CN114614974A - Privacy set intersection method, system and device for power grid data cross-industry sharing - Google Patents

Abstract

The invention discloses a privacy set intersection method, a system and a device for power grid data cross-industry sharing; the invention utilizes bloom filter technology to map the local data, thereby greatly reducing the calculation cost in the process of set intersection. By using the random response technology to replace the homomorphic encryption technology, the communication cost is effectively reduced, the requirement of processing a large amount of data in an actual scene can be met, and meanwhile, the random response technology randomly overturns the bloom filter to realize local differential privacy. Protocol parameters calculated in each running are agreed by a user in advance and are not shared with the server, so that malicious attacks of the server can be avoided to a certain extent. And the disturbance bloom filter shared by the user and the server is subjected to random response processing, so that the local privacy data is further protected.

Description

Privacy set intersection method, system and device for power grid data cross-industry sharing

Technical Field

The invention belongs to the field of data security, and relates to a privacy set intersection method, system and device for power grid data cross-industry sharing.

Background

The electric power data contains important information of enterprise institutions and family production and life, and can objectively reflect the operation state of the social life and the social life. However, while the power grid data contains value, a large amount of sensitive information is also contained, for example, the power fee payment condition of an enterprise can reflect the production condition of the enterprise, the power consumption information of a family can reflect the life law of family members, and the open sharing of the sensitive information has huge privacy risks. The privacy calculation can realize the joint mining of the data value on the premise that the data is not local, and can ensure that the data privacy of each party is not exposed in the joint mining process. It can play an important role in the open sharing of power big data. The encryption sample intersection (PSI) is used as a basic stone technology for privacy calculation, the intersection of data IDs of all parties can be calculated on the premise that data are not local, data alignment is carried out, and the method has important significance for cross-industry sharing and enabling of power grid data. Most of the existing encryption sample intersection directly calculates intersection data among different participants based on technologies such as inadvertent transmission, public key encryption and the like. The method has the disadvantages that in order to ensure the safety, all adopted encryption technologies usually need extremely high key digits to achieve the corresponding safety intensity, and the calculation efficiency of the algorithm is greatly reduced, so that the method cannot be applied to mass data scenes of a power grid. Therefore, the privacy set intersection method which is high in efficiency and low in consumption and is suitable for power grid data cross-industry sharing has important practical significance.

Disclosure of Invention

The invention aims to solve the problems in the prior art, and provides a privacy set intersection method, a system and a device for power grid data cross-industry sharing, which can ensure that the privacy data of a user are not acquired by a server and that the user cannot acquire any personal privacy data of other users except intersection; the method and the device protect the user privacy data based on the bloom filter and the local differential privacy technology, and simultaneously reduce the calculation and communication overhead.

In order to achieve the purpose, the invention adopts the following technical scheme to realize the purpose:

a privacy set intersection method for power grid data cross-industry sharing comprises the following steps:

step 1: setting an initial protocol parameter, and setting a privacy budget epsilon, a hash function h (-) and the length L of a bloom filter, wherein all positions of the initial bloom filter are 0;

step 2, calculating a bloom filter of the local data, and aiming at the local data set D_iCalculates the local data set D based on a hash function h (·)_iAnd setting the value of the corresponding subscript to 1 in the bloom filter according to the obtained hash value to obtain BF (D)_i,L)；

Step 3, random response processing is carried out on the local bloom filter, and BF (D) is processed_iL), BF (D) for each component according to a random response rule_i,L)[j]Randomly overturning to obtain a disturbed bloom filter

Step 4, integrating all the disturbance bloom filters and constructing a disturbance matrix

Wherein N is the number of users;

step 5, calculating a disturbance matrix

The ratio of 1 to the value of the element in the j column

And in accordance with

To estimate the ratio of the j column element value of 1 in the original matrix V

For each component j ∈ [1, L ]]After the processing, the probability that the element value in each column in the estimated original matrix V is 1 is obtained

Step 6, calculating probability threshold value, to

The variance var is analyzed and calculated to obtain a probability threshold value

Step 7, obtaining an intersection bloom filter through probability threshold comparison, and initializing the intersection bloom filter with the length of L; will be provided with

Each estimate of the ratio and the probability threshold of

Make a comparison if

Setting the value of the corresponding subscript in the intersection bloom filter as 1 to finally obtain the BF of the intersection bloom filter_∩(L)；

Step 8, local data set D is processed_iCalculating the hash value h (x) of each element x in BF_∩(L)[h(x)]If x is 1, x is an intersection element, otherwise, x is not.

The invention is further improved in that:

step 1, step 2, step 3 and step 8 are the work of the user; step 4, step 5, step 6 and step 7 are the work of the server;

step 3 alsoThe method comprises the following steps: user will disturb bloom filters

Sending the data to a server; step 7 also includes: server BF intersection bloom filter_∩(L) sending to the user; step 8 further comprises: user reception intersection bloom filter BF_∩(L)。

The step 3 specifically comprises the following steps:

for BF (D)_iL), the user BF (D) for each component in accordance with the random response rule as shown in equation (1)_i,L)[j]Is subject to random turnover to obtain

Where epsilon is the given privacy budget cost.

Further comprises transforming the original matrix V into a disturbance matrix

The method specifically comprises the following steps:

the probability that a certain column of elements of the original matrix V takes a value of 1 is ρ, and if there is t probability inversion, the probability that the corresponding column of elements in the disturbance matrix takes a value of 1 is as shown in formula (2):

ρ′＝(1-t)ρ+t(1-ρ) (2)

disturbance matrix

The ratio of the element value of a certain column in the matrix is rho', the turnover probability is t, and the ratio probability of the corresponding column value of 1 in the original matrix V is large

In step 5, the server calculates the proportion of the value of the element in the jth column in the disturbance matrix as 1

And according to

To estimate the ratio of the j column element value of 1 in the original matrix V

Hypothesis perturbation matrix

The number of the elements with the value of 1 in the jth column is N, and the number of the elements with the value of 0 is N-N; ρ is a unit of a gradient_jThe method is characterized in that the ratio of the original value of 1 in the jth column of the original matrix V is represented, and the derivation and calculation of the step 5 comprises the following steps:

step 5.1: calculating any disturbing bloom Filter BF (D)_iL), calculating the probability that the j element takes values of 0 and 1; from the given set conditions, it is easy to know that:

BF (D) for perturbing the bloom filter_iL), calculating the probability that the jth element takes a value of 1 as:

correspondingly, the probability that the jth element takes a value of 0 is as follows:

step 5.2, calculating rho_jThe maximum likelihood estimate of (a).

Construction of rho_jLikelihood function of (d):

with respect to likelihood function L (ρ)_j) Taking a logarithm:

and is also provided with

Due to the fact that

Therefore, when

When log (L) takes the maximum value; at this time ρ_jEstimated value

Is composed of

The server determines for each component j e [1, L]After the operation is executed, the probability that the value of the element in each column in the original matrix V is 1 is obtained

In step 6, for

The variance var of (a) is analyzed and calculated to obtain a probability threshold value

The derivation and calculation of step 6 comprises the following steps:

step 6.1-calculating the estimated ratio

(iii) a desire; due to disturbance in the bloom filter

Can only be 0 or 1, then:

let n be the perturbation matrix

If the number of the elements in the j column is 1, n is the sum of independent and uniformly distributed random variables;

var(n)＝Nvar(BF(D_i,L)[j]) (12)

step 6.2 calculating the estimated ratio

The variance of (a);

a privacy set submission system for cross-industry sharing of grid data, comprising:

the system comprises an initial module, a privacy module and a bloom filter, wherein the initial module is used for setting an initial protocol parameter, setting a privacy budget epsilon, a hash function h (-) and the length L of the bloom filter, and all the positions of the initial bloom filter are 0;

a filter acquisition module for computing a bloom filter for local data for a local data set D_iCalculates a local data set D based on a hash function h (·) for each element x in (b)_iAnd setting the value of the corresponding subscript to 1 in the bloom filter according to the obtained hash value to obtain BF (D)_i,L)；

A random response processing module for performing random response processing on the local bloom filter for BF (D)_iL), BF (D) for each component according to a random response rule_i,L)[j]Randomly overturning to obtain a disturbed bloom filter

A disturbance matrix acquisition module for integrating all disturbance bloom filters and constructing a disturbance matrix

Wherein N is the number of users;

a probability acquisition module to calculate a perturbation matrix

The ratio of 1 to the value of the element in the j column

And according to

To estimate the ratio of the j column element value of 1 in the original matrix V

For each component j ∈ [1, L ]]After the processing, the probability that the value of the element in each column in the estimated original matrix V is 1 is obtained

A computing module for pairing

The variance var is analyzed and calculated to obtain a probability threshold value

The comparison module obtains an intersection bloom filter through probability threshold comparison and initializes the intersection bloom filter with the length of L; will be provided with

Each estimate of the ratio and the probability threshold of

Make a comparison if

Setting the value of the corresponding subscript in the intersection bloom filter as 1 to finally obtain the BF of the intersection bloom filter_∩(L)；

A judging module for judging the local data set D_iCalculating the hash value h (x) of each element x in BF_∩(L)[h(x)]If x is 1, x is an intersection element, otherwise, x is not.

A terminal device comprising a memory, a processor and a computer program stored in said memory and executable on said processor, said processor implementing the steps of the above method when executing said computer program.

A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the steps of the above-mentioned method.

Compared with the prior art, the invention has the following beneficial effects:

the invention utilizes the different bloom filters operated in the process of solving for the encrypted samples each time, does not share the Hash mapping function with the server, and can avoid the malicious attack of the server to a certain extent. And by using the bloom filter as an intermediate carrier for subsequent calculation and communication, the communication cost and the calculation overhead in the privacy set intersection process can be obviously reduced.

Furthermore, local differential privacy of a random response mechanism is introduced, so that the private data of the users can be ensured not to be acquired by the server, and any private data of other users except for intersection can not be acquired among the users. And any user can not obtain exact intersection information, so that the data security is further ensured. The safety requirements of the user are realized.

Further, a differential privacy technique is used instead of a homomorphic encryption technique or a public key encryption as a privacy protection technique. As homomorphic encryption relates to encryption and decryption of plaintext, the encryption and decryption process is time-consuming large prime number operation, and the differential privacy only needs simple arithmetic operation without the encryption and decryption process, so that the calculation cost and the communication overhead of the model can be greatly reduced.

Drawings

In order to more clearly explain the technical solutions of the embodiments of the present invention, the drawings needed to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present invention, and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained according to the drawings without inventive efforts.

FIG. 1 is a schematic diagram of a logic architecture of a privacy set intersection system method for cross-industry sharing of grid data;

FIG. 2 is a schematic diagram of an application flow of the embodiment of the present invention in a power grid scenario;

FIG. 3 is a schematic of the performance test of the present invention;

fig. 4 is a block diagram of a privacy aggregation request system for power grid data cross-industry sharing according to an embodiment of the present invention.

Detailed Description

In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. The components of embodiments of the present invention generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations.

Thus, the following detailed description of the embodiments of the present invention, presented in the figures, is not intended to limit the scope of the invention, as claimed, but is merely representative of selected embodiments of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures.

In the description of the embodiments of the present invention, it should be noted that if the terms "upper", "lower", "horizontal", "inner", etc. are used for indicating the orientation or positional relationship based on the orientation or positional relationship shown in the drawings or the orientation or positional relationship which is usually arranged when the product of the present invention is used, the description is merely for convenience and simplicity, and the indication or suggestion that the referred device or element must have a specific orientation, be constructed and operated in a specific orientation, and thus, cannot be understood as limiting the present invention. Furthermore, the terms "first," "second," and the like are used merely to distinguish one description from another, and are not to be construed as indicating or implying relative importance.

Furthermore, the term "horizontal", if present, does not mean that the component is required to be absolutely horizontal, but may be slightly inclined. For example, "horizontal" merely means that the direction is more horizontal than "vertical" and does not mean that the structure must be perfectly horizontal, but may be slightly inclined.

In the description of the embodiments of the present invention, it should be further noted that unless otherwise explicitly stated or limited, the terms "disposed," "mounted," "connected," and "connected" should be interpreted broadly, and may be, for example, fixedly connected, detachably connected, or integrally connected; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meanings of the above terms in the present invention can be understood by those skilled in the art according to specific situations.

In the description of the present invention, it is to be understood that the term "data" refers to a record with non-repetitive identity tags, "user" refers to an enterprise or organization providing data, including a power grid company providing power data, and also includes other enterprises providing associated data, "server" refers to a third-party device that each user has agreed in advance to interact with information of each participant, "privacy set intersection" refers to calculating data in an intersection without exposing non-intersection data on the premise of not disclosing local data sets of each participant, "bloom filter" refers to a data structure storing data with different tags, respectively, "differential privacy" refers to obtaining calculated results with similar probabilities after performing specified calculation on two data sets with inconsistent data. Furthermore, the terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated.

The invention is described in further detail below with reference to the accompanying drawings:

referring to fig. 1, the security of the protocol, whether for honest or non-honest users or servers, is achieved in the following two ways:

1) when the user and the server are honest, namely, they can honestly execute the protocol, both sides cannot obtain the original data information of any other side except the intersection according to the safety of the privacy set intersection technology.

2) When the user or server is not honest, the user or server can infer the original data information of other participants from the obtained intersection. Because the other users and the server only have the intersection set which is the response immediately, the intersection set element takes the appointed probability as the real intersection set element, and therefore the other users and the server cannot acquire any original data information except the intersection set element from the acquired intersection set. Even if individual users collude with the server, the original data information of other users likewise cannot be inferred.

The invention discloses a privacy set intersection method for power grid data cross-industry sharing, which comprises the following steps:

step 1: each user appoints initial protocol parameters, sets the privacy budget epsilon, the hash function h (-) and the length L of the bloom filter, and all the users negotiate and determine the privacy budget epsilon, the hash function h (-) and the length L of the bloom filter. Wherein all the positions of the initial bloom filter are 0;

step 2, the user calculates the bloom filter of the local data, and the local data set D is treated_iCalculates a local data set D based on a hash function h (·) for each element x in (b)_iAnd according to the obtained hash value, setting the value of the corresponding subscript to 1 in the bloom filter to obtain BF (D)_iL); and storing the mapping relation between each data and the hash value thereof.

Each user performs mapping processing on local data by using a bloom filter, so that the calculation cost of set intersection is always O (N). Multiple hash functions are typically used in a bloom filter, but only bloom filters with a single hash function are considered in the present approach.

Step 3, the user checks the bookThe bloom Filter performs random response processing for BF (D)_iL), BF (D) for each component according to a random response rule_i,L)[j]Randomly overturning to obtain a disturbed bloom filter

User will disturb bloom filters

And sending the data to a server.

For BF (D)_iL), the user BF (D) for each component in accordance with the random response rule as shown in equation (1)_i,L)[j]Is subject to random turnover to obtain

Where epsilon is the given privacy budget cost.

Step 4, the server integrates all the disturbance bloom filters and constructs a disturbance matrix

Wherein N is the number of users;

step 5, the server calculates the disturbance matrix

The ratio of 1 to the value of the element in the j column

And according to

To estimate the ratio of the j column element value of 1 in the original matrix V

For each component j ∈ [1, L ]]After the processing, the probability that the element value in each column in the estimated original matrix V is 1 is obtained

The probability that a certain column of elements of the original matrix v takes a value of 1 is ρ, and if t is inverted, the probability that the corresponding column of elements in the disturbance matrix takes a value of 1 is as shown in formula (2):

ρ′＝(1-t)ρ+t(1-ρ) (2)

disturbance matrix

The ratio of the value of the element of a certain column in the original matrix V to 1 is rho', the turnover probability is t, and the ratio probability of the value of the corresponding column in the original matrix V to 1 is large

Hypothesis perturbation matrix

The number of elements in the jth column which take on the value of 1 is n, and the number of elements which take on the value of 0 is n

N-n；ρ_jThe method is characterized in that the ratio of the original value of 1 in the jth column of the original matrix V is represented, and the derivation and calculation of the step 5 comprises the following steps:

step 5.1: calculating any disturbing bloom Filter BF (D)_iL), calculating the probability that the j element takes values of 0 and 1; from the given set conditions, it is easy to know that:

BF (D) for perturbing the bloom filter_iL), calculating the probability that the jth element takes a value of 1 as:

correspondingly, the probability that the jth element takes a value of 0 is as follows:

step 5.2, calculating rho_jThe maximum likelihood estimate of (a).

Construction of rho_jLikelihood function of (d):

with respect to likelihood function L (ρ)_j) Taking logarithm:

and is also provided with

Due to the fact that

Therefore, when

When log (L) takes the maximum value; at this time ρ_jEstimated value

Is composed of

The server determines for each component j e [1, L]After the operation is executed, the probability that the value of the element in each column in the original matrix V is 1 is obtained

Step 6, the server calculates a probability threshold value, to

The variance var is analyzed and calculated to obtain a probability threshold value

Step 6.1-calculating the estimated ratio

(iii) a desire; due to disturbance in the bloom filter

Can only be 0 or 1, then:

let n be the perturbation matrix

If the number of the elements in the j column is 1, n is the sum of independent and uniformly distributed random variables;

var(n)＝Nvar(BF(D_i,L)[j]) (12)

step 6.2 calculating the estimated ratio

The variance of (a);

step 7, the server obtains an intersection bloom filter through probability threshold comparison, and initializes the intersection bloom filter with the length of L; will be provided with

Each estimate of the ratio and the probability threshold of

Make a comparison if

Setting the value of the corresponding subscript in the intersection bloom filter as 1 to finally obtain the BF of the intersection bloom filter_∩(L); server BF intersection bloom filter_∩(L) sending to the user.

Step 8, the user receives the intersection bloom filter BF_∩(L); for local data set D_iCalculating the hash value h (x) of each element x in BF_∩(L)[h(x)]If x is 1, x is an intersection element, otherwise, x is not.

Referring to fig. 2, the process of applying the method to the power grid scene is as follows:

step 1, a service system of a non-power grid user A initiates a cooperation request, and a power grid user B agrees;

step 2, the user B sends a data matching request to the user A, wherein the request comprises the identity information format of the data;

step 3, the user A and the user B appoint initial protocol parameters and server information;

step 4, the user A and the user B respectively process the identity information of the respective data sets locally;

step 5, the server receives the bloom filter and calculates possible intersection;

step 6, the server returns the intersection obtained by calculation to the user A and the user B;

and 7, respectively obtaining intersection parts in the local data sets by the user A and the user B.

Referring to fig. 3, using the harmonic mean of the recall ratio and the accuracy as the evaluation index of the algorithm, the calculation method is as follows:

where interreflection represents the true intersection and animation represents the estimated intersection according to the present invention.

To test the performance of the present invention, the complete data set was divided into 30, 60, 100, 200, 400 subsets respectively and it was assumed that each user held and only one subset. Tests were performed at different numbers of users and privacy budgets, and the results are shown in fig. 3. As can be seen from fig. 3, the performance of the present invention is greatly improved as the privacy budget increases.

Referring to fig. 4, the invention discloses a privacy set intersection system for power grid data cross-industry sharing, which comprises:

the system comprises an initial module, a privacy module and a bloom filter, wherein the initial module is used for setting an initial protocol parameter, setting a privacy budget epsilon, a hash function h (-) and the length L of the bloom filter, and all the positions of the initial bloom filter are 0;

a filter acquisition module for computing a bloom filter of local data forLocal data set D_iCalculates the local data set D based on a hash function h (·)_iAnd setting the value of the corresponding subscript to 1 in the bloom filter according to the obtained hash value to obtain BF (D)_i,L)；

A random response processing module for performing random response processing on the local bloom filter for BF (D)_iL) for each component BF (D) according to a random response rule_i,L)[j]Randomly overturning to obtain a disturbed bloom filter

A disturbance matrix acquisition module for integrating all disturbance bloom filters and constructing a disturbance matrix

Wherein N is the number of users;

a probability acquisition module to calculate a perturbation matrix

The ratio of 1 to the value of the element in the j column

And in accordance with

To estimate the ratio of the j column element value of 1 in the original matrix V

For each component j ∈ [1, L ]]After the processing, the probability that the element value in each column in the estimated original matrix V is 1 is obtained

A computing module for pairing

The variance var is analyzed and calculated to obtain a probability threshold value

The comparison module obtains an intersection bloom filter through probability threshold comparison and initializes the intersection bloom filter with the length of L; will be provided with

Each estimate of the ratio and the probability threshold of

Make a comparison if

Setting the value of the corresponding subscript in the intersection bloom filter as 1 to finally obtain the BF of the intersection bloom filter_∩(L)；

A judging module for judging the local data set D_iCalculating the hash value h (x) of each element x in BF_∩(L)[h(x)]If x is 1, x is an intersection element, otherwise, x is not.

The terminal device provided by the embodiment of the invention. The terminal device of this embodiment includes: a processor, a memory, and a computer program stored in the memory and executable on the processor. The processor realizes the steps of the above-mentioned method embodiments when executing the computer program. Alternatively, the processor implements the functions of the modules/units in the above device embodiments when executing the computer program.

The computer program may be partitioned into one or more modules/units that are stored in the memory and executed by the processor to implement the invention.

The terminal device can be a desktop computer, a notebook, a palm computer, a cloud server and other computing devices. The terminal device may include, but is not limited to, a processor, a memory.

The processor may be a Central Processing Unit (CPU), other general purpose processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic, discrete hardware components, etc.

The memory may be used for storing the computer programs and/or modules, and the processor may implement various functions of the terminal device by executing or executing the computer programs and/or modules stored in the memory and calling data stored in the memory.

The terminal device integrated modules/units, if implemented in the form of software functional units and sold or used as separate products, may be stored in a computer readable storage medium. Based on such understanding, all or part of the flow of the method according to the embodiments of the present invention may also be implemented by a computer program, which may be stored in a computer-readable storage medium, and when the computer program is executed by a processor, the steps of the method embodiments may be implemented. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc. The computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, usb disk, removable hard disk, magnetic disk, optical disk, computer memory, Read-only memory (ROM), Random Access Memory (RAM), electrical carrier wave signals, telecommunications signals, software distribution medium, etc. It should be noted that the computer readable medium may contain content that is subject to appropriate increase or decrease as required by legislation and patent practice in jurisdictions, for example, in some jurisdictions, computer readable media does not include electrical carrier signals and telecommunications signals as is required by legislation and patent practice.

The above is only a preferred embodiment of the present invention, and is not intended to limit the present invention, and various modifications and changes will occur to those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (9)

1. A privacy set intersection method for power grid data cross-industry sharing is characterized by comprising the following steps:

step 1: setting an initial protocol parameter, and setting a privacy budget epsilon, a hash function h (-) and the length L of a bloom filter, wherein all positions of the initial bloom filter are 0;

step 2, calculating a bloom filter of the local data, and aiming at the local data set D_iCalculates the local data set D based on a hash function h (·)_iAnd setting the value of the corresponding subscript to 1 in the bloom filter according to the obtained hash value to obtain BF (D)_i,L)；

Step 3, random response processing is carried out on the local bloom filter, and BF (D) is processed_iL), BF (D) for each component according to a random response rule_i,L)[j]Randomly overturning to obtain a disturbed bloom filter

Step 4, integrating all the disturbance bloom filters and constructing a disturbance matrix

Wherein N is the number of users;

step 5, calculating a disturbance matrix

The ratio of 1 to the value of the element in the j column

And according to

To estimate the ratio of the j column element value of 1 in the original matrix V

For each component j ∈ [1, L ]]After the processing, the probability that the element value in each column in the estimated original matrix V is 1 is obtained

Step 6, calculating probability threshold value, to

The variance var is analyzed and calculated to obtain a probability threshold value

Step 7, obtaining an intersection bloom filter through probability threshold comparison, and initializing the intersection bloom filter with the length of L; will be provided with

Each estimate of the ratio and the probability threshold of

Make a comparison if

Setting the value of the corresponding subscript in the intersection bloom filter as 1 to finally obtain the BF of the intersection bloom filter_∩(L)；

Step 8, local data set D is processed_iCalculating the hash value h (x) of each element x in BF_∩(L)[h(x)]＝1，Then x is the intersection element, otherwise, it is not.

2. The privacy set intersection method for power grid data cross-industry sharing according to claim 1, wherein the steps 1, 2, 3 and 8 are user work; the step 4, the step 5, the step 6 and the step 7 are the work of the server;

the step 3 further comprises: user will disturb bloom filters

Sending the data to a server; the step 7 further comprises: the server BF the intersection bloom filter_∩(L) sending to the user; the step 8 further comprises: user reception intersection bloom filter BF_∩(L)。

3. The privacy set intersection method for power grid data cross-industry sharing according to claim 2, wherein the step 3 specifically comprises:

for BF (D)_iL), the user BF (D) for each component in accordance with the random response rule as shown in equation (1)_i,L)[j]Is subject to random turnover to obtain

Where epsilon is the given privacy budget cost.

4. The privacy set intersection method for power grid data cross-industry sharing according to claim 2, further comprising converting an original matrix V into a disturbance matrix

The method comprises the following specific steps:

the probability that a certain column of elements of the original matrix V takes a value of 1 is ρ, and if there is t probability inversion, the probability that the corresponding column of elements in the disturbance matrix takes a value of 1 is as shown in formula (2):

ρ′＝(1-t)ρ+t(1-ρ) (2)

disturbance matrix

The ratio of the value of the element of a certain column in the original matrix V to 1 is rho', the turnover probability is t, and the ratio probability of the value of the corresponding column in the original matrix V to 1 is large

5. The privacy set intersection method for power grid data cross-industry sharing according to claim 2, wherein in the step 5, the server calculates a proportion of a disturbance matrix in which an element in a jth column takes a value of 1

And according to

To estimate the ratio of the j column element value of 1 in the original matrix V

Hypothesis perturbation matrix

The number of the elements with the value of 1 in the jth column is N, and the number of the elements with the value of 0 is N-N; rho_jThe method is characterized in that the ratio of the original value of 1 in the jth column of the original matrix V is represented, and the derivation and calculation of the step 5 comprises the following steps:

step 5.1: calculating any disturbing bloom Filter BF (D)_iL), calculating the probability that the j element takes values of 0 and 1; from the given set conditions, it is easy to know that:

BF (D) for perturbing the bloom filter_iL), calculating the probability that the jth element takes a value of 1 as:

correspondingly, the probability that the jth element takes a value of 0 is as follows:

step 5.2, calculating rho_jA maximum likelihood estimate of;

construction of rho_jLikelihood function of (d):

with respect to likelihood function L (ρ)_j) Taking logarithm:

and is also provided with

Due to the fact that

Therefore, when

When log (L) takes the maximum value; at this time ρ_jEstimated value

Is composed of

The server determines for each component j e [1, L]After the operation is executed, the probability that the value of the element in each column in the original matrix V is 1 is obtained

6. The privacy set intersection method for power grid data cross-industry sharing according to claim 2, wherein in the step 6, the privacy set intersection method is used for the power grid data cross-industry sharing

The variance var of (a) is analyzed and calculated to obtain a probability threshold value

The derivation and calculation of step 6 includes the following stepsThe method comprises the following steps:

step 6.1-calculate the estimated ratio

(iii) a desire; due to disturbance in the bloom filter

Can only be 0 or 1, then:

let n be the perturbation matrix

The number of the element value in the j column is 1, which is the sum of independent and identically distributed random variables;

var(n)＝Nvar(BF(D_i,L)[j]) (12)

step 6.2 calculating the estimated proportion

The variance of (a);

7. a privacy set submission system for cross-industry sharing of grid data, comprising:

the system comprises an initial module, a privacy module and a bloom filter, wherein the initial module is used for setting an initial protocol parameter, setting a privacy budget epsilon, a hash function h (-) and the length L of the bloom filter, and all the positions of the initial bloom filter are 0;

a filter acquisition module for computing a bloom filter for local data for a local data set D_iCalculates a local data set D based on a hash function h (·) for each element x in (b)_iAnd setting the value of the corresponding subscript to 1 in the bloom filter according to the obtained hash value to obtain BF (D)_i,L)；

A random response processing module for performing random response processing on the local bloom filter for BF (D)_iL), BF (D) for each component according to a random response rule_i,L)[j]Random overturning is carried out to obtain a disturbed bloom filter

A disturbance matrix acquisition module for integrating all disturbance bloom filters and constructing a disturbance matrix

Wherein N is the number of users;

a probability acquisition module to calculate a perturbation matrix

The ratio of 1 to the value of the element in the j column

And according to

To estimate the ratio of the j column element value of 1 in the original matrix V

For each component j ∈ [1, L ]]After the processing, the probability that the element value in each column in the estimated original matrix V is 1 is obtained

A computing module for pairing

The variance var is analyzed and calculated to obtain a probability threshold value

The comparison module obtains an intersection bloom filter through probability threshold comparison and initializes the intersection bloom filter with the length of L; will be provided with

Each estimate of the ratio and the probability threshold of

Make a comparison if

Setting the value of the corresponding subscript in the intersection bloom filter as 1 to finally obtain the BF of the intersection bloom filter_∩(L)；

A judging module for judging the local data set D_iCalculating the hash value h (x) of each element x in BF_∩(L)[h(x)]If x is 1, x is an intersection element, otherwise, x is not.

8. A terminal device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, characterized in that the processor realizes the steps of the method according to any of claims 1-6 when executing the computer program.

9. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 6.

Images