CN113079137A

CN113079137A - Multi-party privacy intersection method and privacy data processing system

Info

Publication number: CN113079137A
Application number: CN202110302767.XA
Authority: CN
Inventors: 王天雨
Original assignee: Huakong Tsingjiao Information Technology Beijing Co Ltd
Current assignee: Huakong Tsingjiao Information Technology Beijing Co Ltd
Priority date: 2021-03-22
Filing date: 2021-03-22
Publication date: 2021-07-06
Anticipated expiration: 2041-03-22
Also published as: CN113079137B

Abstract

The disclosure provides a multi-party privacy intersection method and a privacy data processing system. The method comprises the following steps: the method comprises the steps that a first service node receives a first secret sharing factor of a secret key of each party in m parties and a privacy data set obtained by each party performing first-layer encryption by using the secret key of each party, and an nth service node receives an nth secret sharing factor of each party in m parties and a privacy data set obtained by each party performing first-layer encryption by using the secret key of each party; the n service nodes cooperate with each other, and for the privacy data set after the first layer encryption of each party, the secret sharing factors of the received keys of the parties except the party in the first layer encryption are utilized to carry out multi-layer encryption to obtain a multi-layer encrypted privacy data set; at least one of the n service nodes calculates an intersection of the multi-layered encrypted private data sets of each party. The present disclosure improves the security of more than two parties' private data set intersection.

Description

Multi-party privacy intersection method and privacy data processing system

Technical Field

The present disclosure relates to the field of secure computing, and in particular, to a multiparty privacy rendezvous method and a privacy data processing system.

Background

The multi-party privacy intersection is a secure computing technology which allows parties holding the privacy data sets to obtain the intersection of the privacy data sets of the parties on the premise of not leaking the privacy data held by the parties.

Two-party privacy traffic seeking is often easy to realize. As shown in fig. 1, there are two parties 101 holding sets of private data, a first party and a second party respectively. The first party has a set of private data x₁,x₂,……，x_nAnd possesses a private key alpha. The second party has a private data set y₁,y₂,……，y_nAnd possesses a private key beta. The first party in step 1a sets x of private data for himself₁,x₂,……，x_nCalculating the abstract, and encrypting by using a private key alpha of the user to obtain a private data set after the first layer of encryption of the user, namely (H (x)₁))^α,……，(H(x_n))^αAnd sending to the second party. The second party in step 1b sets y of private data for himself₁,y₂,……，y_nCalculating the abstract, and encrypting by using a private key beta of the user to obtain a private data set after the first layer of encryption of the user, namely (H (y)₁))^β,……，(H(y_n))^βAnd sent to the first party. In step 2a, the first party has a first layer of encrypted private data set (H (y) that the second party encrypts with the second party's private key β₁))^β,……，(H(y_n))^βOn the basis of the private data, the private data is encrypted by the private key alpha of the first party to obtain a second-layer encrypted private data set ((H (y) of the second party)₁))^β)^α……，((H(y_n))^β)^α. In step 2b, the second party has possession of a first layer of encrypted private data set (H (x) encrypted by the first party with the private key α of the first party₁))^α,……，(H(x_n))^αOn the basis of the private data, the private data is encrypted by a private key beta of the second party to obtain a second-layer encrypted private data set ((H (x) of the first party)₁))^α)^β……，((H(x_n))^α)^βAnd sent back to the first party. At this time, the first party sets ((H (x)) the privacy data of the first party encrypted by the two-party key₁))^α)^β……，((H(x_n))^α)^βAnd a two-party key encrypted private data set of the second party ((H (y)₁))^β)^α……，((H(y_n))^β)^αAnd comparing to obtain a ciphertext intersection of the first party privacy data set and the second party privacy data set, and returning to the first party and the second party. The first party and the second party canAnd decrypting the ciphertext intersection by using the public keys of all parties to obtain a plaintext intersection.

However, for privacy deals with more than two parties, the above method is not applicable because the interaction steps increase explosively as the number of parties increases. For more than two privacy deals, if a third-party platform is used to perform multi-party privacy deals in a unified manner, the third-party platform has the complete private keys of all the parties 101, so that brute force can be broken, and the security is poor.

Disclosure of Invention

It is an object of the present disclosure to improve the security of the intersection of private data sets of more than two parties.

According to one aspect of the disclosure, a multiparty privacy intersection method is provided, and the method is applied to a privacy data processing system, where the privacy data processing system includes n service nodes, n is an integer greater than or equal to 2, and the method includes:

the method comprises the steps that a first service node receives a first secret sharing factor of a secret key of each party in m parties and a privacy data set obtained by each party performing first-layer encryption by using the secret key of each party, an nth service node receives an nth secret sharing factor of each party in m parties and a privacy data set obtained by each party performing first-layer encryption by using the secret key of each party, and m is an integer greater than or equal to 2;

the n service nodes cooperate with each other, and for the privacy data set after the first layer encryption of each party, the secret sharing factors of the received keys of the parties except the party in the first layer encryption are utilized to carry out multi-layer encryption to obtain a multi-layer encrypted privacy data set;

at least one of the n service nodes calculates an intersection of the multi-layered encrypted private data sets of each party.

Optionally, each layer of the multi-layer encryption is encrypted by using an encryption that a key can be split and a ciphertext can be obtained by using a combination of secret sharing factors after the key is split.

Optionally, the performing, by the n service nodes in cooperation with each other, multi-layer encryption on the privacy data set after the first-layer encryption of each party by using the received secret sharing factor of the key of the party other than the party in the first-layer encryption includes:

and a second layer encryption process:

a first service node encrypts a private data set of a first party by using a first secret sharing factor of a second party key to obtain a second layer encryption factor 1 of the first party data;

the nth service node encrypts the private data set of the first party by using the nth secret sharing factor of the secret key of the second party to obtain a second layer encryption factor n of the data of the first party;

multiplying second-layer encryption factors of first-party data of the n service nodes to obtain a second-layer encryption result of the first-party data;

performing subsequent multi-layer encryption operation on an encryption result obtained after the previous layer of encryption by using the secret sharing factor of the m-th party key and the same method of the second layer of encryption process until m-layer encryption is completed;

the above-described process of m-tier encryption is repeated for sets of private data of the m-parties other than the first party.

Optionally, the performing, by each party, the first layer encryption by using the respective key includes:

each party calculates an abstract for the data set of the party;

and carrying out first-layer encryption on the abstract by using the respective keys of the local parties to obtain the data set after the first-layer encryption.

Optionally, after at least one of the n service nodes calculates the intersection of the multi-layered encrypted private data sets, the method further includes: sending the intersection to any of the first party to the mth party.

According to an aspect of the present disclosure, there is also provided a private data processing system including n service nodes, n being an integer greater than or equal to 2, wherein,

a first service node in the n service nodes receives a first secret sharing factor of a secret key of each party in the m parties and a privacy data set obtained by each party through carrying out first-layer encryption by using the secret key of each party, an nth service node receives an nth secret sharing factor of each party in the m parties and a privacy data set obtained by each party through carrying out first-layer encryption by using the secret key of each party, and m is an integer greater than or equal to 2;

and a second layer encryption process:

the above-described process of m-tier encryption is repeated for sets of private data of the m parties other than the first party.

each party calculates an abstract for the data set of the party;

Optionally, after at least one of the n service nodes calculates the intersection of the multi-layered encrypted private data sets, the intersection is sent to m parties.

In the embodiment of the disclosure, n service nodes are provided, each service node only obtains one secret sharing factor of each secret key of m parties, but not a complete secret key, and the received private data set encrypted by the secret keys of the parties cannot be cracked forcibly, so that the security of the private data is ensured. Because each service node has a secret sharing factor of each party key in m parties, the service nodes can cooperate with each other, the different secret sharing factors are used for carrying out multi-layer encryption on the private data set of each party of the m parties, and the effect of the multi-layer encryption is consistent with that of the direct encryption by the party key, so that the final transaction result is not influenced, and the security of the private data is improved on the premise of not influencing the transaction accuracy.

Additional features and advantages of the disclosure will be set forth in the detailed description which follows, or in part will be obvious from the description, or may be learned by practice of the disclosure.

It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.

Drawings

The above and other objects, features and advantages of the present disclosure will become more apparent by describing in detail exemplary embodiments thereof with reference to the attached drawings.

FIG. 1 is a diagram illustrating the intersection of two sets of private data in the prior art;

FIG. 2 illustrates a system architecture diagram for more than two parties' intersection of private data sets in an embodiment of the disclosure;

FIG. 3 illustrates a flow diagram of a multi-party privacy rendezvous method, according to one embodiment of the present disclosure;

FIG. 4 illustrates a hardware block diagram of a service node according to one embodiment of the present disclosure.

Detailed Description

Example embodiments will now be described more fully with reference to the accompanying drawings. Example embodiments may, however, be embodied in many different forms and should not be construed as limited to the examples set forth herein; rather, these example embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of example embodiments to those skilled in the art. The drawings are merely schematic illustrations of the present disclosure and are not necessarily drawn to scale. The same reference numerals in the drawings denote the same or similar parts, and thus their repetitive description will be omitted.

Furthermore, the described features, structures, or characteristics may be combined in any suitable manner in one or more example embodiments. In the following description, numerous specific details are provided to give a thorough understanding of example embodiments of the disclosure. One skilled in the relevant art will recognize, however, that the subject matter of the present disclosure can be practiced without one or more of the specific details, or with other methods, components, steps, and so forth. In other instances, well-known structures, methods, implementations, or operations are not shown or described in detail to avoid obscuring aspects of the disclosure.

Some of the block diagrams shown in the figures are functional entities and do not necessarily correspond to physically or logically separate entities. These functional entities may be implemented in the form of software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor devices and/or microcontroller devices.

FIG. 2 illustrates a system architecture diagram for more than two parties to an intersection of private data sets in an embodiment of the disclosure. Rather than employing a single service node 121 for private data set intersection, it employs a private data processing system 120 that includes multiple service nodes 121. The parties 101 of fig. 2 are node devices that own a set of private data. The private data sets owned by each party are encrypted and reported to the private data processing system 120, and the intersection of the private data sets of each party 101 is expected to be obtained. It may be embodied in the form of a desktop computer, laptop computer, mobile terminal, PDA, car mounted terminal, dedicated terminal, etc., or it may be part of a computer or terminal that performs a separate function (e.g., a virtual machine). Each service node 121 may be embodied as a single server, may be a part of a single server (e.g., a virtual machine), may be embodied as a server cluster, or may be embodied in the form of a cloud.

The private data refers to data that is not desired to be obtained by other node devices, for example, information on network attacks intercepted by a firewall of one unit. Each unit collects information about the security of the network it intercepts during its operation. Once the information is compromised, the device of the unit is more vulnerable to attack, and therefore, the information belongs to private data. However, each entity needs to know which security threats the entities will encounter in common. Therefore, there is a need to deal with private data sets of parties. The embodiment of the disclosure provides a scheme which can not only smoothly obtain the intersection of the private data sets of all parties, but also can not expose the private data of all parties.

The private data processing system 120 is a system that performs arithmetic processing on private data. In the embodiment of the present disclosure, it may include n serving nodes 121, where n is an integer greater than or equal to 2.

As shown in fig. 3, a multi-party privacy negotiation method according to an embodiment of the present disclosure includes:

step 210, a first service node receives a first secret sharing factor of a secret key of each party in m parties and a privacy data set obtained by each party performing first-layer encryption by using the secret key of each party, an nth service node receives an nth secret sharing factor of each party in m parties and a privacy data set obtained by each party performing first-layer encryption by using the secret key of each party, and m is an integer greater than or equal to 2;

step 220, the n service nodes cooperate with each other, and for the privacy data set after the first-layer encryption of each party, multi-layer encryption is performed by using the received secret sharing factors of the keys of the parties other than the party in the first-layer encryption, so that a multi-layer encrypted privacy data set is obtained;

step 330, at least one service node of the n service nodes calculates an intersection of the multi-layer encrypted private data sets of each party.

The above steps are described in detail below.

The m parties in step 210 refer to the owners of the private data sets. These parties are for respective sets of private data and possess respective keys, e.g. private keys. They do not want to expose their own private data, but want to get the intersection of the private data sets of all m parties. Each of the first and

second server nodes

121, 121 … … decomposes its own key into a first secret sharing factor and a second secret sharing factor … …, and the first secret sharing factor and the second secret sharing factor are respectively handed to the first service node 121 and the nth service node 121 for storage. The method of decomposition is generally additive decomposition, and for example, the sum of the first secret sharing factor and the nth secret sharing factor … … may be exactly equal to the own key, or the sum of the first secret sharing factor and the nth secret sharing factor … … may be added with a predetermined constant to equal the own key, and so on. Other ways of decomposition may be devised by those skilled in the art having the benefit of the teachings of this disclosure and are not described in detail.

As shown in fig. 2, assuming that the key of the first party 101 is α, the key is decomposed into a first secret sharing factor α 1 and a second secret sharing factor α 2 … …, and the nth secret sharing factor α n is handed to and stored in the first service node 121 and the nth service node 121 of the second server node 121 … …, respectively. The key of the second party 101 is β, which is decomposed into a first secret sharing factor β 1 and a second secret sharing factor β 2 … … nth secret sharing factor β n, and the key of the mth party 101 is γ which is respectively handed to the first service node 121 and the second server node 121 … … nth service node 121 to store … …, and which is decomposed into a first secret sharing factor γ 1 and a second secret sharing factor γ 2 … … nth secret sharing factor γ n, which are respectively handed to the first service node 121 and the second server node 121 … … nth service node 121 to store.

In step 210, each of the m parties sends the corresponding secret sharing factor to each service node 121, and also sends the private data set to each service node after performing first-layer encryption by using the own key of the party. In one embodiment, the private data set may be first layer encrypted directly with a key. In another embodiment, the digest may be calculated for the set of privacy data, and then the digest may be subjected to a first layer of encryption, so as to obtain a first layer of encrypted set of privacy data. In the latter embodiment, since the speed and cost of the transmission and subsequent processing of the digest are much less than those of the transmission and subsequent processing of the entire private data set, the occupation of resources can be greatly reduced. In addition, the abstract and the private data set have one-to-one correspondence, so that the intersection of the private data sets can be uniquely obtained from the abstract intersection of the finally obtained private data sets of all parties, and the obtaining of the final private data intersection is not influenced.

As shown in fig. 2, it is assumed that the private data sets owned by the first party 101 are x1, …, xn, the private data sets owned by the second party 101 are y1, …, and the private data sets owned by the nth party 101 of yn … … are z1, …, zn …. In this example, the private data sets owned by the parties 101 are all of size n, but those skilled in the art will appreciate that they need not be the same. The above n is merely an example. The first party 101 and the second party 101 … … calculate digests for the respective sets of private data, resulting in: h (x1), …, H (xn); h (y1), …, H (yn); … … H (z1), …, H (zn), and then encrypting the digest with its keys α, β … … γ, respectively, to yield: h (x 1). alpha. …, H (xn) alpha; h (y 1). beta. …, H (yn). beta.; … … H (z 1). sub.g., …, H (zn). sub.g., y, and the like, and then sends the first layer encryption results to the first service node 121 and the second service node 121 …, the nth service node 121. In one embodiment, the encryption is an encryption that can be split by a key and a ciphertext can be obtained by combining secret sharing factors after key splitting, such as DDH (Diffie-Hellman) encryption or ECC (elliptic curve cryptography). In DDH, the key is additively decomposed into the sum of secret sharing factors, and the result of multiplying the ciphertexts obtained by encrypting a plaintext with each secret sharing factor is consistent with the ciphertexts obtained by directly encrypting the plaintext with the key. For example, the secret key γ is decomposed into a sum of a first secret sharing factor γ 1, a second secret sharing factor γ 2 … …, and an nth secret sharing factor γ n. And respectively encrypting a plaintext A by using the first secret sharing factor gamma 1 and the second secret sharing factor gamma 2 … …, wherein the result of multiplying the obtained ciphertexts is consistent with the result of directly encrypting the plaintext A by using the key gamma.

To this end, the first service node 121 receives the first secret sharing factors α 1, β 1 … … γ 1 of the keys of each party 101 in the m parties 101 and the privacy data set H (x1) ^ α, …, H (xn) α after each party 101 performs the first layer encryption with the respective keys; h (y 1). beta. …, H (yn). beta.; … … H (z 1). sub.gamma. …, H (zn). sub.gamma. … … the nth service node 121 receives the nth secret sharing factors alphan, betan … … gammas of each of the m parties and the privacy data sets H (x 1). sub.alpha. …, H (xn). sub.alpha of each party after the first layer encryption with its own key; h (y 1). beta. …, H (yn). beta.; … … H (z 1). gamma., …, H (zn). gamma.

In step 220, the n service nodes 121 cooperate with each other to perform multi-layer encryption on the first-layer encrypted private data set of each party by using the received secret sharing factor of the secret key of the party other than the party in the first-layer encryption, so as to obtain a multi-layer encrypted private data set. The purpose of the multi-layer encryption is to let the private data sets of the parties 101 be encrypted by the secret sharing factor of the key of each party, respectively, so that the final encrypted result is a result encrypted by the keys of the parties 101. The keys of the parties 101 are encrypted, so that the basis of transaction is uniform. The private data sets of each party 101 are encrypted with the keys of all parties 101, and the obtained encryption results can be compared with each other to obtain a ciphertext intersection. Here, since the service node 121 receives the set of privacy data already obtained by the party 101 of the multiple parties 101 performing the first layer encryption using its key, it is only necessary to apply the secret sharing factor of the key of the party 101 other than the party 101 to it to perform the remaining encryption.

In one embodiment, a second layer encryption process is first performed. The second layer encryption process is a process of encrypting the first layer encrypted private data set sent by the party 101 in step 210 by using the secret sharing factor of the key of the party next to the party. If the private data set is sent by the first party 101 after the first layer of encryption, the second layer of encryption process is a process of encrypting with a secret sharing factor of a key of the second party 101.

The second layer encryption process is as follows: the first service node 121 encrypts the private data set H (x1) ^ α, …, H (xn) ^ α of the first party 101 by using the first secret sharing factor β 1 of the second party key β to obtain the second layer encryption factor 1 of the first party data, [ H (x1) ^ α ] ^ β 1, …, [ H (xn) ^ α ] ^ β 1 … … the nth service node 121 encrypts the private data set H (x1) ^ α, …, H (xn) ^ α of the first party 101 by using the nth secret factor β n of the second party key to obtain the second layer encryption factor n of the first party data, [ H (x1) ^ α ] ^ β n, …, [ H (xn) ^ α ] ^ β n. Then, the second layer of encryption factor 1,2 … … n for the first party data for n service nodes 121, namely [ H (x1) ^ α ] ^ β 1, …, [ H (xn) ^ α ] ^ β 1; [ H (x1) ^ alpha ] ^ beta 2, …, [ H (xn) ^ alpha ] ^ beta 2 … … [ H (x1) ^ alpha ] ^ beta n, …, [ H (xn) ^ alpha ] ^ beta n multiply, obtain the second layer of encryption result of the first party's data. [ H (x1) ^ alpha ] ^ beta 1 ^ alpha [ H (x1) ^ alpha ] ^ beta 2 ^ … … [ H (xn) -alpha ] ^ beta n ^ beta ^ n ^ alpha [ H (xn) -alpha ] (beta 1+ beta 2+ beta n) ^ H (x1) ^ alpha ] ^ beta. Thus, it is equivalent to get the result that the private data set H (x1) ^ α, …, H (xn) ^ α of the first party 101 is encrypted with the complete second party's 101 key β. That is, the second layer encryption yields the results [ H (x1) ^ α ] ^ β … … [ H (x n) ^ α ] ^ β obtained after the private data set of the first party 101 is encrypted with the first party key α and the second party key β, respectively. However, each service node 121 does not possess the secret key β, but possesses only one secret sharing factor thereof, and cannot be disassembled, so that the purpose of security of private data is achieved.

The second-level encryption factors 1,2 … … n of the first-party data of the n service nodes 121 may be multiplied by the second-level encryption factors 1,2 … … n both sent to a designated service node 121 (e.g., the first service node 121) and multiplied by the designated service node 121, or may be sequentially transferred according to the index order (first, second … … nth, etc.) of the service node 121 and multiplied by the last service node 121 when transferred to the last service node 121 in the index order.

Next, the third and fourth … … layers of encryption after the second layer of encryption, i.e., the m-layer encryption process, are performed. The m-th encryption process is a process of encrypting the private data set encrypted in the (m-1) -th layer by using a secret sharing factor of the key of the m-th party. This encryption process is completely similar to the second layer encryption process above, and thus is not described in detail. Therefore, the subsequent multi-layer encryption operation can be performed on the encryption result obtained after the (m-1) th layer encryption by using the secret sharing factor of the m-th party key and the same method of the second layer encryption process until the m-layer encryption is completed.

Take m-3, i.e. the third layer encryption as an example. In the second layer of encryption, the private data set of the first party 101 is obtained as a result of being encrypted with the first party key α and the second party key β, respectively [ H (x1) ^ α ] < beta > < … … > < H (xn) < alpha > < beta >. In the third layer of encryption, the first service node 121 encrypts the second layer of encryption result by using the first secret sharing factor γ 1 of the third party key γ to obtain a third layer of encryption factor 1 of the first party data, that is [ [ H (x1) ^ alpha ] ^ beta ] ^ gamma 1 … … [ [ H (xn) ^ alpha ] ^ beta ] ^ gamma 1 … … the nth service node 121 encrypts the second layer encryption result by using the nth secret sharing factor Gamma n of the third party secret key Gamma to obtain the third layer encryption factor n of the first party data, i.e., [ [ H (x1) ^ alpha ] ^ beta ] ^ gamma n … … [ [ H (xn) ^ alpha ] ^ beta ] ^ gamma n … … then, the third layer encryption factor of the first party data for n serving nodes 121, 1,2 … … n, that is [ [ H (x1) ^ alpha ] ^ beta ] ^ gamma 1 … … [ [ H (xn) ^ alpha ] ^ beta ] ^ gamma 1; [ [ H (x1) ^ alpha ] ^ beta ] ^ gamma 2 … … [ [ H (xn) ^ alpha ] ^ beta ] ^ gamma 2; … … [ [ H (x1) ^ alpha ] ^ beta ] ^ gamma n … … [ [ H (xn) ^ alpha ] ^ beta ] ^ gamma n multiplication, obtains the third layer encryption result of the first party data. [ H (x1) ^ alpha ] ^ beta ] ^ gamma 1 [ [ H (x1) ^ alpha ] ^ beta ] ^ gamma 3 [ [ H (x1) ^ alpha ] ^ beta ] ^ gamma 3 [ [ H (x1) ^ alpha ] ^ beta ] ^ (gamma 1+ gamma 2+ gamma 3) [ [ H (x1) ^ alpha ] ^ beta ] ^ gamma. Therefore, it is equivalent to obtain the result of encryption with the key γ of the third party 101 that is complete on the basis of the second layer encryption result.

The data may be transmitted in various ways during the multiplication. In a first delivery manner, the (m-1) -th layer encrypted private data set may be sent to each service node 121, and each service node 121, after being encrypted by using the corresponding secret sharing factor of the mth party key owned by the service node, sends all the encryption results to a specified one of the service nodes 121, such as the first service node 121, and is multiplied by the encryption result. In the second transfer mode, the private data set encrypted at the (m-1) th layer may be sent to the first service node 121 first, the first service node 121, after being encrypted by using the first secret sharing factor of the mth party key owned by the first service node, sends both the pre-encrypted set and the encrypted set to the second service node 121, based on the pre-encrypted set, encrypts by using the second secret sharing factor of the mth party key owned by the second service node 121, multiplies the received encrypted set by the second service node 121, and the second service node 121 transfers the pre-encrypted set and the encrypted set to the next service node 121 until the nth service node 121 completes the multiplication.

The above process only completes the m-layer encryption of the private data set of the first party 101. Similarly, m-layer encryption of private data sets of other parties than the first party can be accomplished in the same process. Then, in step 230, an intersection of the multi-layer encrypted privacy data sets of each party may be calculated by at least one service node 121 of the n service nodes 121, that is, the multi-party privacy intersection is completed. The service node 121 performing step 230 may be all of the plurality of service nodes 121, or may be one or more service nodes 121 of the plurality of service nodes, for example, a service node 121 whose implementation is specified well, or the last service node 121 in the index order in the plurality of service nodes 121. In the first way of delivering the data, since the encrypted results are all sent to a designated service node 121, such as the first service node 121, multiplied by it, the service node 121 can be designated as the service node 121 executing step 230. In the second delivery method of the data, since each service node 121 sequentially delivers its pre-encryption set and post-encryption set to the next service node 121, the last service node 121 in the index order is the service node 121 that obtains the last multiplication result, and thus can be designated as the execution node of step 230.

After obtaining the intersection of the sets of multi-layered encrypted private data of each party 101, the at least one service node 121 may send the intersection to any one of the first party 101 to the mth party 101. In this way, each party 101 can decrypt the ciphertext intersection using the public key of each party 101 to obtain the plaintext intersection of the private data set. Although each party 101 obtains the plaintext intersection of the private data sets of all parties 101, the plaintext intersection of the complete private data set of any party 101 cannot be obtained, and the security of the private data is guaranteed.

According to one embodiment of the present disclosure, each service node 121 may be embodied in the form of a general purpose computing device, as shown in FIG. 4.

Components of serving node 121 may include, but are not limited to: at least one processing unit 810, at least one memory unit 820, and a bus 830 that couples the various system components including the memory unit 820 and the processing unit 810.

Wherein the storage unit stores program code, which can be executed by the processing unit 810, so that the processing unit 810 executes the part of the method in fig. 3, which is responsible for the service node 121. Note that the method in fig. 3 is performed jointly by multiple serving nodes 121, and processing unit 810 performs only the portion for which it is responsible.

The storage unit 820 may include readable media in the form of volatile memory units such as a random access memory unit (RAM)8201 and/or a cache memory unit 8202, and may further include a read only memory unit (ROM) 8203.

The storage unit 820 may also include a program/utility 8204 having a set (at least one) of program modules 8205, such program modules 8205 including, but not limited to: a social operating system, one or more application programs, other program modules, and program data, each of which, or some combination thereof, may comprise an implementation of a network environment.

Bus 830 may be any of several types of bus structures including a memory unit bus or memory unit controller, a peripheral bus, an accelerated graphics port, a processing unit, or a local bus using any of a variety of bus architectures.

The service node 121 may also communicate with one or more external devices 700 (e.g., keyboard, pointing device, bluetooth device, etc.), with one or more devices that enable a user to interact with the service node 121, and/or with any devices (e.g., router, modem, etc.) that enable the service node 121 to communicate with one or more other computing devices. Such communication may occur via an input/output (I/O) interface 650. Also, the service node 121 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN) and/or a public network, such as the Internet) via the network adapter 860. As shown, network adapter 860 communicates with the other modules of the service node 121 via bus 830. It should be appreciated that although not shown, other hardware and/or software modules may be used in conjunction with the service node 121, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.

Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (which may be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to enable a computing device (which may be a personal computer, a server, a terminal device, or a network device, etc.) to execute the method according to the embodiments of the present disclosure.

In an exemplary embodiment of the present disclosure, there is also provided a computer program medium having stored thereon computer readable instructions which, when executed by a processor of a computer, cause the computer to perform the steps or methods described in the above method embodiment section.

According to an embodiment of the present disclosure, there is also provided a program product for implementing the method in the above method embodiment, which may employ a portable compact disc read only memory (CD-ROM) and include program code, and may be run on a terminal device, such as a personal computer. However, the program product of the present invention is not limited in this regard and, in the present document, a readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.

The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.

A computer readable signal medium may include a propagated data signal with readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A readable signal medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.

Program code embodied on a readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.

Program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).

It should be noted that although in the above detailed description several modules or units of the device for action execution are mentioned, such a division is not mandatory. Indeed, the features and functionality of two or more modules or units described above may be embodied in one module or unit, according to embodiments of the present disclosure. Conversely, the features and functions of one module or unit described above may be further divided into embodiments by a plurality of modules or units.

Moreover, although the steps of the methods of the present disclosure are depicted in the drawings in a particular order, this does not require or imply that the steps must be performed in this particular order, or that all of the depicted steps must be performed, to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step execution, and/or one step broken down into multiple step executions, etc.

Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (which may be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to enable a computing device (which may be a personal computer, a server, a mobile terminal, or a network device, etc.) to execute the method according to the embodiments of the present disclosure.

Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This application is intended to cover any variations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.

Claims

1. A multi-party privacy intersection method is applied to a privacy data processing system, the privacy data processing system comprises n service nodes, n is an integer greater than or equal to 2, and the method comprises the following steps:

2. The method according to claim 1, wherein each layer of the multi-layer encryption adopts encryption which can be split by a key and obtained by combining ciphertext with secret sharing factors obtained after key splitting.

3. The method according to claim 1 or 2, wherein the n service nodes cooperate with each other to perform, for the first-layer encrypted private data set of each party, multi-layer encryption using the received secret sharing factor of the keys of the parties other than the party in the first-layer encryption, the method comprising:

and a second layer encryption process:

4. The method of claim 1, wherein the each party performing a first layer of encryption using a respective key comprises:

each party calculates an abstract for the data set of the party;

5. The method of claim 1, wherein after at least one of the n service nodes computes an intersection of the sets of multi-layered encrypted private data, the method further comprises:

sending the intersection to any of the first party to the mth party.

6. A private data processing system comprising n service nodes, n being an integer greater than or equal to 2, wherein,

7. The system according to claim 6, wherein each layer of the multi-layer encryption adopts encryption that a key can be split and a ciphertext can be jointly obtained by using secret sharing factors after the key is split.

8. The system according to claim 6 or 7, wherein the n service nodes cooperate with each other to perform, for the first-layer encrypted private data set of each party, multi-layer encryption using the received secret sharing factor of the keys of the parties other than the party in the first-layer encryption, the method comprising:

and a second layer encryption process:

9. The system of claim 6, wherein the each party performing a first layer of encryption with a respective key comprises:

each party calculates an abstract for the data set of the party;

10. The system of claim 6, wherein after at least one of the n service nodes computes an intersection of the sets of multi-layered encrypted private data, the intersection is sent to m parties.