CN113626871A - Two-party multi-branch condition implementation method and system for protecting private data - Google Patents

Two-party multi-branch condition implementation method and system for protecting private data Download PDF

Info

Publication number
CN113626871A
CN113626871A CN202111014694.0A CN202111014694A CN113626871A CN 113626871 A CN113626871 A CN 113626871A CN 202111014694 A CN202111014694 A CN 202111014694A CN 113626871 A CN113626871 A CN 113626871A
Authority
CN
China
Prior art keywords
party
comparison
fragment
private data
branch
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111014694.0A
Other languages
Chinese (zh)
Inventor
赵原
殷山
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alipay Hangzhou Information Technology Co Ltd
Original Assignee
Alipay Hangzhou Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alipay Hangzhou Information Technology Co Ltd filed Critical Alipay Hangzhou Information Technology Co Ltd
Priority to CN202111014694.0A priority Critical patent/CN113626871A/en
Publication of CN113626871A publication Critical patent/CN113626871A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F7/00Methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F7/38Methods or arrangements for performing computations using exclusively denominational number representation, e.g. using binary, ternary, decimal representation
    • G06F7/48Methods or arrangements for performing computations using exclusively denominational number representation, e.g. using binary, ternary, decimal representation using non-contact-making devices, e.g. tube, solid state device; using unspecified devices
    • G06F7/544Methods or arrangements for performing computations using exclusively denominational number representation, e.g. using binary, ternary, decimal representation using non-contact-making devices, e.g. tube, solid state device; using unspecified devices for evaluating functions by calculation

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Computing Systems (AREA)
  • Computational Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Pure & Applied Mathematics (AREA)
  • Mathematical Optimization (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The embodiment of the specification provides a two-party multi-branch condition implementation method and a two-party multi-branch condition implementation system for protecting private data, which are implemented by adopting multi-party secure computation, such as a garbled circuit. The method comprises the following steps: the first party and the second party respectively obtain the fragments of the comparison results corresponding to the N branch conditions; and taking the (N + 1) th numerical value as an initial value of the intermediate result, and respectively executing N rounds of selection processing on the rest N numerical values according to the sequence from back to front, wherein each round of selection processing comprises the following steps: the first party and the second party respectively take the local fragment of the current numerical value and the intermediate result of the previous round as the fragment of the object to be selected, take the fragment of the comparison result corresponding to the current numerical value as the selection bit fragment, input the selection operator of the two parties, and select the intermediate result of the current round from the current numerical value and the intermediate result of the previous round according to the comparison result; and respectively outputting the fragments corresponding to the intermediate results after the N rounds of selection processing to the first party and the second party. The two-party multi-branch condition can be realized on the premise of protecting the private data.

Description

Two-party multi-branch condition implementation method and system for protecting private data
Technical Field
One or more embodiments of the present description relate to the field of computers, and more particularly, to a two-party multi-branch conditional implementation method and system for protecting private data.
Background
The secure multi-party computation is also called multi-party secure computation, namely, a plurality of parties compute the result of a function together without revealing the input data of each party of the function, and the computed result is disclosed to one or more parties. Where the input data for the parties is often private data.
The two-party multi-branch condition is one of basic operation functions of user operation logic in secure multi-party computing, and is used for returning a numerical value corresponding to an established branch condition from N +1 numerical values arranged in sequence according to the established branch condition in N sequentially executed branch conditions, wherein any branch condition comprises size comparison of privacy data held by the two parties respectively.
Disclosure of Invention
One or more embodiments of the present specification describe a method and a system for implementing a two-party multi-branch condition for protecting private data, which can implement the two-party multi-branch condition on the premise of protecting the private data.
In a first aspect, a two-party multi-branch condition implementation method for protecting privacy data is provided, which is used for returning a numerical value corresponding to an established branch condition from N +1 numerical values arranged in sequence according to the established branch condition in N sequentially executed branch conditions, wherein any branch condition comprises size comparison of privacy data held by a first party and a second party respectively; the method comprises the following steps:
the first party and the second party respectively obtain the fragments of the comparison result of each branch condition in the N branch conditions;
and taking the (N + 1) th numerical value as an initial value of the intermediate result, and respectively executing N rounds of selection processing on the rest N numerical values according to the sequence from back to front, wherein each round of selection processing comprises the following steps: the first party and the second party respectively take the current numerical value and the local fragment of the intermediate result of the previous round as the fragments of the object to be selected, take the fragment of the comparison result of the branch condition corresponding to the current numerical value as the selection bit fragment, input the fragment into a two-party selection operator, and select one of the current numerical value and the intermediate result of the previous round as the intermediate result of the current round by the two-party selection operator according to the comparison result;
and respectively outputting the fragments corresponding to the intermediate results after the N rounds of selection processing to a first party and a second party.
In a possible implementation, the first party has N private data in a first private data set, the second party has N private data in a second private data set, and the comparison result is characterized based on whether a preset comparison relationship is satisfied between the first private data in the first private data set and the second private data in the second private data set.
Further, the preset comparison relationship includes at least one of:
less than, less than or equal to, greater than or equal to, greater than.
Further, the obtaining, by the first party and the second party, the slice of the comparison result of each of the N branch conditions by the first party and the second party respectively includes:
for each of the N branch conditions, performing the following comparison process:
and the first party and the second party jointly perform multi-party security calculation by utilizing the private data which are respectively held, the first party obtains a first fragment of the comparison result of the branch condition, and the second party obtains a second fragment of the comparison result of the branch condition.
Further, the multi-party security computation comprises:
the first party inputs first privacy data held by the first party into a two-party comparison operator, the second party inputs second privacy data held by the second party into the two-party comparison operator, the two-party comparison operator compares the first privacy data with the second privacy data, the first party obtains a first fragment of a comparison result of whether the preset comparison relationship is established, and the second party obtains a second fragment of the comparison result.
Furthermore, the comparison processing corresponding to each branch condition adopts a parallel execution mode.
In a possible embodiment, the N +1 th value is a value returned when none of the N branch conditions is satisfied.
In one possible embodiment, the N +1 values in the sequence belong to values corresponding to the same variable in N +1 arrays in the sequence, each array being composed of the same number of values corresponding to different variables.
In one possible implementation, the two-party selection operator is implemented based on a multi-party secure computing technique.
Further, the multi-party secure computing technology comprises at least one of:
secret sharing, garbled circuits, inadvertent transmission, GMW.
In a second aspect, a two-party multi-branch condition implementation system for protecting private data is provided, configured to, according to an established branch condition of N sequentially executed branch conditions, return a value corresponding to the established branch condition from N +1 values arranged in order, where any branch condition includes a size comparison of private data held by each of a first party and a second party; the system comprises:
the first party and the second party are used for respectively obtaining the fragments of the comparison result of each branch condition in the N branch conditions;
the first party and the second party are further configured to, with the N +1 th numerical value as an initial value of the intermediate result, respectively perform N rounds of selection processing on the remaining N numerical values in order from back to front, where each round of selection processing includes: the first party and the second party respectively take the current numerical value and the local fragment of the intermediate result of the previous round as the fragments of the object to be selected, take the fragment of the comparison result of the branch condition corresponding to the current numerical value as the selection bit fragment, input the fragment into a two-party selection operator, and select one of the current numerical value and the intermediate result of the previous round as the intermediate result of the current round by the two-party selection operator according to the comparison result;
the first party and the second party are further configured to obtain the slices corresponding to the intermediate results after the N-round selection processing, respectively.
In a third aspect, there is provided a computer readable storage medium having stored thereon a computer program which, when executed in a computer, causes the computer to perform the method of the first aspect.
In a fourth aspect, there is provided a computing device comprising a memory having stored therein executable code and a processor that, when executing the executable code, implements the method of the first aspect.
By the method and the system provided by the embodiment of the specification, firstly, the first party and the second party respectively obtain the fragment of the comparison result of each branch condition in the N branch conditions; then, taking the (N + 1) th numerical value as an initial value of an intermediate result, and respectively executing N rounds of selection processing on the rest N numerical values in the order from back to front, wherein each round of selection processing comprises the following steps: the first party and the second party respectively take the current numerical value and the local fragment of the intermediate result of the previous round as the fragments of the object to be selected, take the fragment of the comparison result of the branch condition corresponding to the current numerical value as the selection bit fragment, input the fragment into a two-party selection operator, and select one of the current numerical value and the intermediate result of the previous round as the intermediate result of the current round by the two-party selection operator according to the comparison result; and finally, respectively outputting the fragments corresponding to the intermediate results after the N rounds of selection processing to the first party and the second party. As can be seen from the above, in the embodiments of the present specification, after the first party and the second party obtain the fragments of the comparison result of each branch condition, the two parties select operators, and perform N rounds of two-out-of-one processing on the N +1 numerical values according to the sequence from back to front, so that the two parties multi-branch condition can be implemented on the premise of protecting the private data.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
FIG. 1 is a schematic diagram illustrating an implementation scenario of an embodiment disclosed herein;
FIG. 2 illustrates a two-party multi-branch conditional implementation interaction diagram of protecting private data, according to one embodiment;
FIG. 3 illustrates a schematic block diagram of a two-party multi-branch conditional implementation apparatus that protects private data, according to one embodiment;
FIG. 4 illustrates a schematic block diagram of a two-party multi-branch conditional implementation system that protects private data, according to one embodiment.
Detailed Description
The scheme provided by the specification is described below with reference to the accompanying drawings.
Fig. 1 is a schematic view of an implementation scenario of an embodiment disclosed in this specification. This implementation scenario involves the implementation of a two-party multi-branch condition that protects private data. In the prior art, N branch conditions are usually executed sequentially, and when a certain branch condition is satisfied, a numerical value corresponding to the satisfied branch condition is returned from N +1 numerical values arranged in order, wherein any one branch condition includes a comparison of the sizes of private data held by each of the first party and the second party. Referring to fig. 1, a first party and a second party each have N private data for constructing N branch conditions, the first party has N private data of a0 and … a (N-1), the second party has N private data of b0 and … b (N-1), each branch condition corresponds to a value returned when the branch condition is satisfied, the N branch conditions do not satisfy the value returned, N +1 possible returned values are total and can be represented as c0 and … cN, the N +1 values are provided by the first party or the second party, the returned values after the multi-branch condition is executed are distributed in the first party and the second party in a form of fragments, the fragment of the value obtained by the first party is denoted as r0, the fragment of the value obtained by the second party is denoted as r1, and the sum of r0 and r1 is the returned value.
It is understood that the above numerical fragmentation belongs to the additive fragmentation. Add-split (ADDShare), one number modulo 2nThe integer ring of the space is divided into two addition slices by subtraction, and the two addition slices are modulo 2nThe original number can be obtained by adding the integer ring of the space, and two parties respectively have an adding fragment. The add slices are unsigned numbers.
The branch condition includes a comparison operation, which may be <, >, or the like, and taking the comparison operation included in each branch condition as < as an example, the multi-branch condition may be used to complete the following calculation:
Figure BDA0003239436050000041
it is understood that the above-mentioned multi-branch condition includes N branch conditions executed in sequence, the first branch condition is a0< b0, if a0< b0 is true, the returned value is c0, and the subsequent branch condition is not executed, if a0< b0 is not true, the second branch condition is executed; the second branch condition is a1< b1, if a1< b1 holds, the returned value is c1 and no subsequent branch condition is performed, if a1< b1 does not hold, the third branch condition is performed; … …, respectively; the nth branch condition is a (N-1) < b (N-1), if a (N-1) < b (N-1) is true, the returned value is c (N-1), and if a (N-1) < b (N-1) is false, the returned value is cN.
In the embodiment of the present specification, N branch conditions are not sequentially executed, but each branch condition is executed in parallel first, and a comparison result of each branch condition is obtained. Based on these comparison results, N rounds of selection processing are performed, resulting in one value of c0, … cN. This value will of course be present in the first and second party in the form of a slice.
The implementation of the present invention will be described in detail based on fig. 2.
Fig. 2 is an interaction diagram illustrating a two-party multi-branch condition implementation method for protecting privacy data according to an embodiment, which may be based on the implementation scenario illustrated in fig. 1, and is configured to return, from N +1 numerical values arranged in sequence, a numerical value corresponding to an established branch condition according to the established branch condition among N sequentially executed branch conditions, where any branch condition includes a comparison of sizes of privacy data held by a first party and a second party. As shown in fig. 2, the two-party multi-branch conditional implementation method for protecting privacy data in this embodiment includes the following steps: step 21, the first party and the second party respectively obtain the fragments of the comparison result of each branch condition in the N branch conditions; step 22, the first party and the second party use the (N + 1) th numerical value as an initial value of the intermediate result, and respectively execute N rounds of selection processing on the remaining N numerical values according to the sequence from back to front, wherein each round of selection processing comprises: the first party and the second party respectively take the current numerical value and the local fragment of the intermediate result of the previous round as the fragments of the object to be selected, take the fragment of the comparison result of the branch condition corresponding to the current numerical value as the selection bit fragment, input the fragment into a two-party selection operator, and select one of the current numerical value and the intermediate result of the previous round as the intermediate result of the current round by the two-party selection operator according to the comparison result; and step 23, the first party and the second party respectively obtain the fragments corresponding to the intermediate results after the N rounds of selection processing. Specific execution modes of the above steps are described below.
First, in step 21, the first party and the second party obtain a slice of the comparison result for each of the N branch conditions, respectively. It is understood that any branch condition includes comparison of the size of the private data held by the first party and the second party, and in order to protect the private data, the comparison result may be determined in a manner of multi-party secure computation, and the first party and the second party are enabled to obtain the fragment of the comparison result.
In one example, the first party has N private data in a first private data set, the second party has N private data in a second private data set, and the comparison result is characterized based on whether a preset comparison relationship is satisfied between the first private data in the first private data set and the second private data in the second private data set.
Further, the preset comparison relationship includes at least one of:
less than, less than or equal to, greater than or equal to, greater than.
In an embodiment of the present description, each of the N branch conditions may correspond to the same preset comparison relationship, for example, all of the N branch conditions are smaller, or may correspond to different preset comparison relationships, for example, one branch condition corresponds to a preset comparison relationship smaller than the other branch condition corresponds to a preset comparison relationship larger than the other branch condition.
Further, the obtaining, by the first party and the second party, the slice of the comparison result of each of the N branch conditions by the first party and the second party respectively includes:
for each of the N branch conditions, performing the following comparison process:
and the first party and the second party jointly perform multi-party security calculation by utilizing the private data which are respectively held, the first party obtains a first fragment of the comparison result of the branch condition, and the second party obtains a second fragment of the comparison result of the branch condition.
Further, the multi-party security computation comprises:
the first party inputs first privacy data held by the first party into a two-party comparison operator, the second party inputs second privacy data held by the second party into the two-party comparison operator, the two-party comparison operator compares the first privacy data with the second privacy data, the first party obtains a first fragment of a comparison result of whether the preset comparison relationship is established, and the second party obtains a second fragment of the comparison result. The operator in this specification provides a programming call interface for realizing a certain basic function of multi-party secure computation, and the operator can be a function of multiplication, addition, comparison, selection and the like, and can be realized based on multi-party secure computation technologies such as secret sharing, a garbled circuit, careless transmission and the like.
Wherein, the two-way comparison operator: the method realizes comparison of one number of each input of two parties and outputs the fragment of the comparison result bit, and operators can be realized by technologies such as a garbled circuit, GMW and the like. Is formulated as follows: and [ s ] represents a slice format, for example, s is 1 when a and b satisfy a preset comparison relationship, and s is 0 when a and b do not satisfy the preset comparison relationship.
Furthermore, the comparison processing corresponding to each branch condition adopts a parallel execution mode.
GMW (Goldreich-Micali-Wigderson) is a two-party secure multi-party computing protocol, a Boolean circuit of a computing function is realized, bits on each line of the GMW are exclusive-OR fragments of two parties, namely, each party holds one bit on the line, the exclusive-OR of the two bits is a true value on the line, the GMW computes each gate, the exclusive-OR gate directly and locally computes, and the AND gate is executed by careless transmission. GMW implements a boolean circuit, the number of rounds of interaction between the two parties, i.e., the execution delay, is determined by the depth of the and gate in the circuit. The depth of an AND gate refers to the longest path of the AND gate for the data in the circuit.
Then, in step 22, the first party and the second party use the (N + 1) th numerical value as an initial value of the intermediate result, and perform N rounds of selection processing on the remaining N numerical values respectively in the order from back to front, wherein each round of selection processing includes: and the first party and the second party respectively take the current numerical value and the local fragment of the intermediate result of the previous round as the fragments of the object to be selected, take the fragment of the comparison result of the branch condition corresponding to the current numerical value as the selection bit fragment, input the fragment into a two-party selection operator, and select one of the current numerical value and the intermediate result of the previous round as the intermediate result of the current round by the two-party selection operator according to the comparison result. It is to be understood that the above-described N-round selection processing is performed in reverse order of the execution of the normal multi-branch condition, and the N-round selection processing is performed in the order from the rear to the front, so as to realize the sequential execution of the multi-branch condition.
The following describes the execution process of the N-round selection process by taking a specific multi-branch condition as an example, where the multi-branch condition is as follows:
Figure BDA0003239436050000071
corresponding to the multi-branch condition, N +1 possible returned values are arranged in the order of c0, c1 … … c (N-1) and cN, the N round selection processing selects one of the value corresponding to the branch condition and the intermediate result of the previous round as the intermediate result of the round according to the comparison result corresponding to each branch condition in the sequence from back to front, the initial value of the intermediate result is cN, and the intermediate result after the N round selection processing is the value returned by the final multi-branch condition. That is, first, a value is selected from c (N-1) and cN as the intermediate result of the present round according to whether a (N-1) < b (N-1) is true, c (N-1) is selected as the intermediate result of the present round when a (N-1) < b (N-1) is true, and cN is selected as the intermediate result of the present round when a (N-1) < b (N-1) is not true; then according to whether a (N-2) < b (N-2) is established, selecting a numerical value from c (N-2) and the intermediate result of the previous round as the intermediate result of the current round, taking the intermediate result of the previous round as c (N-1) as an example, when a (N-2) < b (N-2) is established, selecting c (N-2) as the intermediate result of the current round, and when a (N-2) < b (N-2) is not established, selecting c (N-1) as the intermediate result of the current round; … … finally, according to whether a0< b0 is satisfied, one value is selected from the intermediate results of c0 and the previous round as the intermediate result of the current round, because the N-1 round selection processing has already been performed, the intermediate result of the previous round has many possible values according to the difference of the comparison results of the branch conditions, the intermediate result of the previous round is c1 as an example, when a0< b0 is satisfied, c0 is selected as the intermediate result of the current round, when a0< b0 is not satisfied, c1 is selected as the intermediate result of the current round, so far, the N round selection processing is finished, and the intermediate result after the N round selection processing is the value returned by the final multi-branch condition.
In one example, the N +1 th numerical value is a numerical value returned when none of the N branch conditions is satisfied.
Wherein, operators are selected by two parties: an operator realizes the selection of two sides according to a selection bit fragment and outputs a selection result fragment, and the operator can be realized by a multi-party safety technology such as a garbled circuit, careless transmission and the like. Is formulated as follows: a and b are candidate objects, which may be provided by one party, e.g., a and b provided by a first party; it may also be provided by two parties, e.g. a by a first party and b by a second party. And [ s ] and [ r ] represent the slicing form, [ s ] is selection bit slicing, [ r ] is selection result slicing, and the addition slicing for selecting and outputting the selection result is performed on the input data of the two sides according to the selection bit slicing. For example, when s is 1, the result is selected to be b; when s is 0, the result is a.
In addition, it can be understood that if the a or b is input to the two-party selection operator in the form of a fragment, the fragments may be merged to obtain original data, and then the selection process is performed.
In one example, the two-party selection operator is implemented based on a multi-party secure computing technique. Typically involving local computation and two-party communication.
Further, the multi-party secure computing technology comprises at least one of:
secret sharing, garbled circuits, inadvertent transmission, GMW.
The above N-round selection process will be described below as an example.
As an example, the multi-branch condition includes 3 branch conditions, that is, N is 3, and the multi-branch condition has only one set of N +1 values arranged in sequence, which is as follows:
Figure BDA0003239436050000081
wherein s0, s1 and s2 can be understood as comparison results corresponding to three branch conditions respectively, and the comparison results can be determined by two comparison operators, for example, the branch condition corresponding to s0 is a0< b0, and s0 can be obtained by inputting a0 and b0 into the two comparison operators; s1, the corresponding branch condition is a1< b1, and s1 can be obtained by inputting a1 and b1 into two comparison operators; s2 has a branch condition of a2 < b2, and s2 is obtained by inputting a2 and b2 into a two-way comparator. In the embodiment of the present specification, the value of the comparison result is 0 or 1, where 0 represents that the corresponding branch condition is satisfied, and 1 represents that the corresponding branch condition is not satisfied; alternatively, 0 indicates that the corresponding branch condition is not satisfied, and 1 indicates that the corresponding branch condition is satisfied. It is noted that s0, s1 and s2 are usually present in fragmented form on the first and second parties.
After determining the above s0, s1, and s2, a value may be selected from w0, w1, w2, and w3 by the aforementioned N-round selection processing, and the value is returned as a value after the execution of the multi-branch condition. Each round of selection processing in the N rounds of selection processing can be realized by two-party selection operators, wherein w3, w2 and s2 are firstly input into the two-party selection operators, and the two-party selection operators select one of w3 and w2 as a numerical value of a variable T according to the condition that s2 is 0 or 1, wherein T corresponds to the intermediate result and is expressed as T-select (w3, w2, s2) through a formula; t, w1 and s1 are then input into a two-party selection operator, which selects one of T and w1 as the value of variable T, depending on whether s1 is 0 or 1, where T corresponds to the aforementioned intermediate result, expressed by the formula T-select (T, w1, s 1); finally T, w0 and s0 are input into a two-party selection operator, the two-party selection operator selects one of T and w0 as the value of the variable x0 according to the condition that s0 is 0 or 1, wherein x0 corresponds to the variable to be assigned by the multi-branch condition and is expressed as x 0-select (T, w0, s0) through the formula.
In this example, the above two-party multi-branch condition is implemented with a set of operators, including N two-party comparison operators and N two-party selection operators, and may be computed in parallel in a certain manner.
In the embodiment of the present specification, each branch condition included in the multi-branch condition may correspond to only one numerical value, or may correspond to a plurality of numerical values, that is, the multi-branch condition may have only one set of N +1 numerical values arranged in sequence, or may have a plurality of sets of N +1 numerical values arranged in sequence. When there are a plurality of groups of N +1 numerical values arranged in sequence, the method may be configured to return the numerical value corresponding to the established branch condition from the respective groups of N +1 numerical values arranged in sequence, where, for the N +1 numerical values of each group, it is not necessary to repeatedly determine the comparison result corresponding to the branch condition, and the comparison result may be determined only once.
In one example, the N +1 values in the sequence belong to values corresponding to the same variable in N +1 arrays in the sequence, each array being composed of the same number of values corresponding to different variables. For example, N takes the value of 3, N +1 arrays in sequence are { w0, u0}, { w1, u1}, { w2, u2}, { w3, u3}, each array comprising 2 values, wherein the first value in the array corresponds to the variable x0 and the second value in the array corresponds to the variable x1, i.e., the values w0, w1, w2, w3 correspond to the variable x0 and the values u0, u1, u2, u3 correspond to the variable x 1. It is understood that each variable has a specific meaning, e.g., representing revenue, expense, etc., and each value is assigned to the variable, i.e., a value is assigned a specific meaning.
The following describes a case where one branch condition corresponds to a plurality of values by way of an example.
Example two, the multi-branch condition includes 3 branch conditions, that is, N is 3, and the multi-branch condition has two sets of N +1 values arranged in sequence, which are as follows:
Figure BDA0003239436050000101
the comparison results in the three branch conditions can be determined by two comparison operators, and are [ s0] ═ cmp (a0, b0), a0 and b0 are private data of the size to be compared, and s0 is the comparison result; [ s1] ═ cmp (a1, b1), a1 and b1 are private data whose sizes need to be compared, and s1 is the comparison result; [ s2] ═ cmp (a2, b2), a2 and b2 are private data whose sizes need to be compared, and s2 is the comparison result.
A first group of N +1 values arranged in sequence is w0, w1, w2 and w3, the N round selection processing for the group of values can be realized by two-party selection operators, namely T (w3, w2 and s2), and one value is selected from w3 and w2 as the value of the variable T according to the s2 being 0 or 1; t-select (T, w1, s1), one of T and w1 as the value of variable T, depending on whether s1 is 0 or 1; x 0-select (T, w0, s0), which is 0 or 1 according to s0, and one of T and w0 is selected as the value of variable x 0; it will be appreciated that T corresponds to the aforementioned intermediate result.
A second group of N +1 values arranged in sequence is u0, u1, u2 and u3, the N-round selection process for the group of values can be realized by two-party selection operators, namely T1 ═ select (u3, u2, s2), one of u3 and u2 is selected as the value of the variable T1 according to the condition that s2 is 0 or 1; t1-select (T1, u1, s1), which is 0 or 1 depending on whether s1 is 0, one of T1 and u1 is selected as the value of the variable T1; x 1-select (T1, u0, s0), which is 0 or 1 depending on whether s0 is 0, one of T1 and u0 is selected as the value of the variable x 1; it will be appreciated that T1 corresponds to the intermediate result previously described.
In this example, the above two-party multi-branch condition is implemented with a set of operators, including N two-party comparison operators and 2N two-party selection operators, and may be computed in parallel in a certain manner.
Finally, in step 23, the first party and the second party respectively obtain the slices corresponding to the intermediate results after the N-round selection processing. It is understood that the intermediate result after the N-round selection process is the value returned after the multi-branch condition is executed, and the value is returned to the first party and the second party in a slicing manner.
In this embodiment of the present specification, the segment corresponding to the intermediate result may be specifically an addition segment.
In one example, a first random number may be generated by the first party, the first random number is used as the first segment of the intermediate result, and then the intermediate result is modulo-2 by the first party and the second party by using a multi-party secure computation mannernSubtracting the first fragment of the intermediate result from the integer ring of the space to obtain a second fragment of the intermediate result, and returning the second fragment of the intermediate result to the second party, where the first fragment of the intermediate result and the second fragment of the intermediate result are modulo-2nThe above intermediate result can be obtained by adding the integers of the space on the ring.
By the method provided by the embodiment of the present specification, first, the first party and the second party respectively obtain the fragment of the comparison result of each branch condition in the N branch conditions; then, taking the (N + 1) th numerical value as an initial value of an intermediate result, and respectively executing N rounds of selection processing on the rest N numerical values in the order from back to front, wherein each round of selection processing comprises the following steps: the first party and the second party respectively take the current numerical value and the local fragment of the intermediate result of the previous round as the fragments of the object to be selected, take the fragment of the comparison result of the branch condition corresponding to the current numerical value as the selection bit fragment, input the fragment into a two-party selection operator, and select one of the current numerical value and the intermediate result of the previous round as the intermediate result of the current round by the two-party selection operator according to the comparison result; and finally, respectively outputting the fragments corresponding to the intermediate results after the N rounds of selection processing to the first party and the second party. As can be seen from the above, in the embodiments of the present specification, after the first party and the second party obtain the fragments of the comparison result of each branch condition, the two parties select operators, and perform N rounds of two-out-of-one processing on the N +1 numerical values according to the sequence from back to front, so that the two parties multi-branch condition can be implemented on the premise of protecting the private data.
According to another aspect, there is provided a two-party multi-branch condition implementing apparatus for protecting private data, configured to return, according to an established branch condition of N sequentially executed branch conditions, a value corresponding to the established branch condition from N +1 values arranged in sequence, where any branch condition includes a comparison of sizes of private data held by a first party and a second party, and the apparatus is configured to execute an action performed by the first party in the method provided in the embodiments of the present specification. FIG. 3 illustrates a schematic block diagram of a two-party multi-branch conditional implementation apparatus that protects private data, according to one embodiment. As shown in fig. 3, the apparatus 300 includes:
a comparing unit 31, configured to obtain a slice of a comparison result of each of the N branch conditions; another slice of the comparison result is held by the second party;
a selecting unit 32, configured to take the N +1 th numerical value as an initial value of the intermediate result, and perform N rounds of selection processing on the remaining N numerical values respectively in order from back to front, where each round of selection processing includes: taking the local fragment of the previous round of intermediate result as a fragment of an object to be selected, taking the fragment of the comparison result of the branch condition corresponding to the current numerical value obtained by the comparison unit 31 as a selection bit fragment, inputting two-party selection operators, receiving the current numerical value by the two-party selection operators, and selecting one of the local fragment of the previous round of intermediate result input by the second party and the fragment of the comparison result of the branch condition corresponding to the current numerical value obtained by the comparison unit 31 as the intermediate result of the current round by the two-party selection operators according to the comparison result;
an output unit 33, configured to output one slice corresponding to the intermediate result after the N-round selection processing to the first party; and another fragment corresponding to the intermediate result after the N rounds of selection processing is held by the second party.
According to another aspect of the embodiments, there is provided a two-party multi-branch condition implementing system for protecting private data, configured to return, according to an established branch condition of N sequentially executed branch conditions, a value corresponding to the established branch condition from N +1 values arranged in sequence, where any branch condition includes a comparison of sizes of private data held by a first party and a second party, and the system includes the first party and the second party, and is configured to perform an action performed by the first party and the second party in the method provided by the embodiments of the present specification. FIG. 4 illustrates a schematic block diagram of a two-party multi-branch conditional implementation system that protects private data, according to one embodiment. As shown in fig. 4, the system 400 includes:
a first party 41 and a second party 42 for obtaining a slice of the comparison result of each of the N branch conditions, respectively;
the first party 41 and the second party 42 are further configured to use the N +1 th numerical value as an initial value of the intermediate result, and respectively perform N rounds of selection processing on the remaining N numerical values in order from back to front, where each round of selection processing includes: the first party and the second party respectively take the current numerical value and the local fragment of the intermediate result of the previous round as the fragments of the object to be selected, take the fragment of the comparison result of the branch condition corresponding to the current numerical value as the selection bit fragment, input the fragment into a two-party selection operator, and select one of the current numerical value and the intermediate result of the previous round as the intermediate result of the current round by the two-party selection operator according to the comparison result;
the first party 41 and the second party 42 are further configured to obtain the slices corresponding to the intermediate results after the N-round selection processing, respectively.
Optionally, as an embodiment, the first party 41 has N private data in a first private data set, and the second party 42 has N private data in a second private data set, and the comparison result is characterized based on whether a preset comparison relationship is satisfied between the first private data in the first private data set and the second private data in the second private data set.
Further, the preset comparison relationship includes at least one of:
less than, less than or equal to, greater than or equal to, greater than.
Further, the first party 41 and the second party 42 are specifically configured to perform, for each of the N branch conditions, the following comparison processing: the first party 41 and the second party 42 jointly perform the multi-party security calculation by using the private data that are respectively held, the first party 41 obtains the first fragment of the comparison result of the branch condition, and the second party 42 obtains the second fragment of the comparison result of the branch condition.
Further, the multi-party security computation comprises:
the first party 41 inputs first privacy data held by the first party into a two-party comparison operator, the second party 42 inputs second privacy data held by the second party into the two-party comparison operator, the two-party comparison operator compares the first privacy data with the second privacy data, the first party 41 obtains a first fragment of a comparison result indicating whether the preset comparison relationship is established, and the second party 42 obtains a second fragment of the comparison result.
Furthermore, the comparison processing corresponding to each branch condition adopts a parallel execution mode.
Optionally, as an embodiment, the N +1 th numerical value is a numerical value returned when none of the N branch conditions is satisfied.
Optionally, as an embodiment, the N +1 values in the sequential order belong to values corresponding to the same variable in N +1 arrays in the sequential order, and each array is composed of the same number of values, and the same number of values correspond to different variables.
Optionally, as an embodiment, the two-party selection operator is implemented based on a multi-party secure computing technology.
Further, the multi-party secure computing technology comprises at least one of:
secret sharing, garbled circuits, inadvertent transmission, GMW.
According to an embodiment of another aspect, there is also provided a computer-readable storage medium having stored thereon a computer program which, when executed in a computer, causes the computer to perform the method described in connection with fig. 2.
According to an embodiment of yet another aspect, there is also provided a computing device comprising a memory having stored therein executable code, and a processor that, when executing the executable code, implements the method described in connection with fig. 2.
Those skilled in the art will recognize that, in one or more of the examples described above, the functions described in this invention may be implemented in hardware, software, firmware, or any combination thereof. When implemented in software, the functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium.
The above-mentioned embodiments, objects, technical solutions and advantages of the present invention are further described in detail, it should be understood that the above-mentioned embodiments are only exemplary embodiments of the present invention, and are not intended to limit the scope of the present invention, and any modifications, equivalent substitutions, improvements and the like made on the basis of the technical solutions of the present invention should be included in the scope of the present invention.

Claims (18)

1. A two-party multi-branch conditional implementation method of protecting private data, the method comprising:
the first party and the second party respectively obtain the fragments of the comparison result of each branch condition in the N branch conditions; the N branch conditions respectively correspond to N numerical values, wherein any branch condition comprises size comparison of privacy data held by the first party and the second party;
respectively executing N rounds of selection processing on N numerical values corresponding to N branch conditions according to the sequence from back to front by taking the (N + 1) th numerical value as an initial value of an intermediate result, wherein the (N + 1) th numerical value is a value when all branch conditions are not satisfied; each round of selection processing comprises: the first party and the second party respectively take the current numerical value and the local fragment of the intermediate result of the previous round as the fragments of the object to be selected, take the fragment of the comparison result of the branch condition corresponding to the current numerical value as the selection bit fragment, input the fragment into a two-party selection operator, and select one of the current numerical value and the intermediate result of the previous round as the intermediate result of the current round by the two-party selection operator according to the comparison result;
and respectively outputting the fragments corresponding to the intermediate results after the N rounds of selection processing to a first party and a second party.
2. The method of claim 1, wherein the first party has N private data in a first set of private data, the second party has N private data in a second set of private data, and the comparison is characterized based on whether a preset comparison relationship is satisfied between the first private data in the first set of private data and the second private data in the second set of private data.
3. The method of claim 2, wherein the preset comparison relationship comprises at least one of:
less than, less than or equal to, greater than or equal to, greater than.
4. The method of claim 2, wherein the first and second parties obtaining a slice of the comparison result for each of the N branch conditions, respectively, comprises:
for each of the N branch conditions, performing the following comparison process:
and the first party and the second party jointly perform multi-party security calculation by utilizing the private data which are respectively held, the first party obtains a first fragment of the comparison result of the branch condition, and the second party obtains a second fragment of the comparison result of the branch condition.
5. The method of claim 4, wherein the multi-party security computation comprises:
the first party inputs first privacy data held by the first party into a two-party comparison operator, the second party inputs second privacy data held by the second party into the two-party comparison operator, the two-party comparison operator compares the first privacy data with the second privacy data, the first party obtains a first fragment of a comparison result of whether the preset comparison relationship is established, and the second party obtains a second fragment of the comparison result.
6. The method of claim 4, wherein the comparison processing for each branch condition is performed in parallel.
7. The method of claim 1, wherein the sequentially arranged N +1 values belong to values corresponding to a same variable in sequentially arranged N +1 arrays, each array being composed of a same number of values corresponding to different variables.
8. The method of claim 1, wherein the two-party selection operator is implemented based on a multi-party security computing technique, the multi-party security computing technique comprising at least one of:
secret sharing, garbled circuits, inadvertent transmission, GMW.
9. A two-party multi-branch conditional implementation system for protecting private data, the system comprising:
the first party and the second party are used for respectively obtaining the fragments of the comparison result of each branch condition in the N branch conditions; the N branch conditions respectively correspond to N numerical values, wherein any branch condition comprises size comparison of privacy data held by the first party and the second party;
the first party and the second party are further configured to respectively execute N rounds of selection processing on N numerical values corresponding to the N branch conditions according to a sequence from back to front with the N +1 th numerical value as an initial value of the intermediate result, where the N +1 th numerical value is a value when all branch conditions are not satisfied; each round of selection processing comprises: the first party and the second party respectively take the current numerical value and the local fragment of the intermediate result of the previous round as the fragments of the object to be selected, take the fragment of the comparison result of the branch condition corresponding to the current numerical value as the selection bit fragment, input the fragment into a two-party selection operator, and select one of the current numerical value and the intermediate result of the previous round as the intermediate result of the current round by the two-party selection operator according to the comparison result;
the first party and the second party are further configured to obtain the slices corresponding to the intermediate results after the N-round selection processing, respectively.
10. The system of claim 9, wherein the first party has N private data in a first set of private data, the second party has N private data in a second set of private data, and the comparison is characterized based on whether a preset comparison relationship is satisfied between the first private data in the first set of private data and the second private data in the second set of private data.
11. The method of claim 10, wherein the preset comparison relationship comprises at least one of:
less than, less than or equal to, greater than or equal to, greater than.
12. The system according to claim 10, wherein the first party and the second party are specifically configured to perform, for each of the N branch conditions, the following comparison process: and the first party and the second party jointly perform multi-party security calculation by utilizing the private data which are respectively held, the first party obtains a first fragment of the comparison result of the branch condition, and the second party obtains a second fragment of the comparison result of the branch condition.
13. The system of claim 12, wherein the multi-party secure computation comprises:
the first party inputs first privacy data held by the first party into a two-party comparison operator, the second party inputs second privacy data held by the second party into the two-party comparison operator, the two-party comparison operator compares the first privacy data with the second privacy data, the first party obtains a first fragment of a comparison result of whether the preset comparison relationship is established, and the second party obtains a second fragment of the comparison result.
14. The system of claim 12, wherein the comparison processing for each branch condition is performed in parallel.
15. The system of claim 9, wherein the sequentially ordered N +1 values belong to values corresponding to a same variable in sequentially ordered N +1 arrays, each array being composed of a same number of values corresponding to different variables.
16. The system of claim 9, wherein the two-party selection operator is implemented based on a multi-party security computing technique comprising at least one of:
secret sharing, garbled circuits, inadvertent transmission, GMW.
17. A computer-readable storage medium, on which a computer program is stored which, when executed in a computer, causes the computer to carry out the method of any one of claims 1-8.
18. A computing device comprising a memory having stored therein executable code and a processor that, when executing the executable code, implements the method of any of claims 1-8.
CN202111014694.0A 2021-08-31 2021-08-31 Two-party multi-branch condition implementation method and system for protecting private data Pending CN113626871A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111014694.0A CN113626871A (en) 2021-08-31 2021-08-31 Two-party multi-branch condition implementation method and system for protecting private data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111014694.0A CN113626871A (en) 2021-08-31 2021-08-31 Two-party multi-branch condition implementation method and system for protecting private data

Publications (1)

Publication Number Publication Date
CN113626871A true CN113626871A (en) 2021-11-09

Family

ID=78388702

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111014694.0A Pending CN113626871A (en) 2021-08-31 2021-08-31 Two-party multi-branch condition implementation method and system for protecting private data

Country Status (1)

Country Link
CN (1) CN113626871A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114244497A (en) * 2021-12-09 2022-03-25 支付宝(杭州)信息技术有限公司 Method and device for cooperatively generating fragments by two parties
CN114282076A (en) * 2022-03-04 2022-04-05 支付宝(杭州)信息技术有限公司 Sorting method and system based on secret sharing
CN115941181A (en) * 2023-02-02 2023-04-07 华控清交信息科技(北京)有限公司 Out-of-order secret sharing method and system and readable storage medium

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114244497A (en) * 2021-12-09 2022-03-25 支付宝(杭州)信息技术有限公司 Method and device for cooperatively generating fragments by two parties
CN114244497B (en) * 2021-12-09 2024-02-13 支付宝(杭州)信息技术有限公司 Method and device for generating split chips by combining two parties
CN114282076A (en) * 2022-03-04 2022-04-05 支付宝(杭州)信息技术有限公司 Sorting method and system based on secret sharing
CN114282076B (en) * 2022-03-04 2022-06-14 支付宝(杭州)信息技术有限公司 Sorting method and system based on secret sharing
CN115941181A (en) * 2023-02-02 2023-04-07 华控清交信息科技(北京)有限公司 Out-of-order secret sharing method and system and readable storage medium

Similar Documents

Publication Publication Date Title
CN113626871A (en) Two-party multi-branch condition implementation method and system for protecting private data
CN111539026B (en) Method and device for performing secure operation on private data
CN111523145B (en) Method and device for performing secure operation on private data
US20180115415A1 (en) Secure computation system, server apparatus, secure computation method, and program
CN109446828B (en) Secure multi-party computing method and device
CN111737757B (en) Method and device for performing secure operation on private data
CN113722734A (en) Method, device and system for determining selection result fragmentation by two-party security selection
CN109359476B (en) Hidden input two-party mode matching method and device
CN115080615A (en) Data query method and device based on multi-party security calculation
CN111737767B (en) Method and device for performing secure operation on private data
WO2023240934A1 (en) Security processing method and apparatus for privacy vector
CN107888385B (en) RSA modulus generation method, RSA key generation method, computer device, and medium
CN111460510B (en) Method and device for determining same service data based on privacy protection
WO2018211675A1 (en) Bit decomposition secure computation apparatus, bit combining secure computation apparatus, method and program
CN113836595B (en) Method, device and system for two-party safety comparison
Huang et al. Automatic search for the linear (hull) characteristics of arx ciphers: Applied to speck, sparx, chaskey, and cham-64
CN110807211A (en) Method, system, readable medium and electronic device for safely acquiring user intersection
CN115001675A (en) Execution method of sharing OT protocol, secure multi-party computing method and device
CN113821826A (en) Boolean circuit, method and system for realizing XOR slicing input and output
CN113836596A (en) Method, device and system for determining selection result fragmentation by two-party security selection
CN114611150A (en) Security mode conversion method and device for privacy numerical value
US11228432B2 (en) Quantum-resistant cryptoprocessing
CN113836594A (en) Boolean circuit for implementing two-sided multi-branch conditions
CN112836239A (en) Method and device for cooperatively determining target object data by two parties for protecting privacy
CN113868716A (en) Boolean circuit for merging and splitting data slices

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination