CN112836239A - Method and device for cooperatively determining target object data by two parties for protecting privacy - Google Patents
Method and device for cooperatively determining target object data by two parties for protecting privacy Download PDFInfo
- Publication number
- CN112836239A CN112836239A CN202110189529.2A CN202110189529A CN112836239A CN 112836239 A CN112836239 A CN 112836239A CN 202110189529 A CN202110189529 A CN 202110189529A CN 112836239 A CN112836239 A CN 112836239A
- Authority
- CN
- China
- Prior art keywords
- encrypted data
- data
- party
- pieces
- double
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Medical Informatics (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the specification provides a method for cooperatively determining target object data by two parties for protecting privacy, wherein the two parties comprise a first party and a second party. The method is applied to a first party, and specifically comprises the following steps: on one hand, a plurality of pieces of first object data which are locally stored are encrypted by adopting an irreversible encryption algorithm to obtain a plurality of pieces of first encrypted data, and the plurality of pieces of first encrypted data are subjected to grouping processing, so that the first encrypted data which have the same attribute value aiming at a preset attribute are grouped into the same group, and a plurality of first groups and a plurality of corresponding first attribute values are obtained; on the other hand, a plurality of second packets and a corresponding plurality of second attribute values are received from the second party, which are determined based on a plurality of pieces of second object data stored locally by the second party; and further carrying out encrypted data matching on the first grouping and the second grouping which have the same attribute value to obtain a plurality of successfully matched target encrypted data which are used for determining a plurality of corresponding target object data.
Description
Technical Field
One or more embodiments of the present disclosure relate to the field of secure multiparty computing, and in particular, to a method and an apparatus for cooperatively determining target object data by two parties protecting privacy, and a method and an apparatus for cooperatively determining target object data by multiple parties protecting privacy.
Background
Currently, there are many scenarios that require the use of PSI (Private Set interaction) protocols. For example, in a friend discovery function of IM (instant messaging) software, it is necessary to match a contact in a telephone directory of a user terminal with a registered user of the IM software, to determine a contact in the telephone directory that is also using the IM software, and to perform friend recommendation. The PSI protocol allows two parties holding respective data sets to jointly compute the intersection of the two sets, and at the end of the protocol interaction, one or both parties get the correct intersection result and do not get any information in the other set except the intersection.
However, currently, there are bottlenecks including too high computational complexity and low computational efficiency when the PSI protocol is applied in most scenarios. Therefore, a scheme is needed to effectively reduce the calculation complexity of the PSI protocol in the actual scene application, so as to effectively improve the calculation efficiency.
Disclosure of Invention
One or more embodiments of the present disclosure describe a method and an apparatus for determining target object data by two parties in cooperation with each other to protect privacy, in which data sets of the two parties may be reasonably divided first, so as to effectively reduce the number of data collisions in subsequent calculations, thereby reducing the calculation complexity and improving the calculation efficiency.
According to a first aspect, there is provided a method for determining target object data by cooperation of two parties for privacy protection, the two parties including a first party and a second party, the method applied to the first party, including: encrypting the locally stored first object data by using an irreversible encryption algorithm to obtain first encrypted data; grouping the first encrypted data to enable the first encrypted data with the same attribute value aiming at the preset attribute to be classified into the same group, and obtaining a plurality of first groups and a plurality of corresponding first attribute values; receiving a plurality of second packets and a corresponding plurality of second attribute values from the second party, which are determined based on a plurality of second pieces of object data stored locally by the second party; and carrying out encryption data matching on the first grouping and the second grouping with the same attribute value to obtain a plurality of successfully matched target encryption data, wherein the successfully matched target encryption data is used for determining a plurality of corresponding target object data.
In one embodiment, the packet processing of the plurality of pieces of first encrypted data includes: performing modulus operation on the first encrypted data respectively based on a preset divisor to obtain a plurality of first operation values as a plurality of first attribute values; and grouping the first encrypted data with the same first attribute value into the same group to obtain the plurality of first packets.
In one embodiment, the packet processing of the plurality of pieces of first encrypted data includes: determining a plurality of first values of each piece of first encrypted data in a plurality of preset data bits to form a first value sequence as a corresponding first attribute value; and grouping the first encrypted data with the same first attribute value into the same group to obtain the plurality of first packets.
In one embodiment, after obtaining the plurality of target encrypted data successfully matched, the method further comprises: and determining a plurality of target object data corresponding to the plurality of target encrypted data based on the mapping relation between the plurality of pieces of first encrypted data and the plurality of pieces of first object data.
In one embodiment, after obtaining the plurality of target encrypted data successfully matched, the method further comprises: and sending the target encrypted data to the second party so that the second party determines target object data corresponding to the target encrypted data based on the mapping relation between the second encrypted data and the second object data.
According to a second aspect, there is provided a method for determining target object data by cooperation of two parties for privacy protection, the two parties including a first party and a second party, the method applied to the first party, including: encrypting a plurality of pieces of first object data stored locally by using a first private key to obtain a plurality of pieces of first single encrypted data; receiving a plurality of pieces of first double-encrypted data from the second party, wherein the plurality of pieces of first double-encrypted data are obtained by encrypting the plurality of pieces of first single-encrypted data by using a second private key by the second party; receiving a plurality of pieces of second single encrypted data, which is obtained by encrypting a plurality of pieces of second object data stored locally by the second party by using the second private key, from the second party; encrypting the second single encrypted data by using the first private key to obtain second double encrypted data; grouping the first double-encrypted data to enable the first double-encrypted data with the same attribute value aiming at the preset attribute to be classified into the same group, and obtaining a plurality of first groups and a plurality of corresponding first attribute values; grouping the second double-encrypted data to enable the second double-encrypted data with the same attribute value aiming at the preset attribute to be classified into the same group, and accordingly obtaining a plurality of second groups and a plurality of corresponding second attribute values; and performing double-encryption data matching on the first packet and the second packet with the same attribute value to obtain a plurality of successfully matched target double-encryption data, which are used for determining a plurality of corresponding target object data.
In one embodiment, the packet processing of the first plurality of pieces of double encrypted data includes: performing modulus operation on the first double encrypted data respectively based on a preset divisor to obtain a plurality of first operation values as a plurality of first attribute values; and grouping the first encrypted data with the same first attribute value into the same group to obtain the plurality of first packets.
In one embodiment, the packet processing of the first plurality of pieces of double encrypted data includes: determining a plurality of first values of each piece of first double-encrypted data in a plurality of preset data bits to form a first value sequence as a corresponding first attribute value; and grouping the first encrypted data with the same first attribute value into the same group to obtain the plurality of first packets.
In one embodiment, after obtaining the target dual encrypted data with successfully matched targets, the method further comprises: sending the target double-encrypted data to the second party so that the second party decrypts the target double-encrypted data by using a second public key corresponding to the second private key to obtain first single-encrypted data; receiving the number of first single encrypted data from the second party; and determining a plurality of target object data corresponding to the plurality of first single encrypted data.
According to a third aspect, there is provided a privacy-preserving method for collaborative determination of target object data by multiple parties, the multiple parties including a first data party and a second data party, the method comprising: a first data side encrypts a plurality of pieces of first object data stored locally by adopting a preset encryption mode to obtain a plurality of pieces of first encrypted data; a first appointed party in the multiple parties carries out grouping processing on the multiple pieces of first encrypted data in a preset grouping mode, so that the first encrypted data with the same attribute value aiming at the preset attribute are classified into the same group, and multiple first groups and corresponding multiple first attribute values are obtained; the second data side encrypts a plurality of pieces of second object data stored locally by adopting the preset encryption mode to obtain a plurality of pieces of second encrypted data; a second assignor in the multiple parties performs grouping processing on the multiple pieces of second encrypted data in the predetermined grouping manner, so that the second encrypted data with the same attribute value aiming at the predetermined attribute are classified into the same group, and multiple second groups and corresponding multiple second attribute values are obtained; and a third appointed party in the multiple parties performs encrypted data matching on the first packet and the second packet with the same attribute value to obtain a plurality of successfully matched target encrypted data for determining a plurality of target object data.
In one embodiment, the plurality of parties further includes a neutral server, and at least one of the first designated party, the second designated party, and the third designated party is the neutral server.
According to a fourth aspect, there is provided an apparatus for determining target object data in cooperation with two parties including a first party and a second party, the apparatus being applied to the first party, the apparatus including: an object data encryption unit configured to encrypt a plurality of pieces of locally stored first object data using an irreversible encryption algorithm to obtain a plurality of pieces of first encrypted data; an encrypted data grouping unit configured to perform grouping processing on the plurality of pieces of first encrypted data so that the first encrypted data having the same attribute value for a predetermined attribute are grouped into the same group, thereby obtaining a plurality of first groups and a corresponding plurality of first attribute values; a second party data receiving unit configured to receive, from the second party, a plurality of second packets and a corresponding plurality of second attribute values, which are determined based on a plurality of pieces of second object data locally stored by the second party; and the two-party data matching unit is configured to perform encryption data matching on the first packet and the second packet with the same attribute value to obtain a plurality of successfully matched target encryption data, and the successfully matched target encryption data is used for determining a plurality of corresponding target object data.
According to a fifth aspect, there is provided an apparatus for determining target object data in cooperation with two parties for privacy protection, the two parties including a first party and a second party, the apparatus being integrated with the first party, the apparatus comprising: the first encryption unit is configured to encrypt a plurality of pieces of first object data stored locally by using a first private key to obtain a plurality of pieces of first single encrypted data; a first receiving unit configured to receive a plurality of pieces of first double-encrypted data from the second party, the plurality of pieces of first double-encrypted data being obtained by the second party encrypting the plurality of pieces of first single-encrypted data with a second private key; a second receiving unit configured to receive, from the second party, a plurality of pieces of second single encrypted data obtained by the second party encrypting a plurality of pieces of second object data stored locally with the second private key; the second encryption unit is configured to encrypt the second single encrypted data by using the first private key to obtain second double encrypted data; a first grouping unit configured to perform grouping processing on the plurality of pieces of first double-encrypted data so that first double-encrypted data having the same attribute value for a predetermined attribute are grouped into the same group, thereby obtaining a plurality of first groups and a corresponding plurality of first attribute values; a second grouping unit configured to perform grouping processing on the plurality of pieces of second double-encrypted data so that the plurality of pieces of second double-encrypted data having the same attribute value for the predetermined attribute are grouped into the same group, thereby obtaining a plurality of second groupings and a corresponding plurality of second attribute values; and the data matching unit is configured to perform double-encryption data matching on the first packet and the second packet with the same attribute value to obtain a plurality of successfully matched target double-encryption data, and the successfully matched target double-encryption data is used for determining a plurality of corresponding target object data.
According to a sixth aspect, there is provided a privacy preserving system for collaborative determination of target object data by multiple parties, the multiple parties including a first data party and a second data party, the system comprising: the first data side is used for encrypting a plurality of pieces of first object data stored locally by adopting a preset encryption mode to obtain a plurality of pieces of first encrypted data; a first designated party in the multiple parties is used for grouping the multiple pieces of first encrypted data in a predetermined grouping mode, so that the first encrypted data with the same attribute value aiming at the predetermined attribute are grouped into the same group, and multiple first groups and corresponding multiple first attribute values are obtained; the second data side is used for encrypting the plurality of pieces of second object data stored locally by adopting the preset encryption mode to obtain a plurality of pieces of second encrypted data; a second designated party in the plurality of parties is configured to perform grouping processing on the plurality of pieces of second encrypted data in the predetermined grouping manner, so that the plurality of pieces of second encrypted data having the same attribute value for the predetermined attribute are grouped into the same group, thereby obtaining a plurality of second groups and a plurality of corresponding second attribute values; and the third appointed party in the multiple parties is used for carrying out encrypted data matching on the first packet and the second packet with the same attribute value to obtain a plurality of successfully matched target encrypted data and determining a plurality of target object data.
According to a seventh aspect, there is provided a computer readable storage medium having stored thereon a computer program which, when executed in a computer, causes the computer to perform the method of the first or second or third aspect.
According to an eighth aspect, there is provided a computing device comprising a memory having stored therein executable code, and a processor which, when executing the executable code, implements the method of the first or second or third aspect.
According to the method and the device for determining the target object data, provided by the embodiment of the specification, two data parties respectively adopt an irreversible encryption algorithm to encrypt a plurality of pieces of locally stored object data, the encrypted data with the same attribute value aiming at the preset attribute are divided into a group, and the group with the same attribute value of the two parties is subjected to encrypted data matching to obtain a plurality of pieces of target encrypted data, so that a plurality of pieces of target object data are determined.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
FIG. 1 illustrates a schematic diagram of stages in a multi-party collaborative determination of target object data, according to one embodiment;
FIG. 2 is a schematic interaction diagram illustrating collaborative determination of target object data by two parties, according to an embodiment;
FIG. 3 is an interaction diagram illustrating the cooperative determination of target object data by two parties according to another embodiment;
FIG. 4 illustrates a flow diagram of a method for privacy preserving multi-party collaborative determination of target object data, according to one embodiment;
FIG. 5 illustrates an implementation architecture diagram for multi-party collaborative determination of target object data, according to an example;
FIG. 6 illustrates an apparatus structure diagram for determining target object data in cooperation with privacy-preserving parties, according to one embodiment;
fig. 7 is a diagram showing a configuration of an apparatus for determining target object data in cooperation with both parties for privacy protection according to another embodiment.
Detailed Description
The scheme provided by the specification is described below with reference to the accompanying drawings.
As mentioned above, in many scenarios, privacy and security interaction is involved between two parties. In an intersection mode, two parties respectively encrypt respective data to ensure that ciphertext data after the same plaintext data are encrypted are the same; and then, directly comparing the encrypted data, and determining a corresponding plaintext data intersection based on the compared ciphertext data with the same two parties. However, this method is very computationally intensive and requires a two-way traversal comparison, say, assuming 10 for both parties of the intersection6Bar data, direct comparison requires calculation 1012And (4) secondary collision.
Furthermore, grouping can be performed by depending on information (such as country, region and the like segmentation addresses) outside the set corresponding to the data set, and then only data classified into the same group needs to be compared, so that the comparison times can be effectively reduced. For example, suppose that both parties have 106The bar data, further assuming that they are all split into 1000 pieces, at which time the number of data collisions in the calculation is 1000 x 103*103=109The number of collisions is reduced by a factor of 1000 compared to direct calculation without grouping. However, in this way, the off-set information used in grouping is effective and sensitive information associated with the data set, so that there is a risk of privacy disclosure, for example, a central node performing the intersection calculation can know the number of samples belonging to the same group (e.g., a certain country and region) in the data sets of both sides.
Further, the inventors propose that grouping can be based on the data content of the data set itself, thereby eliminating the risk of privacy leakage from grouping. Specifically, data attributes may be preset based on data content, and based on this, when a data holder performs grouping, an attribute value of each piece of ciphertext data for the preset attribute is determined first, and then ciphertext data having the same attribute value are grouped into the same group.
It should be understood that the purpose of the privacy data submission is generally to perform related business processing, and thus, each of the above-mentioned parties and data parties may be referred to as a business party, the data set held by the business party is referred to as an object data set for a business object, and the submission result is referred to as target object data, which is used for further business processing, for example, a friend recommendation list is presented to a user in an IM software interface.
Fig. 1 is a schematic diagram illustrating a phase of determining target object data by multi-party cooperation according to an embodiment, which sequentially includes three phases of object data encryption, encrypted data division and same-group data intersection.
The implementation steps of the above concept are described below with reference to specific embodiments.
Fig. 2 is an interaction diagram illustrating two parties cooperatively determining target object data according to an embodiment, where one of the two parties is referred to as a first party and the other party is referred to as a second party for clarity and conciseness of description. It is to be understood that the first and second parties may each be implemented as any device, platform, server, or cluster of devices having storage, computing capabilities.
The two parties store object data for the business objects respectively, specifically, a first party locally stores a plurality of pieces of first object data for a plurality of first business objects, and a second party locally stores a plurality of pieces of second object data for a plurality of second business objects.
In one implementation scenario, the business object includes a user and the corresponding object data includes user data. In a specific embodiment, the user data may include user identification or user attribute information, and specifically may include a mobile phone number, a certificate number, a registered user name, a character string including a user name and its parent name, and the like. In one example, the user data includes a mobile phone number, the first party may be a user terminal, the stored phone address book includes mobile phone numbers of a plurality of first users, the second party may be an IM system, the stored phone numbers of a plurality of second users are stored, and the two parties find a contact using IM software in the phone address book by finding a mobile phone number intersection, so as to recommend an IM friend to a user of the user terminal. In another example, the user data includes a certificate number, the first party may be a certain service platform (e.g., a bank) that stores certificate numbers of a plurality of first users, the second party may be another service platform (e.g., a payment platform) that stores certificate numbers of a plurality of second users, the two parties determine the same user as a target user by finding a certificate number intersection, and then the two parties respectively provide behavior data of the target user in the service platform for federal learning, so that a higher-quality service is provided for the user by using the generated model.
In another implementation scenario, the business object includes a commodity and the corresponding object data includes commodity data. In a specific embodiment, the commodity data may include a commodity identification or commodity attribute information, and specifically may include a commodity name, a commodity code, and the like. In one example, the commodity data includes commodity codes, the first party may be an e-commerce platform in which commodity codes of a plurality of first commodities clicked and browsed by a certain user are stored, the second party may be a payment platform in which commodity codes of a plurality of second commodities purchased by the certain user are stored, and the two parties determine a purchase conversion rate of the certain user in the e-commerce platform by finding a commodity intersection.
In the above description, the business object belongs to the user and the commodity, and actually, the business object may also be other objects such as a merchant and an event (e.g., an access event and a login event).
As shown in fig. 2, the interaction of the first and second parties may include the steps of:
in step S201, the first party encrypts the locally stored pieces of first object data using an irreversible encryption algorithm to obtain pieces of first encrypted data. It is to be understood that the irreversible encryption algorithm is characterized in that a secret key is not needed in the encryption process, the data after encryption is directly processed into a ciphertext through the encryption algorithm after plaintext is input, the encrypted data cannot be decrypted, and the data can be really decrypted only after the plaintext is input again and the data is processed through the same irreversible encryption algorithm again to obtain the same encrypted ciphertext which is identified by the system again. In one embodiment, the irreversible encryption algorithm may employ the MD5 algorithm. In another embodiment, the irreversible encryption algorithm may employ SHS (Secure Hash Standard). In yet another embodiment, the irreversible encryption algorithm may be implemented using multiple hashes in succession.
By encrypting each piece of first object data, respectively, corresponding first encrypted data can be obtained. In step S202, the first party performs packet processing on the obtained plurality of pieces of first encrypted data so that the first encrypted data having the same attribute value for a predetermined attribute are grouped into the same group, thereby obtaining a plurality of first packets and a corresponding plurality of first attribute values. The predetermined attribute can be set for the data content of the encrypted data and is independent of privacy and sensitive information, so that the leakage risk of privacy data can be eliminated.
In one embodiment, the predetermined attribute includes a remainder of the modulus operation of the encrypted data based on a predetermined divisor, where the setting of the divisor can refer to the number of groups of the desired group, and it should be understood that the predetermined divisor is smaller than the total number of the first encrypted data. Accordingly, this step may include: performing modulus operation on the first encrypted data respectively based on a preset divisor to obtain a plurality of first operation values (operation results are namely remainders) as a plurality of first attribute values; further, the first encrypted data having the same first attribute value are grouped into the same group, resulting in the plurality of first packets. In a simple example, assume that the plurality of pieces of first encrypted data include a1、a2、a3、a4And a5If the first three remainders of the modulo operation are the same and are all 1, and the second two remainders of the modulo operation are the same and are all 2, then a can be calculated1、a2、a3Grouping into one group and obtaining the attribute value corresponding to the group as 1, and, grouping a4、a5And classifying the data into another group, and obtaining the corresponding attribute value of 2. Therefore, the first party can obtain a plurality of first groups and a plurality of corresponding first attributes based on the preset divisor appointed by the second party and the mode of the modulus operationThe value is obtained.
In another embodiment, the predetermined attribute comprises a data value of the encrypted data at a plurality of predetermined data bits. It should be understood that a piece of encrypted data may correspond to a string of values, which may be binary, or decimal, hexadecimal, or other binary, and the string of values has corresponding values at each data position, and for example, assuming that a piece of encrypted data is represented by 00134567, the value of the 1 st data bit is 0 and the value of the 3 rd data bit is 1 when viewed from the upper bit to the lower bit.
Accordingly, this step may include: determining a plurality of first values of each piece of first encrypted data in a plurality of preset data bits to form a first value sequence as a corresponding first attribute value; and then the first encrypted data with the same first attribute value are classified into the same group to obtain a plurality of first groups. In a specific embodiment, the number of the plurality of preset data bits and the specific data position may be manually pre-specified. In another specific embodiment, the data positions may also be randomly set, for example, a total data position corresponding to the encrypted data is obtained, and the number of data bits is selected from the total data position, and then a random algorithm is used to generate the number of data bits corresponding to the number of data bits based on the total data position and the number of data bits. On the other hand, in a specific embodiment, the plurality of preset data bits may be arranged continuously or at intervals. In a simple example, assuming that the encrypted data includes 011001, 011101, 001100, 001111 and assuming that the plurality of predetermined data bits includes 2 nd and third bits counted from the upper bits, the encrypted data in which the first two attribute values are both 11 may be grouped and the encrypted data in which the second two attribute values are both 01 may be grouped.
In the above, the first party groups the plurality of pieces of first encrypted data, and may obtain a plurality of first groups and a plurality of corresponding first attribute values.
On the other hand, the second party encrypts the plurality of pieces of second object data stored locally by using the irreversible encryption algorithm in steps S203 and S204 to obtain a plurality of pieces of second encrypted data; and further grouping the plurality of pieces of second encrypted data so that the second encrypted data having the same attribute value for the predetermined attribute are grouped into the same group, thereby obtaining a plurality of second groups and a plurality of corresponding second attribute values. It should be understood that the way in which the second party encrypts the local object data and the way in which the encrypted data are grouped are the same as the encryption way and the grouping way adopted by the first party, so that it can be ensured that the encrypted data corresponding to the same object data in the first party and the second party fall into the group with the same attribute value, thereby ensuring the accuracy of subsequent matching. Therefore, for the description of step S203 and step S204, reference may be made to the description of step S201 and step S202, which is not repeated.
Further, the second party executes step S204 to obtain a plurality of second packets and a plurality of corresponding second attribute values, and then transmits them to the first party in step S205.
In step S206, the first party performs encrypted data matching on the first packets and the second packets having the same attribute values based on the locally determined plurality of first packets and the corresponding plurality of first attribute values, and the plurality of second packets and the corresponding plurality of second attribute values received from the second party, so as to obtain several successfully matched target encrypted data.
In one embodiment, the first party may first match the plurality of first attribute values with the plurality of second attribute values, and determine a plurality of identical pairs of first attribute values and second attribute values; then, for any pair of the first attribute value and the second attribute value, the encrypted data in the corresponding first packet and the second packet are matched to obtain the same first encrypted data and second encrypted data, and any one of the first encrypted data and the second encrypted data is included in the target encrypted data. In another embodiment, the matching of the attribute values and the matching of the encrypted data may be performed alternately, for example, the first party compares a certain first attribute value with a plurality of second attribute values, if the same second attribute value is matched, the encrypted data of the corresponding group is matched, after the matching of the encrypted data is completed, the certain first attribute value is planed from the plurality of first attribute values, the grouped data which has participated in the matching process is planed from the plurality of first groups and the plurality of second groups, and then the attribute value comparison of the next round is performed; otherwise, if the same second attribute value is not matched, the certain first attribute value is abandoned, and the next round of attribute value comparison is started.
Therefore, a plurality of target encrypted data which are the same with each other can be matched, and the plurality of target encrypted data are used for determining a plurality of corresponding target object data. The determination corresponding to the plurality of target business objects can be completed by the first party or the second party or both parties according to actual requirements. In an embodiment, the interaction process may further include step S207, where the first party determines, based on a mapping relationship between the plurality of pieces of first encrypted data and the plurality of pieces of first object data, a plurality of pieces of target object data corresponding to the plurality of pieces of target encrypted data. Further, in a more specific embodiment, after step S207, the above interaction process may further include: the first party sends the target object data to the second party. In another embodiment, the interaction process may further include step S208 and step S209, where the second party receives a plurality of target encrypted data from the first party, and further determines a plurality of target object data corresponding to the plurality of target encrypted data based on a mapping relationship between the plurality of second encrypted data and the plurality of second object data.
On the other hand, the target encrypted data can also be used to determine corresponding target business objects (such as system identifiers of business objects in corresponding data parties). In one embodiment, any party may determine a number of target business objects from a number of target object data. In another embodiment, any party may determine a plurality of target business objects corresponding to a plurality of target encrypted data based on a mapping relationship between the plurality of object data and the plurality of encrypted data. It should be understood that the plurality of business objects correspond to the plurality of pieces of object data, the plurality of pieces of encrypted data are obtained by encrypting the plurality of pieces of object data, and a mapping relationship between the plurality of pieces of encrypted data and the plurality of business objects can be established through the transmission of the correspondence relationship.
It should be noted that the execution order of the above interaction steps is not exclusive, and any order may be adopted as long as the steps can be executed smoothly.
To sum up, with the method for determining target object data disclosed in the embodiments of the present specification, two parties respectively employ an irreversible encryption algorithm to encrypt multiple pieces of locally stored object data, and divide encrypted data having the same attribute value for a preset attribute into a group, and then perform encrypted data matching on the groups having the same attribute value for the two parties to obtain multiple pieces of target encrypted data, thereby determining multiple pieces of target object data.
In the above method for determining target object data, the encryption mode used is an irreversible encryption algorithm, and in fact, other encryption algorithms may also be used, for example, an encryption algorithm that satisfies the exchange rate, that is, for the same data, a double encryption result obtained by first encrypting with the first private key and then secondarily encrypting with the second private key is the same as a double encryption result obtained by first encrypting with the second private key and then secondarily encrypting with the first private key. In the above method, each party performs grouping of encrypted data, and actually, the grouping of encrypted data of both parties may be performed by one party.
Specifically, fig. 3 shows an interaction diagram of determining target object data cooperatively between two parties according to another embodiment, where the illustrated interaction process includes the following steps:
in one aspect, the first party obtains a plurality of pieces of first double encrypted data corresponding to a plurality of first objects, and this process involves step S301, step S302, step S303, and step S304. Specifically, in step S301, a first party encrypts a plurality of pieces of first object data stored locally by using a first private key to obtain a plurality of pieces of first single encrypted data; step S302, a first party sends a plurality of pieces of first single encrypted data to a second party; step S303, the second party encrypts the plurality of pieces of first single encrypted data by using a second private key to obtain a plurality of pieces of first double encrypted data; in step S304, the second party sends the plurality of pieces of second double-encrypted data to the first party. The first private key and the second private key satisfy the exchange rate of encryption, and the first party obtains the plurality of pieces of first doubly encrypted data by performing the steps S301, S302, S303, and S304.
On the other hand, the first party obtains a plurality of pieces of second double-encrypted data corresponding to a plurality of second objects, and this process involves step S305, the second party encrypts the plurality of pieces of second object data stored locally by using a second private key to obtain a plurality of pieces of second single-encrypted data; step S306, the second party sends the second single encrypted data to the first party; step S307, the first party encrypts the plurality of pieces of second single encrypted data by using the first private key to obtain a plurality of pieces of second double encrypted data.
The first party carries out grouping processing on the first double-encrypted data and the second double-encrypted data. Specifically, in step S308, the first party performs packet processing on the first double-encrypted data, so that the first double-encrypted data having the same attribute value for the predetermined attribute are grouped into the same group, thereby obtaining a plurality of first packets and a plurality of corresponding first attribute values; in step S309, the first party performs packet processing on the plurality of pieces of second double-encrypted data, so that the second double-encrypted data having the same attribute value for the predetermined attribute are grouped into the same group, thereby obtaining a plurality of second packets and a plurality of corresponding second attribute values.
Further, in step S310, the first party performs double-encrypted data matching on the first packet and the second packet having the same attribute value, so as to obtain several target double-encrypted data that are successfully matched.
It should be noted that, for the above processes of grouping the dual encrypted data and matching the dual encrypted data, reference may be made to the processes of grouping and matching the encrypted data in the foregoing embodiments, which are not described in detail.
Therefore, a plurality of target double-encrypted data with the same two sides can be matched, and the plurality of target double-encrypted data are used for determining a plurality of corresponding target object data. The determination corresponding to the data of the plurality of target objects can be completed by the first party or the second party or both parties according to actual requirements.
In one embodiment, the above interaction process may further include the steps of: the first party sends the target double-encrypted data to the second party; the second party decrypts the target double encrypted data by using a second public key corresponding to the second private key to obtain a plurality of first single encrypted data; the first party receives the first single encrypted data from the second party; the first party determines a plurality of target object data corresponding to the plurality of first single encrypted data, in a specific embodiment, the plurality of target object data corresponding to the plurality of first single encrypted data may be determined based on a mapping relationship between the plurality of first single encrypted object data and the plurality of first object data, and in another specific embodiment, the plurality of first single encrypted object data may be decrypted by using a first public key corresponding to a first private key to obtain the plurality of first object data as the plurality of target object data.
In another embodiment, the above interaction process may further include the steps of: the first party decrypts the target double encrypted data by using a first public key corresponding to the first private key to obtain second single encrypted data; the first party sends the second single encrypted data to the second party; the second party determines a number of target object data corresponding to the number of second single encrypted data.
It should be noted that the execution order of the above interaction steps is not exclusive, and any order may be adopted as long as the steps can be executed smoothly.
To sum up, with the method for determining target object data disclosed in the embodiments of the present specification, two parties respectively use an encryption algorithm that satisfies an exchange rate to encrypt multiple pieces of locally stored object data, and divide encrypted data having the same attribute value for a preset attribute into a group, and then perform encrypted data matching on the groups having the same attribute value to obtain multiple pieces of target encrypted data, thereby determining multiple pieces of target object data.
It should be noted that, in the interaction processes shown in fig. 2 and fig. 3, the steps related to encryption and decryption of object data need data parties, including the first party and the second party, and for other grouping and matching of encrypted data, the operations on the encrypted data are performed without revealing data privacy, and may be performed by any party, such as the first party or the second party, or a third party other than the first party and the second party, such as a neutral server.
Fig. 4 shows a flowchart of a method for determining target object data cooperatively by multiple parties including a first data party (e.g., the first party mentioned above) and a second data party (e.g., the second party mentioned above) according to an embodiment, and the method includes the following steps:
step S410, a first data party encrypts a plurality of pieces of first object data stored locally by adopting a preset encryption mode to obtain a plurality of pieces of first encrypted data; step S420, a first designated party in the multiple parties performs packet processing on the multiple pieces of first encrypted data in a predetermined packet manner, so that the first encrypted data having the same attribute value for the predetermined attribute are grouped into the same group, thereby obtaining multiple first packets and corresponding multiple first attribute values; step S430, the second data side encrypts a plurality of pieces of second object data stored locally by adopting the preset encryption mode to obtain a plurality of pieces of second encrypted data; step S440, a second assignor in the multiple parties performs grouping processing on the multiple pieces of second encrypted data in the predetermined grouping manner, so that the second encrypted data having the same attribute value for the predetermined attribute are grouped into the same group, thereby obtaining multiple second groups and corresponding multiple second attribute values; step S450, a third party in the multiple parties matches the encrypted data of the first packet and the second packet having the same attribute value to obtain a plurality of successfully matched target encrypted data, which is used to determine a plurality of target object data.
For the above steps, the predetermined encryption methods mentioned in the above steps S410 and S430, in one implementation, the above irreversible encryption algorithm may be adopted. In another embodiment, the above encryption algorithm that satisfies the exchange rate may be employed.
For the predetermined grouping manner mentioned in step S420 and step S440, reference may be made to the description of grouping the encrypted data in the foregoing embodiment.
There are many cases where the first party performing step S420, the second party performing step S440, and the third party performing step S450 are the first party, and in one embodiment, the first data party and the second data party are included in the plurality of parties, and no other party is included, and accordingly, any of the parties may be the first data party or the second data party. In another embodiment, the multiple parties further include a neutral server, in which case one or two of the three designated parties may be the neutral server, and the remaining one may be the first data party or the second data party, or all of the three designated parties may be the neutral server.
According to one example, FIG. 5 illustrates an implementation architecture diagram for collaborative determination of target object data by multiple parties, including a first party, a second party, and a neutral server, referred to in FIG. 5 as A-party, B-party, and center node C, respectively, according to one example. As shown in fig. 5, in the object data encryption phase, party a and party B each encrypt the locally stored object data, specifically, party a encrypts its object data a using a predetermined encryption method1,A2,...,AnaRespectively encrypting to obtain corresponding encrypted data<A1>,<A2>,...,<Ana>The party B also uses the predetermined encryption mode to perform the object data B1,B2,...,BnBRespectively encrypting to obtain corresponding encrypted data<B1>,<B2>,...,<Bnb>(ii) a In the encrypted data dividing stage, the A party performs a modulus operation on each piece of encrypted data determined by the A party based on a preset divisor so as to divide each piece of encrypted data into corresponding groups, for example, the encrypted data<A1>,<A2>,<A3>And<A4>the corresponding remainders are 2, 1, 2 and 1, respectively, then<A1>And<A3>are included in group 2 and are included in the group,<A2>and<A4>being classified into group 1, party B is also based on a predetermined divisor,performing a modulo operation on each piece of encrypted data determined thereby to divide each piece of encrypted data into corresponding groups, e.g. encrypted data<B1>,<B2>,<B3>And<B4>the corresponding remainders are 1, 2, 2 and 1, respectively, then<B1>And<B3>are included in group 2 and are included in the group,<B2>and<B4>is classified in group 1; in the same group data intersection stage, the central node C matches the party a encrypted data and the party B encrypted data belonging to the same group to obtain a plurality of target encrypted data, as shown in fig. 5, including the party a encrypted data belonging to group 1<A2>And<A4>equal and B-party encrypted data<B2>And<B4>etc. to encrypt data of party A belonging to group 2<A1>And<A3>equal and B-party encrypted data<B1>And<B3>and so on. Further, the central node may send the obtained several target encrypted data to the party a and/or the party B, so that the party a and/or the party B determine several object data corresponding to the several target encrypted data, and/or determine several target service objects corresponding to the several target encrypted data.
To sum up, with the method for determining target object data disclosed in the embodiments of the present specification, a first data party and a second data party each employ an encryption algorithm that satisfies an exchange rate to encrypt a plurality of pieces of locally stored object data, an appointed party among the plurality of parties divides encrypted data having the same attribute value for a preset attribute into a group, and performs encrypted data matching on the groups having the same attribute value of the two parties to obtain a plurality of target encrypted data, so that the first data party and/or the second data party can determine a plurality of pieces of target object data.
Corresponding to the method for determining the target object data, the embodiment of the specification also discloses a device for determining the target object data. The method comprises the following specific steps:
fig. 6 is a block diagram of an apparatus for cooperatively determining target object data between two privacy-preserving parties including a first party and a second party, the apparatus being applied to the first party, according to one embodiment. As shown in fig. 6, the apparatus 600 includes:
an object data encryption unit 610 configured to encrypt a plurality of pieces of locally stored first object data using an irreversible encryption algorithm to obtain a plurality of pieces of first encrypted data; an encrypted data grouping unit 620 configured to perform grouping processing on the plurality of pieces of first encrypted data so that the first encrypted data having the same attribute value for a predetermined attribute are grouped into the same group, thereby obtaining a plurality of first groups and a corresponding plurality of first attribute values; a data receiving unit 630 of the other party, configured to receive a plurality of second packets and a corresponding plurality of second attribute values from the second party, which are determined based on a plurality of pieces of second object data stored locally by the second party; the two-party data matching unit 640 is configured to perform encrypted data matching on the first packet and the second packet having the same attribute value, so as to obtain several successfully matched target encrypted data, which are used for determining corresponding several target object data.
In one embodiment, the encrypted data packet unit 620 is specifically configured to: performing modulus operation on the first encrypted data respectively based on a preset divisor to obtain a plurality of first operation values as a plurality of first attribute values; and grouping the first encrypted data with the same first attribute value into the same group to obtain the plurality of first packets.
In another embodiment, the encrypted data packet unit 620 is specifically configured to: determining a plurality of first values of each piece of first encrypted data in a plurality of preset data bits to form a first value sequence as a corresponding first attribute value; and grouping the first encrypted data with the same first attribute value into the same group to obtain the plurality of first packets.
In one embodiment, the apparatus further includes a target data determining unit 650 configured to determine, based on the mapping relationship between the plurality of pieces of first encrypted data and the plurality of pieces of first object data, a plurality of pieces of target object data corresponding to the plurality of pieces of target encrypted data.
In another embodiment, the apparatus further includes a data sending unit configured to send the target encrypted data to the second party, so that the second party determines target object data corresponding to the target encrypted data based on a mapping relationship between the second encrypted data and the second object data.
Fig. 7 is a block diagram of an apparatus for collaboratively determining target object data between two parties including a first party and a second party, the apparatus being integrated with the first party, according to another embodiment. As shown in fig. 7, the apparatus 700 includes:
a first encryption unit 710 configured to encrypt a plurality of pieces of first object data stored locally with a first private key to obtain a plurality of pieces of first single encrypted data; a first receiving unit 720, configured to receive a plurality of pieces of first double-encrypted data from the second party, where the plurality of pieces of first double-encrypted data are obtained by encrypting the plurality of pieces of first single-encrypted data by using a second private key by the second party; a second receiving unit 730 configured to receive, from the second party, a plurality of pieces of second single encrypted data obtained by the second party encrypting a plurality of pieces of second object data stored locally with the second private key; the second encryption unit 740 is configured to encrypt the plurality of pieces of second single-encrypted data by using the first private key to obtain a plurality of pieces of second double-encrypted data; a first grouping unit 750 configured to group the plurality of pieces of first double-encrypted data so that first double-encrypted data having the same attribute value for a predetermined attribute are grouped into the same group, thereby obtaining a plurality of first groups and a corresponding plurality of first attribute values; a second grouping unit 760 configured to group the plurality of pieces of second double-encrypted data such that the second double-encrypted data having the same attribute value for the predetermined attribute are grouped into the same group, thereby obtaining a plurality of second groups and a corresponding plurality of second attribute values; the data matching unit 770 is configured to perform double-encryption data matching on the first packet and the second packet having the same attribute value, so as to obtain several successfully matched target double-encryption data, which are used to determine corresponding several target object data.
In one embodiment, the first grouping unit 750 is specifically configured to: performing modulus operation on the first double encrypted data respectively based on a preset divisor to obtain a plurality of first operation values as a plurality of first attribute values; and grouping the first double-encrypted data with the same first attribute value into the same group to obtain the plurality of first packets. The second packet unit 760 is specifically configured to: performing modulus operation on the second double-encrypted data respectively based on a preset divisor to obtain a plurality of second operation values serving as a plurality of second attribute values; and grouping second double-encrypted data with the same second attribute value into the same group to obtain a plurality of second packets.
In one embodiment, the first grouping unit 750 is specifically configured to: determining a plurality of first values of each piece of first double-encrypted data in a plurality of preset data bits to form a first value sequence as a corresponding first attribute value; and grouping the first encrypted data with the same first attribute value into the same group to obtain the plurality of first packets. The second packet unit 750 is specifically configured to: determining a plurality of second numerical values of each piece of second double-encrypted data in a plurality of preset data bits to form a second numerical value sequence as a corresponding second attribute value; and grouping the second encrypted data with the same second attribute value into the same group to obtain a plurality of second packets.
In one embodiment, the apparatus further comprises: the target encrypted data sending unit is configured to send the target double encrypted data to the second party so that the second party decrypts the target double encrypted data by using a second public key corresponding to the second private key to obtain first single encrypted data; a single encrypted data receiving unit configured to receive the number of first single encrypted data from the second party; and the target object data determining unit is configured to determine a plurality of target object data corresponding to the plurality of first single encrypted data.
According to an embodiment of another aspect, there is also provided a computer-readable storage medium having stored thereon a computer program which, when executed in a computer, causes the computer to perform the method described in connection with fig. 2 or fig. 3 or fig. 4.
According to an embodiment of yet another aspect, there is also provided a computing device comprising a memory having stored therein executable code, and a processor that, when executing the executable code, implements the method described in connection with fig. 2 or fig. 3 or fig. 4.
Those skilled in the art will recognize that, in one or more of the examples described above, the functions described in this invention may be implemented in hardware, software, firmware, or any combination thereof. When implemented in software, the functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium.
The above-mentioned embodiments, objects, technical solutions and advantages of the present invention are further described in detail, it should be understood that the above-mentioned embodiments are only exemplary embodiments of the present invention, and are not intended to limit the scope of the present invention, and any modifications, equivalent substitutions, improvements and the like made on the basis of the technical solutions of the present invention should be included in the scope of the present invention.
Claims (16)
1. A method for cooperatively determining target object data by two parties for protecting privacy, wherein the two parties comprise a first party and a second party, and the method is applied to the first party and comprises the following steps:
encrypting the locally stored first object data by using an irreversible encryption algorithm to obtain first encrypted data;
grouping the first encrypted data to enable the first encrypted data with the same attribute value aiming at the preset attribute to be classified into the same group, and obtaining a plurality of first groups and a plurality of corresponding first attribute values;
receiving a plurality of second packets and a corresponding plurality of second attribute values from the second party, which are determined based on a plurality of second pieces of object data stored locally by the second party;
and carrying out encryption data matching on the first grouping and the second grouping with the same attribute value to obtain a plurality of successfully matched target encryption data, wherein the successfully matched target encryption data is used for determining a plurality of corresponding target object data.
2. The method of claim 1, wherein the packet processing of the plurality of pieces of first encrypted data includes:
performing modulus operation on the first encrypted data respectively based on a preset divisor to obtain a plurality of first operation values as a plurality of first attribute values;
and grouping the first encrypted data with the same first attribute value into the same group to obtain the plurality of first packets.
3. The method of claim 1, wherein the packet processing of the plurality of pieces of first encrypted data includes:
determining a plurality of first values of each piece of first encrypted data in a plurality of preset data bits to form a first value sequence as a corresponding first attribute value;
and grouping the first encrypted data with the same first attribute value into the same group to obtain the plurality of first packets.
4. The method of claim 1, wherein after obtaining a number of target encrypted data successfully matched, the method further comprises:
and determining a plurality of target object data corresponding to the plurality of target encrypted data based on the mapping relation between the plurality of pieces of first encrypted data and the plurality of pieces of first object data.
5. The method of claim 1, wherein after obtaining a number of target encrypted data successfully matched, the method further comprises:
and sending the target encrypted data to the second party so that the second party determines target object data corresponding to the target encrypted data based on the mapping relation between the second encrypted data and the second object data.
6. A method for cooperatively determining target object data by two parties for protecting privacy, wherein the two parties comprise a first party and a second party, and the method is applied to the first party and comprises the following steps:
encrypting a plurality of pieces of first object data stored locally by using a first private key to obtain a plurality of pieces of first single encrypted data; receiving a plurality of pieces of first double-encrypted data from the second party, wherein the plurality of pieces of first double-encrypted data are obtained by encrypting the plurality of pieces of first single-encrypted data by using a second private key by the second party;
receiving a plurality of pieces of second single encrypted data, which is obtained by encrypting a plurality of pieces of second object data stored locally by the second party by using the second private key, from the second party; encrypting the second single encrypted data by using the first private key to obtain second double encrypted data;
grouping the first double-encrypted data to enable the first double-encrypted data with the same attribute value aiming at the preset attribute to be classified into the same group, and obtaining a plurality of first groups and a plurality of corresponding first attribute values;
grouping the second double-encrypted data to enable the second double-encrypted data with the same attribute value aiming at the preset attribute to be classified into the same group, and accordingly obtaining a plurality of second groups and a plurality of corresponding second attribute values;
and performing double-encryption data matching on the first packet and the second packet with the same attribute value to obtain a plurality of successfully matched target double-encryption data, which are used for determining a plurality of corresponding target object data.
7. The method of claim 6, wherein the packet processing the first plurality of pieces of double encrypted data comprises:
performing modulus operation on the first double encrypted data respectively based on a preset divisor to obtain a plurality of first operation values as a plurality of first attribute values;
and grouping the first double-encrypted data with the same first attribute value into the same group to obtain the plurality of first packets.
8. The method of claim 6, wherein the packet processing the first plurality of pieces of double encrypted data comprises:
determining a plurality of first values of each piece of first double-encrypted data in a plurality of preset data bits to form a first value sequence as a corresponding first attribute value;
and grouping the first double-encrypted data with the same first attribute value into the same group to obtain the plurality of first packets.
9. The method of claim 6, wherein after obtaining a number of target dual encrypted data that are successfully matched, the method further comprises:
sending the target double-encrypted data to the second party so that the second party decrypts the target double-encrypted data by using a second public key corresponding to the second private key to obtain first single-encrypted data;
receiving the number of first single encrypted data from the second party;
and determining a plurality of target object data corresponding to the plurality of first single encrypted data.
10. A method of privacy preserving multi-party collaborative determination of target object data, the multiple parties including a first data party and a second data party, the method comprising:
a first data side encrypts a plurality of pieces of first object data stored locally by adopting a preset encryption mode to obtain a plurality of pieces of first encrypted data;
a first appointed party in the multiple parties carries out grouping processing on the multiple pieces of first encrypted data in a preset grouping mode, so that the first encrypted data with the same attribute value aiming at the preset attribute are classified into the same group, and multiple first groups and corresponding multiple first attribute values are obtained;
the second data side encrypts a plurality of pieces of second object data stored locally by adopting the preset encryption mode to obtain a plurality of pieces of second encrypted data;
a second assignor in the multiple parties performs grouping processing on the multiple pieces of second encrypted data in the predetermined grouping manner, so that the second encrypted data with the same attribute value aiming at the predetermined attribute are classified into the same group, and multiple second groups and corresponding multiple second attribute values are obtained;
and a third appointed party in the multiple parties performs encrypted data matching on the first packet and the second packet with the same attribute value to obtain a plurality of successfully matched target encrypted data for determining a plurality of target object data.
11. The method of claim 10, wherein the plurality of parties further includes a neutral server, at least one of the first designated party, the second designated party, and the third designated party being the neutral server.
12. An apparatus for determining target object data in cooperation with privacy-preserving parties, the parties including a first party and a second party, the apparatus being applied to the first party, comprising:
an object data encryption unit configured to encrypt a plurality of pieces of locally stored first object data using an irreversible encryption algorithm to obtain a plurality of pieces of first encrypted data;
an encrypted data grouping unit configured to perform grouping processing on the plurality of pieces of first encrypted data so that the first encrypted data having the same attribute value for a predetermined attribute are grouped into the same group, thereby obtaining a plurality of first groups and a corresponding plurality of first attribute values;
a second party data receiving unit configured to receive, from the second party, a plurality of second packets and a corresponding plurality of second attribute values, which are determined based on a plurality of pieces of second object data locally stored by the second party;
and the two-party data matching unit is configured to perform encryption data matching on the first packet and the second packet with the same attribute value to obtain a plurality of successfully matched target encryption data, and the successfully matched target encryption data is used for determining a plurality of corresponding target object data.
13. An apparatus for cooperatively determining target object data between two parties for privacy protection, the two parties including a first party and a second party, the apparatus being integrated with the first party, comprising:
the first encryption unit is configured to encrypt a plurality of pieces of first object data stored locally by using a first private key to obtain a plurality of pieces of first single encrypted data;
a first receiving unit configured to receive a plurality of pieces of first double-encrypted data from the second party, the plurality of pieces of first double-encrypted data being obtained by the second party encrypting the plurality of pieces of first single-encrypted data with a second private key;
a second receiving unit configured to receive, from the second party, a plurality of pieces of second single encrypted data obtained by the second party encrypting a plurality of pieces of second object data stored locally with the second private key;
the second encryption unit is configured to encrypt the second single encrypted data by using the first private key to obtain second double encrypted data;
a first grouping unit configured to perform grouping processing on the plurality of pieces of first double-encrypted data so that first double-encrypted data having the same attribute value for a predetermined attribute are grouped into the same group, thereby obtaining a plurality of first groups and a corresponding plurality of first attribute values;
a second grouping unit configured to perform grouping processing on the plurality of pieces of second double-encrypted data so that the plurality of pieces of second double-encrypted data having the same attribute value for the predetermined attribute are grouped into the same group, thereby obtaining a plurality of second groupings and a corresponding plurality of second attribute values;
and the data matching unit is configured to perform double-encryption data matching on the first packet and the second packet with the same attribute value to obtain a plurality of successfully matched target double-encryption data, and the successfully matched target double-encryption data is used for determining a plurality of corresponding target object data.
14. A privacy preserving system for collaborative determination of target object data by multiple parties, the multiple parties including a first data party and a second data party, the system comprising:
the first data side is used for encrypting a plurality of pieces of first object data stored locally by adopting a preset encryption mode to obtain a plurality of pieces of first encrypted data;
a first designated party in the multiple parties is used for grouping the multiple pieces of first encrypted data in a predetermined grouping mode, so that the first encrypted data with the same attribute value aiming at the predetermined attribute are grouped into the same group, and multiple first groups and corresponding multiple first attribute values are obtained;
the second data side is used for encrypting the plurality of pieces of second object data stored locally by adopting the preset encryption mode to obtain a plurality of pieces of second encrypted data;
a second designated party in the plurality of parties is configured to perform grouping processing on the plurality of pieces of second encrypted data in the predetermined grouping manner, so that the plurality of pieces of second encrypted data having the same attribute value for the predetermined attribute are grouped into the same group, thereby obtaining a plurality of second groups and a plurality of corresponding second attribute values;
and the third appointed party in the multiple parties is used for carrying out encrypted data matching on the first packet and the second packet with the same attribute value to obtain a plurality of successfully matched target encrypted data and determining a plurality of target object data.
15. A computer-readable storage medium, on which a computer program is stored which, when executed in a computer, causes the computer to carry out the method of any one of claims 1-11.
16. A computing device comprising a memory and a processor, wherein the memory has stored therein executable code that when executed by the processor implements the method of any of claims 1-11.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110189529.2A CN112836239A (en) | 2021-02-19 | 2021-02-19 | Method and device for cooperatively determining target object data by two parties for protecting privacy |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110189529.2A CN112836239A (en) | 2021-02-19 | 2021-02-19 | Method and device for cooperatively determining target object data by two parties for protecting privacy |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112836239A true CN112836239A (en) | 2021-05-25 |
Family
ID=75933834
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110189529.2A Pending CN112836239A (en) | 2021-02-19 | 2021-02-19 | Method and device for cooperatively determining target object data by two parties for protecting privacy |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112836239A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116049909A (en) * | 2023-01-28 | 2023-05-02 | 腾讯科技(深圳)有限公司 | Feature screening method, device, equipment and storage medium in federal feature engineering |
Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101901248A (en) * | 2010-04-07 | 2010-12-01 | 北京星网锐捷网络技术有限公司 | Method and device for creating and updating Bloom filter and searching elements |
| CN103095453A (en) * | 2011-07-08 | 2013-05-08 | Sap股份公司 | Public-key Encrypted Bloom Filters With Applications To Private Set Intersection |
| CN106776965A (en) * | 2016-12-05 | 2017-05-31 | 东软集团股份有限公司 | The group technology and device of feature set of strings |
| CN107451204A (en) * | 2017-07-10 | 2017-12-08 | 阿里巴巴集团控股有限公司 | A kind of data query method, apparatus and equipment |
| US20180052904A1 (en) * | 2016-08-18 | 2018-02-22 | International Business Machines Corporation | Matching a first collection of strings with a second collection of strings |
| CN110399741A (en) * | 2019-07-29 | 2019-11-01 | 深圳前海微众银行股份有限公司 | Data alignment method, equipment and computer readable storage medium |
| CN110400164A (en) * | 2019-05-13 | 2019-11-01 | 腾讯科技(北京)有限公司 | Data determination method and device, storage medium and electronic device |
| CN110457945A (en) * | 2019-08-01 | 2019-11-15 | 卫盈联信息技术(深圳)有限公司 | Method, inquiry method, apparatus, service method, apparatus and the storage medium of list inquiry |
| CN110727960A (en) * | 2019-10-16 | 2020-01-24 | 卓尔智联(武汉)研究院有限公司 | Data intersection solving device and method based on privacy protection and readable storage medium |
| CN110851869A (en) * | 2019-11-14 | 2020-02-28 | 深圳前海微众银行股份有限公司 | Sensitive information processing method and device and readable storage medium |
| CN111159730A (en) * | 2019-12-13 | 2020-05-15 | 支付宝(杭州)信息技术有限公司 | Data processing method, query method, device, electronic equipment and system |
| CN111555880A (en) * | 2019-02-12 | 2020-08-18 | 北京京东尚科信息技术有限公司 | Data collision method and device, storage medium and electronic equipment |
| CN111680062A (en) * | 2020-05-15 | 2020-09-18 | 江西师范大学 | Safe multi-target data object query method and storage medium |
| CN112073196A (en) * | 2020-11-10 | 2020-12-11 | 腾讯科技(深圳)有限公司 | Service data processing method and device, electronic equipment and storage medium |
-
2021
- 2021-02-19 CN CN202110189529.2A patent/CN112836239A/en active Pending
Patent Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101901248A (en) * | 2010-04-07 | 2010-12-01 | 北京星网锐捷网络技术有限公司 | Method and device for creating and updating Bloom filter and searching elements |
| CN103095453A (en) * | 2011-07-08 | 2013-05-08 | Sap股份公司 | Public-key Encrypted Bloom Filters With Applications To Private Set Intersection |
| US20180052904A1 (en) * | 2016-08-18 | 2018-02-22 | International Business Machines Corporation | Matching a first collection of strings with a second collection of strings |
| CN106776965A (en) * | 2016-12-05 | 2017-05-31 | 东软集团股份有限公司 | The group technology and device of feature set of strings |
| CN107451204A (en) * | 2017-07-10 | 2017-12-08 | 阿里巴巴集团控股有限公司 | A kind of data query method, apparatus and equipment |
| CN111555880A (en) * | 2019-02-12 | 2020-08-18 | 北京京东尚科信息技术有限公司 | Data collision method and device, storage medium and electronic equipment |
| CN110400164A (en) * | 2019-05-13 | 2019-11-01 | 腾讯科技(北京)有限公司 | Data determination method and device, storage medium and electronic device |
| CN110399741A (en) * | 2019-07-29 | 2019-11-01 | 深圳前海微众银行股份有限公司 | Data alignment method, equipment and computer readable storage medium |
| CN110457945A (en) * | 2019-08-01 | 2019-11-15 | 卫盈联信息技术(深圳)有限公司 | Method, inquiry method, apparatus, service method, apparatus and the storage medium of list inquiry |
| CN110727960A (en) * | 2019-10-16 | 2020-01-24 | 卓尔智联(武汉)研究院有限公司 | Data intersection solving device and method based on privacy protection and readable storage medium |
| CN110851869A (en) * | 2019-11-14 | 2020-02-28 | 深圳前海微众银行股份有限公司 | Sensitive information processing method and device and readable storage medium |
| CN111159730A (en) * | 2019-12-13 | 2020-05-15 | 支付宝(杭州)信息技术有限公司 | Data processing method, query method, device, electronic equipment and system |
| CN111680062A (en) * | 2020-05-15 | 2020-09-18 | 江西师范大学 | Safe multi-target data object query method and storage medium |
| CN112073196A (en) * | 2020-11-10 | 2020-12-11 | 腾讯科技(深圳)有限公司 | Service data processing method and device, electronic equipment and storage medium |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116049909A (en) * | 2023-01-28 | 2023-05-02 | 腾讯科技(深圳)有限公司 | Feature screening method, device, equipment and storage medium in federal feature engineering |
| CN116049909B (en) * | 2023-01-28 | 2023-06-27 | 腾讯科技(深圳)有限公司 | Feature screening method, device, equipment and storage medium in federal feature engineering |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10951392B2 (en) | Fast format-preserving encryption for variable length data | |
| US9917820B1 (en) | Secure information sharing | |
| CN114175572B (en) | System and method for performing equal and less operations on encrypted data using a quasi-group operation | |
| CN110689349A (en) | Transaction hash value storage and search method and device in block chain | |
| CN113343305A (en) | Intersection calculation method, device and equipment of private data and storage medium | |
| CN111555880B (en) | Data collision method and device, storage medium and electronic equipment | |
| US10929402B1 (en) | Secure join protocol in encrypted databases | |
| US7894608B2 (en) | Secure approach to send data from one system to another | |
| CN114443718B (en) | Data query method and system | |
| CN110611568B (en) | Dynamic encryption and decryption method, device and equipment based on multiple encryption and decryption algorithms | |
| CN111241596B (en) | Block chain asset account recovery method and device | |
| CN115021913B (en) | Method, system and storage medium for generating key of industrial Internet identification analysis system | |
| CN111192050A (en) | Digital asset private key storage and extraction method and device | |
| CN114039785A (en) | Data encryption, decryption and processing method, device, equipment and storage medium | |
| CN117155615A (en) | Data encryption transmission method, system, electronic equipment and storage medium | |
| CN112836239A (en) | Method and device for cooperatively determining target object data by two parties for protecting privacy | |
| CN114500006B (en) | Query request processing method and device | |
| CN116094708A (en) | Privacy protection method, terminal and storage medium of DBSCAN algorithm | |
| CN113411347B (en) | Transaction message processing method and processing device | |
| WO2022110716A1 (en) | Cold start recommendation method and apparatus, computer device and storage medium | |
| Al-Attab et al. | Lightweight effective encryption algorithm for securing data in cloud computing | |
| CN114691759B (en) | Data query statistical method, device, computer equipment and storage medium | |
| CN116595562B (en) | Data processing method and electronic equipment | |
| CN114978658B (en) | Data processing method and device | |
| US20240340178A1 (en) | Secure computation and communication |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210525 |