CN114745179A - Multiparty privacy intersection method, device, equipment and storage medium - Google Patents
Multiparty privacy intersection method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN114745179A CN114745179A CN202210372810.4A CN202210372810A CN114745179A CN 114745179 A CN114745179 A CN 114745179A CN 202210372810 A CN202210372810 A CN 202210372810A CN 114745179 A CN114745179 A CN 114745179A
- Authority
- CN
- China
- Prior art keywords
- data set
- encrypted data
- client
- slave
- public key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/061—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The application discloses a method, a device, equipment and a storage medium for multi-party privacy intersection, and relates to the technical field of encryption. One embodiment of the method comprises: receiving a first encrypted data set sent by a main client; sending a first encrypted data set to each of a plurality of slave clients; receiving a second encrypted data set and a third encrypted data set sent by each slave client, wherein the second encrypted data set is a data set generated by each slave client encrypting the first encrypted data set by using a second public key stored on each slave client, and the third encrypted data set is a data set generated by each slave client encrypting a second traffic data set stored on each slave client by using the second public key; the second encrypted data set and the third encrypted data set are sent to the host client so that the host client encrypts the third encrypted data set with the first public key to generate a fourth encrypted data set, and the public data set is determined according to the second encrypted data set and the fourth encrypted data set.
Description
Technical Field
The present application relates to the field of computer technologies, and in particular, to the field of encryption technologies, and in particular, to a method, an apparatus, a device, and a storage medium for multi-party privacy intersection.
Background
The DH (Diffie-Hellman) algorithm is a protocol applied to key exchange. The DH algorithm can be used for privacy set intersection, and when multi-party privacy set intersection is carried out, for each party in multiple parties, the public key of the party is used for carrying out first encryption; the party then sends the encrypted data set to the other n-1 parties (i.e. the parties other than the party among the parties) and the n-1 parties encrypt n-1 times, respectively, to obtain a common data set.
Disclosure of Invention
The embodiment of the application provides a method, a device, equipment and a storage medium for multi-party privacy intersection.
In a first aspect, an embodiment of the present application provides a method for multi-party privacy intersection, where the method includes: receiving a first encrypted data set sent by a main client, wherein the first encrypted data set is a data set generated by the main client through encrypting a first service data set stored on the main client by using a first public key stored on the main client; sending a first encrypted data set to each of a plurality of slave clients; receiving a second encrypted data set and a third encrypted data set sent by each slave client, wherein the second encrypted data set is a data set generated by each slave client encrypting the first encrypted data set by using a second public key stored on each slave client, and the third encrypted data set is a data set generated by each slave client encrypting a second traffic data set stored on each slave client by using the second public key; the second encrypted data set and the third encrypted data set are sent to the host client to enable the host client to encrypt the third encrypted data set with the first public key to generate a fourth encrypted data set, and the public data set is determined according to the second encrypted data set and the fourth encrypted data set.
In some embodiments, prior to receiving the first encrypted data set sent by the host client, the method further comprises: acquiring an encryption parameter; sending the encryption parameters to the main client, wherein the first public key is generated by the main client according to the encryption parameters; sending a first encrypted data set to each of a plurality of slave clients, comprising: the first encrypted data set and the encryption parameters are sent to each of the plurality of slave clients, wherein the second public key is generated for each slave client according to the encryption parameters.
In some embodiments, the encryption parameters include a large prime number and a primitive root.
In some embodiments, the method further comprises: receiving a public data set and a fourth encrypted data set sent by a main client; the common data set and the fourth encrypted data set are sent to each slave client.
In a second aspect, an embodiment of the present application provides a method for multi-party privacy intersection, where the method includes: receiving a first encrypted data set sent by a control terminal, wherein the first encrypted data set is a data set generated by encrypting a first service data set stored on a main client by the main client by using a first public key stored on the main client; encrypting the first encrypted data set with a second public key to generate a second encrypted data set; encrypting the second service data set by using the second public key to generate a third encrypted data set; the second encrypted data set and the third encrypted data set are sent to the host client via the control end, so that the host client encrypts the third encrypted data set with the first public key to generate a fourth encrypted data set, and the public data set is determined according to the second encrypted data set and the fourth encrypted data set.
In some embodiments, receiving the first encrypted data set sent by the control end includes: and receiving the first encrypted data set and the encryption parameters sent by the control terminal, wherein the second public key is generated according to the encryption parameters.
In some embodiments, the encryption parameters include a large prime number and a primitive root.
In some embodiments, the method further comprises: and receiving the public data set and the fourth encrypted data set sent by the control terminal.
In a third aspect, an embodiment of the present application provides a method for multiparty privacy intersection, where the method includes: encrypting the first service data set by using the first public key to generate a first encrypted data set; sending a first encrypted data set to a control end; the receiving control end sends a second encrypted data set and a third encrypted data set, wherein the second encrypted data set is a data set generated by encrypting the first encrypted data set by each slave client in the plurality of slave clients by using a second public key stored on each slave client, and the third encrypted data set is a data set generated by each slave client by using a second public key stored on each slave client; encrypting the third encrypted data set using the first public key to generate a fourth encrypted data set; a common data set is determined from the second encrypted data set and the fourth encrypted data set.
In some embodiments, determining the common data set from the second encrypted data set and the fourth encrypted data set comprises: determining an initial public data set corresponding to each slave client according to the intersection between the second encrypted data set and a fourth encrypted data set corresponding to each slave client; and determining the public data sets according to the intersection between the initial public data sets corresponding to each slave client.
In some embodiments, the method further comprises: receiving an encryption parameter sent by a control end; a first public key is generated based on the encryption parameters.
In some embodiments, the encryption parameters include a large prime number and a primitive root.
In some embodiments, the method further comprises: and sending the fourth encrypted data set to the control end so that the control end sends the public data set and the fourth encrypted data set to each slave client.
In a fourth aspect, an embodiment of the present application provides an apparatus for multi-party privacy intersection, where the apparatus includes: a first receiving module configured to receive a first encrypted data set sent by a host client, wherein the first encrypted data set is a data set generated by the host client encrypting a first service data set stored on the host client by using a first public key stored on the host client; a first sending module configured to send a first set of encrypted data to each of a plurality of slave clients; a second receiving module configured to receive a second encrypted data set and a third encrypted data set sent from each of the slave clients, wherein the second encrypted data set is a data set generated by each of the slave clients encrypting the first encrypted data set with a second public key stored on each of the slave clients, and the third encrypted data set is a data set generated by each of the slave clients encrypting the second traffic data set stored on each of the slave clients with the second public key; a second sending module configured to send the second encrypted data set and the third encrypted data set to the host client, so that the host client encrypts the third encrypted data set with the first public key to generate a fourth encrypted data set, and determine the public data set according to the second encrypted data set and the fourth encrypted data set.
In some embodiments, prior to receiving the first encrypted data set sent by the host client, the apparatus further comprises: a parameter acquisition module configured to acquire an encryption parameter; the third sending module is configured to send the encryption parameters to the host client, wherein the first public key is generated by the host client according to the encryption parameters; a first sending module further configured to: the first encrypted data set and the encryption parameters are sent to each of the plurality of slave clients, wherein a second public key is generated for each slave client according to the encryption parameters.
In some embodiments, the encryption parameters include a large prime number and a primitive root.
In some embodiments, the apparatus further comprises: a third receiving module configured to receive the public data set and the fourth encrypted data set sent by the host client; a fourth sending module configured to send the common data set and a fourth encrypted data set to each of the slave clients.
In a fifth aspect, an embodiment of the present application provides an apparatus for multi-party privacy intersection, where the apparatus includes: the first receiving module is configured to receive a first encrypted data set sent by the control terminal, wherein the first encrypted data set is a data set generated by encrypting, by the host client, a first service data set stored on the host client by using a first public key stored on the host client; a first generation module configured to encrypt the first encrypted data set using a second public key, generating a second encrypted data set; and a second generation module configured to encrypt the second service data set with the second public key to generate a third encrypted data set; a first sending module configured to send the second encrypted data set and the third encrypted data set to the host client via the control terminal, so that the host client encrypts the third encrypted data set with the first public key, generates a fourth encrypted data set, and determines a public data set according to the second encrypted data set and the fourth encrypted data set.
In some embodiments, the first receiving module is further configured to: and receiving the first encrypted data set and the encryption parameters sent by the control terminal, wherein the second public key is generated according to the encryption parameters.
In some embodiments, the encryption parameters include a large prime number and a primitive root.
In some embodiments, the apparatus further comprises: and the second receiving module is configured to receive the public data set and the fourth encrypted data set sent by the control terminal.
In a sixth aspect, an embodiment of the present application provides an apparatus for multi-party privacy intersection, where the apparatus includes: a data set generation module configured to encrypt a first service data set with a first public key to generate a first encrypted data set; a first sending module configured to send a first encrypted data set to a control terminal; a first receiving module configured to receive a second encrypted data set and a third encrypted data set sent by the control terminal, wherein the second encrypted data set is a data set generated by each of the plurality of slave clients by encrypting the first encrypted data set with a second public key stored on each of the slave clients, and the third encrypted data set is a data set generated by each of the slave clients by encrypting a second service data set stored on each of the slave clients with the second public key; a data encryption module configured to encrypt a third encrypted data set using the first public key, generating a fourth encrypted data set; a data set determination module configured to determine a common data set from the second encrypted data set and the fourth encrypted data set.
In some embodiments, the data set determination module is further configured to: determining an initial public data set corresponding to each slave client according to the intersection between the second encrypted data set and a fourth encrypted data set corresponding to each slave client; and determining the public data sets according to the intersection between the initial public data sets corresponding to each slave client.
In some embodiments, the apparatus further comprises: the second receiving module is configured to receive the encryption parameters sent by the control end; a key generation module configured to generate a first public key according to the encryption parameter.
In some embodiments, the encryption parameters include a large prime number and a primitive root.
In some embodiments, the apparatus further comprises: and the second sending module is configured to send the fourth encrypted data set to the control end, so that the control end sends the common data set and the fourth encrypted data set to each slave client.
In a seventh aspect, an embodiment of the present application provides a system for multi-party privacy intersection, where the system includes: the system comprises a master client, a plurality of slave clients and a control end; the main client is configured to encrypt a first service data set by using a first public key to generate a first encrypted data set; a host client configured to send a first encrypted data set to a control end; a control end configured to transmit a first encrypted data set to each of a plurality of slave clients; each slave client configured to encrypt the first encrypted data set with a second public key, generating a second encrypted data set; and each slave client configured to encrypt the second traffic data set with the second public key, generating a third encrypted data set; and each slave client configured to send the second encrypted data set and the third encrypted data set to the control end; a control end configured to send the second encrypted data set and the third encrypted data set to the host client; a master client configured to encrypt the third encrypted data set using the first public key, generating a fourth encrypted data set; and the main client determines the public data set according to the second encrypted data set and the fourth encrypted data set.
In an eighth aspect, embodiments of the present application provide an electronic device comprising at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method as described in the first, second or third aspect.
In a ninth aspect, embodiments of the present application provide a non-transitory computer readable storage medium storing computer instructions, wherein the computer instructions are configured to cause a computer to perform the method as described in the first, second or third aspect.
The method, the device, the equipment and the storage medium for multi-party privacy interaction provided by the embodiment of the application firstly receive a first encrypted data set sent by a main client, wherein the first encrypted data set is a data set generated by encrypting a first service data set stored on the main client by using a first public key stored on the main client; thereafter sending a first encrypted data set to each of the plurality of slave clients; then receiving a second encrypted data set and a third encrypted data set sent by each slave client, wherein the second encrypted data set is a data set generated by each slave client encrypting the first encrypted data set by using a second public key stored on each slave client, and the third encrypted data set is a data set generated by each slave client encrypting a second service data set stored on each slave client by using the second public key; and then sending the second encrypted data set and the third encrypted data set to the master client, so that the master client encrypts the third encrypted data set by using the first public key to generate a fourth encrypted data set, and determining a public data set according to the second encrypted data set and the fourth encrypted data set. Therefore, when a public data set among a plurality of clients is determined, the privacy set does not need to be solved after n times of encryption operation is carried out on each client (wherein n is the number of the plurality of clients), but the control end selects one active party (namely, a master client), then only carries out encryption operation twice on each client (one master client and each slave client in a plurality of slave clients), and then each client can obtain the public data set under the condition of not revealing information according to a mode of obtaining an alignment index according to the encryption results twice; thereby successfully reducing the number of n encryption operations to 2 encryption operations.
Drawings
Other features, objects and advantages of the present application will become more apparent upon reading of the following detailed description of non-limiting embodiments thereof, made with reference to the accompanying drawings in which:
FIG. 1 is an exemplary system architecture diagram to which the present application may be applied;
FIG. 2 is a flow diagram of one embodiment of a method of multi-party privacy intersection according to the present application;
FIG. 3 is a flow diagram of one embodiment of a method of multi-party privacy intersection according to the present application;
FIG. 4 is a flow diagram of one embodiment of a method of multi-party privacy intersection according to the present application;
FIG. 5 is a flow diagram of one embodiment of a method of multi-party privacy intersection according to the present application;
FIG. 6 is a schematic diagram of an application scenario of a method of multi-party privacy rendezvous according to the present application;
FIG. 7 is a schematic block diagram of an embodiment of an apparatus for multi-party privacy rendezvous according to the present application;
FIG. 8 is a schematic block diagram of an embodiment of an apparatus for multi-party privacy rendezvous according to the present application;
FIG. 9 is a schematic block diagram of an embodiment of an apparatus for multi-party privacy rendezvous according to the present application;
FIG. 10 is a schematic block diagram of an electronic device suitable for use in implementing embodiments of the present application.
Detailed Description
The present application will be described in further detail with reference to the following drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not to be construed as limiting the invention. It should be noted that, for convenience of description, only the portions related to the related invention are shown in the drawings.
It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict. The present application will be described in detail below with reference to the embodiments with reference to the attached drawings.
Fig. 1 illustrates an exemplary system architecture 100 to which embodiments of the multi-party privacy rendezvous method or apparatus of the present application may be applied.
As shown in fig. 1, the system architecture 100 may include a master client 101, slave clients 102 and 103, a network 104, and a control terminal 105. The network 104 serves as a medium for providing communication links between the master client 101, the slave clients 102 and 103 and the control terminal 105. Network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, to name a few.
A user may use the master client 101 to interact with the control terminal 105, e.g. to encrypt data sets, etc., from the clients 102 and 103 via the network 104.
The master client 101 and the slave clients 102 and 103 may be clients of an electronic product that performs human-Computer interaction with a user through one or more modes of a keyboard, a touch pad, a touch screen, a remote controller, voice interaction or handwriting equipment, such as a PC (Personal Computer), a mobile phone, a smart phone, a PDA (Personal Digital Assistant), a wearable device, a PPC (Pocket PC, palmtop), a tablet Computer, a smart car, a smart television, a smart speaker, a tablet Computer, a laptop Computer, a desktop Computer, and the like. And is not particularly limited herein.
The control terminal 105 may provide various services. For example, the control end 105 may receive a first encrypted data set sent by the host client, where the first encrypted data set is a data set generated by the host client encrypting a first service data set stored on the host client by using a first public key stored on the host client; sending a first encrypted data set to each of a plurality of slave clients; receiving a second encrypted data set and a third encrypted data set sent by each slave client, wherein the second encrypted data set is a data set generated by each slave client encrypting the first encrypted data set by using a second public key stored on each slave client, and the third encrypted data set is a data set generated by each slave client encrypting a second service data set stored on each slave client by using the second public key; the second encrypted data set and the third encrypted data set are sent to the host client so that the host client encrypts the third encrypted data set with the first public key to generate a fourth encrypted data set, and the public data set is determined according to the second encrypted data set and the fourth encrypted data set.
It should be noted that the control end 105 may be implemented as a distributed server cluster formed by a plurality of servers, or may be implemented as a single server; or a single client. And is not particularly limited herein.
It should be noted that, the method for multi-party privacy interaction provided in the embodiment of the present application is generally executed by the control end 105, and accordingly, the apparatus for multi-party privacy interaction is generally disposed in the control end 105.
It should be understood that the number of master clients, slave clients, networks and control ends in fig. 1 is merely illustrative. There may be any number of slave clients, networks, and control ends, as desired for the implementation.
With continued reference to FIG. 2, illustrated is a flow diagram 200 of one embodiment of a method of multi-party privacy rendezvous according to the application, which may include the steps of:
In this embodiment, an executing subject (e.g., the control end 105 shown in fig. 1) of the method for multi-party privacy intersection may receive, through a network (e.g., the network 104 shown in fig. 1), a first encrypted data set sent by a host client, where the first encrypted data set is a data set generated by the host client encrypting a first service data set with a first public key stored on the host client. The first service data set may be a service data set stored on the primary client, and the first public key may be a key stored on the primary client.
Here, the first encrypted data set may be generated by encrypting the first service data set by a host client (e.g., the host client 101 shown in fig. 1) using a first public key stored on the host client. The master client may be a client randomly selected from a plurality of clients by a control end (e.g., the control end 105 shown in fig. 1), and the clients other than the master client may be slave clients (e.g., the slave clients 102 and 103 shown in fig. 1); or the control terminal selects the client terminal with the least number of IDs (identity documents) as the main client terminal.
Correspondingly, in this example, generating a first encrypted data set by the host client encrypting a first service data set stored on the host client with a first public key stored on the host client may include: multiplying each item of service data in the first service data set by the first public key to obtain a first encrypted data set; or other existing or future encryption algorithms may be used to encrypt the first service data set to generate the first encrypted data set.
Here, the multiplication operation may be an element-wise multiplication element correspondence product. The first service data set may be a service-related data set stored on the host client.
In this embodiment, the execution subject may transmit the first encrypted data set to each of the plurality of slave clients through a network (e.g., the network 104 shown in fig. 1), respectively.
Correspondingly, in this example, the slave client may be a client other than the client randomly selected from the plurality of clients by the control end (for example, the control end 105 shown in fig. 1); or the control end selects the client with the least ID number as the master client, and the clients other than the master client are the slave clients.
In this embodiment, the execution body may receive the second encrypted data set and the third encrypted data set, which are each transmitted from the client (e.g., the slave client 102 or 103 shown in fig. 1), through a network (e.g., the network 104 shown in fig. 1).
In one example, the second encrypted data set may be a data set generated by each slave client encrypting the first encrypted data set with the second public key stored on the slave client, and the third encrypted data set may be a data set generated by each slave client encrypting the second traffic data set stored on the slave client with the second public key. The second public key may be a key related to encryption stored in each slave client. The second service data set may be a service-related data set stored at each slave client.
In this embodiment, the execution principal may send the second encrypted data set and the third encrypted data set to the host client (e.g., the host client 101 shown in fig. 1) through a network (e.g., the network 104 shown in fig. 1); after the host client receives the second encrypted data set and the third encrypted data set, encrypting, by the host client, the third encrypted data set with the first public key to generate a fourth encrypted data set; and then, determining a common data set between the master client and the plurality of slave clients by the master client through the second encrypted data set and the fourth encrypted data set. The common data set may be an intersection data set between the master client and the plurality of slave clients.
In some application scenarios where business services are jointly provided via a master client and multiple slave clients, it is necessary for the master client and the multiple slave clients to determine a common data set and use the determined common data set for subsequent business processing. For example, the master client and the plurality of slave clients need to determine common client data and then perform a federated service using the determined common client data. However, the remaining service data (i.e., data other than the public data set) of the master client and the plurality of slave clients except the public data set belong to the privacy data of the master client and the plurality of slave clients, and cannot be leaked from each other.
The method for multi-party privacy intersection provided in this embodiment first receives a first encrypted data set sent by a host client, where the first encrypted data set is a data set generated by encrypting, by the host client, a stored first service data set with a first public key stored on the host client; thereafter sending a first encrypted data set to each of the plurality of slave clients; then receiving a second encrypted data set and a third encrypted data set sent by each slave client, wherein the second encrypted data set is a data set generated by each slave client encrypting the first encrypted data set by using a second public key stored on each slave client, and the third encrypted data set is a data set generated by each slave client encrypting a second service data set stored on each slave client by using the second public key; and then sending the second encrypted data set and the third encrypted data set to the master client, so that the master client encrypts the third encrypted data set by using the first public key to generate a fourth encrypted data set, and determining a public data set according to the second encrypted data set and the fourth encrypted data set. Therefore, when a public data set among a plurality of clients is determined, the privacy set does not need to be solved after n times of encryption operation is carried out on each client (wherein n is the number of the plurality of clients), but the control end selects one active party (namely, a master client), then only carries out encryption operation twice on each client (one master client and each slave client in a plurality of slave clients), and then each client can obtain the public data set under the condition of not revealing information according to a mode of obtaining an alignment index according to the encryption results twice; thereby successfully reducing n encryption operations to 2 encryption operations.
In some optional implementations of this embodiment, before receiving the first encrypted data set sent by the host client, the method for multi-party privacy interaction further includes: acquiring an encryption parameter; sending the encryption parameters to the main client, wherein the first public key is generated by the main client according to the encryption parameters; sending a first encrypted data set to each of a plurality of slave clients, comprising: the first encrypted data set and the encryption parameters are sent to each of the plurality of slave clients, wherein a second public key is generated for each slave client according to the encryption parameters.
In this implementation, the execution main body may first obtain the encryption parameter; and then, sending the encryption parameters to the main client, wherein the first public key is generated by the main client according to the encryption parameters.
In one example, the first public key is determined by the host client based on the encryption parameters and a private key stored on the host client, wherein the first public key is as follows:
g^a mod p
wherein, a is the private key of the host client, and p is the encryption parameter.
Correspondingly, in this example, sending the first encrypted data set to each of the plurality of slave clients may include: the first encrypted data set and the encryption parameters are sent to each of the plurality of slave clients, wherein a second public key is generated for each slave client according to the encryption parameters.
In one example, a second public key is generated for each slave client according to the encryption parameters, wherein the second public key is as follows:
g^p(n)mod p
where p (n) is the private key of the nth slave client, and p is the encryption parameter.
In some optional implementations of this embodiment, the encryption parameters include a large prime number and a primitive root.
In some optional implementations of this embodiment, the method for multi-party privacy intersection further includes: receiving a public data set and a fourth encrypted data set sent by a main client; the common data set and the fourth encrypted data set are sent to each slave client.
In this implementation manner, the execution main body may first receive the public data set and the fourth encrypted data set sent by the host client; thereafter, the common data set and the fourth encrypted data set are sent to each slave client.
With continuing reference to FIG. 3, illustrated is a flow diagram 300 of one embodiment of a method of multi-party privacy rendezvous according to the present application, which may include the steps of:
In this embodiment, the executing agent of the method of multi-party privacy intersection (e.g., slave clients 102 and 103 shown in fig. 1) may receive the first encrypted data set over a network (e.g., network 104 shown in fig. 1).
In one example, the first encrypted data set may be a data set generated by a host client (e.g., the client 101 shown in fig. 1) encrypting a first service data set stored on the host client by using a first public key stored on the host client, and specifically includes: and multiplying each item of service data in the first service data set by the first public key to obtain a first encrypted data set.
Here, the multiplication operation may be an element-wise multiplication element correspondence product. The first service data set may be a service-related data set stored at the host client.
It should be noted that the master client 101 and the slave clients 102 and 103 are randomly selected by a control end (e.g., the control end 105 shown in fig. 1). Or the client with the least ID number is used as the main client, and the other clients are used as the auxiliary clients.
In this embodiment, the execution subject may encrypt the first encrypted data set by using the second public key to generate the second encrypted data set.
Specifically, each item of service data in the first encrypted data set is multiplied by the second public key to obtain a first encrypted data set. The second public key may be determined by the execution entity using the encryption parameter and a private key stored on the execution entity.
Here, the multiplication operation may be an element-wise multiplication element correspondence product.
In this embodiment, the executing entity may encrypt the second service data set by using the second public key to generate a second encrypted data set.
Specifically, each item of service data in the second service data set is multiplied by the second public key to obtain a second service data set.
Here, the multiplication operation may be an element-wise multiplication element correspondence product. The second service data set may be a service-related data set stored at the host client.
In this embodiment, the executing entity may first send the second encrypted data set and the third encrypted data set to a control end (for example, the control end 105 shown in fig. 1); then, the control end 105 transmits the second encrypted data set and the third encrypted data set to a host client (for example, the host client 101 shown in fig. 1); after the host client receives the second encrypted data set and the third encrypted data set, encrypting, by the host client, the third encrypted data set with the first public key to generate a fourth encrypted data set; and then, determining a common data set between the master client and the plurality of slave clients by the master client through the second encrypted data set and the fourth encrypted data set. The common data set may be an intersection data set between the master client and the plurality of slave clients.
It should be noted that step 302 and step 303 may be performed simultaneously, or step 302 is performed first and then step 303 is performed, or step 303 is performed first and then step 302 is performed.
The method for multi-party privacy intersection provided by this embodiment first receives a first encrypted data set sent by a control end, where the first encrypted data set is a data set generated by encrypting, by a host client, a first service data set stored on the host client by using a first public key stored on the host client; then, the first encrypted data set is encrypted by using a second public key to generate a second encrypted data set; encrypting the second service data set by using the second public key to generate a third encrypted data set; and then sending the second encrypted data set and the third encrypted data set to the main client through the control terminal, so that the main client encrypts the third encrypted data set by using the first public key to generate a fourth encrypted data set, and determining a public data set according to the second encrypted data set and the fourth encrypted data set. Therefore, when a public data set among a plurality of clients is determined, the privacy set does not need to be solved after n times of encryption operation is carried out on each client (wherein n is the number of the plurality of clients), but the control end selects one active party (namely, a master client), then only carries out encryption operation twice on each client (one master client and each slave client in a plurality of slave clients), and then each client can obtain the public data set under the condition of not revealing information according to a mode of obtaining an alignment index according to the encryption results twice; thereby successfully reducing n encryption operations to 2 encryption operations.
In some optional implementations of this embodiment, receiving the first encrypted data set sent by the control end includes: and receiving the first encrypted data set and the encryption parameters sent by the control terminal, wherein the second public key is generated according to the encryption parameters.
In this implementation manner, the execution body receives the first encrypted data set and the encryption parameter sent by the control end together. The encryption parameters described above may be used to generate the second public key.
In one example, a second public key is generated for each slave client according to the encryption parameters, wherein the second public key is as follows:
g^p(n)mod p
where p (n) is the private key of the nth slave client, and p is the encryption parameter.
In some optional implementations of this embodiment, the encryption parameters include a large prime number and a primitive root.
In some optional implementations of this embodiment, the method for multiparty privacy intersection further includes: and receiving the public data set and the fourth encrypted data set sent by the control terminal.
In this implementation manner, the execution main body may receive the public data set and the fourth encrypted data set sent by the control end, and cache the public data set and the fourth encrypted data set to the local after decryption.
With continuing reference to FIG. 4, illustrated is a flow diagram 400 of one embodiment of a method of multi-party privacy rendezvous according to the present application, which may include the steps of:
In this embodiment, an executing subject (e.g., the host client 101 shown in fig. 1) of the multi-party privacy intersection method may encrypt the first service data set by using the first public key to generate a first encrypted data set.
Here, the encrypting, by the host client, the first service data set with the first public key to generate a first encrypted data set may include: multiplying each item of service data in the first service data set by the first public key to obtain a first encrypted data set; or other existing or future encryption algorithms may be used to encrypt the first service data set to generate the first encrypted data set.
Here, the multiplication operation may be an element-wise multiplication element correspondence product. The first service data set may be a service-related data set stored on the host client.
In this embodiment, the execution subject may send the first encrypted data set to the control end (e.g., the control end 105 shown in fig. 1) through a network (e.g., the network 104 shown in fig. 1).
In step 403, the receiving control end sends a second encrypted data set and a third encrypted data set, wherein the second encrypted data set is a data set generated by each of the plurality of slave clients by encrypting the first encrypted data set with the second public key stored on each of the plurality of slave clients, and the third encrypted data set is a data set generated by each of the plurality of slave clients by using the second public key stored on each of the plurality of slave clients.
In this embodiment, the execution body may receive the second encrypted data set and the third encrypted data set sent by the control end through a network (e.g., the network 104 shown in fig. 1).
In one example, the second encrypted data set may be obtained by multiplying each item of service data in the first encrypted data set by the second public key for each of a plurality of slave clients (e.g., slave clients 102 and 103 shown in fig. 1).
Here, the multiplication operation may be an element-wise multiplication element correspondence product.
In one example, the third encrypted data set may be obtained by multiplying each item of service data in the second service data set by the second public key for each slave client (e.g., slave clients 102 or 103 shown in fig. 1).
Here, the multiplication operation may be an element-wise multiplication element correspondence product. The second service data set may be a service-related data set stored at the host client.
Step 404 encrypts the third encrypted data set with the first public key to generate a fourth encrypted data set.
In this embodiment, the execution subject may encrypt the third encrypted data set with the first public key to generate a fourth encrypted data set.
Step 405 determines a common data set from the second encrypted data set and the fourth encrypted data set.
In this embodiment, the execution subject may determine a common data set between the master client (e.g., master client 101 shown in fig. 1) and the plurality of slave clients (e.g., slave clients 102 and 103 shown in fig. 1) according to the second encrypted data set and the fourth encrypted data set. The common data set may be an intersection between data sets of the master client and the plurality of slave clients.
In one example, determining the common data set from the second encrypted data set and the fourth encrypted data set may include: the second encrypted data set and the fourth encrypted data set are matched to determine an intersection of the second encrypted data set and the fourth encrypted data set, thereby determining a common data set.
In the method for multi-party privacy intersection provided by this embodiment, a first service data set is encrypted by using a first public key to generate a first encrypted data set; then sending the first encrypted data set to the control end; then the receiving control terminal sends a second encrypted data set and a third encrypted data set, wherein the second encrypted data set is a data set generated by encrypting the first encrypted data set by each slave client in the plurality of slave clients by using a second public key stored on each slave client, and the third encrypted data set is a data set generated by each slave client by using a second public key to a second service data set stored on each slave client; then, the third encrypted data set is encrypted by using the first public key to generate a fourth encrypted data set; a common data set is then determined based on the second encrypted data set and the fourth encrypted data set. Therefore, when a public data set among a plurality of clients is determined, the privacy set does not need to be solved after n times of encryption operation is carried out on each client (wherein n is the number of the plurality of clients), but the control end selects one active party (namely, a master client), then only carries out encryption operation twice on each client (one master client and each slave client in a plurality of slave clients), and then each client can obtain the public data set under the condition of not revealing information according to a mode of obtaining an alignment index according to the encryption results twice; thereby successfully reducing n encryption operations to 2 encryption operations.
In some optional implementations of this embodiment, determining the common data set from the second encrypted data set and the fourth encrypted data set includes: determining an initial public data set corresponding to each slave client according to the intersection between the second encrypted data set and a fourth encrypted data set corresponding to each slave client; and determining the public data sets according to the intersection between the initial public data sets corresponding to each slave client.
In this implementation manner, the execution subject may determine an initial common data set corresponding to each slave client according to an intersection between the second encrypted data set and a fourth encrypted data set corresponding to each slave client; and then, determining the public data set according to the intersection between the initial public data sets corresponding to each slave client.
In one example, for each slave client P _ i, EncPi (encca (ida)) (i.e., the second encrypted data set) and EncA (EncPi (idpi)) (i.e., the third encrypted data set) are matched, and after an intersection between the master client and each slave client (i.e., the initial public data set corresponding to each slave client) is found, the intersection (i.e., the initial public data set corresponding to each slave client) is re-intersected to obtain the public data set.
In the implementation manner, when determining a public data set among a plurality of clients, instead of solving a privacy set after obtaining n times of encryption operations (where n is the number of the plurality of clients) for each client, the control terminal selects an active party (i.e., a master client), obtains two times of encryption operations (one master client and each of a plurality of slave clients), and obtains an alignment index according to two times of encryption results, so that each client can obtain the public data set without revealing information; thereby successfully reducing n encryption operations to 2 encryption operations.
In some optional implementations of this embodiment, the method for multi-party privacy intersection further includes: receiving an encryption parameter sent by a control end; a first public key is generated based on the encryption parameters.
In this implementation, the execution subject may be an encryption parameter sent via a network (e.g., the network 104 shown in fig. 1); then, a first public key is generated according to the encryption parameters. The encryption parameters are used to generate a first public key.
In one example, the first public key is determined by the host client based on the encryption parameters and a private key stored on the host client, wherein the first public key is as follows:
g^a mod p
wherein, a is the private key of the host client, and p is the encryption parameter.
In some optional implementations of this embodiment, the encryption parameters include a large prime number and a primitive root.
In some optional implementations of this embodiment, the method for multi-party privacy intersection further includes: and sending the fourth encrypted data set to the control end so that the control end sends the public data set and the fourth encrypted data set to each slave client.
In this implementation, the execution main body may first send a fourth encrypted data set to the control end; and then, the control end sends the public data set and the fourth encrypted data set to each slave client.
With continuing reference to FIG. 5, illustrated is a flow diagram 500 of one embodiment of a method of multi-party privacy rendezvous according to the present application, which may include the steps of:
In this embodiment, in an initialization phase, the control end (Coordinator) generates encryption parameters, for example, g and p, for the encryption process of the subsequent client (client), and the control end randomly selects one client as the primary client (a) and transmits the encryption parameters to the primary client.
In this embodiment, after receiving g and p, the host client calculates g ^ a mod p (the first public key), and encrypts the host client set (i.e., the first service data set) using g ^ a mod p to obtain EncA (IDA) (i.e., the first encrypted data set) and sends the EncA (IDA) to the control end, where EncA (IDA) multiplies each item of the set by g ^ a mod p. Wherein a is the private key of the host client.
In step 503, the control end sends the first encrypted data and the encryption parameter to each of the plurality of slave clients.
In this embodiment, each slave client calculates g ^ p (n) mod p (second public key) after receiving g and p, encrypts the second traffic data set of the slave client using g ^ p (n) mod p to generate EncPi (IDPi) (i.e., third encrypted data set), and encrypts the first encrypted data set using g ^ p (n) mod p to generate EncPi (EncA (IDA)) (i.e., second encrypted data set). The private keys corresponding to each slave client are p _1, p _2, …, p _ (n-1), and n is a positive integer greater than or equal to 2.
And 505, the control terminal sends the second encrypted data set and the third encrypted data set to the host client.
In this embodiment, the master client performs secondary encryption on EncA (encpi (idpi)) of each slave client to generate EncA (encpi (idpi)) (i.e., a fourth encrypted data set); EncPi (EncA (IDA))) and EncA (EncPi (IDPi)) are then matched to determine a common data set.
And step 507, the control end respectively sends the fourth encrypted data set and the public data set to each slave client.
In this embodiment, the control end sends EncA (encpi (idpi)) and a common data set to each slave client, and each slave client stores the common data set and EncA (encpi (idpi)) locally.
In the present application, a system for multi-party privacy interaction may include a master client (e.g., master client 101 shown in fig. 1), a plurality of slave clients (e.g., slave clients 102 and 103 shown in fig. 1), and a control end (e.g., control end 105 shown in fig. 1); the page rendering system is described below in conjunction with FIG. 6. Fig. 6 shows a flowchart of an embodiment of a page rendering method according to the present application. Wherein, the first and the second end of the pipe are connected with each other,
a host client configured to encrypt a first service data set using a first public key, generating a first encrypted data set; a host client configured to send a first encrypted data set to a control end; a control terminal configured to transmit a first encrypted data set to each of a plurality of slave clients; each slave client configured to encrypt the first encrypted data set using a second public key, generating a second encrypted data set; and each slave client configured to encrypt the second traffic data set with the second public key, generating a third encrypted data set; and each slave client configured to send the second encrypted data set and the third encrypted data set to the control end; a control end configured to send the second encrypted data set and the third encrypted data set to the host client; a master client configured to encrypt the third encrypted data set using the first public key, generating a fourth encrypted data set; and the main client determines the public data set according to the second encrypted data set and the fourth encrypted data set.
In the method for multi-party privacy intersection provided by this embodiment, when a public data set between multiple clients needs to be determined, instead of solving the privacy set after n (where n is the number of multiple clients) encryption operations are solved for each client, a control end selects an active party (i.e., a master client), and then only obtains two encryption operations (one master client and each of multiple slave clients) for each client, and then obtains an alignment index according to the two encryption results, so that each client can obtain the public data set without revealing information; thereby successfully reducing n encryption operations to 2 encryption operations.
With further reference to fig. 7, as an implementation of the methods shown in the above-mentioned figures, the present application discloses an embodiment of an apparatus for multi-party privacy negotiation, where the embodiment of the apparatus corresponds to the embodiment of the method shown in fig. 2, and the apparatus may be specifically applied to various electronic devices.
As shown in fig. 7, an embodiment of the present application provides an apparatus 700 for multi-party privacy intersection, where the apparatus 700 includes: a first receiving module 701, a first sending module 702, a second receiving module 703 and a second sending module 704. The first receiving module 701 is configured to receive a first encrypted data set sent by a host client, where the first encrypted data set is a data set generated by the host client encrypting a first service data set stored on the host client by using a first public key stored on the host client; a first sending module 702 configured to send a first encrypted data set to each of a plurality of slave clients; a second receiving module 703 configured to receive a second encrypted data set and a third encrypted data set sent from each of the slave clients, wherein the second encrypted data set is a data set generated by each of the slave clients encrypting the first encrypted data set with a second public key stored on each of the slave clients, and the third encrypted data set is a data set generated by each of the slave clients encrypting the second traffic data set stored on each of the slave clients with the second public key; a second sending module 704 configured to send the second encrypted data set and the third encrypted data set to the host client, so that the host client encrypts the third encrypted data set with the first public key to generate a fourth encrypted data set, and determine the public data set according to the second encrypted data set and the fourth encrypted data set.
In this embodiment, in the apparatus 700 for multi-party privacy negotiation, specific processing of the first receiving module 701, the first sending module 702, the second receiving module 703 and the second sending module 704 and technical effects thereof may refer to steps 201 to 204 in the corresponding embodiment of fig. 2, respectively.
In some embodiments, prior to receiving the first encrypted data set sent by the host client, the apparatus further comprises: a parameter acquisition module configured to acquire an encryption parameter; the third sending module is configured to send the encryption parameters to the host client, wherein the first public key is generated by the host client according to the encryption parameters;
a first sending module 702, further configured to: the first encrypted data set and the encryption parameters are sent to each of the plurality of slave clients, wherein the second public key is generated for each slave client according to the encryption parameters.
In some embodiments, the encryption parameters include a large prime number and a primitive root.
In some embodiments, the apparatus further comprises: a third receiving module configured to receive the public data set and the fourth encrypted data set sent by the host client; a fourth sending module configured to send the common data set and a fourth encrypted data set to each slave client.
With further reference to fig. 8, as an implementation of the methods shown in the above-mentioned figures, the present application discloses an embodiment of an apparatus for multi-party privacy negotiation, where the embodiment of the apparatus corresponds to the embodiment of the method shown in fig. 3, and the apparatus may be specifically applied to various electronic devices.
As shown in fig. 8, an embodiment of the present application provides an apparatus 800 for multi-party privacy negotiation, where the apparatus 800 includes: a first receiving module 801, a first generating module 802, a second generating module 803, and a first transmitting module 804. The first receiving module 801 is configured to receive a first encrypted data set sent by the control end, where the first encrypted data set is a data set generated by encrypting, by the host client, a first service data set stored on the host client by using a first public key stored on the host client; a first generation module 802 configured to encrypt the first encrypted data set with a second public key, generating a second encrypted data set; and a second generating module 803 configured to encrypt the second service data set with the second public key to generate a third encrypted data set; a first sending module 804 configured to send the second encrypted data set and the third encrypted data set to the host client via the control end, so that the host client encrypts the third encrypted data set with the first public key to generate a fourth encrypted data set, and determine a public data set according to the second encrypted data set and the fourth encrypted data set.
In this embodiment, in the apparatus 800 for multi-party privacy intersection, specific processes of the first receiving module 801, the first generating module 802, the second generating module 803, and the first sending module 804 and technical effects thereof may refer to steps 301 to 304 in the corresponding embodiment of fig. 3, respectively.
In some embodiments, the first receiving module 801 is further configured to: and receiving the first encrypted data set and the encryption parameters sent by the control terminal, wherein the second public key is generated according to the encryption parameters.
In some embodiments, the encryption parameters include a large prime number and a primitive root.
In some embodiments, the apparatus further comprises: and the second receiving module is configured to receive the public data set and the fourth encrypted data set sent by the control end.
With further reference to fig. 9, as an implementation of the methods shown in the above-mentioned figures, the present application discloses an embodiment of an apparatus for multi-party privacy negotiation, where the embodiment of the apparatus corresponds to the embodiment of the method shown in fig. 4, and the apparatus may be specifically applied to various electronic devices.
As shown in fig. 9, an embodiment of the present application provides an apparatus 900 for multiparty privacy rendezvous, where the apparatus 900 includes: a data set generating module 901, a first sending module 902, a first receiving module 903, a data encrypting module 904 and a data set determining module 905. The data set generating module 901 is configured to encrypt the first service data set by using the first public key, and generate a first encrypted data set; a first sending module 902 configured to send a first encrypted data set to the control end; a first receiving module 903 configured to receive a second encrypted data set and a third encrypted data set, where the second encrypted data set is a data set generated by each of a plurality of slave clients encrypting the first encrypted data set by using a second public key stored on each of the slave clients, and the third encrypted data set is a data set generated by each of the slave clients using a second public key stored on each of the slave clients; a data encryption module 904 configured to encrypt the third encrypted data set using the first public key, generating a fourth encrypted data set; a data set determination module 905 configured to determine a common data set from the second encrypted data set and the fourth encrypted data set.
In this embodiment, in the apparatus 900 for multi-party privacy intersection, specific processes of the data set generating module 901, the first sending module 902, the first receiving module 903, the data encrypting module 904, and the data set determining module 905 and technical effects thereof may refer to steps 401 to 405 in the corresponding embodiment of fig. 4, respectively.
In some embodiments, the data set determination module 905 is further configured to: determining an initial public data set corresponding to each slave client according to the intersection between the second encrypted data set and a fourth encrypted data set corresponding to each slave client; and determining the public data sets according to the intersection between the initial public data sets corresponding to each slave client.
In some embodiments, the apparatus further comprises: the second receiving module is configured to receive the encryption parameters sent by the control end; a key generation module configured to generate a first public key according to the encryption parameter.
In some embodiments, the encryption parameters include a large prime number and a primitive root.
In some embodiments, the apparatus further comprises: and the second sending module is configured to send the fourth encrypted data set to the control end, so that the control end sends the common data set and the fourth encrypted data set to each slave client.
Fig. 10 is a block diagram of an electronic device according to an embodiment of the present application. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. The electronic device may also represent various forms of mobile devices, such as personal digital processing, cellular phones, smart phones, wearable devices, and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be examples only, and are not meant to limit implementations of the present application that are described and/or claimed herein.
As shown in fig. 10, the electronic apparatus includes: one or more processors 1001, memory 1002, and interfaces for connecting the various components, including high-speed interfaces and low-speed interfaces. The various components are interconnected using different buses and may be mounted on a common motherboard or in other manners as desired. The processor may process instructions for execution within the electronic device, including instructions stored in or on the memory to display graphical information of a GUI on an external input/output apparatus (such as a display device coupled to the interface). In other embodiments, multiple processors and/or multiple buses may be used, along with multiple memories and multiple memories, as desired. Also, multiple electronic devices may be connected, with each device providing portions of the necessary operations (e.g., as a server array, a group of blade servers, or a multi-processor system). Fig. 10 illustrates an example of one processor 1001.
The memory 1002 is a non-transitory computer readable storage medium provided herein. The memory stores instructions executable by the at least one processor to cause the at least one processor to perform the method for multi-party privacy negotiation provided herein. The non-transitory computer-readable storage medium of the present application stores computer instructions for causing a computer to perform the method of multi-party privacy intersection provided herein.
The memory 1002 serves as a non-transitory computer readable storage medium, and may be used to store non-transitory software programs, non-transitory computer executable programs, and modules, such as program instructions/modules corresponding to the method for multi-party privacy intersection in the embodiments of the present application (for example, the first receiving module 701, the first sending module 702, the second receiving module 703, and the second sending module 704 shown in fig. 7, or the first receiving module 801, the first generating module 802, the second generating module 803, and the first sending module 804 shown in fig. 8, or the data set generating module 901, the first sending module 902, the first receiving module 903, the data encrypting module 904, and the data set determining module 905 shown in fig. 9). The processor 1001 executes various functional applications of the server and data processing by running non-transitory software programs, instructions, and modules stored in the memory 1002, that is, the method for multi-party privacy intersection in the above method embodiment is implemented.
The memory 1002 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created from use of the information processing electronic device based on the block chain, and the like. Further, the memory 1002 may include high-speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, the memory 1002 may optionally include memory located remotely from the processor 1001, which may be connected to the blockchain based information processing electronics via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The electronic device of the method for multiparty privacy intersection may further include: an input device 1003 and an output device 1004. The processor 1001, the memory 1002, the input device 1003, and the output device 1004 may be connected by a bus or other means, and the bus connection is exemplified in fig. 10.
The input device 1003 may receive input numeric or character information and generate key signal inputs related to user settings and function control of the blockchain-based information processing electronic apparatus, such as a touch screen, a keypad, a mouse, a track pad, a touch pad, a pointer, one or more mouse buttons, a track ball, a joystick, or other input devices. The output devices 1004 may include a display device, auxiliary lighting devices (e.g., LEDs), and tactile feedback devices (e.g., vibrating motors), among others. The display device may include, but is not limited to, a Liquid Crystal Display (LCD), a Light Emitting Diode (LED) display, and a plasma display. In some implementations, the display device can be a touch screen.
Various implementations of the systems and techniques described here can be realized in digital electronic circuitry, integrated circuitry, application specific ASICs (application specific integrated circuits), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs that are executable and/or interpretable on a programmable system including at least one programmable processor, which may be special or general purpose, receiving data and instructions from, and transmitting data and instructions to, a storage system, at least one input device, and at least one output device.
These computer programs (also known as programs, software applications, or code) include machine instructions for a programmable processor, and may be implemented using high-level procedural and/or object-oriented programming languages, and/or assembly/machine languages. As used herein, the terms "machine-readable medium" and "computer-readable medium" refer to any computer program product, apparatus, and/or device (e.g., magnetic discs, optical disks, memory, Programmable Logic Devices (PLDs)) used to provide machine instructions and/or data to a programmable processor, including a machine-readable medium that receives machine instructions as a machine-readable signal. The term "machine-readable signal" refers to any signal used to provide machine instructions and/or data to a programmable processor.
To provide for interaction with a user, the systems and techniques described here can be implemented on a computer having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) by which a user may provide input to the computer. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic, speech, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a back-end component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such back-end, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), Wide Area Networks (WANs), and the Internet.
The computer system may include clients and servers. A client and server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other.
It should be understood that various forms of the flows shown above may be used, with steps reordered, added, or deleted. For example, the steps described in the present application may be executed in parallel, sequentially, or in different orders, as long as the desired results of the technical solutions disclosed in the present application can be achieved, and the present invention is not limited herein.
The above-described embodiments should not be construed as limiting the scope of the present application. It should be understood by those skilled in the art that various modifications, combinations, sub-combinations and substitutions may be made, depending on design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present application shall be included in the protection scope of the present application.
Claims (22)
1. A method of multi-party privacy intersection, comprising:
receiving a first encrypted data set sent by a host client, wherein the first encrypted data set is a data set generated by the host client encrypting a first service data set stored on the client by using a first public key stored on the client;
sending a first encrypted data set to each of a plurality of slave clients;
receiving a second encrypted data set and a third encrypted data set sent by each slave client, wherein the second encrypted data set is a data set generated by each slave client encrypting the first encrypted data set by using a second public key stored on each slave client, and the third encrypted data set is a data set generated by each slave client encrypting a second service data set stored on each slave client by using the second public key;
and sending the second encrypted data set and the third encrypted data set to the host client, so that the host client encrypts the third encrypted data set by using the first public key to generate a fourth encrypted data set, and determining a public data set according to the second encrypted data set and the fourth encrypted data set.
2. The method of claim 1, wherein prior to receiving the first encrypted data set sent by the host client, the method further comprises:
acquiring an encryption parameter;
sending the encryption parameters to a host client, wherein the first public key is generated by the host client according to the encryption parameters;
sending a first encrypted data set to each of a plurality of slave clients, comprising:
sending a first set of encrypted data and the encryption parameters to each of a plurality of slave clients, wherein the second public key is generated for the each slave client according to the encryption parameters.
3. The method of claim 1 or 2, wherein the encryption parameters comprise a large prime number and a primitive root.
4. The method of claim 1 or 2, further comprising:
receiving the public data set and the fourth encrypted data set sent by the host client;
sending said common data set and said fourth encrypted data set to said each slave client.
5. A method of multi-party privacy intersection, comprising:
receiving a first encrypted data set sent by a control terminal, wherein the first encrypted data set is a data set generated by a host client encrypting a first service data set stored on the host client by using a first public key stored on the host client;
encrypting the first encrypted data set with a second public key to generate a second encrypted data set; and
encrypting a second service data set by using the second public key to generate a third encrypted data set;
sending the second encrypted data set and the third encrypted data set to the host client via the control end, so that the host client encrypts the third encrypted data set by using the first public key to generate a fourth encrypted data set, and determining a public data set according to the second encrypted data set and the fourth encrypted data set.
6. The method of claim 5, wherein the receiving the first encrypted data set sent by the control end comprises:
and receiving a first encryption data set and an encryption parameter sent by a control terminal, wherein the second public key is generated according to the encryption parameter.
7. The method of claim 6, wherein the encryption parameters include a large prime number and a primitive root.
8. The method according to any one of claims 5-7, further comprising:
and receiving the public data set and the fourth encrypted data set sent by the control terminal.
9. A method of multi-party privacy intersection, comprising:
encrypting the first service data set by using the first public key to generate a first encrypted data set;
sending a first encrypted data set to a control end;
receiving a second encrypted data set and a third encrypted data set sent by the control terminal, wherein the second encrypted data set is a data set generated by encrypting the first encrypted data set by each slave client in a plurality of slave clients by using a second public key stored on each slave client, and the third encrypted data set is a data set generated by each slave client by using a second public key stored on each slave client;
encrypting the third encrypted data set using the first public key to generate a fourth encrypted data set;
determining a common data set from the second encrypted data set and the fourth encrypted data set.
10. The method of claim 9, wherein the determining the common data set from the second encrypted data set and the fourth encrypted data set comprises:
determining an initial public data set corresponding to each slave client according to the intersection between the second encrypted data set and a fourth encrypted data set corresponding to each slave client;
and determining the public data set according to the intersection set between the initial public data sets corresponding to each slave client.
11. The method of claim 9 or 10, further comprising:
receiving an encryption parameter sent by a control end;
and generating a first public key according to the encryption parameters.
12. The method of claim 11, wherein the encryption parameters include a large prime number and a primitive root.
13. The method of claim 9 or 10, further comprising:
sending the fourth encrypted data set to the control end, so that the control end sends the public data set and the fourth encrypted data set to each slave client.
14. An apparatus for multi-party privacy intersection, comprising:
a first receiving module configured to receive a first encrypted data set sent by a host client, wherein the first encrypted data set is a data set generated by the host client encrypting a first service data set stored on the host client by using a first public key stored on the host client;
a first sending module configured to send a first set of encrypted data to each of a plurality of slave clients;
a second receiving module configured to receive a second encrypted data set and a third encrypted data set sent by each slave client, wherein the second encrypted data set is a data set generated by each slave client encrypting the first encrypted data set by using a second public key stored on each slave client, and the third encrypted data set is a data set generated by each slave client encrypting a second traffic data set stored on each slave client by using the second public key;
a second sending module configured to send the second encrypted data set and a third encrypted data set to the host client, so that the host client encrypts the third encrypted data set with the first public key to generate a fourth encrypted data set, and determine a public data set according to the second encrypted data set and the fourth encrypted data set.
15. The apparatus of claim 14, wherein prior to receiving the first encrypted data set sent by the host client, the apparatus further comprises:
a parameter acquisition module configured to acquire an encryption parameter;
a third sending module, configured to send the encryption parameter to a host client, where the first public key is generated by the host client according to the encryption parameter;
the first sending module further configured to: sending a first set of encrypted data and the encryption parameters to each of a plurality of slave clients, wherein the second public key is generated for the each slave client according to the encryption parameters.
16. An apparatus for multi-party privacy intersection, comprising:
a first receiving module configured to receive a first encrypted data set sent by a control terminal, wherein the first encrypted data set is a data set generated by a host client encrypting a first service data set stored on the host client by using a first public key stored on the host client;
a first generation module configured to encrypt the first encrypted data set using a second public key, generating a second encrypted data set; and
a second generating module configured to encrypt a second service data set by using the second public key to generate a third encrypted data set;
a first sending module configured to send the second encrypted data set and the third encrypted data set to the host client via the control end, so that the host client encrypts the third encrypted data set with the first public key to generate a fourth encrypted data set, and determine a public data set according to the second encrypted data set and the fourth encrypted data set.
17. The apparatus of claim 16, wherein the first receiving module is further configured to:
and receiving a first encryption data set and an encryption parameter sent by a control terminal, wherein the second public key is generated according to the encryption parameter.
18. An apparatus for multi-party privacy intersection, comprising:
a data set generating module configured to encrypt a first service data set by using a first public key to generate a first encrypted data set;
a first sending module configured to send a first encrypted data set to a control terminal;
a first receiving module configured to receive a second encrypted data set and a third encrypted data set sent by the control end, wherein the second encrypted data set is a data set generated by each of a plurality of slave clients by encrypting the first encrypted data set with a second public key stored on each of the slave clients, and the third encrypted data set is a data set generated by each of the slave clients by using the second public key to encrypt a second service data set stored on each of the slave clients;
a data encryption module configured to encrypt the third encrypted data set using the first public key, generating a fourth encrypted data set;
a data set determination module configured to determine a common data set from the second encrypted data set and the fourth encrypted data set.
19. The apparatus of claim 18, wherein the data set determination module is further configured to:
determining an initial public data set corresponding to each slave client according to an intersection between the second encrypted data set and a fourth encrypted data set corresponding to each slave client;
and determining the public data set according to the intersection set between the initial public data sets corresponding to each slave client.
20. A system for multi-party privacy intersection, comprising: the system comprises a master client, a plurality of slave clients and a control end; wherein the content of the first and second substances,
the host client is configured to encrypt a first service data set by using a first public key to generate a first encrypted data set;
the host client configured to send the first encrypted data set to the control end;
the control end configured to send the first encrypted data set to each of a plurality of slave clients;
each slave client configured to encrypt the first encrypted data set using a second public key, generating a second encrypted data set; and the number of the first and second groups,
each slave client configured to encrypt a second service data set with the second public key, generating a third encrypted data set; and
each slave client configured to send the second encrypted data set and the third encrypted data set to the control end;
the control end is configured to send the second encrypted data set and the third encrypted data set to the host client;
the host client configured to encrypt the third encrypted data set using the first public key to generate a fourth encrypted data set; and
and the main client determines a public data set according to the second encrypted data set and the fourth encrypted data set.
21. An electronic device, comprising:
one or more processors;
a storage device having one or more programs stored thereon;
the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the method recited in any of claims 1-13.
22. A non-transitory computer readable storage medium having stored thereon a computer program of instructions, wherein the program when executed by a processor implements the method of any of claims 1-13.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210372810.4A CN114745179A (en) | 2022-04-11 | 2022-04-11 | Multiparty privacy intersection method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210372810.4A CN114745179A (en) | 2022-04-11 | 2022-04-11 | Multiparty privacy intersection method, device, equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114745179A true CN114745179A (en) | 2022-07-12 |
Family
ID=82280745
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210372810.4A Pending CN114745179A (en) | 2022-04-11 | 2022-04-11 | Multiparty privacy intersection method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114745179A (en) |
-
2022
- 2022-04-11 CN CN202210372810.4A patent/CN114745179A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11509474B2 (en) | Method and apparatus for obtaining privacy set intersection, device and storage medium | |
| CN111683071B (en) | Private data processing method, device, equipment and storage medium of block chain | |
| US11909886B2 (en) | Method, apparatus for blockchain-based multi-party computation, device and medium | |
| US10608811B2 (en) | Private set intersection encryption techniques | |
| US11750396B2 (en) | Private data processing method, device and medium | |
| CN111565109A (en) | Key processing method, device, equipment and medium for block chain | |
| JP7280303B2 (en) | Model association training method, device, electronic device, storage medium and computer program | |
| EP3075098A1 (en) | Server-aided private set intersection (psi) with data transfer | |
| CN111464297B (en) | Transaction processing method, device, electronic equipment and medium based on block chain | |
| CN111934872A (en) | Key processing method, device, electronic equipment and storage medium | |
| CN113449872B (en) | Parameter processing method, device and system based on federal learning | |
| CN113722739B (en) | Gradient lifting tree model generation method and device, electronic equipment and storage medium | |
| CN112261015B (en) | Information sharing method, platform, system and electronic equipment based on block chain | |
| CN111400743B (en) | Transaction processing method, device, electronic equipment and medium based on blockchain network | |
| CN112615852A (en) | Data processing method, related device and computer program product | |
| CN114745179A (en) | Multiparty privacy intersection method, device, equipment and storage medium | |
| CN113434904A (en) | Data processing method and device, computer equipment and storage medium | |
| CN111339571A (en) | Block chain key management method, device, equipment and storage medium | |
| CN112995205B (en) | Query method, device, equipment and storage medium based on block chain | |
| CN112615712B (en) | Data processing method, related device and computer program product | |
| CN111062047B (en) | Data storage method, system, device and storage medium | |
| CN117743384A (en) | Data query method, device, equipment and storage medium | |
| CN116108496A (en) | Method, device, equipment and storage medium for inquiring trace | |
| CN115766006A (en) | Key agreement method, device, electronic equipment and computer readable storage medium | |
| CN116506131A (en) | Signature verification method and device for message, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |