CN115001675A - Execution method of sharing OT protocol, secure multi-party computing method and device - Google Patents
Execution method of sharing OT protocol, secure multi-party computing method and device Download PDFInfo
- Publication number
- CN115001675A CN115001675A CN202210619378.4A CN202210619378A CN115001675A CN 115001675 A CN115001675 A CN 115001675A CN 202210619378 A CN202210619378 A CN 202210619378A CN 115001675 A CN115001675 A CN 115001675A
- Authority
- CN
- China
- Prior art keywords
- privacy
- party
- value
- privacy value
- sequence number
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/46—Secure multiparty computation, e.g. millionaire problem
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
An execution method, a secure multi-party computing method and a device of a shared OT protocol relate to a first party and a second party, wherein the second party holds two privacy numerical values which are sequentially arranged and two random numbers which are sequentially arranged, and the first party holds a first sequence number of a target privacy numerical value in the two privacy numerical values, a target random number and a second sequence number of the target privacy numerical value in the two random numbers. The execution method for sharing the OT by selecting 1 from 2 comprises the following steps: the second party receives a third serial number calculated according to the first serial number and the second serial number from the first party, and calculates a second fragment according to a random number with the serial number as the third serial number and the privacy value arranged at the first position; and the second party calculates intermediate data according to the two privacy values and the two random numbers and sends the intermediate data to the first party, so that the first party calculates the first fragment, wherein the result of processing the first fragment and the second fragment by adopting a first preset operation rule is equal to the target privacy value.
Description
Technical Field
One or more embodiments of the present disclosure relate to the field of computers, and in particular, to an execution method of a 2-to-1 sharing OT protocol, an execution method of an N-to-1 sharing OT protocol, a secure multi-party computing method based on the 2-to-1 sharing OT protocol, and a secure multi-party computing method and device based on the N-to-1 sharing OT protocol.
Background
The Oblivious Transfer (OT) protocol is a more typical two-party protocol in cryptography, which is often used to support the execution of secure multi-party computations. When secure multi-party computing (SMPC) is supported by OT protocol, a large amount of data usually needs to be transmitted between different parties participating in secure multi-party computing, and even multiple rounds of communication may need to be performed between different parties.
A new scheme is desired to facilitate more efficient completion of secure multi-party computations.
Disclosure of Invention
One or more embodiments of the present disclosure provide an execution method of a sharing OT protocol from 2 to 1, an execution method of a sharing OT protocol from N to 1, a secure multi-party computing method based on a sharing OT protocol from 2 to 1, and a secure multi-party computing method and device based on a sharing OT protocol from N to 1.
In a first aspect, a method for executing a 2-to-1 sharing OT protocol is provided, which involves a first party and a second party, where the second party holds two privacy values arranged in sequence and two random numbers arranged in sequence, and the first party holds a first sequence number of a target privacy value in the two privacy values, a target random number and a second sequence number of the target privacy value in the two random numbers, and the method is applied to the second party. The method comprises the following steps: receiving, from the first party, a third sequence number calculated based on the first sequence number and the second sequence number; calculating intermediate data according to the two privacy values and the two random numbers; sending the intermediate data to the first party to enable the first party to calculate a first fragment; and calculating a second fragment according to the random number with the sequence number as the third sequence number and the privacy value arranged at the head, so that the result of processing the first fragment and the second fragment by adopting a first preset operation rule is equal to the target privacy value.
In one possible embodiment, the method further comprises: receiving the two random numbers from a third party; wherein the target random number and the second sequence number are sent to the first party by the third party.
In a possible embodiment, the third sequence number is equal to the result of exclusive-or operation performed on the first sequence number and the second sequence number; and/or the result of performing summation operation or exclusive-or operation on the first and second fragments is equal to the target privacy data.
In a possible embodiment, the calculation of the intermediate data from the two privacy values and the two random numbers comprises: and respectively processing the two random numbers according to a second preset operation rule to obtain a first data item and a second data item, and calculating intermediate data based on the first data item, the second data item and the two privacy values.
In a possible implementation, the calculating the second fragment according to the random number with the sequence number as the third sequence number and the first-ranked privacy value includes: and processing the random number with the sequence number as the third sequence number according to the second preset operation rule to obtain a third data item, and calculating a second fragment of the target privacy value according to the third data item and the privacy value arranged at the head.
In a possible embodiment, the length of both privacy values is t bits; the processing the two random numbers according to a second preset operation rule to obtain a first data item and a second data item respectively comprises: sequentially calculating hash values with the lengths of t bits of the two random numbers to serve as a first data item and a second data item; or, for the two random numbers with the length larger than t bits, sequentially extracting bit sequences with the length of t bits from a preset position, and taking data respectively represented by the two extracted bit sequences as a first data item and a second data item.
In a second aspect, a method for executing a 2-out-of-1 sharing OT protocol is provided, involving a first party and a second party, the second party holding two privacy values in sequence and 2 random numbers in sequence, the first party holding a first sequence number of a target privacy value in the two privacy values, a target random number and a second sequence number thereof in the two random numbers, and the method is applied to the first party. The method comprises the following steps: sending a third sequence number obtained by calculation based on the first sequence number and the second sequence number to the second party, enabling the second party to calculate a second fragment according to a random number with the sequence number being the third sequence number and a privacy value arranged at the head, and returning intermediate data calculated according to the two privacy values and the two random numbers; and calculating a first fragment according to the first sequence number and the target random number, so that the result of processing the first fragment and the second fragment by adopting a first preset operation rule is equal to the target privacy value.
In one possible embodiment, the method further comprises: receiving the target random number and the second sequence number from a third party; the two random numbers are sent by the third party to the second party.
In a possible embodiment, the third sequence number is equal to the result of exclusive-or operation performed on the first sequence number and the second sequence number; and/or the result of performing summation operation or exclusive-or operation on the first and second fragments is equal to the target privacy data.
In one possible embodiment, calculating a first slice according to the first sequence number and the target random number includes: processing the target random number by using a second preset operation rule to obtain a fourth data item; and if the target privacy value with the sequence number being the first sequence number is the privacy value arranged at the head, taking the fourth data item as the first fragment, otherwise, calculating the first fragment based on the fourth data item and the intermediate data.
In one possible embodiment, processing the target random number to obtain a fourth data item using a second preset operation rule includes: calculating a hash value of the target random number with the length of t bits as a fourth data item; or, for the target random number with the length larger than t bits, extracting a bit sequence with the length of t bits from a preset position and using the data characterized by the bit sequence as a fourth data item.
In a third aspect, a secure multi-party computing method based on a 2-out-of-1 sharing OT protocol is provided, and relates to a first party and a second party, wherein the first party holds a third privacy value to be used as a first serial number, and the second party holds a second privacy value, and the method is applied to the second party. The method comprises the following steps: generating two privacy values arranged in sequence, wherein any privacy value with the sequence number j is obtained by processing the sequence number j and the second privacy value by using a target operation rule, and the privacy value with the sequence number of the third privacy value is equal to the result of processing the third privacy value and the second privacy value by using the target operation rule; and for the two privacy values and the third privacy value serving as the first sequence number, jointly executing a 2-to-1 sharing OT protocol with the first party by adopting the method of any one of the first aspect, obtaining a second fragment with the sequence number being the target privacy value of the third privacy value, and enabling the first party to correspondingly obtain a first fragment with the sequence number being the target privacy value of the third privacy value.
In a possible implementation, the second privacy value and the third privacy value are two slices of a fourth privacy value in modulo-2 space, and the lengths of the first slice and the second slice are both t bits greater than 1; the result of the exclusive-or operation on the second privacy value and the third privacy value is equal to the result of the summation operation on the first and second shards.
In a possible embodiment, the target operation rule comprises a sum operation, a product operation, a bitwise and operation, a bitwise or operation, or a bitwise xor operation.
In a possible embodiment, the first party further holds a fourth privacy value, the sum of the second privacy value and the fourth privacy value being equal to a fifth privacy value; a sum of the second and third shards is equal to a product of the third privacy value and the fifth privacy value, wherein the third shard is calculated by the first party based on the third privacy value, the fourth privacy value, and the first shard.
In a possible embodiment, the first party further holds a fourth privacy value, the second party further holds a sixth privacy value and a seventh privacy value, the third privacy value and the sixth privacy value are two exclusive-or slices of a modulo-2 space of an eighth privacy value located in a modulo-2 space, and the sum of the fourth privacy value and the seventh privacy value is equal to a fifth privacy value; the second privacy value is calculated by the second party based on the sixth privacy value and the seventh privacy value, and the second segment is used for calculating a product of the fifth privacy value and the eighth privacy value.
In a fourth aspect, a secure multi-party computing method based on a 2-out-of-1 sharing OT protocol is provided, involving a first party and a second party, where the first party holds a third privacy value to be used as a first serial number, and the second party holds a second privacy value, and the method is applied to the first party. The method comprises the following steps: to the third privacy numerical value and two privacy numerical values as first serial number, adopt any one of the second aspect the method with the second party jointly execute 2-to-1 sharing OT protocol, obtain the serial number as the first piece of the target privacy numerical value of the third privacy numerical value, and make the second party obtain the second piece of the target privacy numerical value of the serial number as the third privacy numerical value, wherein the privacy numerical value of arbitrary serial number j is obtained by the second party utilizes target operation rule processing serial number j and the second privacy numerical value, makes the serial number as the privacy numerical value of the third privacy numerical value equals to utilize target operation rule processing the third privacy numerical value and the result of the second privacy numerical value.
In a possible implementation, the second privacy value and the third privacy value are two slices of a fourth privacy value in modulo-2 space, and the lengths of the first slice and the second slice are both t bits greater than 1; the result of the exclusive-or operation on the second privacy value and the third privacy value is equal to the result of the summation operation on the first and second splits.
In a possible embodiment, the target operation rule comprises a sum operation, a product operation, a bitwise and operation, a bitwise or operation, or a bitwise xor operation.
In a possible embodiment, the sum of the second privacy value and a fourth privacy value held by the first party is equal to a fifth privacy value; the method further comprises the following steps: calculating a third patch based on the third privacy value, the fourth privacy value, and the first patch such that a sum of the second patch and the third patch equals a product of the third privacy value and the fifth privacy value.
In a possible embodiment, the first party further holds a fourth privacy value, the second party further holds a sixth privacy value and a seventh privacy value, the third privacy value and the sixth privacy value are two exclusive-or slices of a modulo-2 space of an eighth privacy value located in the modulo-2 space, and the sum of the fourth privacy value and the seventh privacy value is equal to a fifth privacy value; the second privacy value is calculated by the second party based on the sixth privacy value and the seventh privacy value, and the first segment is used for calculating a product of the fifth privacy value and the eighth privacy value.
In a fifth aspect, a secure multi-party computing method based on a 2-out-of-1 sharing OT protocol is provided, and involves a first party and a second party, where the first party holds a third privacy value to be used as a first sequence number, the second party holds a fifth privacy value and a sixth privacy value, and the third privacy value and the sixth privacy value are two xor fragments of an eighth privacy value located in a modulo-2 space in the modulo-2 space. The method comprises the following steps: the second party generates two privacy values arranged in sequence, wherein any privacy value with a sequence number j is equal to a result obtained by processing an exclusive-or result with a sequence number j and the fifth privacy value by using a target operation rule, the exclusive-or result with a sequence number j is obtained by performing exclusive-or operation on the sequence number j and the sixth privacy value, and the target privacy value with a sequence number of the third privacy value is equal to a result obtained by processing the fifth privacy value and the eighth privacy value by using the target operation rule; the first party and the second party jointly execute a 2-out-of-1 sharing OT protocol on the third privacy value and the two privacy values as first serial numbers by using the method of any one of claims 1 to 11, and respectively obtain a first fragment and a second fragment of a target privacy value with serial numbers as the third privacy value.
In a sixth aspect, an execution method of an N-out-of-1 sharing inattentive transport OT protocol is provided, involving a first party and a second party, the second party holding N ninth privacy values in sequence, the first party holding a fourth sequence number of a tenth privacy value among the N privacy values, where N is greater than 2, the method being applied to the second party. The method comprises the following steps: generating N-1 data packets which are arranged in sequence, wherein each single data packet comprises two privacy values which are arranged in sequence, for any jth data packet, when j is 1, the two privacy values are respectively determined according to a1 st ninth privacy value and a 2 nd ninth privacy value, when j is larger than 1, the 1 st privacy value is 0, and the 2 nd privacy value is determined based on the j +1 st ninth privacy value and the 1 st ninth privacy value; based on the N-1 data packets, performing, by using the method of any one of the first aspect, an N-1 round 2-to-1 sharing OT protocol jointly with the first party based on N-1 first sequence numbers to obtain N-1 second fragments, so that a result of processing a jth second fragment and a jth first fragment, which is obtained by the first party correspondingly, by using a first preset operation rule is equal to a target privacy value, of which the sequence number in the jth data packet is the jth first sequence number, and the jth first sequence number is determined based on the round number j and the fourth sequence number; and calculating a fifth fragment based on the N-1 second fragments, so that the result of processing the fifth fragment and a fourth fragment correspondingly calculated by the first party by using the first preset operation rule is equal to the tenth privacy value.
In a possible implementation, the 1 st privacy value in the 1 st data packet is a1 st ninth privacy value, and the 2 nd privacy value in the 1 st data packet is a 2 nd ninth privacy value; when j is greater than 1, the 2 nd privacy value in the jth data packet is the difference between the j +1 th ninth privacy value and the 1 st ninth privacy value.
In a possible implementation manner, for any jth round 2-to-1 sharing OT protocol, when the fourth sequence number is equal to j, the target privacy value is a 2 nd privacy value in a jth data packet, and when the fourth sequence number is not equal to j, the target data is a1 st privacy value in the jth data packet.
In a seventh aspect, a method for executing an N-from-1 sharing OT protocol is provided, where a first party and a second party are involved, the second party holds N ninth privacy values arranged in sequence, the first party holds a fourth sequence number of a tenth privacy value among the N ninth privacy values, where N is greater than 2, and the method is applied to the first party. The method comprises the following steps: determining N-1 first sequence numbers corresponding to N-1 execution rounds, wherein any jth first sequence number is determined based on the execution round j corresponding to the jth first sequence number and the fourth sequence number; performing, by using the method according to any one of claims 7 to 11, an N-1 round-2-to-1 sharing OT protocol based on N-1 first sequence numbers with the second party to obtain N-1 first slices by jointly executing an N-1 round-2-to-1 sharing OT protocol with the second party based on N-1 data packets, so that a result of processing a jth first slice and a jth second slice obtained by the second party by using a first preset operation rule is equal to a target privacy value with a jth first sequence number in the jth data packet, where a single data packet includes two privacy values arranged in sequence, and for any jth data packet, when j is 1, the two privacy values are determined according to a 1st ninth privacy value and a 2nd ninth privacy value, respectively, and when j is greater than 1, the 1st privacy value is 0, the 2 nd privacy value is determined based on the j +1 th ninth privacy value and the 1 st ninth privacy value; and calculating a fourth fragment based on the N-1 first fragments, so that the result of processing the fourth fragment and a fifth fragment correspondingly calculated by the second party by using the first preset operation rule is equal to the tenth privacy value.
In a possible embodiment, the 1 st privacy value in the 1 st data packet is a1 st ninth privacy value, and the second privacy value in the 1 st data packet is a 2 nd ninth privacy value; when j is greater than 1, the 2 nd privacy value in the jth data packet is the difference between the j +1 th ninth privacy value and the 1 st ninth privacy value.
In a possible implementation manner, for any jth round 2-to-1 sharing OT protocol, when the fourth sequence number is equal to j, the target privacy value is a 2 nd privacy value in the jth data packet, and when the fourth sequence number is not equal to j, the target privacy value is a 2 nd privacy value in the jth data packet.
An eighth aspect provides a secure multi-party computing method based on an N-out-of-1 sharing OT protocol, which relates to a first party and a second party, wherein the first party holds a third privacy value to be used as a fourth serial number, the second party holds a second privacy value, and the method is applied to the second party. The method comprises the following steps: generating N ninth privacy values arranged in sequence, wherein any one of the N ninth privacy values is obtained by processing the sequence number of the current privacy value in the N ninth privacy values and the second privacy value by using a target operation rule, and the ninth privacy value with the sequence number as the third privacy value is equal to the result of processing the third privacy value and the second privacy value by using the target operation rule; and for the N ninth privacy values and the third privacy value as the fourth sequence number, jointly executing an N-from-1 sharing OT protocol with the first party by using the method of any one of the sixth aspects, obtaining a fifth segment of the ninth privacy value with the sequence number as the third privacy value, and enabling the first party to obtain a fourth segment of the ninth privacy value with the sequence number as the third privacy value.
In a possible embodiment, the target operation rule comprises a sum operation, a product operation, a bitwise and operation, a bitwise or operation, or a bitwise xor operation.
In a possible embodiment, the first preset operation rule includes a summation operation or a bitwise exclusive or operation.
In a ninth aspect, a secure multi-party computing method based on an N-out-of-1 sharing OT protocol is provided, involving a first party and a second party, where the first party holds a third privacy value to be used as a fourth serial number, and the second party holds a second privacy value, and the method is applied to the first party, and includes: and for the third privacy value and N ninth privacy values as fourth sequence numbers, jointly executing a share-from-N-1-share OT protocol with the second party by using the method of any one of the seventh aspects, obtaining a fourth segment with a sequence number of the ninth privacy value of the third privacy value, and making the second party obtain a fifth segment with a sequence number of the ninth privacy value of the third privacy value, where any ninth privacy value with a sequence number of j is obtained by processing the sequence number j and the second privacy value by using a target operation rule, and making the ninth privacy value with a sequence number of the third privacy value equal to a result of processing the third privacy value and the second privacy value by using the target operation rule.
In a possible embodiment, the target operation rule comprises a sum operation, a product operation, a bitwise and operation, a bitwise or operation, or a bitwise xor operation.
In a possible embodiment, the first preset operation rule includes a summation operation or a bitwise exclusive-or operation.
In a tenth aspect, an apparatus for performing a 1-out-of-2 sharing OT protocol is provided, involving a first party and a second party, the second party holding two privacy values in sequence and two random numbers in sequence, the first party holding a first sequence number of a target privacy value among the two privacy values, the target random number, and a second sequence number of the target random number, the apparatus being deployed in the second party. The device comprises: a communication processing unit configured to receive, from the first party, a third sequence number calculated based on the first sequence number and the second sequence number; a first calculation unit configured to calculate intermediate data from the two privacy values and the two random numbers; the communication processing unit is further configured to send the intermediate data to the first party, so that the first party calculates a first slice; and the second calculating unit is configured to calculate a second fragment according to the random number with the sequence number as the third sequence number and the privacy value arranged at the head, so that the result of processing the first fragment and the second fragment by adopting a first preset operation rule is equal to the target privacy value.
In an eleventh aspect, an apparatus for performing a 2-to-1 sharing OT protocol is provided, involving a first party and a second party, the second party holding two privacy values in sequence and two random numbers in sequence, the first party holding a first sequence number of a target privacy value among the two privacy values, a target random number, and a second sequence number of the target privacy value among the two random numbers, the apparatus being deployed at the first party. The device comprises: a communication processing unit configured to send a third sequence number calculated based on the first sequence number and the second sequence number to the second party, cause the second party to calculate a second shard according to a random number whose sequence number is the third sequence number and a privacy number value arranged at the top, and return intermediate data calculated according to the two privacy number values and the two random numbers; and the calculation processing unit is configured to calculate a first fragment according to the first sequence number and the target random number, so that a result of processing the first fragment and the second fragment by adopting a first preset operation rule is equal to the target privacy value.
In a twelfth aspect, a secure multi-party computing device based on a 1-out-of-2 sharing OT protocol is provided, involving a first party and a second party, wherein the first party holds a third privacy value to be used as a first serial number, and the second party holds a second privacy value, and the device is deployed on the second party. The device comprises: a calculation processing unit configured to generate two privacy values arranged in order, wherein any privacy value with a sequence number j is obtained by processing the sequence number j and the second privacy value by using a target operation rule, and the privacy value with the sequence number of the third privacy value is made equal to a result of processing the third privacy value and the second privacy value by using the target operation rule; the calling processing unit is configured to perform the two privacy values and the third privacy value serving as the first sequence number, the execution device of the 2-from-1 OT sharing protocol in the tenth aspect performs the 2-from-1 OT sharing protocol jointly with the first party, obtains the second segment of the target privacy value of the three privacy value, and enables the first party to correspondingly obtain the first segment of the target privacy value of the third privacy value.
In a thirteenth aspect, there is provided a secure multi-party computing apparatus based on 1-out-of-2 sharing for unintentionally transmitting an OT protocol, involving a first party and a second party, the first party having a third privacy value to be a first number, the second party having a second privacy value, the apparatus being deployed at the first party, and being configured to obtain, for the third privacy value and the two privacy values as the first number, a first slice having a target privacy value with a number of the three privacy values by jointly executing the 1-out-of-2 sharing OT protocol with the second party by the executing apparatus of the 1-out-of-2 sharing OT protocol in the tenth aspect, and make the second party obtain a second slice having a target privacy value with a number of the third privacy value, where any privacy value with a number j is obtained by processing a number j and the second privacy value with a target operation rule by the second party, and making the privacy value with the sequence number as the third privacy value equal to the result of processing the third privacy value and the second privacy value by using a target operation rule.
In a fourteenth aspect, an apparatus for executing an N-out-of-1 sharing OT protocol is provided, where the apparatus involves a first party and a second party, the second party holds N ninth privacy values arranged in sequence, the first party holds a fourth sequence number of a tenth privacy value among the N privacy values, where N is greater than 2, and the apparatus is disposed on the second party. The device comprises: the packet processing unit is configured to generate N-1 data packets which are arranged in sequence, wherein a single data packet comprises two privacy values which are arranged in sequence, for any j-th data packet, when j is 1, the two privacy values are respectively determined according to a1 st ninth privacy value and a 2 nd ninth privacy value, when j is larger than 1, the 1 st privacy value is 0, and the 2 nd privacy value is determined based on a j +1 th ninth privacy value and the 1 st ninth privacy value; a call processing unit, configured to jointly execute N-1 rounds of the 1-from-2 sharing OT protocol through the execution apparatus for the 1-from-2 sharing OT protocol in the twelfth aspect based on N-1 first sequence numbers with the first party based on N-1 first sequence numbers, to obtain N-1 second fragments, so that a result of processing the jth second fragment and the jth first fragment correspondingly obtained by the first party by using a first preset operation rule is equal to a target privacy value with a sequence number of the jth first sequence number in the jth data packet, where the jth first sequence number is determined based on the round number j and the fourth sequence number; a calculation processing unit configured to calculate a fifth slice based on the N-1 second slices, such that a result of processing the fifth slice and a fourth slice correspondingly calculated by the first party using the first preset operation rule is equal to the tenth privacy value.
In a fifteenth aspect, an apparatus for implementing a 1-out-of-N shared OT protocol is provided, involving a first party and a second party, the second party holding N ninth privacy values in sequence, the first party holding a fourth ordinal number of a tenth privacy value among the N ninth privacy values, where N is greater than 2, the apparatus being deployed at the first party. The device comprises: a sequence number determining unit configured to determine N-1 first sequence numbers corresponding to N-1 execution rounds, wherein any jth first sequence number is determined based on its corresponding execution round j and the fourth sequence number; a call processing unit, configured to jointly execute, based on the N-1 first sequence numbers, N-1 rounds of the 2-to-1 sharing OT protocol through the execution apparatus of the 2-to-1 sharing OT protocol in the tenth aspect, and based on the N-1 data packets, with the second party, to obtain N-1 first fragments, so that a result of processing, by using a first preset operation rule, the jth first fragment and a jth second fragment obtained by the second party correspondingly is equal to a target privacy value, of which the sequence number is the jth first sequence number, in the jth data packet, where a single data packet includes two privacy values arranged in order, and for an arbitrary jth data packet, when j is 1, the two privacy values are determined according to the 1 st ninth privacy value and the 2 nd ninth privacy value, respectively, and when j is greater than 1, wherein the 1 st privacy value is 0, and the 2 nd privacy value is determined based on the j +1 th ninth privacy value and the 1 st ninth privacy value; a calculation processing unit configured to calculate a fourth segment based on the N-1 first segments, so that a result of processing the fourth segment and a fifth segment correspondingly calculated by the second party using the first preset operation rule is equal to the tenth privacy value.
In a sixteenth aspect, a secure multi-party computing device based on a sharing OT from N to 1 protocol is provided, involving a first party and a second party, wherein the first party holds a third privacy value to be used as a fourth serial number, and the second party holds a second privacy value, and the device is deployed on the second party. The device comprises: a calculation processing unit configured to generate N ninth privacy values arranged in sequence, where any one of the N ninth privacy values is obtained by processing a sequence number of the current privacy value in the N ninth privacy values and the second privacy value by using a target operation rule, and the privacy value whose sequence number is the third privacy value is equal to a result of processing the third privacy value and the second privacy value by using the target operation rule; and the calling processing unit is configured to execute the N-1-from-N sharing OT protocol execution device and the first party jointly to the N-1-from-N sharing OT protocol execution device of the fourteenth aspect, obtain a fifth fragment of the ninth privacy value with a sequence number of the third privacy value, and enable the first party to obtain a fourth fragment of the ninth privacy value with a sequence number of the third privacy value.
In a seventeenth aspect, a secure multiparty computing method based on an N-out-of-1 shared OT protocol is provided, involving a first party and a second party, wherein the first party holds a third privacy value to be used as a fourth number, the second party holds a second privacy value, the apparatus is deployed on the first party, and is configured to, for the third privacy value and N ninth privacy values as the fourth number, jointly execute the shared N-out-of-1 shared OT protocol by the execution apparatus of the N-out-of-1 shared OT protocol in the fifteenth aspect and the second party, obtain a fourth slice of a ninth privacy value with a number of the third privacy value, and make the second party obtain a fifth slice of the ninth privacy value with a number of the third privacy value, where the ninth privacy value with any number j is obtained by processing the number j and the second privacy value with a target operation rule, and making a ninth privacy value with a sequence number equal to a result of processing the third privacy value and the second privacy value using a target operation rule.
In an eighteenth aspect, there is provided a computer readable storage medium having stored thereon a computer program which, when executed in a computing device, implements the method of any one of the first, second, third, fourth, sixth, seventh, eighth, and ninth aspects.
A nineteenth aspect provides a computing device comprising a memory and a processor, the memory having stored therein a computer program that, when executed by the processor, implements the method of any one of the first, second, third, fourth, sixth, seventh, eighth, and ninth aspects.
By means of the method and the device provided in one or more embodiments of the present specification, when a second party holds a plurality of privacy values and a first party holds sequence numbers of specific privacy values among the plurality of privacy values, the first party and the second party can respectively obtain one segment of the specific privacy values by executing a 2-to-1 sharing OT protocol or an N-to-1 sharing OT protocol, while ensuring security of the specific privacy values and the sequence numbers thereof. And then the first party and the second party can realize safe multi-party calculation of the privacy value based on the 2-to-1 sharing OT protocol or the N-to-1 sharing OT protocol, and the first party and the second party have small data volume and less communication turns when realizing the safe multi-party calculation, so that the safe multi-party calculation can be completed more efficiently.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present specification, the drawings used in the description of the embodiments will be briefly described below, and it is obvious that the drawings in the description below are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings may be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic process diagram of an execution method of a 2-to-1 sharing OT protocol provided in an embodiment of the present specification;
FIG. 2 is a process diagram of an exemplary provided secure multiparty computing method based on the shared-on-2 OT protocol;
FIG. 3 is a second process diagram of an exemplary secure multiparty computing method based on the shared-on-2-out-of-1 OT protocol;
FIG. 4 is a third process diagram of an exemplary secure multiparty computing method based on the shared-on-2 OT protocol;
FIG. 5 is a fourth process diagram of an exemplary provided secure multiparty computing method based on the shared-on-2-out-1 OT protocol;
fig. 6 is a process diagram illustrating an execution method of an N-out-of-1 sharing OT protocol provided in an embodiment of the present disclosure;
FIG. 7 is a process diagram of an exemplary provided secure multiparty computing method based on the shared-from-N-1 OT protocol;
FIG. 8 is a schematic diagram of an exemplary implementation of a shared-1-out-of-2 OT protocol;
FIG. 9 is a second exemplary illustration of an implementation of the shared-1-out-of-2 OT protocol;
FIG. 10 is a schematic diagram of an exemplary provided secure multi-party computing device based on a shared-on-2-out-1 OT protocol;
FIG. 11 is a schematic diagram of an exemplary implementation of a shared-out-of-N-1 OT protocol;
FIG. 12 is a second exemplary illustration of an implementation of the shared-by-N-out-of-1 OT protocol;
FIG. 13 is a schematic diagram of an exemplary implementation of a secure multi-party computing device based on the shared-from-N-1 OT protocol.
Detailed Description
Various non-limiting embodiments provided by the present specification are described in detail below with reference to the attached figures.
The OT protocol is a more typical two-party protocol in cryptography. Taking the example that two parties implementing the protocol include Alice and Bob, the OT protocol requires: alice holds a privacy value p, which is an integer and satisfies 0 ═ as an OT receiver (or called a first party)<p=<N-1; bob as OT sender (or called second party) holds N privacy values x of length t bits and arranged in sequence 0 ,x 1 ,…,x N-1 }; after Alice and Bob jointly execute the OT protocol, Alice can obtain the privacy value x with the sequence number p in the N privacy values p But not other privacy values that Bob has, and Bob cannot know p that Alice has. It should be noted that, considering that the smallest non-negative integer of a value characterized by a bit sequence by a computing device is 0, for any jth data in a sequence data with a sequence number in the sequence data, it is usually set to j-1 instead of j in the embodiments of the present specification, for example, the aforementioned privacy value x 0 As the first-ranked privacy value of the N privacy values, it may be expressed as the 1 st privacy value of the N privacy values, but its sequence number in the N privacy values is 0 instead of 1, so that p is required to be an integer and satisfy 0-1<p=<N-1. It is understood that other sequence number setting rules may be adopted for technical implementation, for example, the sequence number of any jth data in any sequence data may be set as j instead of j-1, and specifically, for example, the above-mentioned privacy value x 0 The sequence number in the N privacy values may be set to 1, and it may be required that the sequence number p is an integer and satisfies 1 ═ corresponding to this<p=<And N is added. It should also be noted that Alice and Bob may each be implemented as any device, apparatus, platform, or cluster of devices having computing/processing capabilities.
The Random oblivious transport (Random OT) protocol is a variation of the OT protocol described above,the OT protocol can be constructed, and the Random OT protocol can be realized by various cryptographic techniques. The requirements of the Random OT protocol are: bob can obtain N random numbers r arranged in sequence 0 ,r 1 ,…,r N-1 }; alice can obtain the (i + 1) th random number r in the N random numbers i And its serial number i in the N random numbers. The method of constructing the OT protocol by the Random OT protocol may include, but is not limited to, the following steps S01 to S03:
step S01, Alice calculates the intermediate sequence number e ═ N (i + p)% and sends e to Bob;
step S02, for N privacy values { x } 0 ,x 1 ,…,x N-1 Dividing privacy value r with sequence number e in the sequence e Other privacy value x for each sequence number j j Using N random numbers r 0 ,r 1 ,…,r N-1 In the sequence number (e-j)% N random number encryption x j To obtain ciphertext f with sequence number j j And cipher text f j Sending the data to Alice;
in step S03, Alice uses the random number r with serial number i i For which the privacy value x of sequence number i is received i Corresponding ciphertext f i The private numerical value x with the serial number p can be obtained after decryption p 。
The secure multi-party calculation is a calculation result of a certain function calculated by a plurality of parties together, and input data of the function held by the parties are not leaked in the calculation process, wherein the input data held by the parties are generally regarded as private data and cannot be known by other parties, but the calculation result is allowed to be disclosed to a specified object. For example, there may be the following secure multi-party computing needs: alice holds a privacy value A, Bob holds a privacy value B, Alice obtains a fragment c0 after safe multi-party calculation, Bob obtains a fragment c1, wherein the results of c0 and c1 are processed by a preset operation rule which is equal to the results of A and B processed by a target operation rule g. The aforementioned target operation rule g may include, but is not limited to, a secure modulo conversion, a summation operation, a product operation, a bitwise and operation, a bitwise or operation, or a bitwise xor operation, etc.; the aforementioned preset operation rule may include, but is not limited to, a summation operation or an exclusive-or operation.
The aforementioned OT protocol may be generally used to support the aforementioned secure multiparty computation, and the method for implementing the aforementioned secure multiparty computation by the aforementioned OT protocol may include, but is not limited to, the following steps S11 to S14:
step S11, Bob generates a random value as a fragment c 1;
at step S12, Bob calculates N privacy values arranged in sequence, wherein any j +1 th privacy value x j G (j, B) -c1, the N privacy values that Bob generates are N privacy values in the aforementioned OT protocol in order;
step S13, Alice takes A as p in the OT protocol;
in step S14, Alice jointly executes the OT protocol based on a, which is p in the OT protocol, and N privacy values calculated by Bob based on it, with the execution result being: alice obtains x to be the slice c0 A =g(A,B)-c1。
In the process of implementing the foregoing secure multiparty computation based on the OT protocol, Alice and Bob need to perform multiple rounds of communication and the amount of data to be transmitted is relatively large. In view of the above problems, embodiments of the present disclosure provide an execution method of a sharing OT protocol from 2 to 1, an execution method of a sharing OT protocol from N to 1, a secure multi-party computing method based on a sharing OT protocol from 2 to 1, and a secure multi-party computing method and device based on a sharing OT protocol from N to 1, so as to reduce the amount of data to be transmitted when secure multi-party computing is implemented, thereby completing the secure multi-party computing more efficiently.
Fig. 1 is a process diagram of an execution method of a 2-to-1 sharing OT protocol provided in an embodiment of the present specification. In which Alice acts as the OT receiver (i.e., the first party) sharing the OT protocol, and Bob acts as the OT sender (i.e., the second party) sharing the OT protocol, before performing the method shown in fig. 1, Alice and Bob may make Bob obtain two Random numbers { r } arranged in sequence by performing the Random OT protocol or other methods described above 0 ,r 1 And enabling Alice to obtain a target random number r i And its sequence number i in the two random numbers. For example, Bob may specifically receive the aforementioned two random numbers r from a third party 0 ,r 1 R, Alice may receive r from a third party i And its sequence number i in the two aforementioned random numbers. Also, like the OT protocol described above, Bob may also hold two privacy values { x } in a sequential order 0 ,x 1 Alice may also hold a target privacy number x p In the two privacy values { x }described above 0 ,x 1 The first sequence number p in. On this basis, Alice and Bob may jointly perform the following method steps 100 to 110 as shown in fig. 1.
First, in step 100, Alice calculates a sequence number e from sequence number p and sequence number i. Alice may, for example, modulo the sum of sequence number p and sequence number i with N to obtain sequence number e, or may xor sequence number p and sequence number i to obtain sequence number e, or may modulo the difference of sequence number p and sequence number i with N to obtain sequence number e.
Next, at step 102, Alice sends a sequence number e to Bob.
Next, at step 104, Bob computes intermediate data f based on the two privacy values and the two random numbers.
For two privacy values x arranged in sequence 0 ,x 1 }, Bob can respectively process x by using a second preset operation rule h 0 And x 1 To obtain a first data item h (r) 0 ) And a second data item h (r) 1 ) And then again on the basis of the first data item h (r) 0 ) A second data item h (r) 1 ) Privacy value x 0 And a privacy number x 1 The intermediate data f are calculated. Wherein the privacy value x 0 And a privacy number x 1 Can both be a die 2 t And (3) processing any random number held by Bob by using a second preset operation rule h, and outputting data with the length of t bits corresponding to the random number. By a random number r 0 For example, if the random number r 0 Is not more than t bits, the random number r is processed by a second preset operation rule h 0 And the first data item h (r) obtained 0 ) Then it can be a random number r calculated by Bob 0 The length of (a) is a hash value of t bits; if the random number r 0 Is greater than t bits, the random number r is processed by a second preset operation rule h 0 And the first data item h (r) obtained 0 ) It may be data characterized by a bit sequence of length t bits extracted from a predetermined location. Bob processes the random number r by utilizing a second preset operation rule 1 To obtain a second data item h (r) 1 ) Same as Bob processing the random number r by using the second predetermined operation rule 0 To obtain the corresponding first data item h (r) 0 ) Therefore, it will not be described in detail.
More specifically, Bob can calculate the intermediate data f by the following formula 1:
f=h(r 0 )+h(r 1 )-x 0 +x 1 (1)
it will be appreciated that the intermediate data f may also be calculated by other methods, such as adding a specific coefficient to the partial or whole data items in equation 1 or performing some modification to the foregoing equation 1, and more specifically, for example, the addition and subtraction operations referred to in equation 1 may be replaced by bitwise exclusive-or operations.
And 106, Bob sends the intermediate data f to Alice.
Step 108, Alice at least according to the sequence number p and the target random number r i Calculating a target privacy number x p First segment c 0.
Alice can process the target random number r held by Alice by using the second predetermined operation rule h i To obtain a fourth data item h (r) i ) Alice obtains a fourth data item h (r) i ) Can be obtained in the same way as Bob gets the first data item h (r) 0 ) And a second data item h (r) 1 ) And therefore will not be described in detail. Alice can specifically determine a target privacy value x according to the sequence number p p Whether or not it is the first-ranked privacy value x 0 If so, the fourth data item h (r) i ) As a target privacy number x p Otherwise Alice may be based on the fourth data item h (r) i ) And intermediate data f calculating a target privacy number x p C0, e.g. c0 ═ f-h (r) i ) Or c0 is the intermediate data f and the fourth data item h (r) i ) And performing exclusive or operation.
Step 110, Bob according to the random number r with the sequence number e e And a privacy number x arranged at the top 0 Calculating a target privacy number x p And a second section c 1. Bob can process the random number r by using a second operation rule h 0 And a random number r 1 Random number r with middle sequence number e e To obtain a third data item h (r) e ) And may be further specifically based on the third data item h (r) in step 110 e ) And a privacy number x 0 Calculating to obtain a target privacy value x p Second section c1, e.g. c1 ═ x 0 -h(r e ) Or the second segment c1 may also be a pair of privacy values x 0 And a third data item h (r) e ) And performing exclusive or operation.
Referring to the previous process of Alice obtaining the partition c0 and Bob obtaining the partition c1, the result of processing the partitions c0 and c1 using the first predetermined operation rule is equal to the target privacy value x p The first preset operation rule may specifically be a summation operation or an exclusive-or operation, in other words, the result of the summation operation or the bitwise exclusive-or operation performed on the partition c0 and the partition c1 is equal to the target privacy value x p . In addition, in the process of making Alice and Bob obtain the fragment c0 and the fragment c1 respectively, Alice cannot know the target privacy value x p Guarantee target privacy number x p The safety of (2).
The 2-out-of-1 sharing OT protocol may be used to support Alice and Bob to perform secure multiparty computation on two privacy values a and b, where a may be a single-bit value 0 or 1 in modulo-2 space, and b may be a single-bit value 0 or 1 in modulo-2 space, or a modulo-2 space t An integer within the space. Secret sharing (secret sharing) is widely applied to secure multi-party computing, and the basic principle is to split a secret value into a plurality of shards (shares) to be kept by different parties, only the parties exceeding a threshold number can merge the shards held by the parties to recover the original secret value, and the threshold number is higher than the threshold numberThe number is typically the same as the number of parties involved in the secure multiparty computation. Therefore, in the process of actually executing secure multiparty computation, for the single-bit privacy value a in the modulo-2 space and the single-bit privacy value a in the modulo-2 space which are expected to be processed by the target operation rule, Alice and Bob t Typical data holding situations of the privacy value b in the space include the following situations 2 to 4, in addition to the situation 1 shown below:
in case 1, Alice holds a and Bob holds b.
Case 2, lice hold a and b on die 2 t Piece b0 in space, Bob holds b in mold 2 t Slice b1 within the space, where the result of the sum operation on b0 and b1 equals b.
In case 3, Alice holds a slice a0 in modulo-2 space and b in modulo-2 t Piece b0 in space, Bob holds piece a1 in space of die 2 and b in die 2 t Slice b1 within the space, where the result of the exclusive or operation on a0 and a1 equals a and the result of the sum operation on b0 and b1 equals b.
Case 4, Alice holds a slice a0 with a in modulo-2 space, Bob holds b and a1 with a in modulo-2 space, where the result of xoring a0 and a1 equals a.
For the foregoing cases 1 to 4, the foregoing 2-to-1 sharing OT protocol may be adopted to implement the foregoing single-bit privacy value a in the modulo-2 space and the foregoing modulo-2 privacy value a t The privacy value b in the space is subjected to secure multiparty calculation, however, for different data holding cases, the process of Alice and Bob for implementing secure multiparty calculation of a and b based on the aforementioned 2-out-of-1 sharing OT protocol may be different. The following describes in detail the process of Alice and Bob implementing secure multiparty computation of the privacy value a and the privacy value b based on the 2-to-1 sharing OT protocol in the case of the aforementioned 4 kinds of data.
Fig. 2 is a process diagram of a secure multiparty computing method based on the share-on-2-out-1 OT protocol. In the implementation shown in fig. 2, Alice will act as the receiver (i.e., the first party) of the shared OT protocol, and Bob will act as the sender (i.e., the second party) of the shared OT protocol. As shown in fig. 2. Alice and Bob may perform secure multi-party calculations of the privacy value a and the privacy value b through steps 200 and 202 in the aforementioned data holding case 1.
First, at step 200, Bob generates two privacy values in a sequential order from the privacy value b.
Namely, two privacy values { x ] arranged in sequence in the 2-to-1 sharing OT protocol are generated 0 ,x 1 }. For any privacy value x with the sequence number j in the two privacy values j Specifically, the privacy value b may be obtained by processing the sequence number j and the privacy value b by using the target operation rule g, so that the target privacy value x with the sequence number a may be obtained a Is equal to the result of processing the privacy value a and the privacy value b by using the target operation rule g. Wherein when a and b are both modulo-2 t For single-bit values in space, the target operation rule g may include, but is not limited to, a summation operation, a product operation, a bitwise and operation, a bitwise or operation, or a bitwise xor operation, for example; when b is a mode 2 t Integer in space, the target operation rule may include, for example, but is not limited to, a product operation.
Then, in step 202, Alice jointly executes a 1-out-of-2 sharing OT protocol based on the privacy value a as the serial number p and two privacy values generated by Bob based on the serial number p, so that Alice obtains a target privacy value x p C0, Bob obtains the target privacy value x p And a second section c 1. Since a equals p, the target privacy number x p Bob processes the sequence number p and the privacy number b by using a target operation rule g, so that the target privacy number x is processed by using a first preset operation rule p The results of the first slice c0 and the second slice c1 are equal to the results of processing a and b using the target operation rule g, so that Alice and Bob complete the secure multi-party computation of a and b. It should be noted that, when a and b are two xor slices of a certain privacy value in modulo-2 space, that is, when the result of xor operation on a and b is equal to a certain privacy value c in modulo-2 space, the target privacy value x is used p Both the first part sheet c0 and the second part sheet c1 of (1) are die 2 t In spaceInteger, therefore, the method can also realize the safe analog-to-digital conversion of the two fragments a and b of the privacy value c in the analog-to-2 space.
Fig. 3 is a second process diagram of the secure multiparty computing method based on the 2-out-of-1 sharing OT protocol. In the implementation shown in fig. 3, Alice will act as the receiver (i.e., the first party) of the sharing OT protocol, and Bob will act as the sender (i.e., the second party) of the sharing OT protocol. Referring to fig. 3, Alice and Bob can perform secure multi-party calculation on the privacy value a and the privacy value b through steps 300 to 306 under the aforementioned data holding condition 2.
First, at step 300, Bob generates two privacy values in order from shard b 1.
Namely, two privacy values { x in the order of the 2-to-1 sharing OT protocol are generated 0 ,x 1 }. For any privacy value x with the sequence number j in the two privacy values j Specifically, the privacy value x may be obtained by processing the sequence number j and the segment b1 by using the target operation rule g, for example, by performing an operation of taking the product of the sequence number j and the segment b1, so that the target privacy value x with the sequence number a is obtained a Equal to the results of processing a and b1 using the target operation rule g.
Then, in step 302, Alice jointly executes a 1-out-of-2 sharing OT protocol based on the privacy value a as the serial number p and two privacy values generated by Bob based on the serial number p, so that Alice obtains a target privacy value x p C0, Bob obtains the target privacy value x p And a second section c 1. Since a equals p, the target privacy number x p Bob processes the sequence number p and the fragment b1 according to the target operation rule g, so that the target privacy value x is obtained p The result of the summation operation or the exclusive or operation performed on the first slice c0 and the second slice c1 is equal to the result of processing the sequence numbers a and b1 by using the target operation rule g, thereby completing the secure multi-party computation on a and b 1.
Next, in step 304, Alice bases on the target privacy value x p The first fragment c0, the privacy value a, and the fragment b0 calculate a third fragment c0 g. Alice may calculate the slice c0g by e.g. c0g ═ a × b0+ c0,so as to pair the slices c0g and x p The result of the summation operation performed by the second slice of (a) is equal to the result of processing a and b using the target operation rule. It should be noted that c0g may also be obtained by performing an exclusive-or operation on a, b0 and c 0.
Fig. 4 is a third process diagram of a secure multiparty computing method based on the 2-out-of-1 sharing OT protocol. The implementation shown in fig. 4 includes performing process 1 and performing process 2: in the implementation process 1, Alice will act as a receiver (i.e., a first party) of the sharing OT protocol, and Bob will act as a sender (i.e., a second party) of the sharing OT protocol; in the implementation process 2, Alice will act as a sender of the sharing OT protocol, and Bob will act as a receiver of the sharing OT protocol. Referring to fig. 4, Alice and Bob can perform secure multi-party calculation on the privacy value a and the privacy value b through steps 400 to 407 in the aforementioned data holding case 3, where steps 400 to 402 belong to the execution process 1, steps 403 to 405 belong to the execution process 2, and the execution process 1 and the execution process 2 can be executed independently without a necessary sequential relationship.
At step 400, Bob calculates a privacy value L1 from shard a1 and shard b 1. The privacy value L1 can be calculated, for example, by the formula L1 ═ (b1-2a1 ═ b1) or by the deformation based on the formula.
At step 401, Bob generates two privacy values in a sequential order from the privacy value L1.
Namely, two privacy values { x, in order in the 2-out-of-1 sharing OT protocol are generated 0 ,x 1 }. For any privacy value x with the sequence number j in the two privacy values j Specifically, the sequence number j and the privacy value L1 may be processed by the target operation rule g, for example, the sequence number j and L1 may be subjected to an operation of taking the product of the sequence number j and L1, so that the target privacy value with the sequence number a0 may be equal to the result of processing a0 and L1 by the target operation rule g.
At step 402, Alice performs a 2-of-1 sharing OT protocol in conjunction with the N privacy values based on which Bob generated based on the privacy value a0 as a sequence number p, such that Alice obtains a first slice c00 of the target privacy value with sequence number a0 of the two privacy values generated by Bob, and Bob obtains a second slice c01 of the target privacy value with sequence number a0 of the two privacy values generated by Bob.
At step 403, Alice computes a privacy value L0 based on shard a0 and shard b 0. The privacy value L0 can be calculated, for example, by the formula L0 ═ (b0-2a0 ═ b0) or by the deformation based on the formula.
At step 404, Alice generates two privacy values in order from privacy value L0.
Namely, two privacy values { x in the order of the 2-to-1 sharing OT protocol are generated 0 ,x 1 }. For any privacy value x with the sequence number j in the two privacy values j Specifically, the sequence number j and the privacy value L0 may be processed by the target operation rule g, for example, the sequence number j and L0 may be subjected to an operation of taking the product of the sequence number j and L0, so that the privacy value with the sequence number a1 may be equal to the result of processing a1 and L0 by the target operation rule g.
At step 405, Bob jointly executes a 1-of-2 sharing OT protocol based on the privacy value a1 as a sequence number p, and the two privacy values generated by Alice based thereon, so that Bob obtains a first slice c10 of the target privacy value with sequence number a1 of the two privacy values generated by Alice, and Alice obtains a second slice c11 of the target privacy value with sequence number a1 of the two privacy values generated by Alice.
At step 406, Alice computes slice m0 from slice a0, slice b0, slice c00, and slice c 11. For example, Alice may calculate the segment m0 by using the formula m0 ═ a0 × b0+ c00+ c11 or its deformation.
At step 407, Bob calculates shard m1 from shard a1, shard b1, shard c01, and shard c 10. For example, Bob may calculate the slice m1 by using the formula m1 ═ a1 × b1+ c01+ c10 or its deformation.
Referring to the calculation process of calculating m0 and m1 by Alice and Bob, the result of summing m0 and m1 is equal to the result of processing a and b by using the target operation rule, so that Alice and Bob complete the secure multi-party calculation of the privacy value a and the privacy value b through the above-mentioned steps 400-407 based on the 2-to-1 sharing OT protocol. It will also be appreciated that the addition and multiplication operations in the aforementioned formulas for computing slices may also be replaced with exclusive-or operations.
FIG. 5 is a fourth process diagram of a secure multiparty computing method based on the 2-out-of-1 sharing OT protocol. In the implementation shown in fig. 5, Alice will act as the receiver (i.e., the first party) of the sharing OT protocol, and Bob will act as the sender (i.e., the second party) of the sharing OT protocol. As shown in fig. 5. Alice and Bob can perform secure multi-party calculation on the privacy value a and the privacy value b through steps 500 to 502 under the aforementioned data holding condition 4.
First, at step 500, Bob generates two privacy values in order from the slice a1 and the privacy value b.
Namely, two privacy values { x, in order in the 2-out-of-1 sharing OT protocol are generated 0 ,x 1 }. Privacy number x with arbitrary sequence number j j Equal to the exclusive-or result of sequence number j obtained by exclusive-or of sequence number j and privacy value b (i.e. the fifth privacy value) using target operation rule g, the exclusive-or result of sequence number j is obtained by exclusive-or of sequence number j and segment a1 (i.e. the sixth privacy value), such that the two privacy values { x } are obtained 0 ,x 1 The target privacy value with sequence number a0 (i.e. the third privacy value) is equal to the result of processing the privacy value b and the privacy value a using the target operation rule g, for example, equal to the result of performing the product operation on the privacy value a and the privacy value b.
Next, at step 502, Alice performs a 2-out-of-1 sharing OT protocol jointly with the two privacy values generated by Bob based on the slice a0 as the sequence number p, such that Alice obtains the first slice c0 of the target privacy value with sequence number a0 of the two privacy values generated by Bob, and Bob obtains the second slice c1 of the target privacy value with sequence number a0 of the two privacy values generated by Bob. Wherein the result of the summation operation or the exclusive-or operation performed on the first slice c0 and the second slice c1 is equal to the result of processing a and b using the target operation rule.
The aforementioned sharing OT from 2 to 1 protocol may be used to support Alice and Bob to implement the sharing OT from N to 1 protocol, where N is greater than 2. In other words,that is, Bob, who is the OT sender, holds N privacy values y 0 ,y 1 ,…,y N-1 When Alice as an OT receiver holds a specific privacy value (i.e., a tenth privacy value) and a serial number a (i.e., a fourth serial number) of the N privacy values, Alice and Bob may jointly execute an N-from-1 sharing OT protocol implemented based on the 2-from-1 sharing OT protocol, so that Alice and Bob respectively obtain the N privacy values { y } 0 ,y 1 ,…,y N-1 Privacy value y with sequence number A A And processing the privacy value y using the first preset operation rule a The result of the third and fourth fragmentation equals the privacy value y a 。
Fig. 6 is a process schematic diagram of an execution method of a sharing OT protocol from N to 1 based on a sharing OT protocol from 2 to 1 provided in an embodiment of the present specification. As shown in fig. 6, the method may include the following steps 600 through 608.
First, at step 600, Bob generates N-1 data packets in a sequential arrangement based on the N privacy values.
The single data packet contains two privacy values arranged in sequence, namely the single data packet contains two privacy values { x (x) arranged in sequence in the 2-to-1 sharing OT protocol 0 ,x 1 }. Wherein for any j-th data packet in the N-1 data packets, when j is 1, two privacy values are respectively based on the 1 st privacy value y in the N privacy values 0 And a 2 nd privacy value y 1; when j is greater than 1, the 1 st privacy value x 0 Is 0, 2 nd privacy value x 1 Based on the j +1 th privacy value y of the N privacy values j+1 And 1 st privacy number x 0 And (4) determining. More specifically, the 1 st privacy value x in the 1 st data packet 0 For example, the value may be the privacy value y0, the 2 nd privacy value x in the 1 st data packet 1 For example, may be a privacy value y 1; when j is greater than 1, the 2 nd privacy value x in the jth data packet 1 For example, may be a privacy value y j+1 And a privacy value y 0 A difference of (a) or x 1 May be equal to the relative privacy value y j+1 With privacy value y 0 And performing XOR budgeting.
In step 602, Alice determines N-1 first sequence numbers P corresponding to the N-1 execution rounds, wherein any jth first sequence number P is determined based on its corresponding execution round j and sequence number A. For any jth first sequence number P, when the sequence number A is equal to the execution turn j corresponding to the jth first sequence number P, the target privacy value with the sequence number of the jth first sequence number P in the jth data packet is the privacy value x in the jth data packet 1 (ii) a When the sequence number A is not equal to the execution turn j corresponding to the sequence number A, the target privacy value with the sequence number being the jth first sequence number P in the jth data packet is the privacy value x in the jth data packet 0 . In other words, for any jth first sequence number, if a is equal to the execution round j, the value of the jth first sequence number p may be 1; if a is not equal to the execution round j, the value of the jth first sequence number p may be 0.
Then, in step 604, Alice jointly executes a 1-out-of-2 sharing OT protocol based on the N-1 first sequence numbers P arranged in sequence and Bob based on the N-1 data packets arranged in sequence, so that Alice obtains N-1 first slices and Bob obtains N-1 second slices. It can be understood that, for any jth round of the sharing-by-2 OT protocol, the specifically processed data is two privacy values { x } sequentially arranged in the jth first sequence number P held by Alice and the jth data packet held by Bob 0 ,x 1 }。
Next, in step 606, Alice computes a fourth tile based on the N-1 first tiles. Alice may, for example, sum or xor budget the N-1 first tiles to obtain a fourth tile.
At step 608, Bob calculates a fifth tile based on the N-1 second tiles. Bob may, for example, sum budget or xor the N-1 second tiles to obtain a fifth tile.
See x in the jth data packet from the previous exemplary description 0 And x 1 The value of (1) and the value of the jth first sequence number p can be understood, and the 1 st round of the 1 st selection and the 1 st sharing OT protocol are completed for Alice and BobThe result of the summation operation or the exclusive-or operation performed on the obtained 1 st first fragment and the 1 st second fragment is equal to the privacy value y 0 (ii) a For any jth round 2-to-1 sharing OT protocol from the 2 nd round OT protocol to the N-1 th round 2-to-1 sharing OT protocol, when j is not equal to A, the Alice and the Bob finish the mth round 2-to-1 sharing OT protocol so as to respectively obtain the result of the summation operation or the exclusive OR operation of the jth first fragment and the jth second fragment which are respectively obtained, is 0, when j is equal to A, the Alice and the Bob finish the jth round 2-to-1 sharing OT protocol so as to respectively obtain the result of the summation operation or the exclusive OR operation of the jth first fragment and the jth second fragment which are respectively obtained, and the result is equal to the privacy value y j+1 And a privacy value y 0 Or is equal to the relative privacy value y j+1 And a privacy value y 0 And performing XOR budgeting. The result of performing summation operation or exclusive-or operation on the fourth fragment obtained by Alice and the fifth fragment obtained by Bob is equal to N privacy values { y 0 ,y 1 ,…,y N-1 Privacy value y with sequence number A in A 。
The aforementioned 1-out-of-N sharing OT protocol may be used to support Alice and Bob to perform secure multiparty computation on privacy values a and b, where Alice may hold privacy value a (i.e. third privacy value) for example in a typical technical scenario, Bob may hold privacy value b for example, and a and b are both modulo-2 t An integer in space; or a and b may both be single bit values in modulo-2 space; or a is the privacy number in modulo-2 space and b is modulo-2 t An integer within the space. As shown in fig. 7, the secure multi-party computing method based on the share-from-N-1 OT protocol may include the following steps 700 to 704.
First, at step 700, Bob generates N privacy values in a sequential order from the privacy value b.
Namely, N privacy values y arranged in sequence in the N-to-1 sharing OT protocol are generated 0 ,y 1 ,…,y N-1 }. Where N privacy values y 0 ,y 1 ,…,y N-1 Any of the current privacy values y j The current privacy value y is processed by using a target operation rule g j At N privacy values{y 0 ,y 1 ,…,y N-1 J and a privacy number b (i.e. the second privacy number) in such a way that a ninth privacy number y with a sequence number a a Equal to the result of processing the sequence number a and the privacy number b using the target operation rule.
Step 702, Bob jointly executes the N-from-1 sharing OT protocol based on the N privacy values and Alice based on the privacy value a as the serial number A, so that Alice obtains the privacy value y with the serial number as the privacy value a a Bob obtains a privacy value y with a sequence number a a The fifth segment of (1). And the result of the summation operation or the exclusive or operation on the fourth fragment and the fifth fragment is equal to the result of processing a and b by using the target operation rule.
By means of the method and the device provided in one or more embodiments of the present specification, when a second party holds a plurality of privacy values and a first party holds sequence numbers of specific privacy values among the plurality of privacy values, the first party and the second party can respectively obtain one segment of the specific privacy values by executing a 2-to-1 sharing OT protocol or an N-to-1 sharing OT protocol, while ensuring security of the specific privacy values and the sequence numbers thereof. And then the first party and the second party can realize safe multi-party calculation of privacy values based on a 2-out-of-1 sharing OT protocol or an N-out-of-1 sharing OT protocol, and the first party and the second party have small data volume and less communication turns when realizing the safe multi-party calculation, so that the safe multi-party calculation can be completed more efficiently.
Based on the same concept as the foregoing method embodiment, in this specification embodiment, there is also provided an execution apparatus for a 2-to-1 sharing OT protocol, involving a first party and a second party, where the second party holds two privacy values arranged in sequence and two random numbers arranged in sequence, the first party holds a first sequence number of a target privacy value among the two privacy values, a target random number, and a second sequence number of the target privacy value among the two random numbers, and the apparatus is deployed on the second party. As shown in fig. 8, the apparatus includes: a communication processing unit 81 configured to receive, from the first party, a third sequence number calculated based on the first sequence number and the second sequence number; a first calculation unit 83 configured to calculate intermediate data from the two privacy values and the two random numbers; the communication processing unit 81 is further configured to send the intermediate data to the first party, so that the first party calculates a first slice; the second calculating unit 85 is configured to calculate a second fragment according to the random number with the sequence number as the third sequence number and the privacy value arranged at the head, so that a result of processing the first fragment and the second fragment by using a first preset operation rule is equal to the target privacy value.
Based on the same concept as the foregoing method embodiment, in this specification embodiment, there is also provided an execution apparatus for a 2-to-1 sharing OT protocol, involving a first party and a second party, where the second party holds two privacy values arranged in sequence and two random numbers arranged in sequence, the first party holds a first sequence number of a target privacy value among the two privacy values, a target random number, and a second sequence number of the target privacy value among the two random numbers, and the apparatus is disposed at the first party. As shown in fig. 9, the apparatus includes: a communication processing unit 91 configured to send a third sequence number calculated based on the first sequence number and the second sequence number to the second party, cause the second party to calculate a second shard based on a random number whose sequence number is the third sequence number and a privacy number value arranged at the top, and return intermediate data calculated based on the two privacy number values and the two random numbers; a calculation processing unit 93, configured to calculate a first segment according to the first sequence number and the target random number, so that a result of processing the first segment and the second segment by using a first preset operation rule is equal to the target privacy value.
Based on the same concept as the foregoing method embodiment, in this specification, there is also provided a secure multi-party computing device based on a 2-on-1 sharing OT protocol, involving a first party and a second party, where the first party holds a third privacy value to be used as a first serial number, and the second party holds a second privacy value, and the device is disposed on the second party. As shown in fig. 10, the apparatus includes: a calculation processing unit 1001 configured to generate two privacy values arranged in sequence, where any privacy value with a sequence number j is obtained by processing the sequence number j and the second privacy value using a target operation rule, and the privacy value with a sequence number j is made equal to a result of processing the third privacy value and the second privacy value using the target operation rule; the call processing unit 1003 is configured to, for the two privacy values and the third privacy value serving as the first sequence number, jointly execute the 1-from-2 sharing OT protocol with the first party through an execution device of the 1-from-2 sharing OT protocol shown in fig. 8, obtain a second segment of the target privacy value having the sequence number of the third privacy value, and enable the first party to correspondingly obtain a first segment of the target privacy value having the sequence number of the third privacy value.
Based on the same concept as the foregoing method embodiment, in this specification, there is also provided a secure multi-party computing device based on a 2-to-1 sharing OT protocol, involving a first party and a second party, where the first party holds a third privacy value to be used as a first serial number, and the second party holds a second privacy value, and the device is deployed on the first party. The device is used for to as first sequence number third privacy numerical value and two privacy numerical values, through as shown in figure 9 2 select 1 share the executive device of OT agreement with the second party jointly carries out 2 select 1 share the OT agreement, obtains the sequence number and is the first fragmentation of the target privacy numerical value of three privacy numerical value, and makes the second party obtain the sequence number and is the second fragmentation of the target privacy numerical value of third privacy numerical value, wherein arbitrary sequence number is the privacy numerical value of j by the second party utilizes the target operation rule to handle sequence number j with second privacy numerical value obtains, makes the sequence number be the privacy numerical value of third privacy numerical value equals utilizes the target operation rule to handle the result of third privacy numerical value with second privacy numerical value.
Based on the same concept as the foregoing method embodiment, in this specification embodiment, an apparatus for executing an N-from-1 sharing OT protocol is further provided, where the apparatus relates to a first party and a second party, the second party holds N ninth privacy values arranged in sequence, the first party holds a fourth sequence number of a tenth privacy value among the N privacy values, where N is greater than 2, and the apparatus is disposed on the second party. As shown in fig. 11, the apparatus includes: the packet processing unit 1101 is configured to generate N-1 data packets arranged in sequence, where a single data packet includes two privacy values arranged in sequence, where for any jth data packet, when j is 1, the two privacy values are determined according to a1 st ninth privacy value and a 2 nd ninth privacy value, respectively, when j is greater than 1, the 1 st privacy value is 0, and the 2 nd privacy value is determined based on a j +1 th ninth privacy value and the 1 st ninth privacy value; a call processing unit 1103 configured to, based on the N-1 data packets, jointly execute, by an execution apparatus of a 1-from-2 sharing OT protocol as shown in fig. 8, an N-1 round 1-from-2 sharing OT protocol with the first party based on N-1 first sequence numbers, to obtain N-1 second fragments, so that a result of processing, by using a first preset operation rule, the jth second fragment and a jth first fragment correspondingly obtained by the first party is equal to a target privacy value whose sequence number is the jth first sequence number in the jth data packet, and the jth first sequence number is determined based on the round j and the fourth sequence number; a calculation processing unit configured to calculate a fifth segment based on the N-1 second segments, such that a result of processing the fifth segment and a fourth segment correspondingly calculated by the first party using the first preset operation rule is equal to the tenth privacy number.
Based on the same concept as the foregoing method embodiment, in this specification embodiment, an apparatus for executing an N-out-of-1 sharing OT protocol is further provided, where the apparatus relates to a first party and a second party, the second party holds N ninth privacy values arranged in sequence, the first party holds a fourth sequence number of a tenth privacy value among the N ninth privacy values, where N is greater than 2, and the apparatus is disposed in the first party. As shown in fig. 12, the apparatus includes: a sequence number determining unit 1201 configured to determine N-1 first sequence numbers corresponding to N-1 execution rounds, wherein any jth first sequence number is determined based on the execution round j corresponding to the jth first sequence number and the fourth sequence number; a call processing unit 1203 configured to jointly execute N-1 rounds of the 1-from-2 sharing OT protocol through an execution device of the 1-from-2 sharing OT protocol as shown in fig. 9 based on N-1 data packets with the second party based on N-1 first partitions, so as to obtain N-1 first partitions, so that a result of processing a jth first partition and a jth second partition correspondingly obtained by the second party by using a first preset operation rule is equal to a target privacy value with a jth first serial number in the jth data packet, where a single data packet includes two privacy values arranged in sequence, and for any jth data packet, when j is 1, the two privacy values are determined according to a1 st ninth privacy value and a 2 nd ninth privacy value, respectively, and when j is greater than 1, wherein the 1 st privacy value is 0, and the 2 nd privacy value is determined based on the j +1 th ninth privacy value and the 1 st ninth privacy value; a calculation processing unit 1205 is configured to calculate a fourth partition based on the N-1 first partitions, so that a result of processing the fourth partition and a fifth partition correspondingly calculated by the second party using the first preset operation rule is equal to the tenth privacy value.
Based on the same concept as the foregoing method embodiment, in this specification, there is also provided a secure multi-party computing device based on an N-out-of-1 sharing OT protocol, involving a first party and a second party, where the first party holds a third privacy value to be used as a fourth serial number, and the second party holds a second privacy value, and the device is disposed on the second party. As shown in fig. 13, the apparatus includes: a first calculating unit 1301, configured to generate N ninth privacy values arranged in sequence, where any current privacy value of the N ninth privacy values is obtained by processing a sequence number of the current privacy value in the N ninth privacy values and the second privacy value by using a target operation rule, and the privacy value with the sequence number being the third privacy value is equal to a result of processing the third privacy value and the second privacy value by using the target operation rule; the call processing unit 1303 is configured to, for the N ninth privacy values and the third privacy value serving as the fourth sequence number, jointly execute the 1-from-N sharing OT protocol with the first party by using an execution apparatus of the 1-from-N sharing OT protocol shown in fig. 11, obtain a fifth segment of the ninth privacy value having the sequence number of the third privacy value, and enable the first party to obtain a fourth segment of the ninth privacy value having the sequence number of the third privacy value.
Based on the same concept as the foregoing method embodiment, in this specification, there is further provided a secure multiparty computation method based on a share-from-N-1 OT protocol, involving a first party and a second party, where the first party holds a third privacy value to be used as a fourth number, the second party holds a second privacy value, and the apparatus is deployed in the first party, and is configured to, for the third privacy value and N ninth privacy values to be used as fourth numbers, obtain a fourth segment of a ninth privacy value with a number of the third privacy value by jointly executing a share-from-N-1-OT protocol with the second party by an executing apparatus of the share-from-N-1-OT protocol as shown in fig. 12, and enable the second party to obtain a fifth segment of the ninth privacy value with a number of the third privacy value, where the ninth value with an arbitrary number j is obtained by processing a number j and the second privacy value by using a target operation rule, and making a ninth privacy value with a sequence number equal to a result of processing the third privacy value and the second privacy value using a target operation rule.
Those skilled in the art will recognize that in one or more of the examples described above, the functions described in this specification can be implemented in hardware, software, firmware, or any combination thereof. When implemented in software, a computer program corresponding to these functions may be stored in a computer-readable medium or transmitted as one or more instructions/codes on the computer-readable medium, so that when the computer program corresponding to these functions is executed by a computer, the method described in any one of the embodiments of the present specification is implemented by the computer.
An embodiment of the present specification further provides a computer-readable storage medium, on which a computer program/instruction is stored, and when the computer program/instruction is executed in a computing device, the computing device executes each method step in an execution method of a sharing OT protocol from 2 to 1, an execution method of a sharing OT protocol from N to 1, a secure multi-party computing method based on a sharing OT protocol from 2 to 1, or a secure multi-party computing method based on a sharing OT protocol from N to 1, which are implemented by Alice/a first party/Bob/a second party and provided in any of the embodiments of the present specification.
The embodiment of the present specification further provides a computing device, which includes a memory and a processor, where the memory stores a computer program/instruction, and when the processor executes the computer program/instruction, the method for executing the sharing OT protocol from 2 to 1, the method for executing the sharing OT protocol from N to 1, the method for executing the sharing OT protocol from 2 to 1, the method for secure multi-party computing based on the sharing OT protocol from 2 to 1, or the method for secure multi-party computing based on the sharing OT protocol from N to 1, which are provided in any one embodiment of the present specification, are implemented.
The embodiments in the present description are described in a progressive manner, and the same and similar parts in the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, as for the apparatus embodiment, since it is substantially similar to the method embodiment, the description is relatively simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
The foregoing description has been directed to specific embodiments of this disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
The above-mentioned embodiments, objects, technical solutions and advantages of the present invention are further described in detail, it should be understood that the above-mentioned embodiments are only exemplary embodiments of the present invention, and are not intended to limit the scope of the present invention, and any modifications, equivalent substitutions, improvements and the like made on the basis of the technical solutions of the present invention should be included in the scope of the present invention.
Claims (42)
1. An execution method of a 2-to-1 sharing OT protocol relates to a first party and a second party, wherein the second party holds two privacy numerical values in sequence and two random numbers in sequence, the first party holds a first sequence number of a target privacy numerical value in the two privacy numerical values, a target random number and a second sequence number of the target privacy numerical value in the two random numbers, and the method is applied to the second party and comprises the following steps:
receiving, from the first party, a third sequence number calculated based on the first sequence number and the second sequence number;
calculating intermediate data according to the two privacy values and the two random numbers;
sending the intermediate data to the first party to enable the first party to calculate a first fragment;
and calculating a second fragment according to the random number with the sequence number as the third sequence number and the privacy value arranged at the head, so that the result of processing the first fragment and the second fragment by adopting a first preset operation rule is equal to the target privacy value.
2. The method of claim 1, further comprising: receiving the two random numbers from a third party; wherein the target random number and the second sequence number are sent to the first party by the third party.
3. The method of claim 1, the third sequence number equal to a result of an exclusive-or operation on the first sequence number and the second sequence number; and/or the result of performing summation operation or exclusive-or operation on the first and second fragments is equal to the target privacy data.
4. A method according to any of claims 1-3, calculating intermediate data from the two privacy values and the two random numbers, comprising: and respectively processing the two random numbers according to a second preset operation rule to obtain a first data item and a second data item, and calculating intermediate data based on the first data item, the second data item and the two privacy values.
5. The method of claim 4, computing a second tile based on the random number with a sequence number of the third sequence number and the first-ranked privacy value, comprising: and processing the random number with the sequence number as the third sequence number according to the second preset operation rule to obtain a third data item, and calculating a second fragment of the target privacy value according to the third data item and the privacy value arranged at the head.
6. The method of claim 4, the two privacy values both being t bits in length; the processing the two random numbers according to a second preset operation rule to obtain a first data item and a second data item respectively comprises: sequentially calculating hash values with the lengths of t bits of the two random numbers to serve as a first data item and a second data item; or, for the two random numbers with the length larger than t bits, sequentially extracting bit sequences with the length of t bits from a preset position, and taking data respectively represented by the two extracted bit sequences as a first data item and a second data item.
7. An execution method of a 2-to-1 sharing OT protocol relates to a first party and a second party, wherein the second party holds two privacy numerical values in sequence and 2 random numbers in sequence, the first party holds a first sequence number of a target privacy numerical value in the two privacy numerical values, a target random number and a second sequence number of the target privacy numerical value in the two random numbers, and the method is applied to the first party and comprises the following steps:
sending a third sequence number obtained by calculation based on the first sequence number and the second sequence number to the second party, enabling the second party to calculate a second fragment according to a random number with the sequence number being the third sequence number and a privacy value arranged at the head, and returning intermediate data calculated according to the two privacy values and the two random numbers;
and calculating a first fragment according to at least the first sequence number and the target random number, so that the result of processing the first fragment and the second fragment by adopting a first preset operation rule is equal to the target privacy value.
8. The method of claim 7, further comprising: receiving the target random number and the second sequence number from a third party; the two random numbers are sent by the third party to the second party.
9. The method of claim 7, the third sequence number equal to a result of an exclusive-or operation on the first sequence number and the second sequence number; and/or the result of performing summation operation or exclusive-or operation on the first and second fragments is equal to the target privacy data.
10. The method of claim 7, computing a first shard based on at least the first sequence number and the target random number, comprising: processing the target random number by using a second preset operation rule to obtain a fourth data item; if the target privacy value with the sequence number being the first sequence number is the privacy value arranged at the head, the fourth data item is taken as the first fragment, otherwise the first fragment is calculated based on the fourth data item and the intermediate data.
11. The method of claim 10, processing the target random number with a second preset operation rule to obtain a fourth data item, comprising: calculating a hash value of the target random number with the length of t bits as a fourth data item; or, for the target random number with the length larger than t bits, extracting a bit sequence with the length of t bits from a preset position and using the data characterized by the bit sequence as a fourth data item.
12. A secure multi-party computing method based on a 2-out-of-1 sharing OT protocol involving a first party and a second party, the first party holding a third privacy value to be a first sequence number and the second party holding a second privacy value, the method applied to the second party, the method comprising:
generating two privacy values arranged in sequence, wherein any privacy value with the sequence number j is obtained by processing the sequence number j and the second privacy value by using a target operation rule, and the privacy value with the sequence number of the third privacy value is equal to the result of processing the third privacy value and the second privacy value by using the target operation rule;
and for the two privacy values and the third privacy value as the first sequence number, jointly executing a 2-to-1 sharing OT protocol with the first party by using the method of any one of claims 1 to 6, obtaining a second segment with the sequence number being the target privacy value of the third privacy value, and enabling the first party to correspondingly obtain the first segment with the sequence number being the target privacy value of the third privacy value.
13. The method of claim 12, the second and third privacy values being two slices of a fourth privacy value in modulo-2 space, the first and second slices each being t bits greater than 1 in length; the result of the exclusive-or operation on the second privacy value and the third privacy value is equal to the result of the summation operation on the first and second shards.
14. The method of claim 12, the target operation rule comprising a sum operation, a product operation, a bitwise and operation, a bitwise or operation, or a bitwise xor operation.
15. The method of claim 12, the first party further holding a fourth privacy value, the sum of the second privacy value and the fourth privacy value being equal to a fifth privacy value; a sum of the second and third shards is equal to a product of the third privacy value and the fifth privacy value, wherein the third shard is calculated by the first party based on the third privacy value, the fourth privacy value, and the first shard.
16. The method of claim 12, the first party further holding a fourth privacy value, the second party further holding a sixth privacy value and a seventh privacy value, the third privacy value and the sixth privacy value being two exclusive-or slices of an eighth privacy value within a modulo-2 space that is within the modulo-2 space, the sum of the fourth privacy value and the seventh privacy value being equal to a fifth privacy value; the second privacy value is calculated by the second party based on the sixth privacy value and the seventh privacy value, and the second segment is used for calculating a product of the fifth privacy value and the eighth privacy value.
17. A secure multi-party computing method based on a 2-out-of-1 sharing OT protocol, involving a first party and a second party, the first party holding a third privacy value to be used as a first sequence number, the second party holding a second privacy value, the method applied to the first party, the method comprising: to as first serial number third privacy numerical value and two privacy numerical value, adopt any one of claims 7-11 the method with the second party jointly carries out 2 and selects 1 to share OT agreement, obtain the serial number and be the first fragmentation of the target privacy numerical value of three privacy numerical value, and make the second party obtain the serial number and be the second fragmentation of the target privacy numerical value of third privacy numerical value, wherein arbitrary serial number is the privacy numerical value of j by the second party utilizes target operation rule processing serial number j with second privacy numerical value and obtains, makes the serial number be the privacy numerical value of third privacy numerical value equals to utilize target operation rule processing third privacy numerical value with the result of second privacy numerical value.
18. The method of claim 17, the second and third privacy values being two slices of a fourth privacy value in modulo-2 space, the first and second slices each being t bits greater than 1 in length; the result of the exclusive-or operation on the second privacy value and the third privacy value is equal to the result of the summation operation on the first and second splits.
19. The method of claim 17, the target operation rule comprising a sum operation, a product operation, a bitwise and operation, a bitwise or operation, or a bitwise xor operation.
20. The method of claim 17, a sum of the second privacy value and a fourth privacy value held by the first party being equal to a fifth privacy value; the method further comprises the following steps: calculating a third patch based on the third privacy value, the fourth privacy value, and the first patch such that a sum of the second patch and the third patch equals a product of the third privacy value and the fifth privacy value.
21. The method of claim 17, the first party further holding a fourth privacy value, the second party further holding a sixth privacy value and a seventh privacy value, the third privacy value and the sixth privacy value being two exclusive-or slices of an eighth privacy value within a modulo-2 space, the sum of the fourth privacy value and the seventh privacy value being equal to a fifth privacy value; the second privacy value is calculated by the second party based on the sixth privacy value and the seventh privacy value, and the first segment is used for calculating a product of the fifth privacy value and the eighth privacy value.
22. A secure multi-party computing method based on a 2-out-of-1 sharing OT protocol, involving a first party and a second party, the first party holding a third privacy value to be a first sequence number, the second party holding a fifth privacy value and a sixth privacy value, the third privacy value and the sixth privacy value being two XOR fragments of an eighth privacy value located in a modulo-2 space in the modulo-2 space, the method comprising: the second party generates two privacy values arranged in sequence, wherein any privacy value with a sequence number j is equal to a result obtained by processing an exclusive-or result with a sequence number j and the fifth privacy value by using a target operation rule, the exclusive-or result with a sequence number j is obtained by performing exclusive-or operation on the sequence number j and the sixth privacy value, and the target privacy value with a sequence number of the third privacy value is equal to a result obtained by processing the fifth privacy value and the eighth privacy value by using the target operation rule;
the first party and the second party jointly execute, by using the method according to any one of claims 1 to 11, a sharing OT protocol for the third privacy value and the two privacy values as the first serial numbers, and obtain a first segment and a second segment of a target privacy value having serial numbers as the third privacy values, respectively.
23. An execution method of an N-out-of-1 sharing an Oblivious Transport (OT) protocol, involving a first party and a second party, the second party holding N ninth privacy values in a sequential order, the first party holding a fourth sequence number of a tenth privacy value among the N privacy values, where N is greater than 2, the method being applied to the second party, the method comprising:
generating N-1 data packets which are arranged in sequence, wherein a single data packet comprises two privacy values which are arranged in sequence, for any j-th data packet, when j is 1, the two privacy values are respectively determined according to a1 st ninth privacy value and a 2 nd ninth privacy value, when j is larger than 1, the 1 st privacy value is 0, and the 2 nd privacy value is determined based on a j +1 th ninth privacy value and the 1 st ninth privacy value;
based on the N-1 data packets, performing N-1 rounds of a 2-to-1 sharing OT selection protocol with the first party based on N-1 first sequence numbers by using the method of any one of claims 1 to 6 to obtain N-1 second fragments, so that a result of processing the jth second fragment and a jth first fragment correspondingly obtained by the first party by using a first preset operation rule is equal to a target privacy value with the sequence number of the jth first sequence number in the jth data packet, and the jth first sequence number is determined based on the round number j and the fourth sequence number;
and calculating a fifth fragment based on the N-1 second fragments, so that the result of processing the fifth fragment and a fourth fragment correspondingly calculated by the first party by using the first preset operation rule is equal to the tenth privacy value.
24. The method of claim 23, wherein the 1 st privacy value in the 1 st data packet is a1 st ninth privacy value, and the 2 nd privacy value in the 1 st data packet is a 2 nd ninth privacy value; when j is greater than 1, the 2 nd privacy value in the jth data packet is the difference between the j +1 th ninth privacy value and the 1 st ninth privacy value.
25. The method of claim 23, wherein for any jth round 1-out-of-2 OT sharing OT protocol, the target privacy value is the 2 nd privacy value in the jth data packet when the fourth sequence number equals j, and the target data is the 1 st privacy value in the jth data packet when the fourth sequence number does not equal j.
26. An execution method of an N-out-of-1 sharing an Oblivious Transport (OT) protocol, involving a first party and a second party, the second party holding N ninth privacy values in a sequential order, the first party holding a fourth sequence number of a tenth privacy value among the N ninth privacy values, where N is greater than 2, the method being applied to the first party, the method comprising:
determining N-1 first sequence numbers corresponding to N-1 execution rounds, wherein any jth first sequence number is determined based on the execution round j corresponding to the jth first sequence number and the fourth sequence number;
performing, by using the method according to any one of claims 7 to 11, an N-1 round-2-to-1 sharing OT protocol based on N-1 first sequence numbers with the second party to obtain N-1 first slices by jointly executing an N-1 round-2-to-1 sharing OT protocol with the second party based on N-1 data packets, so that a result of processing a jth first slice and a jth second slice obtained by the second party by using a first preset operation rule is equal to a target privacy value with a jth first sequence number in the jth data packet, where a single data packet includes two privacy values arranged in sequence, and for any jth data packet, when j is 1, the two privacy values are determined according to a 1st ninth privacy value and a 2nd ninth privacy value, respectively, and when j is greater than 1, the 1st privacy value is 0, the 2 nd privacy value is determined based on the j +1 th ninth privacy value and the 1 st ninth privacy value;
and calculating a fourth fragment based on the N-1 first fragments, so that the result of processing the fourth fragment and a fifth fragment correspondingly calculated by the second party by using the first preset operation rule is equal to the tenth privacy value.
27. The method of claim 26, wherein the 1 st privacy value in the 1 st data packet is a1 st ninth privacy value, and the second privacy value in the 1 st data packet is a 2 nd ninth privacy value; when j is greater than 1, the 2 nd privacy value in the jth data packet is the difference between the j +1 th ninth privacy value and the 1 st ninth privacy value.
28. The method of claim 26, wherein for any jth round 1-out-of-2 OT sharing OT protocol, the target privacy value is the 2 nd privacy value in the jth data packet when the fourth sequence number equals j, and the target privacy value is the 2 nd privacy value in the jth data packet when the fourth sequence number does not equal j.
29. A secure multi-party computing method based on an N-out-of-1 sharing OT protocol, involving a first party and a second party, the first party holding a third privacy value to be a fourth sequence number, the second party holding a second privacy value, the method applied to the second party, the method comprising:
generating N ninth privacy values arranged in sequence, wherein any one of the N ninth privacy values is obtained by processing the sequence number of the current privacy value in the N ninth privacy values and the second privacy value by using a target operation rule, and the ninth privacy value with the sequence number as the third privacy value is equal to the result of processing the third privacy value and the second privacy value by using the target operation rule;
for the N ninth privacy values and the third privacy value as a fourth sequence number, jointly executing an N-out-of-1 sharing OT protocol with the first party by using the method according to any one of claims 23 to 25, obtaining a fifth segment of the ninth privacy value with a sequence number of the third privacy value, and enabling the first party to obtain a fourth segment of the ninth privacy value with a sequence number of the third privacy value.
30. The method of claim 29, the target operation rule comprising a sum operation, a product operation, a bitwise and operation, a bitwise or operation, or a bitwise xor operation; and/or the first preset operation rule comprises a summation operation or a bitwise exclusive-or operation.
31. A secure multi-party computing method based on an N-out-of-1 sharing OT protocol, involving a first party and a second party, the first party holding a third privacy value to be used as a fourth sequence number, the second party holding a second privacy value, the method applied to the first party, the method comprising: for the third privacy value and N ninth privacy values as a fourth sequence number, performing, in conjunction with the second party, a share-by-N-out-of-1 share OT protocol by using the method of any one of claims 26 to 28, obtaining a fourth slice having a sequence number that is the ninth privacy value of the third privacy value, and making the second party obtain a fifth slice having a sequence number that is the ninth privacy value of the third privacy value, where any ninth privacy value having a sequence number that is j is obtained by processing the sequence number j and the second privacy value using a target operation rule, and making the ninth privacy value having a sequence number that is the third privacy value equal to a result of processing the third privacy value and the second privacy value using the target operation rule.
32. The method of claim 31, the target operation rule comprising a sum operation, a product operation, a bitwise and operation, a bitwise or operation, or a bitwise xor operation; and/or the first preset operation rule comprises a summation operation or a bitwise exclusive-or operation.
33. An apparatus for performing a 1-out-of-2 sharing an oblivious transport, OT, protocol involving a first party and a second party, the second party holding two privacy values in sequence and two random numbers in sequence, the first party holding a first sequence number of a target privacy value among the two privacy values, a target random number, and a second sequence number thereof among the two random numbers, the apparatus being deployed at the second party, the apparatus comprising:
a communication processing unit configured to receive, from the first party, a third sequence number calculated based on the first sequence number and the second sequence number;
a first calculation unit configured to calculate intermediate data from the two privacy values and the two random numbers;
the communication processing unit is further configured to send the intermediate data to the first party, so that the first party calculates a first shard;
and the second calculating unit is configured to calculate a second fragment according to the random number with the sequence number as the third sequence number and the privacy value arranged at the head, so that the result of processing the first fragment and the second fragment by adopting a first preset operation rule is equal to the target privacy value.
34. An apparatus for performing a 1-out-of-2 sharing an oblivious transport, OT, protocol involving a first party and a second party, the second party holding two privacy values in sequence and two random numbers in sequence, the first party holding a first sequence number of a target privacy value among the two privacy values, a target random number, and a second sequence number thereof among the two random numbers, the apparatus being deployed at the first party, the apparatus comprising:
a communication processing unit configured to send a third sequence number calculated based on the first sequence number and the second sequence number to the second party, so that the second party calculates a second fragment according to a random number with a sequence number being the third sequence number and a privacy value arranged at the top, and returns intermediate data calculated according to the two privacy values and the two random numbers;
and the calculation processing unit is configured to calculate a first fragment according to the first sequence number and the target random number, so that a result of processing the first fragment and the second fragment by adopting a first preset operation rule is equal to the target privacy value.
35. A secure multi-party computing device based on a 1-out-of-2 sharing an oblivious transport, OT, protocol involving a first party holding a third privacy value to be a first sequence number and a second party holding a second privacy value, the device being deployed at the second party, the device comprising:
a calculation processing unit configured to generate two privacy values arranged in order, wherein any privacy value with a sequence number j is obtained by processing the sequence number j and the second privacy value by using a target operation rule, and the privacy value with the sequence number of the third privacy value is made equal to a result of processing the third privacy value and the second privacy value by using the target operation rule;
a call processing unit configured to jointly execute, on the two privacy values and the third privacy value as the first sequence number, the 2-to-1 sharing OT protocol with the first party through the execution apparatus of the 2-to-1 sharing OT protocol according to claim 33, obtain a second segment of the target privacy value with the sequence number as the third privacy value, and make the first party correspondingly obtain the first segment of the target privacy value with the sequence number as the third privacy value.
36. A secure multi-party computing device based on a 1-out-of-2 sharing OT protocol for inadvertent transmission involving a first party and a second party, the first party having a third privacy value to be a first number and the second party having a second privacy value, the device deployed at the first party for performing the 2-out-of-1 sharing OT protocol in conjunction with the second party through an execution device of the 2-out-of-1 sharing OT protocol recited in claim 34 for the third privacy value and the two privacy values as the first number, obtaining a first slice of the target privacy value with number as the third privacy value, and having the second party obtain a second slice of the target privacy value with number as the third privacy value, wherein any privacy value with number j is obtained by the second party processing number j and the second privacy value with a target operation rule, and making the privacy value with the sequence number as the third privacy value equal to the result of processing the third privacy value and the second privacy value by using a target operation rule.
37. An N-out-of-1 apparatus for performing an OT protocol, involving a first party and a second party, the second party having N ninth privacy values in a sequential order, the first party having a tenth privacy value that is a fourth ordinal number of the N privacy values, where N is greater than 2, the apparatus being disposed at the second party, the apparatus comprising:
the packet processing unit is configured to generate N-1 data packets which are arranged in sequence, wherein a single data packet comprises two privacy values which are arranged in sequence, for any j-th data packet, when j is 1, the two privacy values are respectively determined according to a1 st ninth privacy value and a 2 nd ninth privacy value, when j is larger than 1, the 1 st privacy value is 0, and the 2 nd privacy value is determined based on a j +1 th ninth privacy value and the 1 st ninth privacy value;
a call processing unit, configured to jointly execute N-1 rounds of the 1-from-2 sharing OT protocol through the execution apparatus for the 1-from-2 sharing OT protocol in claim 33 based on N-1 first sequence numbers with the first party based on N-1 first sequence numbers based on the N-1 data packets, to obtain N-1 second fragments, so that a result of processing the jth second fragment and the jth first fragment correspondingly obtained by the first party by using a first preset operation rule is equal to a target privacy value having a sequence number of the jth first sequence number in the jth data packet, and the jth first sequence number is determined based on the round number j and the fourth sequence number;
a calculation processing unit configured to calculate a fifth segment based on the N-1 second segments, such that a result of processing the fifth segment and a fourth segment correspondingly calculated by the first party using the first preset operation rule is equal to the tenth privacy number.
38. An apparatus for implementing an N-out-of-1 sharing an oblivious transport, OT, protocol involving a first party and a second party, the second party holding N ninth privacy values in a sequential arrangement, the first party holding a fourth ordinal number of a tenth privacy value among the N ninth privacy values, where N is greater than 2, the apparatus being deployed at the first party, the apparatus comprising:
a sequence number determining unit configured to determine N-1 first sequence numbers corresponding to N-1 execution rounds, wherein any jth first sequence number is determined based on its corresponding execution round j and the fourth sequence number;
a call processing unit, configured to jointly execute N-1 rounds of the 1-from-2 sharing OT protocol through the execution apparatus of the 1-from-2 sharing OT protocol in claim 34 based on N-1 first sequence numbers and N-1 data packets with the second party based on N-1 data packets, to obtain N-1 first fragments, so that a result of processing the jth first fragment and a jth second fragment correspondingly obtained by the second party by using a first preset operation rule is equal to a target privacy value with a sequence number of the jth first sequence number in the jth data packet, where a single data packet includes two privacy values arranged in order, and for any jth data packet, when j is 1, the two privacy values are determined according to a1 st ninth privacy value and a 2 nd ninth privacy value, respectively, and when j is greater than 1, wherein the 1 st privacy value is 0, and the 2 nd privacy value is determined based on the j +1 th ninth privacy value and the 1 st ninth privacy value;
a calculation processing unit configured to calculate a fourth segment based on the N-1 first segments, so that a result of processing the fourth segment by using the first preset operation rule and a result of processing a fifth segment correspondingly calculated by the second party is equal to the tenth privacy value.
39. A secure multi-party computing device for sharing an oblivious transport, OT, protocol based on 1 out of N involving a first party and a second party, the first party holding a third privacy value to be a fourth sequence number, the second party holding a second privacy value, the device being deployed at the second party, the device comprising:
a calculation processing unit configured to generate N ninth privacy values arranged in sequence, where any one of the N ninth privacy values is obtained by processing a sequence number of the current privacy value in the N ninth privacy values and the second privacy value by using a target operation rule, and the privacy value whose sequence number is the third privacy value is equal to a result of processing the third privacy value and the second privacy value by using the target operation rule;
a call processing unit, configured to execute, by the execution apparatus of the share-from-N-1 OT protocol according to claim 37, the share-from-N-1 OT protocol in combination with the first party for the N ninth privacy values and the third privacy value as a fourth sequence number, obtain a fifth segment of the ninth privacy value with the sequence number being the third privacy value, and enable the first party to obtain a fourth segment of the ninth privacy value with the sequence number being the third privacy value.
40. A secure multiparty computing method based on a 1-out-of-N shared OT protocol for oblivious transmission involving a first party and a second party, said first party having a third privacy value to be used as a fourth number, said second party having a second privacy value, said device being deployed at said first party, said device being adapted to perform a 1-out-of-N shared OT protocol in conjunction with said second party for said third privacy value and said N ninth privacy values being used as fourth numbers, by means of an execution means of the 1-out-of-N shared OT protocol as claimed in claim 38, to obtain a fourth slice of a ninth privacy value with a number being said third privacy value, and to cause said second party to obtain a fifth slice of a ninth privacy value with a number being said third privacy value, wherein any ninth privacy value with a number j is obtained by processing a number j and said second privacy value using a target operation rule, and making a ninth privacy value with a sequence number equal to a result of processing the third privacy value and the second privacy value using a target operation rule.
41. A computer-readable storage medium having stored thereon a computer program which, when executed in a computing device, the computing device performs the method of any of claims 1-21 or 23-32.
42. A computing device comprising a memory having stored therein a computer program and a processor that, when executing the computer program, implements the method of any of claims 1-21 or 23-32.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210619378.4A CN115001675A (en) | 2022-06-02 | 2022-06-02 | Execution method of sharing OT protocol, secure multi-party computing method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210619378.4A CN115001675A (en) | 2022-06-02 | 2022-06-02 | Execution method of sharing OT protocol, secure multi-party computing method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115001675A true CN115001675A (en) | 2022-09-02 |
Family
ID=83031065
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210619378.4A Pending CN115001675A (en) | 2022-06-02 | 2022-06-02 | Execution method of sharing OT protocol, secure multi-party computing method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115001675A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116132029A (en) * | 2022-12-22 | 2023-05-16 | 泉城省实验室 | Wild card symbol pattern matching method and system based on three-choice-one-blank transmission protocol |
-
2022
- 2022-06-02 CN CN202210619378.4A patent/CN115001675A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116132029A (en) * | 2022-12-22 | 2023-05-16 | 泉城省实验室 | Wild card symbol pattern matching method and system based on three-choice-one-blank transmission protocol |
| CN116132029B (en) * | 2022-12-22 | 2023-09-26 | 泉城省实验室 | Wild card symbol pattern matching method and system based on three-choice-one-blank transmission protocol |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20210167946A1 (en) | One-Round Secure Multiparty Computation of Arithmetic Streams and Evaluation of Functions | |
| CN111512589A (en) | Method for fast secure multi-party inner product using SPDZ | |
| EP3364596A1 (en) | Key exchange devices and method | |
| RU2534944C2 (en) | Method for secure communication in network, communication device, network and computer programme therefor | |
| US20180115415A1 (en) | Secure computation system, server apparatus, secure computation method, and program | |
| US8527765B2 (en) | Shared secret verification method and system | |
| WO2023231340A1 (en) | Execution method and device for shared ot protocol, and secure multi-party computation method and device | |
| CN108933650B (en) | Data encryption and decryption method and device | |
| CN112580072B (en) | Data set intersection method and device | |
| CN108055128B (en) | RSA key generation method, RSA key generation device, storage medium and computer equipment | |
| US20240163084A1 (en) | Method of data transmission, and electronic devic | |
| CN113722734A (en) | Method, device and system for determining selection result fragmentation by two-party security selection | |
| CN107888385B (en) | RSA modulus generation method, RSA key generation method, computer device, and medium | |
| CN113626871A (en) | Two-party multi-branch condition implementation method and system for protecting private data | |
| US20180337773A1 (en) | Communication device and communication method | |
| KR102315632B1 (en) | System and method for generating scalable group key based on homomorphic encryption with trust server | |
| CN115001675A (en) | Execution method of sharing OT protocol, secure multi-party computing method and device | |
| US11895230B2 (en) | Information processing apparatus, secure computation method, and program | |
| JP7023584B2 (en) | Public key cryptosystem, public key cryptosystem, public key crypto program | |
| EP3982586A1 (en) | Device and method for sorting approximately encrypted ciphertext | |
| CN114021198B (en) | Method and device for determining common data for protecting data privacy | |
| CN114297726A (en) | Multiplication execution method and device based on secure multi-party calculation | |
| CN113836596A (en) | Method, device and system for determining selection result fragmentation by two-party security selection | |
| US20220399991A1 (en) | Shuffle system, shuffle method, and program | |
| Lochter | Blockchain as cryptanalytic tool |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |