CN113949505A - Privacy-protecting multi-party security computing method and system - Google Patents
Privacy-protecting multi-party security computing method and system Download PDFInfo
- Publication number
- CN113949505A CN113949505A CN202111205885.5A CN202111205885A CN113949505A CN 113949505 A CN113949505 A CN 113949505A CN 202111205885 A CN202111205885 A CN 202111205885A CN 113949505 A CN113949505 A CN 113949505A
- Authority
- CN
- China
- Prior art keywords
- factor
- transformation
- result
- participant
- party
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000004364 calculation method Methods 0.000 title claims abstract description 57
- 230000009466 transformation Effects 0.000 claims abstract description 511
- 238000000354 decomposition reaction Methods 0.000 claims abstract description 148
- 238000000034 method Methods 0.000 claims abstract description 75
- 239000012634 fragment Substances 0.000 claims abstract description 73
- 239000011159 matrix material Substances 0.000 claims description 77
- 230000005540 biological transmission Effects 0.000 claims description 68
- 239000013598 vector Substances 0.000 claims description 43
- 230000001131 transforming effect Effects 0.000 claims description 32
- 238000003860 storage Methods 0.000 claims description 22
- 238000006243 chemical reaction Methods 0.000 claims description 16
- 230000003247 decreasing effect Effects 0.000 claims description 6
- 238000000844 transformation Methods 0.000 claims description 5
- 238000006467 substitution reaction Methods 0.000 claims 2
- 230000008569 process Effects 0.000 description 42
- 230000006854 communication Effects 0.000 description 23
- 238000004891 communication Methods 0.000 description 22
- 238000010586 diagram Methods 0.000 description 15
- 230000003993 interaction Effects 0.000 description 13
- 238000012545 processing Methods 0.000 description 12
- 230000006870 function Effects 0.000 description 7
- 238000010801 machine learning Methods 0.000 description 7
- 238000012986 modification Methods 0.000 description 5
- 230000004048 modification Effects 0.000 description 5
- 230000008901 benefit Effects 0.000 description 4
- 238000009826 distribution Methods 0.000 description 4
- 238000004422 calculation algorithm Methods 0.000 description 3
- 102000051759 human factor J Human genes 0.000 description 3
- 108700008420 human factor J Proteins 0.000 description 3
- 230000006872 improvement Effects 0.000 description 3
- 239000000463 material Substances 0.000 description 3
- 238000005192 partition Methods 0.000 description 3
- 230000000644 propagated effect Effects 0.000 description 3
- 230000006978 adaptation Effects 0.000 description 2
- 230000000996 additive effect Effects 0.000 description 2
- 238000003491 array Methods 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 238000004590 computer program Methods 0.000 description 2
- 239000000835 fiber Substances 0.000 description 2
- 238000003062 neural network model Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000012216 screening Methods 0.000 description 2
- 238000012549 training Methods 0.000 description 2
- 241000282465 Canis Species 0.000 description 1
- 108010063499 Sigma Factor Proteins 0.000 description 1
- 230000009471 action Effects 0.000 description 1
- 239000000654 additive Substances 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 230000000712 assembly Effects 0.000 description 1
- 238000000429 assembly Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000013501 data transformation Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000013467 fragmentation Methods 0.000 description 1
- 238000006062 fragmentation reaction Methods 0.000 description 1
- 230000014509 gene expression Effects 0.000 description 1
- 239000010977 jade Substances 0.000 description 1
- 238000012417 linear regression Methods 0.000 description 1
- 238000007477 logistic regression Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 239000003607 modifier Substances 0.000 description 1
- 210000002569 neuron Anatomy 0.000 description 1
- 238000007781 pre-processing Methods 0.000 description 1
- 238000004321 preservation Methods 0.000 description 1
- 238000003672 processing method Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 241000894007 species Species 0.000 description 1
- 238000007619 statistical method Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N20/00—Machine learning
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
Landscapes
- Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Evolutionary Computation (AREA)
- Physics & Mathematics (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Medical Informatics (AREA)
- Data Mining & Analysis (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Artificial Intelligence (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the specification discloses a privacy-protecting multi-party security computing method and system. Wherein a first participant has a private first transformation factor and a second participant has a private first transformation object, the method being performed by the first participant, the method comprising: decomposing the first transformation factor to obtain a first transformation sequence comprising a plurality of decomposition factors; performing iterative transformation on the first transformation object based on the decomposition factor in the first transformation sequence in cooperation with a second participant, and further obtaining a first fragment of a first transformation result; the first transformation result is equivalent to a result of the transformation of the first transformed object by the first transformation factor.
Description
Technical Field
The present disclosure relates to the field of information security technologies, and in particular, to a multiparty security computing method and system with privacy protection.
Background
The secure multi-party computation is also called multi-party secure computation, namely, a plurality of parties jointly compute the result of a function without revealing the input data of the parties of the function, and the computed result is stored in a plurality of parties or is disclosed to one or more parties in a shared form. Therefore, through secure multiparty computation, the participating parties can be allowed to compute the results of the functions without exposing the respective raw data.
Data transmission among multiple parties is involved in a multi-party security computing process, and how to reduce the data transmission amount in the computing process becomes a problem which needs to be solved urgently.
Disclosure of Invention
One aspect of embodiments of the present specification provides a privacy-preserving multi-party secure computing method. Wherein a first participant has a private first transformation factor and a second participant has a private first transformation object, the method being performed by the first participant, the method comprising: decomposing the first transformation factor to obtain a first transformation sequence of a plurality of decomposition factors; performing iterative transformation on the first transformation object based on the decomposition factor in the first transformation sequence in cooperation with a second participant, and further obtaining a first fragment of a first transformation result; the first transformation result is equivalent to a result of the transformation of the first transformed object by the first transformation factor.
Another aspect of an embodiment of the present specification provides a privacy protected multi-party secure computing system. A first participant having a private first transformation factor and a second participant having a private first transformation object, the system being implemented by the first participant, the system comprising: a decomposition module, configured to decompose the first transform factor to obtain a first transform sequence of multiple decomposition factors; the first collaborative computing module may be configured to perform collaborative operations on a first participant and a second participant, and perform iterative transformation on a first transformation object based on a decomposition factor in the first transformation sequence to obtain a first segment of a first transformation result; the first transformation result is equivalent to a result of the transformation of the first transformed object by the first transformation factor.
One aspect of embodiments of the present specification provides a privacy-preserving multi-party secure computing method, a first party having a private first transformation factor and a second party having a private first transformation object, the method being performed by the second party and comprising: performing iterative transformation on the first transformation object based on the decomposition factor in the first transformation sequence in cooperation with the first participant, and further obtaining a second fragment of the first transformation result; the first transformation result is equal to a result of transforming the first transformed object by the first transformation factor; wherein the first transform sequence comprises a plurality of decomposition factors into which the first participant decomposes the first transform factor.
Another aspect of an embodiment of the present specification provides a privacy protected multi-party secure computing system. A first participant having a private first transformation factor and a second participant having a private first transformation object, the system implemented by the second participant comprising: the second collaborative computing module is used for collaborating with the first participant and carrying out iterative transformation on the first transformation object based on the decomposition factor in the first transformation sequence so as to obtain a second fragment of the first transformation result; the first transformation result is equal to a result of transforming the first transformed object by the first transformation factor; wherein the first transform sequence comprises a plurality of decomposition factors into which the first participant decomposes the first transform factor.
Another aspect of an embodiment of the present specification provides a privacy-preserving multi-party secure computing device comprising at least one storage medium and at least one processor, the at least one storage medium storing computer instructions; the at least one processor is configured to execute the computer instructions to implement a knowledge-view based knowledgegraph data processing method.
Another aspect of embodiments of the present specification provides a computer-readable storage medium storing computer instructions, and when the computer instructions in the storage medium are read by a computer, the computer executes a method for processing knowledge-graph data based on a knowledge view.
Drawings
The present description will be further explained by way of exemplary embodiments, which will be described in detail by way of the accompanying drawings. These embodiments are not intended to be limiting, and in these embodiments like numerals are used to indicate like structures, wherein:
FIG. 1 is a diagram of an exemplary application scenario for a privacy-preserving multi-party secure computing system, shown in some embodiments of the present description;
FIG. 2 is an exemplary interaction flow diagram of a second multi-party secure multiplication protocol, shown in accordance with some embodiments of the present description;
FIG. 3 is an exemplary interaction flow diagram of a privacy-preserving multi-party secure computing method, shown in some embodiments of the present description;
FIG. 4 is an exemplary interaction flow diagram of a first multi-party secure computing protocol, shown in accordance with some embodiments of the present description;
FIG. 5 is an exemplary interaction flow diagram of a third multi-party secure computing protocol, shown in accordance with some embodiments of the present description;
FIG. 6 is an exemplary block diagram of a privacy-preserving multi-party secure computing system in accordance with some embodiments of the present description;
FIG. 7 is an exemplary block diagram of a privacy-preserving multi-party secure computing system in accordance with some embodiments of the present description.
Detailed Description
In order to more clearly illustrate the technical solutions of the embodiments of the present disclosure, the drawings used in the description of the embodiments will be briefly described below. It is obvious that the drawings in the following description are only examples or embodiments of the present description, and that for a person skilled in the art, the present description can also be applied to other similar scenarios on the basis of these drawings without inventive effort. Unless otherwise apparent from the context, or otherwise indicated, like reference numbers in the figures refer to the same structure or operation.
It should be understood that "system", "device", "unit" and/or "module" as used herein is a method for distinguishing different components, elements, parts, portions or assemblies at different levels. However, other words may be substituted by other expressions if they accomplish the same purpose.
As used in this specification and the appended claims, the terms "a," "an," "the," and/or "the" are not intended to be inclusive in the singular, but rather are intended to be inclusive in the plural, unless the context clearly dictates otherwise. In general, the terms "comprises" and "comprising" merely indicate that steps and elements are included which are explicitly identified, that the steps and elements do not form an exclusive list, and that a method or apparatus may include other steps or elements.
Flow charts are used in this description to illustrate operations performed by a system according to embodiments of the present description. It should be understood that the preceding or following operations are not necessarily performed in the exact order in which they are performed. Rather, the various steps may be processed in reverse order or simultaneously. Meanwhile, other operations may be added to the processes, or a certain step or several steps of operations may be removed from the processes.
One typical application of multi-party security computing is joint statistical analysis and machine learning of privacy-preserving multi-party data. The multi-party security calculation can enable participating parties to calculate statistical results and machine learning results based on joint data of all parties under the condition that respective original data are not exposed. The function of the multi-party security calculation can be a function of statistical operation, a machine learning model and the like.
In machine learning, it is often necessary to compute matrix multiplications. For example, one of the multi-party security computing devices holds private feature data, the feature data may be represented as a matrix, and the other holds private model parameters, such as a neural network model, a linear regression model, or a logistic regression model, and the model parameters may be represented as vectors or matrices (for the neural network model, the model parameters may be represented as a plurality of vectors, each vector corresponding to a weight coefficient of a layer of neurons, or as a matrix). Two parties (or called participants) can complete the training of a machine learning model or the prediction of the machine model based on characteristic data based on multi-party safety calculation. In some embodiments, the two parties may perform matrix multiplication calculation based on a multi-party secure multiplication protocol with the aid of a third party (or referred to as an assisting party) by using feature data and model parameters held by the two parties, so as to obtain a model prediction result. When the calculation is carried out based on the multi-party safe multiplication protocol, the related communication traffic comprises offline communication traffic and online communication traffic. The offline traffic represents traffic between the participating parties and the third party, and the online traffic represents traffic between the participating computing parties. Assuming that a first party has an m × n matrix and a second party has an n-dimensional vector, in a calculation process based on a multi-party secure multiplication protocol, the offline communication amount of a round of calculation of the multi-party secure multiplication protocol is m log | a |, the online communication amount is mn log | a | + m log | a |, a is a set or group to which an element of the matrix or the vector belongs, log | a | represents the number of bits occupied when one element is transmitted, and log is short for representing the logarithm with the base 2 as the calculation. Because of the existence of mn in the traffic, the traffic generated in practical applications will be very large, for example, m is 64, n is 5000, and mn is 320000.
It should be noted that, the background of the present technical solution is described above by taking matrix multiplication as an example, but in some scenarios, the multiparty security computation is not limited to matrix multiplication between participants, but may be regarded as a result of some transformation performed on privacy data held by one participant on privacy data held by another participant, for example, a transformation factor held by a first participant, a transformation object held by a second participant, and based on the transformation factor, processing such as position transformation of an element, screening of the element, and the like may be performed on the transformation object, so as to obtain a result after position change of the element or a screening result as a transformation result. Therefore, the matrix multiplication should not be taken as a limitation of the present specification. Of course, in many embodiments, the abstract transformation may be equivalent to a concrete matrix operation.
Therefore, some embodiments in this specification provide a privacy-preserving multi-party secure computing method and system, which can effectively reduce the traffic overhead in the data transformation process based on privacy preservation. The technical solutions disclosed in the embodiments of the present specification are explained in detail by the explanation of the drawings below.
FIG. 1 is a diagram of an exemplary application scenario for a privacy-preserving multi-party secure computing system, according to some embodiments of the present description.
As shown in fig. 1, a privacy-preserving multi-party secure computing scenario 100 may include a computing device 110, a computing device 120, and a network 140, the computing device 110 and the computing device 120 may be devices of parties participating in multi-party secure computing.
The computing device may include various types of computing-capable devices, such as servers, personal computers, and the like. In some embodiments, the servers may be independent servers or groups of servers, which may be centralized or distributed. In some embodiments, the server may be regional or remote. In some embodiments, the server may execute on a cloud platform. For example, the cloud platform may include one or any combination of a private cloud, a public cloud, a hybrid cloud, a community cloud, a decentralized cloud, an internal cloud, and the like. In some embodiments, computing device 110 may be a computing device owned by a first participant participating in a multi-party secure computation and computing device 120 may be a computing device owned by a second participant participating in the multi-party secure computation.
Network 140 connects the various components of the system so that communication can occur between the various components. The network between the various parts in the system may include wired networks and/or wireless networks. For example, network 140 may include a cable network, a wired network, a fiber optic network, a telecommunications network, an intranet, the internet, a Local Area Network (LAN), a Wide Area Network (WAN), a Wireless Local Area Network (WLAN), a Metropolitan Area Network (MAN), a Public Switched Telephone Network (PSTN), a bluetooth network, a ZigBee network (ZigBee), Near Field Communication (NFC), an intra-device bus, an intra-device line, a cable connection, and the like, or any combination thereof. The network connection between each two parts may be in one of the above-mentioned ways, or in a plurality of ways.
In some embodiments, the computing scenario 100 may further include a semi-trusted third party device 130, the semi-trusted third party device 130 may assist the computing devices of the participants in running secure computing protocols, e.g., the semi-trusted third party device 130 may generate random numbers, intermediate result shards, calculate shard values, distribute random numbers and/or shard values to the computing devices 110, 120, etc.
In some embodiments, a first participant has a private first transformation factor and a second participant has a private first transformation object. The first participant may decompose the first transform factor resulting in a first transform sequence comprising a plurality of decomposition factors. The first participant may cooperate with the second participant to perform iterative transformation on the first transformed object based on the decomposition factor in the first transformed sequence, thereby obtaining a first segment of the first transformed result.
The first transformation factor may refer to private data owned by the first party. In some embodiments, the first transformation factor may be feature data used by the first participant for machine learning model training, and may be characterized as a matrix.
The first transformation object may refer to private data owned by the second participant. In some embodiments, the first transformation object may be a model parameter of a machine learning model owned by the second participant, and may be characterized as a matrix or a vector. When some specific embodiments are involved, the description will be mainly given by taking the first transformation factor as a matrix and the first transformation object as a vector as an example, and when the first transformation object is characterized as a matrix, the operation principle is similar to that of a vector.
The first transformation result is equivalent to a result of the first transformation factor transforming the first transformed object directly. In some embodiments, the first transformation result obtained by the collaborative calculation of the first participant and the second participant may be stored in the first participant and the second participant in a shared manner, the first participant holds a first fragment of the first transformation result, and the second participant holds a second fragment of the first transformation result.
In some embodiments, at least one of the decomposition factors obtained by decomposing the first transform factor is from an nth order symmetric group, N is a positive integer, and the first transform result is equal to a result of matrix multiplication of the first transform factor and the first transform object.
A one-to-one mapping of a finite set to itself is referred to as a permutation. A group consisting of all permutations of elements in a finite set of N elements is called an N-th order symmetric group. The group can mean an algebraic structure with binary operation satisfying the closure, the binding law, the unit element and the inverse element in mathematics, and comprises an Abelian group, a homomorphism and a conjugate class. Wherein, in general, can beThe sign of the binary operation is either a multiplication sign "× or ×" (which may be omitted when unambiguous) or an addition sign "+", although it is noted that the binary operation is not necessarily equivalent to a multiplication or addition in a four-way operation. In some embodiments, the number of elements of the Nth order symmetric group is N! This means that only log (N!) bits are needed to transmit one element from the Nth order symmetric group. In some embodiments, the elements of the Nth order symmetric group may be equivalently represented as an NxN matrix. Specifically, the positions of the rows or columns in the unit matrix of N × N (the diagonal elements are 1, and the remaining elements are 0) can be randomly transposed, so as to obtain N! A number of different matrices, N! The matrixes can equivalently correspond to an N-order symmetric group SNOf (1). Multiplying a certain matrix from among these with other matrices or vectors is equivalent to performing position permutation on elements of the other matrices or vectors. That is to say, in the calculation process of multiplying some multiparty security matrices, one of the matrices may be regarded as a transformation factor and decomposed, and when the decomposition factor includes the matrix, the matrix may be regarded as an element of an N-th order symmetric group, so that the communication traffic may be significantly reduced when multiparty security calculation is performed.
In some embodiments, in calculating the iterative transformation of the first transformation result, at least one round of the iterative transformation may be implemented based on the second multi-party security computing protocol. The second multi-party security protocol is adapted such that one party has elements belonging to a finite group G, the other party has elements belonging to a finite G-module group B, and if there is a role of group G in group B that can be mapped back to group B (i.e. G × a → a, x refers to the role, but should not be considered as a multiplication only) and the role satisfies the distribution law, then both parties can safely calculate the result of group G acting on group B according to the flow shown in fig. 2, and the result is held by both parties in the form of sharing slices. The second multi-party safety protocol enables the two parties to only need one round of full duplex communication in the calculation process, and effectively improves the communication efficiency. For a description of the second multi-party security protocol, see the description below in relation to fig. 2.
FIG. 2 is an exemplary interaction flow diagram of a second multi-party secure multiplication protocol, shown in accordance with some embodiments of the present description, involving data interactions between multiple parties. In some embodiments, flow 200 may be performed by a processing device (e.g., device 110 or device 120). For example, the process 200 may be stored in a storage device (e.g., an onboard storage unit of a processing device or an external storage device) in the form of a program or instructions that, when executed, may implement the process 200. The flow 200 may include the following operations. The flow is described below primarily from the perspective of a first party, during which time steps performed by a second party are involved. In some embodiments, the content of the steps performed by the first party and the second party may be interchanged.
The first segment of the first intermediate result and the second segment of the first intermediate result of the second participant are a sum shared segment of results of transforming a random object based on the random factor.
In some embodiments, the random factor is a random matrix h whose elements belong to a finite group G, and the random object is a random vector e whose elements belong to a commutative ring a containing 1, wherein commutative ring a satisfies the property of a finite G-module group, which is equivalent to group B described above. In some embodiments, the random factor and the random object may be randomly generated by a third party (which may be a semi-trusted third party device, e.g., third party semi-trusted device 130). For example, the third party generates elements in the random matrix h and the random vector e through a preset random number seed, and then obtains a random factor and a random object.
In some embodiments, the third party may transform the random object e based on the random factor h, resulting in a transformed result. The transformed result still belongs to the limited G-module group, further, a third party may disassemble the product result to obtain a first fragment of the first intermediate result and a second fragment of the first intermediate result, and the two fragments also belong to the limited G-module group. The first slice of the first intermediate result and the second slice of the first intermediate result may be sum-sharing slices, i.e. the sum of the first slice and the second slice equals the first intermediate result.
Thereafter, the third party may apply the random factor and the first intermediaryA first slice of the result is sent to the first participant and a second slice of the random object and the first intermediate result is sent to the second participant. With h representing the random factor and e representing the random object, the sum co-slicing of the operations can be expressed as: d0+d1H. The third party then fragments d the random factor h and the first intermediate result0Sending the information to a first participant; second slicing d of the random object b and the first intermediate result1And sending to the second party.
To further reduce the amount of data transmission in step 202, in some embodiments, the participant may generate a random number based on a random number seed through a pseudo-random number algorithm. In the pseudo random number algorithm, a group of pseudo random data seeds needs to be preset, and each party generates a group of random numbers based on the preset random number seeds. When the same random number seed is input, the generated random number sequence is also the same. By way of example, each party produces 5 random numbers based on the same seed of random numbers, and the random numbers generated by each party are the same, e.g., the first random number of one party is the same as the first random number of the other party.
Specifically, the first party has a first random number seed and a third random number seed, the second party has a second random number seed and a fourth random number seed, and the third party has first to fourth random number seeds. In some embodiments, the first participant may generate a plurality of random numbers as elements of the random matrix h by using the first random number seed to obtain the random factor, and generate a plurality of random numbers as the first segment d of the first intermediate result by using a predetermined third random number seed0To get a first fragment d of a first intermediate result0. The second participant may generate a plurality of random numbers as elements of the random vector e through the second random number seed, and further obtain the random object. The third party correspondingly generates h, e and d through the first random number seed, the second random number seed and the third random number seed0And is based on d1=he-d0Second fragment d obtaining a first intermediate result1So that the second party can obtain the third party from the third partyA second fraction d of intermediate results1The second participant now holds the random object b and the second fragment d of the first intermediate result1And completing the distribution of the random numbers and the fragments. In some alternative embodiments, the first slice d, which may also be a first intermediate result0Second shard of said first intermediate result, obtained from a third party for the first party1And generating the second party by the preset random object seeds.
In the course of distributing random numbers and fragments by means of a pseudo-random number algorithm, only one party obtains a first fragment d of a first intermediate result from a third party0Or a second fragment d of the first intermediate result1Therefore, the transmission amount of step 202 can further reduce the system transmission overhead.
In some embodiments, the first transmission data is obtained by performing superposition transformation on the inverse of the random factor based on the decomposition factor of the current round of iterative transformation.
The factorization is private data owned by the first party and can also be regarded as input data g of the second multiparty secure computing protocol. In some embodiments, the random factor h is from the same group as the input data g, and the inverse of the random factor h may be expressed as h-1Then the first transmission data f may be based on g and h-1The group multiplication is performed, g is a decomposition factor, and the first transmission data can be expressed as f ═ gh-1。
In some embodiments, the first party may send the first transmission data f to the other party over the network.
In some embodiments, the second transmission data i may be derived based on a-e, i.e. the second transmission data may be denoted as i ═ a-e, a denotes further input data of the second multi-party secure computing protocol, and may in particular be transformation objects currently held by the second participant of the turn. The random object e is from the same group as the input data a and has the same dimension as the input data a. A detailed description of the transformation object or input data a held by the second participant of the current round may be found elsewhere in this specification.
In some embodiments, the first participant may obtain second transmission data from the second participant via the network and perform steps 208-212 to obtain the first slice of the ga. The second participant may obtain the first transmission data from the first participant over the network and obtain a second shard for the ga based thereon. In some embodiments, ga should be understood as the result of a transformation of a based on g, which may be, for example, a multiplication.
Step 208, transforming the second transmission data based on the decomposition factor to obtain a second intermediate result.
In some embodiments, the transformation may be to apply a decomposition factor, i.e. the input data g, to the second transmission data i, resulting in a second intermediate result. The second intermediate result may be denoted gi. In some embodiments, the input data g is from an nth order symmetric group, and the second intermediate result is a result of performing position permutation on the second transmission data based on the input data; in some embodiments, the input data g is from a half direct product, the second transmission data is subjected to position permutation based on the second sub-element of the input data g, and the first sub-element of the input data g is multiplied by the permutation result in a bit-wise manner to obtain a second intermediate result.
Step 210, transform the first slice of the first intermediate result based on the first transmission data to obtain a third intermediate result.
In some embodiments, the transformation may be to apply the first transmission data f to the first slice d0 of the first intermediate result to obtain a third intermediate result. The third intermediate result may be represented as fd 0. In some embodiments, the input data g is from an nth order symmetric group, and the first transmission data f is from the group, and the third intermediate result is a result of performing a position permutation on the first slice of the first intermediate result based on the first transmission data f; in some embodiments, the input data g is from a half-direct product, and the first transmission data f is from the group, the first slice of the first intermediate result is subjected to position permutation based on the second subelement of the first transmission data f, and the first subelement of the first transmission data f is multiplied by the permutation result in bits to obtain a third intermediate result.
Step 212, obtaining a first segment of the current round of iterative transformation result based on the second intermediate result and the third intermediate result.
In some embodiments, the first slice c0 of the current round of iterative transformation results may be represented in the form of a sum of the second intermediate result and the third intermediate result. That is, the first slice c0 of the current round of iterative transformation results is based on gi + fd0To obtain c0=gi+fd0。
The second participant may be based on fd1Obtaining a second fragment c of the current round of iterative transformation result1,c1=fd1,(c0,c1) Namely the current round of iterative transformation result. The principle of the protocol can be expressed as:
ga=c0+c1=(gi+fd0)+fd1=g(a-e)+gh-1d0+gh-1d1
=g(a-e)+gh-1he。
it can be seen from the above steps that, in the execution process of the second multiparty secure computing protocol, one party does not need to participate in data generation of the other party. Therefore, full duplex can be realized, namely two parties can simultaneously send data to each other, the interaction times are reduced, and the influence caused by system delay is reduced.
In some embodiments, in the process of obtaining the first transformation result and sharing the sharding, the involved decomposition factors may be decomposed more than once to obtain more decomposition factors from the N-th order symmetric group, so as to further reduce the communication traffic in the security calculation process to the greater extent. In other words, the second multiparty security computing protocol is applied multiple times when the first transformed result and the shared slice are obtained, which will be described in more detail in the following steps. It should be noted that the value of N may be different in different iteration processes, and the use of N is only intended to replace a positive integer.
FIG. 3 is an exemplary interaction flow diagram of a privacy-preserving multi-party security computing method, shown in accordance with some embodiments of the present description, involving data interactions between multiple parties. In some embodiments, flow 300 may be performed by a processing device (e.g., device 110 or device 120). For example, the process 300 may be stored in a storage device (e.g., an onboard storage unit of a processing device or an external storage device) in the form of a program or instructions that, when executed, may implement the process 300. The flow 300 may include the following operations.
In some embodiments, the first transformation factor may be a matrix and the second transformation factor may be a matrix or a vector. For example, the first transformation factor may be an m × n (i.e., m rows and n columns) matrix, where the elements in the matrix are from a multiplicative subgroup of a, or referred to as a multiplicative invertible whole element in a. The first transform object is an n-dimensional vector, the elements in the vector are from a. A is 1-containing exchange ring. At this time, the first transformation result is equivalent to a result of matrix multiplication of the first transformation factor with the first transformation object. The groups and the rings referred to in the specification are all mathematical concepts, and satisfy the general definition and properties of the groups and the rings in mathematics. For example, a group satisfies some additive properties such as additive closure, and a commutative ring satisfies some multiplicative properties such as multiplicative closure, multiplicative commutative law, etc. In particular, a ring is a type of algebraic system that includes two operations (addition and multiplication). A commutative ring may refer to a multiply commutative ring. Multiplication of elements in the commutative ring satisfies multiplicative closure, multiplicative conjoint laws, multiplicative allocation laws, and multiplicative commutative laws. For example, for the exchange ring a, any of the elements a and b therein, ab ═ ba is satisfied. Containing 1 exchange ring A means that the element in A includes 1.
The following theorems exist:
assuming M is an mxn matrix on A with k1 non-0 rows, k2 non-0 columns, and l non-0 elements, M can be decomposed as: m ═ pa σ Q.
Where the right factor Q is a 0-1 matrix of lxn, there are k2 non-0 columns, there is one and only one 1 per row, and the column coordinates of 1's per row are monotonically non-decreasing. The column coordinates are monotonically non-decreasing may mean that the column coordinates of 1 (or the serial number of the column in which it is located) in each row are the same or larger in size with respect to the coordinates of the column coordinates of 1 in the previous row. For example, if the column coordinate of 1 in the first row is 1, the column coordinate of 1 in the second row is 1 or more; if the column coordinate of 1 in the second row is 2, the column coordinate of 1 in the third row is 2 or more.
The second intermediate factor σ is a matrix of l × l. In some embodiments, the rows or columns in an l × l identity matrix (with 1 element on the diagonal and 0 remaining) can be randomly transposed, which can result in l! A different matrix, of which the second intermediate factor σ is one. According to the preceding description, the second intermediate factor σ can be considered as coming from the order-l symmetric group SlSo as to effectively reduce the communication traffic in the cooperative computing.
The first intermediate factor Λ is a diagonal matrix of l × l, with none of the diagonal elements being 0. In some embodiments, the diagonal elements of the first intermediate factor Λ are non-0 elements in the m × n matrix.
The left factor P is a 0-1 matrix of m x l with k1 rows other than 0, with one and only one 1 per column, and the row coordinates of 1's per column are monotonically non-decreasing. The row coordinate is not monotonically decreased, which may mean that the row coordinate of 1 in each column (or the serial number of the row in which it is located) is equal to or larger than the coordinate size of the row coordinate of 1 in the previous column. For example, if the row coordinate of 1 in the first column is 1, the row coordinate of 1 in the second column is greater than or equal to 1; if the row coordinate of 1 in the second column is 2, the row coordinate of 1 in the third column is greater than or equal to 2.
Wherein m, n, l, k1 and k2 are positive integers.
In some embodiments, the processing device of the first participant (e.g., processing device 110) may decompose the first transform factor based on the foregoing theorem, resulting in a left factor, a first intermediate factor, a second intermediate factor, and a right factor in the first transform sequence.
For example only, the result of decomposing the first transform factor may be as follows:
suppose that the mxn matrix M on A is
The matrix M can be decomposed into
Where σ denotes that the second row and the fifth row of the conversion target are interchanged with each other (25). In some embodiments, σ ═ 25 can be equivalently expressed as interchanging the second and fifth rows of the 6 × 6 identity matrix.
After obtaining the first transformation sequence, the first participant may cooperate with the second participant to perform iterative transformation on the first transformation object based on the decomposition factor in the first transformation sequence by performing step 300, so as to obtain a first segment of the first transformation result. Step 300 may include the following steps.
Step 302A, based on the right factor, obtaining a first segment of a right factor transformation result through a first multi-party secure computing protocol with a second party based on a first transformation object; the second participant obtains a second slice of the right factor transformation result.
In some embodiments, the first party may calculate the first segment of the right factor transformation result based on the right factor and the second party based on the first transformation object based on the first multiparty security calculation method shown in fig. 4; the right factor is used as a transformation factor of the first multi-party safety calculation method, the first transformation object is used as a transformation object, and the second participant obtains a second segment of a right factor transformation result. The first and second shards refer to data shards that exist in a sum-sharing fashion with the first and second participants. In the first multi-party secure computing protocol, the first participant can further decompose the right factor to obtain a plurality of public factors and private factors, wherein the private factors can be regarded as elements from the N-order symmetric group, and the public factors can be held by the two parties, thereby reducing communication traffic generated when the two parties carry out cooperative operation based on the first multi-party secure computing protocol. For a detailed description of the first multi-party secure computing protocol, refer to fig. 4 and its related description in this specification, and are not described herein again.
Accordingly, the second participant may obtain a second slice of the right-factor transformation result by performing step 302B.
For a detailed description of the calculation process, refer to fig. 4 and its related description, which are not repeated herein.
In some embodiments, the first transform object may be represented by X, and the right factor transform result may be represented as y ═ QX.
Wherein y represents the right factor transformation result, Q is the right factor, and X is the first transformation vector. The first slice of the right factor transformation result may be denoted as y1=(QX)1The second slice of the right factor transformation result may be denoted as y2=(QX)2The right factor transformation result y is y1+y2。
In some embodiments, the first participant may determine a first intermediate vector based on a first intermediate factor, the elements of the first intermediate vector being diagonal elements of the first intermediate factor. In some embodiments, the participant may order the elements on the diagonal of the first intermediate factor to obtain a first intermediate vector. Continuing with the previous example, the first participant may derive a first intermediate vector (3, 5, 1, 11, 7, 9) based on the first intermediate factor. Further, the first participant may use the first intermediate vector as a first sub-element of the isomorphic factor and the second intermediate factor as a second sub-element of the isomorphic factor.
In some embodiments, the elements of the first intermediate vector are from a multiplicative subgroup of a,the second intermediate divisor can then be considered to be from the order I symmetric group, and the isomorphic divisor can be considered to be a combination of the first intermediate vector and the second intermediate divisor, so the isomorphic divisor can be considered to be a half-direct product of the multiplicative subgroup from the order I symmetric group and the order I A, denoted Sl×(AX)l,AXA multiplier subgroup of (A)X)lRepresents 1AXCartesian or direct product of, SlIs an I-order symmetric group, x represents a half direct product, Sl×(AX)lIs a finite group, (A)X)lOr AlIs Sl×(AX)lModule group. After the first intermediate vector and the second intermediate factor are equal to isomorphic factors, the communication traffic can be reduced compared with the original matrix when the two parties carry out cooperative operation, and meanwhile, the method is also suitable for a second multiparty safety calculation protocol.
More generally, one can put the half direct product Sl×(AX)lThe element in (b) is represented by (α, σ). Wherein the first sub-element α is from (A)X)lThe second subelement σ is from Sl。
In some embodiments, the intermediate transformation result may be represented as Z ═ Λ σ y according to a calculation order from right to left.
Where Z represents the intermediate transformation result, Λ represents the first intermediate factor, σ represents the second intermediate factor, and y represents the right factor transformation result.
Changing y to y1+y2Substituted into where Z ═ Λ σ (y) is available1+y2)=Λσy1+Λσy2。
Wherein, Λ σ is owned locally by the first participant, y1First slice of right factor transformation result owned by first participant, therefore σ y1Can be computed locally by the first participant at him, i.e. a local slice of the intermediate transformation result.
As described above, Λ σ may be expressed in terms of isomorphic factors, with corresponding isomorphic factorsDenoted (α, σ) by a first subelement and a second subelement, the first slice of the right-factor transformation result being y1In the calculation, the first slice y of the result of the right factor transformation may be first of all based on the second subelement σ in the isomorphic factor1And performing position permutation, and then multiplying the first sub-element alpha in the isomorphic factor by the permutation result in a bit manner to obtain the local fragment of the intermediate transformation result.
As described in the above embodiments, the intermediate transformation result may be expressed as Λ σ y ═ Λ σ y1+Λσy2Wherein, Λ σ y1May be computed directly by the first party locally. Second slice y due to right factor transformation result2Is derived from AXOr A, a second slice y of the result of the right-factor transformation2From (A)X)lOr AlIs Sl×(AX)lModule group, therefore, for Λ σ y2And the second fragment can be obtained by the first party through calculation of a second multi-party security calculation protocol based on the isomorphic factor and the second party based on the right factor transformation result.
In some embodiments, the first party uses a private isomorphic factor (α, σ) as input data g for a second multi-party secure computing protocol, a second slice y of a second party private right factor transformation result2As input data a of the second multi-party secure computing protocol, the first fragment (Lambda sigma y) of the intermediate transformation result is obtained through the cooperative computing of the second multi-party secure computing protocol2)1(ii) a The second participant may obtain a second partition (Λ σ y) of the intermediate transformation result by performing step 308B2)2. For a detailed description of the second multi-party secure computing protocol, reference may be made to fig. 2 and its related description in this specification, which are not described herein again.
And 308B, obtaining the second fragment of the intermediate conversion result through a second multi-party secure computing protocol based on the isomorphic factor with the first party based on the second fragment of the right factor conversion result.
In some embodiments, the shards Λ σ y of the intermediate transformation result obtained by the first participant and the second participant in cooperation2In sum sharing form may be denoted as Λ σ y2=(Λσy2)1+(Λσy2)2。
When the transformation of the first transformation factor to the first transformation target may be expressed as MX ═ Ρ Λ σ QX, through the steps in the above-described embodiments, Λ σ QX, that is, Λ σ QX ═ Λ σ y ═ Λ σ (y ═ Λ σ (y ═ σ QX), has been calculated1+y2)=Λσy1+(Λσy2)1+(Λσy2)2Wherein the first party holds Λ σ y1、(Λσy2)1The second party holds (Λ σ y)2)2。
The left transformation result is obtained by applying the left factor to the calculated Λ σ QX, e.g.,
PΛσQX=P(Λσy1+(Λσy2)1+(Λσy2)2)=P(Λσy1+(Λσy2)1)+P(Λσy2)2
wherein, the left factor is P, the local fragment of the intermediate transformation result is Λ σ y1The first slice of the intermediate transformation result is (Λ σ y)2)1All owned by the first party, so the first party can compute P (Λ σ y) directly at its local site1+(Λσy2)1) I.e. local slicing of the left transform result.
Step 312A, based on the left factor, obtaining, by the second party and based on the second segment of the intermediate transformation result, the first segment of the left transformation result through a third multiparty security computing protocol, and simultaneously obtaining, by the second party, the second segment of the left transformation result.
In some embodiments, the left transform result is P (Λ σ y)1+(Λσy2)1)+P(Λσy2)2Wherein, P (Λ σ y)1+(Λσy2)1) For local slicing of the left transform result, it is already possible to calculate, and P (Λ σ y)2)2Middle, P is a left factor, held by the first participant; (Λ σ y)2)2A second slice of the intermediate transformation result, held by a second participant, each of which is not revealed to the other, and therefore a part P (Λ σ y) of the left transformation result2)2The first party and the second party need to cooperatively calculate based on the third multi-party security calculation protocol.
In some embodiments, P (Λ σ y) of the left transform result2)2The part may be denoted as P (Λ σ y)2)2=(P(Λσy2)2)1+(P(Λσy2)2)2。
Wherein, (P (Λ σ y)2)2)1A first segment of the left transformation result, held by a first participant; (P (Λ σ y)2)2)2A second slice, which is the left transform result, is held by a second participant.
In some embodiments, (P (Λ σ y)2)2)1The first party and the second party can calculate the second segment based on the intermediate transformation result by a third multi-party safety calculation method based on the left factor. (P (Λ σ y)2)2)2It may be calculated by the second party by performing step 312B.
And step 312B, based on the second segment of the intermediate transformation result and the first participant, based on the left factor, obtaining the second segment of the left transformation result through a third multi-party security calculation method.
When the third multiparty security calculation method is executed, the left factor is used as a transformation factor and the second slice of the intermediate transformation result is used as a transformation object. In the third multiparty security computing protocol, the first participant may further decompose the left factor to obtain a plurality of public factors and private factors, wherein the private factors may be regarded as elements from the N-th order symmetric group, and the public factors may be held by both parties, thereby reducing communication traffic generated when both parties perform cooperative operation based on the third multiparty security computing protocol. For a detailed description of the third multi-party security calculation method, reference may be made to fig. 5 and its related description, which are not repeated herein.
Illustratively, following the example in the above step, the first slice of the first transform result may be denoted as P (Λ σ y)1+(Λσy2)1)+(P(Λσy2)2)1(ii) a The second slice of the first transform result may be denoted as (P (Λ σ y)2)2)2Obtained by the second party.
In some embodiments, the first participant may add the local slice of the left transform result and the first slice of the left transform result to obtain a first slice P (Λ σ y) of the first transform result1+(Λσy2)1)+(P(Λσy2)2)1。
In some embodiments, the second participant may obtain a second slice of the first transformation result by performing step 314B.
In some embodiments, the second participant may directly take the second slice of the left transform result as the first slice of the first transform result.
In some embodiments, the process by which the first party performs the first multi-party secure computing protocol or the third multi-party secure computing protocol in cooperation with the second party may be as follows.
The first participant may decompose the transform factor to obtain a second transform sequence comprising a plurality of decomposition factors. The plurality of factorizations includes a private factor and a public factor, the public factor being held simultaneously by the second party.
The decomposition factor may refer to a decomposition term obtained by decomposing the transform factor. In some embodiments, the plurality of factoring factors may include a private factor and a public factor. A private factor refers to a factor that is held only by a first party, and a public factor may be held by a second party in addition to the first party. For example, when the transformation factor is expressed as a matrix, it may be decomposed into a form of multiplying a plurality of matrices, and the decomposed matrices are decomposition factors.
In some embodiments, the first participant may decompose the transform factor according to a preset decomposition rule. Illustratively, the result of decomposing the transform factor may be as follows.
When a first participant has a transformation factor, such as the matrix Q, it can be decomposed according to lemma 1.
Introduction 1: presence of sigma1∈Sn,σ2∈SlSo that the conversion factor Q can be decomposed into the following form.
Q=∫σ2Jδσ1
Wherein ^ n ^ o and [ sigma ]2、J、δ、σ1Respectively representing a plurality of decomposition factors obtained after decomposition, and sequentially being a first decomposition factor sigma from right to left1A second decomposition factor delta, a third decomposition factor J, a fourth decomposition factor sigma2And the fifth decomposition factor ^ jj.
Wherein S isn、SlThe n-order symmetry group and the I-order symmetry group are respectively shown, and the definition of the symmetry group can be referred to the related description of fig. 2, which is not repeated herein. Wherein the first decomposition factor σ1Can be characterized as an n x n matrix, the fourth resolution factor sigma2Can be characterized as an I matrix. Fifth decomposition factor
Third decomposition factor
Represents k2×k2Unit array of (1), second decomposition factor
Where the second, third and fifth factorization factors δ, J and ^ do not vary with the variation of Q, i.e., these factorizations do not carry information of the transformation factor Q and thus may be shared with the second participant, these factors may also be referred to as common factors. First decomposition factor σ1And a fourth resolution factor sigma2Following the change in Q, these factors carry information that transforms the factor Q and are therefore private to the first party.
After decomposing the transformation factor, the first participant may perform iterative transformation on the transformation object based on the multiple decomposition factors obtained by the decomposition in cooperation with the second participant in sequence based on the multiple decomposition factors in the transformation sequence, so as to obtain a first fragment of the transformation result, and the second participant obtains a second fragment of the transformation result. The transformation result is equivalent to a result of transforming the transformation object by the transformation factor.
Wherein, the transformation of the common factors is carried out by the participators independently; the transformation of the privacy factor is carried out by the participators based on the multi-party security computing protocol.
In some embodiments, the transform factor may be a left factor P resulting from the first transform factorization, and the transform object may be a second slice of the intermediate transform result obtained by the second participant in flow 300.
In some embodiments, the first participant may also decompose the transformation factor P to obtain a plurality of decomposition factors.
2, leading: presence of sigma1∈Sl,σ2∈SmSo that the transformation factor P canIs decomposed into the following forms.
P=σ2δKσ1∫
Wherein σ2、δ、K、σ1And ^ respectively represents a plurality of decomposition factors obtained after decomposition, and the first decomposition factor ^ and the second decomposition factor sigma are sequentially arranged from right to left1A third decomposition factor K, a fourth decomposition factor delta and a fifth decomposition factor sigma2。
Wherein S isl、SmRespectively representing an order I symmetric group and an order m symmetric group, wherein the second decomposition factor sigma1Can be characterized as an I × I matrix, a fifth decomposition factor σ2Can be characterized as an m matrix. First decomposition factor
Third decomposition factor
Represents k1×k1Unit array of (1), fourth solution factor
Wherein the first factorization ^ jq, the third factorization K and the fourth factorization δ are public factors, and the second factorization σ 1 and the fifth factorization σ 2 are private factors.
After decomposing the transformation factors, the first participant may cooperate with the second participant to perform iterative transformation on the transformation object sequentially based on the multiple decomposition factors in the second transformation sequence, thereby obtaining a first segment of the transformation result. Wherein the transformation involving the common factor is performed solely by the participant (e.g., the first participant or the second participant); transformation involving the privacy factor is accomplished by the participant based on a second multi-party secure computing protocol.
In some embodiments, the transformation result is equivalent to a result of transforming the transformed object with the transformation factor. In the first multiparty security computing protocol, the conversion factor is a right factor, and the conversion object is a first conversion object; in the third multiparty security computing protocol, the transformation factor is a left factor and the transformation object is the second slice of the intermediate transformation result.
In some embodiments, when a transformation of the privacy factor is involved, both parties complete the current round of iterative transformations based on the second multi-party secure computing protocol.
The first multi-party secure computing protocol and the third multi-party secure computing protocol will be explained in detail below with reference to fig. 4 and 5, respectively.
FIG. 4 is an exemplary interaction flow diagram of a first multi-party secure computing protocol, shown in accordance with some embodiments of the present description, involving data interactions between multiple parties. In some embodiments, flow 400 may be performed by a processing device (e.g., device 110 or device 120). For example, the process 400 may be stored in a storage device (e.g., an onboard storage unit of a processing device or an external storage device) in the form of a program or instructions that, when executed, may implement the process 400. The flow 400 may include the following operations.
In some embodiments, when a first party owns a private transformation factor and a second party owns a private transformation object, the first party may calculate a transformation result in the manner of step 400A as described in the following embodiments and the second party in the manner of step 400B as described in the following embodiments. Wherein the transformation result is equivalent to a result of transforming the transformation object by the transformation factor. The transformation is understood to be based on the calculation of transformation factor and transformation object, and the calculation method may include, but is not limited to, four arithmetic operations, for example, the transformation may be matrix multiplication.
In some embodiments, the transform factor may be obtained by decomposing the first transform factor, i.e. the transform factor may be part of the decomposition result of the first transform factor. For more details on the first transform factor, reference may be made to fig. 2 and the related description thereof, which are not repeated herein. In some embodiments, the transform factor may be a right factor Q resulting from a first transform factorization and the transform object may be a first transform object X.
In the first multi-party secure computing protocol, the first factoring in the second sequence of transformations is a proprietary factor.
The first iterative transformation result may refer to a result of applying the first decomposition factor to the transformed object.
In some embodiments, the first decomposition factor σ1Satisfies the condition of a second multi-party secure computing protocol with a transformation object X, namely, the n-order symmetric group is a finite group, and the transformation object X is from AnIt can be regarded as an n-order symmetric group-module, and the first decomposition factor σ1The result of the action on the transformed object X still belongs to AnAnd satisfies the distribution law. Thus, the first party may be based on the first decomposition factor σ1And the first iterative transformation result is obtained by the second party through the collaborative calculation of the second multi-party security protocol based on the transformation object X. Wherein the first iterative transformation result may exist in a form shared by the first participant and the second participant. A first shard of the first iterative transformation result is held by a first participant and a second shard of the first iterative transformation result is held by a second participant.
In some embodiments, the second participant may obtain a second slice of the first iterative transformation result by performing step 402B.
In some embodiments, the transformation may be a matrix multiplication. Thus, the first iterative transformation result may be represented as σ1X=(σ1X)1+(σ1X)2Wherein (σ)1X)1A first slice of a first iterative transformation result held for a first participant, (σ)1X)2A second slice of the first iterative transformation result held for the second participant.
When the second multi-party security computation protocol is executed in the current iterative transformation process, the first decomposition factor σ 1 is used as input data g, and the transformation object X is used as input data a. Reference may be made to fig. 2 and its associated description for the second multi-party security-based computing protocol, which are not described in detail herein.
In some embodiments, the second transform sequence comprises 5 decomposition factors, wherein the first and fourth decomposition factors are private factors and the remaining decomposition factors are public factors. Accordingly, the process 400 further includes:
In some embodiments, the second decomposition factor is an n × n matrix with the diagonal elements being 1, the i +1 th row and i column elements being-1, the remaining elements being 0, i being an integer from 1 to (n-1).
The second iterative transformation result may refer to a result obtained by applying the second decomposition factor δ to the first iterative transformation result. Wherein the second iterative transformation result can be expressed as δ σ1X=δ((σ1X)1+(σ1X)2)。
Further expanding it can obtain delta sigma1X=δ(σ1X)1+δ(σ1X)2Wherein both the first and second parties can hold, since δ is a common factor, and thus δ (σ)1X)1It can be computed directly by the first participant locally, i.e. the first segment of the second iterative transformation result; second slice δ (σ) of second iterative transformation result1X)2It may be computed locally by the second participant based on the second decomposition factor and the second patch of the first iterative transformation result.
In some embodiments, the second participant may obtain a second shard of the second iteration result by performing step 404B.
The second slice of the second iterative transformation result may be computed directly by the second participant locally.
In some embodiments, the third decomposition factor is a matrix of l × n, and diagonal elements of a matrix block composed of the first k2 rows and common elements of the first k2 columns are 1, and the remaining elements are 0.
The third iterative transformation result may refer to a result of applying the third decomposition factor J to the second iterative transformation result. In some embodiments, the third iterative transformation result may be represented as J δ σ1X=J(δ(σ1X)1+δ(σ1X)2)=Jδ(σ1X)1+Jδ(σ1X)2。
The third decomposition factor J is a common factor, and both the first and second parties can hold. Then J δ (σ) in the above example1X)1The first fragment of the third iterative transformation result can be directly calculated by the first participant locally based on the third decomposition factor and the first fragment of the second iterative transformation result; j delta (sigma)1X)2The second partition of the third iterative transformation result that is represented may be computed directly by the second participant locally based on the third factorization and the second partition of the second iterative transformation result.
In particular, the second participant may obtain a second slice of the third iterative transformation result by performing step 406B.
In some embodiments, the fourth factorial solution is from an I-th order symmetric group, characterized as an l × l matrix.
The fourth iterative transformation result may refer to a result of applying a fourth factorial to the third iterative transformation result.
In some embodiments, due to the fourth resolution factor σ2The private factor held for the first party, which is not known to the second party about the fourth resolution factor σ2The related information of (2). Therefore, the fourth solution factor σ2The computation of the result of the third iterative transformation involves a co-computation with the second participant. Specifically, the fourth iterative transformation result may be represented in the following form.
σ2Jδσ1X=σ2(Jδ(σ1X)1+Jδ(σ1X)2)=σ2Jδ(σ1X)1+σ2Jδ(σ1X)2
Wherein σ2Is a fourth factoring factor, held by the first party, J δ (σ)1X)1The first tile, which is the result of the third iterative transformation, is also held by the first participant.
In some embodiments, the first participant may locally calculate a local patch σ of the fourth iterative transformation result based directly on the fourth factorization and the first patch of the third iterative transformation result2Jδ(σ1X)1。
Based on the description in step 408A, the fourth iterative transformation result may be composed of two parts, one part is a local slice of the fourth iterative transformation result directly computed by the first participant locally, and the other part is obtained by the first participant and the second participant cooperatively computed, and the other part may be expressed as σ2Jδ(σ1X)2。
Wherein the fourth solution factorσ2A second slice J delta (sigma) of the third iterative transformation result held by the first participant1X)2Held by the second participant. Fourth resolution factor sigma2The second fragment of the third iteration transformation result meets the condition of a second multi-party safe computing protocol, namely, the I-order symmetric group is a finite group, and the second fragment of the third iteration transformation result comes from AlIt can be regarded as I-order symmetric group-module, and the fourth solution factor σ2The effect on the second segment of the third iterative transformation result still belongs to AlAnd satisfies the distribution law. Thus, the first party and the second party may calculate the further portion of the result of the fourth iterative transformation based on the second multi-party security computing protocol based on data they own.
The calculation result may still exist between the first and second parties in a shared form, as shown below.
σ2Jδ(σ1X)2=(σ2Jδ(σ1X)2)1+(σ2Jδ(σ1X)2)2
Wherein (sigma)2Jδ(σ1X)2)1A first shard representing a result of the fourth iterative transformation, held by the first participant; (sigma)2Jδ(σ1X)2)2A second shard, representing a result of the fourth iterative transformation, is held by the second participant. In some embodiments, the second participant may obtain a second slice of the fourth iterative transformation result by performing step 410B.
And step 410B, obtaining a second fragment of a fourth iterative transformation result through a second multi-party safety calculation protocol based on the second fragment of the third iterative transformation result and the first party based on a fourth decomposition factor.
In the current round of iterative transformation process, when a second multi-party safety calculation protocol is executed, the fourth resolution factor is used as input data g, and the second fragment of the third iterative transformation result is used as input data a. For the contents of the second multi-party secure computing protocol, reference may be made to fig. 2 and the related description thereof, which are not described herein again.
In some embodiments, the fifth decomposition factor is a matrix of l × l, and the diagonal elements and the elements below the diagonal are 1, and the remaining elements are 0.
Following the description in the above steps, the transform result may be expressed as QX ═ σ ^ σ2Jδσ1And (4) X. Substituting the fourth iterative transformation result obtained in the above step into the first iterative transformation result to obtain: QX ═ σ -2Jδσ1X=∫(σ2Jδ(σ1X)1+σ2Jδ(σ1X)2) Unfolding it can give: QX ═ σ -2Jδ(σ1X)1+∫σ2Jδ(σ1X)2=∫σ2Jδ(σ1X)1+∫(σ2Jδ(σ1X)2)1+∫(σ2Jδ(σ1X)2)2。
The fifth factorization factor ^ is a common factor, both the first party and the second party can hold, and the local fragmentation of the fourth iterative transformation result is sigma2Jδ(σ1X)1The first slice of the fourth iterative transformation result is (σ)2Jδ(σ1X)2)1. The first participant may calculate the fifth factorization factor with the local segment of the fourth iterative transformation result and the first segment of the fourth iterative transformation result, respectively, to obtain the first segment ^ σ of the transformation result2Jδ(σ1X)1+∫(σ2Jδ(σ1X)2)1。
In some embodiments, the second participant may obtain the second shard of the transformation result by performing step 412B.
In some embodiments, the second party may factor the fifth party intoThe sub-action on the second slice of the fourth iterative transformation result results in the second slice ^ integral (sigma) of the transformation result2Jδ(σ1X)2)2。
In some embodiments of the present specification, a calculation result of the transformation factor Q and the transformation object X calculated by the privacy-preserving-based multiparty security calculation method may be expressed as QX ═ σ ^ Q2Jδ(σ1X)1+∫(σ2Jδ(σ1X)2)1+∫(σ2Jδ(σ1X)2)2=∫σ2Jδσ1X。
FIG. 5 is an exemplary interaction flow diagram of a third multi-party secure computing protocol, shown in accordance with some embodiments of the present description, involving data interactions between multiple parties. In some embodiments, flow 500 may be performed by a processing device (e.g., device 110 or device 120). For example, the process 500 may be stored in a storage device (e.g., an onboard storage unit of a processing device or an external storage device) in the form of a program or instructions that, when executed, may implement the process 500. Flow 500 may include the following operations.
In some embodiments, in the third multi-party secure computing protocol, the first factoring factor in the second sequence of transforms is a public factor and the second factoring factor is a private factor.
The first participant may perform the process 500A to obtain a first segment of the transformed result; the second participant may perform the process 500B to obtain a second segment of the transformed result. In some embodiments, the transformation may be a matrix multiplication.
The first decomposition factor is a matrix of l × l, with the diagonal elements and the elements below the diagonal being 1, and the remaining elements being 0. The first decomposition factor is, i.e., [ integral ] in the above example. In some embodiments, since the first decomposition factor ^ is a common factor, and the transform object
Held by the second party, so that the second party can directly calculate the first iterative transformation result as
The first iterative transformation result is obtained by a second participant based on a first decomposition factor and the transformation object.
In some embodiments, the second decomposition factor is from an order-l symmetric group, characterized as an l × l matrix.
The second iterative transformation result may refer to a second decomposition factor σ1Acting on the result of the first iterative transformation result. In some embodiments, the second iterative transformation result may be represented as
In some embodiments, the class i symmetric group is a finite group, and the first iterative transformation result is from AlAnd is an l-order symmetric group-module, the first party and the second party can calculate a second iterative transformation result based on the second multi-party secure computing protocol, and exist in a form shared by the two parties, for example,
wherein the first participant obtains a first slice of the second iterative transformation result
The second participant obtains a second slice of the second iterative transformation result
In some embodiments, the second participant may obtain a second slice of the second iterative transformation result by performing step 502B.
In the process of the current round of iterative transformation, when the second multi-party security computing protocol is executed, the second decomposition factor is used as input data g, and the first iterative transformation result is used as input data a. For details of the second multi-party secure computing protocol, reference may be made to fig. 2 and its related description, which are not repeated herein.
In some embodiments, the decomposition factors obtained by decomposing the transform sequence may include 5 decomposition factors, wherein the second decomposition factor and the fifth decomposition factor are private factors, and the rest decomposition factors are public factors. The 5 decomposition factors may be as shown above, i.e., P ═ σ2δKσ1Integral whole number. The first participant may continue by performing steps 504A to 512A to obtain a first segment of the transformation result, and correspondingly, the second participant may continue by performing steps 504B to 512B to obtain a second segment of the transformation result.
In some embodiments, the third decomposition factor is an m × l matrix, and diagonal elements of a matrix block composed of rows of inverse k1 and common elements of inverse k1 columns are 1, and the remaining elements are 0.
The third iterative transformation result may refer to a result of applying the third decomposition factor K to the second iterative transformation result.
In some embodiments, the third iterative transformation result may be represented as
Decomposing it to obtain
Since the third decomposition factor K is a common factor, the first and second parties may directly calculate the slice of the third iterative transformation result based on their own data. Wherein the first calculator calculates the first slice of the third iterative transformation result
The second participator calculates a second fragment of a third iterative transformation result
In some embodiments, the second participant may obtain a second slice of the third iterative transformation result by performing step 504B.
In some embodiments, the fourth solution factor is an m × m matrix with 1 diagonal element, 1 row i +1 column i element, and 0 remaining elements, i being integers from 1 to (m-1).
The fourth iterative transformation result may refer to a result of applying a fourth factorial to the third iterative transformation result.
In some embodiments, the fourth iterative transformation result may be represented as
Expand it, i.e. transform the first slice of the third iterative transformation result and the third iterationThe second slice of the transform result is substituted into it,
In some embodiments, the second participant may obtain a second slice of the fourth iterative transformation result by performing step 506B.
In some embodiments, the fifth factoring is a proprietary factor, held by the first party, the second party being unaware of the fifth factoring.
In some embodiments, the fifth decomposition factor is from an m-th order symmetry group, characterized as an m x m matrix.
The fifth iterative transformation result may refer to a result of applying a fifth factorization to the fourth iterative transformation result.
Illustratively, the fifth decomposition factor is σ2The fourth iteration is transformed into
The result of the fifth iterative transformation may be expressed as
Substituting the slice of the fourth iteration result into the first iteration result to obtain:
wherein the fifth decomposition factor σ2Is a private factor, and a first slice of the fourth iterative transformation result
Held by the first party and, therefore,
may be computed directly by the first party locally.
Namely the local fragment of the fifth iteration transformation result.
The other part of the result of the fifth iterative transformation, which exists in the form of a sum share between the first participant and the second participant, can be calculated as described in step 510A below.
And step 510A, based on the fifth decomposition factor, obtaining, by the second multi-party secure computing protocol, a first segment of a fifth iterative transformation result with a second segment of the second party based on the fourth iterative transformation result, and simultaneously obtaining, by the second party, a second segment of the fifth iterative transformation result.
As described above, another portion of the result of the fifth iterative transformation may be represented as
Wherein the fifth decomposition factor σ2Second shard of fourth iterative transformation result held by first participant
Held by a second participant, the m-th order symmetric group is a finite group, and a second slice of the fourth iterative transformation result is from AmAnd is an m-th order symmetric group-module, the first party and the second party may therefore perform computations based on the second multi-party secure computing protocol. At this time, the fifth decomposition factor is used as input data g, and the second slice of the fourth iterative transformation result is used as input data a. For the contents of the second multi-party secure computing protocol, reference may be made to the description of fig. 2, which is not repeated herein.
In some embodiments, the fifth decomposition factor σ2Second slicing with the result of the fourth iterative transformation
Can be expressed as
Wherein,
a first segment representing a result of the fifth iterative transformation, obtained by the first participant;
a second patch, representing a result of the fifth iterative transformation, is obtained by the second participant.
In some embodiments, the second participant may obtain a second slice of the fifth iterative transformation result by performing step 510B.
And step 510B, based on the second segment of the fourth iterative transformation result and the fifth decomposition factor, obtaining a second segment of a fifth iterative transformation result through a second multi-party secure computing protocol with the first party.
In some embodiments, the first participant may sum the local shard of the fifth iterative transformation result and the first shard of the fifth iterative transformation result to obtain the first shard of the transformation result.
Illustratively, the first slice of the transform result may be represented as
Held by the first party.
Accordingly, the second participant may obtain the second slice of the transformation result by performing step 512B.
In some embodiments, the second participant may directly slice the second of the fifth iterative transform results
As a second slice of the transform result.
In some embodiments of the present description, the transformation factor P and the transformation object
Can be expressed as
May be the second slice of the intermediate transformation result in flow 200.
In some embodiments of the present description, by decomposing a matrix to be transformed, transformation of a vector by an obtained decomposition factor belonging to an N-th order symmetric group satisfies a second multiparty security computation protocol, which avoids traffic proportional to a matrix dimension generated by a common security multiplication protocol, so that a row-column multiplication term of the matrix is not involved in traffic involved in a computation process, and communication overhead involved in a matrix-by-vector computation process is greatly reduced.
Using the example of the first iteration in the process 400, the amount of traffic generated when the first party sends the first transmission to the second party is logn! When the third party sends the first fragment or the second fragment of the first intermediate result to the first party or the second party, the generated traffic is nlog | a |, and when the second party sends the second transmission data to the first party, the generated traffic is nlog | a |, so that the traffic of the first round of iterative transformation implemented by the second multiparty security computation protocol in the process 400 is logn |! +2nlog | A |. By analogy, the traffic volume of the fourth round of iterative transformation implemented by the second multiparty security computing protocol in the process 400 is logl! +2llog | A |. The second round of iterative transformation performed by the second multi-party secure computing protocol in process 500 has a communication traffic of logl! +2llog | A |. The traffic volume for the fifth round of iterative transformation implemented by the second multi-party secure computing protocol in flow 500 is logm! +2mlog | A |.
Accordingly, it may be determined that the traffic involved in flow 400 is 2(n + l) log | A | + logl |. + logn! The flow 500 involves a traffic volume of 2(m + l) log | A | + logm |. + logl! . The traffic involved in the process 300 mainly includes the traffic when calculating with the second participant based on the right factor, the isomorphic factor, and the left factor, respectively, wherein the traffic when calculating with the second participant based on the right factor is the same as the process 400; the traffic for the calculation based on the left factor and the transformation result of the second participant is the same as in the process 500, and the traffic for the calculation based on the isomorphic factor and the second participant is logl! +3llog | A |. Thus, all traffic in flow 300 amounts to (2m +2n +7l) log | A | + logm |. + logn! +3 logl! . It can be seen from the above communication traffic that the communication traffic in all the communication processes does not contain mn, and the communication traffic required in the technical solution disclosed in the embodiment of the present specification can be effectively reduced in practical application compared to the communication traffic caused by multiplying two terms.
It should be noted that the above description of the respective flows is only for illustration and description, and does not limit the applicable scope of the present specification. Various modifications and alterations to the flow may occur to those skilled in the art, given the benefit of this description. However, such modifications and variations are intended to be within the scope of the present description. For example, changes to the flow steps described herein, such as the addition of pre-processing steps and storage steps, may be made.
FIG. 6 is an exemplary block diagram of a privacy-preserving multi-party secure computing system in accordance with some embodiments of the present description. As shown in FIG. 6, the system 600 may include a decomposition module 610 and a first collaborative computing module 620.
The decomposition module 610 may be configured to decompose the first transform factor to obtain a first transform sequence comprising a plurality of decomposition factors.
The first collaborative computation module 620 may be configured to, in collaboration with the second participant, perform iterative transformation on the first transformed object based on the decomposition factor in the first transformed sequence, thereby obtaining a first segment of the first transformed result.
Wherein the first transformation result is equivalent to a result of the transformation of the first transformed object by the first transformation factor.
FIG. 7 is an exemplary block diagram of a privacy-preserving multi-party secure computing system in accordance with some embodiments of the present description. As shown in FIG. 7, the system 700 may include a second collaborative computing module 710.
The second collaborative computation module 710 may be configured to, in collaboration with the first participant, perform iterative transformation on the first transformed object based on the decomposition factor in the first transformed sequence to obtain a second segment of the first transformed result.
In some embodiments, the first transformation result is equivalent to a result of the transformation of the first transformed object by the first transformation factor.
Wherein the first transform sequence comprises a plurality of decomposition factors into which the first participant decomposes the first transform factor.
With regard to the detailed description of the modules of the system shown above, reference may be made to the flow chart section of this specification, e.g., the associated description of fig. 2-5.
It should be understood that the systems shown in fig. 6 and 7 and their modules may be implemented in a variety of ways. For example, in some embodiments, the system and its modules may be implemented in hardware, software, or a combination of software and hardware. Wherein the hardware portion may be implemented using dedicated logic; the software portions may be stored in a memory for execution by a suitable instruction execution system, such as a microprocessor or specially designed hardware. Those skilled in the art will appreciate that the methods and systems described above may be implemented using computer executable instructions and/or embodied in processor control code, such code being provided, for example, on a carrier medium such as a diskette, CD-or DVD-ROM, a programmable memory such as read-only memory (firmware), or a data carrier such as an optical or electronic signal carrier. The system and its modules in this specification may be implemented not only by hardware circuits such as very large scale integrated circuits or gate arrays, semiconductors such as logic chips, transistors, or programmable hardware devices such as field programmable gate arrays, programmable logic devices, etc., but also by software executed by various types of processors, for example, or by a combination of the above hardware circuits and software (e.g., firmware).
It should be noted that the above description of the exemplary modular diagram system and its modules for a privacy preserving multi-party secure computing system is for descriptive convenience only and does not limit the present description to the scope of the illustrated embodiments. It will be appreciated by those skilled in the art that, given the teachings of the present system, any combination of modules or sub-system configurations may be used to connect to other modules without departing from such teachings. For example, in some embodiments, the decomposition module 610 and the first collaborative computing module 620 may be different modules in a system, or may be a module that implements the functions of two or more of the above-described modules. For example, the decomposition module 610 and the first collaborative computing module 610 may be two modules, or one module may have both decomposition and collaborative computing functions. For example, each module may share one memory module, and each module may have its own memory module. Such variations are within the scope of the present disclosure.
The beneficial effects that may be brought by the embodiments of the present description include, but are not limited to: (1) by decomposing the matrix to be transformed, the vector transformation of the obtained decomposition factor meets a second multiparty safety calculation protocol, the traffic which is in direct proportion to the matrix dimension and generated by the common safety multiplication protocol is avoided, the row-column multiplication item of the matrix cannot be involved in the traffic involved in the calculation process, and the communication overhead involved in the calculation process of the matrix multiplication vector is greatly reduced; (2) the computing is carried out based on the multi-party security computing protocol, so that the privacy and the security of data owned by each participant can be effectively protected.
It is to be noted that different embodiments may produce different advantages, and in different embodiments, any one or combination of the above advantages may be produced, or any other advantages may be obtained.
Having thus described the basic concept, it will be apparent to those skilled in the art that the foregoing detailed disclosure is to be regarded as illustrative only and not as limiting the present specification. Various modifications, improvements and adaptations to the present description may occur to those skilled in the art, although not explicitly described herein. Such modifications, improvements and adaptations are proposed in the present specification and thus fall within the spirit and scope of the exemplary embodiments of the present specification.
Also, the description uses specific words to describe embodiments of the description. Reference throughout this specification to "one embodiment," "an embodiment," and/or "some embodiments" means that a particular feature, structure, or characteristic described in connection with at least one embodiment of the specification is included. Therefore, it is emphasized and should be appreciated that two or more references to "an embodiment" or "one embodiment" or "an alternative embodiment" in various places throughout this specification are not necessarily all referring to the same embodiment. Furthermore, some features, structures, or characteristics of one or more embodiments of the specification may be combined as appropriate.
Moreover, those skilled in the art will appreciate that aspects of the present description may be illustrated and described in terms of several patentable species or situations, including any new and useful combination of processes, machines, manufacture, or materials, or any new and useful improvement thereof. Accordingly, aspects of this description may be performed entirely by hardware, entirely by software (including firmware, resident software, micro-code, etc.), or by a combination of hardware and software. The above hardware or software may be referred to as "data block," module, "" engine, "" unit, "" component, "or" system. Furthermore, aspects of the present description may be represented as a computer product, including computer readable program code, embodied in one or more computer readable media.
The computer storage medium may comprise a propagated data signal with the computer program code embodied therewith, for example, on baseband or as part of a carrier wave. The propagated signal may take any of a variety of forms, including electromagnetic, optical, etc., or any suitable combination. A computer storage medium may be any computer-readable medium that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code located on a computer storage medium may be propagated over any suitable medium, including radio, cable, fiber optic cable, RF, or the like, or any combination of the preceding.
Computer program code required for the operation of various portions of this specification may be written in any one or more programming languages, including an object oriented programming language such as Java, Scala, Smalltalk, Eiffel, JADE, Emerald, C + +, C #, VB.NET, Python, and the like, a conventional programming language such as C, Visual Basic, Fortran 2003, Perl, COBOL 2002, PHP, ABAP, a dynamic programming language such as Python, Ruby, and Groovy, or other programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the latter scenario, the remote computer may be connected to the user's computer through any network format, such as a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet), or in a cloud computing environment, or as a service, such as a software as a service (SaaS).
Additionally, the order in which the elements and sequences of the process are recited in the specification, the use of alphanumeric characters, or other designations, is not intended to limit the order in which the processes and methods of the specification occur, unless otherwise specified in the claims. While various presently contemplated embodiments of the invention have been discussed in the foregoing disclosure by way of example, it is to be understood that such detail is solely for that purpose and that the appended claims are not limited to the disclosed embodiments, but, on the contrary, are intended to cover all modifications and equivalent arrangements that are within the spirit and scope of the embodiments herein. For example, although the system components described above may be implemented by hardware devices, they may also be implemented by software-only solutions, such as installing the described system on an existing server or mobile device.
Similarly, it should be noted that in the preceding description of embodiments of the present specification, various features are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure aiding in the understanding of one or more of the embodiments. This method of disclosure, however, is not intended to imply that more features than are expressly recited in a claim. Indeed, the embodiments may be characterized as having less than all of the features of a single embodiment disclosed above.
Numerals describing the number of components, attributes, etc. are used in some embodiments, it being understood that such numerals used in the description of the embodiments are modified in some instances by the use of the modifier "about", "approximately" or "substantially". Unless otherwise indicated, "about", "approximately" or "substantially" indicates that the number allows a variation of ± 20%. Accordingly, in some embodiments, the numerical parameters used in the specification and claims are approximations that may vary depending upon the desired properties of the individual embodiments. In some embodiments, the numerical parameter should take into account the specified significant digits and employ a general digit preserving approach. Notwithstanding that the numerical ranges and parameters setting forth the broad scope of the range are approximations, in the specific examples, such numerical values are set forth as precisely as possible within the scope of the application.
For each patent, patent application publication, and other material, such as articles, books, specifications, publications, documents, etc., cited in this specification, the entire contents of each are hereby incorporated by reference into this specification. Except where the application history document does not conform to or conflict with the contents of the present specification, it is to be understood that the application history document, as used herein in the present specification or appended claims, is intended to define the broadest scope of the present specification (whether presently or later in the specification) rather than the broadest scope of the present specification. It is to be understood that the descriptions, definitions and/or uses of terms in the accompanying materials of this specification shall control if they are inconsistent or contrary to the descriptions and/or uses of terms in this specification.
Finally, it should be understood that the embodiments described herein are merely illustrative of the principles of the embodiments of the present disclosure. Other variations are also possible within the scope of the present description. Thus, by way of example, and not limitation, alternative configurations of the embodiments of the specification can be considered consistent with the teachings of the specification. Accordingly, the embodiments of the present description are not limited to only those embodiments explicitly described and depicted herein.
Claims (22)
1. A privacy preserving multi-party secure computing method, wherein a first party possesses a private first transformation factor and a second party possesses a private first transformation object, the method performed by the first party, comprising:
decomposing the first transformation factor to obtain a first transformation sequence comprising a plurality of decomposition factors;
performing iterative transformation on the first transformation object based on the decomposition factor in the first transformation sequence in cooperation with a second participant, and further obtaining a first fragment of a first transformation result; the first transformation result is equivalent to a result of the transformation of the first transformed object by the first transformation factor.
2. The method of claim 1, at least one of the iterative transformations being implemented based on a second multi-party security computing protocol, wherein the second multi-party security computing protocol comprises:
obtaining a random factor and a first slice of a first intermediate result; the first segment of the first intermediate result and the second segment of the first intermediate result of the second participant are a sum shared segment of results of transforming a random object based on the random factor;
sending first transmission data to the second participant; the first transmission data is obtained by performing superposition transformation on the inverse of the random factor based on the decomposition factor of the current round of iterative transformation;
acquiring second transmission data of the second participant; the second transmission data is obtained based on a difference value between the random object and a transformation object held by a second participant of the current round;
transforming the second transmission data based on the decomposition factor to obtain a second intermediate result;
transforming the first slice of the first intermediate result based on the first transmission data to obtain a third intermediate result;
and obtaining a first fragment of the current round of iterative transformation results based on the second intermediate result and the third intermediate result.
3. The method of claim 1, the first transform factor being a matrix, the first transform object being a vector; at least one decomposition factor is from an Nth order symmetric group, N is a positive integer, and the first transformation result is equal to a result of matrix multiplication of the first transformation factor and the first transformation object.
4. The method of claim 1, the first transform sequence comprising a left factor, a first intermediate factor, a second intermediate factor, and a right factor; the iteratively transforming, in cooperation with the second participant, the first transformed object based on the decomposition factors in the first transformed sequence to obtain a first slice of a first transformed result, comprising:
based on the right factor, obtaining a first fragment of a right factor transformation result through a first multi-party safety calculation protocol with a second participant based on a first transformation object; the second participant obtains a second segment of the right factor transformation result;
obtaining an isomorphic factor based on the first intermediate factor and the second intermediate factor; obtaining a local fragment of an intermediate transformation result based on the isomorphic factor and the first fragment of the right factor transformation result; based on the isomorphic factor, obtaining a first fragment of an intermediate transformation result through a second multi-party safety calculation protocol with a second fragment of a second participant based on a right factor transformation result; the second participant obtains a second fragment of the intermediate transformation result;
obtaining a local fragment of a left transformation result based on the left factor, the local fragment of the intermediate transformation result and the first fragment of the intermediate transformation result; based on the left factor, obtaining a first fragment of a left conversion result through a third multi-party safety calculation protocol with a second participant based on a second fragment of the intermediate conversion result, and simultaneously obtaining a second fragment of the left conversion result by the second participant;
and obtaining a first fragment of the first transformation result based on the local fragment of the left transformation result and the first fragment of the left transformation result.
5. The method of claim 4, the first transform factor being an m x n matrix with k1 non-0 rows, k2 non-0 columns, and l non-zero elements, the elements in the matrix all from a multiplicative subgroup of A, the first transform object being an n-dimensional vector of elements from A; a is an exchange ring containing 1; the first transformation result is equal to a result of matrix multiplication of the first transformation factor and the first transformation object;
the right factor is a 0-1 matrix of lxn, with k2 non-0 columns, one and only one 1 per row, and the column coordinates of 1 s per row are monotonically non-decreasing;
the first intermediate factor is a diagonal matrix of l x l, and diagonal elements are from a multiplier subgroup of a;
the second intermediate factor is from an order-l symmetric group;
the left factor is a 0-1 matrix of m x l with k1 rows other than 0, with one and only one 1 per column, and the row coordinates of 1's per column are monotonically non-decreasing;
wherein m, n, l, k1 and k2 are positive integers.
6. The method of claim 5, the isomorphic factor is from an order I symmetric group sum (A)X)lHalf direct product of (A)X)lDenotes l AXCartesian or direct product of AXRepresenting a multiplicative subgroup of a, the elements in the semi-direct product comprising a first sub-element which is an l-dimensional vector, the elements therein being from the multiplicative subgroup of a, and a second sub-element from an l-order symmetric group;
obtaining an isomorphic factor based on the first intermediate factor and the second intermediate factor, comprising:
determining a first intermediate vector based on a first intermediate factor, the elements of the first intermediate vector being diagonal elements of the first intermediate factor;
and taking the first intermediate vector as a first sub-element of the isomorphic factor, and taking the second intermediate factor as a second sub-element of the isomorphic factor.
7. The method of claim 6, wherein obtaining, by a second multi-party secure computing protocol, a first slice of an intermediate transformation result based on the isomorphic factor and a second slice of a right-factor transformation result based on the second slice of the right-factor transformation result comprises:
obtaining a random factor and a first slice of a first intermediate result; the first segment of the first intermediate result and the second segment of the first intermediate result of the second participant are a sum shared segment of results of transforming a random object based on the random factor; the random factor is from the semi-direct product, the random object is an l-dimensional vector, and elements in the vector are from a multiplier subgroup of A;
sending first transmission data to the second participant; the first transmission data is obtained by carrying out the group multiplication of the half direct product based on the inversion of the isomorphic factor and the random factor;
acquiring second transmission data of the second participant; the second transmission data is obtained based on a difference value of the random object and a second slice of the right factor transformation result;
transforming the second transmission data based on the isomorphic factor to obtain a second intermediate result;
transforming the first slice of the first intermediate result based on the first transmission data to obtain a third intermediate result;
obtaining a first slice of the intermediate transformation result based on the second intermediate result and the third intermediate result.
8. The method of claim 7, transforming the random object based on the stochastic factor, comprising:
performing position permutation on elements in the random object based on a second sub-element of a random factor;
multiplying a first sub-element of the random factor by a permutation result in a bitwise manner to obtain a first intermediate result;
transforming the second transmission data based on the isomorphic factor to obtain a second intermediate result, comprising:
permuting positions of elements in the second transmission data based on a second intermediate factor;
multiplying the first intermediate vector by a permutation result according to bits to obtain a second intermediate result;
transforming the first slice of the first intermediate result based on the first transmission data to obtain a third intermediate result, comprising:
permuting positions of elements in a first tile of the first intermediate result based on a second sub-element of the first transmission data;
multiplying a first sub-element of the first transmission data by a permutation result in a bitwise manner to obtain a third intermediate result;
the first slice of the intermediate transform result is equal to the sum of the second intermediate result and the third intermediate result.
9. The method of claim 4, the first or third multi-party secure computing protocol comprising:
decomposing the transformation factors to obtain a second transformation sequence containing a plurality of decomposition factors; the plurality of decomposition factors include a private factor and a public factor, the public factor being held by a second party at the same time;
the method comprises the steps of cooperating with a second participant, sequentially carrying out iterative transformation on a transformation object based on a plurality of decomposition factors in a second transformation sequence, and further obtaining a first fragment of a transformation result; wherein, the transformation of the common factors is carried out by the participators independently; transformation involving a privacy factor is performed by a participant based on a second multi-party secure computing protocol;
the transformation result is equal to the result of transforming the transformation object by using the transformation factor; in the first multiparty security computing protocol, the conversion factor is a right factor, and the conversion object is a first conversion object; in the third multiparty security computing protocol, the transformation factor is a left factor and the transformation object is the second slice of the intermediate transformation result.
10. The method of claim 9, when conversion of the privacy factor is involved, to implement the second multi-party secure computing protocol, the first party performing steps comprising:
obtaining a random factor and a first slice of a first intermediate result; the first segment of the first intermediate result and the second segment of the first intermediate result of the second participant are a sum shared segment of results of transforming a random object based on the random factor;
sending first transmission data to the second participant; the first transmission data is obtained by performing superposition transformation on the inverse of the random factor based on a private factor;
acquiring second transmission data of the second participant; when the current transformation is a first round of iterative transformation, the second transmission data is obtained based on a difference value between the random object and the transformation object; when the current transformation is not the first round of iterative transformation, the second transmission data is obtained based on the difference value of the random object and the previous round of iterative transformation result, or based on the difference value of the random object and the second fragment of the previous round of iterative transformation result;
transforming the second transmission data based on the private factor to obtain a second intermediate result;
transforming the first slice of the first intermediate result based on the first transmission data to obtain a third intermediate result;
and obtaining a first fragment of the current round of iterative transformation results based on the second intermediate result and the third intermediate result.
11. The method of claim 10, wherein the random factor is from an order-N symmetry group, and the random object is an N-dimensional vector whose elements belong to a commutative ring a containing 1; n is a positive integer;
the result of transforming the random object based on the random factor is obtained by performing position replacement on elements in a random object e based on a random factor h;
the first transmission data f is based on obtaining gh-1Obtaining g as the private factor;
obtaining second transmission data i based on x-e, wherein x is the transformation object or the previous iteration transformation result or a second fragment of the previous iteration transformation result;
the second intermediate result is a permutation result of the position permutation of the elements in i based on g;
the third intermediate result is based on f vs d0The result of substitution by position substitution of the element in (1), d0A first slice that is a first intermediate result;
the first slice of the current round of iterative transformation results is the sum of the second intermediate result and the third intermediate result.
12. A privacy preserving multi-party secure computing system, a first party having a private first transformation factor and a second party having a private first transformation object, the system implemented by the first party comprising:
the decomposition module is used for decomposing the first transformation factor to obtain a first transformation sequence of a plurality of decomposition factors;
the first collaborative computing module is used for collaborating with a second participant and carrying out iterative transformation on a first transformation object based on the decomposition factor in the first transformation sequence so as to obtain a first fragment of a first transformation result; the first transformation result is equivalent to a result of the transformation of the first transformed object by the first transformation factor.
13. A privacy-preserving, multi-party secure computing apparatus, the apparatus comprising at least one processor and at least one storage device to store instructions that, when executed by the at least one processor, cause the apparatus to implement the method of any one of claims 1-11.
14. A privacy preserving multi-party secure computing method, wherein a first party possesses a private first transformation factor and a second party possesses a private first transformation object, the method performed by the second party, comprising:
performing iterative transformation on the first transformation object based on the decomposition factor in the first transformation sequence in cooperation with the first participant, and further obtaining a second fragment of the first transformation result; the first transformation result is equal to a result of transforming the first transformed object by the first transformation factor;
wherein the first transform sequence comprises a plurality of decomposition factors into which the first participant decomposes the first transform factor.
15. The method of claim 14, at least one of the iterative transformations being implemented based on a second multi-party security computing protocol, wherein the second multi-party security computing protocol comprises:
obtaining a second fragment of the random object and the first intermediate result; the second segment of the first intermediate result and the first segment of the first intermediate result of the first participant are a sum shared segment of results of transforming the random object based on a random factor;
obtaining first transmission data of the first participant; the first transmission data is obtained by performing superposition transformation on the inverse of the random factor based on the decomposition factor of the current round of iterative transformation;
sending second transmission data to the first participant; the second transmission data is obtained based on a difference value between the random object and a transformation object held by a second participant of the current round;
transforming the second slice of the first intermediate result based on the first transmission data to obtain a fourth intermediate result;
and obtaining a second fragment of the current round of iterative transformation result based on the fourth intermediate result.
16. The method of claim 14, the first transform factor being a matrix, the first transform object being a vector; at least one decomposition factor is from an Nth order symmetric group, N is a positive integer, and the first transformation result is equal to a result of matrix multiplication of the first transformation factor and the first transformation object.
17. The method of claim 14, the first transform sequence comprising a left factor, a first intermediate factor, a second intermediate factor, and a right factor; the iteratively transforming the first transformed object based on the decomposition factor in the first transformed sequence in cooperation with the first participant to obtain a second segment of the first transformed result includes:
based on the first transformation object and the first participant, based on the right factor, a second fragment of a right factor transformation result is obtained through a first multi-party safety calculation protocol; a first participant obtains a first segment of a right factor transformation result;
the second fragment of the right factor transformation result and the first participant are based on isomorphic factors, and a second fragment of the middle transformation result is obtained through a second multi-party security calculation protocol; the first participant obtains a first segment of the intermediate transformation result; wherein the isomorphic factor is obtained by the first participant based on a first intermediate factor and a second intermediate factor;
the second fragment of the left conversion result is obtained based on the second fragment of the middle conversion result and the first participant through a third multi-party safety calculation protocol based on a left factor, and meanwhile, the first participant obtains the first fragment of the left conversion result;
based on the second slice of the left transformation result, a second slice of the first transformation result is obtained.
18. The method of claim 17, wherein the obtaining of the second slice of the intermediate transformation result based on the second slice of the right factor transformation result and the first participant through the second multi-party secure computing protocol based on the isomorphic factor comprises:
obtaining a second fragment of the random object and the first intermediate result; the second segment of the first intermediate result and the first segment of the first intermediate result of the first participant are a sum shared segment of results of transforming the random object based on a random factor; the random factor is from a semi-direct product which belongs to the same category as the isomorphic factor, the random object is a vector with l dimension, and elements in the vector are from a multiplier subgroup of A;
acquiring first transmission data of a first participant; the first transmission data is obtained by carrying out the group multiplication of the half direct product based on the inversion of the isomorphic factor and the random factor;
sending second transmission data to the first participant; the second transmission data is obtained based on a difference value of the random object and a second slice of the right factor transformation result;
transforming the second slice of the first intermediate result based on the first transmission data to obtain a fourth intermediate result;
obtaining a second slice of the intermediate transformation result based on the fourth intermediate result.
19. The method of claim 18, the first transmission data being from an order-l symmetric group sum (a)X)lHalf direct product of (A)X)lDenotes l AXCartesian or direct product of AXRepresenting a multiplicative subgroup of a, the elements in the semi-direct product comprising a first sub-element which is an l-dimensional vector, the elements therein being from the multiplicative subgroup of a, and a second sub-element from an l-order symmetric group;
transforming the second slice of the first intermediate result based on the first transmission data to obtain a fourth intermediate result, comprising:
performing position permutation on elements in a second slice of the first intermediate result based on a second sub-element of the first transmission data;
and multiplying the first sub-element of the first transmission data by the replacement result according to bits to obtain the fourth intermediate result.
20. The method of claim 17, the first or third multi-party secure computing protocols comprising:
the first participant is cooperated with the second participant, and the transformation object is subjected to iterative transformation sequentially based on a plurality of decomposition factors in the second transformation sequence, so that a second fragment of the transformation result is obtained; the plurality of decomposition factors of the second transformation sequence are obtained by decomposing the transformation factors by the first participant; the plurality of decomposition factors include a private factor and a public factor, the public factor being held by a second party at the same time; transformations involving common factors, performed solely by the participants; transformation involving a privacy factor is performed by a participant based on a second multi-party secure computing protocol;
the transformation result is equal to the result of transforming the transformation object by using the transformation factor; in the first multiparty security computing protocol, the conversion factor is a right factor, and the conversion object is a first conversion object; in the third multiparty security computing protocol, the transformation factor is a left factor and the transformation object is the second slice of the intermediate transformation result.
21. A privacy preserving multi-party secure computing system in which a first party possesses a private first transformation factor and a second party possesses a private first transformation object, the system implemented by the second party comprising:
the second collaborative computing module is used for collaborating with the first participant and carrying out iterative transformation on the first transformation object based on the decomposition factor in the first transformation sequence so as to obtain a second fragment of the first transformation result; the first transformation result is equal to a result of transforming the first transformed object by the first transformation factor;
wherein the first transform sequence comprises a plurality of decomposition factors into which the first participant decomposes the first transform factor.
22. A privacy-preserving multi-party secure computing apparatus, the apparatus comprising at least one processor and at least one storage device to store instructions that, when executed by the at least one processor, cause the apparatus to implement the method of any one of claims 14-20.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111205885.5A CN113949505B (en) | 2021-10-15 | 2021-10-15 | Multiparty security computing method and system for privacy protection |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111205885.5A CN113949505B (en) | 2021-10-15 | 2021-10-15 | Multiparty security computing method and system for privacy protection |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113949505A true CN113949505A (en) | 2022-01-18 |
| CN113949505B CN113949505B (en) | 2024-07-02 |
Family
ID=79331064
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111205885.5A Active CN113949505B (en) | 2021-10-15 | 2021-10-15 | Multiparty security computing method and system for privacy protection |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113949505B (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114282076A (en) * | 2022-03-04 | 2022-04-05 | 支付宝(杭州)信息技术有限公司 | Sorting method and system based on secret sharing |
| CN114282256A (en) * | 2022-03-04 | 2022-04-05 | 支付宝(杭州)信息技术有限公司 | Secret sharing-based sorting scrambling method and recovery method |
| CN114338017A (en) * | 2022-03-04 | 2022-04-12 | 支付宝(杭州)信息技术有限公司 | Sorting method and system based on secret sharing |
| CN114327371A (en) * | 2022-03-04 | 2022-04-12 | 支付宝(杭州)信息技术有限公司 | Secret sharing-based multi-key sorting method and system |
| CN114781000A (en) * | 2022-06-21 | 2022-07-22 | 支付宝(杭州)信息技术有限公司 | Method and device for determining correlation between object features of large-scale data |
| CN115866047A (en) * | 2023-01-31 | 2023-03-28 | 华控清交信息科技(北京)有限公司 | Data redirection method and device in multi-party security computing and electronic equipment |
| CN116055049A (en) * | 2023-04-03 | 2023-05-02 | 富算科技(上海)有限公司 | Multiparty secure computing method, device, system, electronic equipment and storage medium |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2317689A2 (en) * | 2009-09-04 | 2011-05-04 | Gradiant-Centro Tecnoloxico de Telecomunicacións de Galicia | Cryptographic system for performing secure computations and signal processing directly on encrypted data in untrusted environments |
| WO2013172790A1 (en) * | 2012-05-16 | 2013-11-21 | Nanyang Technological University | Methods for determining a result of applying a function to an input and evaluation devices |
| CN110011795A (en) * | 2019-04-12 | 2019-07-12 | 郑州轻工业学院 | Symmetric group cryptographic key negotiation method based on block chain |
| CN111400766A (en) * | 2020-03-25 | 2020-07-10 | 支付宝(杭州)信息技术有限公司 | Method and device for multi-party joint dimension reduction processing aiming at private data |
| CN111539027A (en) * | 2020-07-08 | 2020-08-14 | 支付宝(杭州)信息技术有限公司 | Information verification method and system based on privacy protection of two parties |
| CN111737337A (en) * | 2020-08-14 | 2020-10-02 | 支付宝(杭州)信息技术有限公司 | Multi-party data conversion method, device and system based on data privacy protection |
| CN112765664A (en) * | 2021-01-26 | 2021-05-07 | 河南师范大学 | Safe multi-party k-means clustering method with differential privacy |
| CN113094763A (en) * | 2021-04-12 | 2021-07-09 | 支付宝(杭州)信息技术有限公司 | Selection problem processing method and system for protecting data privacy |
-
2021
- 2021-10-15 CN CN202111205885.5A patent/CN113949505B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2317689A2 (en) * | 2009-09-04 | 2011-05-04 | Gradiant-Centro Tecnoloxico de Telecomunicacións de Galicia | Cryptographic system for performing secure computations and signal processing directly on encrypted data in untrusted environments |
| WO2013172790A1 (en) * | 2012-05-16 | 2013-11-21 | Nanyang Technological University | Methods for determining a result of applying a function to an input and evaluation devices |
| CN110011795A (en) * | 2019-04-12 | 2019-07-12 | 郑州轻工业学院 | Symmetric group cryptographic key negotiation method based on block chain |
| CN111400766A (en) * | 2020-03-25 | 2020-07-10 | 支付宝(杭州)信息技术有限公司 | Method and device for multi-party joint dimension reduction processing aiming at private data |
| CN111539027A (en) * | 2020-07-08 | 2020-08-14 | 支付宝(杭州)信息技术有限公司 | Information verification method and system based on privacy protection of two parties |
| CN111737337A (en) * | 2020-08-14 | 2020-10-02 | 支付宝(杭州)信息技术有限公司 | Multi-party data conversion method, device and system based on data privacy protection |
| CN112765664A (en) * | 2021-01-26 | 2021-05-07 | 河南师范大学 | Safe multi-party k-means clustering method with differential privacy |
| CN113094763A (en) * | 2021-04-12 | 2021-07-09 | 支付宝(杭州)信息技术有限公司 | Selection problem processing method and system for protecting data privacy |
Non-Patent Citations (2)
| Title |
|---|
| 胡志言;杜学绘;曹利峰;: "会话密钥协商协议研究进展", 计算机应用与软件, no. 05, 12 May 2018 (2018-05-12) * |
| 马敏耀;吴恋;陈松良;左羽;汤艳玲;: "基于加法同态加密体制的安全变换相等判定协议", 北京邮电大学学报, no. 1, 15 June 2017 (2017-06-15) * |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114282076A (en) * | 2022-03-04 | 2022-04-05 | 支付宝(杭州)信息技术有限公司 | Sorting method and system based on secret sharing |
| CN114282256A (en) * | 2022-03-04 | 2022-04-05 | 支付宝(杭州)信息技术有限公司 | Secret sharing-based sorting scrambling method and recovery method |
| CN114338017A (en) * | 2022-03-04 | 2022-04-12 | 支付宝(杭州)信息技术有限公司 | Sorting method and system based on secret sharing |
| CN114327371A (en) * | 2022-03-04 | 2022-04-12 | 支付宝(杭州)信息技术有限公司 | Secret sharing-based multi-key sorting method and system |
| CN114282256B (en) * | 2022-03-04 | 2022-06-07 | 支付宝(杭州)信息技术有限公司 | Secret sharing-based sorting scrambling method and recovery method |
| CN114338017B (en) * | 2022-03-04 | 2022-06-10 | 支付宝(杭州)信息技术有限公司 | Sorting method and system based on secret sharing |
| CN114282076B (en) * | 2022-03-04 | 2022-06-14 | 支付宝(杭州)信息技术有限公司 | Sorting method and system based on secret sharing |
| CN114327371B (en) * | 2022-03-04 | 2022-06-21 | 支付宝(杭州)信息技术有限公司 | Secret sharing-based multi-key sorting method and system |
| CN114781000A (en) * | 2022-06-21 | 2022-07-22 | 支付宝(杭州)信息技术有限公司 | Method and device for determining correlation between object features of large-scale data |
| CN115866047A (en) * | 2023-01-31 | 2023-03-28 | 华控清交信息科技(北京)有限公司 | Data redirection method and device in multi-party security computing and electronic equipment |
| CN116055049A (en) * | 2023-04-03 | 2023-05-02 | 富算科技(上海)有限公司 | Multiparty secure computing method, device, system, electronic equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113949505B (en) | 2024-07-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113949505A (en) | Privacy-protecting multi-party security computing method and system | |
| Wagh et al. | Securenn: Efficient and private neural network training | |
| Jiang et al. | Secure outsourced matrix computation and application to neural networks | |
| Chen et al. | Vertically federated graph neural network for privacy-preserving node classification | |
| Chaudhari et al. | Trident: Efficient 4pc framework for privacy preserving machine learning | |
| CN111177790B (en) | Collaborative computing method, system and device for protecting data privacy of two parties | |
| CN113949510A (en) | Privacy-protecting multi-party security computing method and system | |
| US20230154630A1 (en) | Realizing private and practical pharmacological collaboration using a neural network architecture configured for reduced computation overhead | |
| CH708239B1 (en) | Key agreement protocol. | |
| CN113158239A (en) | Selection problem processing method for protecting data privacy | |
| CN113761469A (en) | Highest bit carry calculation method for protecting data privacy | |
| CN113065145A (en) | Privacy protection linear regression method based on secret sharing and random disturbance | |
| CN115994559A (en) | Efficient method for converting unintentional neural network | |
| Panzade et al. | Towards faster functional encryption for privacy-preserving machine learning | |
| US11444926B1 (en) | Privacy-preserving efficient subset selection of features for regression models in a multi-party computation setting | |
| CN115333726A (en) | Fixed point number secure multiplication method based on vector space secret sharing | |
| CN117291258A (en) | Neural network training reasoning method and system based on function secret sharing | |
| Li et al. | FPCNN: A fast privacy-preserving outsourced convolutional neural network with low-bandwidth | |
| CN111859440B (en) | Sample classification method of distributed privacy protection logistic regression model based on mixed protocol | |
| Tsitsas et al. | A recursive algorithm for the inversion of matrices with circulant blocks | |
| CN104580174A (en) | Sensitive data computation outsourcing service method capable of preventing malicious server attacks | |
| Ge et al. | Practical two-party privacy-preserving neural network based on secret sharing | |
| Saadeh et al. | Epsilon-differentially private and fully secure logistic regression on vertically split data | |
| Chen et al. | Secret sharing based secure regressions with applications | |
| CN112989421A (en) | Method and system for processing safety selection problem |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20240926 Address after: Room 302, 3rd Floor, Building 1, Yard 1, Danling Street, Haidian District, Beijing, 100080 Patentee after: Sasi Digital Technology (Beijing) Co.,Ltd. Country or region after: China Address before: 310000 801-11 section B, 8th floor, 556 Xixi Road, Xihu District, Hangzhou City, Zhejiang Province Patentee before: Alipay (Hangzhou) Information Technology Co.,Ltd. Country or region before: China |