CN114861203A - Secret intersection solving method based on accidental pseudorandom function - Google Patents
Secret intersection solving method based on accidental pseudorandom function Download PDFInfo
- Publication number
- CN114861203A CN114861203A CN202210459193.1A CN202210459193A CN114861203A CN 114861203 A CN114861203 A CN 114861203A CN 202210459193 A CN202210459193 A CN 202210459193A CN 114861203 A CN114861203 A CN 114861203A
- Authority
- CN
- China
- Prior art keywords
- data
- matrix
- initiator
- encryption
- encrypted data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0631—Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Medical Informatics (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a secret intersection solving method based on an oblivious pseudorandom function, which comprises the following steps: the initiator preprocesses the local data to obtain encrypted data and sends the encrypted data to the data side; a data party acquires encrypted data sent by an initiator and performs combined operation on the encrypted data and preprocessed local data to obtain operation data; and the initiator acquires the operational data sent by the data side and compares the acquired operational data with the operational data of the initiator to acquire an intersection result. In the method, the initiator obtains the intersection solving result under the condition that elements except intersection are not obtained, the data side cooperates with the initiator to carry out operation without obtaining any output, no plaintext interaction exists in the whole intersection solving process, and the two sides cannot obtain other specific information about the data set of the other side from the interaction flow.
Description
Technical Field
The invention relates to the field of privacy computation, in particular to a secret intersection solving method based on an accidental pseudorandom function.
The background art comprises the following steps:
the Privacy Set Interaction (PSI) belongs to the specific application problem in the privacy computing field, and has important theoretical significance and extremely strong practical application value. With the increasing demand of privacy protection of user data, the PSI can satisfy the convenience of services depending on personal information and protect the privacy demand of personal information to the greatest extent.
PSI allows multiple parties holding respective private data sets to compute the intersection of their data without revealing any information outside the intersection. When two parties deal, if the first party holds the data set A and the other party holds the data set B, the PSI result is A deal B. The information obtained by the party A from the party B is only the intersection of the AB; similarly, the information obtained by the second party from the first party is only the intersection of the AB. Because data information cannot be revealed by both the first and second parties in consideration of privacy, only the intersection part of the data A and the data B can be obtained, and user information except the intersection cannot be revealed.
In the prior art, the data after respective desensitization is input by the first party and the second party to carry out intersection or the intersection is carried out in a hash mode, and the scheme has the risk of being violently collided with a library.
Disclosure of Invention
The invention aims to provide a secret intersection solving method based on an oblivious pseudorandom function, which aims to overcome the defect that the two parties have a violent database collision risk when solving intersection of data in the prior art.
The invention is further illustrated in two aspects below:
in a first aspect, a secret intersection method based on an oblivious pseudorandom function is provided, and the method is applied to an initiator, and includes the following steps:
the initiator preprocesses the local data to obtain encrypted data and sends the encrypted data to the data side;
acquiring operation data obtained by the data side based on the encrypted data operation;
and comparing the obtained operational data with the operational data of the local side to obtain an intersection result.
With reference to the first aspect, the method for preprocessing local data to obtain encrypted data includes the following steps:
acquiring local data and carrying out secondary encryption on the local data;
and converting the secondarily encrypted data to obtain encrypted data.
With reference to the first aspect, the method for secondarily encrypting the local data includes the following steps:
encryption for the first time:
acquiring local data, and inputting the local data into a first one-way function to acquire a first encryption result;
and (3) encryption for the second time:
acquiring a random number as a key of a random function;
and inputting the first encryption result as a parameter and the key into a random function together for operation to obtain a second encryption result.
With reference to the first aspect, the method for obtaining encrypted data by converting twice-encrypted data includes the following steps:
generating a first matrix with 1, and setting a plurality of items in the first matrix to be zero according to the second encryption result;
constructing a second matrix and a third matrix according to the acquired secret key and the column number of the first matrix;
performing exclusive-or operation on the second matrix and the transpose of the first matrix to obtain a fourth matrix;
and carrying out XOR operation on the obtained fourth matrix and the third matrix to obtain encrypted data.
With reference to the first aspect, the first matrix is a matrix with m rows and w columns, where w is an integer and m is the total amount of local data of the initiator.
With reference to the first aspect, the method for obtaining operation data of the present invention includes the steps of:
and taking the second encryption result as an element of a second matrix, splicing the elements, inputting the splicing result into a second one-way function for operation, and taking the operation result as the operation data of the local.
In a second aspect, a secret intersection method based on an oblivious pseudorandom function is provided, and the method is applied to a data side and comprises the following steps:
the data side acquires encrypted data sent by the initiator, wherein the encrypted data is obtained by preprocessing local data of the initiator;
performing combined operation on the encrypted data and the preprocessed local data to obtain operation data;
and sending the obtained operation data to the initiator.
With reference to the second aspect, the method for preprocessing local data includes the following steps:
acquiring local data, and carrying out secondary encryption on the local data;
the method comprises the following steps:
encryption for the first time:
obtaining local data, and inputting the local data into a first one-way function to obtain a first encryption result;
and (3) encryption for the second time:
and acquiring a key of the initiator, and inputting the first encryption result and the key into a random function for operation to obtain a second encryption result.
With reference to the second aspect, the method for calculating the operation data includes the following steps:
acquiring a random sequence, and generating a key sequence in conjunction with the key;
carrying out selection operation according to the key sequence and the encrypted data to obtain a selection sequence;
and splicing each element of the selected sequence and then inputting the spliced elements into a second one-way function to obtain operation data.
With reference to the second aspect, the method for performing a selection operation according to a key sequence and encrypted data to obtain a selection sequence includes the following steps:
constructing a selection sequence with the same number of key sequence items;
judging the elements in the key sequence one by one, and when the elements in the key sequence are zero, selecting the same positions of the sequence as zero;
otherwise, carrying out exclusive-or operation on the element and the element at the same position in the encrypted data, and taking the result of the exclusive-or operation as the element at the position in the selection sequence.
The invention has the advantages that: according to the secret intersection solving method based on the random function, an initiator and a data side encrypt local data for the second time through random numbers, the encrypted data form a matrix through a random sequence for multiple times, then the local data are more hidden through XOR operation between the matrices, in the method, the initiator obtains an intersection solving result under the condition that elements except for intersection are not obtained, in the process that the data side cooperates with the initiator to carry out operation, no real data output is made, no plaintext interaction exists in the whole intersection solving process, and the initiator and the data side cannot obtain other specific information about an opposite side data set from an interaction flow. In addition, because both sides use the one-way function H at the stage of data input 1 After the data side obtains the delta, plaintext information about the data Y input by the initiator cannot be obtained, so that the method can resist malicious behaviors of the data side and is a very efficient hiding intersection solution.
Drawings
Fig. 1 is a schematic flow chart of a data encryption method of an initiator in the present invention.
Fig. 2 is a schematic flow chart of a data encryption method of a data side in the present invention.
Fig. 3 is a schematic flow chart of a data encryption method after the initiator and the data party are combined in the present invention.
Fig. 4 is a flow chart of a data encryption method after the initiator and the data party are combined in the present invention.
Detailed Description
In order to make the technical means, the creation characteristics, the achievement purposes and the effects of the invention easy to understand, the invention is further described with the specific embodiments.
In the description of the present invention, it is to be understood that the terms "center", "longitudinal", "lateral", "up", "down", "front", "back", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outer", and the like, indicate orientations or positional relationships based on those shown in the drawings, and are used only for convenience in describing the present invention and for simplicity in description, and do not indicate or imply that the referenced devices or elements must have a particular orientation, be constructed and operated in a particular orientation, and thus, are not to be construed as limiting the present invention. Furthermore, the terms "first", "second", etc. are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first," "second," etc. may explicitly or implicitly include one or more of that feature. In the description of the present invention, "a plurality" means two or more unless otherwise specified.
In the description of the present invention, it should be noted that, unless otherwise explicitly specified or limited, the terms "mounted," "connected," and "connected" are to be construed broadly, e.g., as meaning either a fixed connection, a removable connection, or an integral connection; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meaning of the above terms in the present invention can be understood by those of ordinary skill in the art through specific situations.
As shown in fig. 1, a secret intersection method based on an oblivious pseudo-random function is disclosed, which is applied to an initiator and comprises the following steps:
s11: the initiator preprocesses the local data to obtain encrypted data and sends the encrypted data to the data side;
the method for preprocessing the local data to obtain the encrypted data comprises the following steps:
acquiring local data and carrying out secondary encryption on the local data;
converting the secondarily encrypted data to obtain encrypted data;
the secondary encryption method comprises the following steps:
encryption for the first time:
acquiring local data, and inputting the local data into a first one-way function to acquire a first encryption result;
the specific encryption steps are as follows: the initiator firstly acquires local data Y ═ Y of the initiator 1 ,y 2 ,…,y n1 Inputting the local data to a one-way function H 1 In (1), the result of obtaining the output is H 1 (Y),H 1 Is a One-way function, which needs to satisfy the output of 256 bits, so SHA-256 can be used, and the One-way function (One-way function) is a single-shot function with the following characteristics: for each input, the function value is easy to calculate (polynomial time), but given a random input, it is difficult to calculate the original input (deterministic turing computer cannot be used in polynomial time), in this application the one-way function H 1 Including one or more of SHA1, BLAKE, SHA256, MD 5;
and (3) encryption for the second time:
acquiring a random number as a key of a random function;
inputting the first encryption result as a parameter and the key into a random function together for operation to obtain a second encryption result;
the specific encryption steps are as follows: generating a random number k and a random function AES (Advanced Encryption Standard), taking the random number k as a key of the random function AES, and simultaneously, taking an Encryption result H of the first time as a key of the random function AES 1 (Y) as parameter input of the random function AES, the output of the random function AES obtained by calculation is: v ═ F k (H 1 (Y));
The method for converting the secondarily encrypted data to obtain the encrypted data comprises the following steps of:
generating a first matrix with 1, and setting a plurality of items in the first matrix to be zero according to the second encryption result;
the first matrix is a matrix with m rows and w columns, wherein w is 600, and m is the total amount of local data of the initiator;
the method comprises the following specific steps:
generating a first matrix D with m rows and w columns with all values of 1, and changing the encryption result v of the second time into F k (H 1 (Y)), as an element of the matrix, and D is required to be satisfied i [v[i]]0; where i ∈ [ w ]]W is 600, and m is the total amount of local data of the initiator;
constructing a second matrix A and a third matrix E according to the obtained secret key and the column number of the first matrix D;
constructing a second matrix according to the random number k and the column number of the first matrix DAnd a third matrix
Performing exclusive-or operation on the second matrix A and the transpose of the first matrix D to obtain a fourth matrix B;
performing exclusive-or operation on the transpose of the second matrix A and the first matrix D to obtain a matrixDuring operation, carrying out XOR operation on corresponding elements of the matrix;
carrying out XOR operation on the obtained fourth matrix and the obtained third matrix to obtain encrypted data;
S12: acquiring operation data obtained by the data side based on the encrypted data operation;
s13: comparing the obtained operational data with the operational data of the local to obtain an intersection result;
the method for obtaining the operation data of the initiator comprises the following steps:
and taking the second encryption result as an element of a second matrix, splicing the elements, inputting the splicing result into a second one-way function for operation, and taking the operation result as operation data of the initiator.
Jointly splicing the second matrix A and the output v of the random function AES, and inputting the spliced second matrix A and the output v of the random function AES into a one-way function to obtain operation data, namely: delta-H 2 (A 1 [v[1]]||…||A w [v[w]]);
I. | is a splicing operation, which is to splice together rows of a matrix, program one row, for example:
After splicing, the R is changed to R 00 …r 0l …r k0 …r kl 。
As shown in fig. 2, a secret intersection method based on an oblivious pseudo-random function is disclosed, which is applied to a data side and comprises the following steps:
s21: the data side acquires encrypted data sent by the initiator, wherein the encrypted data is obtained by preprocessing local data of the initiator;
s22: performing combined operation on the encrypted data and the preprocessed local data to obtain operation data;
the method for preprocessing the local data comprises the following steps:
acquiring local data, and carrying out secondary encryption on the local data;
the method comprises the following steps:
encryption for the first time:
obtaining local data, and inputting the local data into a first one-way function to obtain a first encryption result;
data sideFirst, local data X ═ X of the device is acquired 1 ,x 2 ,...x n1 Inputting the local data to a one-way function H 1 In (1), the result of obtaining the output is H 1 (X);
And (3) encryption for the second time:
acquiring a key of an initiator, and inputting the first encryption result and the key into a random function for operation to obtain a second encryption result;
the specific encryption steps are as follows: obtaining a random number k of a participant as a secret key, and a random function AES, and encrypting the secret key k and a first encryption result H 1 (X) as parameter input of the random function AES, the output of the random function AES obtained by calculation is: u ═ F k (H 1 (X));
The method for obtaining the operational data by the joint operation of the encrypted data and the preprocessed local data comprises the following steps:
acquiring a random sequence, and generating a key sequence in conjunction with the key;
performing selection operation according to the key sequence and the encrypted data to obtain a selection sequence;
the method for obtaining the selection sequence by carrying out selection operation according to the key sequence and the encrypted data comprises the following steps:
constructing a selection sequence with the same number of key sequence items;
acquiring a random sequence S, and generating a random key sequence according to a key k:
judging the elements in the key sequence one by one, and when the elements in the key sequence are zero, selecting the same positions of the sequence as zero;
otherwise, carrying out exclusive OR operation on the element and the element at the same position in the encrypted data, and taking the result of the exclusive OR operation as the element at the position in the selection sequence;
the method specifically comprises the following steps:
and calculating to obtain a selection sequence C according to the key sequence S and the encrypted data delta, wherein the selection sequence C satisfies the following conditions:
when the element S [ i ] in the key sequence]When the value is 0, the element at the corresponding position of the sequence is selected as:
splicing each element of the selected sequence and then inputting the spliced elements into a second one-way function to obtain operation data;
splicing each element in the selected sequence C to be used as a one-way function H 2 Obtaining the parameters ofThe method comprises the following steps:
wherein | |. | is a splicing operation, in the present application, a one-way function H 2 Including one or more of SHA1, BLAKE, SHA256, and MD5, it should be noted that the one-way function H 1 And H 2 Different functions are selected for calculation.
S23: and sending the obtained operation data to the initiator.
As shown in fig. 3 and fig. 4, a secret intersection method based on an oblivious pseudorandom function is disclosed, which is applied to an initiator and a data side, and comprises the following steps:
s31: the initiator preprocesses the local data to obtain encrypted data and sends the encrypted data to the data side;
the method for preprocessing the local data of the initiator to obtain the encrypted data comprises the following steps:
acquiring local data of an initiator, and carrying out secondary encryption on the local data of the initiator;
converting the secondarily encrypted data to obtain encrypted data;
the secondary encryption method comprises the following steps:
encryption for the first time:
acquiring local data of an initiator, and inputting the local data of the initiator into a first one-way function to obtain a first encryption result;
the specific encryption steps are as follows: the initiator firstly acquires local data Y ═ Y of the initiator 1 ,y 2 ,…,y n1 Inputting the local data of the initiator into a one-way function H 1 In (1), the result of obtaining the output is H 1 (Y),H 1 Is a one-way function, and the output is 256 bits according to the requirement, so SHA-256 can be used;
and (3) encryption for the second time:
acquiring a random number as a key of a random function;
inputting the first encryption result as a parameter and the key into a random function together for operation to obtain a second encryption result;
the specific encryption steps are as follows: generating a random number k and a random function AES (Advanced Encryption Standard), taking the random number k as a key of the random function AES, and simultaneously, taking an Encryption result H of the first time as a key of the random function AES 1 (Y) as parameter input of the random function AES, the output of the random function AES obtained by calculation is: v ═ F k (H 1 (Y));
The method for converting the secondarily encrypted data to obtain the encrypted data comprises the following steps of:
generating a first matrix with all 1, and setting a plurality of items in the first matrix to be zero according to the second encryption result;
the first matrix is a matrix with m rows and w columns, wherein w is 600, and m is the total amount of local data of the initiator;
the method comprises the following specific steps:
generating a first matrix D with m rows and w columns with all values of 1, and changing the encryption result v of the second time into F k (H 1 (Y)) as an element of the matrix, and D is required to be satisfied i [v[i]]0; where i ∈ [ w ]]W is 600, and m is the total amount of local data of the initiator;
constructing a second matrix A and a third matrix E according to the obtained secret key and the column number of the first matrix D;
constructing a second matrix according to the random number k and the column number of the first matrix DAnd a third matrix
Carrying out exclusive or operation on the second matrix A and the transpose of the first matrix D to obtain a fourth matrix B;
performing exclusive-or operation on the transpose of the second matrix A and the first matrix D to obtain a matrix
Carrying out XOR operation on the obtained fourth matrix and the obtained third matrix to obtain encrypted data;
carrying out XOR operation on the fourth matrix B and the third matrix E to obtain encrypted data:
sending the encrypted data delta to a data side after the operation is finished;
s32: a data party receives encrypted data sent by an initiator;
s33: the data side performs combined operation on the encrypted data and the preprocessed local data to obtain operation data;
the method for preprocessing the local data of the data side comprises the following steps:
acquiring local data of a data party, and carrying out secondary encryption on the local data of the data party;
the method comprises the following steps:
encryption for the first time:
obtaining local data of a data party, and inputting the local data of the data party into a first one-way function to obtain a first encryption result;
the data side firstly obtains local data X ═ X of the data side 1 ,x 2 ,...x n1 Inputting the local data of the data side to a one-way function H 1 In (1), the result of obtaining the output is H 1 (X);
And (3) encryption for the second time:
acquiring a key of an initiator, and inputting the first encryption result and the key into a random function for operation to obtain a second encryption result;
the specific encryption steps are as follows: obtaining a random number k of a participant as a secret key, and a random function AES, and encrypting the secret key k and a first encryption result H 1 (X) as parameter input of the random function AES, the output of the random function AES obtained by calculation is: u ═ F k (H 1 (X));
The method for obtaining the operational data by the joint operation of the encrypted data and the preprocessed local data comprises the following steps:
acquiring a random sequence, and generating a key sequence in conjunction with the key;
carrying out selection operation according to the key sequence and the encrypted data to obtain a selection sequence;
the method for obtaining the selection sequence by carrying out selection operation according to the key sequence and the encrypted data comprises the following steps:
constructing a selection sequence with the same number of key sequence items;
acquiring a random sequence S, and generating a random key sequence according to a key k:
judging the elements in the key sequence one by one, and when the elements in the key sequence are zero, selecting the same positions of the sequence as zero;
otherwise, carrying out exclusive-or operation on the element and the element at the same position in the encrypted data, and taking the result of the exclusive-or operation as the element at the position in the selection sequence;
the method specifically comprises the following steps:
and calculating to obtain a selection sequence C according to the key sequence S and the encrypted data delta, wherein the selection sequence C satisfies the following conditions:
when the elements S [ i ] in the key sequence]When the value is 0, the element at the corresponding position of the sequence is selected as:
splicing each element of the selected sequence and then inputting the spliced elements into a second one-way function to obtain operation data;
splicing each element in the selected sequence C to be used as a one-way function H 2 Obtaining the parameters ofThe method comprises the following steps:
wherein | | -.. | | is splicing operation;
after the calculation is finished, the data side sends the operation data to the initiator;
s34: the initiator acquires operation data obtained by the data side based on the encrypted data operation;
s35: the initiator compares the obtained operational data with the operational data of the initiator to obtain an intersection result;
the method for obtaining the operation data of the initiator comprises the following steps:
and taking the second encryption result as an element of a second matrix, splicing the elements, inputting the splicing result into a second one-way function for operation, and taking the operation result as operation data of the initiator.
Jointly splicing the second matrix A and the output v of the random function AES, and inputting the spliced second matrix A and the output v of the random function AES into a one-way function to obtain operation data, namely: δ ═ H 2 (A 1 [v[1]]||…||A w [v[w]]);
Wherein | |. | | is a splicing operation.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including the preferred embodiment and all changes and modifications that fall within the scope of the invention.
The above description is only a preferred embodiment of the present application and is not intended to limit the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application.
Claims (10)
1. A secret intersection method based on an oblivious pseudorandom function is applied to an initiator and comprises the following steps:
the initiator preprocesses the local data to obtain encrypted data and sends the encrypted data to the data side;
acquiring operation data obtained by the data side based on the encrypted data operation;
and comparing the obtained operational data with the operational data of the local side to obtain an intersection result.
2. The method of claim 1, wherein the method comprises: the method for preprocessing the local data to obtain the encrypted data comprises the following steps:
acquiring local data and carrying out secondary encryption on the local data;
and converting the secondarily encrypted data to obtain encrypted data.
3. A method of secret interleaving based on an oblivious pseudorandom function as claimed in claim 2, characterized in that: the method for encrypting the local data twice comprises the following steps:
encryption for the first time:
acquiring local data, and inputting the local data into a first one-way function to acquire a first encryption result;
and (3) encryption for the second time:
acquiring a random number as a key of a random function;
and inputting the first encryption result as a parameter and the key into a random function together for operation to obtain a second encryption result.
4. A method of secret interleaving based on an oblivious pseudorandom function as claimed in claim 3, characterized in that: the method for converting the secondarily encrypted data to obtain the encrypted data comprises the following steps of:
generating a first matrix with all 1, and setting a plurality of items in the first matrix to be zero according to the second encryption result;
constructing a second matrix and a third matrix according to the acquired secret key and the column number of the first matrix;
performing exclusive-or operation on the second matrix and the transpose of the first matrix to obtain a fourth matrix;
and carrying out XOR operation on the obtained fourth matrix and the third matrix to obtain encrypted data.
5. The method of claim 4, wherein the method comprises: the first matrix is a matrix with m rows and w columns, w is an integer, and m is the total amount of local data of the initiator.
6. The method of claim 5, wherein the method comprises: the method for acquiring the operation data comprises the following steps:
and taking the second encryption result as an element of a second matrix, splicing the elements, inputting the splicing result into a second one-way function for operation, and taking the operation result as the operation data of the local.
7. A secret intersection method based on an oblivious pseudorandom function is characterized in that: the method is applied to a data side and comprises the following steps:
the data side acquires encrypted data sent by the initiator, wherein the encrypted data is obtained by preprocessing local data of the initiator;
performing combined operation on the encrypted data and the preprocessed local data to obtain operation data;
and sending the obtained operation data to the initiator.
8. The method of claim 7, wherein the method comprises: the method for preprocessing the local data comprises the following steps:
acquiring local data, and carrying out secondary encryption on the local data;
the method comprises the following steps:
encryption for the first time:
obtaining local data, and inputting the local data into a first one-way function to obtain a first encryption result;
and (3) encryption for the second time:
and acquiring a key of the initiator, and inputting the first encryption result and the key into a random function for operation to obtain a second encryption result.
9. The method of claim 8, wherein the method comprises: the calculation method of the operational data comprises the following steps:
acquiring a random sequence, and generating a key sequence in conjunction with the key;
carrying out selection operation according to the key sequence and the encrypted data to obtain a selection sequence;
and splicing each element of the selected sequence and then inputting the spliced elements into a second one-way function to obtain operation data.
10. The method of claim 9, wherein the method comprises: the method for obtaining the selection sequence by carrying out selection operation according to the key sequence and the encrypted data comprises the following steps:
constructing a selection sequence with the same number as the key sequence items;
judging the elements in the key sequence one by one, and when the elements in the key sequence are zero, selecting the same positions of the sequence as zero;
otherwise, carrying out exclusive-or operation on the element and the element at the same position in the encrypted data, and taking the result of the exclusive-or operation as the element at the position in the selection sequence.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210459193.1A CN114861203A (en) | 2022-04-27 | 2022-04-27 | Secret intersection solving method based on accidental pseudorandom function |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210459193.1A CN114861203A (en) | 2022-04-27 | 2022-04-27 | Secret intersection solving method based on accidental pseudorandom function |
Publications (1)
Publication Number | Publication Date |
---|---|
CN114861203A true CN114861203A (en) | 2022-08-05 |
Family
ID=82633362
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210459193.1A Pending CN114861203A (en) | 2022-04-27 | 2022-04-27 | Secret intersection solving method based on accidental pseudorandom function |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114861203A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115765969A (en) * | 2023-01-10 | 2023-03-07 | 蓝象智联(杭州)科技有限公司 | Hidden set intersection method and device based on homomorphic encryption and storage medium |
-
2022
- 2022-04-27 CN CN202210459193.1A patent/CN114861203A/en active Pending
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115765969A (en) * | 2023-01-10 | 2023-03-07 | 蓝象智联(杭州)科技有限公司 | Hidden set intersection method and device based on homomorphic encryption and storage medium |
CN115765969B (en) * | 2023-01-10 | 2023-06-09 | 蓝象智联(杭州)科技有限公司 | Method, device and storage medium for solving interaction of hidden set based on homomorphic encryption |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110991655B (en) | Method and device for processing model data by combining multiple parties | |
US4633036A (en) | Method and apparatus for use in public-key data encryption system | |
CN110912713B (en) | Method and device for processing model data by multi-party combination | |
EP3134994B1 (en) | Method of obfuscating data | |
CN109902501B (en) | Structured encryption method and system for carrying out equivalence test based on cloud service platform | |
CN109861956B (en) | Data verification system, method, device and equipment based on state channel | |
CN108833117B (en) | Private key storage and reading method and device and hardware equipment | |
CN113886856A (en) | Dual verifiable cloud storage method based on block chain | |
Abd El-Wahed et al. | Efficiency and security of some image encryption algorithms | |
US20110296176A1 (en) | Method and system for sharing data | |
WO2022022924A1 (en) | Generating shared private keys | |
CN109361519A (en) | A kind of improved generation method and system comprising secret number | |
CN114861203A (en) | Secret intersection solving method based on accidental pseudorandom function | |
US11824993B2 (en) | MAC tag list generation apparatus, MAC tag list verification apparatus, method, and program | |
WO2016063512A1 (en) | Mac tag list generating apparatus, mac tag list verifying apparatus, mac tag list generating method, mac tag list verifying method and program recording medium | |
CN111245594B (en) | Homomorphic operation-based collaborative signature method and system | |
CN111131657B (en) | Chaos medical image tamper-proof encryption method based on self-verification matrix | |
CN112487464A (en) | Encrypted data sharing method and device based on block chain | |
CN110517040A (en) | Anti- quantum calculation block chain secure transactions method, system and equipment based on group's unsymmetrical key pond | |
KR20240045231A (en) | Creation of digitally signed shares | |
US20220345312A1 (en) | Zero-knowledge contingent payments protocol for granting access to encrypted assets | |
Gorbenko et al. | Analysis of Potential Post-Quantum Schemes of Hash-Based Digital Signatur | |
Abbdal et al. | Secure third party auditor for ensuring data integrity in cloud storage | |
CN112995189A (en) | Method for publicly verifying matrix multiplication correctness based on privacy protection | |
CN109784917A (en) | Anti- quantum calculation block chain secure transactions system and method based on pool of symmetric keys |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |