CN113343283A - Data processing method - Google Patents

Data processing method Download PDF

Info

Publication number
CN113343283A
CN113343283A CN202110873970.2A CN202110873970A CN113343283A CN 113343283 A CN113343283 A CN 113343283A CN 202110873970 A CN202110873970 A CN 202110873970A CN 113343283 A CN113343283 A CN 113343283A
Authority
CN
China
Prior art keywords
data
computing
confusion
computing node
ciphertext
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110873970.2A
Other languages
Chinese (zh)
Other versions
CN113343283B (en
Inventor
李昊轩
严强
王朝阳
廖飞强
李辉忠
张开翔
范瑞彬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
WeBank Co Ltd
Original Assignee
WeBank Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by WeBank Co Ltd filed Critical WeBank Co Ltd
Priority to CN202110873970.2A priority Critical patent/CN113343283B/en
Publication of CN113343283A publication Critical patent/CN113343283A/en
Application granted granted Critical
Publication of CN113343283B publication Critical patent/CN113343283B/en
Priority to PCT/CN2021/131306 priority patent/WO2023005066A1/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Abstract

The embodiment of the invention provides a data processing method which comprises the steps that when a first computing node detects a data computing request, N pieces of first confusion information are generated based on private data of the first computing node, N-1 pieces of first confusion information in the N pieces of first confusion information are respectively sent to N-1 second computing nodes, second confusion information generated by the N-1 second computing nodes is received, a ciphertext fragment used for determining a data computing result is generated according to the first reserved confusion information and the N-1 pieces of second confusion information, and the ciphertext fragment is sent to a data requester. Therefore, the scheme can not only complete the calculation process aiming at the data calculation request on the premise of not revealing the private data of each calculation node, but also complete the generation process aiming at the ciphertext fragment of each calculation node only by performing one round of interaction among the calculation nodes, thereby effectively improving the efficiency of safe multi-party calculation.

Description

Data processing method
Technical Field
The embodiment of the invention relates to the field of financial technology (Fintech), in particular to a data processing method.
Background
With the development of computer technology, more and more technologies are applied in the financial field, and the traditional financial industry is gradually changing to financial technology, but due to the requirements of the financial industry on safety and real-time performance, higher requirements are also put forward on the technologies.
The secure multi-party calculation is a cooperative calculation which is safely completed by the mutual participation of multiple parties under the condition of no trusted third party. That is, in a distributed network, each participant holds its own private data and wants to complete the computation of a certain function together, but each participant is required to not obtain any input information of other participants except the computation result. Based on the characteristics of secure multi-party computing, secure multi-party computing is beginning to be applied to the field of financial technology, so as to provide more convenient service for financial enterprises or clients of financial enterprises.
At present, each participant commonly uses a general secure multiparty computation protocol to jointly compute a function (such as a multiplication function) based on the private data of each participant, and meanwhile, in the process of computing the multiplication function, a plurality of random numbers are used for carrying out a plurality of rounds of interaction to combine and complete the computation flow of multiparty input, so as to obtain the computation result of the multiplication function. However, since this processing method relies on a complex cryptographic protocol, the number of interaction rounds of each participant is large during the operation process, which results in low efficiency of secure multiparty computation in a multiparty input scenario.
In summary, a data processing method is needed to effectively improve the efficiency of secure multiparty computation.
Disclosure of Invention
In a first aspect, an embodiment of the present invention provides a data processing method, which is applicable to a secure multi-party computing system having N computing nodes, where the method includes:
when a first computing node detects a data computing request, generating N pieces of first obfuscated information based on private data of the first computing node, and respectively sending N-1 pieces of first obfuscated information in the N pieces of first obfuscated information to N-1 second computing nodes; the first compute node is any one of the N compute nodes; the second computing node is any one of the N computing nodes except the first computing node;
the first computing node receives second confusion information generated by the N-1 second computing nodes respectively, and generates ciphertext fragments for determining data computing results according to the first reserved confusion information and the N-1 second confusion information; the first retained obfuscation message is a first one of the N first obfuscations except for being sent to N-1 second compute nodes;
the first computing node sends the ciphertext fragment to a data requester; and the data requester is used for determining a data calculation result according to the N ciphertext fragments.
In the above technical solution, since the secure multiparty computation of the existing multiplication function operation depends on a complex cryptographic protocol, the number of interaction rounds of each participant is large in the multiplication function operation process, which results in low efficiency for the multiplication function operation in a multiparty input scene. Based on this, in the technical scheme of the present invention, when the first computing node detects a data computing request, the data computing operation for generating the ciphertext fragment may be started. Namely, N pieces of first obfuscated information are generated based on the private data of the first computing node, and N-1 pieces of first obfuscated information in the N pieces of first obfuscated information are sent to N-1 pieces of second computing nodes respectively. Meanwhile, second confusion information generated by the N-1 second computing nodes is received, and a ciphertext fragment used for determining a data computing result is generated according to the first reserved confusion information and the N-1 second confusion information. And then, the ciphertext fragments are sent to a data requester, so that the data requester can timely and effectively determine a data calculation result according to the N ciphertext fragments. Therefore, the scheme can not only complete the calculation process aiming at the data calculation request on the premise of not revealing the private data of each calculation node so as to ensure the safety of the private data of each calculation node, but also complete the generation process of each calculation node aiming at the ciphertext fragment only by carrying out one round of interaction among the calculation nodes so as to solve the problem that the technical scheme in the prior art needs more interaction rounds of each participant in the calculation process, and can effectively reduce network resources consumed by data interaction of each calculation node in the process of determining the data calculation result, thereby effectively improving the efficiency of safe multi-party calculation.
Optionally, the generating N first obfuscated information based on the private data of the first computing node includes:
the first computing node generates N random numbers which accord with a safe multi-party computing mechanism, and the N random numbers are used as N confusion factors;
for each obfuscation factor, the first computing node generating an offset factor from the obfuscation factor and the first computing node's private data; determining the obfuscation factor and the offset factor as first obfuscated information.
In the above technical scheme, the N random numbers are generated and used for masking the private data of the first computing node, so that the private data of the first computing node is prevented from being leaked, and the security of the private data of the first computing node can be ensured. Meanwhile, the first obfuscated information generated by the scheme can provide support for the subsequent generation of the ciphertext fragments, so that support can be provided for a data requester to determine a data calculation result.
Optionally, the first computing node generates N random numbers compliant with a secure multiparty computing mechanism, including:
the first computing node generates N-1 random numbers by using a random number generation algorithm on an elliptic curve number domain;
the first compute node generates an nth random number based on the N-1 random numbers.
According to the technical scheme, the random number is generated on the elliptic curve number domain by using the random number generation algorithm, and the private data of the first computing node is masked based on the generated random number, so that the private data of the first computing node can be prevented from being leaked, and the security of the private data of the first computing node can be ensured.
Optionally, the generating ciphertext fragments for determining a data calculation result according to the first confusion message and the N-1 second confusion messages includes:
the first computing node determines a first class of sub-ciphertext fragments based on the first retained confusion message and N confusion factors in the N-1 second confusion messages;
the first computing node determines a second class of sub-ciphertext fragments based on the first retained confusion message and the N offset factors in the N-1 second confusion messages;
aiming at any offset factor in the N offset factors, the first computing node determines a third class of sub-ciphertext fragments according to the offset factor and N-1 confusion factors except the confusion factor corresponding to the offset factor;
and the first computing node generates ciphertext fragments for determining data computing results according to the first class of sub-ciphertext fragments, the second class of sub-ciphertext fragments and the third class of sub-ciphertext fragments.
In the technical scheme, the first computing node can obtain the confusion factors and the offset factors of the N-1 second computing nodes through one round of interaction, and the generation of the ciphertext fragments is completed without multiple rounds of interaction. Then, based on the confusion factor and the offset factor which are kept locally and the confusion factor and the offset factor of the N-1 second computing nodes, the ciphertext fragments for determining the data computing result can be timely and accurately generated. Therefore, the scheme can provide support for the subsequent data requester to determine the data calculation result in time based on the ciphertext fragment, so that the efficiency of safe multiparty calculation can be effectively improved.
Optionally, the first type of sub-ciphertext fragment, the second type of sub-ciphertext fragment, or the third type of sub-ciphertext fragment may be generated by the first computing node according to a number-domain multiplication mechanism on an elliptic curve number domain.
Optionally, the determining, by the first computing node, a first type of sub-ciphertext fragment based on the first retained confusion message and N confusion factors of the N-1 second confusion messages includes:
and the first computing node generates the first class sub-ciphertext fragment by performing number domain multiplication on N confusion factors in the first confusion-retaining message and the N-1 second confusion messages in an elliptic curve number domain.
Optionally, the determining, by the first computing node, a second type of sub-ciphertext fragment based on the first retained confusion message and N offset factors in the N-1 second confusion messages includes:
and the first computing node generates the second class sub-ciphertext fragment by performing number domain multiplication on the number domain of the elliptic curve for the N offset factors in the first confusion-preserving message and the N-1 second confusion messages.
Optionally, for any offset factor of the N offset factors, the determining, by the first computing node, a third type of sub-ciphertext fragment according to the offset factor and N-1 confusion factors other than the confusion factor corresponding to the offset factor includes:
and aiming at any offset factor in the N offset factors, the first computing node performs number domain multiplication operation on the offset factor and N-1 confusion factors except the confusion factor corresponding to the offset factor on an elliptic curve number domain to generate the third class ciphertext sub-fragment.
Optionally, the generating, by the first computing node, a ciphertext fragment for determining a data computation result according to the first type of sub-ciphertext fragment, the second type of sub-ciphertext fragment, and the third type of sub-ciphertext fragment includes:
and the first computing node performs number addition, subtraction and multiplication operations on the first class of sub-ciphertext fragments, the second class of sub-ciphertext fragments and the third class of sub-ciphertext fragments on an elliptic curve number domain to generate ciphertext fragments for determining a data computing result.
In the technical scheme, the first class sub-ciphertext fragment can be determined in time by performing number domain multiplication on N confusion factors in the first confusion-retaining message and the N-1 second confusion messages in an elliptic curve number domain; performing number domain multiplication operation on N offset factors in the first confusion-retaining message and the N-1 second confusion messages on an elliptic curve number domain to determine a second class of sub-ciphertext fragments in time; aiming at any offset factor in the N offset factors, the number domain multiplication operation is carried out on the offset factor and N-1 confusion factors except the confusion factor corresponding to the offset factor on the elliptic curve number domain, so that the third class of sub-ciphertext fragments can be determined in time, the ciphertext fragments used for determining the data calculation result can be determined in time, the support is provided for effectively improving the efficiency of safe multi-party calculation, the safety of the private data of each calculation node can be ensured, and the risk of leakage of the private data of each calculation node is avoided.
In a second aspect, an embodiment of the present invention provides a data processing method, which is applicable to a secure multi-party computing system having N computing nodes, where the method includes:
a data requester generates a data calculation request for acquiring the ciphertext fragment;
the data requester sends the data calculation requests to the N calculation nodes respectively; when a first computing node detects a data computing request, generating N pieces of first obfuscated information based on private data of the first computing node, respectively sending N-1 pieces of first obfuscated information in the N pieces of first obfuscated information to N-1 second computing nodes, and generating ciphertext fragments for determining data computing results according to the first retained obfuscated information and the N-1 pieces of second obfuscated information generated by the N-1 second computing nodes; the first computing node is any one of the N computing nodes, and the second computing node is any one of the N computing nodes except the first computing node;
the data requester receives ciphertext fragments sent by the N computing nodes respectively;
and the data requester determines a data calculation result according to the N ciphertext fragments.
In the above technical solution, each data required for calculating a certain function (such as a multiplication function) is stored in a plurality of computing nodes, but the plurality of computing nodes do not leak their respective private data to the data requestor, and only send the masked private data (i.e., ciphertext fragments) to the data requestor, so that the data requestor needs to generate a data calculation request for obtaining the ciphertext fragments when needing to calculate the multiplication function, and send the data calculation request to the plurality of computing nodes, so that any computing node in the plurality of computing nodes can start a data operation for generating the ciphertext fragments when detecting the data request. That is, the first computing node generates N pieces of first obfuscated information based on the private data of the first computing node, and sends N-1 pieces of first obfuscated information in the N pieces of first obfuscated information to N-1 pieces of second computing nodes respectively. Meanwhile, second confusion information generated by the N-1 second computing nodes is received, and a ciphertext fragment used for determining a data computing result is generated according to the first reserved confusion information and the N-1 second confusion information. And then, the ciphertext fragments are sent to a data requester, so that the data requester can timely and effectively determine a data calculation result according to the N ciphertext fragments. Therefore, the scheme can not only complete the calculation process aiming at the data calculation request on the premise of not revealing the private data of each calculation node so as to ensure the safety of the private data of each calculation node, but also can complete the generation process aiming at the ciphertext fragment of each calculation node only by one round of interaction among the calculation nodes, thereby effectively improving the efficiency of safe multi-party calculation.
Optionally, the determining, by the data requestor, a data calculation result according to the N ciphertext fragments includes:
the data requester performs a number addition operation on the N ciphertext fragments on an elliptic curve number domain to obtain a data result after the number addition operation;
and determining the ratio of the data result after the number addition operation to N as the data calculation result.
In the technical scheme, the data calculation result can be accurately calculated by performing the number addition operation on the N ciphertext fragments on the elliptic curve number domain to obtain the data result after the number addition operation, and performing the division operation on the data result after the number addition operation and N.
In a third aspect, an embodiment of the present invention provides a data processing apparatus, which is suitable for a secure multi-party computing system having N computing nodes, and the apparatus includes:
the data processing device comprises a first generating unit, a second generating unit and a processing unit, wherein the first generating unit is used for generating N pieces of first obfuscated information based on private data of a first computing node when a data computing request is detected, and respectively sending N-1 pieces of first obfuscated information in the N pieces of first obfuscated information to N-1 second computing nodes; the first compute node is any one of the N compute nodes; the second computing node is any one of the N computing nodes except the first computing node;
the first processing unit is used for receiving second confusion information generated by the N-1 second computing nodes respectively, and generating ciphertext fragments for determining data computing results according to the first reserved confusion information and the N-1 second confusion information; the first retained obfuscation message is a first one of the N first obfuscations except for being sent to N-1 second compute nodes; sending the ciphertext fragments to a data requester; and the data requester is used for determining a data calculation result according to the N ciphertext fragments.
Optionally, the first generating unit is specifically configured to:
generating N random numbers which accord with a safe multi-party computing mechanism, and taking the N random numbers as N confusion factors;
for each obfuscation factor, generating an offset factor from the obfuscation factor and the private data of the first compute node; determining the obfuscation factor and the offset factor as first obfuscated information.
Optionally, the first generating unit is specifically configured to:
generating N-1 random numbers by using a random number generation algorithm on an elliptic curve number domain;
generating an Nth random number based on the N-1 random numbers.
Optionally, the first processing unit is specifically configured to:
determining a first class of sub-ciphertext fragments based on the first retained confusion message and N confusion factors in the N-1 second confusion messages;
determining a second class of sub-ciphertext fragments based on the first retained obfuscated message and N offset factors in the N-1 second obfuscated messages;
aiming at any offset factor in the N offset factors, determining a third class of sub-ciphertext fragments according to the offset factor and N-1 confusion factors except the confusion factor corresponding to the offset factor;
and generating ciphertext fragments for determining data calculation results according to the first type of sub-ciphertext fragments, the second type of sub-ciphertext fragments and the third type of sub-ciphertext fragments.
Optionally, the first class of sub-ciphertext fragment, the second class of sub-ciphertext fragment, and the third class of sub-ciphertext fragment are all determined by the first computing node through performing a number-domain multiplication operation on an elliptic curve number domain.
Optionally, the first processing unit is specifically configured to:
and generating the first class sub-ciphertext fragment by performing number-domain multiplication on the number domain of the elliptic curve on the N confusion factors in the first confusion-retaining message and the N-1 second confusion messages.
Optionally, the first processing unit is specifically configured to:
and generating the second class of sub-ciphertext fragments by performing number-domain multiplication on the first confusion-preserving message and the N offset factors in the N-1 second confusion messages in an elliptic curve number domain.
Optionally, the first processing unit is specifically configured to:
and aiming at any offset factor in the N offset factors, performing number domain multiplication operation on the offset factor and N-1 confusion factors except the confusion factor corresponding to the offset factor on an elliptic curve number domain to generate the third class ciphertext sub-fragment.
Optionally, the first processing unit is specifically configured to:
and performing number addition, subtraction and multiplication operations on the first class of sub-ciphertext fragments, the second class of sub-ciphertext fragments and the third class of sub-ciphertext fragments on an elliptic curve number domain to generate ciphertext fragments for determining a data calculation result.
In a fourth aspect, an embodiment of the present invention provides a data processing apparatus, which is suitable for a secure multi-party computing system having N computing nodes, and the apparatus includes:
the second generation unit is used for generating a data calculation request for acquiring the ciphertext fragment;
the second processing unit is used for respectively sending the data calculation requests to the N calculation nodes; when a first computing node detects a data computing request, generating N pieces of first obfuscated information based on private data of the first computing node, respectively sending N-1 pieces of first obfuscated information in the N pieces of first obfuscated information to N-1 second computing nodes, and generating ciphertext fragments for determining data computing results according to the first retained obfuscated information and the N-1 pieces of second obfuscated information generated by the N-1 second computing nodes; the first computing node is any one of the N computing nodes, and the second computing node is any one of the N computing nodes except the first computing node; receiving ciphertext fragments sent by the N computing nodes respectively; and determining a data calculation result according to the N ciphertext fragments.
Optionally, the second processing unit is specifically configured to:
performing number addition operation on the N ciphertext fragments on an elliptic curve number domain to obtain a data result after the number addition operation;
and the data requester determines the ratio of the data result after the number addition operation to N as the data calculation result.
In a fifth aspect, an embodiment of the present invention provides a computing device, including at least one processor and at least one memory, where the memory stores a computer program, and when the program is executed by the processor, the processor is caused to execute the data processing method according to any of the first or second aspects.
In a sixth aspect, an embodiment of the present invention provides a computer-readable storage medium, which stores a computer program executable by a computing device, and when the program runs on the computing device, the computer program causes the computing device to execute the data processing method according to any of the first aspect or the second aspect.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
FIG. 1 is a diagram of a secure multi-party computing system architecture according to an embodiment of the present invention;
fig. 2 is a schematic flow chart of a data processing method according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of a data processing apparatus according to an embodiment of the present invention;
FIG. 4 is a schematic structural diagram of another data processing apparatus according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of a computing device according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the present invention will be described in further detail with reference to the accompanying drawings, and it is apparent that the described embodiments are only a part of the embodiments of the present invention, not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
To facilitate understanding of the embodiments of the present invention, a secure multi-party computing system architecture suitable for the embodiments of the present invention is first described by taking the system architecture shown in fig. 1 as an example. As shown in FIG. 1, the secure multi-party computing system architecture may be a client 100 and a secure multi-party computing distribution system 200. Therein, secure multi-party computing distributed system 200 may comprise at least one computing node, such as computing node 201, computing node 202, computing node 203, and the like. The client 100 and the at least one computing node may be communicatively connected in a wired manner, or may be communicatively connected in a wireless manner, which is not limited in the embodiment of the present invention.
When a data requester needs to perform computation for a certain function, a data computation request may be generated by the client 100 on the terminal device, and the data computation request is sent to each computation node in the secure multiparty computation distributed system 200. When detecting the data computation request, any computing node in the secure multiparty computation distributed system 200 may start a ciphertext fragment generation process for the data computation request, for example, taking the computing node 201 as an example, after detecting the data computation request, the computing node 201 may start a ciphertext fragment generation process for the data computation request. After each computing node in the secure multiparty computing distributed system 200 generates its own ciphertext fragment, it will send its own ciphertext fragment to the data requestor, so that the data requestor can calculate the data computation result based on the ciphertext fragment generated by each computing node. The terminal device may include, but is not limited to, a smart phone, a tablet computer, a notebook computer, a desktop computer, a vehicle-mounted terminal, and the like.
It should be noted that the structure shown in fig. 1 is only an example, and the embodiment of the present invention is not limited thereto.
Based on the above description, fig. 2 exemplarily shows a flow of a data processing method provided by an embodiment of the present invention, and the flow can be executed by a data processing apparatus. The data processing method in the embodiment of the invention is suitable for a safe multi-party computing system with N computing nodes.
As shown in fig. 2, the process specifically includes:
in step 201, a data requester generates a data calculation request for obtaining the ciphertext fragment.
Step 202, the data requesting party sends the data calculation request to the N calculation nodes respectively.
In the above step 201 and step 202, each data required for calculating a certain function is distributed in a plurality of computing nodes, but the plurality of computing nodes do not leak respective private data to the data requester, so that the data requester needs to generate a data calculation request for obtaining a ciphertext fragment and send the data calculation request to the plurality of computing nodes when the multiplication function needs to be calculated. The data requesting party may be any one of the N computing nodes, or may be a service node independent from the N computing nodes. Exemplarily, assuming that there are3 computing nodes, namely, computing node a, computing node B, and computing node C, taking computing node a as a data requester as an example, when a user of computing node a needs to compute a certain function (such as a multiplication function), it needs to generate a data computation request for obtaining a ciphertext fragment determining a data computation result through a client on a terminal device, and then send the data computation request to computing node a, computing node B, and computing node C through the client, respectively; or, the user of the computing node a directly generates a data computing request for obtaining the ciphertext fragment of the determined data computing result through a service interface provided by the computing node a, and sends the data computing request to the computing node a, the computing node B and the computing node C through the service interface. Or, assuming that there are3 computing nodes, that is, a computing node a, a computing node B, and a computing node C, taking a service node independent from the three computing nodes as a data requester, for example, when a user of the service node needs to compute a certain function, the user needs to generate a data computation request for obtaining a ciphertext fragment of a determined data computation result through a service interface provided by the service node (or through a client corresponding to the service node), and then send the data computation request to the service node through the service interface (or through the client corresponding to the service node), where the service node sends the data computation request to the computing node a, the computing node B, and the computing node C, respectively.
Step 203, when the first computing node detects a data computing request, generating N pieces of first obfuscated information based on the private data of the first computing node, and sending N-1 pieces of first obfuscated information in the N pieces of first obfuscated information to N-1 pieces of second computing nodes, respectively.
In the embodiment of the invention, when a first computing node detects a data computing request, N random numbers conforming to a safe multi-party computing mechanism are generated, and the N random numbers are used as N confusion factors. And aiming at each confusion factor, generating a deviation factor according to the confusion factor and the privacy data of the first computing node, determining the confusion factor and the deviation factor corresponding to the confusion factor as first confusion information, and respectively sending N-1 pieces of first confusion information in the N pieces of first confusion information to N-1 pieces of second computing nodes. Wherein the first computing node is any one of the N computing nodes; the second computing node is any one of the N computing nodes except the first computing node. In this way, by generating the N random numbers, the private data of the first computing node is masked, so that the private data of the first computing node is prevented from being leaked, and thus the security of the private data of the first computing node can be ensured. Meanwhile, the first obfuscated information generated by the scheme can provide support for the subsequent generation of the ciphertext fragments, so that support can be provided for a data requester to determine a data calculation result.
Specifically, when generating N random numbers that conform to the secure multiparty computing mechanism, the first computing node generates N-1 random numbers by using a random number generation algorithm on an elliptic curve number domain, and may generate an nth random number based on the N-1 random numbers. In this way, by generating the random number using the random number generation algorithm on the elliptic curve number domain, it is possible to avoid that the offset factor generated by masking the private data of the first computing node based on the generated random number is broken to reveal the private data of the first computing node, so that the security of the private data of the first computing node can be ensured.
Illustratively, assume that there are3 compute nodes, compute node a, compute node B, and compute node C, and that compute node a owns private data a, compute node B owns private data B, and compute node C owns private data C. Meanwhile, a service node independent of the three computation nodes is used as a data requester (such as a data requester D) for description, and the data requester D can correctly obtain the computation result of the multiplication function on the premise that the private data a, b, and c cannot be known, that is, D = a × b × c. That is, the computation result of the final multiplication function is determined by the computation node a, the computation node B, and the computation node C through joint computation without revealing the private data a, B, and C, that is, d = F _ mul (a, B, C) = a × B × C. When detecting a data calculation request from the data requester D, the calculation node a generates 256-bit random numbers ra1 and ra2 by using a random number generation algorithm in an elliptic curve number domain, and calculates ra3= - (ra1+ ra 2). Then, ra1, ra2 and ra3 are used as three obfuscating factors of the computing node a in the three-party security computation, and the privacy data a of the computing node a is subjected to offset operation processing by using the three obfuscating factors, so that three offset factors of the computing node a can be computed, namely a1= a + ra1, a2= a + ra2, and a3= a + ra 3. As such, (ra1, a1), (ra2, a2), (ra3, a3) may be determined as the first obfuscated information. Similarly, when detecting a data calculation request from the data requester D, the compute node B may generate 256-bit random numbers rb1 and rb2 by using a random number generation algorithm in the elliptic curve number domain, and calculate rb3= - (rb 1+ rb 2). Then, rb1, rb2, and rb3 are used as three aliasing factors of the computing node B in the three-way secure computation, and the three aliasing factors are used to perform offset operation processing on the private data B of the computing node B, so that three offset factors of the computing node B can be computed, that is, B1= B + rb1, B2= B + rb2, and B3= B + rb 3. As such, (rb1, b1), (rb2, b2), (rb3, b3) may be determined as the first obfuscated information. When detecting a data calculation request from the data requester D, the computing node C may generate 256-bit random numbers rc1 and rc2 by using a random number generation algorithm in the elliptic curve number domain, and calculate rc3= - (rc 1+ rc 2). Then, using rc1, rc2 and rc3 as three obfuscating factors of the computing node C in the three-party security computation, and using the three obfuscating factors to perform the migration operation processing on the private data C of the computing node C, three migration factors of the computing node C can be computed, that is, C1= C + rc1, C2= C + rc2, and C3= C + rc 3. As such, (rc1, c1), (rc2, c2), (rc3, c3) may be determined as the first obfuscated information.
Then, the computing node a, the computing node B, and the computing node C perform data interaction of the first obfuscated information. Illustratively, the interaction of the first obfuscated information among the computing node a, the computing node B and the computing node C is performed in a first possible implementation manner, for example, the computing node a sends the first obfuscated information with sequence number 2, that is, (ra2, a2), to the computing node B, sends the first obfuscated information with sequence number 3, that is, (ra3, a3), to the computing node C, and meanwhile, the first obfuscated information with sequence number 1, that is, (ra1, a1), is kept locally. Similarly, compute node B sends the first obfuscated information with sequence number 1, i.e. (rb1, B1), to compute node A, sends the first obfuscated information with sequence number 3, i.e. (rb3, B3), to compute node C, while leaving the first obfuscated information with sequence number 2, i.e. (rb2, B2), local. The computing node C sends the first obfuscated information with sequence number 1, i.e. (rc1, C1), to the computing node a, sends the first obfuscated information with sequence number 2, i.e. (rc2, C2), to the computing node B, while keeping the first obfuscated information with sequence number 3, i.e. (rc3, C3), local.
Or, the computing node a, the computing node B, and the computing node C perform the interaction of the first obfuscated information in a second possible implementation manner, for example, the computing node a sends the first obfuscated information with sequence number 1, that is, (ra1, a1), to the computing node B, sends the first obfuscated information with sequence number 2, that is, (ra2, a2), to the computing node C, and meanwhile, keeps the first obfuscated information with sequence number 3, that is, (ra3, a3) locally. Similarly, compute node B sends the first obfuscated information with sequence number 1, i.e. (rb1, B1), to compute node A, sends the first obfuscated information with sequence number 2, i.e. (rb2, B2), to compute node C, while leaving the first obfuscated information with sequence number 3, i.e. (rb3, B3), local. The computing node C sends the first obfuscated information with sequence number 1, i.e. (rc1, C1), to the computing node a, sends the first obfuscated information with sequence number 3, i.e. (rc3, C3), to the computing node B, while keeping the first obfuscated information with sequence number 2, i.e. (rc2, C2), local. Based on this, when a multiplication function is calculated for three-party security, the technical scheme provided by the embodiment of the invention can complete the operation for the multiplication function only by interacting three random numbers when data interaction is performed, but in the prior art, three parties can complete the operation for the multiplication function only by interacting more than four random numbers or even more random numbers when the multiplication function operation is performed, so that the technical scheme provided by the embodiment of the invention has fewer random numbers for the safe three-party secure calculation and the multiplication operation interaction, and fewer number of interaction rounds, and therefore, the efficiency of secure multi-party calculation is higher. It should be noted that the first confusion information may also be interacted among the computing node a, the computing node B, and the computing node C according to other implementation manners, which is not described herein again, and of course, this is not limited in this embodiment of the present invention.
And step 204, the first computing node receives the second confusion information generated by the N-1 second computing nodes respectively, and generates a ciphertext fragment for determining a data computing result according to the first reserved confusion message and the N-1 second confusion messages.
In the embodiment of the invention, after receiving second confusion information generated by N-1 second computing nodes, a first computing node generates a first type sub-ciphertext fragment, a second type sub-ciphertext fragment or a third type sub-ciphertext fragment according to a number domain multiplication mechanism on an elliptic curve number domain. Namely, the first class sub-ciphertext fragment can be timely and accurately determined by performing number domain multiplication on N confusion factors in the first confusion-retaining message and the N-1 second confusion messages in the number domain of the elliptic curve; performing number domain multiplication operation on N offset factors in the first confusion-retaining message and the N-1 second confusion messages on the elliptic curve number domain, so as to timely and accurately determine the second type sub-ciphertext fragments; aiming at any offset factor in the N offset factors, performing number domain multiplication operation on the offset factor and N-1 confusion factors except the confusion factor corresponding to the offset factor on an elliptic curve number domain, and thus, accurately determining the third class of sub-ciphertext fragments in time. Wherein the first retained obfuscation message is the first one of the N first obfuscations except for being sent to the N-1 second compute nodes. Therefore, the ciphertext fragments used for determining the data calculation result can be determined in time, so that support is provided for effectively improving the efficiency of safe multi-party calculation, the safety of the privacy data of each calculation node can be ensured, and the risk of leakage of the privacy data of each calculation node is avoided.
By way of example, the implementation process of generating the ciphertext fragment by the first computing node is described with reference to the first possible implementation manner. That is, after receiving the first obfuscated information (rb1, B1) sent by the computing node B and the first obfuscated information (rc1, C1) sent by the computing node C, the computing node a selects the offset factors thereof and the offset factors in the locally retained first obfuscated information, that is, a1, B1, and C1, and performs a number-domain multiplication operation on a1, B1, and C1 over an elliptic curve number domain, so as to determine a first type ciphertext sub-fragment, that is, share1= a 1B 1C 1. And selecting the confusion factors and the confusion factors in the locally-retained first confusion information, namely ra1, rb1 and rc1, and performing number-domain multiplication on ra1, rb1 and rc1 in the elliptic curve number domain to determine a second type of ciphertext sub-fragment, namely share2= ra1 rb1 rc 1. Then, a number of domain multiplication operations are performed on the elliptic curve number domain by using the confusion factors rb1 and rc1 from the computation node B and the computation node C and the offset factor a1 of the computation node a, so that a third type of ciphertext sub-slice can be determined, namely share3= rb1 rc1 a 1. And performing multi-domain multiplication on the elliptic curve number domain by using the confusion factors ra1 and rc1 from the computing node A and the computing node C and the offset factor B1 of the computing node B to determine a third type of ciphertext sub-slice, namely share4= ra1 × rc1 × B1. And performing multi-domain multiplication on the elliptic curve number domain by using the confusion factors ra1 and rb1 from the computing node A and the computing node B and the offset factor C1 of the computing node C to determine a third type of ciphertext sub-fragment, namely share5= ra1 rb 1C 1. Finally, the ciphertext fragments for determining the data calculation result can be determined by performing addition, subtraction and multiplication operations on various ciphertext sub-fragments on the elliptic curve number domain, namely SA = share1+2 share2-share3-share4-share5, namely SA = a1 b1 c1+2 ra1 rb1 rc1-rb1 rc1 a1-ra1 rc1 b1-ra1 rb1 c 1.
Similarly, after receiving the first obfuscated information (ra2, a2) sent by the computing node a and the first obfuscated information (rc2, C2) sent by the computing node C, the computing node B selects the offset factors thereof and the offset factors in the locally-retained first obfuscated information, namely a2, B2 and C2, and performs a number-domain multiplication operation on a2, B2 and C2 on an elliptic curve number domain to determine a first ciphertext sub-fragment, namely share1= a 2B 2C 2. And selecting the confusion factors and the confusion factors in the locally-retained first confusion information, namely ra2, rb2 and rc2, and performing number-domain multiplication on ra2, rb2 and rc2 in the elliptic curve number domain to determine a second type of ciphertext sub-fragment, namely share2= ra2 rb2 rc 2. Then, a number of domain multiplication operations are performed on the elliptic curve number domain by using the confusion factors rb2 and rc2 from the computation node B and the computation node C and the offset factor a2 of the computation node a, so that a third type of ciphertext sub-slice can be determined, namely share3= rb2 rc2 a 2. And performing multi-domain multiplication on the elliptic curve number domain by using the confusion factors ra2 and rc2 from the computing node A and the computing node C and the offset factor B2 of the computing node B to determine a third type of ciphertext sub-slice, namely share4= ra2 × rc2 × B2. And performing multi-domain multiplication on the elliptic curve number domain by using the confusion factors ra2 and rb2 from the computing node A and the computing node B and the offset factor C2 of the computing node C to determine a third type of ciphertext sub-fragment, namely share5= ra2 rb 2C 2. Finally, by adding and subtracting and multiplying various ciphertext sub-fragments on the elliptic curve number domain, the ciphertext fragment for determining the data calculation result can be determined, namely SB = share1+2 share2-share3-share4-share5, namely SB = a2 b2 c2+2 ra2 rb2 rc2-rb2 rc2 a2-ra2 rc2 b2-ra2 rb2 c 2.
After receiving the first confusion information (ra3, a3) sent by the computing node a and the first confusion information (rb3, B3) sent by the computing node B, the computing node C selects offset factors therein and offset factors in the locally retained first confusion information, namely a3, B3 and C3, and performs number domain multiplication on a3, B3 and C3 on an elliptic curve number domain to determine a first type ciphertext sub-fragment, namely share1= a 3B 3C 3. And selecting the confusion factors and the confusion factors in the locally-retained first confusion information, namely ra3, rb3 and rc3, and performing number-domain multiplication on ra3, rb3 and rc3 in the elliptic curve number domain to determine a second type of ciphertext sub-fragment, namely share2= ra3 rb3 rc 3. Then, a number of domain multiplication operations are performed on the elliptic curve number domain by using the confusion factors rb3 and rc3 from the computation node B and the computation node C and the offset factor a3 of the computation node a, so that a third type of ciphertext sub-slice can be determined, namely share3= rb3 rc3 a 3. And performing multi-domain multiplication on the elliptic curve number domain by using the confusion factors ra3 and rc3 from the computing node A and the computing node C and the offset factor B3 of the computing node B to determine a third type of ciphertext sub-slice, namely share4= ra3 × rc3 × B3. And performing multi-domain multiplication on the elliptic curve number domain by using the confusion factors ra3 and rb3 from the computing node A and the computing node B and the offset factor C3 of the computing node C to determine a third type of ciphertext sub-fragment, namely share5= ra3 rb 3C 3. Finally, the ciphertext fragments for determining the data calculation result can be determined by adding, subtracting and multiplying various ciphertext sub-fragments on the elliptic curve number domain, namely SC = share1+2 share2-share3-share4-share5, namely SC = a3 b3 c3+2 ra3 rb3 rc3-rb3 rc3 a3-ra3 rc3 b3-ra3 rb3 c 3.
Alternatively, the second possible implementation manner is taken as an example to describe the implementation process of generating the ciphertext fragment by the first computing node. That is, after receiving the first obfuscated information (rb1, B1) sent by the computing node B and the first obfuscated information (rc1, C1) sent by the computing node C, the computing node a selects the offset factors thereof and the offset factors in the locally retained first obfuscated information, that is, a3, B1, and C1, and performs a number-domain multiplication operation on a3, B1, and C1 over an elliptic curve number domain, so as to determine a first type ciphertext sub-fragment, that is, share1= a 3B 1C 1. And selecting the confusion factors and the confusion factors in the locally-retained first confusion information, namely ra3, rb1 and rc1, and performing number-domain multiplication on ra3, rb1 and rc1 in the elliptic curve number domain to determine a second type of ciphertext sub-fragment, namely share2= ra3 rb1 rc 1. Then, a number of domain multiplication operations are performed on the elliptic curve number domain by using the confusion factors rb1 and rc1 from the computation node B and the computation node C and the offset factor a3 of the computation node a, so that a third type of ciphertext sub-slice can be determined, namely share3= rb1 rc1 a 3. And performing multi-domain multiplication on the elliptic curve number domain by using the confusion factors ra3 and rc1 from the computing node A and the computing node C and the offset factor B1 of the computing node B to determine a third type of ciphertext sub-slice, namely share4= ra3 × rc1 × B1. And performing multi-domain multiplication on the elliptic curve number domain by using the confusion factors ra3 and rb1 from the computing node A and the computing node B and the offset factor C1 of the computing node C to determine a third type of ciphertext sub-fragment, namely share5= ra3 rb 1C 1. Finally, the ciphertext fragments for determining the data calculation result can be determined by performing addition, subtraction and multiplication operations on various ciphertext sub-fragments on the elliptic curve number domain, namely SA = share1+2 share2-share3-share4-share5, namely SA = a3 b1 c1+2 ra3 rb1 rc1-rb1 rc1 a3-ra3 rc1 b1-ra3 rb1 c 1.
Similarly, after receiving the first obfuscated information (ra1, a1) sent by the computing node a and the first obfuscated information (rc3, C3) sent by the computing node C, the computing node B selects the offset factors thereof and the offset factors in the locally-retained first obfuscated information, namely a1, B3 and C3, and performs a number-domain multiplication operation on a1, B3 and C3 on an elliptic curve number domain to determine a first ciphertext sub-fragment, namely share1= a 1B 3C 3. And selecting the confusion factors and the confusion factors in the locally-retained first confusion information, namely ra1, rb3 and rc3, and performing number-domain multiplication on ra1, rb3 and rc3 in the elliptic curve number domain to determine a second type of ciphertext sub-fragment, namely share2= ra1 rb3 rc 3. Then, a number of domain multiplication operations are performed on the elliptic curve number domain by using the confusion factors rb3 and rc3 from the computation node B and the computation node C and the offset factor a1 of the computation node a, so that a third type of ciphertext sub-slice can be determined, namely share3= rb3 rc3 a 1. And performing multi-domain multiplication on the elliptic curve number domain by using the confusion factors ra1 and rc3 from the computing node A and the computing node C and the offset factor B3 of the computing node B to determine a third type of ciphertext sub-slice, namely share4= ra1 × rc3 × B3. And performing multi-domain multiplication on the elliptic curve number domain by using the confusion factors ra1 and rb3 from the computing node A and the computing node B and the offset factor C3 of the computing node C to determine a third type of ciphertext sub-fragment, namely share5= ra1 rb 3C 3. Finally, by adding and subtracting and multiplying various ciphertext sub-fragments on the elliptic curve number domain, the ciphertext fragment for determining the data calculation result can be determined, namely SB = share1+2 share2-share3-share4-share5, namely SB = a1 b3 c3+2 ra1 rb3 rc3-rb3 rc3 a1-ra1 rc3 b3-ra1 rb3 c 3.
After receiving the first confusion information (ra2, a2) sent by the computing node a and the first confusion information (rb2, B2) sent by the computing node B, the computing node C selects offset factors therein and offset factors in the locally retained first confusion information, namely a2, B2 and C2, and performs number domain multiplication on a2, B2 and C2 on an elliptic curve number domain to determine a first type ciphertext sub-fragment, namely share1= a 2B 2C 2. And selecting the confusion factors and the confusion factors in the locally-retained first confusion information, namely ra2, rb2 and rc2, and performing number-domain multiplication on ra2, rb2 and rc2 in the elliptic curve number domain to determine a second type of ciphertext sub-fragment, namely share2= ra2 rb2 rc 2. Then, a number of domain multiplication operations are performed on the elliptic curve number domain by using the confusion factors rb2 and rc2 from the computation node B and the computation node C and the offset factor a2 of the computation node a, so that a third type of ciphertext sub-slice can be determined, namely share3= rb2 rc2 a 2. And performing multi-domain multiplication on the elliptic curve number domain by using the confusion factors ra2 and rc2 from the computing node A and the computing node C and the offset factor B2 of the computing node B to determine a third type of ciphertext sub-slice, namely share4= ra2 × rc2 × B2. And performing multi-domain multiplication on the elliptic curve number domain by using the confusion factors ra2 and rb2 from the computing node A and the computing node B and the offset factor C2 of the computing node C to determine a third type of ciphertext sub-fragment, namely share5= ra2 rb 2C 2. Finally, the ciphertext fragments for determining the data calculation result can be determined by adding, subtracting and multiplying various ciphertext sub-fragments on the elliptic curve number domain, namely SC = share1+2 share2-share3-share4-share5, namely SC = a2 b2 c2+2 ra2 rb2 rc2-rb2 rc2 a2-ra2 rc2 b2-ra2 rb2 c 2.
Step 205, the first computing node sends the ciphertext fragment to a data requestor.
And step 206, the data requester determines a data calculation result according to the N ciphertext fragments.
In step 205 and step 206, after each computing node generates the ciphertext fragment, each generated ciphertext fragment is sent to the data requestor, so that the data requestor determines a data calculation result based on the ciphertext fragment generated by each computing node. Specifically, after receiving the N ciphertext fragments, the data requestor performs a number addition operation on the N ciphertext fragments in an elliptic curve number domain to obtain a data result after the number addition operation, and performs a division operation on the data result after the number addition operation and N, so as to accurately calculate a data calculation result. By way of example, the implementation process of each computing node sending ciphertext fragments is described by taking the first possible implementation manner as an example. That is, the computing node a sends the ciphertext fragment SA generated by itself to the data requestor D, the computing node B sends the ciphertext fragment SB generated by itself to the data requestor D, and the computing node C sends the ciphertext fragment SC generated by itself to the data requestor D. After receiving the ciphertext fragments SA, SB, and SC, the data requester D may add the ciphertext fragments SA, SB, and SC in the elliptic curve number domain, and may divide the result of the addition by 3, thereby accurately calculating the data calculation result, i.e., (SA + SB + SC)/3=3 a b c/3 = a b c. That is, the final calculation result is equivalent to the multiplication result a × B × C of the private data a, B, C of the computation node a, the computation node B, and the computation node C.
The following describes an application scenario, for example, three computing institutions jointly calculate total household income, and an implementation process of the data processing method based on secure multi-party calculation in the implementation of the present invention is described.
Illustratively, organization a has an average income per family, such as 10 ten thousand yuan, organization B has a working population of families, such as 2 persons, and organization C has a working age, such as 5 years of working, which are required to complete the total income of a family or the total income of each family without revealing privacy data of each. That is, with the technical solution of the data processing method based on secure multiparty computation provided by the embodiment of the present invention, the mechanism a generates three confusion factors, namely ra1, ra2, and ra3, by using a random number generation algorithm in an elliptic curve number domain, and performs a shift operation on the amount of 10 ten thousand yuan using the three confusion factors, so as to obtain three shift factors, namely a1, a2, and a 3. Similarly, the mechanism B generates three confusion factors, namely rb1, rb2 and rb3, by using a random number generation algorithm in an elliptic curve number domain, and performs offset operation on 2 family workers by using the three confusion factors, so as to obtain three offset factors, namely B1, B2 and B3. The mechanism C generates three confusion factors, namely rc1, rc2 and rc3, by using a random number generation algorithm on an elliptic curve number domain, and performs offset operation on the working years for 5 years by using the three confusion factors respectively to obtain three offset factors, namely C1, C2 and C3. And the mechanism A, the mechanism B and the mechanism C perform data interaction of the confusion factor and the offset factor through a secure channel according to the first possible implementation mode. Based on this, finally, the mechanism a obtains three confusion factors ra1, rb1 and rc1, three offset factors a1, b1 and c 1; mechanism B obtains three confusion factors ra2, rb2 and rc2, three offset factors a2, B2 and c 2; mechanism C obtains three confounding factors ra3, rb3, and rc3, and three shifting factors a3, b3, and C3. According to the mode for generating the ciphertext fragment provided by the embodiment of the invention, the mechanism A performs mathematical operation on an elliptic curve number domain by using confusion factors ra1, rb1, rc1 and offset factors a1, b1 and c1, so as to generate the ciphertext fragment SA for determining a data calculation result, and sends the ciphertext fragment SA to a data requester; according to the mode for generating the ciphertext fragment provided by the embodiment of the invention, the mechanism B can generate the ciphertext fragment SB for determining the data calculation result by performing mathematical operation on an elliptic curve number domain by using the confusion factors ra2, rb2, rc2 and the offset factors a2, B2 and c2, and sends the ciphertext fragment SB to the data requester; according to the mode for generating the ciphertext fragment provided by the embodiment of the invention, the mechanism C can generate the ciphertext fragment SC for determining the data calculation result by performing mathematical operation on the elliptic curve number domain by using the confusion factors ra3, rb3, rc3 and the offset factors a3, b3 and C3, and send the ciphertext fragment SC to the data requester. After receiving the ciphertext fragments SA, SB, and SC, the data requester may add the ciphertext fragments SA, SB, and SC in the elliptic curve number domain, and divide the result of the addition by 3, so as to accurately calculate the data calculation result, that is, (SA + SB + SC)/3=10 × 2 × 5=100 ten thousand yuan. That is, the total family income of a family is obtained 100 ten thousand yuan under the premise that the private data (i.e., 10 ten thousand yuan, 2 individuals, 5 years) of the organization a, the organization B, and the organization C are not respectively disclosed.
The above embodiment shows that, because the secure multi-party computation of the existing multiplication function operation depends on a complex cryptographic protocol, the number of interaction rounds of each participant is large in the multiplication function operation process, which results in low efficiency for the multiplication function operation in a multi-party input scene. Based on this, in the technical scheme of the present invention, when the first computing node detects a data computing request, the data computing operation for generating the ciphertext fragment may be started. Namely, N pieces of first obfuscated information are generated based on the private data of the first computing node, and N-1 pieces of first obfuscated information in the N pieces of first obfuscated information are sent to N-1 pieces of second computing nodes respectively. Meanwhile, second confusion information generated by the N-1 second computing nodes is received, and a ciphertext fragment used for determining a data computing result is generated according to the first reserved confusion information and the N-1 second confusion information. And then, the ciphertext fragments are sent to a data requester, so that the data requester can timely and effectively determine a data calculation result according to the N ciphertext fragments. Therefore, the scheme can not only complete the calculation process aiming at the data calculation request on the premise of not revealing the private data of each calculation node so as to ensure the safety of the private data of each calculation node, but also complete the generation process of each calculation node aiming at the ciphertext fragment only by carrying out one round of interaction among the calculation nodes so as to solve the problem that the technical scheme in the prior art needs more interaction rounds of each participant in the calculation process, and can effectively reduce network resources consumed by data interaction of each calculation node in the process of determining the data calculation result, thereby effectively improving the efficiency of safe multi-party calculation.
Based on the same technical concept, fig. 3 exemplarily illustrates a data processing apparatus provided by an embodiment of the present invention, and the apparatus can execute a flow of a data processing method. The data processing method in the embodiment of the invention is suitable for a safe multi-party computing system with N computing nodes.
As shown in fig. 3, the apparatus includes:
a first generating unit 301, configured to generate N pieces of first obfuscated information based on private data of a first computing node when a data computing request is detected, and send N-1 pieces of first obfuscated information of the N pieces of first obfuscated information to N-1 second computing nodes, respectively; the first compute node is any one of the N compute nodes; the second computing node is any one of the N computing nodes except the first computing node;
the first processing unit 302 is configured to receive second obfuscating information generated by each of the N-1 second computing nodes, and generate a ciphertext fragment used for determining a data computing result according to the first retained obfuscating message and the N-1 second obfuscating messages; the first retained obfuscation message is a first one of the N first obfuscations except for being sent to N-1 second compute nodes; sending the ciphertext fragments to a data requester; and the data requester is used for determining a data calculation result according to the N ciphertext fragments.
Optionally, the first generating unit 301 is specifically configured to:
generating N random numbers which accord with a safe multi-party computing mechanism, and taking the N random numbers as N confusion factors;
for each obfuscation factor, generating an offset factor from the obfuscation factor and the private data of the first compute node; determining the obfuscation factor and the offset factor as first obfuscated information.
Optionally, the first generating unit 301 is specifically configured to:
generating N-1 random numbers by using a random number generation algorithm on an elliptic curve number domain;
generating an Nth random number based on the N-1 random numbers.
Optionally, the first processing unit 302 is specifically configured to:
determining a first class of sub-ciphertext fragments based on the first retained confusion message and N confusion factors in the N-1 second confusion messages;
determining a second class of sub-ciphertext fragments based on the first retained obfuscated message and N offset factors in the N-1 second obfuscated messages;
aiming at any offset factor in the N offset factors, determining a third class of sub-ciphertext fragments according to the offset factor and N-1 confusion factors except the confusion factor corresponding to the offset factor;
and generating ciphertext fragments for determining data calculation results according to the first type of sub-ciphertext fragments, the second type of sub-ciphertext fragments and the third type of sub-ciphertext fragments.
Optionally, the first type of sub-ciphertext fragment, the second type of sub-ciphertext fragment, or the third type of sub-ciphertext fragment may be generated by the first computing node according to a number-domain multiplication mechanism on an elliptic curve number domain.
Optionally, the first processing unit 302 is specifically configured to:
and generating the first class sub-ciphertext fragment by performing number-domain multiplication on the number domain of the elliptic curve on the N confusion factors in the first confusion-retaining message and the N-1 second confusion messages.
Optionally, the first processing unit 302 is specifically configured to:
and generating the second class of sub-ciphertext fragments by performing number-domain multiplication on the first confusion-preserving message and the N offset factors in the N-1 second confusion messages in an elliptic curve number domain.
Optionally, the first processing unit 302 is specifically configured to:
and aiming at any offset factor in the N offset factors, performing number domain multiplication operation on the offset factor and N-1 confusion factors except the confusion factor corresponding to the offset factor on an elliptic curve number domain to generate the third class ciphertext sub-fragment.
Optionally, the first processing unit 302 is specifically configured to:
and performing number addition, subtraction and multiplication operations on the first class of sub-ciphertext fragments, the second class of sub-ciphertext fragments and the third class of sub-ciphertext fragments on an elliptic curve number domain to generate ciphertext fragments for determining a data calculation result.
Based on the same technical concept, fig. 4 exemplarily shows another data processing apparatus provided by the embodiment of the present invention, which can execute the flow of the data processing method. The data processing method in the embodiment of the invention is suitable for a safe multi-party computing system with N computing nodes.
As shown in fig. 4, the apparatus includes:
a second generating unit 401, configured to generate a data calculation request for obtaining the ciphertext fragment;
a second processing unit 402, configured to send the data calculation requests to the N calculation nodes, respectively; when a first computing node detects a data computing request, generating N pieces of first obfuscated information based on private data of the first computing node, respectively sending N-1 pieces of first obfuscated information in the N pieces of first obfuscated information to N-1 second computing nodes, and generating ciphertext fragments for determining data computing results according to the first retained obfuscated information and the N-1 pieces of second obfuscated information generated by the N-1 second computing nodes; the first computing node is any one of the N computing nodes, and the second computing node is any one of the N computing nodes except the first computing node; receiving ciphertext fragments sent by the N computing nodes respectively; and determining a data calculation result according to the N ciphertext fragments.
Optionally, the second processing unit 402 is specifically configured to:
performing number addition operation on the N ciphertext fragments on an elliptic curve number domain to obtain a data result after the number addition operation;
and determining the ratio of the data result after the number addition operation to N as the data calculation result.
Based on the same technical concept, an embodiment of the present invention further provides a computing device, as shown in fig. 5, including at least one processor 501 and a memory 502 connected to the at least one processor, where a specific connection medium between the processor 501 and the memory 502 is not limited in the embodiment of the present invention, and the processor 501 and the memory 502 are connected through a bus in fig. 5 as an example. The bus may be divided into an address bus, a data bus, a control bus, etc.
In the embodiment of the present invention, the memory 502 stores instructions executable by the at least one processor 501, and the at least one processor 501 may execute the steps included in the foregoing data processing method by executing the instructions stored in the memory 502.
The processor 501 is a control center of the computing device, and may be connected to various parts of the computing device through various interfaces and lines, and implement data processing by executing or executing instructions stored in the memory 502 and calling data stored in the memory 502. Optionally, the processor 501 may include one or more processing units, and the processor 501 may integrate an application processor and a modem processor, where the application processor mainly processes an operating system, a user interface, an application program, and the like, and the modem processor mainly processes an issued instruction. It will be appreciated that the modem processor described above may not be integrated into the processor 501. In some embodiments, processor 501 and memory 502 may be implemented on the same chip, or in some embodiments, they may be implemented separately on separate chips.
The processor 501 may be a general-purpose processor, such as a Central Processing Unit (CPU), a digital signal processor, an Application Specific Integrated Circuit (ASIC), a field programmable gate array or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or any combination thereof, configured to implement or perform the methods, steps, and logic blocks disclosed in the embodiments of the present invention. A general purpose processor may be a microprocessor or any conventional processor or the like. The steps of a method disclosed in connection with the data processing method embodiments may be embodied directly in a hardware processor, or in a combination of hardware and software modules within the processor.
Memory 502, which is a non-volatile computer-readable storage medium, may be used to store non-volatile software programs, non-volatile computer-executable programs, and modules. The Memory 502 may include at least one type of storage medium, and may include, for example, a flash Memory, a hard disk, a multimedia card, a card-type Memory, a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a Programmable Read Only Memory (PROM), a Read Only Memory (ROM), a charge Erasable Programmable Read Only Memory (EEPROM), a magnetic Memory, a magnetic disk, an optical disk, and so on. The memory 502 is any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer, but is not limited to such. The memory 502 of embodiments of the present invention may also be circuitry or any other device capable of performing a storage function to store program instructions and/or data.
Based on the same technical concept, embodiments of the present invention also provide a computer-readable storage medium storing a computer program executable by a computing device, wherein the program, when executed on the computing device, causes the computing device to execute the steps of the data processing method.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present application and their equivalents, the present invention is also intended to include such modifications and variations.

Claims (10)

1. A data processing method, adapted for use in a secure multi-party computing system having N computing nodes, the method comprising:
when a first computing node detects a data computing request, generating N pieces of first obfuscated information based on private data of the first computing node, and respectively sending N-1 pieces of first obfuscated information in the N pieces of first obfuscated information to N-1 second computing nodes; the first compute node is any one of the N compute nodes; the second computing node is any one of the N computing nodes except the first computing node;
the first computing node receives second confusion information generated by the N-1 second computing nodes respectively, and generates ciphertext fragments for determining data computing results according to the first reserved confusion information and the N-1 second confusion information; the first retained obfuscation message is a first one of the N first obfuscations except for being sent to N-1 second compute nodes;
the first computing node sends the ciphertext fragment to a data requester; and the data requester is used for determining a data calculation result according to the N ciphertext fragments.
2. The method of claim 1, wherein the generating N first obfuscated information based on the private data of the first computing node comprises:
the first computing node generates N random numbers which accord with a safe multi-party computing mechanism, and the N random numbers are used as N confusion factors;
for each obfuscation factor, the first computing node generating an offset factor from the obfuscation factor and the first computing node's private data; determining the obfuscation factor and the offset factor as first obfuscated information.
3. The method of claim 2, wherein the first computing node generating N random numbers compliant with a secure multi-party computing mechanism comprises:
the first computing node generates N-1 random numbers by using a random number generation algorithm on an elliptic curve number domain;
the first compute node generates an nth random number based on the N-1 random numbers.
4. The method of claim 1, wherein generating ciphertext fragments for determining data computation results based on the first retained obfuscated message and the N-1 second obfuscated messages comprises:
the first computing node determines a first class of sub-ciphertext fragments based on the first retained confusion message and N confusion factors in the N-1 second confusion messages;
the first computing node determines a second class of sub-ciphertext fragments based on the first retained confusion message and the N offset factors in the N-1 second confusion messages;
aiming at any offset factor in the N offset factors, the first computing node determines a third class of sub-ciphertext fragments according to the offset factor and N-1 confusion factors except the confusion factor corresponding to the offset factor;
and the first computing node generates ciphertext fragments for determining data computing results according to the first class of sub-ciphertext fragments, the second class of sub-ciphertext fragments and the third class of sub-ciphertext fragments.
5. The method of claim 4, wherein the first computing node determining a first type of sub-ciphertext fragment based on the first retained confusion message and N confusion factors of the N-1 second confusion messages, comprises:
and the first computing node generates the first class sub-ciphertext fragment by performing number domain multiplication on N confusion factors in the first confusion-retaining message and the N-1 second confusion messages in an elliptic curve number domain.
6. The method of claim 4, wherein the first computing node determining a second type of sub-ciphertext fragment based on the first retained confusion message and the N offset factors in the N-1 second confusion messages, comprises:
and the first computing node generates the second class sub-ciphertext fragment by performing number domain multiplication on the number domain of the elliptic curve for the N offset factors in the first confusion-preserving message and the N-1 second confusion messages.
7. The method of claim 4, wherein for any one of N shift factors, the first computing node determining a third type of sub-ciphertext fragment according to the shift factor and N-1 aliasing factors other than the aliasing factor to which the shift factor corresponds, comprising:
and aiming at any offset factor in the N offset factors, the first computing node performs number domain multiplication operation on the offset factor and N-1 confusion factors except the confusion factor corresponding to the offset factor on an elliptic curve number domain to generate the third class sub-ciphertext fragment.
8. The method of claim 4, wherein the first computing node generates ciphertext fragments for determining data computation results based on the first type of sub-ciphertext fragments, the second type of sub-ciphertext fragments, and the third type of sub-ciphertext fragments, comprising:
and the first computing node performs number addition, subtraction and multiplication operations on the first class of sub-ciphertext fragments, the second class of sub-ciphertext fragments and the third class of sub-ciphertext fragments on an elliptic curve number domain to generate ciphertext fragments for determining a data computing result.
9. A data processing method, adapted for use in a secure multi-party computing system having N computing nodes, the method comprising:
a data requester generates a data calculation request for acquiring the ciphertext fragment;
the data requester sends the data calculation requests to the N calculation nodes respectively; when a first computing node detects a data computing request, generating N pieces of first obfuscated information based on private data of the first computing node, respectively sending N-1 pieces of first obfuscated information in the N pieces of first obfuscated information to N-1 second computing nodes, and generating ciphertext fragments for determining data computing results according to the first retained obfuscated information and the N-1 pieces of second obfuscated information generated by the N-1 second computing nodes; the first computing node is any one of the N computing nodes, and the second computing node is any one of the N computing nodes except the first computing node;
the data requester receives ciphertext fragments sent by the N computing nodes respectively;
and the data requester determines a data calculation result according to the N ciphertext fragments.
10. The method of claim 9, wherein the data requestor determines a data computation result from the N ciphertext fragments, comprising:
the data requester performs a number addition operation on the N ciphertext fragments on an elliptic curve number domain to obtain a data result after the number addition operation;
and the data requester determines the ratio of the data result after the number addition operation to N as the data calculation result.
CN202110873970.2A 2021-07-30 2021-07-30 Data processing method Active CN113343283B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202110873970.2A CN113343283B (en) 2021-07-30 2021-07-30 Data processing method
PCT/CN2021/131306 WO2023005066A1 (en) 2021-07-30 2021-11-17 Data processing method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110873970.2A CN113343283B (en) 2021-07-30 2021-07-30 Data processing method

Publications (2)

Publication Number Publication Date
CN113343283A true CN113343283A (en) 2021-09-03
CN113343283B CN113343283B (en) 2021-10-15

Family

ID=77480478

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110873970.2A Active CN113343283B (en) 2021-07-30 2021-07-30 Data processing method

Country Status (2)

Country Link
CN (1) CN113343283B (en)
WO (1) WO2023005066A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114024674A (en) * 2021-11-23 2022-02-08 支付宝(杭州)信息技术有限公司 Method and system for comparing two parties safely
CN115361131A (en) * 2022-10-21 2022-11-18 华控清交信息科技(北京)有限公司 Ciphertext data calculation method and device and electronic equipment
WO2023005066A1 (en) * 2021-07-30 2023-02-02 深圳前海微众银行股份有限公司 Data processing method

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109359470A (en) * 2018-08-14 2019-02-19 阿里巴巴集团控股有限公司 Secure calculation method and device, electronic equipment
CN109388960A (en) * 2018-10-24 2019-02-26 全链通有限公司 Information sharing and multi-party computations model based on block chain
CN109756442A (en) * 2017-11-01 2019-05-14 清华大学 Based on the data statistical approach, device and equipment for obscuring circuit
US20200244446A1 (en) * 2019-01-11 2020-07-30 Alibaba Group Holding Limited A distributed multi-party security model training framework for privacy protection
CN111931250A (en) * 2019-07-11 2020-11-13 华控清交信息科技(北京)有限公司 Multi-party safety computing integrated machine
CN112464174A (en) * 2020-10-27 2021-03-09 华控清交信息科技(北京)有限公司 Method and device for verifying multi-party secure computing software and device for verifying
CN112906044A (en) * 2021-05-10 2021-06-04 腾讯科技(深圳)有限公司 Multi-party security calculation method, device, equipment and storage medium

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109255247B (en) * 2018-08-14 2020-08-14 阿里巴巴集团控股有限公司 Multi-party security calculation method and device and electronic equipment
CN109241016B (en) * 2018-08-14 2020-07-07 阿里巴巴集团控股有限公司 Multi-party security calculation method and device and electronic equipment
CN111064579A (en) * 2019-12-11 2020-04-24 北京金汤科技有限公司 Block chain-based secure multi-party computing method, system and storage medium
US11936768B2 (en) * 2019-12-17 2024-03-19 Microchip Technology Incorporated Obfuscating cryptographic parameters used in elliptical curve cryptography, and related systems and devices
CN113343283B (en) * 2021-07-30 2021-10-15 深圳前海微众银行股份有限公司 Data processing method

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109756442A (en) * 2017-11-01 2019-05-14 清华大学 Based on the data statistical approach, device and equipment for obscuring circuit
CN109359470A (en) * 2018-08-14 2019-02-19 阿里巴巴集团控股有限公司 Secure calculation method and device, electronic equipment
CN109388960A (en) * 2018-10-24 2019-02-26 全链通有限公司 Information sharing and multi-party computations model based on block chain
US20200244446A1 (en) * 2019-01-11 2020-07-30 Alibaba Group Holding Limited A distributed multi-party security model training framework for privacy protection
CN111931250A (en) * 2019-07-11 2020-11-13 华控清交信息科技(北京)有限公司 Multi-party safety computing integrated machine
CN112464174A (en) * 2020-10-27 2021-03-09 华控清交信息科技(北京)有限公司 Method and device for verifying multi-party secure computing software and device for verifying
CN112906044A (en) * 2021-05-10 2021-06-04 腾讯科技(深圳)有限公司 Multi-party security calculation method, device, equipment and storage medium

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2023005066A1 (en) * 2021-07-30 2023-02-02 深圳前海微众银行股份有限公司 Data processing method
CN114024674A (en) * 2021-11-23 2022-02-08 支付宝(杭州)信息技术有限公司 Method and system for comparing two parties safely
CN115361131A (en) * 2022-10-21 2022-11-18 华控清交信息科技(北京)有限公司 Ciphertext data calculation method and device and electronic equipment
CN115361131B (en) * 2022-10-21 2022-12-13 华控清交信息科技(北京)有限公司 Ciphertext data calculation method and device and electronic equipment

Also Published As

Publication number Publication date
WO2023005066A1 (en) 2023-02-02
CN113343283B (en) 2021-10-15

Similar Documents

Publication Publication Date Title
CN113343283B (en) Data processing method
JP7208930B2 (en) Release of controlled cryptographic private keys
US8638926B2 (en) Sharing a secret with modular inverses
KR102610335B1 (en) Multi-round token distribution system and method using blockchain network
CN113708930B (en) Data comparison method, device, equipment and medium for private data
CN111211911B (en) Collaborative signature method, device, equipment and system
CN111064583A (en) Threshold SM2 digital signature method and device, electronic equipment and storage medium
CN114296922A (en) Multi-party data processing method, system, electronic device and storage medium
CN111400728A (en) Data encryption and decryption method and device applied to block chain
CN112036878B (en) Data processing method and device
EP3682592A1 (en) Methods and devices for increasing entropy of a blockchain using blinded outcome diversification
CN107888385B (en) RSA modulus generation method, RSA key generation method, computer device, and medium
WO2023185046A1 (en) Method for rotating consensus nodes in blockchain system, and nodes and blockchain system
CN113434906B (en) Data query method, device, computer equipment and storage medium
CN114329533A (en) Secure multiparty computing method and related device
CN109981591B (en) Key management method for generating private key by single client and electronic equipment
CN114422125B (en) Secret data sharing and secret key generation method and distributed system
CN115361131A (en) Ciphertext data calculation method and device and electronic equipment
CN113094735A (en) Method for training privacy model
CN115037436B (en) Method and system for calculating data mean value by using safe multiple parties
CN112182593A (en) Data processing method and device and electronic equipment
CN115037434B (en) Multiparty data security calculation method and system based on privacy calculation
CN110837633B (en) Intelligent certificate implementation method and system and readable storage medium
US11962562B2 (en) Anonymous message board server verification
CN109981592B (en) Method and electronic equipment for generating key by combining multiple clients and multiple servers

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant