CN115037435A - Method and system for secure multiparty computation of data sequences - Google Patents
Method and system for secure multiparty computation of data sequences Download PDFInfo
- Publication number
- CN115037435A CN115037435A CN202210467201.7A CN202210467201A CN115037435A CN 115037435 A CN115037435 A CN 115037435A CN 202210467201 A CN202210467201 A CN 202210467201A CN 115037435 A CN115037435 A CN 115037435A
- Authority
- CN
- China
- Prior art keywords
- data
- result
- participants
- sequence
- application
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/008—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The application provides a method and a system for safely calculating a data sequence in multiple parties, belongs to the technical field of safe multiple-party calculation, and is used for solving the problem of poor multi-party safety ordering effect in the related technology. In the method and the system, a plurality of participants realize data size sequencing under the condition of not revealing own data outwards, firstly, each participant divides own data into two parts, then, one participant is used as an applicant to respectively send one part of data to the other participants, the other participants respectively send one part of data to the applicant, the applicant can calculate the difference between the data retained by the applicant and the received data sent by the other participants, the other participants can also calculate the difference between the data sent by the applicant and the data retained by the applicant, the two groups of differences are gathered to a judge and correspondingly added, and the data size sequences of all the participants can be determined according to the obtained result. The method and the system better solve the problem of safe multi-party calculation of the data sequence.
Description
Technical Field
The present application relates to the field of secure multiparty computing technologies, and in particular, to a method and system for secure multiparty computing a data sequence.
Background
The secure multiparty computing (SNC) is a collaborative computing problem for protecting privacy among a group of mutually untrusted participants, ensures the independence of input and the correctness of computing, does not reveal an input value to other members participating in computing, mainly aims at solving the problem of how to safely compute an appointed function under the condition of no trusted third party, and plays an important role in scenes such as electronic election, electronic voting, electronic auction, secret sharing, threshold signature and the like.
Disclosure of Invention
The application provides a method and a system for secure multi-party computation of a data sequence, which can solve the problem of secure multi-party computation of the data sequence.
In a first aspect, the present application provides a method for secure multiparty computation of a data sequence.
In the method, n participants are provided, n is more than or equal to 2, and A is used as the participant i Data representing, participating in, with B i Denotes that I ∈ I, and I ∈ { I-I ∈ N * And i is less than or equal to n }, A 1 Obtaining self data B for application 1 The size sequence of (1); the method comprises the following steps:
application A 1 The self data B 1 Is divided into two parts, B 1 =B 11 +B 12 The rest of each participant A j The self data B j Is divided into two parts, B j =B j1 +B j2 J belongs to I and j is not equal to 1;
application A 1 Respectively sending a copy of B 12 To the remaining participants A j The remaining participants A j All send one copy of B j1 To the application side A 1 ;
Application A 1 Against each remaining party a j Calculating to obtain a first result C j ,C j =±(B 11 -B j1 ) The rest of each participant A j Calculating to obtain a second result D j ,D j =±(B 12 -B j2 );
According to the first result C j And a second result D j Determining a third result E j ,E j =C j +D j ;
According to the third result E j Determining all participants A i The data size sequence of (a).
By adopting the technical scheme, the data of any party can not be revealed in the calculation process, and each party can obtain the data size sequence of all parties, so that the problem of safe multi-party calculation of the data sequence is solved.
Further, the first result C j =±(B 11 -B j1 ) The rest of each participant A j Calculating to obtain a second result D j ,D j Dry (B) 12 -B j2 ) Third result E j =C j -D j 。
Further, party A i Is B 'as raw data' i ,B′ i Based on a preset secret key, obtaining B after being encrypted by a homomorphic encryption algorithm i 。
Further, the B' i Enlargement of a m Multiple, a is constant and a ≠ 0, gives B i 。
Further, application A 1 According to B 12 Generating a first application verification code E 1 And respectively sending the first application verification code to each of the rest participants A j The rest of each participant A j Respectively according to received B 12 Generating a second application verification code E 2 The rest of each participant A j Judging the received first application verification code E 1 And the calculated verification code E of the second application 2 Whether the relation of (A) is the same as the first preset relation or not, if so, B is represented 11 Is not tampered in the transmission process;
each of the remaining parties a j Are respectively according to B j1 Generating a first participating authentication code G j1 And sends the first authentication code to the applicant A 1 Application side A 1 According to received B j1 Generating a second participation verification code G j2 Application side A j Determining a corresponding received first participation verification code G j1 With the calculated second participation authentication code G j2 Whether the relation of (A) is the same as the second preset relation or not, if so, the corresponding B is represented j1 Has not been tampered during transmission.
Further, the
E 2 According to received B 11 Calculating; the above-mentioned
G j2 According to received B j1 Calculating;
wherein p and q are both prime numbers and q divides p-1 evenly, g is an integer and g is
The first preset relationship is E 1 =E 2 The second predetermined relationship is G j1 =G j2 。
Further, B is 12 、B j1 、C j 、D j 、E 1 、E 2 、G j1 、G j2 Are all in encapsulated arrow format.
Further, according to the first result C j And a second result D j Determining a third result E j According to the third result E j Determining the application A 1 Size sequence a of 1 Executed by a referee, who is a participant A i One, the judge will data size sequence a 1 Arbitrarily designating a plurality of parties A j Or all participants A i Is sent to the applicant A 1 。
Further, the first result C j And a second result D j Determining a third result E j The method comprises the following steps:
further, the referee pre-acquires the remaining participants A j A sequential sequence of (a);
the judge party converts the first result C according to the sequence j And a second result D j Respectively spliced into matrixes of 1 row and n-1 columns to obtain a first matrix H 1 And a second matrix H 2 First matrix H 1 And a second matrix H 2 Is the same as the sequential sequence;
referee to first matrix H 1 And a second matrix H 2 Performing a matrix addition/matrix subtraction to obtain an operation result matrix comprising the third result E j ;
The judge party follows the third result E j Determines the remaining participant a j According to the third result E j Determining the applicant A according to the size relation of 0 1 With each of the remaining parties A j To determine the data size relationship of the applicant A 1 And all participants a i A sequence of data sizes of;
the referee is also responsible for generating and distributing the keys. .
In a second aspect, the present application provides a system for secure multi-party computation of a data sequence. The system comprising a plurality of user terminals in a one-to-one correspondence with the participants according to any of the above first aspects, the system being adapted to perform the method according to any of the above first aspects.
In summary, the present application at least includes the following beneficial effects:
1. a method for secure multiparty computation of data sequences is provided that enables data size ordering of participants without revealing their own data;
2. the specific algorithm is simple and efficient, the practicability is high, the interactive data is in an encapsulated arrow format, serialization and deserialization are not needed, and the transmission efficiency and the calculation efficiency are further improved;
3. the data sending and receiving are verified through the verification code, so that the data transmission process is prevented from being tampered, and the reliability of the sequencing result is guaranteed.
It should be understood that what is described in this summary section is not intended to limit key or critical features of the embodiments of the application, nor is it intended to limit the scope of the application. Other features of the present application will become apparent from the following description.
Drawings
The above and other features, advantages and aspects of various embodiments of the present application will become more apparent by referring to the following detailed description when taken in conjunction with the accompanying drawings. In the drawings, like or similar reference characters designate like or similar elements, and wherein:
FIG. 1 illustrates an exemplary operating environment in which embodiments of the present application can operate;
FIG. 2 is a flow diagram illustrating a method for secure multiparty computation of a data sequence in an embodiment of the present application;
FIG. 3 is a block diagram illustrating a system for secure multi-party computation of data sequences in an embodiment of the application;
fig. 4 shows a block diagram of the user terminal of fig. 3.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
In addition, the term "and/or" herein is only one kind of association relationship describing an associated object, and means that there may be three kinds of relationships, for example, a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" herein generally indicates that the former and latter associated objects are in an "or" relationship.
The application provides a method and a system for safely calculating data sequences in multiple parties, which can determine the data size sequences of all participants under the condition of ensuring that the original data of the participants are not leaked, and have the advantages of simple algorithm, high efficiency, practicability and reliability.
FIG. 1 illustrates a schematic diagram of an exemplary operating environment 100 in which embodiments of the present application can operate. The operating environment 100 includes a plurality of terminals 110, the plurality of terminals 110 are communicatively connected to each other, each terminal 110 is capable of performing data interaction with any other terminal 110, the communication connection between the terminals 110 may be through a local area network and an internet, or through a mobile communication network, a satellite communication network, or a WiFi module, a lora module, or other communication means, and the specific communication manner is not limited. The terminals 110 have terminal identifications so that the data transmitted by each terminal 110 can be determined from the origin.
FIG. 2 illustrates a flow diagram of a method 200 for secure multi-party computation of a data sequence in an embodiment of the application. The method 200 may operate in the operating environment of fig. 1.
Each terminal 110 includes a copy of private data, and when a terminal 110 needs to perform data size sorting of the private data, the range of participants of the data size sorting, that is, which terminals 110 participate in the sorting, needs to be selected first, and then the method 200 can be executed.
In the method 200, n participants are set, n is more than or equal to 2, and the participants use A i Data representing, participating in, with B i I ∈ I, I ∈ { I | I ∈ N ≦ N }, N ≦ N } a positive integer set, a 1 Obtain self data B for application 1 The applying party of the size sequence of (1) is A 1 Data is B 1 The rest of the participants are A j Data is B j J ∈ I and j ≠ 1.
The method 200 specifically comprises the following steps:
s210: the participant divides the data itself into two parts.
In this embodiment, applicant A 1 Self data B 1 Divided into two, and the rest of each participant a j The self data B j The actions divided into two parts are randomly distributed so as to ensure that the original data cannot be deduced through any distribution result data and ensure the safety of the original data.
To further improve the security of the data, party a i Data B of i The original data which need not be ordered is obtained by homomorphic encryption of the original data. Specifically, let party A i Is B' i ,B′ i Based on a preset secret key, obtaining B after being encrypted by a homomorphic encryption algorithm i 。
In the embodiment of the application, the B' i Enlargement a m Multiple, a is constant and a ≠ 0, gives B i (ii) a a is 10, and m is determined according to requirements. Original data B' i Homomorphic ciphertext B obtained through homomorphic encryption i And original data B' i With the same arithmetic property, can be used for calculating and determining original data B' i Relation between, and homomorphic ciphertext B i Will not directly reflect original data B' i The size of the data block is reduced, so that the safety of the original data is further improved under the condition of ensuring the calculation result. Or adopting irreversible homomorphic encryption algorithm to make homomorphic cipher text B i Original data B 'cannot be obtained through deciphering' i Further improving original data B' i The safety of (2).
Of course, the homomorphic encryption may also adopt other homomorphic encryption methods, for example, if the multiplication expansion and multiplication calculation are not involved, the homomorphic encryption method may be adopted instead of the fully homomorphic encryption method. Additionally, homomorphic encryption is to further reduce original data B' i Possibility of leakage, i.e. dividing the original data by B' i In addition to the method of dividing into two portions, the division may be performed on the original data B' i After the two copies are separated, the homomorphic encryption is carried out before the two copies are sent to the outside.
In order to ensure the security of the homomorphic encryption result, it is necessary to avoid the key from being fixed, so the key can be triggered and generated when the homomorphic encryption is required 1 When applying for ranking, can be at all participants A i One party is randomly selected as a judge, the judge immediately generates homomorphic encryption public and private keys, and all participants A are informed i And sending the homomorphic encryption public and private keys, wherein the dynamic secret key can further improve the security of the encryption result. Of course, the referee may also be a third party.
In one specific example, the referee is the remaining participant a j Of which a selected one is then selected.
S220: the applicant respectively sends one copy of data to the other participants, and the other participants all send one copy of data to the applicant.
Application A 1 To the remaining participants A j Sending a copy of the same data, in this embodiment, applicant A 1 Respectively sending a copy of B 12 To the remaining participants A j . The remaining participants A j Then selects a piece of data to send to the application party A 1 The remaining participants A j All send one copy of B j1 To the applicant A 1 。
Make application A 1 Finally has one copy of data B divided by itself 11 And the remaining participants a received j Transmitted n-1 data B j1 (ii) a Each of the remaining parties a j Finally having the applicant A 1 Transmitted data B 12 And self-retained data B j2 。
S230: the applicant calculates a first result with respect to each of the remaining participants, each of the remaining participants A j A second result is calculated.
First result is represented by C j Indicating that the second result is D j And (4) showing.
In a first example, applicant A 1 Against each remaining party a j Calculating to obtain a first result C j ,C j =±k(B 11 -B j1 ) The rest of each participant A j Calculating to obtain a second result D j ,D j =±(B 12 -B j2 );k≠0。
In a second example, applicant A 1 Against each remaining party a j Calculating to obtain a first result C j ,C j =±k(B 11 -B j1 ) The rest of each participant A j Calculating to obtain a second result D j ,D j Dry (B) 12 -B j2 );k≠0。
In the examples of this application, C j =B 11 -B j1 ,D j =B 12 -B j2 。
S240: a third result is determined based on the first result and the second result.
Third result is given by E j Is represented by j =±d(C j ±D j ),d≠0。
In an example corresponding to the above first example, E j =±d(C j +D j )=±dk(B 11 -B j1 +B 12 -B j2 )=±dk(B 1 -B j )。
In an example corresponding to the above second example, E j =±d(C j -D j )=±dk{(B 11 -B j1 )-[-(B 12 -B j2 )])}=±dk(B 1 -B j )。
In the examples of the present application, E j =C j +D j =B 1 -B j Thereby being able to determine the remaining parties A j N-1 third results E in one-to-one correspondence j The corresponding data described in this embodiment refers to the data with the same subscript j.
It will be appreciated that the method of this step needs to be based on the first result C j And a second result D j Calculation, so the applicant A is required 1 Calculating the first result C j And a second result D calculated by the participant j Are all sent to undertake to calculate a third result B j To the computing task of (1). In the embodiment of the present application, the method of the present step may be performed by the referee.
In the embodiment of the application, the referee pre-acquires the rest of the participants A j A sequential sequence of (a);
the judge party converts the first result C according to the sequence j And a second result D j Respectively spliced into 1 row and n-1 column matrixes to obtain a first matrix H 1 And a second matrix H 2 First matrix H 1 And a second matrix H 2 Is the same as the sequential sequence;
referee to first matrix H 1 And a second matrix H 2 Matrix addition/matrix subtraction is performed,to obtain an operation result matrix containing the third result E j ;
Specifically, whether the matrix addition operation or the matrix subtraction operation is selected, the principles of the two examples can be specifically referred to, and the description is not repeated since the principles are similar.
S250: and determining the data size sequence of the applicant or the data size sequences of all the participants according to the third result.
In the method of this step, the result is E j =±dk(B 1 -B j ) And k is not equal to 0 and d is not equal to 0, so that the third result E j And B 1 -B j Positive or negative correlation, according to n-1E, with d, k known j And the positive and negative of the coefficient +/-dk, n-1B can be determined 1 -B j The size sequence of (a). Specifically, if the coefficient ± dk is positive, the third result E j Size sequence of (1) directly represents B 1 -B j Can also represent B j A size sequence of (a); if the coefficients + -dk are negative, then the third result E j The reverse order of the size sequence of (A) represents B 1 -B j The reverse order can also represent B j The size sequence of (c).
Likewise, due to the third result E j =±dk(B 1 -B j ) And k is not equal to 0 and d is not equal to 0, so that the third result E j And B 1 -B j Positive or negative correlation, where d, k are known, the positive or negative of the coefficients + -dk, in combination with each E j Is in a size relationship with 0, B can be determined 1 -B j And 0. Specifically, if E j When the value is 0, then B 1 =B j (ii) a If the coefficients + -dk are positive, and E j If greater than 0, then B 1 >B j (ii) a If the coefficients + -dk are negative, and E j If greater than 0, then B 1 <B j (ii) a If the coefficients + -dk are negative, and E j If greater than 0, then B 1 <B j (ii) a If the coefficients + -dk are negative, and E j If < 0, then B 1 >B j . I.e. according to the third result E j And the coefficient. + -. dk can be determinedB is fixed 1 And each B j The magnitude relationship of (1).
In one specific example, E j =B 1 -B j So n-1 of E j The size relationship of (a) directly reflects n-1B j The magnitude relationship of (1).
Binding n-1 of B j And n-1 of B j Each of which is in contact with B 1 Can determine n B i The size sequence of (a). In one example, all of B are determined i The method for the size sequence of (1) is as follows: first B j The sequences are arranged from big to small according to the size sequence (the order of equal size can be randomly determined), and then the sequence is arranged from big to small at B j Middle insert B 1 (ii) a In accordance with B 1 And each B j Is determined by the size relationship of (B) 1 In position B of 1 ≤B j When it is, B 1 Is arranged at the B j Then, in B 1 >B j When it is, B 1 Is arranged at the B j Before; then n B can be finally determined i Can also determine the size sequence of each B i Size sequence a of i 。
The method of this step can be specifically executed by the referee who can determine B 1 Size sequence a of 1 I.e. determining the application party A 1 Original data B' i At all participants A i The sequence of the middle size is specifically ranked from large to small.
Of course, the applicant can also obtain other arbitrary/arbitrary designated multiple participants A under the permission j And all participants a including itself i The size sequence of the original data.
Further, to avoid tampering during data transmission, the method 200 also includes a data verification method.
Specifically, the application A 1 According to B 12 Generating a first application verification code E 1 And respectively sending the first application verification code to each of the rest participants A j The rest of each participant A j Are respectively based onReceived B 12 Generating a second application verification code E 2 The rest of each participant A j Judging the received first application verification code E 1 And the calculated verification code E of the second application 2 Whether the relation of (A) is the same as the first preset relation or not, if so, B is represented 11 Is not tampered in the transmission process;
each of the remaining parties a j Are respectively according to B j1 Generating a first participating authentication code G j1 And sends the first participation verification code to the applicant A 1 Application side A 1 According to received B j1 Generating a second participation verification code G j2 Application side A j Determining a corresponding received first participation verification code G j1 With the calculated second participation authentication code G j2 Whether the relation of (A) is the same as the second preset relation or not, if so, the corresponding B is represented j1 Has not been tampered during transmission.
In one example, the
Namely, it is
Remainder of the division by q result, E 2 According to received B 12 Calculated to obtain, E 2 According to received B 12 Calculating; the above-mentioned
G j2 According to received B j1 Calculating; wherein p and q are both prime numbers and q divides p-1 evenly, p and q can be empirically larger prime numbers, g is an integer and g is
The first preset relationship is E 1 =E 2 The second predetermined relationship is G j1 =G j2 。
Of courseExcept for B 12 、B j1 In addition, other data related to transmission between different parties may also be verified by using the above verification method, and in addition to the above verification algorithm related autonomously, other verification algorithms that ensure that the verification code is related to the transmission content and that the transmission content cannot be obtained by reverse deduction through the verification code may also be used, which are not described here.
In addition, in order to facilitate data transmission among multiple parties, before data is sent out, the data needs to be encapsulated into an arrow format which does not need serialization and deserialization, so that processing pressure is reduced, and transmission efficiency is improved.
It should be noted that, for simplicity of description, the above-mentioned method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present application is not limited by the order of acts described, as some steps may occur in other orders or concurrently depending on the application. Further, those skilled in the art should also appreciate that the embodiments described in the specification are exemplary embodiments and that the acts and modules referred to are not necessarily required in this application.
The foregoing is a description of method embodiments, and the following is a further description of the embodiments of the present application with reference to system embodiments.
FIG. 3 is a block diagram illustrating a system 300 for secure multi-party computation of data sequences in an embodiment of the application. Referring to fig. 3, a system 300 includes: comprising a plurality of user terminals 310, a said user terminal 310 acting as a party A as described above i The user terminal 310 includes:
a data dividing module for dividing self data B i Is divided into two parts, B i =B i1 +B i2 ;
A data transmission module, configured to perform data transmission with other user terminals 310;
a result calculation module for calculating a first result C j The second result D j And a third result E j (ii) a And
a size sorting module for sorting according to a third nodeFruit E j Determining all participants A i The data size sequence of (a).
The system 300 can perform the method 200, and each user terminal 310 in the system 300 can be the claimant A i Participant A j Or a referee.
It can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working process of the described module may refer to the corresponding process in the foregoing method embodiment, and is not described herein again.
The above description is only a preferred embodiment of the application and is illustrative of the principles of the technology employed. It will be appreciated by those skilled in the art that the scope of the disclosure herein is not limited to the particular combination of features described above, but also encompasses other arrangements formed by any combination of the above features or their equivalents without departing from the spirit of the disclosure. For example, the above features may be replaced with (but not limited to) features having similar functions disclosed in the present application.
Claims (10)
1. A method for secure multi-party computation of data sequence is characterized in that n participants are provided, n is more than or equal to 2, and A is used as a participant i Data representing, participating in, with B i Denotes that I ∈ I, I ∈ { I | I ∈ N * And i is less than or equal to n }, A 1 Obtain self data B for application 1 The size sequence of (1); the method comprises the following steps:
application A 1 The self data B 1 Is divided into two parts, B 1 =B 11 +B 12 The rest of each participant A j The self data B j Is divided into two parts, B j =B j1 +B j2 J belongs to I and j is not equal to 1;
application A 1 Respectively sends a copy B 12 To the remaining participants A j The remaining participants A j All send one copy of B j1 To the applicant A 1 ;
Application A 1 With respect to each remaining participationSquare A j Calculating to obtain a first result C j ,C j =±(B 11 -B j1 ) The rest of each participant A j Calculating to obtain a second result D j ,D j =±(B 12 -B j2 );
According to the first result C j And a second result D j Determining a third result E j ,E j =C j +D j ;
According to the third result E j Determining all participants A i The data size sequence of (a).
2. The method of claim 1, wherein the first result C is a result of the secure multi-party computation of the data sequence j =±(B 11 -B j1 ) The rest of each participant A j Calculating to obtain a second result D j ,
Third result E j =C j -D j 。
3. A method for secure multiparty computation of a data sequence according to claim 1 or 2, characterised in that party a is involved in i Is B 'as raw data' i ,B′ i Based on a preset secret key, obtaining B after being encrypted by a homomorphic encryption algorithm i 。
4. The method of claim 3, wherein B' i Enlargement of a m Multiple, a is constant and a ≠ 0, gives B i 。
5. The method for secure multiparty computation of a data sequence according to any of the claims 1-4, wherein the claimant A is 1 According to B 12 Generating a first application verification code E 1 And respectively sending the first application verification code to each of the rest participants A j Each of the othersA participant A j Respectively according to received B 12 Generating a second application verification code E 2 The rest of each participant A j Judging the received first application verification code E 1 And the calculated second application verification code E 2 Whether the relation of (A) is the same as the first preset relation or not, if so, B is represented 11 Is not tampered in the transmission process;
each of the remaining parties a j Are respectively according to B j1 Generating a first participation verification code G j1 And sends the first participation verification code to the applicant A 1 Application side A 1 According to received B j1 Generating a second participation verification code G j2 Application side A j Determining a corresponding received first participation verification code G j1 With the calculated second participation authentication code G j2 Whether the relation of (A) is the same as the second preset relation or not, if so, the corresponding B is represented j1 Has not been tampered during transmission.
6. The method of claim 5, wherein said secure multiparty computation data sequence is based on a secure hash function of said data sequence
E 2 According to received B 11 Calculating; the above-mentioned
G j2 According to received B j1 Calculating;
wherein p and q are both prime numbers and q divides p-1 evenly, g is an integer and g is
The first preset relationship is E 1 =E 2 The second predetermined relationship is G j1 =G j2 。
7. The method of claim 5, wherein B is a secure multiparty computation data sequence 12 、B j1 、C j 、D j 、E 1 、E 2 、G j1 、G j2 Are all in encapsulated arrow format.
8. The method for secure multiparty computation of a data sequence of claim 3, wherein said first result C is based on j And a second result D j Determining a third result E j According to the third result B j Determining the application A 1 Size sequence a of 1 Executed by a referee, who is a participant A i One, the judge will data size sequence a 1 Arbitrarily designating a plurality of parties A j Or all participants A i Sends the data size sequence of (A) to the application party A 1 。
9. The method of claim 8, wherein said computing a data sequence from a first result C j And a second result D j Determining a third result E j The method comprises the following steps:
the referee pre-acquires the rest of the participants A j A sequential sequence of (a);
the judge party converts the first result C according to the sequence j And a second result D j Respectively spliced into 1 row and n-1 column matrixes to obtain a first matrix H 1 And a second matrix H 2 First matrix H 1 And a second matrix H 2 Is the same as the sequential sequence;
referee to first matrix H 1 And a second matrix H 2 Performing a matrix addition/matrix subtraction operation to obtain an operation result matrix including the third result E j ;
The judge party according to the third result E j Determines the remaining participant a j According to a third result E j Determining the applicant A according to the size relation of 0 1 With each of the remaining parties A j To determine all participants a i A sequence of data sizes of;
the referee is also responsible for generating and distributing the keys.
10. A system for secure multiparty computation of data sequences, comprising a plurality of user terminals in one-to-one correspondence with the participants of any of claims 1-9, the system being adapted to perform the method of any of claims 1-9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210467201.7A CN115037435B (en) | 2022-04-29 | 2022-04-29 | Method and system for secure multiparty calculation of data sequences |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210467201.7A CN115037435B (en) | 2022-04-29 | 2022-04-29 | Method and system for secure multiparty calculation of data sequences |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115037435A true CN115037435A (en) | 2022-09-09 |
| CN115037435B CN115037435B (en) | 2023-04-25 |
Family
ID=83119792
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210467201.7A Active CN115037435B (en) | 2022-04-29 | 2022-04-29 | Method and system for secure multiparty calculation of data sequences |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115037435B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20200242234A1 (en) * | 2019-01-28 | 2020-07-30 | Nec Corporation Of America | Secure multiparty computation of shuffle, sort, and set operations |
| CN111563261A (en) * | 2020-05-15 | 2020-08-21 | 支付宝(杭州)信息技术有限公司 | Privacy protection multi-party computing method and system based on trusted execution environment |
| US20210167946A1 (en) * | 2018-04-17 | 2021-06-03 | B. G. Negev Technologies & Applications Ltd., At Ben-Gurion | One-Round Secure Multiparty Computation of Arithmetic Streams and Evaluation of Functions |
| CN112906044A (en) * | 2021-05-10 | 2021-06-04 | 腾讯科技(深圳)有限公司 | Multi-party security calculation method, device, equipment and storage medium |
| CN114168977A (en) * | 2021-11-07 | 2022-03-11 | 西安电子科技大学 | Cipher text-based numerical value safe sorting method and system |
-
2022
- 2022-04-29 CN CN202210467201.7A patent/CN115037435B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20210167946A1 (en) * | 2018-04-17 | 2021-06-03 | B. G. Negev Technologies & Applications Ltd., At Ben-Gurion | One-Round Secure Multiparty Computation of Arithmetic Streams and Evaluation of Functions |
| US20200242234A1 (en) * | 2019-01-28 | 2020-07-30 | Nec Corporation Of America | Secure multiparty computation of shuffle, sort, and set operations |
| CN111563261A (en) * | 2020-05-15 | 2020-08-21 | 支付宝(杭州)信息技术有限公司 | Privacy protection multi-party computing method and system based on trusted execution environment |
| CN112906044A (en) * | 2021-05-10 | 2021-06-04 | 腾讯科技(深圳)有限公司 | Multi-party security calculation method, device, equipment and storage medium |
| CN114168977A (en) * | 2021-11-07 | 2022-03-11 | 西安电子科技大学 | Cipher text-based numerical value safe sorting method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115037435B (en) | 2023-04-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Liu et al. | Verifiable searchable encryption with aggregate keys for data sharing system | |
| CN107634836B (en) | SM2 digital signature generation method and system | |
| Miao et al. | Secure multi-server-aided data deduplication in cloud computing | |
| CN114157427B (en) | SM2 digital signature-based threshold signature method | |
| CN109474422A (en) | A kind of method that multi-party collaboration generates SM2 digital signature | |
| CN109981269B (en) | Secure and efficient SM9 multi-party key distribution method and device | |
| CN109547199B (en) | Method for generating SM2 digital signature by combining multiple parties | |
| CN112417489B (en) | Digital signature generation method and device and server | |
| CN112632630A (en) | SM 2-based collaborative signature calculation method and device | |
| Tseng | A robust multi-party key agreement protocol resistant to malicious participants | |
| CN111565108B (en) | Signature processing method, device and system | |
| CN110071796A (en) | A kind of calculation method based on shared secret | |
| CN110740034B (en) | Method and system for generating QKD network authentication key based on alliance chain | |
| CN116743376A (en) | Multiparty secret sharing data privacy comparison method based on efficient ciphertext confusion technology | |
| CN111931194A (en) | Security monitoring big data processing method and device based on cloud computing | |
| CN115037435A (en) | Method and system for secure multiparty computation of data sequences | |
| Wang et al. | Dynamic threshold changeable multi‐policy secret sharing scheme | |
| CN115017458B (en) | Method and system for calculating data median by secure multiple parties | |
| Shah et al. | Prediction error expansion‐based reversible data hiding in encrypted images with public key cryptosystem | |
| CN115378613A (en) | Anonymous information supervision method and system based on block chain | |
| CN111274613B (en) | Iterative SM2 digital signature generation method, system, medium and device | |
| CN115037436B (en) | Method and system for calculating data mean value by using safe multiple parties | |
| CN115037434B (en) | Multiparty data security calculation method and system based on privacy calculation | |
| CN115344882A (en) | Multi-party computing method, device and storage medium based on trusted computing environment | |
| CN114337994A (en) | Data processing method, device and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |