tree of the first data set. Based on the ciphertext of the key on the leaf node at the layer 1 of the key tree of the first data set, the sender uses the key of the leaf node with the same value as the first i-bit significant bit of each element in the layer i of the key tree of the first data set to encrypt the key of the leaf node with the same value as the first i + 1-bit significant bit of each element in the layer i +1 in sequence, and the ciphertext of the key on the leaf node with the same value as the first i + 1-bit significant bit of each element in the layer i +1 of the key tree of the first data set is obtained.
The ciphertext corresponding to the key of the leaf node of the current layer in the key tree is encrypted by using the key of the leaf node of the previous layer.
In the practical application process, the ciphertext of each layer can be calculated according to the following formula. For layer i, S first creates two empty lists c _ i0, c _ i 1. To compute the ith layer, it is determined what the i-1 th significant bit t of Y (i.e., the i-1 th bit before the element in the set Y) is, and then it is determined whether the i-th significant bit of Y (i.e., the i-th bit before the element in the set Y) is t | b, b is the third bit of the element, and may be 0 or 1.
For all the i-1 th valid bits t, the following operations are performed:
1) if t | |0 is the i-th valid bit in Y, the ciphertext Enc (k _ t, k _ t | |0) is computed and added to the list c _ i 0.
2) If t |0 is not the i-th valid bit in Y, the ciphertext Enc (k _ t, k _ i) is computed and added to the list c _ i 0.
3) If t | |1 is the i-th valid bit in Y, the ciphertext Enc (k _ t, k _ t | |1) is computed and added to the list c _ i 1.
4) If t | |1 is not the i-th significant bit in Y, the ciphertext Enc (k _ t, k _ i) is computed and added to the list c _ i 1.
5) The lists c _ i0, c _ i1 are shuffled.
6) If the number of elements in the list c _ i0, c _ i1 is less than 2^ (i-1), then Enc (key,0) is calculated, the key is S and is the key calculated by using the key generation algorithm Gen, and Enc (key,0) is added into the list c _ i0, c _ i 1.
After the key tree is obtained, the key of the leaf node of the last layer is used to encrypt the first ciphertext and the second ciphertext, specifically, the key of the leaf node of the last layer of the key tree of the first data set, which is the same as the value of the element of the first data set, is used to encrypt the first ciphertext and then the first ciphertext is put into the encrypted set. And respectively encrypting the second ciphertext by using the keys of leaf nodes in the last layer of the key tree of the first data set, wherein the leaf nodes have different values from the elements of the first data set, then putting the second ciphertext into the ciphertext set, and complementing the number of the ciphertexts of the ciphertext set. And the number of the ciphertexts in the cipher text set is determined by the number of bits of the value of each element in the first data set. For example, if the number of bits of the value of an element is 3 bits, the number of ciphertexts in the cipher text set is 2^3 ^ 8.
At step 204, the sender transmits the ciphertext of the key at each level of the leaf node in the key tree to the recipient using an oblivious transmission protocol.
After the ciphertext of the key on each layer of leaf node in the key tree is transmitted to the receiver, the receiver can determine the key corresponding to the element in the second data set according to the element in the second data set and then decrypt the element in the ciphertext set, so as to determine the element in the second data set, which has intersection with the first data set.
Specifically, the ciphertext of the key on the leaf node of each layer is sequentially transmitted to the receiver through multiple rounds of unintentional transmission according to the number of layers of the leaf node of the key tree, so that the receiver sequentially inputs each bit of the valid bit of the value of the element in the second data set, and the ciphertext of the key on the leaf node of the key tree corresponding to each bit of the valid bit is obtained. Wherein, the number of layers of the leaf nodes of the key tree can be transmitted in any number of times.
When a receiver obtains the ciphertext of the key on the leaf node of the key tree corresponding to each valid bit, the ciphertext of the key on the leaf node of the key tree corresponding to the valid bit received for the first time is decrypted in sequence to obtain the key corresponding to the element in the second data set, and finally the ciphertext in the ciphertext set is decrypted by using the key corresponding to the element in the second data set to obtain the first ciphertext or the second ciphertext. And if the first ciphertext is obtained, indicating that the elements in the second data set are the elements in the intersection. And if the second ciphertext is obtained, indicating that the elements in the second data set are not the elements in the intersection.
In order to better explain the embodiment of the present invention, the process of data set intersection described above will be described in a specific implementation scenario.
In the embodiment of the present invention, the participants are two users S, R who own the set, S owns the set Y, R owns the set X, elements in Y are represented as Y, and elements in X are represented as X. The number of elements in the two sets is any integer M, the elements in the sets are in a character string form, and the length of the character string can be any length. R hopes to obtain the ciphertext of the intersection element of the set X and the set Y, and needs to judge whether each element in X is in Y or not. Here, the process of intersecting data sets is described by taking M as 3, length as 3, Y as {010, 011, 110}, and R determining whether one element X in X belongs to the set Y.
The method comprises the following steps: for all elements Y in Y, S generates two ciphertexts MSG0, MSG1, MSG0 indicating that element x of R is not an element in the intersection; MSG1 is used to indicate that element x of R is an element in the intersection.
Step two: and S, generating a key tree corresponding to the set Y based on all the elements Y in the set Y. The specific process is as follows:
as shown in fig. 3, 2.1, S constructs a tree, where the tree depth is element length 3, i.e. the tree has 3 layers, the root node of the tree is empty, the other node values are keys generated by S, and all keys are calculated layer by layer as the following steps.
2.2, S compute the first level 2 node values of the tree. The three elements 010, 011, 110 in Y, start with the high order bits, and since the first significant bit (i.e., the most significant bit) has both 0 and 1, S is calculated to k _0, k _1 using the key generation algorithm Gen. The two node values at the first level of the final tree are k _0 and k _ 1.
2.3, S compute 4 node values in the second level of the tree. The three elements 010, 011, 110 in Y, start with the upper bits, and since the first two significant bits are 01 and 11, S is calculated to k _01 and k _11 using the key generation algorithm Gen. Since the first two significant bits of the three elements in Y do not have 00 and 10, S is calculated to k _2 using the key generation algorithm Gen. The four node values of the second layer of the final tree are k _01, k _11, and two k _ 2.
2.4, S calculate the third level of 8 node values of the tree. The three elements 010, 011, 110 in Y, start with the upper bits, since the first three significant bits are 010, 011 and 110, S is calculated to k _010, k _011 and k _110 using the key generation algorithm Gen. For the other five nodes, S usage is directly passed through k _2 to get k _ 3. Namely k _3 ═ k _ 2.
This is done through the above steps, since the tree in the example has a total of three levels. If the tree has multiple layers, the key of each layer can be calculated according to the formula.
Step three: and S, generating a ciphertext for the key of the leaf node in each layer according to the key tree which is generated in the step two and is shown in the figure 3. The specific process is as follows:
3.1, 2 ciphertexts of the first layer are 2 keys of the first layer: c _0 ═ k _0, and c _1 ═ k _ 1.
3.2, S calculates 4 ciphertexts of the second layer: to compute the second layer, depending on what the first significant bit t of Y (i.e., the highest bit of the element in the set Y) is, then determine whether the second significant bit of Y (i.e., the first two bits of the element in the set Y) is t | | b, where b is the second bit of the element, and may be either 0 or 1. S creates two ciphertext sets c _02 and c _12, and respectively stores the ciphertext of which t | b is not the first two significant bits of the Y element and the ciphertext of which t | b is the first two significant bits of the Y element.
The three elements 010, 011, 110 in Y start with the upper bits because the first significant bit t (i.e., the most significant bit) has both 0 and 1, and then determine if t | | b is the second significant bit of Y.
When t is 0:
t | | |0 ═ 00, 00 is not the first two significant bits of the Y element, so Enc (k _0, k 2) is calculated and added to c _ 02.
When t is 1:
since t | |0 ═ 10, 10 is not the first two significant bits of the Y element, Enc (k _1, k 2) is calculated to add c _ 02.
Since t 1 is 11 and 11 is the first two significant bits of the Y element, Enc (k _0, k _11) is calculated to add c _ 12.
The four final ciphertexts of the second layer are:
c_02={Enc(k_0,k2*),Enc(k_1,k2*)};
c_12={Enc(k_0,k_01),Enc(k_0,k_11)}。
3.3, S calculates 8 ciphertexts of the third layer: to calculate the third level, depending on what the second significant bit t of Y (i.e. the first two bits of the element in the set Y) is, then it is determined whether the third significant bit of Y (i.e. the first three bits of the element in the set Y) is t | | b, and b is the third bit of the element, which may be 0 or 1. S creates two ciphertext sets c _02 and c _12, and respectively stores a ciphertext of which t is not the first three significant bits of the Y element and a ciphertext of which t is the first three significant bits of the Y element.
The three elements 010, 011, 110 in Y start with the upper bits, since the second significant bit t is 01,11,10, and then it is determined whether t | | b is the third significant bit of Y.
When t is 01:
since t | |0 is 010 and 010 is the first three significant bits of the Y element, Enc (k _01, k _010) is calculated to add c _ 03.
Since t | |1 is 011 is the first three significant bits of the Y element, computing Enc (k _01, k _011) adds c _ 13.
When t is 11:
since t | |0 ═ 110, 110 is the first three significant bits of the Y element, Enc (k _11, k _110) is calculated to add c _ 03.
Since t | |1 is 111, 111 is not the first three significant bits of the Y element, Enc (k _11, k _ 3) is calculated to add c _ 13.
When t is 10:
since t | |0 is 100, 100 is not the first three significant bits of the Y element, Enc (k _10, k _ 3) is calculated to add c _ 03.
Since t 1 is 101 and 111 is not the first three significant bits of the Y element, Enc (k _10, k _ 3) is calculated to add c _ 13.
Since the third layer should have 8 ciphertexts, only 6 ciphertexts are calculated, the remaining two ciphertexts are Enc (key,0), the key is S calculated by using a key generation algorithm Gen, and it is ensured that 4 ciphertexts exist in c _03 and c _13 respectively.
The final third layer ciphertext is:
c_03={Enc(k_01,k_010),Enc(k_11,k_110),Enc(k_10,k_3*),Enc(key,0)};
c_13={Enc(k_01,k_011),Enc(k_11,k_3*),Enc(k_10,k_3*),Enc(key,0)}。
step four: and S, respectively encrypting the ciphertext corresponding to each element by using the last layer of key obtained in the step two. The specific process is as follows: s initializes an empty list. For each node y of the last layer, S computes Enc (k _ y, MSG1), adding a list. Where k _ y is the key in the last layer. If the number of the list elements is less than 2^ length, filling Enc (k _ length, MSG0) in the list. And S replaces the elements in the list and sends the elements to R.
Step five: and R and S are transmitted carelessly, and the ciphertext obtained by calculation in the step three is transmitted.
And R judges whether one element X in X is 010 in the set Y of S, and if X belongs to Y, R obtains the ciphertext corresponding to X in the step three. The tree in step two has several layers, and R and S are transmitted for several times. The inadvertent transmission is a mature technology in the prior art, and the text is used as a tool, and the specific algorithm process is not described in detail.
First round of inadvertent transport:
r inputs the first bit 0 of x, S inputs the first layer ciphertext c _0 ═ k _0, and c _1 ═ k _ 1.
Through the inadvertent transmission, R obtains the ciphertext c _0 corresponding to the first bit 0 as k _ 0.
Second round of inadvertent transport:
r inputs the second bit 1 of x, S inputs the second layer ciphertext c _02 ═ { Enc (k _0, k 2) }, Enc (k _1, k 2) }; c _12 ═ { Enc (k _0, k _01), Enc (k _0, k _11) }.
Through the inadvertent transmission, R obtains the ciphertext c _12 corresponding to the second bit 1.
Third inadvertent transfer:
r inputs the third bit 0 of x, S inputs the third layer ciphertext c _03 ═ { Enc (k _01, k _010), Enc (k _11, k _110), Enc (k _10, k _ 3), Enc (key,0) }; c _13 ═ { Enc (k _01, k _011), { Enc (k _11, k _ 3) }, Enc (k _10, k _ 3) }, Enc (key,0) }.
Through the inadvertent transmission, R obtains the ciphertext c _03 corresponding to the third bit, 0.
Step six: and D, decrypting all the ciphertexts in the key tree obtained in the step five according to layers by using the R to finally obtain the key corresponding to the element x of the R. The specific process is as follows:
the first layer, R, is passed through the fifth, first round of inadvertent transfer to get k _ 0.
A second layer: since R already has k _0 and c _12 is obtained via the fifth and second rounds of inadvertent transmission, computing Dec (k _1, c _12) can be decrypted to obtain k _ 01.
And a third layer: since R already has k _01 and c _03 is obtained by the fifth and third rounds of inadvertent transmission, computing Dec (k _01, c _03) can be decrypted to obtain k _ 010.
It should be noted that, since the tree in the example has three layers in total, the above steps can be completed. If the tree has multiple layers, the key corresponding to the element x of R can be obtained by analogy according to the above process.
Step seven: and D, decrypting the ciphertext of the last layer obtained in the step four by using the key k _010 obtained in the step six to finally obtain a ciphertext, wherein if the set element x of the R belongs to the set Y, the obtained ciphertext is MSG1, and if the set element x does not belong to the set Y, the obtained ciphertext is MSG 0. The specific process is as follows:
and the key obtained in the step six in the step R is k _010, and the ciphertext in the ciphertext list sent to the step R by the step S is decrypted according to the key:
Enc(k_010,MSG1),Enc(k_011,MSG1),Enc(k_110,MSG1),Enc(k_3*,MSG0)。
only the first ciphertext Enc (k _010, MSG1) may be decrypted, resulting in MSG 1. R decrypts MSG1, then R knows that its set element x belongs to set Y of S.
It should be noted that, for other elements in the R set X, if the above scheme is performed, R can obtain complete intersection information.
In the embodiment of the invention, a sender generates a first ciphertext and a second ciphertext and informs a receiver of the meanings of the first ciphertext and the second ciphertext, a key tree of a first data set is generated based on elements in the first data set, the ciphertext of a key on each layer of leaf node in the key tree is determined based on the key tree of the first data set, the first ciphertext and the second ciphertext are encrypted according to the key of the last layer of leaf node in the key tree of the first data set to obtain a ciphertext set, and sends the ciphertext set to the recipient, transmits the ciphertext of the key at each level of leaf nodes in the key tree to the recipient using an oblivious transmission protocol, and the receiver decrypts the elements in the ciphertext set after determining the key corresponding to the elements in the second data set according to the elements in the second data set, and determines the elements in the second data set, which have intersection with the first data set. By generating a ciphertext and a key for each set element, the two parties obtain the key of the intersection element after interaction, and the ciphertext of the intersection element is obtained by decryption with the key, so that the privacy of the two party sets can be ensured in the intersection process, and finally only one party set owner can obtain the ciphertext of the intersection result.
Based on the same technical concept, fig. 4 exemplarily shows a structure of a data set submitting apparatus, which can perform a data set submitting process, according to an embodiment of the present invention.
As shown in fig. 4, the apparatus specifically includes:
a processing unit 401, configured to generate a first ciphertext and a second ciphertext, and notify a recipient of meanings of the first ciphertext and the second ciphertext; generating a key tree of a first data set based on elements in the first data set; determining a cipher text of a key on each layer of leaf nodes in the key tree based on the key tree of the first data set; encrypting the first ciphertext and the second ciphertext according to the key of the last layer of leaf nodes in the key tree of the first data set to obtain a ciphertext set, and sending the ciphertext set to the receiver;
a transmitting unit 402, configured to transmit a ciphertext of a key on each layer of leaf node in the key tree to the receiver using an oblivious transmission protocol, so that the receiver determines, according to an element in a second data set, a key corresponding to an element in the second data set, and then decrypts the element in the ciphertext set, thereby determining an element in the second data set, which has an intersection with the first data set.
Optionally, the processing unit 401 is specifically configured to:
generating keys of leaf nodes of a layer 1 of a key tree of the first data set according to the value of the 1 st significant bit of each element in the first data set;
and generating leaf node keys of layers except the layer 1 in the key tree of the first data set according to the values of the valid bits of the elements in the first data set based on the keys of the leaf nodes of the layer 1 in the key tree of the first data set.
Optionally, the processing unit 401 is specifically configured to:
if a leaf node in a cascade state exists in the first i + 1-bit valid bit value of each element in the first data set, generating a key of a valid leaf node in the i +1 th layer of a key tree of the first data set according to the first i + 1-bit valid bit value;
if the value of the first i + 1-bit valid bit of each element in the first data set does not have a leaf node in a cascade state, determining whether an invalid leaf node exists in the ith layer of a key tree of the first data set, if so, determining a key of the invalid leaf node in the ith layer as the key of the invalid leaf node in the (i +1) th layer of the key tree of the first data set, otherwise, randomly generating the key of the invalid leaf node in the (i +1) th layer of the key tree of the first data set;
wherein i is an integer greater than or equal to 1.
Optionally, the processing unit 401 is specifically configured to:
determining, for a key on a level 1 leaf node of a key tree of the first data set, a key on a level 1 leaf node of the key tree of the first data set as a ciphertext of the key on the level 1 leaf node of the key tree of the first data set;
based on the ciphertext of the key on the leaf node at the layer 1 of the key tree of the first data set, sequentially encrypting the key of the leaf node with the same value as the first i +1 significant bit of each element in the layer i of the key tree of the first data set by using the key of the leaf node with the same value as the first i +1 significant bit of each element in the layer i +1 to obtain the ciphertext of the key on the leaf node with the same value as the first i +1 significant bit of each element in the layer i +1 of the key tree of the first data set;
wherein i is an integer greater than or equal to 1.
Optionally, the processing unit 401 is specifically configured to:
respectively encrypting the first ciphertext by using keys of leaf nodes in the last layer of a key tree of the first data set, wherein the leaf nodes are the same as the values of the elements of the first data set, and then putting the first ciphertext into the ciphertext set;
respectively encrypting the second ciphertext by using keys of leaf nodes with different values from the elements of the first data set in the last layer of a key tree of the first data set, then putting the second ciphertext into the ciphertext set, and complementing the number of the ciphertexts of the ciphertext set;
and determining the number of the ciphertexts in the cipher text set by the number of bits of the value of each element in the first data set.
Optionally, the transmission unit 402 is specifically configured to:
and sequentially transmitting the cipher text of the key on the leaf node of each layer to the receiver through multiple rounds of accidental transmission according to the layer number of the leaf node of the key tree, so that the receiver sequentially inputs each bit of effective bits of the values of the elements in the second data set to obtain the cipher text of the key on the leaf node of the key tree corresponding to each bit of effective bits.
Based on the same technical concept, an embodiment of the present invention further provides a computing device, including:
a memory for storing program instructions;
and the processor is used for calling the program instruction stored in the memory and executing the data set intersection method according to the obtained program.
Based on the same technical concept, embodiments of the present invention further provide a computer-readable non-volatile storage medium, which includes computer-readable instructions, and when the computer-readable instructions are read and executed by a computer, the computer is caused to execute the data set intersection method.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.
Claims (14)
1. A method for data set intersection, comprising:
the sender generates a first ciphertext and a second ciphertext and informs the receiver of the meanings of the first ciphertext and the second ciphertext;
the sender generates a key tree of a first data set based on elements in the first data set;
determining, by the sender, based on a key tree of the first data set, a ciphertext of a key at each layer of leaf nodes in the key tree;
the sender encrypts the first ciphertext and the second ciphertext according to the key of the last layer of leaf node in the key tree of the first data set to obtain a ciphertext set, and sends the ciphertext set to the receiver;
and the sender transmits the cipher text of the key on each layer of leaf node in the key tree to the receiver by using an oblivious transmission protocol, so that the receiver determines the key corresponding to the element in the second data set according to the element in the second data set and then decrypts the element in the cipher text set, and determines the element which has intersection with the first data set in the second data set.
2. The method of claim 1, wherein the sender generates a key tree for a first data set based on elements in the first data set, comprising:
the sender generates a key of a leaf node at the layer 1 of a key tree of the first data set according to the value of the 1 st significant bit of each element in the first data set;
the sender generates leaf node keys of layers except the layer 1 in the key tree of the first data set according to the values of the valid bits of the elements in the first data set based on the keys of the leaf nodes of the layer 1 in the key tree of the first data set.
3. The method of claim 2, wherein the sender generates leaf node keys for layers of the key tree of the first data set other than layer 1 based on the keys of leaf nodes of layer 1 of the key tree of the first data set according to the values of the valid bits of the elements in the first data set, comprising:
if there is a leaf node in a cascade state for the value of the first i + 1-bit significant bit of each element in the first data set, the sender generates a key of a valid leaf node in the i +1 th layer of the key tree of the first data set according to the value of the first i + 1-bit significant bit;
if no leaf node in a cascade state exists in the values of the first i + 1-bit valid bits of the elements in the first data set, the sender determines whether an invalid leaf node exists in the ith layer of the key tree of the first data set, if so, determines the key of the invalid leaf node in the ith layer as the key of the invalid leaf node in the (i +1) th layer of the key tree of the first data set, otherwise, randomly generates the key of the invalid leaf node in the (i +1) th layer of the key tree of the first data set;
wherein i is an integer greater than or equal to 1.
4. The method of claim 1, wherein the sender determining the ciphertext of the key at each level of the leaf node in the key tree based on the key tree for the first data set comprises:
for a key on a level 1 leaf node of a key tree of the first data set, the sender determining a key on a level 1 leaf node of a key tree of the first data set as a ciphertext of the key on the level 1 leaf node of the key tree of the first data set;
based on the ciphertext of the key on the leaf node at the layer 1 of the key tree of the first data set, the sender sequentially encrypts the key of the leaf node with the same value as the first i +1 significant bit of each element in the layer i of the key tree of the first data set by using the key of the leaf node with the same value as the first i +1 significant bit of each element in the layer i +1 to obtain the ciphertext of the key on the leaf node with the same value as the first i +1 significant bit of each element in the layer i +1 of the key tree of the first data set.
5. The method of claim 1, wherein the sender encrypting the first ciphertext and the second ciphertext according to a key of a last level leaf node in a key tree of the first data set to obtain a ciphertext set comprises:
the sender encrypts the first ciphertext by using keys of leaf nodes in the last layer of a key tree of the first data set, wherein the leaf nodes are the same as the values of the elements of the first data set, and then puts the first ciphertext into the ciphertext set;
the sender encrypts the second ciphertext by using the keys of leaf nodes with different values from the elements of the first data set in the last layer of the key tree of the first data set, then puts the second ciphertext into the ciphertext set, and complements the number of the ciphertexts of the ciphertext set;
and determining the number of the ciphertexts in the cipher text set by the number of bits of the value of each element in the first data set.
6. The method of any of claims 1 to 5, wherein the sender transmits ciphertext of the key at each level of a leaf node in the key tree to the receiver using an oblivious transmission protocol, comprising:
and the sender sequentially transmits the cipher text of the key on the leaf node of each layer to the receiver through multiple rounds of inadvertent transmission according to the layer number of the leaf node of the key tree, so that the receiver sequentially inputs each bit of effective bits of the values of the elements in the second data set to obtain the cipher text of the key on the leaf node of the key tree corresponding to each bit of effective bits.
7. A data set intersection apparatus, comprising:
the processing unit is used for generating a first ciphertext and a second ciphertext and informing a receiver of the meanings of the first ciphertext and the second ciphertext; generating a key tree of a first data set based on elements in the first data set; determining a cipher text of a key on each layer of leaf nodes in the key tree based on the key tree of the first data set; encrypting the first ciphertext and the second ciphertext according to the key of the last layer of leaf nodes in the key tree of the first data set to obtain a ciphertext set, and sending the ciphertext set to the receiver;
a transmission unit, configured to transmit a ciphertext of a key on each layer of leaf node in the key tree to the receiver using an oblivious transmission protocol, so that the receiver determines, according to an element in a second data set, a key corresponding to an element in the second data set, and then decrypts the element in the ciphertext set, thereby determining an element in the second data set that has an intersection with the first data set.
8. The apparatus as claimed in claim 7, wherein said processing unit is specifically configured to:
generating keys of leaf nodes of a layer 1 of a key tree of the first data set according to the value of the 1 st significant bit of each element in the first data set;
and generating leaf node keys of layers except the layer 1 in the key tree of the first data set according to the values of the valid bits of the elements in the first data set based on the keys of the leaf nodes of the layer 1 in the key tree of the first data set.
9. The apparatus as claimed in claim 8, wherein said processing unit is specifically configured to:
if a leaf node in a cascade state exists in the first i + 1-bit valid bit value of each element in the first data set, generating a key of a valid leaf node in the i +1 th layer of a key tree of the first data set according to the first i + 1-bit valid bit value;
if the value of the first i + 1-bit valid bit of each element in the first data set does not have a leaf node in a cascade state, determining whether an invalid leaf node exists in the ith layer of a key tree of the first data set, if so, determining a key of the invalid leaf node in the ith layer as the key of the invalid leaf node in the (i +1) th layer of the key tree of the first data set, otherwise, randomly generating the key of the invalid leaf node in the (i +1) th layer of the key tree of the first data set;
wherein i is an integer greater than or equal to 1.
10. The apparatus as claimed in claim 7, wherein said processing unit is specifically configured to:
determining, for a key on a level 1 leaf node of a key tree of the first data set, a key on a level 1 leaf node of the key tree of the first data set as a ciphertext of the key on the level 1 leaf node of the key tree of the first data set;
based on the ciphertext of the key on the leaf node at the layer 1 of the key tree of the first data set, sequentially encrypting the key of the leaf node with the same value as the first i +1 significant bit of each element in the layer i of the key tree of the first data set by using the key of the leaf node with the same value as the first i +1 significant bit of each element in the layer i +1 to obtain the ciphertext of the key on the leaf node with the same value as the first i +1 significant bit of each element in the layer i +1 of the key tree of the first data set;
wherein i is an integer greater than or equal to 1.
11. The apparatus as claimed in claim 7, wherein said processing unit is specifically configured to:
respectively encrypting the first ciphertext by using keys of leaf nodes in the last layer of a key tree of the first data set, wherein the leaf nodes are the same as the values of the elements of the first data set, and then putting the first ciphertext into the ciphertext set;
respectively encrypting the second ciphertext by using keys of leaf nodes with different values from the elements of the first data set in the last layer of a key tree of the first data set, then putting the second ciphertext into the ciphertext set, and complementing the number of the ciphertexts of the ciphertext set;
and determining the number of the ciphertexts in the cipher text set by the number of bits of the value of each element in the first data set.
12. The apparatus according to any one of claims 7 to 11, wherein the transmission unit is specifically configured to:
and sequentially transmitting the cipher text of the key on the leaf node of each layer to the receiver through multiple rounds of accidental transmission according to the layer number of the leaf node of the key tree, so that the receiver sequentially inputs each bit of effective bits of the values of the elements in the second data set to obtain the cipher text of the key on the leaf node of the key tree corresponding to each bit of effective bits.
13. A computing device, comprising:
a memory for storing program instructions;
a processor for calling program instructions stored in said memory to execute the method of any one of claims 1 to 6 in accordance with the obtained program.
14. A computer-readable non-transitory storage medium including computer-readable instructions which, when read and executed by a computer, cause the computer to perform the method of any one of claims 1 to 6.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011449167.8A CN112580072B (en) | 2020-12-09 | 2020-12-09 | Data set intersection method and device |
| PCT/CN2021/130441 WO2022121623A1 (en) | 2020-12-09 | 2021-11-12 | Data set intersection method and apparatus |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011449167.8A CN112580072B (en) | 2020-12-09 | 2020-12-09 | Data set intersection method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112580072A true CN112580072A (en) | 2021-03-30 |
| CN112580072B CN112580072B (en) | 2021-07-30 |
Family
ID=75131983
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011449167.8A Active CN112580072B (en) | 2020-12-09 | 2020-12-09 | Data set intersection method and device |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN112580072B (en) |
| WO (1) | WO2022121623A1 (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113343305A (en) * | 2021-06-29 | 2021-09-03 | 招商局金融科技有限公司 | Intersection calculation method, device and equipment of private data and storage medium |
| CN113569267A (en) * | 2021-09-23 | 2021-10-29 | 上海钐昆网络科技有限公司 | Privacy safety data set intersection method, device, equipment and storage medium |
| CN113761570A (en) * | 2021-08-16 | 2021-12-07 | 高语澈 | Privacy intersection-oriented data interaction method |
| WO2022121623A1 (en) * | 2020-12-09 | 2022-06-16 | 深圳前海微众银行股份有限公司 | Data set intersection method and apparatus |
| CN115935438A (en) * | 2023-02-03 | 2023-04-07 | 杭州金智塔科技有限公司 | Data privacy intersection system and method |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116488789A (en) * | 2023-04-23 | 2023-07-25 | 北京火山引擎科技有限公司 | Data processing method, device, equipment and medium |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105205406A (en) * | 2015-08-26 | 2015-12-30 | 中国地质大学(武汉) | Intersection calculation method for privacy protection |
| CN109657489A (en) * | 2018-08-03 | 2019-04-19 | 湖北工业大学 | A kind of safe calculation method of two side of set intersection and system of secret protection |
| US20190342270A1 (en) * | 2018-05-07 | 2019-11-07 | Microsoft Technology Licensing, Llc | Computing a private set intersection |
| CN110622165A (en) * | 2018-04-19 | 2019-12-27 | 谷歌有限责任公司 | Security measures for determining privacy set intersections |
| CN111125736A (en) * | 2019-12-25 | 2020-05-08 | 暨南大学 | Pathogenic gene detection method based on privacy protection intersection calculation protocol |
| CN111931253A (en) * | 2020-09-15 | 2020-11-13 | 腾讯科技(深圳)有限公司 | Data processing method, system, device and medium based on node group |
| CN111931207A (en) * | 2020-08-07 | 2020-11-13 | 北京百度网讯科技有限公司 | Method, device and equipment for obtaining privacy set intersection and storage medium |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105141574B (en) * | 2015-06-12 | 2018-02-23 | 深圳大学 | A kind of cloud storage ciphertext access control system and method based on form attributes |
| CN110944011B (en) * | 2019-12-16 | 2021-12-07 | 支付宝(杭州)信息技术有限公司 | Joint prediction method and system based on tree model |
| CN111371790B (en) * | 2020-03-05 | 2022-06-17 | 中国工商银行股份有限公司 | Data encryption sending method based on alliance chain, related method, device and system |
| CN112580072B (en) * | 2020-12-09 | 2021-07-30 | 深圳前海微众银行股份有限公司 | Data set intersection method and device |
-
2020
- 2020-12-09 CN CN202011449167.8A patent/CN112580072B/en active Active
-
2021
- 2021-11-12 WO PCT/CN2021/130441 patent/WO2022121623A1/en active Application Filing
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105205406A (en) * | 2015-08-26 | 2015-12-30 | 中国地质大学(武汉) | Intersection calculation method for privacy protection |
| CN110622165A (en) * | 2018-04-19 | 2019-12-27 | 谷歌有限责任公司 | Security measures for determining privacy set intersections |
| US20190342270A1 (en) * | 2018-05-07 | 2019-11-07 | Microsoft Technology Licensing, Llc | Computing a private set intersection |
| CN109657489A (en) * | 2018-08-03 | 2019-04-19 | 湖北工业大学 | A kind of safe calculation method of two side of set intersection and system of secret protection |
| CN111125736A (en) * | 2019-12-25 | 2020-05-08 | 暨南大学 | Pathogenic gene detection method based on privacy protection intersection calculation protocol |
| CN111931207A (en) * | 2020-08-07 | 2020-11-13 | 北京百度网讯科技有限公司 | Method, device and equipment for obtaining privacy set intersection and storage medium |
| CN111931253A (en) * | 2020-09-15 | 2020-11-13 | 腾讯科技(深圳)有限公司 | Data processing method, system, device and medium based on node group |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2022121623A1 (en) * | 2020-12-09 | 2022-06-16 | 深圳前海微众银行股份有限公司 | Data set intersection method and apparatus |
| CN113343305A (en) * | 2021-06-29 | 2021-09-03 | 招商局金融科技有限公司 | Intersection calculation method, device and equipment of private data and storage medium |
| CN113343305B (en) * | 2021-06-29 | 2024-02-13 | 招商局金融科技有限公司 | Intersection calculating method, device, equipment and storage medium of privacy data |
| CN113761570A (en) * | 2021-08-16 | 2021-12-07 | 高语澈 | Privacy intersection-oriented data interaction method |
| CN113761570B (en) * | 2021-08-16 | 2024-01-30 | 高语澈 | Data interaction method for privacy intersection |
| CN113569267A (en) * | 2021-09-23 | 2021-10-29 | 上海钐昆网络科技有限公司 | Privacy safety data set intersection method, device, equipment and storage medium |
| CN113569267B (en) * | 2021-09-23 | 2021-12-14 | 上海钐昆网络科技有限公司 | Privacy safety data set intersection method, device, equipment and storage medium |
| CN115935438A (en) * | 2023-02-03 | 2023-04-07 | 杭州金智塔科技有限公司 | Data privacy intersection system and method |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2022121623A1 (en) | 2022-06-16 |
| CN112580072B (en) | 2021-07-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112580072B (en) | Data set intersection method and device | |
| CN110224814B (en) | Block chain data sharing method and device | |
| CN113259329B (en) | Method and device for data careless transmission, electronic equipment and storage medium | |
| CN104488218B (en) | Encryption device, decryption device, encryption method, decryption method | |
| CN111510281B (en) | Homomorphic encryption method and device | |
| CN104917787B (en) | File security sharing method based on group key and system | |
| CN110719159A (en) | Multi-party privacy set intersection method for resisting malicious enemies | |
| CN109245903B (en) | Signature method and device for cooperatively generating SM2 algorithm by two parties and storage medium | |
| CN104468612B (en) | The Attribute Matching Approach of the protection privacy based on symmetric cryptography | |
| CN112287377A (en) | Model training method based on federal learning, computer equipment and storage medium | |
| CN106453318A (en) | Data transmission system and method based on security module | |
| CN107294696B (en) | Method for distributing full homomorphic keys for Leveled | |
| JP2016158189A (en) | Change direction with key control system and change direction with key control method | |
| WO2021129470A1 (en) | Polynomial-based system and method for fully homomorphic encryption of binary data | |
| JP3794457B2 (en) | Data encryption / decryption method | |
| JP2004336794A (en) | Method and apparatus for generation of public key based on user-defined id in cryptosystem | |
| CN111478911A (en) | Instant messaging encryption method adopting lightweight key exchange algorithm | |
| CN114239018A (en) | Method and system for determining number of shared data for protecting privacy data | |
| CN110890961B (en) | Novel safe and efficient multi-authorization attribute-based key negotiation protocol | |
| CN116170142A (en) | Distributed collaborative decryption method, device and storage medium | |
| CN116248359A (en) | Data transmission system, method and device based on careless transmission protocol | |
| Parakh | Oblivious transfer using elliptic curves | |
| Backes et al. | Fully secure inner-product proxy re-encryption with constant size ciphertext | |
| CN107483387A (en) | A kind of method of controlling security and device | |
| CN111131158A (en) | Single byte symmetric encryption and decryption method, device and readable medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |