CN114329533A - Secure multiparty computing method and related device - Google Patents
Secure multiparty computing method and related device Download PDFInfo
- Publication number
- CN114329533A CN114329533A CN202111582481.8A CN202111582481A CN114329533A CN 114329533 A CN114329533 A CN 114329533A CN 202111582481 A CN202111582481 A CN 202111582481A CN 114329533 A CN114329533 A CN 114329533A
- Authority
- CN
- China
- Prior art keywords
- calculation
- computing
- task
- data
- parameter
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The embodiment of the application discloses a secure multi-party computing method and related equipment, which are applied to a first computing node in a secure multi-party computing system, wherein the first computing node is any computing participant in the secure multi-party computing system, the secure multi-party computing system comprises P computing nodes, the P computing nodes comprise a data provider and Q computing participants, P, Q is a positive integer, and P is greater than or equal to 2; the method comprises the following steps: acquiring first data in secret shared data provided by the data provider; calculating the first data to obtain a first intermediate calculation parameter; acquiring second intermediate calculation parameters of other calculation parties except the first calculation node in the Q calculation participants; and performing data recovery according to the first intermediate calculation parameter and the second intermediate calculation parameter to obtain a final calculation result. By adopting the embodiment of the application, safe multi-party calculation can be realized.
Description
Technical Field
The application relates to the technical field of data security technology and privacy protection, in particular to a secure multi-party computing method and related equipment.
Background
Secure multi-party computing (SMPC) refers to a cooperative computing that is performed by multiple parties without a trusted third party, and is mainly used for performing a computing task in cooperation and obtaining a final computing result without exposing respective local data among the multiple parties.
Disclosure of Invention
The embodiment of the application provides a secure multi-party computing method and related equipment, which can realize secure multi-party computing of multitask concurrent execution.
In a first aspect, an embodiment of the present application provides a secure multi-party computing method, which is applied to a first computing node in a secure multi-party computing system, where the first computing node is any computing participant in the secure multi-party computing system, the secure multi-party computing system includes P computing nodes, and P, Q includes a data provider and Q computing participants, where P is greater than or equal to 2; the method comprises the following steps:
acquiring first data in secret shared data provided by the data provider;
calculating the first data to obtain a first intermediate calculation parameter;
acquiring second intermediate calculation parameters of other calculation parties except the first calculation node in the Q calculation participants;
and performing data recovery according to the first intermediate calculation parameter and the second intermediate calculation parameter to obtain a final calculation result.
In a second aspect, an embodiment of the present application provides a secure multi-party computing device, which is applied to a first computing node in a secure multi-party computing system, where the first computing node is any computing participant in the secure multi-party computing system, the secure multi-party computing system includes P computing nodes, where the P computing nodes include a data provider and Q computing participants, P, Q is a positive integer, and P is greater than or equal to 2; the device comprises: a first acquisition unit, a calculation unit, a second acquisition unit, and a data recovery unit, wherein,
the first acquisition unit is used for acquiring first data in the secret shared data provided by the data provider;
the calculation unit is used for calculating the first data to obtain a first intermediate calculation parameter;
the second obtaining unit is used for obtaining second intermediate calculation parameters of other calculation parties except the first calculation node in the Q calculation participants;
and the data recovery unit is used for recovering data according to the first intermediate calculation parameter and the second intermediate calculation parameter to obtain a final calculation result.
In a third aspect, an embodiment of the present application provides an electronic device, including a processor, a memory, a communication interface, and one or more programs, where the one or more programs are stored in the memory and configured to be executed by the processor, and the program includes instructions for executing the steps in the first aspect of the embodiment of the present application.
In a fourth aspect, an embodiment of the present application provides a computer-readable storage medium, where the computer-readable storage medium stores a computer program for electronic data exchange, where the computer program enables a computer to perform some or all of the steps described in the first aspect of the embodiment of the present application.
In a fifth aspect, embodiments of the present application provide a computer program product, where the computer program product includes a non-transitory computer-readable storage medium storing a computer program, where the computer program is operable to cause a computer to perform some or all of the steps as described in the first aspect of the embodiments of the present application. The computer program product may be a software installation package.
In a sixth aspect, an embodiment of the present application provides a secure multi-party computing system, including: at least one computing node as described in the first aspect, a scheduling node and a computing node as a data provider.
The embodiment of the application has the following beneficial effects:
it can be seen that the secure multiparty computing method and the related device described in the embodiments of the present application are applied to a first computing node in a secure multiparty computing system, where the first computing node is any computing participant in the secure multiparty computing system, the secure multiparty computing system includes P computing nodes, where the P computing nodes include a data provider and Q computing participants, P, Q is a positive integer, and P is greater than or equal to 2; the method comprises the steps of obtaining first data in secret shared data provided by a data provider, calculating the first data to obtain first intermediate calculation parameters, obtaining second intermediate calculation parameters of other calculation parties except a first calculation node in Q calculation participants, and recovering data according to the first intermediate calculation parameters and the second intermediate calculation parameters to obtain a final calculation result, so that safe multi-party calculation can be achieved.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a schematic structural diagram of a secure multi-party computing system for implementing a secure multi-party computing method according to an embodiment of the present application;
FIG. 2 is a flow chart of a secure multiparty computing method according to an embodiment of the present application;
FIG. 3 is a schematic structural diagram of another secure multi-party computing system for implementing the secure multi-party computing method according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of a compute node according to an embodiment of the present application;
FIG. 5 is a schematic diagram illustrating a secure multi-party computing protocol according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present application;
FIG. 7 is a block diagram of functional units of a secure multi-party computing device according to an embodiment of the present disclosure.
Detailed Description
In order to make the technical solutions of the present application better understood, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The terms "first," "second," and the like in the description and claims of the present application and in the above-described drawings are used for distinguishing between different objects and not for describing a particular order. Furthermore, the terms "include" and "have," as well as any variations thereof, are intended to cover non-exclusive inclusions. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those steps or elements listed, but may alternatively include other steps or elements not listed, or inherent to such process, method, article, or apparatus.
Reference herein to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the application. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is explicitly and implicitly understood by one skilled in the art that the embodiments described herein can be combined with other embodiments.
The electronic device described in the embodiment of the present application may include a smart Phone (e.g., an Android Phone, an iOS Phone, a Windows Phone, etc.), a tablet computer, a palm computer, a car data recorder, a notebook computer, a Mobile Internet device (MID, Mobile Internet Devices), or a wearable device (e.g., a smart watch, a bluetooth headset), which are merely examples, but not exhaustive, and include but are not limited to the above electronic device, and the electronic device may also be a server.
The following describes embodiments of the present application in detail.
Referring to fig. 1, fig. 1 is a schematic structural diagram of a secure multi-party computing system for implementing a secure multi-party computing method according to an embodiment of the present application, as shown in the figure, the secure multi-party computing system includes: a scheduling node, a UUID generator, and a plurality of compute nodes.
The scheduling node, the UUID generator, and each of the plurality of computing nodes may be an independent electronic device.
In the embodiment of the application, the communication mechanism among the scheduling node, the UUID generator and any 2 devices of the plurality of computing nodes can be a TCP long connection communication mechanism. Compared with a communication mode of TCP short connection (3 handshaking, connection is needed every time), the communication efficiency is improved by introducing a TCP long connection communication mechanism, namely one-time connection and long-term online.
In a specific implementation, based on the secure multi-party computing system described in fig. 1, the first computing node is any computing participant in the secure multi-party computing system, the secure multi-party computing system includes P computing nodes, where the P computing nodes include a data provider and Q computing participants, P, Q is a positive integer, and P is greater than or equal to 2, and the first computing node in the secure multi-party computing system may be configured to implement the following functions:
acquiring first data in secret shared data provided by the data provider;
calculating the first data to obtain a first intermediate calculation parameter;
acquiring second intermediate calculation parameters of other calculation parties except the first calculation node in the Q calculation participants;
and performing data recovery according to the first intermediate calculation parameter and the second intermediate calculation parameter to obtain a final calculation result.
It can be seen that, in the embodiment of the present application, the first computing node is any computing participant in a secure multi-party computing system, the secure multi-party computing system includes P computing nodes, the P computing nodes include a data provider and Q computing participants, P, Q are positive integers, and P is greater than or equal to 2; the method comprises the steps of obtaining first data in secret shared data provided by a data provider, calculating the first data to obtain first intermediate calculation parameters, obtaining second intermediate calculation parameters of other calculation parties except a first calculation node in Q calculation participants, and recovering data according to the first intermediate calculation parameters and the second intermediate calculation parameters to obtain a final calculation result, so that safe multi-party calculation can be achieved.
Referring to fig. 2, fig. 2 is a schematic flowchart of a secure multi-party computing method according to an embodiment of the present disclosure, which is applied to the secure multi-party computing system shown in fig. 1, and as shown, is applied to a first computing node in the secure multi-party computing system, where the first computing node is any computing participant in the secure multi-party computing system, the secure multi-party computing system includes P computing nodes, where the P computing nodes include a data provider and Q computing participants, P, Q are positive integers, and P is greater than or equal to 2; the secure multiparty computing method comprises the following steps:
201. and acquiring first data in the secret shared data provided by the data provider.
In specific implementation, in order to ensure privacy and security of local data of calculation participants, multiple rounds of communication need to be performed between calculation nodes in a calculation process, and meanwhile, cryptographic technologies such as pseudo-random number generation and homomorphic encryption are introduced to protect the security of the calculation process. As shown in fig. 3, any one of the computing node a, the computing node B, and the computing node C may be a data provider, the other 2 computing nodes are computing participants, and the three computing nodes may interact with each other through intermediate computing parameters to recover the computing results of the computing participants, so as to obtain an analysis result of at least one dimension of the secretly shared data, for example, the secretly shared data is health data of different users, and the analysis result of the at least one dimension may be a ratio of male users to female users obtained from the secretly shared data.
In the implementation of the application, the data provider can divide the data which needs secret sharing into a plurality of shares, the plurality of shares are at least two shares, and the data of each share is partial data of the data which needs secret sharing. The first data may be a random number.
Optionally, the secure multi-party computing system comprises: the system comprises a UUID generator and scheduling nodes, wherein the UUID generator is used for generating a target task number, and the P computing nodes are configured into a group through the target task number.
In the embodiment of the application, an IO multiplexing mechanism and a globally unique UUID generating mechanism are introduced to ensure the global uniqueness of the safe multi-party computing task, so that the concurrent execution of multiple tasks is facilitated, and the concurrency and the throughput are increased compared with the safe multi-party computing task which is executed sequentially.
202. And calculating the first data to obtain a first intermediate calculation parameter.
The first computing node calculates according to the local logic, and specifically may calculate the first data to obtain the first intermediate calculation parameter.
Optionally, in step 202, the calculating the first data to obtain a first intermediate calculation parameter may include the following steps:
21. determining a first computing task corresponding to the first data;
22. writing the first computing task to a task queue to wait for execution of the first computing task;
23. polling the task queue through a computing management thread;
24. and if the task queue is not empty, taking out a first task of the task queue, starting a computing thread and adding the first task into a thread pool for execution, wherein the thread pool comprises a plurality of computing task threads, and each computing task thread independently executes the computing task to obtain the first intermediate computing parameter.
In a specific implementation, as shown in fig. 4, the scheduling node is configured to assign UUIDs, and intermediate calculation parameter interaction is performed between other calculation nodes and the calculation node a. The computing node A can comprise a task management thread, a computing task thread pool, a parameter hash table, a result hash table, an IO management thread and a result recovery thread. The computing node A can be any computing node in the secure multi-party computing system, and the specific structure of the computing node A can refer to the structure of the computing node A whether a data provider or a computing participant.
The task management thread can be used for realizing task writing operation and writing the tasks to be executed into the task queue. And the queue of thread safety is adopted, so that the parallelism of the calculation task is ensured on the premise of ensuring the read-write safety.
Wherein the task queue may include at least one task, such as task-tid-1, task-tid-2, …, task-tid-n, and so forth.
The computing management thread is used for polling the task queue, sequentially acquiring corresponding tasks in the task queue, and executing the tasks through the computing task thread pool.
Among other things, the computing task thread pool may include multiple computing task threads, such as thread-tid-1, thread-tid-2, …, thread-tid-n, and so forth. Each calculation task thread corresponds to one calculation task, and each calculation result is written into the parameter hash table, specifically, the calculation result can be written into the parameter hash table in a polling parameter list mode. A hash table of thread safety and an IO multiplexing mechanism are introduced, and the high efficiency of parameter transmission is ensured.
The result recovery thread may receive a result recovery request sent by another compute node or the compute result a, and the result recovery thread may recover the compute result to obtain a final compute result. The result recovery thread may also obtain corresponding calculation results from the result hash table, that is, obtain calculation results in a polling result list manner, and implement the operation of recovering calculation results using these calculation results to obtain final calculation results.
The parameter hash table may include: and calculating the mapping relation between the calculation result of the task thread and the hash parameter. Namely, the parameter hash table can be expressed as: tid-1-p 1: param1, tid-2-p 2: param2, tid-3-p 3: param3, ….
The IO management thread may receive the calculation parameters sent by the calculation task thread pool, may also receive intermediate calculation parameters sent by other calculation nodes, and may also write the intermediate calculation parameters sent by other calculation nodes into the parameter hash table, specifically, may write the intermediate calculation parameters sent by other calculation nodes into the parameter hash table in a form of a parameter list. Of course, the parameter results may also be written to the result hash table. The concurrent processing of the thread level realizes the parallel execution of different types of computing tasks, improves the computing efficiency, reduces the response time delay and supports the parallel execution of different types of computing tasks.
The result hash table may include a mapping relationship between the calculation result and the hash parameter, that is, the result hash table may be represented as: tid-1-res 1: res1, tid-2-res 2: res2, tid-3-res 3: res3, ….
According to the method and the device, the computing tasks are dynamically loaded in a thread pool mode, and the types (such as addition, multiplication, comparison and the like) of the computing tasks are not bound, so that different types of computing tasks can be executed concurrently, and high expandability is achieved.
In a specific implementation, the first data may correspond to a random number, a first calculation task corresponding to the first data may be determined, and different calculation nodes may correspond to different calculation tasks, which is determined by structures of the calculation nodes. And writing the first computing task into a task queue to wait for execution of the first computing task, polling the task queue through a computing management thread, if the task queue is not empty, taking out a first task of the task queue, starting a computing task thread and adding the first task into a thread pool to execute, wherein the thread pool comprises a plurality of computing task threads, and each computing task thread independently executes the computing task to obtain a first intermediate computing parameter. In order to solve the problem of computation load in a high-concurrency scene, in the embodiment of the application, a message queue with safe threads is introduced, a message queue memory (computation task queue) is shared among threads of each computation node, a computation management thread polls the computation task queue, if the queue is not empty, a queue head task is taken out, and a computation task thread is started and added into a thread pool for multi-party computation.
In specific implementation, an IO multiplexing mechanism can be introduced to reduce the number of ports, a single thread processes IO requests between computing nodes, meanwhile, a thread-safe hash table is used for storing intermediate computing parameters, and parameter indexing is performed through a globally unique task number (tid) so as to solve the problem of parameter conflict in a high-concurrency scene. In addition, communication between concurrent threads is realized through a thread-safe queue and a hash table.
Optionally, the method may further include the following steps:
a1, detecting whether a first calculation parameter needs to be sent;
and A2, if the first calculation parameter needs to be sent, informing the IO management thread to send the calculation parameter.
In a specific implementation, the first calculation parameter may be understood as an internal calculation parameter, and the first calculation node may detect whether the first calculation parameter needs to be sent, and if the first calculation parameter needs to be sent, notify the IO management thread to send the calculation parameter, and may write the first calculation parameter into the parameter hash table, or calculate the first calculation parameter to write the result parameter into the result hash table.
Optionally, the method may further include the following steps:
and when the IO management thread receives second calculation parameters of other calculation nodes, classifying the second calculation parameters according to the task numbers of the calculation nodes corresponding to the second calculation parameters, and storing the second calculation parameters into a parameter hash table to wait for a local calculation task thread to inquire the second calculation parameters.
Wherein the second calculation parameter is a calculation parameter from other calculation results, for example, an intermediate calculation parameter. And after receiving the second calculation parameters of other calculation nodes at the IO management thread, classifying the second calculation parameters according to the target task numbers of the calculation nodes corresponding to the second calculation parameters, storing the second calculation parameters into the parameter hash table to wait for the local calculation task thread to inquire the second calculation parameters, and further writing the result parameters into the result hash table after the second calculation parameters are calculated.
Optionally, the method may further include the following steps:
and waiting for parameter transmission by blocking and polling the parameter hash table, and executing corresponding calculation according to the second calculation parameter when the second calculation parameter is inquired.
The parameter hash table can be blocked and polled to wait for parameter transmission, so as to ensure that the calculation is performed orderly, when the second calculation parameter is inquired, corresponding calculation is performed according to the second calculation parameter, and the result parameter can be written into the result hash table after the second calculation parameter is calculated.
Optionally, the method may further include the following steps:
and writing the calculation result of each calculation task thread into a result hash table so as to perform inquiry when waiting for the result recovery thread.
The result recovery thread may query the corresponding calculation result after receiving the result recovery request, so as to recover the calculation result.
203. And acquiring second intermediate calculation parameters of the other calculation parties except the first calculation node in the Q calculation participants.
Each of the Q computation participants includes partial secret shared data, and then all intermediate computation parameters in the Q computation participants can be collected, that is, all of the secret shared data can be covered, that is, secret shared shares held by other parties after secret sharing of the result obtained by each of the computation participants is recovered, and then all of the secret shared data can be covered.
For example, as shown in fig. 5, assuming that x and y are original data (data sources), and each secret sharing is 3 shares (i.e., x1, x2, x 3; y1, y2, y3) and sent to three computing nodes p1, p2, and p3, p1 possesses secret sharing with subscripts 1 and 2 (i.e., x1, x2, y1, and y2), p2 possesses secret sharing with subscripts 2 and 3 (i.e., x2, x3, y2, and y3), and p3 possesses secret sharing with subscripts 1 and 3 (i.e., x3, x1, y3, and y 1).
As shown in the following formula, the specific logic to be calculated can be obtained through the formula, z1, z2 and z3 are the logics to be calculated locally for p1, p2 and p3, respectively, p1 will obtain z1 and z2 when the final calculation is completed, p2 will obtain z2 and z3, p3 will obtain z3 and z1, and x ═ y ═ z1+ z2+ z3, that is, when the calculation result is restored, any one calculation node only needs to interact with another calculation node to obtain the secret sharing about z which is not owned, and the final result of x × y can be restored.
xy=(x1+x2+x3)(y1+y2+y3)
=x1y1+x1y2+x1y3+x2y1+x2y2+x2y3+x3y1+x3y2+x3y3
Of course, in order to ensure the security of the computation in the actual computation process, the computing nodes (p1, p2 and p3) may have different round number interactions.
Optionally, in step 203, the obtaining of the second intermediate calculation parameters of the other calculation parties except for the first calculation node in the Q calculation participants may include the following steps:
31. initiating a calculation result recovery request to a participant corresponding to the secretly shared data through a result recovery thread;
32. and acquiring the second intermediate calculation result fed back by the participant corresponding to the secret sharing data.
In a specific implementation, a calculation result recovery request may be initiated to a participant corresponding to the secret shared data through the result recovery thread, that is, after the result recovery thread receives the calculation result recovery request, the calculation result recovery thread may wait to obtain a second intermediate calculation result fed back by the participant corresponding to the secret shared data.
204. And performing data recovery according to the first intermediate calculation parameter and the second intermediate calculation parameter to obtain a final calculation result.
In specific implementation, since the first intermediate calculation parameter and the second intermediate calculation parameter cover all contents of the secretly shared data, data recovery can be performed according to the first intermediate calculation parameter and the second intermediate calculation parameter, and a final calculation result is obtained.
In a specific implementation, taking three-party secure multi-party computing based on secret sharing as an example (three computing nodes, but two parties are provided by a data provider), a rough computing flow includes the following steps:
b1, one party initiates a secure multiparty computation task while notifying the other two participants (compute nodes).
B2, the data provider (two parties thereof) respectively performs data preprocessing, and each performs secret sharing on the local data, and sends the parameters after secret sharing to the corresponding computing node.
B3, each of the three computing nodes locally performs computation according to specific logic.
B4, the three calculation nodes carry out intermediate calculation parameter transmission according to a specific flow.
B5, executing the steps B3 and B4 for a plurality of times according to the execution flow of the calculation protocol, and finally obtaining the secret sharing of the calculation result.
B6, the three computing nodes transmit through the intermediate computing parameters and execute the recovery process of secret sharing to recover the final computing result.
Wherein different operators may correspond to different computing protocols.
Further, by way of example, in the embodiment of the present application, the participants include a client (receiver) and a server (sender), and the specific steps are as follows:
c1, a computation participant informs the scheduling node to initiate the computation request.
C2, the scheduling node calls a UUID generator to generate a globally unique task number (tid).
C3, the scheduling node informs each computation participant to send a task number (tid) and related parameters and initiate a computation task.
And C4, each calculation participant writes the calculation task into the task queue to wait for execution after receiving the calculation task.
C5, polling the task queue by the computing management thread of each computing node, if the queue is not empty, taking out the head task of the queue, starting the computing task thread and adding the computing task thread into the thread pool for execution.
C6 each compute task thread in the thread pool of each compute node independently performs a compute task.
C7, if the calculation parameters need to be sent, the IO management thread is informed to send;
c8, if the IO management thread receives the calculation parameters of other calculation nodes, classifying according to the task number (tid) and storing the tid into a hash table of a local memory to wait for the local calculation task thread to inquire;
and C9, if the calculation parameters of other participants need to be acquired, blocking and polling the parameter hash table to wait for parameter transmission, and continuing to execute the subsequent protocol after the calculation parameters are inquired.
And C10, after the calculation of each calculation task thread is finished, writing the result into the result hash table, and inquiring when waiting for the result recovery thread.
C11, if the calculation result needs to be restored, the result restoring thread sends a request to other nodes, the corresponding node inquires and sends the calculation result parameter according to the task number (tid), and after receiving the result parameter, the calculation node locally restores the calculation result.
In a specific implementation, multiple tasks are performed simultaneously, different computing types may be supported, and a computing type may be any computing type, for example, the computing type may include at least one of the following: the type of addition calculation, the type of subtraction calculation, the type of multiplication calculation, the type of division calculation, the type of comparison calculation, the type of logarithm calculation, etc., are not limited herein.
In the embodiment of the application, a three-party computing scenario is taken as an example, and a safe multi-party computing task is rapidly executed in a multi-task concurrent scenario. According to the embodiment of the application, the problems of dynamic loading, IO multiplexing and load balancing of different types of computing tasks can be solved under a high concurrency scene.
In specific implementation, an IO multiplexing and globally unique UUID generation mechanism can be introduced into the embodiment of the application, so that the global uniqueness of the secure multi-party computing task is ensured, the concurrent execution of multiple tasks is facilitated, and the concurrency and the throughput are increased compared with the sequentially executed secure multi-party computing task.
To sum up, in the embodiment of the present application, a globally unique task number (tid) is generated by introducing a UUID generator, and is used to index a multi-party computation task and an intermediate computation parameter in a task execution process, thereby ensuring orderliness of parameter transmission in a memory sharing process during inter-thread communication.
It can be seen that the secure multi-party computing method described in the embodiment of the present application is applied to a first computing node in a secure multi-party computing system, where the first computing node is any computing participant in the secure multi-party computing system, the secure multi-party computing system includes P computing nodes, the P computing nodes include a data provider and Q computing participants, P, Q is a positive integer, and P is greater than or equal to 2; the method comprises the steps of obtaining first data in secret shared data provided by a data provider, calculating the first data to obtain first intermediate calculation parameters, obtaining second intermediate calculation parameters of other calculation parties except a first calculation node in Q calculation participants, and recovering data according to the first intermediate calculation parameters and the second intermediate calculation parameters to obtain a final calculation result, so that safe multi-party calculation of multi-task concurrent execution can be realized.
In keeping with the foregoing embodiments, please refer to fig. 6, fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present application, which may be the first computing node in the secure multi-party computing system shown in fig. 1, and includes a processor, a memory, a communication interface, and one or more programs applied to the electronic device, where the one or more programs are stored in the memory and configured to be executed by the processor, and in an embodiment of the present application, the program includes instructions for performing the following steps:
acquiring first data in secret shared data provided by the data provider;
calculating the first data to obtain a first intermediate calculation parameter;
acquiring second intermediate calculation parameters of other calculation parties except the first calculation node in the Q calculation participants;
and performing data recovery according to the first intermediate calculation parameter and the second intermediate calculation parameter to obtain a final calculation result.
Optionally, in the aspect of calculating the first data to obtain the first intermediate calculation parameter, the program includes instructions for executing the following steps:
determining a first computing task corresponding to the first data;
writing the first computing task to a task queue to wait for execution of the first computing task;
polling the task queue through a computing management thread;
and if the task queue is not empty, taking out a first task of the task queue, starting a calculation task thread and adding the first task into a thread pool for execution, wherein the thread pool comprises a plurality of calculation task threads, and each calculation task thread independently executes a calculation task to obtain the first intermediate calculation parameter.
Optionally, the program further includes instructions for performing the following steps:
detecting whether a first calculation parameter needs to be sent;
if the first calculation parameter needs to be sent, an IO management thread is informed to send the calculation parameter;
alternatively, the first and second electrodes may be,
and when the IO management thread receives second calculation parameters of other calculation nodes, classifying the second calculation parameters according to the target task numbers of the calculation nodes corresponding to the second calculation parameters, and storing the second calculation parameters into a parameter hash table to wait for a local calculation task thread to inquire the second calculation parameters.
Optionally, the program further comprises instructions for performing the steps of:
and waiting for parameter transmission by blocking and polling the parameter hash table, and executing corresponding calculation according to the second calculation parameter when the second calculation parameter is inquired.
Optionally, the program further includes instructions for performing the following steps:
and writing the calculation result of each calculation task thread into a result hash table so as to perform inquiry when waiting for the result recovery thread.
Optionally, in the aspect of obtaining the second intermediate calculation parameters of the other calculation parties except the first calculation node among the Q calculation parties, the program includes instructions for performing the following steps:
initiating a calculation result recovery request to a participant corresponding to the secretly shared data through a result recovery thread;
and acquiring the second intermediate calculation result fed back by the participant corresponding to the secret sharing data.
Optionally, the secure multi-party computing system comprises: the system comprises a UUID generator and scheduling nodes, wherein the UUID generator is used for generating a target task number, and the P computing nodes are configured into a group through the target task number.
FIG. 7 is a block diagram of the functional elements of a secure multi-party computing device 700 involved in an embodiment of the present application. The secure multi-party computing device 700 is applied to a first computing node in a secure multi-party computing system, wherein the first computing node is any computing participant in the secure multi-party computing system, the secure multi-party computing system comprises P computing nodes, the P computing nodes comprise a data provider and Q computing participants, P, Q is a positive integer, and P is greater than or equal to 2; the apparatus 700 comprises: a first acquisition unit 701, a calculation unit 702, a second acquisition unit 703, and a data recovery unit 704, wherein,
the first obtaining unit 701 is configured to obtain first data in secret shared data provided by the data provider;
the calculating unit 702 is configured to calculate the first data to obtain a first intermediate calculation parameter;
the second obtaining unit 703 is configured to obtain second intermediate calculation parameters of the other calculation parties of the Q calculation participants except for the first calculation node;
the data recovery unit 704 is configured to perform data recovery according to the first intermediate calculation parameter and the second intermediate calculation parameter, so as to obtain a final calculation result.
Optionally, in terms of calculating the first data to obtain a first intermediate calculation parameter, the calculating unit 702 is specifically configured to:
determining a first computing task corresponding to the first data;
writing the first computing task to a task queue to wait for execution of the first computing task;
polling the task queue through a computing management thread;
and if the task queue is not empty, taking out a first task of the task queue, starting a calculation task thread and adding the first task into a thread pool for execution, wherein the thread pool comprises a plurality of calculation task threads, and each calculation task thread independently executes a calculation task to obtain the first intermediate calculation parameter.
Optionally, the apparatus 700 is further specifically configured to:
detecting whether a first calculation parameter needs to be sent;
if the first calculation parameter needs to be sent, an IO management thread is informed to send the calculation parameter;
alternatively, the first and second electrodes may be,
and when the IO management thread receives second calculation parameters of other calculation nodes, classifying the second calculation parameters according to the target task numbers of the calculation nodes corresponding to the second calculation parameters, and storing the second calculation parameters into a parameter hash table to wait for a local calculation task thread to inquire the second calculation parameters.
Optionally, the apparatus 700 is further specifically configured to:
and waiting for parameter transmission by blocking and polling the parameter hash table, and executing corresponding calculation according to the second calculation parameter when the second calculation parameter is inquired.
Optionally, the apparatus 700 is further specifically configured to:
and writing the calculation result of each calculation task thread into a result hash table so as to perform inquiry when waiting for the result recovery thread.
Optionally, in the aspect of acquiring the second intermediate calculation parameters of the other calculation parties except the first calculation node among the Q calculation parties, the second acquiring unit 703 is specifically configured to:
initiating a calculation result recovery request to a participant corresponding to the secretly shared data through a result recovery thread;
and acquiring the second intermediate calculation result fed back by the participant corresponding to the secret sharing data.
Optionally, the secure multi-party computing system comprises: the system comprises a UUID generator and scheduling nodes, wherein the UUID generator is used for generating a target task number, and the P computing nodes are configured into a group through the target task number.
It is understood that the functions of the program modules of the secure multi-party computing device of this embodiment can be specifically implemented according to the method in the foregoing method embodiment, and the specific implementation process thereof can refer to the related description of the foregoing method embodiment, which is not described herein again.
Embodiments of the present application also provide a computer storage medium, where the computer storage medium stores a computer program for electronic data exchange, the computer program enabling a computer to execute part or all of the steps of any one of the methods described in the above method embodiments, and the computer includes an electronic device.
Embodiments of the present application also provide a computer program product comprising a non-transitory computer readable storage medium storing a computer program operable to cause a computer to perform some or all of the steps of any of the methods as described in the above method embodiments. The computer program product may be a software installation package, the computer comprising an electronic device.
It should be noted that, for simplicity of description, the above-mentioned method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present application is not limited by the order of acts described, as some steps may occur in other orders or concurrently depending on the application. Further, those skilled in the art should also appreciate that the embodiments described in the specification are preferred embodiments and that the acts and modules referred to are not necessarily required in this application.
In the foregoing embodiments, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus may be implemented in other manners. For example, the above-described embodiments of the apparatus are merely illustrative, and for example, the above-described division of the units is only one type of division of logical functions, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection of some interfaces, devices or units, and may be an electric or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit may be stored in a computer readable memory if it is implemented in the form of a software functional unit and sold or used as a stand-alone product. Based on such understanding, the technical solution of the present application may be substantially implemented or a part of or all or part of the technical solution contributing to the prior art may be embodied in the form of a software product stored in a memory, and including several instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the above-mentioned method of the embodiments of the present application. And the aforementioned memory comprises: a U-disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic or optical disk, and other various media capable of storing program codes.
Those skilled in the art will appreciate that all or part of the steps in the methods of the above embodiments may be implemented by associated hardware instructed by a program, which may be stored in a computer-readable memory, which may include: flash Memory disks, Read-Only memories (ROMs), Random Access Memories (RAMs), magnetic or optical disks, and the like.
The foregoing detailed description of the embodiments of the present application has been presented to illustrate the principles and implementations of the present application, and the above description of the embodiments is only provided to help understand the method and the core concept of the present application; meanwhile, for a person skilled in the art, according to the idea of the present application, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present application.
Claims (10)
1. A secure multi-party computing method is applied to a first computing node in a secure multi-party computing system, wherein the first computing node is any one computing participant in the secure multi-party computing system, the secure multi-party computing system comprises P computing nodes, the P computing nodes comprise a data provider and Q computing participants, P, Q is a positive integer, and P is greater than or equal to 2; the method comprises the following steps:
acquiring first data in secret shared data provided by the data provider;
calculating the first data to obtain a first intermediate calculation parameter;
acquiring second intermediate calculation parameters of other calculation parties except the first calculation node in the Q calculation participants;
and performing data recovery according to the first intermediate calculation parameter and the second intermediate calculation parameter to obtain a final calculation result.
2. The method of claim 1, wherein said calculating the first data to obtain a first intermediate calculation parameter comprises:
determining a first computing task corresponding to the first data;
writing the first computing task to a task queue to wait for execution of the first computing task;
polling the task queue through a computing management thread;
and if the task queue is not empty, taking out a first task of the task queue, starting a calculation task thread and adding the first task into a thread pool for execution, wherein the thread pool comprises a plurality of calculation task threads, and each calculation task thread independently executes a calculation task to obtain the first intermediate calculation parameter.
3. The method of claim 2, further comprising:
detecting whether a first calculation parameter needs to be sent;
if the first calculation parameter needs to be sent, an IO management thread is informed to send the calculation parameter;
alternatively, the first and second electrodes may be,
and when the IO management thread receives second calculation parameters of other calculation nodes, classifying the second calculation parameters according to the target task numbers of the calculation nodes corresponding to the second calculation parameters, and storing the second calculation parameters into a parameter hash table to wait for a local calculation task thread to inquire the second calculation parameters.
4. The method of claim 3, further comprising:
and waiting for parameter transmission by blocking and polling the parameter hash table, and executing corresponding calculation according to the second calculation parameter when the second calculation parameter is inquired.
5. The method of claim 4, further comprising:
and writing the calculation result of each calculation task thread into a result hash table so as to perform inquiry when waiting for the result recovery thread.
6. The method according to any one of claims 1-5, wherein said obtaining second intermediate computation parameters of the other of the Q computation participants except the first computation node comprises:
initiating a calculation result recovery request to a participant corresponding to the secretly shared data through a result recovery thread;
and acquiring the second intermediate calculation result fed back by the participant corresponding to the secret sharing data.
7. The method according to any of claims 1-5, wherein the secure multi-party computing system comprises: the system comprises a UUID generator and scheduling nodes, wherein the UUID generator is used for generating a target task number, and the P computing nodes are configured into a group through the target task number.
8. A secure multi-party computing device, for use in a first computing node in a secure multi-party computing system, the first computing node being any one of the computing participants in the secure multi-party computing system, the secure multi-party computing system comprising P computing nodes, the P computing nodes comprising a data provider and Q computing participants, P, Q being positive integers, and P being greater than or equal to 2; the device comprises: a first acquisition unit, a calculation unit, a second acquisition unit, and a data recovery unit, wherein,
the first acquisition unit is used for acquiring first data in the secret shared data provided by the data provider;
the calculation unit is used for calculating the first data to obtain a first intermediate calculation parameter;
the second obtaining unit is used for obtaining second intermediate calculation parameters of other calculation parties except the first calculation node in the Q calculation participants;
and the data recovery unit is used for recovering data according to the first intermediate calculation parameter and the second intermediate calculation parameter to obtain a final calculation result.
9. An electronic device comprising a processor, a memory for storing one or more programs and configured for execution by the processor, the programs comprising instructions for performing the steps of the method of any of claims 1-7.
10. A computer-readable storage medium, characterized in that a computer program for electronic data exchange is stored, wherein the computer program causes a computer to perform the method according to any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111582481.8A CN114329533A (en) | 2021-12-22 | 2021-12-22 | Secure multiparty computing method and related device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111582481.8A CN114329533A (en) | 2021-12-22 | 2021-12-22 | Secure multiparty computing method and related device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114329533A true CN114329533A (en) | 2022-04-12 |
Family
ID=81055479
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111582481.8A Pending CN114329533A (en) | 2021-12-22 | 2021-12-22 | Secure multiparty computing method and related device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114329533A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114584285A (en) * | 2022-05-05 | 2022-06-03 | 深圳市洞见智慧科技有限公司 | Secure multiparty processing method and related device |
| CN114760367A (en) * | 2022-04-24 | 2022-07-15 | 华控清交信息科技(北京)有限公司 | Encryption protocol conversion method, first node and second node |
| CN115269234A (en) * | 2022-09-26 | 2022-11-01 | 华控清交信息科技(北京)有限公司 | Task message transmission method and device and related equipment |
-
2021
- 2021-12-22 CN CN202111582481.8A patent/CN114329533A/en active Pending
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114760367A (en) * | 2022-04-24 | 2022-07-15 | 华控清交信息科技(北京)有限公司 | Encryption protocol conversion method, first node and second node |
| CN114760367B (en) * | 2022-04-24 | 2024-05-31 | 华控清交信息科技(北京)有限公司 | Encryption protocol conversion method, first node and second node |
| CN114584285A (en) * | 2022-05-05 | 2022-06-03 | 深圳市洞见智慧科技有限公司 | Secure multiparty processing method and related device |
| CN115269234A (en) * | 2022-09-26 | 2022-11-01 | 华控清交信息科技(北京)有限公司 | Task message transmission method and device and related equipment |
| CN115269234B (en) * | 2022-09-26 | 2023-01-10 | 华控清交信息科技(北京)有限公司 | Task message transmission method and device and related equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN114329533A (en) | Secure multiparty computing method and related device | |
| CN112199382B (en) | Method for creating node group and transaction based on node group in alliance chain network | |
| TW202030656A (en) | Cross-chain right-using system, method and device, electronic equipment and storage medium | |
| US9332039B2 (en) | Method, apparatus, and system for establishing voice communication | |
| WO2021203853A1 (en) | Key generation method, device, apparatus, and medium | |
| CN104917721B (en) | Authorization method, device and system based on oAuth agreement | |
| CN111163130B (en) | Network service system and data transmission method thereof | |
| CN113708930B (en) | Data comparison method, device, equipment and medium for private data | |
| CN110958218A (en) | Data transmission method based on multi-network communication and related equipment | |
| CN109981576B (en) | Key migration method and device | |
| US9876768B2 (en) | System, apparatus and method for secure coordination of a rendezvous point for distributed devices using entropy multiplexing | |
| CN114428972A (en) | Privacy protection query method and device supporting outsourcing calculation and related equipment | |
| CN113783708A (en) | Re-voting binary consensus method and device based on reliable broadcast | |
| CN113343283A (en) | Data processing method | |
| CN110536118A (en) | A kind of data capture method, device and computer storage medium | |
| CN107422980A (en) | Internet of Things data document storage system and its data file storage method | |
| CN109787767B (en) | SM2 collaborative digital signature method and device | |
| CN116743376A (en) | Multiparty secret sharing data privacy comparison method based on efficient ciphertext confusion technology | |
| EP2701068B1 (en) | Network access system | |
| CN113794566B (en) | Re-voting binary consensus method, device and storage medium | |
| Yang et al. | Method of Interaction between Blockchain and the World outside the Chain based on Oracle Machine | |
| CN114845084A (en) | Multi-user screen management method, device, equipment and storage medium | |
| CN114048498A (en) | Data sharing method, device, equipment and medium | |
| CN111416852A (en) | Method for session synchronization among multiple load balancers and load balancer | |
| CN112000525B (en) | Method and device for storing and recovering target data and data storage node |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |