CN114861203A - Secret intersection solving method based on accidental pseudorandom function - Google Patents

Secret intersection solving method based on accidental pseudorandom function Download PDF

Info

Publication number
CN114861203A
CN114861203A CN202210459193.1A CN202210459193A CN114861203A CN 114861203 A CN114861203 A CN 114861203A CN 202210459193 A CN202210459193 A CN 202210459193A CN 114861203 A CN114861203 A CN 114861203A
Authority
CN
China
Prior art keywords
data
matrix
initiator
encryption
encrypted data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210459193.1A
Other languages
Chinese (zh)
Inventor
马煜翔
刘洋
刘文博
邢冰
冯黎明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Lanxiang Zhilian Hangzhou Technology Co ltd
Original Assignee
Lanxiang Zhilian Hangzhou Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Lanxiang Zhilian Hangzhou Technology Co ltd filed Critical Lanxiang Zhilian Hangzhou Technology Co ltd
Priority to CN202210459193.1A priority Critical patent/CN114861203A/en
Publication of CN114861203A publication Critical patent/CN114861203A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a secret intersection solving method based on an oblivious pseudorandom function, which comprises the following steps: the initiator preprocesses the local data to obtain encrypted data and sends the encrypted data to the data side; a data party acquires encrypted data sent by an initiator and performs combined operation on the encrypted data and preprocessed local data to obtain operation data; and the initiator acquires the operational data sent by the data side and compares the acquired operational data with the operational data of the initiator to acquire an intersection result. In the method, the initiator obtains the intersection solving result under the condition that elements except intersection are not obtained, the data side cooperates with the initiator to carry out operation without obtaining any output, no plaintext interaction exists in the whole intersection solving process, and the two sides cannot obtain other specific information about the data set of the other side from the interaction flow.

Description

Secret intersection solving method based on accidental pseudorandom function
Technical Field
The invention relates to the field of privacy computation, in particular to a secret intersection solving method based on an accidental pseudorandom function.
The background art comprises the following steps:
the Privacy Set Interaction (PSI) belongs to the specific application problem in the privacy computing field, and has important theoretical significance and extremely strong practical application value. With the increasing demand of privacy protection of user data, the PSI can satisfy the convenience of services depending on personal information and protect the privacy demand of personal information to the greatest extent.
PSI allows multiple parties holding respective private data sets to compute the intersection of their data without revealing any information outside the intersection. When two parties deal, if the first party holds the data set A and the other party holds the data set B, the PSI result is A deal B. The information obtained by the party A from the party B is only the intersection of the AB; similarly, the information obtained by the second party from the first party is only the intersection of the AB. Because data information cannot be revealed by both the first and second parties in consideration of privacy, only the intersection part of the data A and the data B can be obtained, and user information except the intersection cannot be revealed.
In the prior art, the data after respective desensitization is input by the first party and the second party to carry out intersection or the intersection is carried out in a hash mode, and the scheme has the risk of being violently collided with a library.
Disclosure of Invention
The invention aims to provide a secret intersection solving method based on an oblivious pseudorandom function, which aims to overcome the defect that the two parties have a violent database collision risk when solving intersection of data in the prior art.
The invention is further illustrated in two aspects below:
in a first aspect, a secret intersection method based on an oblivious pseudorandom function is provided, and the method is applied to an initiator, and includes the following steps:
the initiator preprocesses the local data to obtain encrypted data and sends the encrypted data to the data side;
acquiring operation data obtained by the data side based on the encrypted data operation;
and comparing the obtained operational data with the operational data of the local side to obtain an intersection result.
With reference to the first aspect, the method for preprocessing local data to obtain encrypted data includes the following steps:
acquiring local data and carrying out secondary encryption on the local data;
and converting the secondarily encrypted data to obtain encrypted data.
With reference to the first aspect, the method for secondarily encrypting the local data includes the following steps:
encryption for the first time:
acquiring local data, and inputting the local data into a first one-way function to acquire a first encryption result;
and (3) encryption for the second time:
acquiring a random number as a key of a random function;
and inputting the first encryption result as a parameter and the key into a random function together for operation to obtain a second encryption result.
With reference to the first aspect, the method for obtaining encrypted data by converting twice-encrypted data includes the following steps:
generating a first matrix with 1, and setting a plurality of items in the first matrix to be zero according to the second encryption result;
constructing a second matrix and a third matrix according to the acquired secret key and the column number of the first matrix;
performing exclusive-or operation on the second matrix and the transpose of the first matrix to obtain a fourth matrix;
and carrying out XOR operation on the obtained fourth matrix and the third matrix to obtain encrypted data.
With reference to the first aspect, the first matrix is a matrix with m rows and w columns, where w is an integer and m is the total amount of local data of the initiator.
With reference to the first aspect, the method for obtaining operation data of the present invention includes the steps of:
and taking the second encryption result as an element of a second matrix, splicing the elements, inputting the splicing result into a second one-way function for operation, and taking the operation result as the operation data of the local.
In a second aspect, a secret intersection method based on an oblivious pseudorandom function is provided, and the method is applied to a data side and comprises the following steps:
the data side acquires encrypted data sent by the initiator, wherein the encrypted data is obtained by preprocessing local data of the initiator;
performing combined operation on the encrypted data and the preprocessed local data to obtain operation data;
and sending the obtained operation data to the initiator.
With reference to the second aspect, the method for preprocessing local data includes the following steps:
acquiring local data, and carrying out secondary encryption on the local data;
the method comprises the following steps:
encryption for the first time:
obtaining local data, and inputting the local data into a first one-way function to obtain a first encryption result;
and (3) encryption for the second time:
and acquiring a key of the initiator, and inputting the first encryption result and the key into a random function for operation to obtain a second encryption result.
With reference to the second aspect, the method for calculating the operation data includes the following steps:
acquiring a random sequence, and generating a key sequence in conjunction with the key;
carrying out selection operation according to the key sequence and the encrypted data to obtain a selection sequence;
and splicing each element of the selected sequence and then inputting the spliced elements into a second one-way function to obtain operation data.
With reference to the second aspect, the method for performing a selection operation according to a key sequence and encrypted data to obtain a selection sequence includes the following steps:
constructing a selection sequence with the same number of key sequence items;
judging the elements in the key sequence one by one, and when the elements in the key sequence are zero, selecting the same positions of the sequence as zero;
otherwise, carrying out exclusive-or operation on the element and the element at the same position in the encrypted data, and taking the result of the exclusive-or operation as the element at the position in the selection sequence.
The invention has the advantages that: according to the secret intersection solving method based on the random function, an initiator and a data side encrypt local data for the second time through random numbers, the encrypted data form a matrix through a random sequence for multiple times, then the local data are more hidden through XOR operation between the matrices, in the method, the initiator obtains an intersection solving result under the condition that elements except for intersection are not obtained, in the process that the data side cooperates with the initiator to carry out operation, no real data output is made, no plaintext interaction exists in the whole intersection solving process, and the initiator and the data side cannot obtain other specific information about an opposite side data set from an interaction flow. In addition, because both sides use the one-way function H at the stage of data input 1 After the data side obtains the delta, plaintext information about the data Y input by the initiator cannot be obtained, so that the method can resist malicious behaviors of the data side and is a very efficient hiding intersection solution.
Drawings
Fig. 1 is a schematic flow chart of a data encryption method of an initiator in the present invention.
Fig. 2 is a schematic flow chart of a data encryption method of a data side in the present invention.
Fig. 3 is a schematic flow chart of a data encryption method after the initiator and the data party are combined in the present invention.
Fig. 4 is a flow chart of a data encryption method after the initiator and the data party are combined in the present invention.
Detailed Description
In order to make the technical means, the creation characteristics, the achievement purposes and the effects of the invention easy to understand, the invention is further described with the specific embodiments.
In the description of the present invention, it is to be understood that the terms "center", "longitudinal", "lateral", "up", "down", "front", "back", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outer", and the like, indicate orientations or positional relationships based on those shown in the drawings, and are used only for convenience in describing the present invention and for simplicity in description, and do not indicate or imply that the referenced devices or elements must have a particular orientation, be constructed and operated in a particular orientation, and thus, are not to be construed as limiting the present invention. Furthermore, the terms "first", "second", etc. are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first," "second," etc. may explicitly or implicitly include one or more of that feature. In the description of the present invention, "a plurality" means two or more unless otherwise specified.
In the description of the present invention, it should be noted that, unless otherwise explicitly specified or limited, the terms "mounted," "connected," and "connected" are to be construed broadly, e.g., as meaning either a fixed connection, a removable connection, or an integral connection; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meaning of the above terms in the present invention can be understood by those of ordinary skill in the art through specific situations.
As shown in fig. 1, a secret intersection method based on an oblivious pseudo-random function is disclosed, which is applied to an initiator and comprises the following steps:
s11: the initiator preprocesses the local data to obtain encrypted data and sends the encrypted data to the data side;
the method for preprocessing the local data to obtain the encrypted data comprises the following steps:
acquiring local data and carrying out secondary encryption on the local data;
converting the secondarily encrypted data to obtain encrypted data;
the secondary encryption method comprises the following steps:
encryption for the first time:
acquiring local data, and inputting the local data into a first one-way function to acquire a first encryption result;
the specific encryption steps are as follows: the initiator firstly acquires local data Y ═ Y of the initiator 1 ,y 2 ,…,y n1 Inputting the local data to a one-way function H 1 In (1), the result of obtaining the output is H 1 (Y),H 1 Is a One-way function, which needs to satisfy the output of 256 bits, so SHA-256 can be used, and the One-way function (One-way function) is a single-shot function with the following characteristics: for each input, the function value is easy to calculate (polynomial time), but given a random input, it is difficult to calculate the original input (deterministic turing computer cannot be used in polynomial time), in this application the one-way function H 1 Including one or more of SHA1, BLAKE, SHA256, MD 5;
and (3) encryption for the second time:
acquiring a random number as a key of a random function;
inputting the first encryption result as a parameter and the key into a random function together for operation to obtain a second encryption result;
the specific encryption steps are as follows: generating a random number k and a random function AES (Advanced Encryption Standard), taking the random number k as a key of the random function AES, and simultaneously, taking an Encryption result H of the first time as a key of the random function AES 1 (Y) as parameter input of the random function AES, the output of the random function AES obtained by calculation is: v ═ F k (H 1 (Y));
The method for converting the secondarily encrypted data to obtain the encrypted data comprises the following steps of:
generating a first matrix with 1, and setting a plurality of items in the first matrix to be zero according to the second encryption result;
the first matrix is a matrix with m rows and w columns, wherein w is 600, and m is the total amount of local data of the initiator;
the method comprises the following specific steps:
generating a first matrix D with m rows and w columns with all values of 1, and changing the encryption result v of the second time into F k (H 1 (Y)), as an element of the matrix, and D is required to be satisfied i [v[i]]0; where i ∈ [ w ]]W is 600, and m is the total amount of local data of the initiator;
constructing a second matrix A and a third matrix E according to the obtained secret key and the column number of the first matrix D;
constructing a second matrix according to the random number k and the column number of the first matrix D
Figure BDA0003619904020000071
And a third matrix
Figure BDA0003619904020000081
Performing exclusive-or operation on the second matrix A and the transpose of the first matrix D to obtain a fourth matrix B;
performing exclusive-or operation on the transpose of the second matrix A and the first matrix D to obtain a matrix
Figure BDA0003619904020000082
During operation, carrying out XOR operation on corresponding elements of the matrix;
carrying out XOR operation on the obtained fourth matrix and the obtained third matrix to obtain encrypted data;
carrying out XOR operation on the fourth matrix B and the third matrix E to obtain encrypted data
Figure BDA0003619904020000083
S12: acquiring operation data obtained by the data side based on the encrypted data operation;
s13: comparing the obtained operational data with the operational data of the local to obtain an intersection result;
the method for obtaining the operation data of the initiator comprises the following steps:
and taking the second encryption result as an element of a second matrix, splicing the elements, inputting the splicing result into a second one-way function for operation, and taking the operation result as operation data of the initiator.
Jointly splicing the second matrix A and the output v of the random function AES, and inputting the spliced second matrix A and the output v of the random function AES into a one-way function to obtain operation data, namely: delta-H 2 (A 1 [v[1]]||…||A w [v[w]]);
I. | is a splicing operation, which is to splice together rows of a matrix, program one row, for example:
matrix array
Figure BDA0003619904020000084
After splicing, the R is changed to R 00 …r 0l …r k0 …r kl
As shown in fig. 2, a secret intersection method based on an oblivious pseudo-random function is disclosed, which is applied to a data side and comprises the following steps:
s21: the data side acquires encrypted data sent by the initiator, wherein the encrypted data is obtained by preprocessing local data of the initiator;
s22: performing combined operation on the encrypted data and the preprocessed local data to obtain operation data;
the method for preprocessing the local data comprises the following steps:
acquiring local data, and carrying out secondary encryption on the local data;
the method comprises the following steps:
encryption for the first time:
obtaining local data, and inputting the local data into a first one-way function to obtain a first encryption result;
data sideFirst, local data X ═ X of the device is acquired 1 ,x 2 ,...x n1 Inputting the local data to a one-way function H 1 In (1), the result of obtaining the output is H 1 (X);
And (3) encryption for the second time:
acquiring a key of an initiator, and inputting the first encryption result and the key into a random function for operation to obtain a second encryption result;
the specific encryption steps are as follows: obtaining a random number k of a participant as a secret key, and a random function AES, and encrypting the secret key k and a first encryption result H 1 (X) as parameter input of the random function AES, the output of the random function AES obtained by calculation is: u ═ F k (H 1 (X));
The method for obtaining the operational data by the joint operation of the encrypted data and the preprocessed local data comprises the following steps:
acquiring a random sequence, and generating a key sequence in conjunction with the key;
performing selection operation according to the key sequence and the encrypted data to obtain a selection sequence;
the method for obtaining the selection sequence by carrying out selection operation according to the key sequence and the encrypted data comprises the following steps:
constructing a selection sequence with the same number of key sequence items;
acquiring a random sequence S, and generating a random key sequence according to a key k:
Figure BDA0003619904020000101
judging the elements in the key sequence one by one, and when the elements in the key sequence are zero, selecting the same positions of the sequence as zero;
otherwise, carrying out exclusive OR operation on the element and the element at the same position in the encrypted data, and taking the result of the exclusive OR operation as the element at the position in the selection sequence;
the method specifically comprises the following steps:
and calculating to obtain a selection sequence C according to the key sequence S and the encrypted data delta, wherein the selection sequence C satisfies the following conditions:
when the element S [ i ] in the key sequence]When the value is 0, the element at the corresponding position of the sequence is selected as:
Figure BDA0003619904020000102
Figure BDA0003619904020000103
otherwise the elements in the position are:
Figure BDA0003619904020000104
splicing each element of the selected sequence and then inputting the spliced elements into a second one-way function to obtain operation data;
splicing each element in the selected sequence C to be used as a one-way function H 2 Obtaining the parameters of
Figure BDA0003619904020000105
The method comprises the following steps:
Figure BDA0003619904020000106
wherein | |. | is a splicing operation, in the present application, a one-way function H 2 Including one or more of SHA1, BLAKE, SHA256, and MD5, it should be noted that the one-way function H 1 And H 2 Different functions are selected for calculation.
S23: and sending the obtained operation data to the initiator.
As shown in fig. 3 and fig. 4, a secret intersection method based on an oblivious pseudorandom function is disclosed, which is applied to an initiator and a data side, and comprises the following steps:
s31: the initiator preprocesses the local data to obtain encrypted data and sends the encrypted data to the data side;
the method for preprocessing the local data of the initiator to obtain the encrypted data comprises the following steps:
acquiring local data of an initiator, and carrying out secondary encryption on the local data of the initiator;
converting the secondarily encrypted data to obtain encrypted data;
the secondary encryption method comprises the following steps:
encryption for the first time:
acquiring local data of an initiator, and inputting the local data of the initiator into a first one-way function to obtain a first encryption result;
the specific encryption steps are as follows: the initiator firstly acquires local data Y ═ Y of the initiator 1 ,y 2 ,…,y n1 Inputting the local data of the initiator into a one-way function H 1 In (1), the result of obtaining the output is H 1 (Y),H 1 Is a one-way function, and the output is 256 bits according to the requirement, so SHA-256 can be used;
and (3) encryption for the second time:
acquiring a random number as a key of a random function;
inputting the first encryption result as a parameter and the key into a random function together for operation to obtain a second encryption result;
the specific encryption steps are as follows: generating a random number k and a random function AES (Advanced Encryption Standard), taking the random number k as a key of the random function AES, and simultaneously, taking an Encryption result H of the first time as a key of the random function AES 1 (Y) as parameter input of the random function AES, the output of the random function AES obtained by calculation is: v ═ F k (H 1 (Y));
The method for converting the secondarily encrypted data to obtain the encrypted data comprises the following steps of:
generating a first matrix with all 1, and setting a plurality of items in the first matrix to be zero according to the second encryption result;
the first matrix is a matrix with m rows and w columns, wherein w is 600, and m is the total amount of local data of the initiator;
the method comprises the following specific steps:
generating a first matrix D with m rows and w columns with all values of 1, and changing the encryption result v of the second time into F k (H 1 (Y)) as an element of the matrix, and D is required to be satisfied i [v[i]]0; where i ∈ [ w ]]W is 600, and m is the total amount of local data of the initiator;
constructing a second matrix A and a third matrix E according to the obtained secret key and the column number of the first matrix D;
constructing a second matrix according to the random number k and the column number of the first matrix D
Figure BDA0003619904020000121
And a third matrix
Figure BDA0003619904020000122
Carrying out exclusive or operation on the second matrix A and the transpose of the first matrix D to obtain a fourth matrix B;
performing exclusive-or operation on the transpose of the second matrix A and the first matrix D to obtain a matrix
Figure BDA0003619904020000123
Carrying out XOR operation on the obtained fourth matrix and the obtained third matrix to obtain encrypted data;
carrying out XOR operation on the fourth matrix B and the third matrix E to obtain encrypted data:
Figure BDA0003619904020000124
sending the encrypted data delta to a data side after the operation is finished;
s32: a data party receives encrypted data sent by an initiator;
s33: the data side performs combined operation on the encrypted data and the preprocessed local data to obtain operation data;
the method for preprocessing the local data of the data side comprises the following steps:
acquiring local data of a data party, and carrying out secondary encryption on the local data of the data party;
the method comprises the following steps:
encryption for the first time:
obtaining local data of a data party, and inputting the local data of the data party into a first one-way function to obtain a first encryption result;
the data side firstly obtains local data X ═ X of the data side 1 ,x 2 ,...x n1 Inputting the local data of the data side to a one-way function H 1 In (1), the result of obtaining the output is H 1 (X);
And (3) encryption for the second time:
acquiring a key of an initiator, and inputting the first encryption result and the key into a random function for operation to obtain a second encryption result;
the specific encryption steps are as follows: obtaining a random number k of a participant as a secret key, and a random function AES, and encrypting the secret key k and a first encryption result H 1 (X) as parameter input of the random function AES, the output of the random function AES obtained by calculation is: u ═ F k (H 1 (X));
The method for obtaining the operational data by the joint operation of the encrypted data and the preprocessed local data comprises the following steps:
acquiring a random sequence, and generating a key sequence in conjunction with the key;
carrying out selection operation according to the key sequence and the encrypted data to obtain a selection sequence;
the method for obtaining the selection sequence by carrying out selection operation according to the key sequence and the encrypted data comprises the following steps:
constructing a selection sequence with the same number of key sequence items;
acquiring a random sequence S, and generating a random key sequence according to a key k:
Figure BDA0003619904020000131
judging the elements in the key sequence one by one, and when the elements in the key sequence are zero, selecting the same positions of the sequence as zero;
otherwise, carrying out exclusive-or operation on the element and the element at the same position in the encrypted data, and taking the result of the exclusive-or operation as the element at the position in the selection sequence;
the method specifically comprises the following steps:
and calculating to obtain a selection sequence C according to the key sequence S and the encrypted data delta, wherein the selection sequence C satisfies the following conditions:
when the elements S [ i ] in the key sequence]When the value is 0, the element at the corresponding position of the sequence is selected as:
Figure BDA0003619904020000141
Figure BDA0003619904020000142
otherwise the elements in the position are:
Figure BDA0003619904020000143
splicing each element of the selected sequence and then inputting the spliced elements into a second one-way function to obtain operation data;
splicing each element in the selected sequence C to be used as a one-way function H 2 Obtaining the parameters of
Figure BDA0003619904020000144
The method comprises the following steps:
Figure BDA0003619904020000145
wherein | | -.. | | is splicing operation;
after the calculation is finished, the data side sends the operation data to the initiator;
s34: the initiator acquires operation data obtained by the data side based on the encrypted data operation;
s35: the initiator compares the obtained operational data with the operational data of the initiator to obtain an intersection result;
the method for obtaining the operation data of the initiator comprises the following steps:
and taking the second encryption result as an element of a second matrix, splicing the elements, inputting the splicing result into a second one-way function for operation, and taking the operation result as operation data of the initiator.
Jointly splicing the second matrix A and the output v of the random function AES, and inputting the spliced second matrix A and the output v of the random function AES into a one-way function to obtain operation data, namely: δ ═ H 2 (A 1 [v[1]]||…||A w [v[w]]);
Wherein | |. | | is a splicing operation.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including the preferred embodiment and all changes and modifications that fall within the scope of the invention.
The above description is only a preferred embodiment of the present application and is not intended to limit the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application.

Claims (10)

1. A secret intersection method based on an oblivious pseudorandom function is applied to an initiator and comprises the following steps:
the initiator preprocesses the local data to obtain encrypted data and sends the encrypted data to the data side;
acquiring operation data obtained by the data side based on the encrypted data operation;
and comparing the obtained operational data with the operational data of the local side to obtain an intersection result.
2. The method of claim 1, wherein the method comprises: the method for preprocessing the local data to obtain the encrypted data comprises the following steps:
acquiring local data and carrying out secondary encryption on the local data;
and converting the secondarily encrypted data to obtain encrypted data.
3. A method of secret interleaving based on an oblivious pseudorandom function as claimed in claim 2, characterized in that: the method for encrypting the local data twice comprises the following steps:
encryption for the first time:
acquiring local data, and inputting the local data into a first one-way function to acquire a first encryption result;
and (3) encryption for the second time:
acquiring a random number as a key of a random function;
and inputting the first encryption result as a parameter and the key into a random function together for operation to obtain a second encryption result.
4. A method of secret interleaving based on an oblivious pseudorandom function as claimed in claim 3, characterized in that: the method for converting the secondarily encrypted data to obtain the encrypted data comprises the following steps of:
generating a first matrix with all 1, and setting a plurality of items in the first matrix to be zero according to the second encryption result;
constructing a second matrix and a third matrix according to the acquired secret key and the column number of the first matrix;
performing exclusive-or operation on the second matrix and the transpose of the first matrix to obtain a fourth matrix;
and carrying out XOR operation on the obtained fourth matrix and the third matrix to obtain encrypted data.
5. The method of claim 4, wherein the method comprises: the first matrix is a matrix with m rows and w columns, w is an integer, and m is the total amount of local data of the initiator.
6. The method of claim 5, wherein the method comprises: the method for acquiring the operation data comprises the following steps:
and taking the second encryption result as an element of a second matrix, splicing the elements, inputting the splicing result into a second one-way function for operation, and taking the operation result as the operation data of the local.
7. A secret intersection method based on an oblivious pseudorandom function is characterized in that: the method is applied to a data side and comprises the following steps:
the data side acquires encrypted data sent by the initiator, wherein the encrypted data is obtained by preprocessing local data of the initiator;
performing combined operation on the encrypted data and the preprocessed local data to obtain operation data;
and sending the obtained operation data to the initiator.
8. The method of claim 7, wherein the method comprises: the method for preprocessing the local data comprises the following steps:
acquiring local data, and carrying out secondary encryption on the local data;
the method comprises the following steps:
encryption for the first time:
obtaining local data, and inputting the local data into a first one-way function to obtain a first encryption result;
and (3) encryption for the second time:
and acquiring a key of the initiator, and inputting the first encryption result and the key into a random function for operation to obtain a second encryption result.
9. The method of claim 8, wherein the method comprises: the calculation method of the operational data comprises the following steps:
acquiring a random sequence, and generating a key sequence in conjunction with the key;
carrying out selection operation according to the key sequence and the encrypted data to obtain a selection sequence;
and splicing each element of the selected sequence and then inputting the spliced elements into a second one-way function to obtain operation data.
10. The method of claim 9, wherein the method comprises: the method for obtaining the selection sequence by carrying out selection operation according to the key sequence and the encrypted data comprises the following steps:
constructing a selection sequence with the same number as the key sequence items;
judging the elements in the key sequence one by one, and when the elements in the key sequence are zero, selecting the same positions of the sequence as zero;
otherwise, carrying out exclusive-or operation on the element and the element at the same position in the encrypted data, and taking the result of the exclusive-or operation as the element at the position in the selection sequence.
CN202210459193.1A 2022-04-27 2022-04-27 Secret intersection solving method based on accidental pseudorandom function Pending CN114861203A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210459193.1A CN114861203A (en) 2022-04-27 2022-04-27 Secret intersection solving method based on accidental pseudorandom function

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210459193.1A CN114861203A (en) 2022-04-27 2022-04-27 Secret intersection solving method based on accidental pseudorandom function

Publications (1)

Publication Number Publication Date
CN114861203A true CN114861203A (en) 2022-08-05

Family

ID=82633362

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210459193.1A Pending CN114861203A (en) 2022-04-27 2022-04-27 Secret intersection solving method based on accidental pseudorandom function

Country Status (1)

Country Link
CN (1) CN114861203A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115765969A (en) * 2023-01-10 2023-03-07 蓝象智联(杭州)科技有限公司 Hidden set intersection method and device based on homomorphic encryption and storage medium

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115765969A (en) * 2023-01-10 2023-03-07 蓝象智联(杭州)科技有限公司 Hidden set intersection method and device based on homomorphic encryption and storage medium
CN115765969B (en) * 2023-01-10 2023-06-09 蓝象智联(杭州)科技有限公司 Method, device and storage medium for solving interaction of hidden set based on homomorphic encryption

Similar Documents

Publication Publication Date Title
CN110991655B (en) Method and device for processing model data by combining multiple parties
US4633036A (en) Method and apparatus for use in public-key data encryption system
CN110912713B (en) Method and device for processing model data by multi-party combination
EP3134994B1 (en) Method of obfuscating data
CN109902501B (en) Structured encryption method and system for carrying out equivalence test based on cloud service platform
CN109861956B (en) Data verification system, method, device and equipment based on state channel
CN108833117B (en) Private key storage and reading method and device and hardware equipment
CN113886856A (en) Dual verifiable cloud storage method based on block chain
Abd El-Wahed et al. Efficiency and security of some image encryption algorithms
US20110296176A1 (en) Method and system for sharing data
WO2022022924A1 (en) Generating shared private keys
CN109361519A (en) A kind of improved generation method and system comprising secret number
CN114861203A (en) Secret intersection solving method based on accidental pseudorandom function
US11824993B2 (en) MAC tag list generation apparatus, MAC tag list verification apparatus, method, and program
WO2016063512A1 (en) Mac tag list generating apparatus, mac tag list verifying apparatus, mac tag list generating method, mac tag list verifying method and program recording medium
CN111245594B (en) Homomorphic operation-based collaborative signature method and system
CN111131657B (en) Chaos medical image tamper-proof encryption method based on self-verification matrix
CN112487464A (en) Encrypted data sharing method and device based on block chain
CN110517040A (en) Anti- quantum calculation block chain secure transactions method, system and equipment based on group's unsymmetrical key pond
KR20240045231A (en) Creation of digitally signed shares
US20220345312A1 (en) Zero-knowledge contingent payments protocol for granting access to encrypted assets
Gorbenko et al. Analysis of Potential Post-Quantum Schemes of Hash-Based Digital Signatur
Abbdal et al. Secure third party auditor for ensuring data integrity in cloud storage
CN112995189A (en) Method for publicly verifying matrix multiplication correctness based on privacy protection
CN109784917A (en) Anti- quantum calculation block chain secure transactions system and method based on pool of symmetric keys

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination