CN112597524B - Privacy intersection method and device - Google Patents

Privacy intersection method and device Download PDF

Info

Publication number
CN112597524B
CN112597524B CN202110235466.XA CN202110235466A CN112597524B CN 112597524 B CN112597524 B CN 112597524B CN 202110235466 A CN202110235466 A CN 202110235466A CN 112597524 B CN112597524 B CN 112597524B
Authority
CN
China
Prior art keywords
party
data
ciphertext
salted
salt
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110235466.XA
Other languages
Chinese (zh)
Other versions
CN112597524A (en
Inventor
赵原
李漓春
殷山
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ant Blockchain Technology Shanghai Co Ltd
Original Assignee
Alipay Hangzhou Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alipay Hangzhou Information Technology Co Ltd filed Critical Alipay Hangzhou Information Technology Co Ltd
Priority to CN202110235466.XA priority Critical patent/CN112597524B/en
Publication of CN112597524A publication Critical patent/CN112597524A/en
Application granted granted Critical
Publication of CN112597524B publication Critical patent/CN112597524B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The embodiment of the specification provides a method and a device for privacy negotiation, wherein in the privacy negotiation process of two data parties, based on the business requirement that one party can acquire data intersection, each business data is encrypted and a ciphertext is preserved in advance through at least one party, in each privacy negotiation process, each data party negotiates current salt for the two data parties to use in the privacy negotiation process of the current time, the business data is subjected to salt adding treatment, each privacy negotiation process only updates the salt, a secret key does not need to be updated to encrypt the business data again, so that the party with low data change frequency can encrypt the business data in advance and repeatedly use in a plurality of privacy negotiation processes, only the negotiated current salt is encrypted in the privacy negotiation process, and the ciphertext of the business data is subjected to salt adding operation by using the ciphertext of the salt, the calculation amount in the privacy negotiation process of a single time can be greatly reduced, the efficiency of privacy is asked for.

Description

Privacy intersection method and device
Technical Field
One or more embodiments of the present disclosure relate to the field of computer technologies, and in particular, to a method and an apparatus for privacy negotiation.
Background
The secure multi-party computation is also called multi-party secure computation, namely, a plurality of parties compute the result of a function together without revealing the input data of each party of the function, and the computed result is disclosed to one or more parties. For example, one typical application of secure multiparty computing is privacy trading. Privacy intersection (PSI), or collision bank, can be understood as determining the intersection between multiple parties on the premise of privacy protection. Privacy intersection is often the core of the multi-party collaborative training machine learning algorithm and the multi-head loan making business. The core idea of privacy intersection is that at the end of protocol interaction, one or more parties should get the correct intersection and not get any other data in the data sets of other parties than the intersection. In the privacy trading process, the data volume and the communication volume directly influence the occupation of computer resources and the privacy trading efficiency.
Disclosure of Invention
One or more embodiments of the present specification describe a method and apparatus for privacy negotiation to address one or more of the problems mentioned in the background.
According to a first aspect, a privacy intersection method is provided, where for a first party holding a plurality of pieces of first data and a second party holding a plurality of pieces of second data, the first party obtains the same service data in the plurality of pieces of first data and the plurality of pieces of second data, and the second party cannot obtain the same service data and cannot determine whether any one piece of second data belongs to the first party, and the first party further stores in advance each first ciphertext obtained by encrypting each piece of first data with a first key; the method comprises the following steps: the first party and the second party negotiate a current salt; the first party determines a first salt added ciphertext of each first data based on each first ciphertext and the current salt to provide to the second party; the second party determines each second salt adding ciphertext corresponding to each second data respectively based on the second key and the current salt so as to provide the second salt adding ciphertext for the first party; the first party encrypts each second salted ciphertext by using the first key to obtain third salted ciphertexts respectively corresponding to each second data, and the third salted ciphertexts are provided to the second party after being out of order; the second party decrypts each third salt-added ciphertext through the inverse element of the second key to obtain each fourth salt-added ciphertext of each second data based on the first key and the current salt; the second party compares each fourth salted ciphertext with each first salted ciphertext, and feeds back each position identifier corresponding to each first salted ciphertext with the matched fourth salted ciphertext to the first party; and the first party determines the same service data between the plurality of pieces of first data and the plurality of pieces of second data according to each position identifier fed back by the second party.
According to a second aspect, a method is provided for acquiring, by a first party holding a plurality of pieces of first data and a second party holding a plurality of pieces of second data, data intersections of the plurality of pieces of first data and the plurality of pieces of second data, where the second party cannot acquire the data intersections and cannot determine whether any piece of second data belongs to the first party, and each first ciphertext obtained by encrypting each piece of first data with a first key respectively is stored in advance in the first party; the method is performed by a first party and comprises: negotiating a current salt with the second party; determining a first salted ciphertext of each first data based on each first ciphertext and the current salt, for provision to a second party; receiving second salt adding ciphertexts which are sent by the second party and respectively correspond to the second data, wherein the second salt adding ciphertexts are determined by the second party based on a second key and the current salt and respectively aim at the second data through encryption operation; encrypting each second salted ciphertext by using the first key to obtain each third salted ciphertext corresponding to each second data respectively; feeding back each third salted ciphertext to the second party after disorder operation so that the second party can decrypt each third salted ciphertext through an inverse element of the second key to obtain each fourth salted ciphertext of each second data based on the first key and the current salt, comparing each first salted ciphertext with each fourth salted ciphertext, and feeding back each position identifier corresponding to each first salted ciphertext with the matched fourth salted ciphertext to the first party; and determining the same service data between the plurality of pieces of first data and the plurality of pieces of second data according to the position identifications fed back by the second party.
According to a third aspect, a privacy intersection method is provided, where for a first party holding a plurality of pieces of first data and a second party holding a plurality of pieces of second data, the first party obtains the same service data in the plurality of pieces of first data and the plurality of pieces of second data, and the second party cannot obtain the same service data and cannot determine whether any piece of second data belongs to the first party; the method is performed by a second party, comprising: negotiating with a first party to determine a current salt; for each piece of second data, performing salt adding encryption operation based on a second key and the current salt respectively so as to determine each second salt adding ciphertext corresponding to each piece of second data respectively; providing each second salted ciphertext to the first party, so that the first party encrypts each second salted ciphertext through the first key to obtain each third salted ciphertext corresponding to each second data respectively, and feeding back each third salted ciphertext subjected to out-of-order operation; decrypting each third salted ciphertext by using the inverse element of the second key to obtain each fourth salted ciphertext subjected to salting encryption on each piece of second data respectively through the first key and the current salt; and comparing each fourth salting ciphertext with each first salting ciphertext corresponding to each first data respectively to obtain each position identifier corresponding to each first salting ciphertext with the matched fourth salting ciphertext, feeding each position identifier back to the first party so that the first party can determine the same service data between the plurality of first data and the plurality of second data according to each position identifier fed back by the second party, wherein each first salting ciphertext is determined by the first party by using each first ciphertext corresponding to each first data and the current salt, and each first ciphertext is obtained by using a first key to encrypt each first data by the first party in advance.
According to a fourth aspect, a privacy intersection system is provided, which includes a first party and a second party as data parties, wherein the first party acquires data intersection of a plurality of pieces of first data held by the first party and a plurality of pieces of second data held by the second party, and the second party cannot acquire the data intersection and cannot determine whether any piece of second data belongs to the first party; wherein:
the first party and the second party are configured to jointly negotiate a current salt;
the first party is further configured to determine, based on the respective first ciphertexts and the current salt, a first salted ciphertexts of the respective first data to provide to the second party;
the second party is further configured to determine, based on the second key and the current salt, respective second salted ciphertext corresponding to the respective second data to provide to the first party;
the first party is further configured to encrypt each second salted ciphertext by using the first key to obtain third salted ciphertexts respectively corresponding to each second data, and the third salted ciphertexts are provided to the second party after being out of order;
the second party is further configured to decrypt each third salted ciphertext through an inverse element of the second key to obtain each fourth salted ciphertext respectively corresponding to each second data based on the first key and the current salt; and
comparing each fourth salted ciphertext with each first salted ciphertext, and feeding back each position identifier corresponding to each first salted ciphertext with the matched fourth salted ciphertext to the first party;
the first party is also configured to determine the same service data between the plurality of pieces of first data and the plurality of pieces of second data according to each position identifier fed back by the second party.
According to a fifth aspect, there is provided a privacy intersection apparatus, provided at a first party holding a plurality of pieces of first data, for a first party and a second party serving as data parties, acquiring data intersections of the plurality of pieces of first data and a plurality of pieces of second data held by the second party, where the second party cannot acquire the data intersections and cannot determine whether any piece of second data belongs to the first party; the device comprises:
a negotiation unit configured to negotiate a current salt with a second party;
a salt encryption unit configured to determine a first salt ciphertext of each first data based on each first ciphertext and the current salt, to provide to a second party;
the receiving unit is configured to receive each second salt adding ciphertext which is sent by the second party and corresponds to each piece of second data respectively, wherein each second salt adding ciphertext is determined by the second party through an encryption operation aiming at each piece of second data respectively based on the second key and the current salt;
the salt adding encryption unit is further configured to encrypt each second salt adding ciphertext by using the first key to obtain each third salt adding ciphertext corresponding to each piece of second data;
the disorder unit is configured to feed back the third salted ciphertext to the second party after disorder operation, so that the second party can decrypt the third salted ciphertext through an inverse element of a second key to obtain a fourth salted ciphertext based on the first key and the current salt, respectively aim at each second data, compare the first salted ciphertext with each fourth salted ciphertext, and feed back each position identifier corresponding to each first salted ciphertext with the matched fourth salted ciphertext to the first party;
and the determining unit is configured to determine the same service data between the plurality of pieces of first data and the plurality of pieces of second data according to each position identifier fed back by the second party.
According to a sixth aspect, there is provided a privacy intersection apparatus, provided to a second party holding a plurality of pieces of second data, for a first party and a second party serving as data parties, the first party acquiring data intersections between the plurality of pieces of first data held by the first party and the plurality of pieces of second data, and the second party being unable to acquire the data intersections and being unable to determine whether any piece of second data belongs to the first party; the device comprises:
a negotiation unit configured to negotiate with a first party to determine a current salt;
the salt adding encryption unit is configured to perform salt adding encryption operation on each piece of second data based on a second key and the current salt respectively so as to determine each second salt adding ciphertext corresponding to each piece of second data respectively;
the sending unit is configured to provide each second salted ciphertext to the first party, so that the first party encrypts each second salted ciphertext through the first key to obtain each third salted ciphertext corresponding to each piece of second data respectively, and feeds back each third salted ciphertext subjected to out-of-order operation;
a decryption unit, configured to decrypt each third salted ciphertext through an inverse element of the second key to obtain each fourth salted ciphertext subjected to salt addition encryption on each piece of second data respectively via the first key and the current salt;
and the comparison unit is configured to compare each fourth salted ciphertext with each first salted ciphertext corresponding to each first data respectively to obtain each position identifier corresponding to each first salted ciphertext having the matched fourth salted ciphertext, and feed each position identifier back to the first party, so that the first party can determine the same service data between the plurality of first data and the plurality of second data according to each position identifier fed back by the second party, wherein each first salted ciphertext is determined by the first party by using each first ciphertext corresponding to each first data respectively and the current salt, and each first ciphertext is obtained by the first party by encrypting each first data respectively by using a first key in advance.
According to a seventh aspect, there is provided a computer readable storage medium having stored thereon a computer program which, when executed in a computer, causes the computer to perform the method of the first to third aspects.
According to an eighth aspect, there is provided a computing device comprising a memory and a processor, wherein the memory has stored therein executable code, and the processor implements the methods of the first to third aspects when executing the executable code.
According to the method and the device provided by the embodiment of the specification, in the privacy negotiation process of two data parties, based on the fact that one party can obtain data intersection and the other party cannot know the service data of the other party or whether any one of the service data is required by the service held by the other party or not, each service data is mapped to a point on an elliptic curve, and each data party negotiates the current salt for processing the data by the two data parties, so that the party with low data change frequency can encrypt the service data in advance and repeatedly use the service data. In practice, the method and apparatus provided in the embodiments of the present specification are not limited to the above implementation scenarios, but may be generalized to more service scenarios.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
FIG. 1 is a timing diagram of a privacy rendezvous process of the conventional art;
fig. 2 shows a timing diagram of a privacy rendezvous process under the technical concept of the present specification;
FIG. 3 is a schematic flow diagram of a privacy deal performed by a first party, according to one embodiment;
FIG. 4 is a schematic flow diagram of a privacy deal performed by a second party, according to one embodiment;
FIG. 5 illustrates a privacy deal system architecture diagram, and a schematic block diagram of an apparatus for privacy deals for various data parties, according to one embodiment.
Detailed Description
The scheme provided by the specification is described below with reference to the accompanying drawings.
First, several terms of art that may be used in this specification are identified:
privacy negotiation PSI: the Private Set interaction is a research field of safe multiparty calculation, and can enable participants to obtain Intersection and simultaneously avoid leaking non-Intersection parts to other participants;
blind signature: the message and the private key are respectively held by the two parties, a message holder can obtain the signature of the private key on the message, the message holder does not leak the message, and the private key holder does not leak the private key;
point multiplication of elliptic curve: performing multiple elliptic curve point addition according to a scalar;
modular multiplication: the product of the two numbers a and b, modulo the prime number P, i.e., (a × b)% P, which is equivalent to the result of ((a% P) × (b%) P))% P;
modular exponentiation: two numbers a, b, one base and one exponential, modulo a prime number P, i.e. ab% P, with (a% P)bResults for% P are equivalent;
discrete logarithm problem: given a base number and a modular power, it is generally difficult to find an exponent;
elliptic curve discrete logarithm problem: given the dot multiplied by the dot and the dot multiplied result point, it is generally difficult to find the scalar;
reverse elements: the product of the inverse of an element and the element is 1 (unit cell on an elliptic curve);
salt (salt) value: the method is a random character string which is used as an additional input of a one-way function, so that the one-way function can calculate different values for the same data, and the salt value generally does not need to be kept secret;
adding salt: in cryptography, a specific character string is inserted into an arbitrary fixed position of a password, so that a hashed result does not match a hashed result using an original password; such as: in the process of encrypting the elliptic curve, salt can correspond to points on the ellipse, and the process of adding salt can be realized by point addition operation; in the encryption process of the finite field form, the salting can be realized … … by modular multiplication operation
Referring to fig. 1, a specific implementation scenario of privacy intersection is shown. In this implementation scenario, two data parties holding business data are respectively designated as a first party and a second party. The first party can acquire the service data intersection of the two parties, the second party cannot acquire any data of the first party, or cannot acquire whether any data in the service data for privacy intersection is the data held by the first party and cannot acquire the data intersection. In the privacy submission process, when the data volume is large, the privacy submission can be performed in batches, for example, when the data volume ratio of two parties is 10:1, the data of the first party can be divided into 10 batches, and each batch of data and the data of the second party are subjected to privacy submission once. The service data may be determined according to a specific service scenario, for example, a user ID, a mobile phone number, and the like.
As shown in FIG. 1, assume that the service data held by the first party is denoted as a and the number of the service data is denoted as m1Then the data held by the first party can be represented as (a)1,a2,a3……am1) The service data held by the second party is marked as b, and the number of the service data is marked as m2The data b can be represented as (b)1,b2,b3……bm2). The first party may also have a private key Ka and the second party may also have a private key Kb. In a conventional privacy negotiation process, the first party and the second party each encrypt respective local data, which are denoted as h (a) and h (b), respectively. H may represent a hash or other encryption method. In the conventional art, for the sake of computational convenience, it is also common thatAnd mapping each service data to an elliptic curve.
Ka. The Kb may have an inverse element, e.g. Ka-1、Kb-1. Those skilled in the art will appreciate that the calculation method of the inverse element is performed by, for example, the euler's theorem, and will not be described herein. According to the nature of the inverse element, Ka-1Ka is 1, Kb-1Kb is 1. Based on this property of the inverse element, the first party may send data a encrypted by Ka to the second party, which obtains the Ka encrypted data a and tries to pass Kb based on the property of the above inverse element-1And determining Ka encrypted data b, and comparing the Ka encrypted data a with the Ka encrypted data b to obtain data intersection.
Points on the elliptic curve typically have the following closeness: for any two points P and H, the point addition operation is carried out, namely P + H is still a point on the elliptic curve; for any one point P and a natural number n, the point multiplication operation n × P can be regarded as a continuous point addition operation of n points P, and the result is still a point on the elliptic curve. In the elliptic curve encryption mode, the key can be regarded as a scalar, the service data can be mapped to a point on the elliptic curve, and then the process of encrypting by using the key can be realized by a point multiplication operation. In the case where n is unknown, it is difficult to derive P from nP (the inverse of encryption is difficult to do). If n has k binary bits, then the algorithm complexity for calculating nxp will be
Figure DEST_PATH_IMAGE001
First, the first party may encrypt data a using key Ka. The data a may be mapped to a point h (a) on the elliptic curve by a calculation such as a hash operation, and h (a) is encrypted with a key Ka, denoted as Ka (h (a)). Ka (H (a)) can be viewed as a dot product operation on H (a) by Ka. Taking the binary random number with 256 bits as the private key Ka as an example, the complexity is
Figure 392769DEST_PATH_IMAGE002
. Assume the number of data pieces m of the first party11000 pieces, the first party needs to encrypt its service dataComplexity of 1000 ten thousand times
Figure 615940DEST_PATH_IMAGE002
Dot product operation of (1). Thereafter, the first party may combine m1The bar cipher text is sent to the second party.
Similarly, the second party may use Kb for its m2And mapping the service data to each point of the elliptic curve for encryption to obtain Kb (H (b)). In the case where Kb is also a 256-bit randomly generated binary number, the second party performs m2With a sub-complexity of
Figure 821793DEST_PATH_IMAGE002
And add m2The bar cipher text is sent to the first party.
The first party receives Kb (H (b)) and the second party receives Ka (H (a)), but the original data of the other party cannot be obtained because the keys of the other party are not known.
Next, the first party may encrypt Kb (h (b)) using the local private key Ka to obtain kab (h (b)). It will be appreciated that the dot multiplication operations performed by Ka, Kb on points on an elliptic curve are interchangeable, according to the definition of a scalar product in the elliptic curve. In other words, KaKb (h (b)) = KbKa (h (b)). Namely, the point addition operation is performed on the points corresponding to H (b) on the KaKb elliptic curves. At this time, if KaKb (H (b)) is transmitted to the second party, the second party utilizes Kb-1Decrypt it to obtain Kb-1KbKa (h (b)) = Ka (h (b))). Further, the second party compares Ka (h (b)) and Ka (h (a)) with each other, and the same traffic data in the traffic data of the first party and the second party can be determined.
However, this approach has a risk of leaking the same business data to the second party, because the second party can determine the same business data held by the first party according to the location of the same business data. For example, if the second party compares that the second piece of service data encrypted in the Ka (h (b)) format is consistent with a certain piece of service data encrypted in the Ka (h (a)) format, it may be determined that the second piece of service data is the same as the first party. If the service data is the mobile phone number of the user, the second party can determine that the user with the same mobile phone number also corresponds to the service data in the first party, so that data leakage is caused.
For this purpose, the first party may send the second party out of order the KaKb (H (b)). Thus, the second party cannot determine the content of each piece of received service data KaKb (h (b)) (or which piece of service data).
After the comparison is finished, the second party may send the recorded location identifier (e.g., line number, order, etc.) of the same service data in Ka (h (a)) to the first party, and the first party searches for the same service data according to the location identifier, thereby obtaining an intersection. In this process, since the data in the form of Ka kb (h (b)) is received by the second party in an out-of-order manner, the second party cannot correspond to the own data one by one after determining the data in the form of Ka (h (b)), and therefore, even if the row number of the same data is determined, it cannot be determined which service data are consistent with the first party.
In the case where the first party and the second party perform multiple privacy submissions, the first party may also use a different key Ka in each privacy submissions process. This is because, if the first party uses the same key each time, if the second party includes a same piece of service data (as a user ID) in two privacy negotiation processes, the second party detects whether a piece of ciphertext is the same in two determined common service data ciphertexts (e.g., data in the form of Ka (h (b)), thereby determining whether the same piece of service data is also held by the first party. And if one ciphertext is the same in the two privacy intersections, the ciphertext is the ciphertext of the service data which is contained in the two privacy intersections by the second party and is the intersection with the service data held by the first party. In this way, after a plurality of privacy deals, the second party can determine whether the plurality of IDs are data held by the first party, thereby causing the data privacy of the first party to be revealed. If the second party initiates privacy intersection for multiple times by using the method, whether multiple pieces of service data are held by the first party or not can be judged, and attack is formed on the service data of the first party. The first party uses different keys Ka in each privacy negotiation process, so that the problem can be avoided.
In practice, the first party may be a business party providing a certain service and the second party may be a service requiring party. For example, the first party is a service platform (e.g., a takeout platform) that merges multiple services, and the second party is a service requiring party (e.g., a takeout merchant) that resides in the service platform, and can provide corresponding services for users. The second party may push relevant information from the user of the platform from the first party in order to promote the new service. At this time, the user corresponding to the second party and the user corresponding to the first party may have an intersection, but the users of the second party are not necessarily all from the service platform. Meanwhile, users with other sources may also be users of the service platform. Therefore, in order to promote new services of the second party to more users, the first party needs to acquire corresponding user intersection data, and the second party cannot acquire the intersection data, so that the data of the service platform cannot be leaked to the second party. In an alternative traffic scenario, the data volume of the first party data may be much larger than the data volume of the second party data, e.g. with a data volume ratio of 10: 1.
However, as mentioned above, in the above method, since the complexity of the single-pass algorithm is large, the complexity for a single service data is as follows
Figure 548441DEST_PATH_IMAGE002
And the calculation amount increases with the increase of the number of the service data, and if privacy intersection is carried out for a plurality of times, more calculation cost is needed. For example, if the data of the first party is divided into 10 batches and the data of the second party is divided into 5 batches, 10 × 5 privacy submissions are required, and each privacy submissions the first party needs to encrypt the service data of the current batch by using a new Ka, and each service data is encrypted for 5 times, thereby resulting in repeated encryption for the same service data, resulting in higher complexity. For different data parties, such as a third party, a fourth party, and the like, the first party also needs to encrypt the service data of each batch by using different Ka, so that the calculation cost is high.
For this reason, the embodiments of the present specification propose a technical idea that a first party may encrypt the held service data one by one in advance, store the encrypted service data, and then change the encryption result in a salt adding manner without using a new key to encrypt the service data again, and obtain different encryption results only by adding different salts each time. Thus, at least in a predetermined time period (for example, a time period when the service data of the first party is not updated), the salting operation under the concept can greatly reduce the calculation complexity compared with repeatedly encrypting the service data by using different keys, thereby greatly reducing the calculation amount and reducing the calculation cost.
The technical idea of the present specification is described in detail below.
Fig. 2 is a schematic diagram illustrating a specific example of a privacy interaction flow improved based on the privacy interaction scenario and the flow of fig. 1. It should be noted that although the technical idea of the present specification is proposed on the basis of fig. 1, the specific embodiment in fig. 1 does not limit the application scope of the embodiments of the present specification. For example, with reference to fig. 1, a privacy intersection process in an elliptic curve encryption manner is described, but the technical idea of the present specification can also be generalized to a scenario in which service data is mapped to an element set satisfying the following conditions for encryption: the fusion result of any two elements (including repeated single elements) in a preset encryption mode is still the element in a preset set; the encryption processes for a single element twice according to a predetermined encryption mode can be exchanged (the precedence order does not affect the result, such as point multiplication operation in an elliptic curve). In addition, depending on the meaning used for encryption, it is generally difficult to perform the inverse operation of encrypting the elements in a predetermined set of elements (it is difficult to reverse the data before encryption and the key used for encryption). Such a set of elements may also be, for example, a finite field, etc. Taking a finite field as an example, assuming that the number of elements corresponding to the finite field is a prime number Q, each element in the element set is Q number between 0- (Q-1). In the case of a number of 10, a mapping to a finite field can be performed by a modulo operation 10%7= 3. Encryption for elements in a finite field may be performed by modular multiplication operations, modular exponentiation operations, etc., such as: [ (A% Q) + (B% Q)] %Q=(A × B)% Q, the modular multiplication operation is, for example: [ (A% Q) × (B% Q)] %Q=(AB) % Q. It can be seen that in the case of encryption with modular multiplication or modular exponentiation, the result is still an element in the set of elements (finite field). Moreover, the original data before encryption is difficult to reverse. Further, the technical idea of the present specification may also not be limited to mapping the service data into a predetermined set satisfying the above condition, and may also be performed on other encrypted data of the service data in other feasible encryption manners, for example, directly using a hash value.
As shown in fig. 2, the first party may encrypt the local service data for privacy interaction with the second party in advance to obtain encrypted local service data. The encrypted local service data can be repeatedly used in a plurality of privacy delivery processes. But also for use in privacy submissions with other data parties (e.g., third parties, fourth parties, etc.). Optionally, according to the update frequency of the first-party service data, the encrypted local service data may also be updated based on the corresponding frequency, for example, weekly update, daily update, etc.
During a privacy negotiation with the second party, the first party and the second party may first negotiate a salt for the current process, e.g. called current salt. In order to avoid that any data party controls the generation process of the salt value in modes of designation and the like, so that the privacy information of the other party is acquired through the special salt, the first party and the second party can negotiate the current salt together. For example, the first and second parties may negotiate the current salt according to respective randomly generated strings, adding randomness and uncontrollable nature to the salt determination.
In one embodiment, the current salt may be determined by the first party and the second party fusing in a predetermined manner based on the generated random string. For example, by addition, subtraction, multiplication, division, averaging, etc.
In another embodiment, the current salt may be specified from a predetermined set of elements under a particular encryption architecture. For example, under an elliptic curve encryption architecture, a point on a predetermined elliptic curve is randomly designated as the current salt, or under a finite field encryption architecture, an element in a predetermined finite field is randomly designated as the current salt.
In yet another embodiment, the service data is mapped to the aforementioned predetermined set of elements for preliminary encryption, and the current salt may be determined by a reference element in the predetermined set of elements to which the service data is mapped. For example, in one implementation, the encryption of the service data is performed based on an elliptic curve, the predetermined element set corresponds to, for example, a predetermined elliptic curve, and the reference element may be a point on the elliptic curve. For another example, in another implementation, the encryption manner of the service data is performed based on a finite field, the predetermined element set may also be a finite field 0- (Q-1) formed by a predetermined prime number Q, and the reference element may be one of Q numbers between 0- (Q-1).
For convenience of description, salts are currently denoted as S, for example. Specifically, assume that the first party and the second party generate a first random string Ra and a second random string Rb, respectively, and the reference element is denoted as G. In the case where the predetermined set of elements is an elliptic curve, G may be a reference point (reference element) on the elliptic curve, and in this case, the current salt may be determined by an exchangeable dot multiplication operation (predetermined encryption manner) of the reference point G by two scalars Ra and Rb. Depending on the nature of the points on the elliptic curve, the first party and the second party may process the reference point G in a first order (for example, Rb · G)) or in a second order (for example, Ra · G), and the obtained salts are identical, for example, S = RaRbG or RbRaG.
In the case where the predetermined element set is a finite field, for a specified prime number Q, a finite field 0- (Q-1) is constructed. The reference element G may be a reference value of the finite field 0- (Q-1). The first party and the second party may determine the current salt by exchangeable modular exponentiation of the reference value G by the respective generated random strings. For example, if the first party generates a third random string Ra 'and the second party generates a fourth random string Rb', then the first and second parties may jointly determine the current salt by a modular exponentiation of Q by the third and fourth random strings. The current salt may be, for example, (G)Ra')Rb'Q,' (G)Rb')Ra"% Q. For convenience of description, the random character string generated by the first party may be collectively referred to as Ra, and the random character string generated by the second party may be collectively referred to as Rb.
Thus, the current salt is not generated under the control of the first party or the second party, but the two parties negotiate and determine, so that the data privacy disclosure caused by the fact that one party specifies a special salt can be avoided. The current salt may be published to various data parties.
The first party may then encrypt the current salt with the key Ka. For example, Ka (S). In the elliptic curve mode, G is a point on the elliptic curve, and S obtained by the point-by-point encryption mode is still a point on the elliptic curve. The first party can use the key Ka to obtain the ciphertext Ka(s) of the salt of the current salt. Here, ka (S) is a point obtained by a point multiplication operation (predetermined encryption method) for S, which is still a point on the elliptic curve. In the finite field mode, Ka (S) can be regarded as performing modular exponentiation operation on the number mapped on the finite field by the S, and the result is equivalent to the SKaMapping to a finite field, e.g. Ka (S) as SKa% Q. In other manners, Ka (S) may also be determined in other manners, for example, a next hash value H (S + Ka) is calculated, and details are not repeated here.
The first party can use the ciphertext Ka (S) of the salt to perform the salting operation on the ciphertext of the business data. In an elliptic curve, the salt addition operation may be implemented by a point addition operation, such as: ka (H (a)) + Ka (S). In the finite field mode, the salt addition operation can be achieved by modular multiplication, e.g. (S)Ka%Q+ H(a)Ka% Q)% Q, equivalent to (S × H (a)Ka% Q. Wherein, ka(s) may be shared by each piece of service data. That is to say, for the current privacy negotiation process, the encryption of a single piece of service data can be performed through the salting operation by using the ciphertext of the salt. Assuming that the first party holds 1000 ten thousand pieces of service data, in each privacy delivery process,the process of determining the salt ciphertext of the corresponding service data needs to be executed once, and 1000 ten thousand times of salt adding operation is executed. Thus, the salted ciphertext of each service data can be obtained. Under an elliptic curve encryption mode, 1000-ten-thousand salting operation is 1000-ten-thousand dot addition operation, and compared with 1000-ten-thousand dot multiplication operation using a new secret key, the calculation amount is greatly reduced. Under a finite field encryption mode, 1000-ten-thousand salting operation is 1000-ten-thousand modular multiplication operation, and compared with 1000-ten-thousand modular exponentiation operation performed by using a new secret key, the calculation amount is greatly reduced. In a word, the existing business data ciphertext is used for salting, and compared with the method of re-encrypting the business data by using a new secret key, the calculation cost can be greatly reduced.
The first party may then send the salted ciphertext of each piece of business data to the second party. That is, the second party obtains the primary salted ciphertext of each piece of service data of the first party, such as Ka (h (a)) + Ka(s). For the second party, the second party may perform a salt adding encryption operation on each local service data, to obtain a primary salt adding ciphertext obtained by encrypting each service data through a key held by the second party and adding the current salt. The second party may perform the salting operation on the local data first and then perform the encryption operation, or may perform the salting operation after performing the encryption operation. Taking the example of performing the salt adding operation first, in the elliptic curve encryption method, the service data added with salt is, for example, written as point adding operation h (b) + S. Then, the second party encrypts the salted service data by the corresponding key Kb to obtain a salted ciphertext of the service data, such as Kb (h (b) + S), which is equivalent to kbh (b) + KbS. Compared to the arrangement of fig. 1, the arrangement of fig. 2 adds a salting operation at this step, consistent with the number of traffic data pieces. Then, the second party may send the primary salted ciphertext of each service data to the first party, and the first party performs secondary encryption on the salted ciphertext of the service data of the second party by using the key Ka, for example: KaKb (h (b) + S), hereinafter referred to as the second party salted ciphertext of the service data.
And then, the first party carries out disorder operation on the secondary salting ciphertext of the service data of the second party and feeds the secondary salting ciphertext back to the second party. The second party viaInverse Kb of local Key Kb-1And decrypting the secondary salted ciphertext once to obtain a salted ciphertext obtained by encrypting the salted service data of the second party through the key Ka of the first party. For example, in the elliptic curve mode: kb-1(KaKb (h) (b) + S)) = Ka (h (b) + S). Meanwhile, the encryption of this scheme satisfies the distribution law, that is, Ka (h (b) + S) = kah (b) + Ka S. According to the above description, the second party has already obtained the salt ciphertext kah (a) + Ka S of the first party service data, and the position identifier, such as the row number, of the same service data of the two parties can be determined by comparing the salt ciphertext kah (b) + Ka S of the second party service data with the kah (a) + Ka S. Similarly, in a finite field or the like, the second party can obtain the salted ciphertext (S × H (a)) of the first party' S traffic data encrypted by the first key Ka used by the first partyKa% Q, and salted ciphertext of second party traffic data (S × H (b))Ka% Q, so that the location identity of the same service data can be determined by comparison.
When the second party compares the salt-added ciphertext of the first party service data with the salt-added ciphertext of the second party service data, the following full comparison mode can be adopted: comparing the first piece of data of the salt adding ciphertext of one party of service data with the data of the salt adding ciphertext of the other party of service data one by one, and recording the data line number under the condition that the same data appear until the same data appear or the salt adding ciphertext data of the other party of service data are completely compared; and comparing … … the second piece of data of the salt cipher text of the business data of one party with the data of the salt cipher text of the business data of the other party one by one, and so on until the comparison of the salt cipher texts of the business data of one party is finished. Optionally, in a case that the salted ciphertext business data of one business data arranged in the front has the same data in the salted ciphertext of the other business data, the same data in the salted ciphertext of the other business data may be screened out, so as to reduce the data processing amount in the subsequent comparison process.
The second party feeds back the corresponding position identification information to the first party, and then the first party can inquire the local service data according to the position identification information, so that the same service data in the privacy delivery process at the current time can be obtained.
Compared with fig. 1, in the process of negotiating the salt value RaRbG, the first party and the second party perform the dot product operation on the element G through RaRb, the first party determines the dot product operation of the salt ciphertext kah (a) + Ka S for each piece of service data, the dot product operation of encrypting each piece of service data by using a new key is avoided, and the complexity of the dot product operation is far less than that of the dot product operation. Before the first party service data one-time ciphertext is updated (or before the service data is updated), in each privacy negotiation process, the first party and the second party can negotiate a new salt value, and a corresponding process is executed by using the local service data (one-time ciphertext) encrypted by the first party consistent with the above.
In the flow shown in fig. 2, since the first party may encrypt the local service data in advance, and negotiate the current salt in the privacy negotiation process each time, salt addition operation is performed on the service data, instead of encrypting the local service data again each time a key is changed, the calculation amount is also greatly reduced compared with the flow shown in fig. 1.
The following describes the amount of calculation reduction in each privacy negotiation process compared with fig. 1, taking the predetermined element set as an elliptical curve as an example. Suppose a first party holds 1000 pieces of data and a second party holds 10 pieces of data, and Ra, Rb, Ka, and Kb are all 256-bit binary random numbers. Then: in the flow shown in fig. 1, the algorithm complexity of the first party for computing the one-time ciphertext of the service data a is 1000 ten thousand times
Figure 197859DEST_PATH_IMAGE002
The second party calculates the one-time ciphertext of the service data b with the algorithm complexity of 10 ten thousand times
Figure 705064DEST_PATH_IMAGE002
Dot product of (1); in the process shown in fig. 2, the algorithm complexity of the first party for calculating the once-salted ciphertext of the business data includes that the once complexity is
Figure 449029DEST_PATH_IMAGE002
Determination of the salt value with a primary complexity of
Figure 561341DEST_PATH_IMAGE002
The algorithm complexity of the second party for calculating the one-time ciphertext of the service data comprises the one-time complexity of encryption of the salt value and 1000 ten thousand point addition operations
Figure 365349DEST_PATH_IMAGE002
The salinity value is determined, 10 ten thousand point adding operations are carried out on the business data, and the complexity of 10 ten thousand point adding operations is
Figure 812380DEST_PATH_IMAGE002
Dot product operation of (1). In contrast, the first party simplifies the once encryption of the paired salt values and the point adding operation of the encrypted salt values to each service data, so that the complexity is greatly reduced, and the calculation cost can be greatly reduced. Although the second party adds a plurality of point addition operations in the salt adding process, the calculation complexity of the point addition operation is far lower than that of the point multiplication operation reduced by the first party, so that the calculation amount is greatly reduced as a whole. The amount of data communicated between the first party and the second party is substantially consistent. Thus, in general, the privacy deal process shown in fig. 2 can reduce computations and improve privacy deal efficiency. This effect is particularly noticeable in the case where the first party holds traffic data in a much larger amount than the second party.
More specifically, FIG. 3 shows a flow diagram of privacy commitment, according to one embodiment. The execution subject of the flow may be the first party in fig. 2 to obtain the data intersection, and more specifically, the execution subject may be a computer, a device, a server, or the like corresponding to the first party. The first party may cooperate with another data party, such as a second party, to determine the intersection of the business data of the two parties. The second party may be, for example, one of a plurality of business parties opposite the first party. The privacy commitment result of the process may be: the first party acquires the intersection data, the second party does not acquire the intersection data and cannot determine whether any local service data is also the service data held by the first party.
Further, a first party may hold a first private key and a second party may hold a second private key. Assuming that the service data used by the first party for the privacy transaction in the current round is a plurality of first data, the service data used by the second party for the privacy transaction in the current round is a plurality of second data, and each first ciphertext of each piece of first data encrypted by the first private key in advance can be stored in the first party. As mentioned above, the first ciphertext may be a point on an elliptic curve, or an element in a finite field, a hash value of the service data, or the like, according to the encryption method used, which is not limited herein.
When the first ciphertext is a point on the elliptic curve, each piece of first data may be mapped to each point on the elliptic curve by using a hash to point scheme, and each point is further encrypted by a point multiplication operation through a first key. In this way, the coordinates of each point can be determined in a hash manner. For example, for a certain piece of first data, a predetermined hash algorithm is used to determine a coordinate of a horizontal axis (e.g., x axis), and then a coordinate of a vertical axis (e.g., y axis) is determined according to the coordinate of the horizontal axis and an elliptic curve equation, so as to obtain a point (x, y) on the elliptic curve. Where y may agree in advance to take positive or negative values. The first ciphertext may be Ka (H (a)), for example.
In the case where the first ciphertext is a point on an elliptic curve, the HDF may be used to map each piece of service data to each element on the finite field. The elements in the finite field may be, for example, numbers between 1 and Q-1, with Q being a predetermined prime number. At this time, the operation of encrypting each piece of first data by the first key may be regarded as performing a Modular Exponentiation (Modular Exponentiation) with the hash value of the first data as a base and the key as an exponent, and the operation of adding the ciphertexts may be regarded as a Modular multiplication operation, which is not described herein again. In this case, the first ciphertext may be equivalent to (H (a))Ka% Q. It is understood that in (H (a))KaIn% Q, it is difficult to reverse Ka or H (a). The hash value of the first data can be used for not only primary encryption, but also normalization of the individual pieces of service data to a uniform form, which is beneficial to subsequent calculation.
According to other embodiments, each piece of first ciphertext may also be obtained by performing an encryption operation on the first data in other manners. Each piece of the first ciphertext may be predetermined and stored by the first party.
As shown in fig. 3, the process of privacy intersection may include the following steps: step 301, negotiating with a second party about current salt; step 302, determining a first salt added ciphertext of each first data based on each first ciphertext and the current salt, so as to provide the first salt added ciphertext to a second party; step 303, receiving each second salt adding ciphertext sent by the second party and corresponding to each piece of second data, wherein each second salt adding ciphertext is determined by the second party by performing encryption operation on each piece of second data based on the second key and the current salt; step 304, encrypting each second salted ciphertext by using the first key to obtain each third salted ciphertext corresponding to each second data respectively; 305, feeding back each third salted ciphertext to the second party after disorder operation so that the second party can decrypt each third ciphertext through an inverse element of the second key to obtain a first key and current salt, respectively aiming at each fourth salted ciphertext of each second data, comparing each first salted ciphertext with each fourth salted ciphertext, and feeding back each position identifier corresponding to each first salted ciphertext with the matched fourth salted ciphertext to the first party; step 306, determining the same service data between the plurality of pieces of first data and the plurality of pieces of second data according to the position identifications fed back by the second party.
First, in step 301, a current salt is negotiated with a second party. It is understood that the present salt may be a salt for the present round according to the technical idea of the present specification. The current salt form may correspond to the encryption scheme employed. For example, in the case of an encryption scheme using an elliptic curve, the current salt may correspond to a point on the elliptic curve, in the case of an encryption scheme using a finite field, the current salt may correspond to a number in a finite field, and so on. The details of the determination of the present salt are described above, and are not repeated herein.
Further, at step 302, a first salted ciphertext for each of the first data is determined, based on each of the first ciphertexts and the current salt, for provision to the second party. It will be appreciated that, depending on the nature of the predetermined set of elements, encrypting the first data and the current salt separately followed by performing the salting operation, and salting the first data with the current salt before encrypting, results to be equivalent. Therefore, under the implementation structure of the present specification, in order to repeatedly use each first ciphertext corresponding to each first data, a manner of encrypting each first data and the current salt and then performing a salt adding operation may be adopted.
The first party may first encrypt the current salt with the first key Ka. For example, in the elliptic curve encryption mode, the encryption operation may be a dot multiplication operation KaS on a point on an ellipse, and in the finite field mode, a modular multiplication operation S may be usedKa% Q encrypts the current salt, and so on. This encrypted result for the current salt may be referred to as the salt's ciphertext.
Then, the salt adding operation may be performed on each first ciphertext corresponding to each first data based on the salt ciphertext to obtain each first salt added ciphertext corresponding to each first data, and each first salt added ciphertext is provided to the second party. It can be understood that, in the case that the encryption mode conforms to the partition law, performing the salting operation on the first ciphertext and the salted ciphertext may obtain a result consistent with the encryption operation on the first data after salting with the current salt, which is referred to as the first salted ciphertext in this specification. The first salted ciphertext may be denoted, for example, as KaS + Ka (h (a)). In the finite field format, the first salted ciphertext may also be (S × H (a))Ka Form of% Q. The first party may then provide the respective first salted ciphertext to the second party.
On the other hand, in step 303, the second salted ciphertext respectively corresponding to the second data sent by the second party is received. It is to be understood that the second salted ciphertext may be a ciphertext obtained by the second party encrypting each piece of the second data by using the second key. The method for the second party to obtain the second salted ciphertext may be the same as that of the first party, or the salting operation may be performed on each piece of the second data first, and then the second secret key is used for encryption. Similar to the first salted ciphertext, the second salted ciphertext may be determined differently depending on the encryption format. Under the condition that the encryption form is an elliptic curve, the salt adding operation and the encryption operation are respectively realized through point addition and point multiplication, and under the condition that the encryption form is a finite field, the salt adding operation and the encryption operation are realized through modular exponentiation and modular multiplication, which are not described herein again.
Then, in step 304, each second salted ciphertext is encrypted by the first key to obtain each third salted ciphertext respectively corresponding to each second data. The process of encrypting each second salted ciphertext by the first key is similar to the process of encrypting each first data by the first key, and is not described herein again. For example, in the case of elliptic curve cryptography, the second salted ciphertext may be denoted as Kb (h (b) + S), and the result of encrypting each second salted ciphertext by the first key may be denoted as KaKb (h (b) + S). In the finite field format, the result of encrypting each second salted ciphertext with the first key may be equivalent to (S × H (a))KaKb%Q。
Next, in step 305, each third salted ciphertext is fed back to the second party after being subjected to an out-of-order operation. It is understood that out of order is just a scrambling order. That is, the third salted ciphertext is reordered or shuffled. The contents of the third ciphertexts are unchanged, and the third ciphertexts are rearranged in sequence, so that after the third ciphertexts are fed back to the second party, the second party cannot determine which second data corresponds to each cipher text according to the arrangement sequence of the third salted ciphertexts.
The second party receives each third salted ciphertext, and can decrypt each third salted ciphertext through the inverse element of the second key Kb to obtain each fourth salted ciphertext obtained by encrypting each second data mapped to each point on the elliptic curve through the current salted data through the first key. The inverse element of the second key being, for example, Kb-1. The decryption process being, for example, Kb-1KaKb (h (b) + S) = Ka (h (b) + S), or ((h (b) × S)KaKbKb-1%Q=(H(b)×S)Ka% Q, which is not described in detail herein.
The second party may also compare each of the first salted ciphertexts with each of the fourth salted ciphertexts, and combine each of the first salted ciphertexts with each of the fourth salted ciphertextsAnd the position marks of the same salted ciphertext are fed back to the first party. That is, the results of comparing KaS + Ka (H (a)) and Ka (H (b) + S), or (H (b) xS)KaAnd (H (a) XS)KaThe result of (1). Because the encryption forms such as elliptic curves or finite fields meet the distribution law, in the two forms, the comparison main bodies (each first salting ciphertext and each fourth salting ciphertext) can be respectively regarded as the result of encrypting the first data and the second data by the first key after salting. The comparison process refers to the foregoing description of related contents in fig. 2, and is not repeated herein.
Since the order of the third salted ciphertext is disturbed, the second party cannot determine the corresponding second data according to the compared same service data position. In order to determine the same service data (intersection) by the first party, the second party may record the location identity of the first salted ciphertext that matches the corresponding fourth salted ciphertext and provide it to the first party. The location identification of the first salted ciphertext may be, for example, the current order of the first salted ciphertext (e.g., strip 50), the stored code, the ciphertext ID, or the like.
Step 306, determining the same service data in the plurality of pieces of first data and the plurality of pieces of second data according to each position identifier fed back by the second party. The first party can obtain relevant first data in the local service data according to the respective location identifier, where the first data are service data matched with the second data, that is, the same service data.
With the device corresponding to the second party as the execution subject, fig. 4 further shows a flow of privacy negotiation according to another embodiment, where the flow includes:
step 401, negotiating with the first party to determine the current salt. The current salt form may correspond to the encryption scheme employed. For example, in the case of an encryption scheme using an elliptic curve, the current salt may correspond to a point on the elliptic curve, in the case of an encryption scheme using a finite field, the current salt may correspond to a number in a finite field, and so on. The details of the determination of the present salt are described above, and are not repeated herein.
Step 402, performing a salt adding encryption operation on each piece of second data based on the second key and the current salt, respectively, so as to determine each second salt adding ciphertext corresponding to each piece of second data, respectively. Here, the salt adding operation may be performed on each piece of second data first and then encrypted, or the salt adding process may be performed after the encryption operation is performed first, and details are not described here.
At step 403, each of the second salted ciphertext is provided to the first party. In this way, the first party can encrypt each second salted ciphertext through the first key to obtain each third salted ciphertext corresponding to each second data respectively, and feed back each third salted ciphertext subjected to out-of-order operation;
and step 404, decrypting each third salted ciphertext through the inverse element of the second key to obtain each fourth salted ciphertext encrypted by adding salt to each piece of second data through the first key and the current salt.
Step 405, comparing each fourth salted ciphertext with each first salted ciphertext corresponding to each first data respectively to obtain each position identifier corresponding to each first salted ciphertext having the matched fourth salted ciphertext, and feeding back each position identifier to the first party, so that the first party can determine data intersection (same service data) of the plurality of first data and the plurality of second data according to each position identifier fed back by the second party. And the first party determines each first ciphertext corresponding to each first data and the current salt, and each first ciphertext is obtained by encrypting each first data by the first party by using a first key in advance.
In one embodiment, a single fourth salted ciphertext may be compared with each of the first salted ciphertexts one by one until a first salted ciphertext identical to the fourth salted ciphertext appears, and then, a position identifier of the first data corresponding to the first salted ciphertext is determined according to an order of the first salted ciphertext identical to the fourth salted ciphertext in each of the first salted ciphertexts.
In other embodiments, each first salted ciphertext having a matching fourth salted ciphertext may be determined by using the single first salted ciphertext and the fourth salted ciphertext one by one, which is not limited herein. The position indication may be an arrangement order in each first salted ciphertext, a ciphertext ID, a storage tag, and the like.
In an optional embodiment, in order to save the amount of computation, for the first salted ciphertext matched with the corresponding fourth salted ciphertext, the corresponding fourth salted ciphertext/first salted ciphertext may be deleted or marked as matched, and the like, and the salted ciphertext is not used in the subsequent ciphertext matching process.
It should be noted that the embodiment shown in fig. 2 is a written embodiment from the perspective of interaction between the first party and the second party under a specific implementation architecture, and the related description thereof may be adapted to the related parts of the embodiments described in fig. 3 and fig. 4. Some of the steps shown in fig. 2, 3, and 4 are only one implementation example, and in practice, the order of some steps may be interchanged without substantially affecting the result. For example, in fig. 3, the steps of identifying the respective first salted ciphertext corresponding to the respective first data (steps 301 to 302) and the steps of identifying the respective third salted ciphertext corresponding to the respective second data (steps 303 to 305) may be executed in the same order or in parallel, but are not limited thereto.
Reviewing the above process, in the privacy negotiation process of the first party and the second party, based on the fact that one party can obtain data intersection and the other party cannot know the service data of the other party or whether any one of the local service data is required by the service held by the other party, each service data is mapped into an element in a preset element set, and each data party negotiates the current salt for the processing of the data by the two data parties, so that the party with low data change frequency can encrypt the service data in advance and repeatedly use the service data, only the negotiated current salt is encrypted in the privacy negotiation process, and the cipher text of the service data is subjected to salt adding operation by using the cipher text of the salt, thereby greatly reducing the calculation amount for encrypting the service data and improving the privacy negotiation efficiency.
Further, the privacy intersection processing flow provided by the embodiment of the present specification can be generalized to more privacy intersection processing service scenarios, for example, whether the intersection data is known by the second party is not limited. Referring to fig. 3 and 4, when the service requirement is that the second party can obtain intersection data, in step 305, each third salted ciphertext fed back to the second party by the first party may not undergo an out-of-order operation, and in step 405, the second party may directly obtain the same service data, that is, intersection data, by comparing the third salted ciphertext with the intersection data and provide the intersection data to the first party. In this case, in an alternative embodiment, step 306 may be eliminated. Further, in the case that the service requirement is that only the second party knows the intersection data, in step 405, the second party may directly obtain the same service data, that is, the intersection data, through comparison, and may not provide the same service data to the first party. In other service scenarios, the technical concept of salt addition by encryption may have other processing modes after the salt addition encryption step, which is not described herein again.
According to an embodiment of another aspect, a system for privacy commitment is also provided. As shown in fig. 5, the system includes a first party and a second party as data parties, the first party acquires data intersections of pieces of first data held by the first party and pieces of second data held by the second party, and the second party cannot acquire the data intersections and cannot determine whether any piece of second data belongs to the first party. Referring to FIG. 5:
the first party 510 and the second party 520 are configured to jointly negotiate a current salt;
the first party 510 is further configured to determine, based on the respective first ciphertexts and the current salt, a first salted ciphertexts of the respective first data to provide to the second party;
the second party 520 is further configured to determine, based on the second key and the current salt, respective second salted ciphertext corresponding to the respective second data to provide to the first party;
the first party 510 is further configured to encrypt each second salted ciphertext with the first key to obtain third salted ciphertexts corresponding to each second data, and provide the third salted ciphertexts to the second party after disorder;
the second party 520 is further configured to decrypt each third salted ciphertext through an inverse element of the second key to obtain each fourth salted ciphertext respectively corresponding to each second data based on the first key and the current salt; comparing each fourth salted ciphertext with each first salted ciphertext, and feeding back each position identifier corresponding to each first salted ciphertext with the matched fourth salted ciphertext to the first party;
the first party 510 is further configured to determine the same service data between the several pieces of first data and the several pieces of second data according to the respective location identifiers fed back by the second party.
More specifically, first party 510 may include an apparatus for privacy negotiation, the apparatus comprising:
a negotiation unit 511 configured to negotiate a current salt with the second party;
a salt encryption unit 512 configured to determine a first salt ciphertext of each first data based on each first ciphertext and a current salt, to provide to the second party;
a receiving unit 513, configured to receive each second salt added ciphertext sent by the second party and corresponding to each piece of second data, where each second salt added ciphertext is determined by the second party based on the second key and the current salt, and performs an encryption operation on each piece of second data;
the salting encryption unit 512 is further configured to encrypt each second salting ciphertext by using the first key to obtain each third salting ciphertext corresponding to each second data;
the disorder unit 514 is configured to feed back the third salted ciphertext to the second party after disorder operation, so that the second party decrypts the third salted ciphertext through an inverse element of the second key to obtain a fourth salted ciphertext based on the first key and the current salt, respectively aim at each second data, compare the first salted ciphertext with each fourth salted ciphertext, and feed back each position identifier corresponding to each first salted ciphertext having the matched fourth salted ciphertext to the first party;
the determining unit 515 is configured to determine, according to the position identifiers fed back by the second party, the same service data between the several pieces of first data and the several pieces of second data.
On the other hand, as shown in fig. 5, the second party may also comprise means for privacy intersection. The device includes:
a negotiation unit 521 configured to negotiate with the first party to determine a current salt;
a salt adding encryption unit 522, configured to perform, for each piece of second data, a salt adding encryption operation based on the second key and the current salt, respectively, so as to determine each second salt adding ciphertext corresponding to each piece of second data, respectively;
a sending unit 523 configured to provide each second salted ciphertext to the first party, so that the first party encrypts each second salted ciphertext by using the first key to obtain each third salted ciphertext corresponding to each piece of second data, and feeds back each third salted ciphertext subjected to the out-of-order operation;
a decryption unit 524, configured to decrypt each third salted ciphertext by using the inverse element of the second key to obtain each fourth salted ciphertext respectively subjected to salt encryption on each piece of second data via the first key and the current salt;
and a comparing unit 525 configured to compare each fourth salted ciphertext with each first salted ciphertext corresponding to each first data respectively to obtain each position identifier corresponding to each first salted ciphertext having the matched fourth salted ciphertext, and feed back each position identifier to the first party, so that the first party determines the same service data between the plurality of first data and the plurality of second data according to each position identifier fed back by the second party, wherein each first salted ciphertext is determined by the first party by using each first ciphertext corresponding to each first data respectively and the current salt, and each first ciphertext is obtained by the first party by encrypting each first data respectively by using a first key in advance.
It should be noted that the system and the apparatus shown in fig. 5 respectively correspond to the method embodiments shown in fig. 2, fig. 3, and fig. 4, and the corresponding descriptions in the method embodiments of fig. 2, fig. 3, and fig. 4 are respectively applicable to the system and the apparatus shown in fig. 5, and are not described again here.
According to an embodiment of another aspect, there is also provided a computer-readable storage medium having stored thereon a computer program which, when executed in a computer, causes the computer to perform the method described in connection with fig. 3 or fig. 4 or the like.
According to an embodiment of still another aspect, there is also provided a computing device including a memory and a processor, the memory having stored therein executable code, the processor implementing the method described in conjunction with fig. 3 or fig. 4, and so on, when executing the executable code.
Those skilled in the art will recognize that, in one or more of the examples described above, the functions described in the embodiments of this specification may be implemented in hardware, software, firmware, or any combination thereof. When implemented in software, the functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium.
The above-mentioned embodiments are intended to explain the technical idea, technical solutions and advantages of the present specification in further detail, and it should be understood that the above-mentioned embodiments are merely specific embodiments of the technical idea of the present specification, and are not intended to limit the scope of the technical idea of the present specification, and any modification, equivalent replacement, improvement, etc. made on the basis of the technical solutions of the embodiments of the present specification should be included in the scope of the technical idea of the present specification.

Claims (25)

1. A privacy intersection method is used for aiming at a first party holding a plurality of pieces of first data and a second party holding a plurality of pieces of second data, the first party obtains the same service data in the plurality of pieces of first data and the plurality of pieces of second data, the second party cannot obtain the same service data and cannot determine whether any piece of second data belongs to the first party, the first party is a service party providing predetermined services, each first ciphertext obtained by encrypting each piece of first data by using a first key is stored in advance, and the second party is a data party or a service demand party; the method comprises the following steps:
the first party and the second party negotiate a current salt;
the first party determines a first salt added ciphertext of each first data based on each first ciphertext and the current salt to provide to the second party;
the second party determines each second salt adding ciphertext corresponding to each second data respectively based on the second key and the current salt so as to provide the second salt adding ciphertext for the first party;
the first party encrypts each second salted ciphertext by using the first key to obtain third salted ciphertexts respectively corresponding to each second data, and the third salted ciphertexts are provided to the second party after being out of order;
the second party decrypts each third salted ciphertext through the inverse element of the second key to obtain each fourth salted ciphertext aiming at each second data respectively based on the first key and the current salt;
the second party compares each fourth salted ciphertext with each first salted ciphertext, and feeds back each position identifier corresponding to each first salted ciphertext with the matched fourth salted ciphertext to the first party;
and the first party determines the same service data between the plurality of pieces of first data and the plurality of pieces of second data according to each position identifier fed back by the second party.
2. The method of claim 1, wherein the current salt is determined based on a selected reference element from a predetermined set of elements and the first and second keys, the elements of the predetermined set of elements satisfying the condition: the fusion result of any two elements in a preset encryption mode is still the element in the preset element set; the encryption processes according to the predetermined encryption mode for two times of a single element have interchangeability.
3. The method according to claim 2, wherein the predetermined set of elements is a set of points on an elliptic curve, each predetermined element is a respective point on the elliptic curve, the reference element is a reference point on the elliptic curve, and the predetermined encryption manner is a point multiplication operation;
the first party negotiating the current salt with the second party includes:
one of the first party and the second party generates a first random character string, and performs dot multiplication operation on the reference point by using the first random character string to obtain a first result so as to send the first result to the other one of the first party and the second party, wherein the first result corresponds to a point on the elliptic curve;
and the other party performs dot product operation on the first result based on a locally generated second random character string to obtain the current salt.
4. The method according to claim 2, wherein the predetermined set of elements is a finite field, each predetermined element is Q elements in the finite field, and the predetermined encryption manner is a modular exponentiation;
the first party negotiating the current salt with the second party includes:
the first party generates a third random character string, and the second party generates a fourth random character string;
and the first party and the second party jointly perform modular exponentiation operation on Q by using the third random character string and the fourth random character string to obtain the current salt.
5. The method of claim 1, wherein the first party determining, based on the respective first ciphertext and the current salt, a first salted ciphertext for the respective first data comprises:
the first party encrypts the current salt by using a first key to obtain a salt ciphertext;
and performing salting operation on each first ciphertext based on the salted ciphertext to obtain each first salted ciphertext corresponding to each first data.
6. The method of claim 5, wherein:
in a case where each first ciphertext and the ciphertext of the salt are mapped to each point on an elliptic curve, the performing, by the ciphertext of the salt, a salting operation on each first ciphertext comprises:
for a single first ciphertext, performing a point add operation on a point on the elliptic curve corresponding to the single first ciphertext and a point on the elliptic curve corresponding to the ciphertext of the salt;
in a case where each first ciphertext and the ciphertext of the salt are mapped to each element in a finite field, respectively, performing a salt addition operation on each first ciphertext based on the ciphertext of the salt includes:
performing, for a single first ciphertext, a modular multiplication operation on a numeric value of the single first ciphertext corresponding to a finite field and a numeric value of the ciphertext of the salt corresponding to a finite field.
7. The method of claim 1, wherein determining, by the second party, each respective second salted ciphertext corresponding to each respective second data based on the second key and the current salt comprises:
respectively executing salt adding operation on each second data according to the current salt to obtain respectively corresponding second salt adding data;
and respectively executing encryption operation on each second salting data by using the second key to obtain each second salting ciphertext corresponding to each second data.
8. A privacy intersection method is used for a first party holding a plurality of pieces of first data and a second party holding a plurality of pieces of second data, the first party acquires data intersection of the plurality of pieces of first data and the plurality of pieces of second data, the second party cannot acquire the data intersection and cannot determine whether any piece of second data belongs to the first party, and each first ciphertext obtained by respectively encrypting each piece of first data by using a first key is prestored in the first party; the method is performed by a first party and comprises:
negotiating a current salt with the second party;
determining a first salted ciphertext of each first data based on each first ciphertext and the current salt, for provision to a second party;
receiving second salt adding ciphertexts which are sent by the second party and respectively correspond to the second data, wherein the second salt adding ciphertexts are determined by the second party based on a second key and the current salt and respectively aim at the second data through encryption operation;
encrypting each second salted ciphertext by using the first key to obtain each third salted ciphertext corresponding to each second data respectively;
feeding back each third salted ciphertext to the second party after disorder operation so that the second party can decrypt each third salted ciphertext through an inverse element of the second key to obtain each fourth salted ciphertext aiming at each second data respectively based on the first key and the current salt, comparing each first salted ciphertext with each fourth salted ciphertext, and feeding back each position identifier corresponding to each first salted ciphertext with the matched fourth salted ciphertext to the first party;
and determining the same service data between the plurality of pieces of first data and the plurality of pieces of second data according to the position identifications fed back by the second party.
9. The method of claim 8, wherein the current salt is determined based on a selected reference element from a predetermined set of elements and the first and second keys, the elements of the predetermined set of elements satisfying the condition: the fusion result of any two elements in a preset encryption mode is still the element in the preset element set; the encryption processes according to the predetermined encryption mode for two times of a single element have interchangeability.
10. The method according to claim 9, wherein the predetermined set of elements is a set of points on an elliptic curve, each predetermined element is a respective point on the elliptic curve, the reference element is a reference point on the elliptic curve, and the predetermined encryption manner is a point multiplication operation;
the negotiating the current salt with the second party includes:
generating a first random string;
performing dot multiplication operation on the first random character string and the reference point to obtain a first result, and sending the first result to a second party so that the second party can perform dot multiplication operation on the first result based on a locally generated second random character string to determine the current salt; or
And performing dot product operation on a second result obtained from the second party according to the first random character string so as to determine the current salt, wherein the second result is obtained by performing dot product operation on the reference point by the second party based on a locally generated second random character string.
11. The method according to claim 9, wherein the predetermined set of elements is a finite field, each predetermined element is Q elements in the finite field, and the predetermined encryption manner is a modular exponentiation;
the negotiating the current salt with the second party includes:
generating a third random string;
and performing modular exponentiation operation on Q by combining with a fourth random character string generated by the second party based on the third random character string to obtain the current salt.
12. The method of claim 9, wherein the determining, based on the respective first ciphertext and the current salt, a first salted ciphertext of the respective first data comprises:
encrypting the current salt by using the first key to obtain a salt ciphertext;
and aiming at each first ciphertext, respectively utilizing the ciphertext of the salt to execute a salt adding operation to obtain each corresponding first salt adding ciphertext.
13. A privacy intersection method is used for aiming at a first party holding a plurality of pieces of first data and a second party holding a plurality of pieces of second data, the first party acquires the same service data in the plurality of pieces of first data and the plurality of pieces of second data, and the second party cannot acquire the same service data and cannot determine whether any piece of second data belongs to the first party; the method is performed by a second party, comprising:
negotiating with a first party to determine a current salt;
for each piece of second data, performing salt adding encryption operation based on a second key and the current salt respectively so as to determine each second salt adding ciphertext corresponding to each piece of second data respectively;
providing each second salted ciphertext to the first party, so that the first party encrypts each second salted ciphertext through the first key to obtain each third salted ciphertext corresponding to each second data respectively, and feeding back each third salted ciphertext subjected to out-of-order operation;
decrypting each third salted ciphertext by using the inverse element of the second key to obtain each fourth salted ciphertext subjected to salting encryption on each piece of second data by using the first key and the current salt;
and comparing each fourth salting ciphertext with each first salting ciphertext corresponding to each first data respectively to obtain each position identifier corresponding to each first salting ciphertext with the matched fourth salting ciphertext, feeding each position identifier back to the first party so that the first party can determine the same service data between the plurality of first data and the plurality of second data according to each position identifier fed back by the second party, wherein each first salting ciphertext is determined by the first party by using each first ciphertext corresponding to each first data and the current salt, and each first ciphertext is obtained by the first party by using the first key to encrypt each first data in advance.
14. The method of claim 13, wherein the current salt is determined based on a selected reference element from a predetermined set of elements and the first and second keys, the elements of the predetermined set of elements satisfying the condition: the fusion result of any two elements in a preset encryption mode is still the element in the preset element set; the encryption processes according to the predetermined encryption mode for two times of a single element have interchangeability.
15. The method according to claim 14, wherein the predetermined set of elements is a set of points on an elliptic curve, each predetermined element is a respective point on the elliptic curve, the reference element is a reference point on the elliptic curve, and the predetermined encryption manner is a point multiplication operation; the negotiating the current salt with the first party includes:
generating a second random string;
performing dot product operation on the second random character string and the reference point to obtain a second result, and sending the second result to the first party so that the first party can perform dot product operation on the second result based on the locally generated first random character string to determine the current salt; or
And performing dot multiplication operation on a first result obtained from the first party according to the second random character string so as to determine the current salt, wherein the first result is obtained by performing dot multiplication operation on the reference point by the first party based on the locally generated first random character string.
16. The method according to claim 14, wherein the predetermined set of elements is a finite field, each predetermined element is Q elements in the finite field, and the predetermined encryption manner is a modular exponentiation;
the negotiating the current salt with the first party includes:
generating a fourth random character string;
and performing modular exponentiation operation on Q in combination with a third random character string generated by the first party based on the fourth random character string to obtain the current salt.
17. The method of claim 15, wherein the performing, for each piece of second data, a salting encryption operation based on a second key and the current salt to determine each second salted ciphertext corresponding to each piece of second data comprises:
aiming at the single piece of second data, mapping the single piece of second data to a point on the elliptic curve and a point on the elliptic curve corresponding to the current salt to execute point addition operation to obtain single piece of salt addition data corresponding to the single piece of second data;
and performing dot product operation on the single piece of salted data by using the second key to obtain a second salted ciphertext corresponding to the single piece of second data.
18. The method of claim 16, wherein the performing, for each piece of second data, a salting encryption operation based on a second key and the current salt to determine each second salted ciphertext corresponding to each piece of second data comprises:
performing modular multiplication operation aiming at Q aiming at the single piece of second data and the current salt to obtain single piece of salt adding data corresponding to the single piece of second data;
and performing modular exponentiation operation on Q by using the single salted data and the second key to obtain a second salted ciphertext corresponding to the corresponding single second data.
19. The method of claim 13, wherein the comparing each fourth salted ciphertext with each first salted ciphertext respectively corresponding to each first data to obtain each location identifier of each identical salted ciphertext comprises:
comparing a single fourth salted ciphertext with each first salted ciphertext one by one until a first salted ciphertext identical to the fourth salted ciphertext appears;
and determining the position identifier of the first data corresponding to the first salted ciphertext according to the sequence of the first salted ciphertext which is the same as the fourth salted ciphertext in each first salted ciphertext.
20. The method of claim 19, wherein the step of comparing, for a single fourth salted ciphertext, each of the first salted ciphertexts includes eliminating from each of the first salted ciphertexts a first salted ciphertext determined to be identical to another fourth salted ciphertext.
21. A privacy intersection system comprises a first party and a second party which are used as data parties, wherein the first party acquires data intersection of a plurality of pieces of first data held by the first party and a plurality of pieces of second data held by the second party, the second party cannot acquire the data intersection and cannot determine whether any piece of second data belongs to the first party, and the first party also prestores first ciphertexts obtained by respectively encrypting the first data by using a first key; wherein:
the first party and the second party are configured to jointly negotiate a current salt;
the first party is further configured to determine, based on the respective first ciphertexts and the current salt, a first salted ciphertexts of the respective first data to provide to the second party;
the second party is further configured to determine, based on the second key and the current salt, respective second salted ciphertext corresponding to the respective second data to provide to the first party;
the first party is further configured to encrypt each second salted ciphertext by using the first key to obtain third salted ciphertexts respectively corresponding to each second data, and the third salted ciphertexts are provided to the second party after being out of order;
the second party is further configured to decrypt each third salted ciphertext through an inverse element of the second key to obtain each fourth salted ciphertext respectively aiming at each second data based on the first key and the current salt; and
comparing each fourth salted ciphertext with each first salted ciphertext, and feeding back each position identifier corresponding to each first salted ciphertext with the matched fourth salted ciphertext to the first party;
the first party is also configured to determine the same service data between the plurality of pieces of first data and the plurality of pieces of second data according to each position identifier fed back by the second party.
22. A privacy intersection device is arranged on a first party holding a plurality of pieces of first data and used for acquiring data intersection of the plurality of pieces of first data and a plurality of pieces of second data held by a second party aiming at the first party and the second party serving as data parties, the second party cannot acquire the data intersection and cannot determine whether any piece of second data belongs to the first party, and each first ciphertext obtained by encrypting each piece of first data by using a first key is prestored in the first party; the device comprises:
a negotiation unit configured to negotiate a current salt with a second party;
a salt encryption unit configured to determine a first salt ciphertext of each first data based on each first ciphertext and the current salt, to provide to a second party;
the receiving unit is configured to receive each second salt adding ciphertext which is sent by the second party and corresponds to each piece of second data respectively, wherein each second salt adding ciphertext is determined by the second party through an encryption operation aiming at each piece of second data respectively based on the second key and the current salt;
the salt adding encryption unit is further configured to encrypt each second salt adding ciphertext by using the first key to obtain each third salt adding ciphertext corresponding to each piece of second data;
the disorder unit is configured to feed back the third salted ciphertext to the second party after disorder operation, so that the second party can decrypt the third salted ciphertext through an inverse element of a second key to obtain fourth salted ciphertexts aiming at second data respectively based on the first key and the current salt, compare the first salted ciphertext with the fourth salted ciphertexts, and feed back position identifications corresponding to the first salted ciphertexts with the matched fourth salted ciphertext to the first party;
and the determining unit is configured to determine the same service data between the plurality of pieces of first data and the plurality of pieces of second data according to each position identifier fed back by the second party.
23. A privacy intersection device is arranged on a second party holding a plurality of pieces of second data and used for aiming at a first party and a second party serving as data parties, the first party acquires data intersection of the plurality of pieces of first data held by the first party and the plurality of pieces of second data, and the second party cannot acquire the data intersection and cannot determine whether any piece of second data belongs to the first party; the device comprises:
a negotiation unit configured to negotiate with a first party to determine a current salt;
the salt adding encryption unit is configured to perform salt adding encryption operation on each piece of second data based on a second key and the current salt respectively so as to determine each second salt adding ciphertext corresponding to each piece of second data respectively;
the sending unit is configured to provide each second salted ciphertext to the first party, so that the first party encrypts each second salted ciphertext through the first key to obtain each third salted ciphertext corresponding to each piece of second data respectively, and feeds back each third salted ciphertext subjected to out-of-order operation;
a decryption unit configured to decrypt each third salted ciphertext by using an inverse element of the second key to obtain each fourth salted ciphertext respectively subjected to salt encryption on each piece of second data by using the first key and the current salt;
and the comparison unit is configured to compare each fourth salted ciphertext with each first salted ciphertext corresponding to each first data respectively to obtain each position identifier corresponding to each first salted ciphertext having the matched fourth salted ciphertext, and feed each position identifier back to the first party, so that the first party determines the same service data between the plurality of first data and the plurality of second data according to each position identifier fed back by the second party, wherein each first salted ciphertext is determined by the first party by using each first ciphertext corresponding to each first data respectively and the current salt, and each first ciphertext is obtained by the first party by encrypting each first data respectively by using the first key in advance.
24. A computer-readable storage medium, having stored thereon a computer program which, when executed in a computer, causes the computer to perform the method of any of claims 8-20.
25. A computing device comprising a memory and a processor, wherein the memory has stored therein executable code, and wherein the processor, when executing the executable code, implements the method of any of claims 8-20.
CN202110235466.XA 2021-03-03 2021-03-03 Privacy intersection method and device Active CN112597524B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110235466.XA CN112597524B (en) 2021-03-03 2021-03-03 Privacy intersection method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110235466.XA CN112597524B (en) 2021-03-03 2021-03-03 Privacy intersection method and device

Publications (2)

Publication Number Publication Date
CN112597524A CN112597524A (en) 2021-04-02
CN112597524B true CN112597524B (en) 2021-05-18

Family

ID=75210358

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110235466.XA Active CN112597524B (en) 2021-03-03 2021-03-03 Privacy intersection method and device

Country Status (1)

Country Link
CN (1) CN112597524B (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113158253B (en) * 2021-05-14 2023-05-12 深圳前海微众银行股份有限公司 Privacy union method and device
CN113343255B (en) * 2021-06-04 2024-06-25 百融云创科技股份有限公司 Data interaction method based on privacy protection
CN113468601B (en) * 2021-06-30 2022-08-02 建信金融科技有限责任公司 Data privacy fusion method and device
CN113726764B (en) * 2021-08-27 2023-03-24 杭州溪塔科技有限公司 Private data transmission method and device
CN114003962B (en) * 2021-12-28 2022-04-12 支付宝(杭州)信息技术有限公司 Multi-party data query method and device for protecting data privacy
CN114640444B (en) * 2022-03-18 2023-10-24 哈尔滨理工大学 Privacy protection set intersection acquisition method and device based on domestic cryptographic algorithm
CN118133352B (en) * 2024-05-08 2024-07-16 北京国际大数据交易有限公司 Method, device, equipment and storage medium for determining data intersection

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108664798B (en) * 2017-03-31 2021-06-29 北京京东尚科信息技术有限公司 Information encryption method and device
CN108022654B (en) * 2017-12-20 2021-11-30 深圳先进技术研究院 Association rule mining method and system based on privacy protection and electronic equipment
CN108199838B (en) * 2018-01-31 2020-05-05 北京深思数盾科技股份有限公司 Data protection method and device
CN111767364B (en) * 2019-03-26 2023-12-29 钉钉控股(开曼)有限公司 Data processing method, device and equipment
CN110535622A (en) * 2019-08-01 2019-12-03 阿里巴巴集团控股有限公司 Data processing method, device and electronic equipment
CN112152813B (en) * 2020-09-11 2022-06-07 中南民族大学 Certificateless content extraction signcryption method supporting privacy protection

Also Published As

Publication number Publication date
CN112597524A (en) 2021-04-02

Similar Documents

Publication Publication Date Title
CN112597524B (en) Privacy intersection method and device
CN113424185B (en) Fast inadvertent transmission
US8918648B2 (en) Digital signature and key agreement schemes
CN108199835B (en) Multi-party combined private key decryption method
US8331568B2 (en) Efficient distribution of computation in key agreement
US7716482B2 (en) Conference session key distribution method in an ID-based cryptographic system
US11405365B2 (en) Method and apparatus for effecting a data-based activity
CN112906030B (en) Data sharing method and system based on multi-party homomorphic encryption
US10797867B2 (en) System and method for electronic bidding
US20060098819A1 (en) Methods, devices and systems for generating anonymous public keys in a secure communication system
US11374910B2 (en) Method and apparatus for effecting a data-based activity
CN114219483B (en) Method, equipment and storage medium for sharing block chain data based on LWE-CPBE
US11451369B2 (en) Method and system for multi-authority controlled functional encryption
CN105307165A (en) Communication method based on mobile application, server and client
CN113886887A (en) Data query method and device based on multi-party security calculation
US20240097894A1 (en) Threshold key exchange
CA2730626C (en) Improved digital signature and key agreement schemes
CN113014386A (en) Cipher system based on multi-party cooperative computing
US20210158444A1 (en) Method and Apparatus for a Blockchain-Agnostic Safe Multi-Signature Digital Asset Management
Annessi et al. Improving security for users of decentralized exchanges through multiparty computation
US20190215148A1 (en) Method of establishing anti-attack public key cryptogram
US12132838B2 (en) Secret code verification protocol
CN115842625A (en) Encryption method and system based on PKI system real-time negotiation key
CN114448636B (en) Quantum-resistant computing digital currency system based on digital certificate and anonymous communication method
CN115378588B (en) Method, apparatus and storage medium for inadvertent transmission

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20220113

Address after: Room 803, floor 8, No. 618 Wai Road, Huangpu District, Shanghai 200010

Patentee after: Ant blockchain Technology (Shanghai) Co.,Ltd.

Address before: 310000 801-11 section B, 8th floor, 556 Xixi Road, Xihu District, Hangzhou City, Zhejiang Province

Patentee before: Alipay (Hangzhou) Information Technology Co.,Ltd.

TR01 Transfer of patent right