CN113518092A - Set intersection method for realizing multi-party privacy - Google Patents

Set intersection method for realizing multi-party privacy Download PDF

Info

Publication number
CN113518092A
CN113518092A CN202110833610.XA CN202110833610A CN113518092A CN 113518092 A CN113518092 A CN 113518092A CN 202110833610 A CN202110833610 A CN 202110833610A CN 113518092 A CN113518092 A CN 113518092A
Authority
CN
China
Prior art keywords
participants
ciphertext
bloom filter
participant
plaintext
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110833610.XA
Other languages
Chinese (zh)
Other versions
CN113518092B (en
Inventor
张紫倩
王保仓
段普
张本宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xidian University
Original Assignee
Xidian University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xidian University filed Critical Xidian University
Priority to CN202110833610.XA priority Critical patent/CN113518092B/en
Publication of CN113518092A publication Critical patent/CN113518092A/en
Application granted granted Critical
Publication of CN113518092B publication Critical patent/CN113518092B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions

Abstract

The invention discloses a multi-party privacy set intersection method, which mainly solves the problem that the prior art only supports the hidden set size intersection under the environment of two parties, but the set intersection communication volume is large under the environment of a plurality of parties. The scheme is as follows: the parameter generating mechanism generates required parameters; other participants use the bloom filter to represent respective input sets and use the joint public key to encrypt the input sets and send the input sets to the appointed participants; the appointed party extracts the ciphertext by using the hash value of the set element, combines a plurality of ciphertexts into a polymerization ciphertext by using a radix number marking mode, and sends the polymerization ciphertext to other parties; and the appointed party and other parties jointly decrypt to obtain a joint plaintext, and a single plaintext is recovered from the joint plaintext to obtain an intersection. The method can support the calculation of the privacy set intersection of the hidden set sizes under the environment of a plurality of participants, reduces communication traffic, and can be used for carrying out privacy protection on the input set elements and the input set sizes of the participants in the set intersection.

Description

Set intersection method for realizing multi-party privacy
Technical Field
The invention belongs to the technical field of security, and further relates to a multi-party privacy set intersection method which can be used for carrying out privacy protection on input set elements and sizes of participants in set intersection.
Background
The privacy preserving set intersection technology is a sub-problem with wide application scenarios in the field of multi-party security computing. Under the background of the era of big data and artificial intelligence, data is generated and utilized at all times in various application programs, and further more convenient service is brought to users. Meanwhile, a large amount of valuable private data is continuously mined, so that people continuously improve the awareness of protecting the data containing the sensitive information of the people, and further cause a trust gap, thereby causing a data island phenomenon and losing the value of the data. The problem of how to reasonably exert the data value on the premise of effectively protecting the data privacy of the user becomes the most important reason for the rise of the privacy protection set intersection technology.
At present, the privacy protection set intersection technology mainly performs set intersection in the environment of two parties, and in most cases, the sizes of input sets of the parties are public. When the size of the private input set implies sensitive information for the participant, the participant may require that it be kept secret. For example, when the homeland security agency DHS needs to know whether a flight passenger list of an airline intersects with the terrorist observation list TWL, the set size of the TWL is confidential information for the DHS and cannot be disclosed to any airline at all. If the supplementary 'dummy' mode is simply utilized, additional overhead problems are caused when data is processed. Meanwhile, in real life, the participants are not limited to two parties, sometimes a plurality of participants are involved, and if the privacy set intersection technology of the two parties is simply applied for multiple times, the problem of privacy data disclosure is brought.
Giuseppe Atenise et al, in its published paper (If) Size matrices, Size-mapping private set interaction, put forward the need for privacy protection set intersections to achieve stronger privacy attributes, hide the Size of the set owned by one of the two parties, i.e., the "client", and design a construction scheme that is secure under the RSA assumption of a random predictive model, using tools similar to RSA accumulators and unpredictable functions. However, an unpredictable function is used in the scheme, the function is only limited to the representation of a single element in the set of the participants, and when the number of the participants is multiple, the function of simultaneous transaction is difficult to achieve, so that the feasibility of safely completing the transaction function is not high if the function is expanded to the environment of multiple participants; meanwhile, because the method uses a tool similar to an RSA accumulator, the calculation amount is too large in practical application, and the method is not suitable for practical application scenes.
Sumit Kumar denath et al proposed a bloom filter-based multiparty privacy set intersection negotiation protocol in its published paper Secure and effective privacy set intersection negotiation protocol, which mainly represents the input set elements of participants through a bloom filter structure, and compared with most privacy set negotiation protocols, it can save a lot of storage space, but after obtaining the intersection ciphertext, the specified participant needs to send the large and small number of ciphertexts of its set to all other participants for decryption, so after all other participants receive the ciphertexts, the set size of the specified participant can be inferred according to the number of ciphertexts, and the input set size of the participant cannot be hidden, and the communication traffic is relatively large.
Disclosure of Invention
The present invention aims to provide a set intersection method for realizing multi-party privacy, so as to protect privacy attributes of original input data set elements and set sizes of the original input data set elements of a plurality of participants, that is, any participant cannot exactly obtain set data and element numbers in private input sets of other participants, and reduce communication overhead.
In order to achieve the purpose, the technical scheme of the invention is as follows:
(1) a parameter generation mechanism PG generates parameters (G, q, G) of the encryption algorithm EL, and shares the parameters to all participants, wherein G represents a cyclic group, q represents the order of the cyclic group G, and G represents a generator of the cyclic group G;
(2) all parties generate respective public and private key pairs (pk) according to the parametersi,ski) And discloses a public key pkiPrivate secret key skiThen, a joint public key pk is calculated according to the respective public keys which are published, wherein i is 1, …, n and n represents the number of participants;
(3) the parameter generation mechanism PG generates a public and private key pair (pk) thereof according to the parameters (G, q, G)T,skT) And using the public key required for encrypting the set size
Figure BDA0003175718090000021
Interacting with all participants to obtain the size m of the bloom filter, and finally generating k hash functions h of the bloom filterlAnd the parameter m and the hash function h are combinedlSending the hash function h to other participantslIs sent to a designated participant, wherein pk1A public key representing a given party, l ═ 1, …, k, k representing the number of hash functions;
(4) specifying participants to generate t cardinalities wtWherein t is 1, …, v1,v1Represents the size of its input set;
(5) the other participants respectively represent the input sets by the bloom filter structure to obtain the respective bloom filters
Figure BDA0003175718090000022
Reuse joint public key pk to bloom filter structure
Figure BDA0003175718090000023
Encrypting to obtain respective encrypted bloom filters
Figure BDA0003175718090000024
And sends it to the designated party;
(6) hash function h for specifying participants to utilize bloom filterslCalculating the element x in its input settAnd then bloom from the received encrypted bloomFilter device
Figure BDA0003175718090000025
K (n-1) ciphertexts are extracted from the data
Figure BDA0003175718090000026
Obtaining an aggregation ciphertext by using homomorphism property of an encryption algorithm TEL for the ciphertexts, and sending the aggregation ciphertext to other participants;
(7) and the appointed party and other parties are combined for decryption to obtain a polymerization plaintext, and the polymerization plaintext is recovered to be a single plaintext to complete set intersection.
Compared with the prior art, the invention has the following advantages:
firstly, the invention combines a plurality of ciphertexts into a polymerization cipher text by using a radix mark mode, so that the data volume sent by the appointed party to other parties is greatly reduced, thereby achieving the purpose of reducing communication traffic;
secondly, in the process of generating the size of the bloom filter, the input set sizes of other participants are encrypted by using a joint common key formed by the appointed participant and the parameter generating mechanism, and the input set sizes of other participants cannot be obtained by the appointed participant and the input set sizes corresponding to other participants cannot be definitely obtained by using the re-randomization mode, so that the problem that the input set sizes cannot be hidden in the prior art is solved, and the input set sizes of other participants are hidden;
thirdly, the information sent by the appointed party to other parties only has one aggregation ciphertext, so that other parties cannot obtain the input set size of the appointed party from the number of the aggregation ciphertexts, the effect of hiding the input set size of the appointed party is further improved, and the set intersection of multi-party privacy is realized.
Drawings
Fig. 1 is a general flow chart of an implementation of the present invention.
Fig. 2 is a sub-flow diagram of the present invention for a given participant to recover a single plaintext from an aggregated ciphertext.
Detailed Description
Embodiments of the present invention are described in further detail below with reference to the accompanying drawings.
This example includes three bodies, a parameter generation mechanism PG, a designated party and other parties, where:
a parameter generation mechanism PG, which is responsible for generating the parameters required for realizing intersection;
the method comprises the steps that a participant is appointed and used for inputting an original data set of the participant and obtaining a final intersection of all input sets;
other participants, which are used to input respective raw data sets.
Referring to fig. 1, the implementation steps of this example are as follows:
step 1, system initialization.
1.1) the parameter generation means PG generates and discloses parameters (G, q, G) by using an ElGamal encryption algorithm EL, wherein G represents a cyclic group, q represents the order of the cyclic group G, and G represents a generator of the cyclic group G;
1.2) all parties generate respective public and private key pairs (pk) according to the parametersi,ski) And discloses a public key pkiPrivate secret key skiThen, the joint public key is calculated according to the public respective public keys
Figure BDA0003175718090000031
Wherein i is 1, …, n, n represents the number of participants;
1.3) the parameter generation mechanism PG generates a public and private key pair (pk) thereof according to the parameters (G, q, G)T,skT) Public key pkTPrivate secret key skTAnd the public key pk thereofTWith the public key pk of the designated party1Multiplying to obtain the public key needed by the size of the encrypted set
Figure BDA0003175718090000041
1.4) other parties all utilize the public key
Figure BDA0003175718090000042
For respective input set size viEncrypting to obtain ciphertext
Figure BDA0003175718090000043
And sends it to the designated participant, where i ═ 2, …, n, n denotes the number of participants;
1.5) specifying that the participant received the ciphertext
Figure BDA0003175718090000044
Then, the cipher text is encrypted by using the private key of the user
Figure BDA0003175718090000045
Partially decrypted into
Figure BDA0003175718090000046
Then from group ZqIn which a random number is selected
Figure BDA0003175718090000047
Using the random number
Figure BDA0003175718090000048
Cipher text
Figure BDA0003175718090000049
Re-randomizing to obtain re-randomized cipher text
Figure BDA00031757180900000410
And encrypt the ciphertext
Figure BDA00031757180900000411
Disorder, and sending to a parameter generation mechanism PG, wherein the group ZqIs a group of integers of order q;
1.6) the parameter generation mechanism PG obtains the scrambled ciphertext
Figure BDA00031757180900000412
Then, the clear text v is obtained by utilizing the private key of the user to decryptiBy comparison of viTo obtain a maximum value vmaxAnd then calculating the size m of the bloom filter:
vmax=max(vi),
Figure BDA00031757180900000413
where i ═ 2, …, n, n denotes the number of participants, k denotes the number of hash functions, and the notation
Figure BDA00031757180900000416
Indicating rounding up the values inside the symbol;
1.7) parameter Generation mechanism PG chooses k Hash functions h of bloom FilterlAnd the size m of the bloom filter and the hash function hlSending the hash function h to other participantslSending to the designated participant, l ═ 1, …, k, k denotes the number of hash functions;
1.8) specifying the participants to generate t cardinalities wt:
wt=(k(n-1)+1)t-1,
Wherein t is 1, …, v1,v1Representing the size of the input set of the specified participant, k representing the number of bloom filter hash functions, and n representing the number of participants.
Step 2, other participants all represent their respective input sets by adopting the bloom filter structure to obtain their respective bloom filters
Figure BDA00031757180900000414
And encrypting the data to obtain respective encrypted bloom filters
Figure BDA00031757180900000415
2.1) other participants all use k hash functions of the bloom filter to pair the elements x in their respective input setsζAnd calculating the index value:
h1(xζ),...,hl(xζ),...,hk(xζ),
wherein h isl(xζ) Represents the element xζBy a hash function hlCalculated index value ζ 1, …, vi,viA set of representations XiL 1, …, k, k denotes the number of hash functions, i 2, …, n, n denotes the number of participants;
2.2) all other participants generate an empty bloom Filter BFiBF of bloom filteriThe value of each position in (a) is initialized to 1;
2.3) other participators are in BF of the empty bloom filter according to the index values obtained in the step 2.1)iFinding the corresponding position and changing the value to 0, thereby obtaining the respective bloom filters of other participants
Figure BDA0003175718090000051
Figure BDA0003175718090000052
Wherein the bloom filter
Figure BDA0003175718090000053
The value of the jth position is expressed as:
Figure BDA0003175718090000054
m represents the size of the bloom filter.
2.4) other participants use TEL encryption algorithm to filter bloom
Figure BDA0003175718090000055
Encrypting to obtain respective encrypted bloom filters
Figure BDA0003175718090000056
Figure BDA0003175718090000057
Wherein the content of the first and second substances,
Figure BDA0003175718090000058
bloom filter representing encryption
Figure BDA0003175718090000059
The jth location of (1).
Step 3, appointing the hash function h of the participant by utilizing the bloom filterlCalculating the element x in its input settFrom the received encrypted bloom filter
Figure BDA00031757180900000510
K (n-1) ciphertexts are extracted from the data
Figure BDA00031757180900000511
3.1) specifying Hash function h for a participant to utilize a bloom FilterlCalculating the element x in its input settIndex value of (d):
h1(xt),...,hl(xt),...,hk(xt),
wherein h isl(xt) Represents the element xtBy a hash function hlThe calculated index value t 1, …, v1,v1A set of representations X 11, …, k, k representing the number of hash functions;
3.2) specifying the Party to use the encrypted bloom Filter
Figure BDA00031757180900000512
Extract index value hl(xt) The corresponding ciphertext, is represented as follows:
Figure BDA00031757180900000513
wherein the content of the first and second substances,
Figure BDA00031757180900000514
to represent
Figure BDA00031757180900000515
The middle index value is hl(xt) I 2, …, n, n indicates the number of participants.
Step 4, appointing the participant pair k (n-1) ciphertexts
Figure BDA0003175718090000061
And obtaining an aggregation ciphertext by using the homomorphism property of the encryption algorithm TEL, and sending the aggregation ciphertext to other participants.
4.1) appointing the participator to utilize the addition homomorphism of the encryption algorithm TEL to encrypt k (n-1) ciphertexts
Figure BDA0003175718090000062
Multiplying to obtain the element xtCorresponding ciphertext CtExpressed as follows:
Ct=(αtt),
wherein alpha istIs CtThe first portion of ciphertext, represented as:
Figure BDA0003175718090000063
βtis CtThe second portion of the ciphertext, represented as:
Figure BDA0003175718090000064
rijis a group ZqWherein, i is 2, …, n represents the number of participants, j is 1, …, m, m represents the size of the bloom filter;
Figure BDA0003175718090000065
filter for expression bloom
Figure BDA0003175718090000066
The value of the jth position is,
Figure BDA0003175718090000067
4.2) specifying participant utilization floor wtAnd number-by-number homomorphism of the encryption algorithm TEL, for element xtCorresponding ciphertext CtExponentiation is performed to obtain a marked ciphertext
Figure BDA0003175718090000068
Is represented as follows:
Figure BDA0003175718090000069
wherein the content of the first and second substances,
Figure BDA00031757180900000610
for marking ciphertext
Figure BDA00031757180900000611
The first portion of ciphertext, represented as:
Figure BDA00031757180900000612
Figure BDA00031757180900000613
for marking ciphertext
Figure BDA00031757180900000614
The second portion of the ciphertext, represented as:
Figure BDA00031757180900000615
k represents the number of bloom filter hash functions;
n represents the number of participants;
4.3) appointing the participants to use the addition homomorphism of the encryption algorithm TEL to convert v1Individual mark cipher text
Figure BDA00031757180900000616
Multiplying to obtain a polymerText C, as follows:
C=(α,β),
where α is the first portion of the ciphertext of the aggregate ciphertext C, and is expressed as:
Figure BDA00031757180900000617
β is the second partial ciphertext of the aggregate ciphertext C, represented as:
Figure BDA00031757180900000618
and 5, the appointed party and other parties are combined for decryption to obtain a polymerization plaintext, and the polymerization plaintext is recovered to be a single plaintext to complete set intersection.
5.1) other parties all utilize their own private keys skiAnd exponentiating the first part of ciphertext alpha of the aggregation ciphertext C to obtain a part of value required for decryption:
Figure BDA0003175718090000071
and sends it to the designated participant, where i ═ 2, …, n, n denotes the number of participants;
5.2) appointing the participant to get TiThen, use its private key sk1Exponentiating a first part of ciphertext alpha of the aggregated ciphertext C to obtain another part of value required for decryption:
Figure BDA0003175718090000072
then will T1And TiMultiplying to obtain all values rho required for decryption:
Figure BDA0003175718090000073
5.3) the appointed party decrypts the aggregation ciphertext C by using all the values rho required by decryption to obtain an aggregation plaintext mu:
Figure BDA0003175718090000074
wherein, wtRepresenting the cardinality, btRepresenting a single plaintext, bt∈[0,…,k(n-1)];
5.4) appointing the participant to obtain the plaintext b by using a plaintext recovery algorithmtWherein t is 1, …, v1,v1A set of representations X1The size of (2):
referring to fig. 2, the specific implementation of this step is as follows:
5.4.1) let variable t ═ v1
5.4.2) calculating the plaintext corresponding to the variable t: bt=(μ-μmodwt)/wt
5.4.3) calculating the polymerization plaintext corresponding to the residual variable t: mu ═ mu- (w)t·bt);
5.4.2) determining whether the variable t is 1:
if yes, ending the process and outputting bt
Otherwise, let t equal t-1, return 5.4.2).
5.5) appointing the participant to reinitialize an empty set W0And judging a single plaintext btWhether or not it is 0:
if so, the element x is addedtPut into the set W0And (5) outputting a final set W, namely the intersection of the input sets of all the participants.
Otherwise, for the set W0No operation is performed.
The foregoing description is only an example of the present invention and is not intended to limit the invention, so that it will be apparent to those skilled in the art that various changes and modifications in form and detail may be made therein without departing from the spirit and scope of the invention.

Claims (10)

1. A set intersection method for realizing multi-party privacy is characterized by comprising the following steps:
(1) a parameter generation mechanism PG generates parameters (G, q, G) of the encryption algorithm EL, and shares the parameters to all participants, wherein G represents a cyclic group, q represents the order of the cyclic group G, and G represents a generator of the cyclic group G;
(2) all parties generate respective public and private key pairs (pk) according to the parametersi,ski) And discloses a public key pkiPrivate secret key skiThen, a joint public key pk is calculated according to the public keys, wherein i is 1.
(3) The parameter generation mechanism PG generates a public and private key pair (pk) thereof according to the parameters (G, q, G)T,skT) And using the public key required for encrypting the set size
Figure FDA0003175718080000011
Interacting with all participants to obtain the size m of the bloom filter, and finally generating k hash functions h of the bloom filterlAnd the parameter m and the hash function h are combinedlSending the hash function h to all participantslIs sent to a designated participant, wherein pk1A public key representing a given participant, l 1.., k, k representing the number of hash functions;
(4) specifying participants to generate t cardinalities wtWherein t is 11,v1Represents the size of its input set;
(5) the other participants respectively represent the input sets by the bloom filter structure to obtain the respective bloom filters
Figure FDA0003175718080000012
Reuse joint public key pk to bloom filter structure
Figure FDA0003175718080000013
Encrypting to obtain respective encrypted bloom filters
Figure FDA0003175718080000014
And sends it to the designated party;
(6) specifying participants to utilize bloomHash function h of filterlCalculating the element x in its input settFrom the received encrypted bloom filter
Figure FDA0003175718080000015
K (n-1) ciphertexts are extracted from the data
Figure FDA0003175718080000016
Obtaining an aggregation ciphertext by using homomorphism property of an encryption algorithm TEL for the ciphertexts, and sending the aggregation ciphertext to other participants;
(7) and the appointed party and other parties are combined for decryption to obtain a polymerization plaintext, and the polymerization plaintext is recovered to be a single plaintext to complete set intersection.
2. The method of claim 1, wherein all participants in (2) calculate a joint public key pk from the public individual public keys, as follows:
Figure FDA0003175718080000017
wherein, pkiA public key representing the ith participant, i 2, n, n representing the number of participants.
3. The method of claim 1, wherein (3) the parameter generation mechanism PG interacts with all participants to obtain the bloom filter size m as follows:
(3a) the other parties all using the public key
Figure FDA0003175718080000018
For respective input set size viEncrypting to obtain ciphertext
Figure FDA0003175718080000019
And send it to the designated participant, where i ═ 2The number of parties;
(3b) the designated party receives the ciphertext
Figure FDA0003175718080000021
Then, the cipher text is encrypted by using the private key of the user
Figure FDA0003175718080000022
Partially decrypted into
Figure FDA0003175718080000023
Then from group ZqIn which a random number is selected
Figure FDA0003175718080000024
Using the random number
Figure FDA0003175718080000025
Cipher text
Figure FDA0003175718080000026
Re-randomizing to obtain re-randomized cipher text
Figure FDA0003175718080000027
And then the secret is replaced
Figure FDA0003175718080000028
Disorder, and sending to a parameter generation mechanism PG, wherein the group ZqIs a group of integers of order q;
(3c) the parameter generation mechanism PG obtains the scrambled ciphertext
Figure FDA0003175718080000029
Then, the clear text v is obtained by utilizing the private key of the user to decryptiBy comparison of viTo obtain a maximum value vmaxAnd then calculating the size m of the bloom filter:
vmax=max(vi),
Figure FDA00031757180800000210
where k represents the number of hash functions, the symbol
Figure FDA00031757180800000211
Meaning rounding up the values inside the symbol.
4. The method of claim 1, wherein t cardinalities w generated by a given participant in (4)tExpressed as follows:
wt=(k(n-1)+1)t-1
wherein, t is 11,v1Representing the size of the input set of the specified participant, k representing the number of bloom filter hash functions, and n representing the number of participants.
5. The method of claim 1, wherein the other participants in (5) represent respective sets of inputs by a bloom filter structure, resulting in respective bloom filters
Figure FDA00031757180800000212
The method is realized as follows:
(5a) the other participants all have to the element x in their respective input setsζAnd calculating by using k hash functions of the bloom filter to obtain an index value:
h1(xζ),...,hl(xζ),...,hk(xζ),
wherein h isl(xζ) Represents the element xζBy a hash function hlThe calculated index value, ζ ═ 1i,viA set of representations XiK, k denotes the number of hash functions, i 2, n, n denotes the number of participants;
(5b) bloom Filter BF with other participants all generating nulliBF of bloom filteriThe value of each position in (a) is initialized to 1;
(5c) other participants are in the empty bloom filter BF according to the index value obtained in the step (5a)iFinding the corresponding position and changing the value to 0, thereby obtaining the respective bloom filters of other participants
Figure FDA00031757180800000213
Figure FDA00031757180800000214
Wherein the bloom filter
Figure FDA00031757180800000215
The value of the jth position is expressed as:
Figure FDA00031757180800000216
j 1.. m, m represents the size of the bloom filter.
6. The method of claim 1, wherein (5) the other participants obtain respective encrypted bloom filters
Figure FDA0003175718080000031
Is represented as follows:
Figure FDA0003175718080000032
wherein the content of the first and second substances,
Figure FDA0003175718080000033
bloom filters represented as ciphers
Figure FDA0003175718080000034
The j-th position ciphertextJ 1.. m, m denotes the size of the bloom filter, and i 2.. n, n denotes the number of participants.
7. The method of claim 1, wherein the hash function h of (6) specifying that the participant utilizes a bloom filterlCalculating the element x in its input settIndex value of (d):
h1(xt),...,hl(xt),...,hk(xt),
wherein h isl(xt) Represents the element xtAt the hash function hlIndex value of 1, t1,v1A set of representations X1K, k denotes the number of hash functions.
8. The method of claim 1, wherein the (6) specifies that the participant is from an encrypted bloom filter
Figure FDA0003175718080000035
Extract index value hl(xt) The corresponding ciphertext, is represented as follows:
Figure FDA0003175718080000036
wherein the content of the first and second substances,
Figure FDA0003175718080000037
to represent
Figure FDA0003175718080000038
The middle index value is hl(xt) K, k denotes the number of hash functions, t 11,v1A set of representations X1N, n represents the number of participants.
9. The method of claim 1, wherein the designated participant pairs of k (n-1) ciphertext of (6)
Figure FDA0003175718080000039
Obtaining an aggregation ciphertext by using the homomorphism property of the encryption algorithm TEL, and realizing the following steps:
(6a) appointing the participants to use the addition homomorphism of the encryption algorithm TEL to encrypt k (n-1) ciphertexts
Figure FDA00031757180800000310
Multiplying to obtain the element xtCorresponding ciphertext CtExpressed as follows:
Ct=(αt,βt),
wherein alpha istIs CtThe first portion of ciphertext, represented as:
Figure FDA00031757180800000311
βtis CtThe second portion of the ciphertext, represented as:
Figure FDA00031757180800000312
rijis a group ZqN, n represents the number of participants, j represents 1, the.
Figure FDA00031757180800000313
Filter for expression bloom
Figure FDA00031757180800000314
The value of the jth position is,
Figure FDA00031757180800000315
t=1,...,v1,v1a set of representations X1The size of (d);
(6b) specifying participant utilization cardinality wtAnd number-by-number homomorphism of the encryption algorithm TEL, for element xtCorresponding ciphertext CtExponentiation is performed to obtain a marked ciphertext
Figure FDA0003175718080000041
Is represented as follows:
Figure FDA0003175718080000042
wherein the content of the first and second substances,
Figure FDA00031757180800000412
for marking ciphertext
Figure FDA0003175718080000043
The first portion of ciphertext, represented as:
Figure FDA00031757180800000413
Figure FDA00031757180800000414
for marking ciphertext
Figure FDA0003175718080000044
The second portion of the ciphertext, represented as:
Figure FDA00031757180800000415
k represents the number of bloom filter hash functions;
n represents the number of participants;
(6c) specifying participants to use the addition homomorphism of the encryption algorithm TEL to convert v1Individual mark cipher text
Figure FDA0003175718080000045
Multiplying to obtain an aggregate ciphertext C, represented as follows:
C=(α,β),
where α is the first portion of the ciphertext of the aggregate ciphertext C, and is expressed as:
Figure FDA0003175718080000046
β is the second partial ciphertext of the aggregate ciphertext C, represented as:
Figure FDA0003175718080000047
10. the method according to claim 1, characterized in that the implementation of (7) is as follows:
(7a) other parties all utilize their own private keys skiAnd exponentiating the first part of ciphertext alpha of the aggregation ciphertext C to obtain a part of value required for decryption:
Figure FDA0003175718080000048
and send it to the designated participants, where i ═ 2.., n, n represents the number of participants;
(7b) designating a participant to get TiThen, use its private key sk1Exponentiating a first part of ciphertext alpha of the aggregated ciphertext C to obtain another part of value required for decryption:
Figure FDA0003175718080000049
then will T1And TiMultiplication to obtain all values p required for decryption:
Figure FDA00031757180800000410
(7c) and the appointed party decrypts the aggregation ciphertext C by using all the values rho required by decryption to obtain an aggregation plaintext mu:
Figure FDA00031757180800000411
wherein, wtRepresenting the cardinality, btRepresenting a single plaintext, bt∈[0,...,k(n-1)];
(7d) The appointed participator obtains a single plaintext b by using a plaintext recovery algorithmtReinitializing an empty set W0And judging a single plaintext btWhether or not it is 0:
if so, the element x is addedtPut into the set W0And (5) outputting a final set W, namely the intersection of the input sets of all the participants.
Otherwise, for the set W0No operation is performed.
CN202110833610.XA 2021-07-22 2021-07-22 Set intersection method for realizing multi-party privacy Active CN113518092B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110833610.XA CN113518092B (en) 2021-07-22 2021-07-22 Set intersection method for realizing multi-party privacy

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110833610.XA CN113518092B (en) 2021-07-22 2021-07-22 Set intersection method for realizing multi-party privacy

Publications (2)

Publication Number Publication Date
CN113518092A true CN113518092A (en) 2021-10-19
CN113518092B CN113518092B (en) 2022-08-26

Family

ID=78067662

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110833610.XA Active CN113518092B (en) 2021-07-22 2021-07-22 Set intersection method for realizing multi-party privacy

Country Status (1)

Country Link
CN (1) CN113518092B (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113901501A (en) * 2021-10-20 2022-01-07 苏州斐波那契信息技术有限公司 Private domain user image expansion method based on federal learning
CN114520721A (en) * 2022-03-22 2022-05-20 杭州博盾习言科技有限公司 Multi-party secure computation privacy intersection method, device, equipment and storage medium
CN114553593A (en) * 2022-03-22 2022-05-27 杭州博盾习言科技有限公司 Multi-party secure computation privacy intersection method, device, equipment and storage medium
CN114884675A (en) * 2022-04-29 2022-08-09 杭州博盾习言科技有限公司 Multi-party privacy intersection method, device, equipment and medium based on bit transmission
CN115396144A (en) * 2022-07-20 2022-11-25 北京冲量在线科技有限公司 Multi-party privacy intersection scheme based on trusted execution environment and distributed data intersection algorithm
CN115396148A (en) * 2022-07-22 2022-11-25 西安邮电大学 Privacy protection list query method, system, medium, equipment and terminal
CN115422581A (en) * 2022-08-30 2022-12-02 北京火山引擎科技有限公司 Data processing method and device
CN117454432A (en) * 2023-12-20 2024-01-26 暨南大学 Privacy protection association rule mining method in distributed environment

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130010950A1 (en) * 2011-07-08 2013-01-10 Sap Ag Public-Key Encrypted Bloom Filters With Applications To Private Set Intersection
CN109104413A (en) * 2018-07-17 2018-12-28 中国科学院计算技术研究所 The method and verification method that private data for multi-party computations seeks common ground
CN109495465A (en) * 2018-11-05 2019-03-19 河南师范大学 Privacy set intersection method based on intelligent contract
CN109951443A (en) * 2019-01-28 2019-06-28 湖北工业大学 The set intersection calculation method and system of secret protection under a kind of cloud environment
CN110719159A (en) * 2019-09-24 2020-01-21 河南师范大学 Multi-party privacy set intersection method for resisting malicious enemies
CN111641603A (en) * 2020-05-15 2020-09-08 北京青牛技术股份有限公司 Privacy set intersection data interaction method and system based on homomorphic encryption
CN111931207A (en) * 2020-08-07 2020-11-13 北京百度网讯科技有限公司 Method, device and equipment for obtaining privacy set intersection and storage medium
CN112966283A (en) * 2021-03-19 2021-06-15 西安电子科技大学 PPARM (vertical partition data parallel processor) method for solving intersection based on multi-party set

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130010950A1 (en) * 2011-07-08 2013-01-10 Sap Ag Public-Key Encrypted Bloom Filters With Applications To Private Set Intersection
CN109104413A (en) * 2018-07-17 2018-12-28 中国科学院计算技术研究所 The method and verification method that private data for multi-party computations seeks common ground
CN109495465A (en) * 2018-11-05 2019-03-19 河南师范大学 Privacy set intersection method based on intelligent contract
CN109951443A (en) * 2019-01-28 2019-06-28 湖北工业大学 The set intersection calculation method and system of secret protection under a kind of cloud environment
CN110719159A (en) * 2019-09-24 2020-01-21 河南师范大学 Multi-party privacy set intersection method for resisting malicious enemies
CN111641603A (en) * 2020-05-15 2020-09-08 北京青牛技术股份有限公司 Privacy set intersection data interaction method and system based on homomorphic encryption
CN111931207A (en) * 2020-08-07 2020-11-13 北京百度网讯科技有限公司 Method, device and equipment for obtaining privacy set intersection and storage medium
CN112966283A (en) * 2021-03-19 2021-06-15 西安电子科技大学 PPARM (vertical partition data parallel processor) method for solving intersection based on multi-party set

Non-Patent Citations (5)

* Cited by examiner, † Cited by third party
Title
LEYOU ZHANG,ETC: "Privacy-Preserving Multi-Authority Attribute-Based Data Sharing Framework for Smart Grid", 《IEEE》 *
万盛等: "基于布隆过滤器的轻量级隐私信息匹配方案", 《通信学报》 *
唐春明等: "隐私保护集合交集计算协议", 《信息网络安全》 *
李习习等: "基于全同态加密的安全多方计算探讨", 《电脑知识与技术》 *
窦家维等: "高效的集合安全多方计算协议及应用", 《计算机学报》 *

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113901501B (en) * 2021-10-20 2022-11-08 苏州斐波那契信息技术有限公司 Private domain user image expansion method based on federal learning
CN113901501A (en) * 2021-10-20 2022-01-07 苏州斐波那契信息技术有限公司 Private domain user image expansion method based on federal learning
CN114520721A (en) * 2022-03-22 2022-05-20 杭州博盾习言科技有限公司 Multi-party secure computation privacy intersection method, device, equipment and storage medium
CN114553593A (en) * 2022-03-22 2022-05-27 杭州博盾习言科技有限公司 Multi-party secure computation privacy intersection method, device, equipment and storage medium
CN114520721B (en) * 2022-03-22 2024-03-29 杭州博盾习言科技有限公司 Multiparty secure computing privacy exchange method, device, equipment and storage medium
CN114884675B (en) * 2022-04-29 2023-12-05 杭州博盾习言科技有限公司 Multi-party privacy intersection method, device, equipment and medium based on bit transmission
CN114884675A (en) * 2022-04-29 2022-08-09 杭州博盾习言科技有限公司 Multi-party privacy intersection method, device, equipment and medium based on bit transmission
CN115396144B (en) * 2022-07-20 2023-12-05 北京冲量在线科技有限公司 Multiparty privacy intersection scheme based on trusted execution environment and distributed data intersection algorithm
CN115396144A (en) * 2022-07-20 2022-11-25 北京冲量在线科技有限公司 Multi-party privacy intersection scheme based on trusted execution environment and distributed data intersection algorithm
CN115396148A (en) * 2022-07-22 2022-11-25 西安邮电大学 Privacy protection list query method, system, medium, equipment and terminal
CN115396148B (en) * 2022-07-22 2024-04-12 西安邮电大学 Privacy-protected list query method, system, medium, equipment and terminal
CN115422581A (en) * 2022-08-30 2022-12-02 北京火山引擎科技有限公司 Data processing method and device
CN115422581B (en) * 2022-08-30 2024-03-08 北京火山引擎科技有限公司 Data processing method and device
CN117454432A (en) * 2023-12-20 2024-01-26 暨南大学 Privacy protection association rule mining method in distributed environment
CN117454432B (en) * 2023-12-20 2024-04-09 暨南大学 Privacy protection association rule mining method in distributed environment

Also Published As

Publication number Publication date
CN113518092B (en) 2022-08-26

Similar Documents

Publication Publication Date Title
CN113518092B (en) Set intersection method for realizing multi-party privacy
CN105847629B (en) A kind of reversible information hidden method of encrypted image
CN106961336B (en) A kind of key components trustship method and system based on SM2 algorithm
Almaiah et al. A new hybrid text encryption approach over mobile ad hoc network
Torkaman et al. Innovative approach to improve hybrid cryptography by using DNA steganography
Rahim et al. Study of three pass protocol on data security
CN101977112B (en) Public key cipher encrypting and decrypting method based on neural network chaotic attractor
CN105763528B (en) The encryption device of diversity person's anonymity under a kind of mixed mechanism
CN102546600A (en) Deputy-based encryption, decryption method, network equipment, network device and system
CN107135062A (en) A kind of encryption method of improved big file
CN104320393A (en) Effective attribute base agent re-encryption method capable of controlling re-encryption
Abusukhon et al. New direction of cryptography: A review on text-to-image encryption algorithms based on RGB color value
CN107086912B (en) Ciphertext conversion method, decryption method and system in heterogeneous storage system
CN108400862A (en) A kind of intelligent power trusted end-user data fusion encryption method
Gabriel et al. Post-quantum crystography: a combination of post-quantum cryptography and steganography
CN117118617A (en) Distributed threshold encryption and decryption method based on mode component homomorphism
CN115994559A (en) Efficient method for converting unintentional neural network
CN107241191A (en) A kind of anti-key clone, key abuse based on encryption attribute method
CN108737443B (en) Method for hiding mail address based on cryptographic algorithm
CN114629717B (en) Data processing method, device, system, equipment and storage medium
CN116561799A (en) Multiparty privacy set operation method based on cloud server
CN112637442B (en) Method and device for encrypting circulating images by cloud server and local end
Reddy et al. Image encryption using orthogonal Hill Cipher algorithm
Zhou et al. A survey of security aggregation
CN111431711B (en) Lightweight CPABE method for fixing key length

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant