CN115017458A - Method and system for safely calculating median of data by multiple parties - Google Patents

Method and system for safely calculating median of data by multiple parties Download PDF

Info

Publication number
CN115017458A
CN115017458A CN202210468703.1A CN202210468703A CN115017458A CN 115017458 A CN115017458 A CN 115017458A CN 202210468703 A CN202210468703 A CN 202210468703A CN 115017458 A CN115017458 A CN 115017458A
Authority
CN
China
Prior art keywords
data
result
median
participants
applicant
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210468703.1A
Other languages
Chinese (zh)
Other versions
CN115017458B (en
Inventor
廖方平
郑伟海
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Longtel Inc
Original Assignee
Longtel Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Longtel Inc filed Critical Longtel Inc
Priority to CN202210468703.1A priority Critical patent/CN115017458B/en
Publication of CN115017458A publication Critical patent/CN115017458A/en
Application granted granted Critical
Publication of CN115017458B publication Critical patent/CN115017458B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F17/00Digital computing or data processing equipment or methods, specially adapted for specific functions
    • G06F17/10Complex mathematical operations
    • G06F17/18Complex mathematical operations for evaluating statistical data, e.g. average values, frequency distributions, probability functions, regression analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F17/00Digital computing or data processing equipment or methods, specially adapted for specific functions
    • G06F17/10Complex mathematical operations
    • G06F17/16Matrix or vector computation, e.g. matrix-matrix or matrix-vector multiplication, matrix factorization
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/008Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Mathematical Physics (AREA)
  • Data Mining & Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Pure & Applied Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Computational Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Databases & Information Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Algebra (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Probability & Statistics with Applications (AREA)
  • Operations Research (AREA)
  • Evolutionary Biology (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The application provides a method and a system for safely calculating median of data in multiple parties, belongs to the technical field of safe multiple-party calculation, and is used for solving the problem of poor median effect in multiple-party calculation in the related technology. In the method and the system, a plurality of participants realize data size sequencing under the condition of not revealing own data outwards, firstly, each participant divides own data into two parts, then, one participant is used as an applicant to respectively send one part of data to the other participants, the other participants respectively send one part of data to the applicant, the applicant can calculate the difference between the data retained by the applicant and the received data sent by the other participants, the other participants can also calculate the difference between the data sent by the applicant and the data retained by the applicant, the two groups of differences are gathered to a judge and correspondingly added, and the median of the data of all the participants can be determined according to the obtained result. The technology better solves the problem of safely calculating the median of data by multiple parties.

Description

Method and system for safely calculating median of data by multiple parties
Technical Field
The present application relates to the technical field of secure multiparty computing, and in particular, to a method and system for securely computing a median in data in multiparty.
Background
The secure multiparty computing (SNC) is a collaborative computing problem for protecting privacy among a group of mutually untrusted participants, ensures the independence of input and the correctness of computing, does not reveal an input value to other members participating in computing, mainly aims at solving the problem of how to securely compute an appointed function under the condition of no trusted third party, and plays an important role in scenes such as electronic election, electronic voting, electronic auction, secret sharing, threshold signature and the like.
Disclosure of Invention
The application provides a method and a system for safely calculating median in multi-party data, which can solve the problem of safely calculating median in multi-party data.
In a first aspect, the present application provides a method for secure multiparty computation of a median in data.
In the method, n participants are provided, n is more than or equal to 2, and A is used as the participant i Data representing, participating in, with B i Denotes that I ∈ I, I ∈ { I | I ∈ N * And i is less than or equal to n }, A 1 Obtaining self data B for application 1 The size sequence of (1); the method comprises the following steps:
application A 1 The self data B 1 Is divided into two parts, B 1 =B 11 +B 12 The rest of each participant A j The self data B j Is divided into two parts, B j =B j1 +B j2 J belongs to I and j is not equal to 1;
application A 1 Respectively sending a copy of B 12 To the remaining participants A j The remaining participants A j All send one share B j1 To the applicant A 1
Application A 1 Against each remaining party a j Calculating to obtain a first result C j ,C j =±(B 11 -B j1 ) The rest of each participant A j Calculating to obtain a second result D j ,D j =±(B 12 -B j2 );
According to the first result C j And a second result D j Determining a third result E j ,E j =C j +D j
According to the third result E j All participants A i Data B of i Is based on the size sequence of B i Size sequence determination B i The median of (3).
By adopting the technical scheme, the data of any party can not be leaked in the calculation process, namely, each party can obtain the data size sequence of all parties, and then the median of the data of all parties can be determined, so that the problem of safely calculating the median of the data by multiple parties is solved.
Further, the first result C j =±(B 11 -B j1 ) The rest of each participant A j Calculating to obtain a second result D j
Figure BDA0003625638870000021
Third result E j =C j -D j
Further, party A i Is B 'as raw data' i ,B′ i Based on a preset secret key, obtaining B after being encrypted by a homomorphic encryption algorithm i
Further, the B' i Enlargement of a m Multiple, a is constant and a ≠ 0, yielding said B i
Further, the application A 1 According to B 12 Generating a first application verification code E 1 And respectively sending the first application verification code to each of the rest participants A j The rest of each participant A j Respectively according to received B 12 Generating a second application verification code E 2 The rest of each participant A j Judging the received first application verification code E 1 And the calculated verification code E of the second application 2 Whether the relation of (A) is the same as the first preset relation or not, if so, B is represented 11 Is not tampered in the transmission process;
each of the remaining parties a j Are respectively according to B j1 Generating a first participation verification code G j1 And mixing the first ginsengAnd the verification code is sent to the application party A 1 Application side A 1 According to received B j1 Generating a second participating authentication code G j2 Application side A j Determining a corresponding received first participation verification code G j1 With the calculated second participation verification code Gj 2 Whether the relation of (A) is the same as the second preset relation or not, if so, the corresponding B is represented j1 Has not been tampered during transmission.
Further, the
Figure BDA0003625638870000031
E 2 According to received B 11 Calculating; the described
Figure BDA0003625638870000032
G j2 According to received B j1 Calculating;
wherein p and q are both prime numbers and q divides p-1 evenly, g is an integer and g is
Figure BDA0003625638870000033
The first preset relationship is E 1 =E 2 The second predetermined relationship is G j1 =G j2
Further, the third result E j All participants A i Data B of (1) i Is based on the size sequence of B i Size sequence determination B i The median of (a) includes:
in determining n numbers of B i After the sequence of the sizes arranged from large to small, judging whether n is an odd number or an even number;
if n is an odd number, B located at the (n +1)/2 position is determined i Let i be B or B b At all B i Judging whether b is 1 or not at the position of the median of the size sequence, and if b is equal to 1, feeding back to the applicant A 1 Information its own original data B' 1 Is a median, if b is not equal to 1, then E is called b =B 1 -B b Decoding the result to obtain E' b =B′ 1 -B′ b At the application side A 1 Received E' b Then, the median B can be calculated In =B′ b =B′ 1 -E′ b
If n is an even number, B at the n/2-1 position and at the n/2+1 position is determined i Let i be c, B c At all B i N/2-1 position in size order, i ═ e, B e At all B i Respectively judging whether c and E are equal to 1 at the n/2+1 position in the size sequence, and calling E if c is equal to 1 e =B 1 -B e A 1 is mixing E e Decoding to obtain E' e =B′ 1 -B′ e E 'after decoding' e Sent to the applicant A 1 At the application side A 1 Received E' e Then, the median B can be calculated In =(2B′ 1 -E′ e ) /2, if E is equal to 1, then call E c =B 1 -B c A 1 is mixing E c Decoding to obtain E' c =B′ 1 -B′ c E 'after decoding' c Sent to the applicant A 1 At the application side A 1 Received E' c Then, the median B can be calculated In =(2B′ 1 -E′ c ) And/2, if c and E are not equal to 1, calling E e =B 1 -B e And E c =B 1 -B c Are respectively paired with E e And E c Decoding to obtain E' e =B′ 1 -B′ e And E' c =B′ 1 -B′ c E 'after decoding' e And E' c Sent to the applicant A 1 At the application side A 1 Received E' e And E' c Then, the median B can be calculated In =(2B′ 1 -E′ e -E′ c )/2。
Further, according to the first result C j And a second result D j Determining a third result E j According to the third result E j All participants A i Data B of i Is based on B i Size sequence determination B i The median of (a) is performed by the referee, who is the party participating in the processA i One, the referee sends the median to the application party A 1
Further, the first result C j And a second result D j Determining a third result E j The method comprises the following steps:
further, the referee pre-acquires the remaining participants A j A sequential sequence of (a);
the judge party converts the first result C according to the sequence j And a second result D j Respectively spliced into matrixes of 1 row and n-1 columns to obtain a first matrix H 1 And a second matrix H 2 First matrix H 1 And a second matrix H 2 Is the same as the sequential sequence;
referee to first matrix H 1 And a second matrix H 2 Performing a matrix addition/matrix subtraction operation to obtain an operation result matrix including the third result E j
The judge party follows the third result E j Determines the remaining participant a j According to a third result E j Determining the applicant A according to the size relation of 0 1 With each of the remaining parties A j To determine the applicant A 1 And all participants a i A data size sequence of (a);
the referee is also responsible for generating and distributing the keys. .
In a second aspect, the present application provides a system for secure multi-party computation of a median in data. The system comprising a plurality of user terminals in a one-to-one correspondence with the participants according to any of the above first aspects, the system being adapted to perform the method according to any of the above first aspects.
In summary, the present application at least includes the following beneficial effects:
1. the method for safely calculating the median of the data by multiple parties is provided, and the median after the data size sorting of the participants can be determined under the condition that the participants do not reveal own data;
2. the specific algorithm is simple and efficient, the practicability is high, the interactive data is in an encapsulated arrow format, serialization and deserialization are not needed, and the transmission efficiency and the calculation efficiency are further improved;
3. the data sending and receiving are verified through the verification code, so that the data transmission process is prevented from being tampered, and the reliability of the sequencing result is guaranteed.
It should be understood that what is described in this summary section is not intended to limit key or critical features of the embodiments of the application, nor is it intended to limit the scope of the application. Other features of the present application will become apparent from the following description.
Drawings
The above and other features, advantages and aspects of various embodiments of the present application will become more apparent by referring to the following detailed description when taken in conjunction with the accompanying drawings. In the drawings, like or similar reference characters designate like or similar elements, and wherein:
FIG. 1 illustrates an exemplary operating environment in which embodiments of the present application can operate;
FIG. 2 is a flow chart illustrating a method for secure multi-party computation of a median in data in an embodiment of the present application;
FIG. 3 is a block diagram illustrating a system for secure multi-party computation of a median in data according to an embodiment of the present application;
fig. 4 shows a block diagram of the user terminal of fig. 3.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
In addition, the term "and/or" herein is only one kind of association relationship describing an associated object, and means that there may be three kinds of relationships, for example, a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" herein generally indicates that the former and latter related objects are in an "or" relationship.
The application provides a method and a system for safely calculating median of data in multiple parties, which can determine the median after data size sequencing of all parties under the condition of ensuring that original data of the parties are not leaked, and have the advantages of simple algorithm, high efficiency, practicability and reliability.
FIG. 1 illustrates a schematic diagram of an exemplary operating environment 100 in which embodiments of the present application can operate. The operating environment 100 includes a plurality of terminals 110, the plurality of terminals 110 are communicatively connected to each other, each terminal 110 is capable of performing data interaction with any other terminal 110, the communication connection between the terminals 110 may be through a local area network and an internet, or through a mobile communication network, a satellite communication network, or a WiFi module, a lora module, or other communication means, and the specific communication manner is not limited. The terminals 110 have terminal identifications so that the data transmitted from each terminal 110 can determine the origin.
FIG. 2 is a flow chart illustrating a method 200 for secure multi-party computation of a median in data in an embodiment of the present application. The method 200 may operate in the operating environment of fig. 1.
Each terminal 110 includes a piece of privacy data, and when a terminal 110 needs to determine the median of the privacy data, the range of the participants needs to be first selected, that is, the median of the privacy data of which terminals 110 is determined, and then the method 200 can be executed.
In the method 200, n participants are provided, n is more than or equal to 2, and A is used as the participant i Data representing, participating in, with B i Denotes that I belongs to I, and I is { I | I belongs to N * And i is less than or equal to N }, N * Is a positive integer set, A 1 Obtain self data B for application 1 The applying party of the size sequence of (1) is A 1 Data is B 1 The rest of the participants are A j Data is B j J ∈ I and j ≠ 1.
The method 200 specifically comprises the following steps:
s210: the participant divides the data itself into two parts.
In this embodiment, applicant A 1 The self data B 1 Divided into two parts, and the rest of each participant A j The self data B j The actions divided into two parts are randomly distributed so as to ensure that original data cannot be deduced through any distribution result data and ensure the safety of the original data.
To further improve the security of the data, party a i Data B of i The original data which is ordered is not required, but the original data is homomorphic encrypted to obtain the data. Specifically, let party A i Is B 'as raw data' i ,B′ i Based on a preset secret key, obtaining B after being encrypted by a homomorphic encryption algorithm i
In the embodiment of the application, the B' i Enlargement of a m Multiple, a is constant and a ≠ 0, gives B i (ii) a a is 10, and m is determined according to requirements. Original data B' i Homomorphic ciphertext B obtained through homomorphic encryption i And original data B' i With the same arithmetic property, can be used for calculating and determining original data B' i Relation between, and homomorphic ciphertext B i Will not directly reflect original data B' i The size of the data block is reduced, so that the safety of the original data is further improved under the condition of ensuring the calculation result.
Of course, the homomorphic encryption may also adopt other homomorphic encryption methods, for example, if the multiplication expansion and multiplication calculation are not involved, the homomorphic encryption method may be adopted instead of the fully homomorphic encryption method. Further, the homomorphic encryption is to further reduce the original data B' i Possibility of leakage, i.e. dividing the original data by B' i In addition to the method of dividing into two portions, the division may be performed on the original data B' i After the two copies are divided, the homomorphic encryption is carried out before the two copies are sent out.
In order to ensure the security of the homomorphic encryption result, the need to avoidThe secret key is fixed, so the secret key can be triggered and generated when homomorphic encryption is required, in the embodiment of the application, the application party A 1 When applying for ranking, can be at all participants A i One party is randomly selected as a judge, the judge immediately generates a homomorphic encryption public and private key, and all participants A are informed i And sending the homomorphic encryption public and private keys, wherein the dynamic secret key can further improve the security of the encryption result. Of course, the referee may also be a third party.
In one specific example, the referee is the remaining participant a j Of which is then selected.
S220: the applicant sends a copy of data to the other participants, and the other participants send a copy of data to the applicant.
Application A 1 To the remaining participants A j Sending a copy of the same data, in this embodiment, applicant A 1 Respectively sending a copy of B 12 To the remaining participants A j . The remaining participants A j Then selects a piece of data to send to the application party A 1 The remaining participants A j All send one copy of B j1 To the application side A 1
Make application A 1 Finally, the data B is divided into one part 11 And the remaining participants a received j Transmitted n-1 data B j1 (ii) a Each of the remaining parties a j Finally having the applicant A 1 Transmitted data B 12 And self-retained data B j2
S230: the applicant calculates a first result with respect to each of the remaining participants, each of the remaining participants A j A second result is calculated.
First result is represented by C j Indicating that the second result is D j And (4) showing.
In a first example, applicant A 1 Against each remaining party a j Calculating to obtain a first result C j ,C j =±k(B 11 -B j1 ) The rest of each participant A j Calculating to obtain a second result D j ,D j =±(B 12 -B j2 );k≠0。
In a second example, applicant A 1 Against each remaining party a j Calculating to obtain a first result C j ,C j =±k(B 11 -B j1 ) The rest of each participant A j Calculating to obtain a second result D j
Figure BDA0003625638870000081
Figure BDA0003625638870000083
k≠0。
In the examples of the present application, C j =B 11 -B j1 ,D j =B 12 -B j2
S240: a third result is determined based on the first result and the second result.
Third result is given by E j Is represented by j =±d(C j ±D j ),d≠0。
In an example corresponding to the above first example, E j =±d(C j +D j )=±dk(B 11 -B j1 +B 12 -B j2 )=±dk(B 1 -B j )。
In an example corresponding to the above second example, E j =±d(C j -D j )=±dk{(B 11 -B j1 )-[-(B 12 -B j2) ])}=±dk(B 1 -B j )。
In the examples of this application, E j =C j +D j =B 1 -B j Thereby being able to determine the remaining parties A j N-1 third results E in one-to-one correspondence j The corresponding data described in this embodiment refers to the data with the same subscript j.
It will be appreciated that the method of this step needs to be based on the first result C j And a second result D j Calculation, so the applicant A is required 1 Calculating the first result C j And a party participating in the processCalculated second result D j Are all sent to undertake to calculate a third result E j To the computing task of (1). In the embodiment of the present application, the method of the present step may be performed by the referee.
In the embodiment of the application, the referee pre-acquires the rest of the participants A j A sequential sequence of (a);
the judge party converts the first result C according to the sequence j And a second result D j Respectively spliced into 1 row and n-1 column matrixes to obtain a first matrix H 1 And a second matrix H 2 First matrix H 1 And a second matrix H 2 Is the same as the sequential sequence;
referee to first matrix H 1 And a second matrix H 2 Performing a matrix addition/matrix subtraction operation to obtain an operation result matrix including the third result E j
Specifically, whether the matrix addition operation or the matrix subtraction operation is selected, the principles of the two examples can be specifically referred to, and the description is not repeated since the principles are similar.
S250: and sequencing the sizes of the data of all the participants according to the third result, and determining a median based on the size sequences.
In the method of this step, E is the result of the third result j =±dk(B 1 -B j ) And k is not equal to 0 and d is not equal to 0, so that the third result E j And B 1 -B j Positive or negative correlation, according to n-1E, with d, k known j And the positive and negative of the coefficient +/-dk, n-1B can be determined 1 -B j The size sequence of (a). Specifically, if the coefficient ± dk is positive, the third result E j Size sequence of (1) directly represents B 1 -B j Can also represent B j A size sequence of (a); if the coefficients + -dk are negative, then the third result E j The reverse order of the size sequence of (A) represents B 1 -B j The reverse order can also represent B j The size sequence of (a).
Likewise, due to the third result E j =±dk(B 1 -B j ) And k is not equal to 0 and d is not equal to 0, so that the third result E j And B 1 -B j Positive or negative correlation, where d, k are known, the positive or negative of the coefficients + -dk can be determined, in conjunction with each E j Is in a size relationship with 0, B can be determined 1 -B j Is in relation to the size of 0. Specifically, if E j When equal to 0, then B 1 =B j (ii) a If the coefficients + -dk are positive, and E j If greater than 0, then B 1 >B j (ii) a If the coefficients + -dk are negative, and E j If greater than 0, then B 1 <B j (ii) a If the coefficients + -dk are negative, and E j If greater than 0, then B 1 <B j (ii) a If the coefficients + -dk are negative, and E j If < 0, then B 1 >B j . I.e. according to the third result E j And the coefficients + -dk can determine B 1 And each B j The magnitude relationship of (1).
In one specific example, E j =B 1 -B j So n-1 of E j The size relationship of (a) directly reflects n-1B j The magnitude relationship of (a).
Binding n-1 of B j And n-1 of B j Each of which is in contact with B 1 Can determine n B i The size sequence of (a). In one example, all of B are determined i The method for the size sequence of (1) is as follows: first B j Arranged from large to small according to the size sequence (the order of equal size can be randomly determined), and then arranged in B from large to small j Middle insert B 1 (ii) a In accordance with B 1 And each B j Is determined by the size relationship of (B) 1 In position B of 1 ≤B j When it is used, B 1 Is arranged at the B j Then, in B 1 >B j When it is, B 1 Is arranged at the B j Before; then n B can be finally determined i Can also determine the size sequence of each B i Size sequence a of i
The method of this step can be specifically executed by the referee who can determine B 1 Size sequence a of 1 I.e. determine the claimant A 1 Original data B' i At all participants A i The sequence of the middle size is specifically ranked from large to small.
In determining n numbers of B i After the sequence of the sizes arranged from large to small, whether n is an odd number or an even number is judged.
If n is an odd number, B located at the (n +1)/2 position is determined i Let i be B or B b At all B i Judging whether b is 1 or not at the position of the median of the size sequence, and if b is equal to 1, feeding back to the applicant A 1 Information its own original data B' 1 Is a median, if b is not equal to 1, then E is called b =B 1 -B b Decoding the result to obtain E' b =B′ 1 -B′ b At the application side A 1 Received E' b Then, the median B can be calculated In =B′ b =B′ 1 -E′ b
If n is an even number, B at the n/2-1 position and at the n/2+1 position is determined i Let i be c, B c At all B i N/2-1 position in size order, i ═ e, B e At all B i Respectively judging whether c and E are equal to 1 at the n/2+1 position in the size sequence, and calling E if c is equal to 1 e =B 1 -B e A 1 is mixing E e Decoding to obtain E' e =B′ 1 -B′ e E 'after decoding' e Sent to the applicant A 1 At the application side A 1 Received E' e Then, the median B can be calculated In =(2B′ 1 -E′ e ) /2, if E is equal to 1, then call E c =B 1 -B c A 1 is mixing E c Decoding to obtain E' c =B′ 1 -B′ c E 'after decoding' c Sent to the applicant A 1 At the application side A 1 Received E' c Then, the median B can be calculated In =(2B′ 1 -E′ c ) And/2, if c and E are not equal to 1, calling E e =B 1 -B e And E c =B 1 -B c Respectively to E e And E c Decoding to obtain E' e =B′ 1 -B′ e And E' c =B′ 1 -E′ c E 'after decoding' e And E' c Sent to the applicant A 1 At the application side A 1 Received E' e And E' c Then, the median B can be calculated In =(2B′ 1 -E′ e -E′ c )/2。
If there are coefficients, the referee may decode based on the known coefficients.
The above can make the application party A 1 Obtaining n participants A i Original data B' i The size-sorted median.
Further, to avoid being tampered during data transmission, the method 200 further includes a data verification method.
Specifically, applicant A 1 According to B 12 Generating a first application verification code E 1 And respectively sending the first application verification code to each of the rest participants A j The rest of each participant A j Respectively according to received B 12 Generating a second application verification code E 2 The rest of each participant A j Judging the received first application verification code E 1 And the calculated verification code E of the second application 2 Whether the relation of (A) is the same as the first preset relation or not, if so, B is represented 11 Is not tampered in the transmission process;
each of the remaining parties a j Are respectively according to B j1 Generating a first participation verification code G j1 And sends the first participation verification code to the applicant A 1 Application side A 1 According to received B j1 Generating a second participation verification code G j2 Application side A j Determining a corresponding received first participation verification code G j1 With the calculated second participation authentication code G j2 Whether the relation of (A) is the same as the second preset relation or not, if so, the corresponding B is represented j1 Has not been tampered during transmission.
In one example, the
Figure BDA0003625638870000121
Namely, it is
Figure BDA0003625638870000122
Remainder of the result of dividing by q, E 2 According to received B 12 Calculating; the above-mentioned
Figure BDA0003625638870000123
G j2 According to received B j1 Calculating; wherein p and q are both prime numbers and q divides p-1 evenly, p and q can be empirically larger prime numbers, g is an integer and g is
Figure BDA0003625638870000124
The first preset relationship is E 1 =E 2 The second predetermined relationship is G j1 =G j2
Of course, except for B 12 、B j1 Besides, any other data related to transmission between different parties can also be verified by using the above verification method, and besides the above verification algorithm related autonomously, any other verification algorithm that ensures that the verification code is related to the transmission content and that the transmission content cannot be obtained by reverse deduction through the verification code can also be used, which is not described herein one by one.
In addition, in order to facilitate data transmission among multiple parties, before data is sent out, the data needs to be packaged into an arrow format without serialization and deserialization, so that processing pressure is reduced, and transmission efficiency is improved.
It should be noted that for simplicity of description, the above-mentioned embodiments of the method are described as a series of acts, but those skilled in the art should understand that the present application is not limited by the described order of acts, as some steps may be performed in other orders or simultaneously according to the present application. Further, those skilled in the art should also appreciate that the embodiments described in the specification are exemplary embodiments and that the acts and modules referred to are not necessarily required in this application.
The foregoing is a description of method embodiments, and the following is a further description of the embodiments of the present application with reference to system embodiments.
FIG. 3 is a block diagram illustrating a system 300 for secure multi-party computation of a median in data according to an embodiment of the present application. Referring to fig. 3, a system 300 includes: comprising a plurality of user terminals 310, a said user terminal 310 acting as a party A as described above i
Fig. 4 shows a block diagram of the user terminal of fig. 3. Referring to fig. 4, the user terminal 310 includes:
a data dividing module 310 for dividing the self data B i Is divided into two parts, B i =B i1 +B i2
A data transmission module 320, configured to perform data transmission with other user terminals 310;
a result calculation module 330 for calculating a first result C j The second result D j And a third result E j (ii) a And
a median determination module 340 for determining a median according to the third result E j The median is calculated.
The system 300 can execute the method 200, and each user terminal 310 in the system 300 can be an applicant A i Participant A j Or a referee.
It can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working process of the described module may refer to the corresponding process in the foregoing method embodiment, and is not described herein again.
The above description is only a preferred embodiment of the application and is illustrative of the principles of the technology employed. It will be appreciated by those skilled in the art that the scope of the disclosure herein is not limited to the particular combination of features described above, but also encompasses other arrangements formed by any combination of the above features or their equivalents without departing from the spirit of the disclosure. For example, the above features may be replaced with (but not limited to) features having similar functions disclosed in the present application.

Claims (10)

1. A method for safely calculating median of data by multiple parties is characterized in that n participants are set, n is more than or equal to 2, and A is used as the participant i Data representing, participating in, with B i Denotes that I ∈ I, I ∈ { I | I ∈ N * And i is less than or equal to n }, A 1 Obtaining self data B for application 1 The size sequence of (1); the method comprises the following steps:
application A 1 The self data B 1 Is divided into two parts, B 1 =B 11 +B 12 The rest of each participant A j The self data B j Is divided into two parts, B j =B j1 +B j2 J belongs to I and j is not equal to 1;
application A 1 Respectively sending a copy of B 12 To the remaining participants A j The remaining participants A j All send one copy of B j1 To the applicant A 1
Application A 1 Against each remaining party a j Calculating to obtain a first result C j ,C j =±(B 11 -B j1 ) The rest of each participant A j Calculating to obtain a second result D j ,D j =±(B 12 -B j2 );
According to the first result C j And a second result D j Determining a third result E j ,E j =C j +D j
According to the third result E j All participants A i Data B of i Is based on B i Size sequence determination B i The median of (2).
2. The method of claim 1, wherein the first result C is a median of data calculated by multiple parties j =±(B 11 -B j1 ) The rest of each participant A j Calculating to obtain a second result D j
Figure FDA0003625638860000011
Third result E j =C j -D j
3. A method for secure multiparty computation of a median in data according to claim 1 or 2, characterised in that party a is involved in i Is B 'as raw data' i ,B′ i Based on a preset secret key, obtaining B after being encrypted by a homomorphic encryption algorithm i
4. The method of claim 3, wherein B 'is a secure method for computing median in data from multiple parties' i Enlargement of a m Multiple, a is constant and a ≠ 0, gives B i
5. The method for secure multi-party computation of median data according to any of claims 1-4, wherein the claimant A 1 According to B 12 Generating a first application verification code E 1 And respectively sending the first application verification code to each of the rest participants A j The rest of each participant A j Respectively according to received B 12 Generating a second application verification code E 2 The rest of each participant A j Judging the received first application verification code E 1 And the calculated second application verification code E 2 Whether the relation of (A) is the same as the first preset relation or not, if so, B is represented 11 Is not tampered in the transmission process;
each of the remaining parties a j Are respectively according to B j1 Generating a first participation verification code G j1 And sends the first participation verification code to the applicant A 1 Application side A 1 According to received B j1 Generating a second participation verification code G j2 Application side A j Determining a corresponding received first participation verification code G j1 With the calculated second participation authentication code G j2 Whether the relation of (A) is the same as the second preset relation or not, if so, the corresponding B is represented j1 Has not been tampered during transmission.
6. The method of claim 5, wherein the method for secure multi-party computation of the median of data comprises
Figure FDA0003625638860000021
E 2 According to received B 11 Calculating; the above-mentioned
Figure FDA0003625638860000022
G j2 According to received B j1 Calculating;
wherein p and q are both prime numbers and q divides p-1 evenly, g is an integer and g is
Figure FDA0003625638860000023
The first preset relationship is E 1 =E 2 The second predetermined relationship is G j1 =G j2
7. The method of claim 1, wherein the third result E is used to calculate the median of the data j All participants A i Data B of i Is based on B i Size sequence determination B i The median of (a) includes:
in determining n number of B i After the sequence of the sizes arranged from large to small, judging whether n is an odd number or an even number;
if n is an odd number, B located at the (n +1)/2 position is determined i Let i be B or B b At all B i Judging whether b is 1 or not at the position of the median of the size sequence, and if b is equal to 1, feeding back to the applicant A 1 Information its own original data B' 1 Is a median, if b is not equal to 1, then E is called b =B 1 -B b Decoding the result to obtain E' b =B′ 1 -B′ b At the application side A 1 Received E' b Then, the median B can be calculated In =B′ b =B′ 1 -E′ b
If n is an even number, B at the n/2-1 position and at the n/2+1 position is determined i Let i be c, B c At all B i N/2-1 position in size order, i ═ e, B e At all B i Respectively judging whether c and E are equal to 1 at the n/2+1 position in the size sequence, and calling E if c is equal to 1 e =B 1 -B e A 1 is mixing E e Decoding to obtain E' e =B′ 1 -B′ e E 'after decoding' e Sent to the applicant A 1 At the application side A 1 Received E' e Then, the median B can be calculated In =(2B′ 1 -E′ e ) /2, if E is equal to 1, then call E c =B 1 -B c A 1 is mixing E c Decoding to obtain E' c =B′ 1 -B′ c E 'after decoding' c Sent to the applicant A 1 At the application side A 1 Received E' c Then, the median B can be calculated In =(2B′ 1 -E′ c ) And/2, if c and E are not equal to 1, calling E e =B 1 -B e And E c =B 1 -B c Are respectively paired with E e And E c Decoding to obtain E' e =B′ 1 -B′ e And E' c =B′ 1 -B′ c E 'after decoding' e And E' c Sent to the applicant A 1 At the application side A 1 Received E' e And E' c Then, the median B can be calculated In =(2B′ 1 -E′ e -E′ c )/2。
8. The method of claim 3, wherein the computing the median in the data is based on the first result C j And a second result D j Determining a third result E j According to the third result E j All participants A i Data B of i Is based on B i Size sequence determination B i The median of (a) is performed by the referee, who is party A i One of them is cut outThe decider sends the median to the applicant A 1
9. The method of claim 8, wherein said computing a median in data is based on a first result C j And a second result D j Determining a third result E j The method comprises the following steps:
the referee pre-acquires the rest of the participants A j A sequential sequence of (a);
the judge party converts the first result C according to the sequence j And a second result D j Respectively spliced into 1 row and n-1 column matrixes to obtain a first matrix H 1 And a second matrix H 2 First matrix H 1 And a second matrix H 2 Is the same as the sequential sequence;
referee to first matrix H 1 And a second matrix H 2 Performing a matrix addition/matrix subtraction operation to obtain an operation result matrix including the third result E j
The judge party follows the third result E j Determines the remaining participant a j According to the third result E j Determining the applicant A according to the size relation of 0 1 With each of the remaining parties A j To determine all participants a i A data size sequence of (a);
the referee is also responsible for generating and distributing the keys.
10. A system for secure multi-party computation of a median in data, comprising a plurality of user terminals in one-to-one correspondence with the parties of any of claims 1-9, the system being adapted to perform the method of any of claims 1-9.
CN202210468703.1A 2022-04-29 2022-04-29 Method and system for calculating data median by secure multiple parties Active CN115017458B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210468703.1A CN115017458B (en) 2022-04-29 2022-04-29 Method and system for calculating data median by secure multiple parties

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210468703.1A CN115017458B (en) 2022-04-29 2022-04-29 Method and system for calculating data median by secure multiple parties

Publications (2)

Publication Number Publication Date
CN115017458A true CN115017458A (en) 2022-09-06
CN115017458B CN115017458B (en) 2023-06-09

Family

ID=83066829

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210468703.1A Active CN115017458B (en) 2022-04-29 2022-04-29 Method and system for calculating data median by secure multiple parties

Country Status (1)

Country Link
CN (1) CN115017458B (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109104413A (en) * 2018-07-17 2018-12-28 中国科学院计算技术研究所 The method and verification method that private data for multi-party computations seeks common ground
US20200226284A1 (en) * 2019-01-11 2020-07-16 Experian Information Solutions, Inc. Systems and methods for secure data aggregation and computation
CN112861152A (en) * 2021-02-08 2021-05-28 北京航空航天大学 Federal learning incentive method and system based on permit chain
CN112906044A (en) * 2021-05-10 2021-06-04 腾讯科技(深圳)有限公司 Multi-party security calculation method, device, equipment and storage medium
CN113312641A (en) * 2021-06-02 2021-08-27 杭州趣链科技有限公司 Multipoint and multiparty data interaction method, system, electronic device and storage medium
CN113392422A (en) * 2021-08-16 2021-09-14 华控清交信息科技(北京)有限公司 Data processing method and device and data processing device
CN113660272A (en) * 2021-08-18 2021-11-16 北京航空航天大学 Asynchronous consensus method and device for anti-Byzantine sequencing
CN114168977A (en) * 2021-11-07 2022-03-11 西安电子科技大学 Cipher text-based numerical value safe sorting method and system

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109104413A (en) * 2018-07-17 2018-12-28 中国科学院计算技术研究所 The method and verification method that private data for multi-party computations seeks common ground
US20200226284A1 (en) * 2019-01-11 2020-07-16 Experian Information Solutions, Inc. Systems and methods for secure data aggregation and computation
CN112861152A (en) * 2021-02-08 2021-05-28 北京航空航天大学 Federal learning incentive method and system based on permit chain
CN112906044A (en) * 2021-05-10 2021-06-04 腾讯科技(深圳)有限公司 Multi-party security calculation method, device, equipment and storage medium
CN113312641A (en) * 2021-06-02 2021-08-27 杭州趣链科技有限公司 Multipoint and multiparty data interaction method, system, electronic device and storage medium
CN113392422A (en) * 2021-08-16 2021-09-14 华控清交信息科技(北京)有限公司 Data processing method and device and data processing device
CN113660272A (en) * 2021-08-18 2021-11-16 北京航空航天大学 Asynchronous consensus method and device for anti-Byzantine sequencing
CN114168977A (en) * 2021-11-07 2022-03-11 西安电子科技大学 Cipher text-based numerical value safe sorting method and system

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
耿魁等: "基于隐私匹配的服务代理发现方法", 《通信学报》 *
耿魁等: "基于隐私匹配的服务代理发现方法", 《通信学报》, no. 08, 25 August 2016 (2016-08-25) *

Also Published As

Publication number Publication date
CN115017458B (en) 2023-06-09

Similar Documents

Publication Publication Date Title
Zheng et al. Secure and efficient proof of storage with deduplication
CN109474422A (en) A kind of method that multi-party collaboration generates SM2 digital signature
CN114157427B (en) SM2 digital signature-based threshold signature method
CN111064579A (en) Block chain-based secure multi-party computing method, system and storage medium
CN111934877B (en) SM2 collaborative threshold signature method, storage medium and electronic device
CN109547199B (en) Method for generating SM2 digital signature by combining multiple parties
CN109981269B (en) Secure and efficient SM9 multi-party key distribution method and device
CN111737757B (en) Method and device for performing secure operation on private data
CN112632630A (en) SM 2-based collaborative signature calculation method and device
CN112202562A (en) RSA key generation method, computer device and medium
CN109510709B (en) RSA-based (k, n) threshold signature method and device and electronic equipment
Tseng A robust multi-party key agreement protocol resistant to malicious participants
CN112686669A (en) Signature method and device of super account book and storage medium
CN111931194A (en) Security monitoring big data processing method and device based on cloud computing
CN116743376A (en) Multiparty secret sharing data privacy comparison method based on efficient ciphertext confusion technology
CN111565108A (en) Signature processing method, device and system
CN115017458A (en) Method and system for safely calculating median of data by multiple parties
CN115473633B (en) Method and device for generating SM2 digital signature by multiparty cooperation
CN115037435A (en) Method and system for secure multiparty computation of data sequences
CN111274613B (en) Iterative SM2 digital signature generation method, system, medium and device
CN113268777B (en) Bid information processing method and module based on block chain and electronic equipment
CN115037436B (en) Method and system for calculating data mean value by using safe multiple parties
CN115037434B (en) Multiparty data security calculation method and system based on privacy calculation
CN108712657B (en) Barrage verification method, computer equipment and storage medium
CN111654859A (en) Mobile block chain resource allocation method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant