CN114282256A - Secret sharing-based sorting scrambling method and recovery method - Google Patents

Secret sharing-based sorting scrambling method and recovery method Download PDF

Info

Publication number
CN114282256A
CN114282256A CN202210205844.4A CN202210205844A CN114282256A CN 114282256 A CN114282256 A CN 114282256A CN 202210205844 A CN202210205844 A CN 202210205844A CN 114282256 A CN114282256 A CN 114282256A
Authority
CN
China
Prior art keywords
sequence
fragment
order
participant
ordering
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210205844.4A
Other languages
Chinese (zh)
Other versions
CN114282256B (en
Inventor
方文静
王力
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alipay Hangzhou Information Technology Co Ltd
Original Assignee
Alipay Hangzhou Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alipay Hangzhou Information Technology Co Ltd filed Critical Alipay Hangzhou Information Technology Co Ltd
Priority to CN202210205844.4A priority Critical patent/CN114282256B/en
Publication of CN114282256A publication Critical patent/CN114282256A/en
Application granted granted Critical
Publication of CN114282256B publication Critical patent/CN114282256B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

Some embodiments of the present disclosure relate to the field of information security technologies, and in particular, to a method for scrambling and recovering a sequence based on secret sharing. Wherein, the first participant holds the first fragment of the first sequence in the ordering scrambling method; the second participant holds a second fragment of the first sequence; by executing a secret sharing arrangement protocol, a first party obtains a first fragment of a first out-of-order sequence, and a second party obtains a second fragment of the first out-of-order sequence; the sorting recovery method is used for recovering the first disorder sequence obtained by the method in a disordering mode to obtain the first sequence.

Description

Secret sharing-based sorting scrambling method and recovery method
Technical Field
Some embodiments of the present disclosure relate to the field of information security technologies, and in particular, to a method for scrambling and recovering a sequence based on secret sharing.
Background
Data plays an increasingly important role in the world today, and in many application scenarios data has become a resource to protect. In an actual business scenario, some troublesome problems are often encountered due to the need to protect data privacy security and data isolation. For example, multiple collaborators participating in a business want to complete modeling, statistical analysis and other tasks together, but cannot perform direct fusion modeling or statistical analysis on data due to data privacy, data isolation and other reasons. Tools in cryptography to address multi-party security computing can be used to accomplish this type of task.
Therefore, the present specification provides a sort scrambling method and a recovery method based on secret sharing, which can be implemented as the bottom layer of some multi-party secure computations.
Disclosure of Invention
Some embodiments of the present description relate to a method of orderliness based on secret sharing, wherein a first participant holds a first shard of a first sequence; the second participant holds a second fragment of the first sequence; the method is performed by the first party and comprises: acquiring a first random sequencing sequence; the sorting sequence is used for identifying the operation of sorting the equal-length sequence, and the element of the sorting sequence indicates the position of the alignment data in the equal-length sequence in the result sequence; based on the first random sequencing sequence and the first fragment of the first sequence, and a second participant based on the second fragment of the first sequence, obtaining a first fragment of a first out-of-order intermediate sequence through a secret sharing arrangement protocol; the second participant obtains a second slice of the first out-of-order subsequence; the first out-of-order intermediate sequence is equal to a result sequence of ordering the first sequence based on the first randomly ordered sequence; based on the first fragment of the first out-of-order intermediate sequence, and a second participant, based on a second fragment of the first out-of-order intermediate sequence and a second random sequencing sequence, obtaining the first fragment of the first out-of-order sequence through a secret sharing arrangement protocol; the second participant obtains a second fragment of the first out-of-order sequence; the first out-of-order sequence is equal to a result sequence of ordering the first out-of-order intermediate sequence based on the second randomly ordered sequence.
Some embodiments of the present description relate to a secret sharing based sort scrambling system in which a first participant holds a first slice of a first sequence; the second participant holds a second fragment of the first sequence; the system is deployed at a first party, comprising: the first random sequencing sequence acquisition module is used for acquiring a first random sequencing sequence; the sorting sequence is used for identifying the operation of sorting the equal-length sequence, and the element of the sorting sequence indicates the position of the alignment data in the equal-length sequence in the result sequence; a first fragment obtaining module of a first out-of-order intermediate sequence, configured to obtain, based on the first random ordering sequence and a first fragment of the first sequence, a first fragment of the first out-of-order intermediate sequence through a secret sharing arrangement protocol with a second party based on a second fragment of the first sequence; the first out-of-order intermediate sequence is equal to a result sequence of ordering the first sequence based on the first randomly ordered sequence; a first out-of-order sequence first fragment obtaining module, configured to obtain, based on a first fragment of the first out-of-order intermediate sequence, a first fragment of the first out-of-order sequence through a secret sharing arrangement protocol with a second participant based on a second fragment of the first out-of-order intermediate sequence and a second random ordering sequence; the first out-of-order sequence is equal to a result sequence of ordering the first out-of-order intermediate sequence based on the second randomly ordered sequence.
Some embodiments of the present description relate to a secret sharing based sort scrambling apparatus including a processor for executing a computer program to implement the above-described method.
Some embodiments of the present description relate to a method of orderliness based on secret sharing, wherein a first participant holds a first shard of a first sequence; the second participant holds a second fragment of the first sequence; the method is performed by the second party and comprises: acquiring a second random sequencing sequence; the sorting sequence is used for identifying the operation of sorting the equal-length sequence, and the element of the sorting sequence indicates the position of the alignment data in the equal-length sequence in the result sequence; based on the second fragment of the first sequence, and a first participant, based on the first fragment of the first sequence and a first random sequencing sequence, obtaining a second fragment of a first out-of-order intermediate sequence through a secret sharing arrangement protocol; a first participant obtains a first slice of a first out-of-order subsequence; the first out-of-order intermediate sequence is equal to a result sequence of ordering the first sequence based on the first randomly ordered sequence; based on the second fragment of the first out-of-order intermediate sequence and the second random sequencing sequence, and the first participant based on the first fragment of the first out-of-order intermediate sequence, obtaining a second fragment of the first out-of-order sequence through a secret sharing arrangement protocol; a first participant obtains a first slice of a first out-of-order sequence; the first out-of-order sequence is equal to a result sequence of ordering the first out-of-order intermediate sequence based on the second randomly ordered sequence.
Some embodiments of the present description relate to a secret sharing based sort scrambling system in which a first participant holds a first slice of a first sequence; the second participant holds a second fragment of the first sequence; the system is deployed at a second party, comprising: the second random sequencing sequence acquisition module is used for acquiring a second random sequencing sequence; the sorting sequence is used for identifying the operation of sorting the equal-length sequence, and the element of the sorting sequence indicates the position of the alignment data in the equal-length sequence in the result sequence; the first out-of-order intermediate sequence second fragment acquisition module is used for acquiring a second fragment of a first out-of-order intermediate sequence through a secret sharing arrangement protocol based on the second fragment of the first sequence and the first random sequencing sequence with a first participant based on the first fragment of the first sequence and the first random sequencing sequence; the first out-of-order intermediate sequence is equal to a result sequence of ordering the first sequence based on the first randomly ordered sequence; the first out-of-order sequence second fragment acquisition module is used for acquiring a second fragment of the first out-of-order sequence through a secret sharing arrangement protocol based on the second fragment of the first out-of-order intermediate sequence and the second random sequencing sequence and the first fragment of the first party based on the first out-of-order intermediate sequence; the first out-of-order sequence is equal to a result sequence of ordering the first out-of-order intermediate sequence based on the second randomly ordered sequence.
Some embodiments of the present description relate to a secret sharing-based method for recovering a sequence, where the method is used to recover a first out-of-order sequence of fragments obtained by the secret sharing-based method for scrambling a sequence or other sequences of fragments obtained based on the first out-of-order sequence of fragments to obtain a second sequence of fragments; wherein the first participant holds a first fragment of the second out-of-order sequence; a second participant holds a second fragment of a second out-of-order sequence, the second out-of-order sequence being equal to the first out-of-order sequence or the other sequence; the method is performed by the first party and comprises: acquiring an inverse sequence of the first random sequencing sequence; based on the first fragment of the second out-of-order sequence, and a second participant, based on a second fragment of the second out-of-order sequence and an inverse sequence of the second random ordering sequence, obtaining a first fragment of a second out-of-order intermediate sequence through a secret sharing arrangement protocol; the second participant obtains a second slice of the second out-of-order subsequence; the second out-of-order intermediate sequence is equal to a result sequence of ordering the second out-of-order sequence based on an inverse sequence of the second randomly ordered sequence; based on the first fragment of the second out-of-order intermediate sequence and the inverse sequence of the first random ordering sequence, and a second participant based on a second fragment of the second out-of-order intermediate sequence, obtaining a first fragment of the second sequence through a secret sharing arrangement protocol; the second participant obtains a second fragment of the second sequence; the second sequence is equal to a resulting sequence of ordering the second out-of-order intermediate sequence based on an inverse of the first randomly ordered sequence.
Some embodiments of the present specification relate to a secret sharing-based ranking recovery system, configured to recover a first out-of-order sequence of fragments obtained by the secret sharing-based ranking obfuscating method or other sequences of fragments obtained based on the first out-of-order sequence of fragments, to obtain a second sequence of fragments; wherein the first participant holds a first fragment of the second out-of-order sequence; a second participant holds a second fragment of a second out-of-order sequence, the second out-of-order sequence being equal to the first out-of-order sequence or the other sequence; the system is deployed at a first party, comprising: a first reverse sequence obtaining module, configured to obtain a reverse sequence of the first random ordering sequence; the second out-of-order intermediate sequence first fragment acquisition module is used for acquiring a first fragment of a second out-of-order intermediate sequence through a secret sharing arrangement protocol based on the first fragment of the second out-of-order sequence and a second fragment of a second party based on the second out-of-order sequence and an inverse sequence of the second random sequencing sequence; the second out-of-order intermediate sequence is equal to a result sequence of ordering the first out-of-order sequence based on an inverse sequence of the second randomly ordered sequence; a second sequence first fragment obtaining module, configured to obtain, based on a first fragment of the second out-of-order intermediate sequence and an inverse sequence of the first random ordering sequence, a first fragment of the second sequence through a secret sharing arrangement protocol with a second participant based on a second fragment of the second out-of-order intermediate sequence; the second sequence is equal to a resulting sequence of ordering the second out-of-order intermediate sequence based on an inverse of the first randomly ordered sequence.
Some embodiments of the present description relate to a secret sharing based ranking restoration apparatus comprising a processor for executing a computer program to implement the above-described method.
Some embodiments of the present description relate to a secret sharing-based method for recovering a sequence, where the method is used to recover a first out-of-order sequence of fragments obtained by the secret sharing-based method for scrambling a sequence or other sequences of fragments obtained based on the first out-of-order sequence of fragments to obtain a second sequence of fragments; wherein the first participant holds a first fragment of the second out-of-order sequence; a second participant holds a second slice of a second out-of-order sequence, the second out-of-order sequence being equal to the first out-of-order sequence or the other sequence; the method is performed by the second party and comprises: acquiring an inverse sequence of the second random sequencing sequence; based on the second fragment of the second disorder sequence and the inverse sequence of the second random sequencing sequence, and the first participant based on the first fragment of the second disorder sequence, obtaining a second fragment of a second disorder intermediate sequence through a secret sharing arrangement protocol; the first participant obtains a first slice of the second out-of-order subsequence; the second out-of-order intermediate sequence is equal to a result sequence of ordering the first out-of-order sequence based on an inverse sequence of the second randomly ordered sequence; obtaining a second fragment of the second sequence through a secret sharing arrangement protocol based on the second fragment of the second out-of-order intermediate sequence and the first participant based on the first fragment of the second out-of-order intermediate sequence and the reverse sequence of the first random ordering sequence; the first participant obtains a first fragment of the second sequence; the second sequence is equal to a resulting sequence of ordering the second out-of-order intermediate sequence based on an inverse of the first randomly ordered sequence.
Some embodiments of the present description relate to a secret sharing-based ranking recovery system, configured to recover a first out-of-order sequence of fragments obtained by scrambling according to the secret sharing-based scrambling method or other sequences of fragments obtained based on the first out-of-order sequence of fragments, so as to obtain a second sequence of fragments; wherein a first participant holds a first fragment of a second out-of-order sequence, and a second participant holds a second fragment of a second out-of-order sequence, the second out-of-order sequence being equal to the first out-of-order sequence or the other sequences; the system is deployed at a second party, comprising: a second reverse sequence obtaining module, configured to obtain a reverse sequence of the second random ordering sequence; a second disorder intermediate sequence second fragment obtaining module, configured to obtain, based on a second fragment of the second disorder sequence and an inverse sequence of the second random ordering sequence, a second fragment of the second disorder intermediate sequence through a secret sharing arrangement protocol with a first fragment of a first participant based on the second disorder sequence; the second out-of-order intermediate sequence is equal to a result sequence of ordering the second out-of-order sequence based on an inverse sequence of the second randomly ordered sequence; a first sequence second fragment obtaining module, configured to obtain, based on a second fragment of the second out-of-order intermediate sequence, a second fragment of the second sequence through a secret sharing arrangement protocol with a first participant based on a first fragment of the second out-of-order intermediate sequence and an inverse sequence of the first random ordering sequence; the second sequence is equal to a resulting sequence of ordering the second out-of-order intermediate sequence based on an inverse of the first randomly ordered sequence.
Drawings
The present description will be further explained by way of exemplary embodiments, which will be described in detail by way of the accompanying drawings. These embodiments are not intended to be limiting, and in these embodiments like numerals are used to indicate like structures, wherein:
FIG. 1 is an exemplary interaction flow diagram of a secret sharing based ordering obfuscation method according to some embodiments of the present description;
FIG. 2 is an exemplary interaction flow diagram of a secret sharing based rank recovery method according to some embodiments of the present description;
FIG. 3 is a schematic diagram of generating an ordering vector, according to some embodiments of the present description;
FIG. 4 is a schematic diagram of a secret sharing arrangement protocol according to some embodiments of the present description;
FIG. 5 is an exemplary block diagram of a secret sharing based sort scrambling system, shown in accordance with some embodiments of the present description;
FIG. 6 is an exemplary block diagram of a secret sharing based sort scrambling system, according to further embodiments of the present description;
FIG. 7 is an exemplary block diagram of a secret sharing based ranking recovery system in accordance with some embodiments of the present description;
FIG. 8 is an exemplary block diagram of a system for recovering from a secret sharing based ranking according to further embodiments of the present description.
Detailed Description
In order to more clearly illustrate the technical solutions of the embodiments of the present disclosure, the drawings used in the description of the embodiments will be briefly described below. It is obvious that the drawings in the following description are only examples or embodiments of the present description, and that for a person skilled in the art, the present description can also be applied to other similar scenarios on the basis of these drawings without inventive effort. Unless otherwise apparent from the context, or otherwise indicated, like reference numbers in the figures refer to the same structure or operation.
It should be understood that "system", "device", "unit" and/or "module" as used herein is a method for distinguishing different components, elements, parts, portions or assemblies at different levels. However, other words may be substituted by other expressions if they accomplish the same purpose.
As used in this specification and the appended claims, the terms "a," "an," "the," and/or "the" are not intended to be inclusive in the singular, but rather are intended to be inclusive in the plural, unless the context clearly dictates otherwise. In general, the terms "comprises" and "comprising" merely indicate that steps and elements are included which are explicitly identified, that the steps and elements do not form an exclusive list, and that a method or apparatus may include other steps or elements.
Flow charts are used in this description to illustrate operations performed by a system according to embodiments of the present description. It should be understood that the preceding or following operations are not necessarily performed in the exact order in which they are performed. Rather, the various steps may be processed in reverse order or simultaneously. Meanwhile, other operations may be added to the processes, or a certain step or several steps of operations may be removed from the processes.
The secure multiparty computing enables participating parties to achieve task goals based on the joint data of the parties without exposing the privacy of their respective data. Secure multi-party computing (SMPC), MPC for short, also called multi-party Secure computing, solves the problem of how to securely compute an agreed function without a trusted third party. The MPC needs to ensure both the privacy of input and output and the correctness of the result, i.e. private data (input) of any party cannot be revealed during the interactive computation, and also needs to ensure that the computed result is consistent with the result obtained by directly inputting private data of each party into the agreed function.
Secure multiparty computation can be implemented in conjunction with secret sharing, and the computation results (output) can be distributed to the parties in a sharded fashion. Specifically, through interactive computation, each participant can obtain an output fragment of the commitment function, and the output fragment obtained by each party is obtained by directly inputting private data of each party into the commitment function and then splitting function output (secret). In this specification, such secure multiparty computation implemented in conjunction with secret sharing is also referred to as secret sharing operation, and specifically, secret sharing ranking, secret sharing sequence scrambling, and the like may be performed. In some embodiments, in the secret sharing operation, the input and/or intermediate calculation result may also exist in a fragmented form, so as to protect the data privacy of each party.
Secret sharing (secret sharing), also called secret sharing, is a cryptographic technique that splits a secret (secret) in such a way that several shares (shares) obtained by splitting are held by different parties, a single party cannot recover the secret, and only if several parties cooperate, e.g. disclosing the respective held shares, can the secret be recovered. The secret may be in the form of a single value, an array, a vector, a matrix, etc. The shares obtained by splitting the secret can also be called secret sharing shards, or shards for short. In some embodiments, the secret sharing shard may be an additive shard, i.e., the sum value of the shards is equal to the original secret value.
In the process of secret sharing calculation, in order to meet the requirement of calculation or to reduce the calculation amount to a certain extent, the fragments of certain data (such as sequencing sequence) involved in the calculation process need to be integrated. Illustratively, a first participant holds a first slice of the sorted sequence and a second participant holds a second slice of the sorted sequence; participants need to integrate the pieces of the sorted sequence. In order to avoid privacy disclosure caused by the integrated data fragments, in some embodiments, the fragments of the sorting sequence need to be integrated after being scrambled, and the scrambling can effectively conceal the element sequence in the sorting sequence, thereby avoiding disclosure of additional information. In some embodiments, the fragments of the scrambled sequence need to be restored out of order to ensure the correctness of the calculation result. As an example, the fragments of the sorted sequence after the disorder may be integrated (e.g., summed according to bits) to obtain a disorder sorted sequence, and then the fragments of the to-be-sorted sequence are further sorted by using the disorder sorted sequence to obtain the fragments of the disorder result sequence. In some embodiments, the fragments of the out-of-order result sequence may be restored out-of-order to obtain the fragments of the result sequence that sort the fragments of the sequence to be sorted based on the sorting sequence.
In view of this, in some embodiments of the present disclosure, a method for scrambling sequences based on secret sharing is provided, so that after a scrambled sequence is revealed, no privacy is revealed; in some embodiments of the present specification, a secret sharing-based ordering recovery method is further provided, which can recover a sequence scrambled by the scrambling method.
FIG. 1 is an exemplary interaction flow diagram of a secret sharing based ordering obfuscation method according to some embodiments of the present description. In some embodiments, the illustrated interaction flow 100 may be performed cooperatively by two parties participating in a shuffle.
As shown in FIG. 1, one or more of the steps 110A-130A of the interaction flow 100 may be performed by a first participant, and one or more of the steps 110B-130B may be performed by a second participant, for obtaining a shuffled first sequence.
The first sequence may be any sequence whose elements may be numbers, letters, text, etc. In some embodiments, the first sequence may be an ordered sequence (e.g., a sequence for ordering a sequence in ascending or descending order, etc., more description of the ordered sequence may be found elsewhere in this specification), and in some embodiments, the first sequence may be a sequence to be ordered, etc.
The first sequence is stored in the first party and the second party in the form of slices, which, as described above, may be additive slices (and slices), the sum of which is the original data. It should be noted that "first" and "second" are only used to distinguish the slices stored in different participants. When the present specification refers to a fragment of a sequence, it mainly means that each element of the sequence is split separately, the first fragment of the sequence comprises one fragment of each element of the sequence, and the second fragment of the sequence comprises another fragment of each element of the sequence. Illustratively, assume a first sequence
Figure DEST_PATH_IMAGE001
In some embodiments, the first piece of the first sequence held by the first participant may be a first piece of the first sequence held by the first participant
Figure DEST_PATH_IMAGE002
The second piece of the first sequence held by the second participant may be
Figure DEST_PATH_IMAGE003
. It should be noted that, during the interaction between the first party and the second party, the intermediate data may be fragmentedThe form of the fragments may be various, and for convenience of description, the fragments will not be described one by one hereinafter.
Step 110A, a first random ordering sequence is obtained. In some embodiments, step 110A may be performed by the first randomly ordered sequence acquisition module 510.
Step 110B, a second random ordering sequence is obtained. In some embodiments, step 110B may be performed by the second randomly ordered sequence acquisition module 610.
In some embodiments, the first and second parties may randomly generate the first and second randomly ordered sequences. For example, the first and second parties may generate the first and second randomly ordered sequences via a random sequence generation algorithm.
In some embodiments, an ordering sequence (or may be referred to as an ordering vector, ordering function, etc.) is used to identify operations that order a sequence of equal length, whose elements indicate the position of the bit data in the resulting sequence in the sequence of equal length, as further described below in conjunction with fig. 3.
FIG. 3 is a schematic diagram illustrating generating an ordering vector according to some embodiments of the present description. As shown in fig. 3, assuming that there exists one data column K including 5 elements, the index column identifies the positions of the 5 elements in the data column K, and the data column K needs to be sorted in ascending dictionary order (i.e., sorted in alphabetical order). And sorting the data column K to obtain a data column K'. Referring to the new index column, the new index of the 1 st element a of K (i.e. the position in the data column K') is 0, the new index of the 2 nd element b is 2, and so on, finally the description K — (K —) -is obtained>K' the permutation operation has an ordering vector p of [0, 2, 1, 4, 3]. The introduction of the sorting vector may facilitate the quantification of the sorting operation, and in some embodiments, the sorting vector p may act as a sorting function on the data column K, and may be represented as
Figure DEST_PATH_IMAGE004
In some embodiments, the ordering vector may be set as desired, e.g., the ordering vector may be randomly generated for randomly ordering, i.e., disordering or scrambling, the first sequence.
And step 120A, based on the first random sequencing sequence and the first fragment of the first sequence, and a second participant and based on a second fragment of the first sequence, obtaining a first fragment of a first out-of-order intermediate sequence through a secret sharing arrangement protocol. In some embodiments, step 120A may be performed by the first out-of-order mid-sequence first slice acquisition module 520.
And step 120B, based on the second fragment of the first sequence, and the first participant, based on the first fragment of the first sequence and the first random ordering sequence, obtaining the second fragment of the first out-of-order intermediate sequence through a secret sharing arrangement protocol. In some embodiments, step 120B may be performed by the first out-of-order mid-sequence second slice acquisition module 620.
In some embodiments, a first participant may input a first randomly ordered sequence, a first fragment of the first sequence as a first set of input parameters, and a second participant inputs a second fragment of the first sequence as another set of input parameters into a secret sharing arrangement protocol, which cooperatively perform the secret sharing arrangement protocol to obtain a first fragment and a second fragment of a first out-of-order intermediate sequence, where the first fragment is obtained by the first participant and the second fragment is obtained by the second participant.
The secret sharing arrangement protocol may be an arrangement algorithm or operator based on secret sharing, and in some embodiments may be described as using an ordering sequence private to a party (e.g., a first party or a second party), one of length
Figure DEST_PATH_IMAGE005
The secret sharing sequence carries out secret arrangement to obtain an arrangement result still existing in a secret sharing mode. For example, p represents a private ordering sequence of one party, k1 represents a sequence to be arranged, which is stored at each party in a secret sharing manner (e.g., a first fragment of k1 is stored at a first party, a second fragment of k1 is stored at a second party), and k1' represents a ranking-based basisThe column sequence p is an arrangement result p (k) obtained by ordering the to-be-ordered sequence k1, and is also obtained by each participant in a secret sharing mode (for example, a first fragment of k1 'is obtained by a first participant, and a second fragment of k1' is obtained by a second participant), and data held by each participant is not known by other parties in the secret ordering process. The secret sharing arrangement protocol may be further denoted as ObliviousPerm function or operator:
Figure DEST_PATH_IMAGE006
,<>the representation of the ciphertext form may specifically be a sliced form. An ObliviousPerm function may be understood as a function whose set of input data comprises a sequence of orderings
Figure DEST_PATH_IMAGE007
And a first fragment of the sequence to be arranged
Figure DEST_PATH_IMAGE008
From the first participant whose other set of input data comprises a second slice of the sequence to be arranged
Figure DEST_PATH_IMAGE009
From the second party; the output data of which is a first slice comprising a sequence of results
Figure DEST_PATH_IMAGE010
And a second section
Figure DEST_PATH_IMAGE011
A first piece of the result sequence is obtained by a first participant and a second piece of the result sequence is obtained by a second participant. In some embodiments, the secret sharing arrangement protocol or operator may be as shown in FIG. 4.
In some embodiments, the processing devices of the two parties may respectively execute the processes in the obreviousderm function, and obtain the first fragment of the first out-of-order intermediate sequence and the second fragment of the first out-of-order intermediate sequence based on the first fragment of the first sequence of the first party and the second fragment of the first sequence of the second party. At present, various implementation modes of the ObliviousPerm function exist, and the description does not limit the internal implementation algorithm and only calls the ObliviousPerm function as a black box operator. It should be understood that, all the ways that the data processing/operation unit, the program code, the machine learning model, etc. that can implement the obreviousserver function can be used as the secret sharing arrangement-based protocol mentioned in this specification, which are already present at present and will appear in the future.
Taking a first participant and a second participant in cooperation as an example, where the first participant holds a target sorting vector and a first slice of a data column to be sorted, and the second participant holds a second slice of the data column to be sorted, one implementation of the obreviouswhere function may include:
a first participant obtains, from a semi-trusted third party, a first ordering vector, a first tile of a first data column, and a first tile of a first sequence of results that orders the first data column based on the first ordering vector. The second participant obtains a second slice of the first data column and a second slice of the first sequence of results from the semi-trusted third party.
The first participant determines a second ordering vector based on the target ordering vector and the first ordering vector and sends it to the second participant; in some embodiments, the target ordering vector is ordered based on the first ordering vector, and the resulting sequence may be the second ordering vector.
The first participant makes a difference between the first fragment of the data column to be sorted and the first fragment of the first data column to obtain the first fragment of the second data column, and simultaneously obtains the second fragment of the second data column from the second party; the second slice of the second data column is obtained by the second participant subtracting the second slice of the data column to be sorted from the second slice of the first data column.
The first participant obtains a second data column based on the first fragment of the second data column and the second fragment of the second data column, and sorts the second data column based on the target sorting vector to obtain a second result data column; sorting the first slices of the first result data column based on a second sorting vector to obtain a third result data column; and finally, summing the second result data column and the third result data column to obtain a first fragment of the target data column.
The second participant orders the second shard of the first result sequence based on the second ordering vector to obtain a second shard of the target data column. The target data column is equal to a result sequence of sorting the data columns to be sorted based on the target sorting vector.
In some embodiments, a first random ordering sequence obtained by a first party is used as a target ordering vector in an ObriviousPerm function, a fragment of the first sequence is used as a fragment of a data column to be ordered of the ObriviousPerm function, and the first sequence is subjected to disorder through a secret sharing ordering protocol to obtain a first fragment and a second fragment of a first disorder intermediate sequence. That is, the first out-of-order intermediate sequence is equal to a resulting sequence of ordering the first sequence based on the first randomly ordered sequence. The second participant may obtain the second fragment of the first out-of-order intermediate sequence after cooperatively executing the obiviousserm function with the first participant.
Step 130A, based on the first fragment of the first out-of-order intermediate sequence, and based on the second fragment of the first out-of-order intermediate sequence and the second random ordering sequence, the second party and the second party obtain the first fragment of the first out-of-order sequence through a secret sharing arrangement protocol. In some embodiments, step 130A may be performed by the first out-of-order sequence first slice acquisition module 530.
Step 130B, based on the second fragment of the first out-of-order intermediate sequence and the second random ordering sequence, and the first participant based on the first fragment of the first out-of-order intermediate sequence, obtaining the second fragment of the first out-of-order sequence through a secret sharing arrangement protocol. In some embodiments, step 130B may be performed by the first out-of-order sequence second tile acquisition module 630.
In some embodiments, the first participant may input a first slice of the first out-of-order intermediate sequence as a first set of input parameters, and the second participant inputs a second slice of the first out-of-order intermediate sequence and a second randomly ordered sequence as another set of input parameters into a secret sharing arrangement protocol (e.g., obiviousderm function), which cooperatively execute the secret sharing arrangement protocol to obtain the first slice and the second slice of the first out-of-order sequence, where the first slice is obtained by the first participant and the second slice is obtained by the second participant.
For a description of the secret sharing arrangement protocol, refer to fig. 4 and a description of the obreviousperm function in step 120A or step 120B, which are not described herein again. Through the process 100, equivalently: the first random sequencing sequence generated by the first participant scrambles the first sequence for the first time, then the second random sequencing sequence generated by the second participant scrambles the result of the first disorder (namely the first disorder intermediate sequence) again, and after the first disorder sequence is revealed, both parties are difficult to know the original information of the first sequence, so that the data privacy of the participants is protected. In some alternative embodiments, the first sequence may be first scrambled by the second random ordering sequence generated by the second party, and then the first random ordering sequence generated by the first party is used to scramble the result of the first scrambling again, so that the same technical effect can still be achieved.
FIG. 2 is an exemplary interaction flow diagram of a secret sharing based rank recovery method according to some embodiments of the present description. In some embodiments, the illustrated interaction flow 200 may be performed cooperatively by the processing devices of the two parties participating in the ranking recovery.
As shown in FIG. 2, one or more of the steps 210A-230A of the interaction flow 200 may be performed by a first party, and one or more of the steps 210B-230B may be performed by a second party, so as to recover the fragments of the first out-of-order sequence obtained by the method of the interaction flow 100 of FIG. 1 or the fragments of other sequences obtained based on the first out-of-order sequence, and obtain the second sequence. The other sequence obtained based on the first out-of-order sequence may refer to any sequence obtained by transformation of the first out-of-order sequence or calculation involving the first out-of-order sequence, and exemplarily, the other sequence is a result sequence obtained by sorting a sequence to be sorted based on the first out-of-order sequence. For convenience of description, the sequence to be restored may be referred to as a second out-of-order sequence. For example, the second out-of-order sequence may be the first out-of-order sequence or the other sequence. In some embodiments, the first participant holds a first slice of the second out-of-order sequence; the second participant holds a second fragment of the second out-of-order sequence. The recovered second sequence is still stored in the first party and the second party in a form of fragments, namely the first party obtains the first fragments of the second sequence; the second participant holds a second fragment of the second sequence.
Step 210A, an inverse sequence of the first random ordering sequence is obtained. In some embodiments, step 210A may be performed by the first reverse sequence acquisition module 710.
Step 210B, obtaining an inverse sequence of the second random sequence. In some embodiments, step 210B may be performed by the second inverse sequence acquisition module 810.
When the reverse sequence of the random sequencing sequence is used for sequencing the sequence with the same length after the corresponding random sequencing sequence is arranged, the sequence with the same length after the random sequencing can be restored to the state before the random sequencing.
Taking the reverse sequence of the first randomly ordered sequence as an example, in some embodiments, the first participant may generate the reverse sequence of the first randomly ordered sequence by a reverse sequence generation algorithm. In some embodiments, the first participant may generate a positive ordered sequence of equal length to the first randomly ordered sequence; and sequencing the forward sequence based on the first random sequencing sequence, wherein the obtained result sequence is the reverse sequence of the first random sequencing sequence.
The positive sequence may refer to a sequence in which elements are arranged in a descending order, and may be, for example, a sequence in which elements of the first randomly ordered sequence are arranged in a descending order. And the processing equipment of the first participant uses the first random sequencing sequence to sequence the forward sequence to obtain a corresponding reverse sequence. For example, assuming that the first randomly ordered sequence is R0= [ 3201 ], the positive sequence with the same length is R = [ 0123 ], and sorting the positive sequence with the same length by using the first randomly ordered sequence can result in R1= [ 2310 ]. This was verified, assuming that the sequence to be sorted X = [ bc a D ], sorting X using R0 could result in X1= [ ad C B ], sorting X1 using R1 could result in [ bc a D ] = X.
In some embodiments, the processing device of the first participant may obtain an inverse of the first randomly ordered sequence via an inv function. The inv function can be written as: p is a radical of-1= inv (p). The inv function can also be understood as a function, the input data of which is a randomly ordered sequence and the output data of which is the inverse of the randomly ordered sequence. And inputting the first random sequencing sequence into an inv function, wherein output data is an inverse sequence of the first random sequencing sequence. It will be appreciated that the second participant may also have the second randomly ordered sequence as input data to the inv function and the output data as the inverse of the second randomly ordered sequence.
In some embodiments, the sequence length of the inverse of the first randomly ordered sequence is the same as the length of the first sequence. In some embodiments, the inverse of the first randomly ordered sequence may also represent an operation that orders long sequences whose elements indicate the position of the bit data in the result sequence within the long sequences. The reverse sequence of the second random sequence is similar to the reverse sequence of the first random sequence, and is not described herein again.
Step 220A, based on the first fragment of the second out-of-order sequence, and based on the second fragment of the second out-of-order sequence and the inverse sequence of the second random ordering sequence, the second party and the second party obtain the first fragment of the second out-of-order intermediate sequence through a secret sharing arrangement protocol. In some embodiments, step 220A may be performed by the second out-of-order mid-sequence first fragment fetch module 720.
Step 220B, based on the second fragment of the second out-of-order sequence and the inverse sequence of the second random ordering sequence, obtaining, by the first participant, the second fragment of the second out-of-order intermediate sequence through a secret sharing arrangement protocol based on the first fragment of the second out-of-order sequence. In some embodiments, step 220B may be performed by the second out-of-order mid-sequence second tile acquisition module 820.
It can be understood that, in some embodiments, because the scrambling operation has a sequential order, in the interaction flow 100, the first sequence is scrambled for the first time by the first random ordering sequence generated by the first party, and then the result of the first scrambling is scrambled again by the second random ordering sequence generated by the second party. Accordingly, in the interaction flow 200, the reverse sequence of the second random sequence generated by the second participant is recovered for the first time, and then the reverse sequence of the first random sequence generated by the first participant is recovered again. In some alternative embodiments, if the first sequence is first scrambled by the second random sequence generated by the second party during the scrambling process, and then the first random sequence generated by the first party is used to scramble the result of the first scrambling, the reverse sequence of the first random sequence generated by the first party during the recovery process can be recovered by the reverse sequence of the first random sequence generated by the first party, and then the reverse sequence of the second random sequence generated by the second party is recovered again, and both embodiments can achieve the same technical effect.
In some embodiments, the first participant may input a first slice of the second scrambled sequence as a first set of input parameters, the second participant inputs a second slice of the second scrambled sequence and an inverse of the second randomly ordered sequence as another set of input parameters into a secret sharing arrangement protocol (e.g., obiviousderm function), and the two cooperatively execute the secret sharing arrangement protocol to obtain the first slice and the second slice of the second scrambled intermediate sequence, where the first slice is obtained by the first participant and the second slice is obtained by the second participant.
Step 230A, based on the first fragment of the second out-of-order intermediate sequence and the inverse sequence of the first random ordering sequence, and a second participant based on a second fragment of the second out-of-order intermediate sequence, obtaining a first fragment of the second sequence through a secret sharing arrangement protocol. In some embodiments, step 230A may be performed by the second sequence first fragment acquisition module 730.
Step 230B, based on the second fragment of the second out-of-order intermediate sequence, and the first participant, based on the first fragment of the second out-of-order intermediate sequence and the inverse sequence of the first random ordering sequence, obtain, through a secret sharing arrangement protocol, the second fragment of the second sequence. In some embodiments, step 230B may be performed by second sequence second slice acquisition module 830.
The first participant may use a first slice of the second out-of-order intermediate sequence, an inverse of the first randomly ordered sequence as a first set of input parameters, and the second participant uses a second slice of the second out-of-order intermediate sequence as another set of input parameters to enter a secret sharing arrangement protocol (e.g., an obiviousserm function), and cooperatively execute the secret sharing arrangement protocol to obtain a first slice and a second slice of the second sequence, where the first slice is obtained by the first participant and the second slice is obtained by the second participant.
For a description of the secret sharing arrangement protocol, refer to fig. 4 and a description of the obreviousperm function in step 120A or step 120B, which are not described herein again.
The second disordered sequence is subjected to first reduction arrangement through the reverse sequence of the second random ordering sequence generated by the second party, and then the second disordered intermediate sequence is subjected to second reduction arrangement through the reverse sequence of the first random ordering sequence generated by the first party, so that the arrangement time of the reverse sequence of the random ordering sequence corresponds to the disorder sequence using the random ordering sequence.
It will be appreciated that when the second out-of-order sequence is equal to the first out-of-order sequence, the second sequence obtained by process 200 is equal to the first sequence. When the second out-of-order sequence is the other sequence, such as a result sequence obtained by sorting a sequence to be sorted based on the first out-of-order sequence, the second sequence obtained through the process 200 is equal to the result sequence obtained by sorting the sequence to be sorted based on the first sequence. In practical applications, the process 200 may be executed on the relevant sequences as needed, so as to ensure that the calculation result is correctly available.
It should be noted that the above descriptions regarding each of the processes 100 and 200 are only for illustration and description, and do not limit the applicable scope of the present specification. Various modifications and alterations to the flow may occur to those skilled in the art, given the benefit of this description. However, such modifications and variations are intended to be within the scope of the present description. For example, the order of step 110B and step 120B may be reversed, and for example, the order of step 210A and step 220A may be reversed, and for example, a preprocessing step and a storage step may be added.
FIG. 5 is an exemplary block diagram of a secret sharing based sort scrambling system, shown in accordance with some embodiments of the present description.
As shown in fig. 5, the system 500 may include a first randomly ordered sequence acquisition module 510, a first out-of-order mid-sequence first fragment acquisition module 520, and a first out-of-order sequence first fragment acquisition module 530. A first participant holds a first slice of a first sequence; a second participant holds a second shard of the first sequence and in some embodiments, the system 500 may be deployed to the first participant.
The first random ordering sequence obtaining module 510 may be configured to obtain a first random ordering sequence; the sorting sequence is used for identifying the operation of sorting the equal length sequence, and the element of the sorting sequence indicates the position of the bit data in the equal length sequence in the result sequence.
In some embodiments, reference may be made to step 110A and its related description in the foregoing for further description of the first random ordering sequence, which is not repeated herein.
The first out-of-order intermediate sequence first fragment obtaining module 520 may be configured to obtain, based on the first random ordering sequence and the first fragment of the first sequence, a first fragment of a first out-of-order intermediate sequence through a secret sharing arrangement protocol with a second party based on a second fragment of the first sequence; the first out-of-order intermediate sequence is equal to a result sequence of ordering the first sequence based on the first randomly ordered sequence.
In some embodiments, reference may be made to step 120A and its related description for further description of the first slice of the first out-of-order intermediate sequence, which is not repeated herein.
The first out-of-order sequence first fragment obtaining module 530 may be configured to obtain, based on the first fragment of the first out-of-order intermediate sequence, a first fragment of the first out-of-order sequence through a secret sharing arrangement protocol with the second participant based on the second fragment of the first out-of-order intermediate sequence and the second random ordering sequence; the first out-of-order sequence is equal to a result sequence of ordering the first out-of-order intermediate sequence based on the second randomly ordered sequence.
In some embodiments, reference may be made to step 130A and its related description for further description of the first fragment of the first out-of-order sequence, which is not repeated herein.
FIG. 6 is an exemplary block diagram of a secret sharing based sort scrambling system, shown in accordance with some embodiments of the present description.
As shown in fig. 6, the system 600 may include a second randomly ordered sequence acquisition module 610, a first out-of-order intermediate sequence second tile acquisition module 620, and a first out-of-order sequence second tile acquisition module 630. A first participant holds a first slice of a first sequence; a second participant holds a second shard of the first sequence and in some embodiments, system 600 may be deployed with the second participant.
The second random ordering sequence obtaining module 610 may be configured to obtain a second random ordering sequence; the sorting sequence is used for identifying the operation of sorting the equal length sequence, and the element of the sorting sequence indicates the position of the bit data in the equal length sequence in the result sequence.
In some embodiments, reference may be made to step 110B and its related description in the foregoing for further description of the second random ordering sequence, which is not repeated herein.
The first out-of-order intermediate sequence second fragment obtaining module 620 may be configured to obtain, based on the second fragment of the first sequence, a second fragment of the first out-of-order intermediate sequence through a secret sharing arrangement protocol with the first participant based on the first fragment of the first sequence and the first random ordering sequence; the first out-of-order intermediate sequence is equal to a result sequence of ordering the first sequence based on the first randomly ordered sequence.
In some embodiments, reference may be made to step 120B and its related description in the foregoing for further description of the second slice of the first out-of-order intermediate sequence, which is not described herein again.
The first out-of-order sequence second fragment obtaining module 630 may be configured to obtain, based on the second fragment of the first out-of-order intermediate sequence and the second random ordering sequence, the second fragment of the first out-of-order sequence through a secret sharing arrangement protocol with the first participant based on the first fragment of the first out-of-order intermediate sequence; the first out-of-order sequence is equal to a result sequence of ordering the first out-of-order intermediate sequence based on the second randomly ordered sequence.
In some embodiments, reference may be made to step 130B and related description in the foregoing for further description of the second fragment of the first out-of-order sequence, which is not repeated herein.
Fig. 7 is an exemplary block diagram of a secret sharing based ranking recovery system in accordance with some embodiments of the present description.
As shown in fig. 7, the system 700 may include a first reverse sequence acquisition module 710, a second out-of-order mid-sequence first slice acquisition module 720, and a second sequence first slice acquisition module 730. The system 700 is configured to recover a first out-of-order sequence fragment obtained by a secret sharing-based ordering scrambling method or another sequence fragment obtained based on the first out-of-order sequence fragment to obtain a second sequence fragment; wherein the first participant holds a first fragment of the second out-of-order sequence; a second participant holds a second slice of a second out-of-order sequence, the second out-of-order sequence being equal to the first out-of-order sequence or the other sequence. In some embodiments, system 700 may be deployed at a first party.
The first inverse sequence obtaining module 710 may be configured to obtain an inverse sequence of the first randomly ordered sequence.
In some embodiments, reference may be made to step 210A and its related description for further description of the inverse sequence of the first random ordering sequence, which is not repeated herein.
A second out-of-order intermediate sequence first fragment obtaining module 720, configured to obtain, based on the first fragment of the second out-of-order sequence, a first fragment of the second out-of-order intermediate sequence through a secret sharing arrangement protocol with a second participant based on a second fragment of the second out-of-order sequence and an inverse sequence of the second random ordering sequence; the second out-of-order intermediate sequence is equal to a result sequence of ordering the first out-of-order sequence based on an inverse sequence of the second randomly ordered sequence.
In some embodiments, reference may be made to step 220A and its related description for further description of the first slice of the second out-of-order intermediate sequence, which is not repeated herein.
A second sequence first fragment obtaining module 730, configured to obtain, based on the first fragment of the second out-of-order intermediate sequence and the inverse sequence of the first random ordering sequence, the first fragment of the second sequence through a secret sharing arrangement protocol with a second participant based on the second out-of-order intermediate sequence; the second sequence is equal to a resulting sequence of ordering the second out-of-order intermediate sequence based on an inverse of the first randomly ordered sequence.
In some embodiments, reference may be made to step 230A and its related description for further description of the first slice of the second sequence, which is not repeated herein.
Fig. 8 is an exemplary block diagram of a secret sharing based ranking recovery system in accordance with some embodiments of the present description.
As shown in fig. 8, the system 800 may include a second inverse sequence acquisition module 810, a second out-of-order mid-sequence second tile acquisition module 820, and a second sequence second tile acquisition module 830. The system 800 is configured to recover a first out-of-order sequence fragment obtained by scrambling through a secret sharing-based ordering scrambling method or another sequence fragment obtained based on the first out-of-order sequence fragment, to obtain a second sequence fragment; wherein a first participant holds a first fragment of a second out-of-order sequence, and a second participant holds a second fragment of a second out-of-order sequence, the second out-of-order sequence being equal to the first out-of-order sequence or the other sequences. In some embodiments, system 800 may be deployed to a second party.
The second inverse sequence obtaining module 810 may be configured to obtain an inverse sequence of the second randomly ordered sequence.
In some embodiments, reference may be made to step 210B and its related description for further description of the inverse sequence of the second random sequence, which is not repeated herein.
The second out-of-order intermediate sequence second fragment obtaining module 820 may be configured to obtain, based on the second fragment of the second out-of-order sequence and the inverse sequence of the second random ordering sequence, a second fragment of the second out-of-order intermediate sequence through a secret sharing arrangement protocol with a first fragment of the first participant based on the second out-of-order sequence; the second out-of-order intermediate sequence is equal to a result sequence of ordering the second out-of-order sequence based on an inverse sequence of the second randomly ordered sequence.
In some embodiments, reference may be made to step 220B and the related description above for further description of the second fragment of the second out-of-order intermediate sequence, which is not repeated herein.
The second sequence second fragment obtaining module 830 may be configured to obtain, based on the second fragment of the second out-of-order intermediate sequence, a second fragment of the second sequence through a secret sharing arrangement protocol with the first party based on the first fragment of the second out-of-order intermediate sequence and an inverse sequence of the first random ordering sequence; the second sequence is equal to a resulting sequence of ordering the second out-of-order intermediate sequence based on an inverse of the first randomly ordered sequence.
In some embodiments, reference may be made to step 230B and its related description in the foregoing for further description of the second slice of the second sequence, which is not described herein again.
It should be understood that the systems and modules thereof shown in FIGS. 5-8 can be implemented in a variety of ways. For example, in some embodiments, the system and its modules may be implemented in hardware, software, or a combination of software and hardware. Wherein the hardware portion may be implemented using dedicated logic; the software portions may be stored in a memory for execution by a suitable instruction execution system, such as a microprocessor or specially designed hardware. Those skilled in the art will appreciate that the methods and systems described above may be implemented using computer executable instructions and/or embodied in processor control code, such code being provided, for example, on a carrier medium such as a diskette, CD-or DVD-ROM, a programmable memory such as read-only memory (firmware), or a data carrier such as an optical or electronic signal carrier. The system and its modules in this specification may be implemented not only by hardware circuits such as very large scale integrated circuits or gate arrays, semiconductors such as logic chips, transistors, or programmable hardware devices such as field programmable gate arrays, programmable logic devices, etc., but also by software executed by various types of processors, for example, or by a combination of the above hardware circuits and software (e.g., firmware).
It should be noted that the above descriptions of the secret sharing based obfuscation system, the secret sharing based recovery system and their respective modules are only for convenience of description, and the description is not limited to the scope of the embodiments. It will be appreciated by those skilled in the art that, given the teachings of the present system, any combination of modules or sub-system configurations may be used to connect to other modules without departing from such teachings. For example, each module may be a different module in a system, or may be a module that implements the functions of two or more modules described above. For example, each module may share one memory module, and each module may have its own memory module. Such variations are within the scope of the present disclosure.
The beneficial effects that may be brought by the embodiments of the present description include, but are not limited to: through a secret sharing-based ordering scrambling method, after the scrambled sequence is disclosed, private data of all parties cannot be leaked; by the aid of the sorting recovery method based on secret sharing, the sequence disordered by the scrambling method can be recovered, and the calculation result is guaranteed to be correct and available.
It is to be noted that different embodiments may produce different advantages, and in different embodiments, any one or combination of the above advantages may be produced, or any other advantages may be obtained.
Having thus described the basic concept, it will be apparent to those skilled in the art that the foregoing detailed disclosure is to be regarded as illustrative only and not as limiting the present specification. Various modifications, improvements and adaptations to the present description may occur to those skilled in the art, although not explicitly described herein. Such modifications, improvements and adaptations are proposed in the present specification and thus fall within the spirit and scope of the exemplary embodiments of the present specification.
Also, the description uses specific words to describe embodiments of the description. Reference throughout this specification to "one embodiment," "an embodiment," and/or "some embodiments" means that a particular feature, structure, or characteristic described in connection with at least one embodiment of the specification is included. Therefore, it is emphasized and should be appreciated that two or more references to "an embodiment" or "one embodiment" or "an alternative embodiment" in various places throughout this specification are not necessarily all referring to the same embodiment. Furthermore, some features, structures, or characteristics of one or more embodiments of the specification may be combined as appropriate.
Moreover, those skilled in the art will appreciate that aspects of the present description may be illustrated and described in terms of several patentable species or situations, including any new and useful combination of processes, machines, manufacture, or materials, or any new and useful improvement thereof. Accordingly, aspects of this description may be performed entirely by hardware, entirely by software (including firmware, resident software, micro-code, etc.), or by a combination of hardware and software. The above hardware or software may be referred to as "data block," module, "" engine, "" unit, "" component, "or" system. Furthermore, aspects of the present description may be represented as a computer product, including computer readable program code, embodied in one or more computer readable media.
The computer storage medium may comprise a propagated data signal with the computer program code embodied therewith, for example, on baseband or as part of a carrier wave. The propagated signal may take any of a variety of forms, including electromagnetic, optical, etc., or any suitable combination. A computer storage medium may be any computer-readable medium that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code located on a computer storage medium may be propagated over any suitable medium, including radio, cable, fiber optic cable, RF, or the like, or any combination of the preceding.
Computer program code required for the operation of various portions of this specification may be written in any one or more programming languages, including an object oriented programming language such as Java, Scala, Smalltalk, Eiffel, JADE, Emerald, C + +, C #, VB.NET, Python, and the like, a conventional programming language such as C, Visual Basic, Fortran 2003, Perl, COBOL 2002, PHP, ABAP, a dynamic programming language such as Python, Ruby, and Groovy, or other programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the latter scenario, the remote computer may be connected to the user's computer through any network format, such as a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet), or in a cloud computing environment, or as a service, such as a software as a service (SaaS).
Additionally, the order in which the elements and sequences of the process are recited in the specification, the use of alphanumeric characters, or other designations, is not intended to limit the order in which the processes and methods of the specification occur, unless otherwise specified in the claims. While various presently contemplated embodiments of the invention have been discussed in the foregoing disclosure by way of example, it is to be understood that such detail is solely for that purpose and that the appended claims are not limited to the disclosed embodiments, but, on the contrary, are intended to cover all modifications and equivalent arrangements that are within the spirit and scope of the embodiments herein. For example, although the system components described above may be implemented by hardware devices, they may also be implemented by software-only solutions, such as installing the described system on an existing server or mobile device.
Similarly, it should be noted that in the preceding description of embodiments of the present specification, various features are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure aiding in the understanding of one or more of the embodiments. This method of disclosure, however, is not intended to imply that more features than are expressly recited in a claim. Indeed, the embodiments may be characterized as having less than all of the features of a single embodiment disclosed above.
Numerals describing the number of components, attributes, etc. are used in some embodiments, it being understood that such numerals used in the description of the embodiments are modified in some instances by the use of the modifier "about", "approximately" or "substantially". Unless otherwise indicated, "about", "approximately" or "substantially" indicates that the number allows a variation of ± 20%. Accordingly, in some embodiments, the numerical parameters used in the specification and claims are approximations that may vary depending upon the desired properties of the individual embodiments. In some embodiments, the numerical parameter should take into account the specified significant digits and employ a general digit preserving approach. Notwithstanding that the numerical ranges and parameters setting forth the broad scope of the range are approximations, in the specific examples, such numerical values are set forth as precisely as possible within the scope of the application.
For each patent, patent application publication, and other material, such as articles, books, specifications, publications, documents, etc., cited in this specification, the entire contents of each are hereby incorporated by reference into this specification. Except where the application history document does not conform to or conflict with the contents of the present specification, it is to be understood that the application history document, as used herein in the present specification or appended claims, is intended to define the broadest scope of the present specification (whether presently or later in the specification) rather than the broadest scope of the present specification. It is to be understood that the descriptions, definitions and/or uses of terms in the accompanying materials of this specification shall control if they are inconsistent or contrary to the descriptions and/or uses of terms in this specification.
Finally, it should be understood that the embodiments described herein are merely illustrative of the principles of the embodiments of the present disclosure. Other variations are also possible within the scope of the present description. Thus, by way of example, and not limitation, alternative configurations of the embodiments of the specification can be considered consistent with the teachings of the specification. Accordingly, the embodiments of the present description are not limited to only those embodiments explicitly described and depicted herein.
The foregoing description has been directed to specific embodiments of this disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.

Claims (15)

1. A method of order scrambling based on secret sharing, wherein a first participant holds a first slice of a first sequence; the second participant holds a second fragment of the first sequence; the method is performed by the first party and comprises:
acquiring a first random sequencing sequence; the sorting sequence is used for identifying the operation of sorting the equal-length sequence, and the element of the sorting sequence indicates the position of the alignment data in the equal-length sequence in the result sequence;
based on the first random sequencing sequence and the first fragment of the first sequence, and a second participant based on the second fragment of the first sequence, obtaining a first fragment of a first out-of-order intermediate sequence through a secret sharing arrangement protocol; the second participant obtains a second slice of the first out-of-order subsequence; the first out-of-order intermediate sequence is equal to a result sequence of ordering the first sequence based on the first randomly ordered sequence;
based on the first fragment of the first out-of-order intermediate sequence, and a second participant, based on a second fragment of the first out-of-order intermediate sequence and a second random sequencing sequence, obtaining the first fragment of the first out-of-order sequence through a secret sharing arrangement protocol; the second participant obtains a second fragment of the first out-of-order sequence; the first out-of-order sequence is equal to a result sequence of ordering the first out-of-order intermediate sequence based on the second randomly ordered sequence.
2. The method of claim 1, wherein:
the first randomly ordered sequence is randomly generated by a first participant and the second randomly ordered sequence is randomly generated by a second participant.
3. A secret sharing based sort scrambling system in which a first participant holds a first slice of a first sequence; the second participant holds a second fragment of the first sequence; the system is deployed at a first party, comprising:
the first random sequencing sequence acquisition module is used for acquiring a first random sequencing sequence; the sorting sequence is used for identifying the operation of sorting the equal-length sequence, and the element of the sorting sequence indicates the position of the alignment data in the equal-length sequence in the result sequence;
a first fragment obtaining module of a first out-of-order intermediate sequence, configured to obtain, based on the first random ordering sequence and a first fragment of the first sequence, a first fragment of the first out-of-order intermediate sequence through a secret sharing arrangement protocol with a second party based on a second fragment of the first sequence; the first out-of-order intermediate sequence is equal to a result sequence of ordering the first sequence based on the first randomly ordered sequence;
a first out-of-order sequence first fragment obtaining module, configured to obtain, based on a first fragment of the first out-of-order intermediate sequence, a first fragment of the first out-of-order sequence through a secret sharing arrangement protocol with a second participant based on a second fragment of the first out-of-order intermediate sequence and a second random ordering sequence; the first out-of-order sequence is equal to a result sequence of ordering the first out-of-order intermediate sequence based on the second randomly ordered sequence.
4. A secret sharing based ordering obfuscator comprising a processor for executing a computer program to implement the method as claimed in claim 1 or 2.
5. A method of order scrambling based on secret sharing, wherein a first participant holds a first slice of a first sequence; the second participant holds a second fragment of the first sequence; the method is performed by the second party and comprises:
acquiring a second random sequencing sequence; the sorting sequence is used for identifying the operation of sorting the equal-length sequence, and the element of the sorting sequence indicates the position of the alignment data in the equal-length sequence in the result sequence;
based on the second fragment of the first sequence, and a first participant, based on the first fragment of the first sequence and a first random sequencing sequence, obtaining a second fragment of a first out-of-order intermediate sequence through a secret sharing arrangement protocol; a first participant obtains a first slice of a first out-of-order subsequence; the first out-of-order intermediate sequence is equal to a result sequence of ordering the first sequence based on the first randomly ordered sequence;
based on the second fragment of the first out-of-order intermediate sequence and the second random sequencing sequence, and the first participant based on the first fragment of the first out-of-order intermediate sequence, obtaining a second fragment of the first out-of-order sequence through a secret sharing arrangement protocol; a first participant obtains a first slice of a first out-of-order sequence; the first out-of-order sequence is equal to a result sequence of ordering the first out-of-order intermediate sequence based on the second randomly ordered sequence.
6. A secret sharing based sort scrambling system in which a first participant holds a first slice of a first sequence; the second participant holds a second fragment of the first sequence; the system is deployed at a second party, comprising:
the second random sequencing sequence acquisition module is used for acquiring a second random sequencing sequence; the sorting sequence is used for identifying the operation of sorting the equal-length sequence, and the element of the sorting sequence indicates the position of the alignment data in the equal-length sequence in the result sequence;
the first out-of-order intermediate sequence second fragment acquisition module is used for acquiring a second fragment of a first out-of-order intermediate sequence through a secret sharing arrangement protocol based on the second fragment of the first sequence and the first random sequencing sequence with a first participant based on the first fragment of the first sequence and the first random sequencing sequence; the first out-of-order intermediate sequence is equal to a result sequence of ordering the first sequence based on the first randomly ordered sequence;
the first out-of-order sequence second fragment acquisition module is used for acquiring a second fragment of the first out-of-order sequence through a secret sharing arrangement protocol based on the second fragment of the first out-of-order intermediate sequence and the second random sequencing sequence and the first fragment of the first party based on the first out-of-order intermediate sequence; the first out-of-order sequence is equal to a result sequence of ordering the first out-of-order intermediate sequence based on the second randomly ordered sequence.
7. A secret sharing based ordering obfuscator comprising a processor for executing a computer program to implement the method as claimed in claim 5.
8. A secret sharing based sorting recovery method, configured to recover a first out-of-order sequence of fragments obtained by the method according to any one of claims 1 to 2 and claim 5 or other sequences of fragments obtained based on the first out-of-order sequence of fragments to obtain a second sequence of fragments; wherein the first participant holds a first fragment of the second out-of-order sequence; a second participant holds a second fragment of a second out-of-order sequence, the second out-of-order sequence being equal to the first out-of-order sequence or the other sequence; the method is performed by the first party and comprises:
acquiring an inverse sequence of the first random sequencing sequence;
based on the first fragment of the second out-of-order sequence, and a second participant, based on a second fragment of the second out-of-order sequence and an inverse sequence of the second random ordering sequence, obtaining a first fragment of a second out-of-order intermediate sequence through a secret sharing arrangement protocol; the second participant obtains a second slice of the second out-of-order subsequence; the second out-of-order intermediate sequence is equal to a result sequence of ordering the second out-of-order sequence based on an inverse sequence of the second randomly ordered sequence;
based on the first fragment of the second out-of-order intermediate sequence and the inverse sequence of the first random ordering sequence, and a second participant based on a second fragment of the second out-of-order intermediate sequence, obtaining a first fragment of the second sequence through a secret sharing arrangement protocol; the second participant obtains a second fragment of the second sequence; the second sequence is equal to a resulting sequence of ordering the second out-of-order intermediate sequence based on an inverse of the first randomly ordered sequence.
9. The method of claim 8, wherein:
an inverse of the first randomly ordered sequence is generated by a first participant based on the first randomly ordered sequence, and an inverse of the second randomly ordered sequence is generated by a second participant based on the second randomly ordered sequence.
10. The method of claim 9, generating an inverse of the randomly ordered sequence comprising:
generating a positive sequence with the same length as the random sequencing sequence;
and sequencing the positive sequence based on the random sequencing sequence, wherein the obtained result sequence is the reverse sequence of the random sequencing sequence.
11. A sorting recovery system based on secret sharing, configured to recover the fragments of the first out-of-order sequence obtained by the method according to any one of claims 1 to 2 and claim 5 or the fragments of other sequences obtained based on the fragments of the first out-of-order sequence to obtain the fragments of the second sequence; wherein the first participant holds a first fragment of the second out-of-order sequence; a second participant holds a second fragment of a second out-of-order sequence, the second out-of-order sequence being equal to the first out-of-order sequence or the other sequence; the system is deployed at a first party, comprising:
a first reverse sequence obtaining module, configured to obtain a reverse sequence of the first random ordering sequence;
the second out-of-order intermediate sequence first fragment acquisition module is used for acquiring a first fragment of a second out-of-order intermediate sequence through a secret sharing arrangement protocol based on the first fragment of the second out-of-order sequence and a second fragment of a second party based on the second out-of-order sequence and an inverse sequence of the second random sequencing sequence; the second out-of-order intermediate sequence is equal to a result sequence of ordering the first out-of-order sequence based on an inverse sequence of the second randomly ordered sequence;
a second sequence first fragment obtaining module, configured to obtain, based on a first fragment of the second out-of-order intermediate sequence and an inverse sequence of the first random ordering sequence, a first fragment of the second sequence through a secret sharing arrangement protocol with a second participant based on a second fragment of the second out-of-order intermediate sequence; the second sequence is equal to a resulting sequence of ordering the second out-of-order intermediate sequence based on an inverse of the first randomly ordered sequence.
12. A secret sharing based sequence recovery apparatus comprising a processor for executing a computer program to implement a method as claimed in any one of claims 8 to 10.
13. A secret sharing based sorting recovery method, configured to recover a first out-of-order sequence of fragments obtained by the method according to any one of claims 1 to 2 and claim 5 or other sequences of fragments obtained based on the first out-of-order sequence of fragments to obtain a second sequence of fragments; wherein the first participant holds a first fragment of the second out-of-order sequence; a second participant holds a second slice of a second out-of-order sequence, the second out-of-order sequence being equal to the first out-of-order sequence or the other sequence; the method is performed by the second party and comprises:
acquiring an inverse sequence of the second random sequencing sequence;
based on the second fragment of the second disorder sequence and the inverse sequence of the second random sequencing sequence, and the first participant based on the first fragment of the second disorder sequence, obtaining a second fragment of a second disorder intermediate sequence through a secret sharing arrangement protocol; the first participant obtains a first slice of the second out-of-order subsequence; the second out-of-order intermediate sequence is equal to a result sequence of ordering the first out-of-order sequence based on an inverse sequence of the second randomly ordered sequence;
obtaining a second fragment of the second sequence through a secret sharing arrangement protocol based on the second fragment of the second out-of-order intermediate sequence and the first participant based on the first fragment of the second out-of-order intermediate sequence and the reverse sequence of the first random ordering sequence; the first participant obtains a first fragment of the second sequence; the second sequence is equal to a resulting sequence of ordering the second out-of-order intermediate sequence based on an inverse of the first randomly ordered sequence.
14. A sorting recovery system based on secret sharing, configured to recover the fragments of the first out-of-order sequence obtained by the method according to any one of claims 1 to 2 and claim 5 or the fragments of other sequences obtained based on the fragments of the first out-of-order sequence to obtain the fragments of the second sequence; wherein a first participant holds a first fragment of a second out-of-order sequence, and a second participant holds a second fragment of a second out-of-order sequence, the second out-of-order sequence being equal to the first out-of-order sequence or the other sequences; the system is deployed at a second party, comprising:
a second reverse sequence obtaining module, configured to obtain a reverse sequence of the second random ordering sequence;
a second disorder intermediate sequence second fragment obtaining module, configured to obtain, based on a second fragment of the second disorder sequence and an inverse sequence of the second random ordering sequence, a second fragment of the second disorder intermediate sequence through a secret sharing arrangement protocol with a first fragment of a first participant based on the second disorder sequence; the second out-of-order intermediate sequence is equal to a result sequence of ordering the second out-of-order sequence based on an inverse sequence of the second randomly ordered sequence;
a first sequence second fragment obtaining module, configured to obtain, based on a second fragment of the second out-of-order intermediate sequence, a second fragment of the second sequence through a secret sharing arrangement protocol with a first participant based on a first fragment of the second out-of-order intermediate sequence and an inverse sequence of the first random ordering sequence; the second sequence is equal to a resulting sequence of ordering the second out-of-order intermediate sequence based on an inverse of the first randomly ordered sequence.
15. A secret sharing based sequence recovery apparatus comprising a processor for executing a computer program to implement the method as claimed in claim 13.
CN202210205844.4A 2022-03-04 2022-03-04 Secret sharing-based sorting scrambling method and recovery method Active CN114282256B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210205844.4A CN114282256B (en) 2022-03-04 2022-03-04 Secret sharing-based sorting scrambling method and recovery method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210205844.4A CN114282256B (en) 2022-03-04 2022-03-04 Secret sharing-based sorting scrambling method and recovery method

Publications (2)

Publication Number Publication Date
CN114282256A true CN114282256A (en) 2022-04-05
CN114282256B CN114282256B (en) 2022-06-07

Family

ID=80882194

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210205844.4A Active CN114282256B (en) 2022-03-04 2022-03-04 Secret sharing-based sorting scrambling method and recovery method

Country Status (1)

Country Link
CN (1) CN114282256B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114817997A (en) * 2022-06-24 2022-07-29 蓝象智联(杭州)科技有限公司 Shared data random ordering method based on secret sharing
CN115396101A (en) * 2022-10-26 2022-11-25 华控清交信息科技(北京)有限公司 Secret sharing based careless disorganizing method and system
CN115941181A (en) * 2023-02-02 2023-04-07 华控清交信息科技(北京)有限公司 Out-of-order secret sharing method and system and readable storage medium

Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110472439A (en) * 2019-08-09 2019-11-19 阿里巴巴集团控股有限公司 Model parameter determines method, apparatus and electronic equipment
CN111698576A (en) * 2020-06-23 2020-09-22 网易有道信息技术(杭州)有限公司 Information encryption method, decryption method, server, client, and medium
CN112148755A (en) * 2020-09-07 2020-12-29 支付宝(杭州)信息技术有限公司 Private data access method, device, equipment and system based on secret sharing
CN112380404A (en) * 2020-12-14 2021-02-19 支付宝(杭州)信息技术有限公司 Data filtering method, device and system
CN112464287A (en) * 2020-12-12 2021-03-09 同济大学 Multi-party XGboost safety prediction model training method based on secret sharing and federal learning
CN112751665A (en) * 2019-10-30 2021-05-04 阿里巴巴集团控股有限公司 Secure multi-party computing method, device, system and storage medium
CN112800466A (en) * 2021-02-10 2021-05-14 支付宝(杭州)信息技术有限公司 Data processing method and device based on privacy protection and server
CN113111569A (en) * 2021-03-08 2021-07-13 支付宝(杭州)信息技术有限公司 Disorder processing method, model training method, device and computing equipment
US20210328762A1 (en) * 2020-04-15 2021-10-21 Sap Se Verifiable secret shuffle protocol for encrypted data based on homomorphic encryption and secret sharing
US20220014355A1 (en) * 2020-07-13 2022-01-13 Inpher, Inc. Oblivious Comparisons and Quicksort of Secret Shared Arithmetic Values in a Multi-Party Computing Setting
CN113949505A (en) * 2021-10-15 2022-01-18 支付宝(杭州)信息技术有限公司 Privacy-protecting multi-party security computing method and system
CN113949510A (en) * 2021-10-15 2022-01-18 支付宝(杭州)信息技术有限公司 Privacy-protecting multi-party security computing method and system
CN114003962A (en) * 2021-12-28 2022-02-01 支付宝(杭州)信息技术有限公司 Multi-party data query method and device for protecting data privacy

Patent Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110472439A (en) * 2019-08-09 2019-11-19 阿里巴巴集团控股有限公司 Model parameter determines method, apparatus and electronic equipment
CN112751665A (en) * 2019-10-30 2021-05-04 阿里巴巴集团控股有限公司 Secure multi-party computing method, device, system and storage medium
US20210328762A1 (en) * 2020-04-15 2021-10-21 Sap Se Verifiable secret shuffle protocol for encrypted data based on homomorphic encryption and secret sharing
CN111698576A (en) * 2020-06-23 2020-09-22 网易有道信息技术(杭州)有限公司 Information encryption method, decryption method, server, client, and medium
US20220014355A1 (en) * 2020-07-13 2022-01-13 Inpher, Inc. Oblivious Comparisons and Quicksort of Secret Shared Arithmetic Values in a Multi-Party Computing Setting
CN112148755A (en) * 2020-09-07 2020-12-29 支付宝(杭州)信息技术有限公司 Private data access method, device, equipment and system based on secret sharing
CN112464287A (en) * 2020-12-12 2021-03-09 同济大学 Multi-party XGboost safety prediction model training method based on secret sharing and federal learning
CN112380404A (en) * 2020-12-14 2021-02-19 支付宝(杭州)信息技术有限公司 Data filtering method, device and system
CN112800466A (en) * 2021-02-10 2021-05-14 支付宝(杭州)信息技术有限公司 Data processing method and device based on privacy protection and server
CN113111569A (en) * 2021-03-08 2021-07-13 支付宝(杭州)信息技术有限公司 Disorder processing method, model training method, device and computing equipment
CN113949505A (en) * 2021-10-15 2022-01-18 支付宝(杭州)信息技术有限公司 Privacy-protecting multi-party security computing method and system
CN113949510A (en) * 2021-10-15 2022-01-18 支付宝(杭州)信息技术有限公司 Privacy-protecting multi-party security computing method and system
CN114003962A (en) * 2021-12-28 2022-02-01 支付宝(杭州)信息技术有限公司 Multi-party data query method and device for protecting data privacy

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
蒋瀚等: "隐私保护机器学习的密码学方法", 《电子与信息学报》 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114817997A (en) * 2022-06-24 2022-07-29 蓝象智联(杭州)科技有限公司 Shared data random ordering method based on secret sharing
CN114817997B (en) * 2022-06-24 2022-09-23 蓝象智联(杭州)科技有限公司 Shared data random ordering method based on secret sharing
CN115396101A (en) * 2022-10-26 2022-11-25 华控清交信息科技(北京)有限公司 Secret sharing based careless disorganizing method and system
CN115396101B (en) * 2022-10-26 2022-12-27 华控清交信息科技(北京)有限公司 Secret sharing based careless disorganizing method and system
CN115941181A (en) * 2023-02-02 2023-04-07 华控清交信息科技(北京)有限公司 Out-of-order secret sharing method and system and readable storage medium

Also Published As

Publication number Publication date
CN114282256B (en) 2022-06-07

Similar Documents

Publication Publication Date Title
CN114282256B (en) Secret sharing-based sorting scrambling method and recovery method
Blanton et al. Secure and efficient outsourcing of sequence comparisons
Archer et al. Maturity and performance of programmable secure computation
CN110457912B (en) Data processing method and device and electronic equipment
CN111543025A (en) High precision privacy preserving real valued function evaluation
CN110969264B (en) Model training method, distributed prediction method and system thereof
CN110944011B (en) Joint prediction method and system based on tree model
CN111784001B (en) Model training method and device and computer readable storage medium
US20090175443A1 (en) Secure function evaluation techniques for circuits containing XOR gates with applications to universal circuits
CN114282076B (en) Sorting method and system based on secret sharing
CN114327371B (en) Secret sharing-based multi-key sorting method and system
CN114172648B (en) Sorting method and system based on secret sharing
CN114611128B (en) Longitudinal federal learning method, device, system, equipment and storage medium
CN114153808B (en) Sorting method and system based on secret sharing
Schlögl et al. eNNclave: Offline inference with model confidentiality
Duan et al. Secure and verifiable outsourcing of nonnegative matrix factorization (NMF)
CN114282255B (en) Sorting sequence merging method and system based on secret sharing
CN114338017B (en) Sorting method and system based on secret sharing
CN111259440A (en) Privacy protection decision tree classification method for cloud outsourcing data
CN114172631B (en) Sorting method and system based on secret sharing
CN111046431B (en) Data processing method, query method, device, electronic equipment and system
JPWO2018008547A1 (en) Secret calculation system, secret calculation device, secret calculation method, and program
CN114726514B (en) Data processing method and device
JP6467063B2 (en) Secret authentication code adding apparatus, secret authentication code adding method, and program
CN109313664B (en) Fisher exact test calculation device, method and recording medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant