CN115065470B - Data transmission method and device - Google Patents
Data transmission method and device Download PDFInfo
- Publication number
- CN115065470B CN115065470B CN202210939672.3A CN202210939672A CN115065470B CN 115065470 B CN115065470 B CN 115065470B CN 202210939672 A CN202210939672 A CN 202210939672A CN 115065470 B CN115065470 B CN 115065470B
- Authority
- CN
- China
- Prior art keywords
- messages
- parameter
- group
- determining
- message
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/061—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/50—Oblivious transfer
Abstract
The embodiment of the invention provides a data transmission method and equipment.A sender selects a first random number according to a predefined addition group and determines a first parameter for negotiating a key according to the first random number and a generator of the addition group; the receiver determines a plurality of second parameters for negotiating a key based on the first parameters. And if the sender determines that the received second parameters belong to the addition group, the sender receives the first verification parameter and the second verification parameter sent by the receiver. If the sender determines that the first verification parameter belongs to the addition group, the second verification parameter is smaller than or equal to the preset threshold value, and the second verification parameter is credible, multiple keys corresponding to multiple messages in any group of messages are generated for any group of messages in the multiple groups of messages, the multiple messages in any group of messages are encrypted based on the multiple keys, and the encrypted ciphertext is sent to the receiver; and the receiver decrypts the received ciphertext to acquire the target message selected from any group of messages.
Description
Technical Field
The invention relates to the technical field of information and security data processing, in particular to a data transmission method and data transmission equipment.
Background
An Oblivious Transfer (OT) protocol is a communication protocol capable of effectively protecting data privacy of a participant. Parties to the OT protocol include: a Sender (Sender) and a Receiver (Receiver), wherein the Sender usually has a group of messages containing n messages, and the Receiver has an index corresponding to a message that the Receiver wants to select from the n messages, and after the OT is completed, the Sender does not know which message of the n messages the Receiver selects, and the Receiver obtains a message (i.e. a message corresponding to the index) that the Receiver needs but does not know the content of other messages in the group of messages. The OT protocol is generally called an n-to-1 OT protocol, and a 2-to-1 OT protocol is widely used.
In practical applications, if data to be transmitted is divided into m groups, where each group includes n messages, the sending side and the receiving side need to execute an OT protocol of n-out-of-1 m times during data transmission. When data transmission is performed by using an OT protocol of n-out-of-1 m times, there is a need to restrict message selection behavior of a receiver, such as: in a Private Set Intersection (PSI) protocol based on bloom filters, a message M0 in a group of messages represents a random number, and M1 represents an effective share, and when Intersection is solved, in order to avoid leakage of Private data of a sender, a receiver is required to select a message M1 corresponding to an index 1 from M times of 2-to-1, wherein the sum of the times of selecting the message M1 is not more than M/2 times.
However, in the existing OT protocol, the sender does not know which message in each group of messages the receiver has selected, and thus, the message selection behavior of the receiver is not restricted.
Disclosure of Invention
The embodiment of the invention provides a data transmission method and equipment, which are used for restricting message selection behaviors of a receiver.
In a first aspect, an embodiment of the present invention provides a data transmission method, which is applied to a sender, where the sender has multiple groups of messages, and each group of messages includes multiple messages; a receiver corresponding to the sender has multiple selective message indexes, the multiple selective message indexes are in one-to-one correspondence with the multiple groups of messages, and each selective message index is an index corresponding to a target message selected by the receiver in each group of messages, and the method comprises the following steps:
selecting a first random number according to a predefined addition group;
determining a first parameter for negotiating a key according to the first random number and the generator of the addition group, and sending the first parameter to a receiving party so that the receiving party determines a plurality of second parameters for negotiating the key based on the first parameter, wherein the plurality of second parameters are in one-to-one correspondence with the plurality of groups of messages;
receiving the plurality of second parameters sent by the receiving party;
if the plurality of second parameters belong to the addition group, receiving a first verification parameter and a second verification parameter sent by the receiving party; wherein the first authentication parameter is determined by the first parameter and a plurality of second random numbers selected by the receiver when determining the plurality of second parameters, respectively; the second verification parameter is the sum of the number of target selection message indexes in the plurality of selection message indexes;
if the first verification parameter belongs to the addition group, the second verification parameter is smaller than or equal to a preset threshold value, and the second verification parameter is credible, generating a plurality of keys corresponding to a plurality of messages in any group of messages aiming at any group of messages in the plurality of groups of messages;
and encrypting a plurality of messages in any group of messages based on the plurality of keys, and sending encrypted ciphertext to the receiving party so that the receiving party decrypts the ciphertext to acquire the target message selected from any group of messages.
Optionally, the determining, according to the first random number and the generator of the addition group, a first parameter for negotiating a key includes:
determining a product of the first random number and a generator of the addition group as a first parameter for negotiating a key.
Optionally, the second verification parameter is trusted, including:
determining a first product value of the first authentication parameter and an inverse of the first random number;
determining a summation result of the plurality of second parameters;
determining a second product value of the second verification parameter and the first parameter;
and if the first product value is equal to the difference between the summation result and the second product value, determining that the second verification parameter is authentic.
Optionally, the determining a first parameter for negotiating a key according to the first random number and the generator of the addition group includes:
determining a first parameter and a third parameter for negotiating a key according to the first random number and a generator of the addition group, wherein the third parameter is a product of the first random number and the first parameter;
the generating, for any one of the plurality of groups of messages, a plurality of keys corresponding to a plurality of messages of the any one group of messages includes:
for any group of messages in the plurality of groups of messages, generating a plurality of keys corresponding to a plurality of messages in the any group of messages based on the first random number, the first parameter, a second parameter corresponding to the any group of messages, the third parameter, a plurality of indexes corresponding to the plurality of messages in the any group of messages, and a preset key generation function.
In a second aspect, an embodiment of the present invention provides a data management apparatus, which is applied to a sender, where the sender has multiple groups of messages, and each group of messages includes multiple messages; a receiver corresponding to the sender has multiple selective message indexes, where the multiple selective message indexes are in one-to-one correspondence with the multiple groups of messages, and each selective message index is an index corresponding to a target message selected by the receiver in each group of messages, and the apparatus includes:
the processing module is used for selecting a first random number according to a predefined addition group; determining a first parameter for negotiating a key according to the first random number and a generator of the addition group;
a sending module, configured to send the first parameter to a receiving party, so that the receiving party determines, based on the first parameter, a plurality of second parameters for negotiating a key, where the plurality of second parameters are in one-to-one correspondence with the plurality of groups of messages;
a receiving module, configured to receive the plurality of second parameters sent by the receiving side; if the plurality of second parameters belong to the addition group, receiving a first verification parameter and a second verification parameter sent by the receiver; wherein the first authentication parameter is determined by the first parameter and a plurality of second random numbers selected by the receiver when determining the plurality of second parameters, respectively; the second verification parameter is the sum of the number of target selection message indexes in the plurality of selection message indexes;
the processing module is further configured to generate, for any one of the plurality of groups of messages, a plurality of keys corresponding to a plurality of messages in the any one group of messages if the first verification parameter belongs to the addition group, the second verification parameter is smaller than or equal to a preset threshold, and the second verification parameter is trusted; encrypting a plurality of messages in the any one group of messages based on the plurality of keys;
the sending module is further configured to send the ciphertext obtained through encryption to the receiving party, so that the receiving party decrypts the ciphertext to obtain the target message selected from any one of the groups of messages.
Optionally, the processing module is specifically configured to determine a product of the first random number and the generator of the addition group as a first parameter for negotiating a key.
Optionally, the processing module is further specifically configured to determine a first product value of the first verification parameter and an inverse element of the first random number; determining a summation result of the plurality of second parameters; determining a second product value of the second verification parameter and the first parameter; and if the first product value is equal to the difference between the summation result and the second product value, determining that the second verification parameter is authentic.
Optionally, the processing module is further specifically configured to determine a first parameter and a third parameter for negotiating a key according to the first random number and the generator of the addition group, where the third parameter is a product of the first random number and the first parameter; generating, for any one of the plurality of groups of messages, a plurality of keys corresponding to a plurality of messages in the any one group of messages based on the first random number, the first parameter, a second parameter corresponding to the any one group of messages, the third parameter, a plurality of indexes corresponding to the plurality of messages in the any one group of messages, and a preset key generation function.
In a third aspect, an embodiment of the present invention provides an electronic device, applied to a sender, including: a memory, a processor, a communication interface; wherein the memory has stored thereon executable code which, when executed by the processor, causes the processor to implement at least the data transmission method of the first aspect.
In a fourth aspect, an embodiment of the present invention provides a non-transitory machine-readable storage medium having stored thereon executable code, which when executed by a processor of an electronic device, causes the processor to implement at least the data transmission method according to the first aspect.
In a fifth aspect, an embodiment of the present invention provides a data transmission method, which is applied to a receiver, where a sender corresponding to the receiver has multiple groups of messages, and each group of messages includes multiple messages; the receiver has a plurality of selective message indexes, the selective message indexes are in one-to-one correspondence with the plurality of groups of messages, and each selective message index is an index corresponding to a target message selected by the receiver in each group of messages, and the method comprises the following steps:
receiving a first parameter used for negotiating a key and sent by the sender;
if the first parameter belongs to a predefined addition group, aiming at any group of messages in a plurality of groups of messages owned by a sender, inputting a selection message index corresponding to the any group of messages, and selecting a random number corresponding to the any group of messages;
determining a second parameter for negotiating a key according to the first parameter, the selection message index, the random number and the generator of the addition group, and sending the second parameter to the sender;
determining a first verification parameter according to the selected plurality of random numbers corresponding to the plurality of groups of messages and the first parameter;
determining a second verification parameter according to the sum of the number of target selection message indexes in a plurality of input selection message indexes corresponding to the plurality of groups of messages;
sending the first verification parameter and the second verification parameter to the sender, so that the sender receives the first verification parameter and the second verification parameter when determining that the second parameter belongs to the addition group, and generates a ciphertext of any one group of messages when determining that the first verification parameter and the second verification parameter meet verification conditions;
receiving the ciphertext sent by the sender;
and decrypting the target message selected from the plurality of messages in the any group of messages from the ciphertext by using the target key generated for the any group of messages.
Optionally, the determining a second parameter for negotiating a key according to the first parameter, the selection message index, the random number, and the generator of the addition group includes:
determining a first product value of the first parameter and the selection message index, a second product value of the random number and a generator of the addgroup;
determining a sum of the first product value and the second product value as a second parameter for negotiating a key.
Optionally, the determining, according to the selected plurality of random numbers corresponding to the plurality of groups of messages and the first parameter, a first authentication parameter includes:
and determining a product of a summation result of the selected plurality of random numbers corresponding to the plurality of groups of messages and the first parameter as a first authentication parameter.
Optionally, the determining a second verification parameter according to a sum of numbers of target selection message indexes in a plurality of input selection message indexes corresponding to the plurality of groups of messages includes:
and if the number of the messages contained in each group of messages is less than or equal to a preset value, summing a plurality of input selection message indexes corresponding to the plurality of groups of messages to obtain the sum of the number of the target selection message indexes, and determining a second verification parameter.
Optionally, the decrypting, from the ciphertext, the target message selected from the plurality of messages in the any group of messages by using the target key generated for the any group of messages includes:
generating a target key corresponding to any group of messages based on the first parameter, the second parameter, the random number and a preset key generation function;
and decrypting a target message selected from the plurality of messages in any group of messages from the ciphertext by using the target key.
In a sixth aspect, an embodiment of the present invention provides a data management apparatus, which is applied to a receiver, where a sender corresponding to the receiver has multiple groups of messages, and each group of messages includes multiple messages; the receiver has a plurality of selective message indexes, the selective message indexes are in one-to-one correspondence with the plurality of groups of messages, and each selective message index is an index corresponding to a target message selected by the receiver in each group of messages, and the apparatus includes:
a receiving module, configured to receive a first parameter for negotiating a key, where the first parameter is sent by the sender;
a processing module, configured to, if the first parameter belongs to a predefined addition group, input a selection message index corresponding to any one group of messages for any one group of messages owned by a sender, and select a random number corresponding to the any one group of messages; determining a second parameter for negotiating a key according to the first parameter, the selection message index, the random number, and a generator of the addition group; determining a first verification parameter according to the selected plurality of random numbers corresponding to the plurality of groups of messages and the first parameter; determining a second verification parameter according to the sum of the number of target selection message indexes in a plurality of input selection message indexes corresponding to the plurality of groups of messages;
a sending module, configured to send the second parameter to the sender; sending the first verification parameter and the second verification parameter to the sender, so that the sender receives the first verification parameter and the second verification parameter when determining that the second parameter belongs to the addition group, and generates a ciphertext of any one group of messages when determining that the first verification parameter and the second verification parameter meet verification conditions;
the receiving module is further configured to receive the ciphertext sent by the sender;
the processing module is further configured to decrypt, from the ciphertext, a target message selected from the plurality of messages in the any group of messages by using a target key generated for the any group of messages.
Optionally, the processing module is specifically configured to determine a first product value of the first parameter and the selection message index, and a second product value of the random number and the generator of the addition group; determining a sum of the first product value and the second product value as a second parameter for negotiating a key.
Optionally, the processing module is further specifically configured to determine, as the first verification parameter, a product of a summation result of the selected multiple random numbers corresponding to the multiple groups of messages and the first parameter.
Optionally, the processing module is further specifically configured to sum up a plurality of input selection message indexes corresponding to the plurality of groups of messages to obtain a sum of the numbers of target selection message indexes, and determine the second verification parameter, if the number of messages included in each group of messages is less than or equal to a preset value.
Optionally, the processing module is further specifically configured to generate a target key corresponding to any one of the group of messages based on the first parameter, the second parameter, the random number, and a preset key generation function; and decrypting the target message selected from the plurality of messages in any group of messages from the ciphertext through the target key.
In a seventh aspect, an embodiment of the present invention provides an electronic device, applied to a sender, including: a memory, a processor, a communication interface; wherein the memory has stored thereon executable code which, when executed by the processor, causes the processor to implement at least the data transmission method of the fifth aspect.
In an eighth aspect, the present invention provides a non-transitory machine-readable storage medium, on which executable code is stored, and when the executable code is executed by a processor of an electronic device, the processor is enabled to implement at least the data transmission method according to the fifth aspect.
In the scheme provided by the embodiment of the invention, two parties participating in data transmission are respectively a sender and a receiver, wherein the sender has a plurality of groups of messages, and each group of messages comprises a plurality of messages; the receiver corresponding to the sender has a plurality of selective message indexes, the selective message indexes correspond to the plurality of groups of messages one by one, and each selective message index is an index corresponding to a target message selected by the receiver in each group of messages.
When data transmission is carried out, firstly, a sending party selects a first random number according to a predefined addition group, determines a first parameter for negotiating a key according to the first random number and a generating element of the addition group, and sends the first parameter to a receiving party. Then, the receiver determines a plurality of second parameters for negotiating a key based on the first parameters, and transmits the plurality of second parameters to the sender, wherein the plurality of second parameters correspond to the plurality of groups of messages one to one. And then, if the sender determines that the received plurality of second parameters belong to the addition group, the sender receives the first verification parameters and the second verification parameters sent by the receiver. The first authentication parameter is determined by the first parameter and a plurality of second random numbers selected by the receiver when determining a plurality of second parameters respectively, and the second authentication parameter is the sum of the number of target selection message indexes in the plurality of selection message indexes. If the sender determines that the first verification parameter belongs to the addition group, the second verification parameter is smaller than or equal to the preset threshold value, and the second verification parameter is credible, multiple keys corresponding to multiple messages in any group of messages are generated aiming at any group of messages, the multiple messages in any group of messages are encrypted based on the multiple keys, and the encrypted ciphertext is sent to the receiver. And finally, the receiver decrypts the received ciphertext to acquire the target message selected from any group of messages.
Based on the scheme provided by the embodiment of the present invention, before generating a plurality of corresponding keys for any group of messages, a sender verifies whether a second verification parameter sent by a receiver is smaller than or equal to a set threshold, that is, verifies whether the sum of the numbers of target selection message indexes in a plurality of selection message indexes is smaller than or equal to the set threshold, where a message corresponding to a target selection message index is a message that the sender intends to restrict the number of times of selection of a receiver. And when the second verification parameter is less than or equal to the set threshold value and the second verification parameter is credible, the sender generates a plurality of secret keys corresponding to a plurality of messages in any group of messages aiming at any group of messages, encrypts the plurality of messages and sends the encrypted ciphertext to the receiver. When the second authentication parameter is greater than the set threshold or the second authentication parameter is not trusted, the sender may end data transmission. Thus, the message selection behavior of the receiving party can be restricted while protecting the privacy of the data of both parties.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on the drawings without creative efforts.
Fig. 1 is an interaction flowchart of a data transmission method according to an embodiment of the present invention;
fig. 2 is a schematic diagram of an n-to-1 OT protocol according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of a data management device according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of an electronic device corresponding to the data governance device provided in the embodiment shown in fig. 3;
FIG. 5 is a schematic structural diagram of another data governance device provided by an embodiment of the present invention;
fig. 6 is a schematic structural diagram of an electronic device corresponding to the data governance device provided in the embodiment shown in fig. 5.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The terminology used in the embodiments of the invention is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in the examples of the present invention and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, and "a" and "an" generally include at least two, but do not exclude at least one, unless the context clearly dictates otherwise. It should be understood that the term "and/or" as used herein is merely a relationship that describes an associated object, meaning that three relationships may exist, e.g., a and/or B, may represent: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" herein generally indicates that the former and latter associated objects are in an "or" relationship. The words "if", as used herein, may be interpreted as "at \8230; \8230when" or "when 8230; \8230, when", depending on the context.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a good or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such good or system. Without further limitation, an element defined by the phrases "comprising one of 8230; \8230;" 8230; "does not exclude the presence of additional like elements in articles of commerce or systems including such elements.
In addition, the sequence of steps in the embodiments of the methods described below is merely an example, and is not strictly limited.
The data transmission method provided by the embodiment of the invention can be executed by an electronic device, and the electronic device can be a terminal device such as a PC (personal computer), a notebook computer, a smart phone and the like, and can also be a server. The server may be a physical server including an independent host, or may also be a virtual server, or may also be a cloud server or a server cluster.
Fig. 1 is an interaction flowchart of a data transmission method according to an embodiment of the present invention, and as shown in fig. 1, the method may include the following steps:
101. the sender selects a first random number according to a predefined addition group, and determines a first parameter for negotiating a key according to the first random number and a generator of the addition group.
102. The sender sends the first parameter to the receiver.
103. If the receiver determines that the first parameter belongs to a predefined addition group, aiming at any group of messages in a plurality of groups of messages owned by the sender, inputting a selection message index corresponding to any group of messages, and selecting a second random number corresponding to any group of messages; and determining a second parameter of any group of messages for negotiating the key according to the first parameter, the selected message index and the second random number corresponding to any group of messages and the generating element of the addition group.
104. And the receiver sends a plurality of second parameters corresponding to the plurality of groups of messages to the sender.
105. The receiver determines a first verification parameter according to the selected plurality of second random numbers corresponding to the plurality of groups of messages and the first parameter; and determining a second verification parameter according to the sum of the number of target selective message indexes in a plurality of input selective message indexes corresponding to the plurality of groups of messages.
106. And the receiver sends the first authentication parameter and the second authentication parameter to the sender.
107. If the sender determines that the plurality of second parameters belong to the addition group, the sender receives the first verification parameter and the second verification parameter; if the first verification parameter is determined to belong to the addition group, the second verification parameter is smaller than or equal to the preset threshold value, and the second verification parameter is trusted, generating a plurality of keys corresponding to a plurality of messages in any group of messages aiming at any group of messages, and encrypting the plurality of messages in any group of messages based on the plurality of keys to obtain a ciphertext corresponding to any group of messages.
108. And the sender sends a plurality of ciphertexts corresponding to the plurality of groups of messages to the receiver.
109. And the receiver decrypts the target message selected from the plurality of messages in any group of messages from the ciphertext corresponding to any group of messages by using the target key generated aiming at any group of messages.
The data transmission method provided in this embodiment is implemented based on an Oblivious Transfer (OT) protocol. If the OT protocol is divided according to the number of messages selected by the receiving side from a group of messages of the transmitting side, the OT protocol may be divided into 1-out-of-n (n-out-of-1) OT protocol and k-out-of-n (n-out-of-k) OT protocol. In the present embodiment, the OT protocol of 1-out-of-n is taken as an example to describe the data transmission method of the present embodiment, but the present embodiment is not limited thereto.
Fig. 2 is a schematic diagram of an n-to-1 OT protocol according to an embodiment of the present invention. As shown in fig. 2, in the process of executing an OT protocol of n-to-1 once, a sender has a group of messages, wherein the group of messages includes n messages, which are M0, M1, M2, \ 8230;, mn-1, a receiver has a selection message index C, the selection message index C is an index corresponding to a target message selected by the receiver in the group of messages, the value x of C may be any one of 0,1,2, \ 8230, n-1, and after the sender and the receiver have undergone an unintentional transmission, the receiver obtains a message Mx without knowing the contents of other messages, and the sender does not know which message the receiver has selected.
It can be understood that if the sender has m (m is an integer greater than 1) groups of messages, each group of messages includes multiple messages; the receiver has m selective message indexes, the m selective message indexes correspond to m groups of messages one to one, each selective message index is an index corresponding to a target message selected by the receiver in each group of messages, and data transmission between the sender and the receiver is substantially the OT protocol that the sender and the receiver execute n times to select 1. In the implementation process, in order to improve the transmission efficiency of data, the OT protocol of n-to-1 m times can be executed in parallel.
As described above, after executing the OT protocol of 1 out of n once, the sender does not actually know which message the receiver selects, which is the key point that the OT protocol can protect the privacy of the data of the receiver and the sender. However, in practical applications, when the receiving side and the sending side perform the OT protocol of n times to 1 for data transmission, there is a need to restrict the message selection behavior of the receiving side. For example, when a bank and an e-commerce perform joint modeling for a customer shared by both parties based on a Private Set Intersection (PSI) protocol of bloom filters (bloom filters), generally, a 1-out-of-2 OT protocol is executed M times, where any group of messages of a sender includes two messages, namely a message M0 and a message M1, where M0 represents a random number and M1 represents an effective share (corresponding to customer information), and in order to avoid leakage of information of other customers except for the shared customer, the receiver is required to select the message M1 corresponding to an index 1 from the 1-out-of-2M times, and the sum of the times of selecting the message M1 corresponding to the index 1 is not more than M/2 times.
Since the conventional OT protocol of n-to-1 does not constrain the message selection behavior of the receiver, for this reason, the present embodiment provides a data transmission method as shown in fig. 1, so as to constrain the message selection behavior of the receiver when the OT protocol of n-to-1 is executed m times in parallel.
In summary, the data transmission method of the present embodiment includes the following stages:
in a first phase, which may also be referred to as a setup phase, the sender generates first parameters for negotiating a key and sends the first parameters to the receiver. It should be noted that the step of generating the first parameter is performed only once, regardless of how many sets of messages the sender has.
In the second stage, which may also be referred to as a message selection stage, for any one of the multiple groups of messages, the receiver inputs a selection message index to select a target message from the group of messages, generates second parameters corresponding to the group of messages for negotiating the key, and sends the second parameters to the sender. And generating m corresponding second parameters aiming at the m groups of messages, sending the m second parameters to a sender, and entering a third stage.
A third stage, which may also be referred to as a verification stage, that is, first, the receiver calculates a first verification parameter, and determines a sum of numbers of target selection message indexes (i.e., a second verification parameter) in the multiple selection message indexes, where a message corresponding to the target selection message index is a message that the sender intends to restrict the number of times of selection of the receiver, and the first verification parameter is used to assist in verifying whether the second verification parameter is trusted; then, the receiver sends the first verification parameter and the second verification parameter to the sender; then, the sender determines whether the first authentication parameter and the second authentication parameter meet the authentication condition. If the verification condition is met, entering a fourth stage.
A fourth stage, which may also be referred to as a key generation stage, in which the sender generates, for any one of the plurality of groups of messages, a plurality of keys corresponding to a plurality of messages in the any one group of messages; the receiver generates a target key corresponding to the selected target message for any one of the plurality of groups of messages.
And a fifth stage, which may also be referred to as an information acquisition stage, in which the sender encrypts, based on a plurality of keys, a plurality of messages in any one of the plurality of groups of messages to obtain a ciphertext corresponding to any one of the plurality of groups of messages, and sends the ciphertext to the receiver. The receiver decrypts the target message selected from the plurality of messages in any group of messages from the ciphertext by using the target key generated for any group of messages.
In the process of executing the OT protocol of n-out-of-1 m times in parallel, in the third stage, whether the sum of the number of target selection message indexes (namely a second verification parameter) in a plurality of selection message indexes meets the verification condition is verified, namely, whether the times of selecting the message corresponding to the target selection message indexes by a receiver in n-out-of-1 m times exceeds the times of being restrained and whether the second verification parameter is credible is judged, if the second verification parameter does not exceed the times of being restrained and is credible, the fourth stage and the fifth stage are carried out, and the sender acquires the target message; if the second verification parameter exceeds the restricted number of times or is not trusted, the sender ends the data transmission. In the above process, the second authentication parameter is determined by the receiver, and the sender only knows the number of times that the receiver selects the target selection message index in m times of n-out-of-1, but does not know a plurality of selection message indexes owned by the receiver, so that the message selection behavior of the receiver can be restricted while protecting the data privacy of both parties involved.
For convenience of understanding, the data transmission method of the present embodiment is described below with reference to fig. 1 by taking an OT protocol that executes m times of 2-to-1 operations in parallel as an example.
Assuming that the sender has m groups of messages, the corresponding numbers of the m groups of messages
Respectively 0,1,2, \ 8230and M-1, and each group of messages comprises 2 messages, respectively M0 and M1. The receiver has m selective message indexes C, which correspond to m groups of messages one-to-one, the value of each selective message index is 0 or 1, and each message index is an index corresponding to a target message selected by the receiver in each group of messages, for example: if C =0, it indicates that the receiver selects the message M0 with the index 0 as the target message in the group of messages.
In the discrete logarithm problem based on the elliptic curve, a point G on the elliptic curve is given, an integer h is selected, and the solution is carried out
Is easy (according to)
H solved out is also a point on the elliptic curve), but in reverse, given two points H and G on the elliptic curve, if so
It is difficult to find the integer h.
In this embodiment, before data transmission, the sender and the receiver share an elliptic curve over a finite field in advance. Based on the elliptic curve, determining an addition group with an order of p and a generation element of B
The addition group G, which contains all points on the elliptic curve and the point at infinity as a predefined addition group to which the product of an arbitrary integer h and the generator B belongs. Based on the addition group G, the sender and the receiver determine parameters for negotiating a key.
Alternatively, a hash function may be defined from the addition group
As a function of the key generation, wherein,
indicating a key length of
A bit.
When transmitting data, the sender selects a first random number according to a predefined addition group G
Wherein the first random number
A positive integer of order p less than the additive group. Then, based on the first random number
And a generator B of the addition group, determining a first parameter S for negotiating a key, and sending the first parameter S to the receiver.
Alternatively, the first parameter S for negotiating the key may be determined based on a point doubling operation of the elliptic curve. Specifically, the first random number is added
The product of which and the generator B of the addition group is determined as the first parameter S for negotiating a key, i.e. the
。
Based on the above description of the addition group G, the first parameter
Belonging to the addition group G. However, in order to ensure the security of the two-party communication, the receiving party, after receiving the first parameter S, will determine whether the first parameter S belongs to the addition group G, and if the first parameter S does not belong to the addition group G, it indicates that the first parameter S is not determined based on the addition group G, and the receiving party ends data transmission; if the first parameter S belongs to the addition group G, numbering any group in the m groups of messages as
(
Message of =0,1,2, \8230;, m-1), the following steps are performed:
input and number as
A group of messages corresponding to a selected message index
(
=0 or 1) and is selected and numbered as
Random number corresponding to a group of messages
Wherein the second random number
Is a positive integer less than the order p of the additive group; according to a first parameter SAnd selecting a message index
And a second random number
And adding the generator B of the group to determine the number as
Is used for negotiating a second parameter of the key
And applying the second parameter
And sending the data to a sender.
Optionally, the receiver determines the first parameter S and the selected message index
A first product value of, a second random number
A second product value with generator B of the addition group; determining a sum of the first product value and the second product value as a second parameter for negotiating a key
I.e. by
。
For example, if the number is
At 1, a selection message index corresponding to a group of messages numbered 1 is input
(dummy)Is provided with
) And selects a random number corresponding to a set of messages numbered 1
Wherein the second random number
Is a positive integer of order p less than the additive group; according to the first parameter S and the selected message index
And a second random number
And a generator B for adding the group, determining a second parameter for negotiating a key for a set of messages numbered 1
And applying the second parameter
And sending the data to a sender.
If it is numbered
At 2, a select message index corresponding to a group of messages numbered 2 is entered
(suppose that
) And selects a random number corresponding to a set of messages numbered 2
Wherein the second random number
Is a positive integer of order p less than the additive group; according to the first parameter S and the selected message index
And a second random number
And a generator B for adding the group, determining a second parameter for negotiating a key for a set of messages numbered 2
And the second parameter is measured
And sending the data to a sender.
By analogy, for m groups of messages, the receiver generates m second parameters
(i =0,1,2, \ 8230;, n-1), and m second parameters
And sending the data to a sender. The sender is receiving m second parameters, similar to the first parameter S
Then, the second parameter is determined
Whether it belongs to the addition group G.
In an alternative embodiment, the sender determines the second parameter if it is determined that the second parameter is greater than the first parameter
If the data does not belong to the addition group G, the data transmission is finished; if the second parameter is determined
If the message belongs to the addition group G, an instruction is fed back to the receiver, and the instruction is used for indicating the receiver to select m second random numbers corresponding to the m groups of messages according to the selected message
And a first parameter S for determining a first verification parameter
(ii) a According to the input m selected message indexes corresponding to m groups of messages
Sum of the numbers of medium target selection message indexes, and determining a second verification parameter
(
Representing a target-select message index) and applies the first authentication parameter
And a second verification parameter
And sending the data to the sender. Thereafter, the sender receives the first authentication parameter
And a second verification parameter
。
In another alternative embodiment, the receiver is sending m second parameters
After sending to the sender, according to the selected correspondence with the m groups of messagesM second random numbers of
And a first parameter S for determining a first verification parameter
(ii) a According to the input m selected message indexes corresponding to m groups of messages
Sum of the numbers of the target selection message indexes to determine a second verification parameter
(
Representing a target-select message index) and applies the first authentication parameter
And a second verification parameter
And sending the data to the sender. If the sender determines the second parameter
If not, the first verification parameter is not received
And a second verification parameter
Ending the data transmission; if the second parameter is determined
Belonging to the addition group G, receiving a first verification parameter
And a second verification parameter
。
In the above embodiment, the message corresponding to the target selection message index is a message that the sender wants to restrict the number of times of selection of the receiver. For example, if the sender wants to restrict the number of times the recipient selects message M1, the target-select message index may be set to 1. It will be appreciated that the recipient knows the m selection message indices that it owns
The corresponding values, for example:
therefore, the receiving side can determine the sum of the number of the selected message indexes (i.e. the second verification parameter) 1 in the m selected message indexes by screening, statistics and the like
) It can thus be determined that, among M times of 1-out-of-2, the number of times the recipient selects message M1, and thus the recipient's message selection behavior is constrained. When the second verification parameter
Less than or equal to a preset threshold (the preset threshold is an index allowing the receiver to select the target message)
Corresponding message
The number of times of (c), such as: m/2 times, etc.), continuing data transmission; and when the second verification parameter is larger than the preset threshold value, finishing the data transmission.
In this embodiment, the second verification parameter is used
The second verification parameter is determined based on the information owned by the receiver side, and in order to ensure the communication safety, the sender needs to verify the second verification parameter besides judging whether the number of times that the receiver selects the message corresponding to the target selection message index exceeds the number of times that the receiver is restricted
Whether it is authentic. Wherein the first verification parameter in step 105
For assisting in verifying the second verification parameter
Whether it is authentic.
Optionally, according to the selected m random numbers corresponding to the m groups of messages
And said first parameter S, determining a first verification parameter
The method comprises the following steps:
m second random numbers corresponding to the m groups of messages to be selected
The product of the summation result of (a) and the first parameter S is determined as a first verification parameter
I.e. by
。
Alternatively, the calculation formula may be based on the first parameter S
Second parameter
Is calculated by
And a first verification parameter
Determining a verification equation for verifying whether the second verification parameter is authentic:
。
in the OT protocol of 1-out-of-2, each group of messages of the sender only contains two messages, and the value of the selected message index of the receiver is 0 or 1. Thus, alternatively, when the target-selected message index is 1, m selected message indexes corresponding to m groups of messages inputted may be indexed
Summing to obtain a sum of the numbers of target-selected-message indexes, determining a second authentication parameter
。
In a specific implementation process, when the target selection message index is 0, the target selection message index may be converted into a case where the target selection message index is 1 for calculation, for example: for the 10-time 1-out-of-2 OT protocol executed in parallel, the number of times the receiver is constrained to select the message M0 is not less than 6, and in fact, the number of times the receiver is constrained to select the message M1 is not more than 4.
Thus, for an m-time 1-out-of-2 OT protocol executed in parallel, based on a first verification parameter
And a second verification parameter
The formula for the calculation of (a) is,the above validation equation can be written as:
. Whereas for an OT protocol that executes n-out-of-1 m times in parallel, n being greater than 2, the above-described validation equation may be used
And verifying the second verification parameter.
In the implementation process, in order to accelerate the data transmission rate, the sending party receives the first verification parameter
And a second verification parameter
Then, first verification parameters are determined
Whether it belongs to the addition group G, the second verification parameter
Whether less than or equal to a preset threshold. In practical application, a user can perform custom setting on the preset threshold value according to the use requirement, for example, the preset threshold value is set to be M/2, M/3 and the like.
If the first verification parameter
Not belonging to the addition group G, or, a second verification parameter
If the value is larger than the preset threshold value, the data transmission is finished. If the first verification parameter
Belongs to an addition group, and a second verification parameter
If the first verification parameter is less than or equal to the preset threshold value, the first verification parameter is judged
And a second verification parameter
Whether the above-mentioned verification equation is satisfied or not
I.e. determining the second verification parameter
Whether it is authentic.
In the implementation process, optionally, the sender may determine the first authentication parameters respectively
Inverse element of first random number
Product of (2)
M second parameters
Result of summation of (2)
Second verification parameter
Product with a first parameter S
. If it is
Determining a second verification parameter
If the data is not credible, the data transmission is finished; if it is
Determining a second verification parameter
And (4) credibility.
The sender determines the second authentication parameter
After being trusted, the message is numbered as any group in m groups of messages
(
Message of =0,1,2, \8230;, m-1), generating number of
2 messages of the set of messages, and based on the 2 keys, the pair number is
2 messages of the group of messages are encrypted to obtain a number of
And numbering as
And sending the ciphertext corresponding to the group of messages to the receiving party. After that, the receiving party is numbered as
Is generated from a set of messages numbered as
In the ciphertext corresponding to the group of messages, the number of the ciphertext is decrypted
A selected target message from the set of messages.
Optionally, the sender is based on the first random number
And a generator B of the addition group, and when determining a first parameter S for negotiating a key, also determines a third parameter T for negotiating a key, the third parameter T being a first random number
And a first parameter S, i.e. product
。
Optionally, the generation number is
2 keys corresponding to 2 messages in a group of messages, comprising:
for number of
Based on the first random number y, the first parameter S, and the number of
A set of messages of
The third parameter T is numbered
2 indexes corresponding to 2 messages in a group of messages
(
=0 or 1), and a preset key generation function H, generated and numbered as
2 keys corresponding to 2 messages of a group of messages
。
In the practice of the present invention, the first and second components, optionally,
。
alternatively, the sender may be based on and numbered as
2 keys corresponding to 2 messages of a set of messages
And a preselected symmetric encryption/decryption algorithm (E represents symmetric encryption, D represents symmetric decryption), by means of symmetric encryption, for the serial number
2 messages (M0 and M1) in the group of messages are encrypted to obtain a ciphertext
And transmits the ciphertext to the recipient. Wherein, the first and the second end of the pipe are connected with each other,
is given a reference numeral of
In a group of messages, indexed by
Such as:
the message M1 with an index of 1 is shown in the set of messages numbered 2.
The receiver is numbered as
May be based on a first parameter S, a second parameter
A second random number
And a preset key generation function H with a generation number of
A set of messages corresponding to a target key
The target key
For the slave number of
The target message selected from the 2 messages (i.e. M0 and M1) is decrypted from the ciphertext corresponding to the group of messages, and the index corresponding to the target message is
。
Wherein the target key
The generation may be performed after the reception of the ciphertext or before the reception of the ciphertext.
In the practice of the present invention, the first and second components, optionally,
。
the receiver receives the serial number of
A set of messages corresponding to the ciphertext
Then, the serial number of the slave number is obtained by a symmetric decryption mode
Selected target message of a group of messages
Finish numbering as
1 of the set of messages.
For ease of understanding, assume for example that for a set of messages numbered 1, the recipient has an index of selected messages
=1, i.e. the index corresponding to the target message selected by the receiving party in the group of messages numbered 1 is 1, and the target message is the message M1.
In the specific implementation process, the sender aims at a group of messages with the number of 1 and is based on a first random number y, a first parameter S and a second parameter corresponding to the group of messages with the number of 1
A third parameter T, 2 messages corresponding to 2 messages in a group of messages with the number of 1An index j (j =0 or 1), and a preset key generation function H, generating 2 keys corresponding to 2 messages of a set of messages numbered 1
And
。
in particular, the amount of the solvent to be used,
,
。
the receiver, based on the first parameter S, a second parameter corresponding to a group of messages numbered 1
A second random number corresponding to a group of messages numbered 1
Generating a target key corresponding to a group of messages with the number of 1 by a preset key generation function H
. Wherein the content of the first and second substances,
in order to avoid
With sender-generated keys
Confusion, will not
In (1)
And is replaced with 1.
The sender then bases the key
And encrypting the message M0 through symmetric encryption to obtain a ciphertext
(ii) a Based on secret key
Encrypting the message M1 by symmetric encryption to obtain a ciphertext
. And will encrypt the text
And
and sending the data to a receiving party.
The receiving party receives the ciphertext
And
then, due to the target key
Corresponds to the target message M1 and is therefore based on the target key
By symmetric decryption, can be obtained from
In the decryption of the target message
I.e. message M1 of a group of messages numbered 1, but not from
To decrypt message M0.
And aiming at the m groups of messages owned by the sender, the receiver obtains m item mark messages from the m groups of messages to finish data transmission.
The data governance device of one or more embodiments of the present invention will be described in detail below. Those skilled in the art will appreciate that these means can each be constructed using commercially available hardware components and by performing the steps taught in this disclosure.
Fig. 3 is a schematic structural diagram of a data management apparatus according to an embodiment of the present invention, which is applied to a sender, where the sender has multiple groups of messages, and each group of messages includes multiple messages; as shown in fig. 3, the apparatus includes: a processing module 11, a sending module 12 and a receiving module 13.
A processing module 11, configured to select a first random number according to a predefined addition group; and determining a first parameter for negotiating a key according to the first random number and the generator of the addition group.
A sending module 12, configured to send the first parameter to a receiving party, so that the receiving party determines, based on the first parameter, a plurality of second parameters used for negotiating a key, where the plurality of second parameters correspond to the plurality of groups of messages one to one.
A receiving module 13, configured to receive the plurality of second parameters sent by the receiving party; if the plurality of second parameters belong to the addition group, receiving a first verification parameter and a second verification parameter sent by the receiving party; wherein the first authentication parameter is determined by the first parameter and a plurality of second random numbers selected by the receiver when determining the plurality of second parameters, respectively; the second authentication parameter is a sum of a number of target selective message indexes in the plurality of selective message indexes.
The processing module 11 is further configured to, if the first verification parameter belongs to the addition group, the second verification parameter is smaller than or equal to a preset threshold, and the second verification parameter is trusted, generate, for any one group of messages in the multiple groups of messages, multiple keys corresponding to multiple messages in the any one group of messages; encrypting a plurality of messages in the any one set of messages based on the plurality of keys.
The sending module 12 is further configured to send the encrypted ciphertext to the receiving party, so that the receiving party decrypts the ciphertext to obtain the target message selected from any group of messages.
Optionally, the processing module 11 is specifically configured to determine a product of the first random number and the generator of the addition group as a first parameter for negotiating a key.
Optionally, the processing module 11 is further specifically configured to determine a first product value of the first verification parameter and an inverse element of the first random number; determining a summation result of the plurality of second parameters; determining a second product value of the second verification parameter and the first parameter; and if the first product value is equal to the difference between the summation result and the second product value, determining that the second verification parameter is authentic.
Optionally, the processing module 11 is further specifically configured to determine a first parameter and a third parameter for negotiating a key according to the first random number and the generator of the addition group, where the third parameter is a product of the first random number and the first parameter; generating, for any one of the plurality of groups of messages, a plurality of keys corresponding to a plurality of messages in the any one group of messages based on the first random number, the first parameter, a second parameter corresponding to the any one group of messages, the third parameter, a plurality of indexes corresponding to the plurality of messages in the any one group of messages, and a preset key generation function.
The apparatus shown in fig. 3 may perform the steps described in the foregoing embodiments, and for details of the performing process and the technical effect, reference is made to the description in the foregoing embodiments, which are not described herein again.
In one possible design, the structure of the data governance device shown in fig. 3 may be implemented as an electronic device, as shown in fig. 4, which may include: memory 21, processor 22, communication interface 23. Wherein the memory 21 has stored thereon executable code which, when executed by the processor 22, causes the processor 22 to at least implement the data transmission method as provided in the preceding embodiments.
Fig. 5 is a schematic structural diagram of a data management apparatus according to an embodiment of the present invention, which is applied to a receiving party, where a sending party corresponding to the receiving party has multiple groups of messages, and each group of messages includes multiple messages; the receiver has a plurality of selective message indexes, the selective message indexes are in one-to-one correspondence with the plurality of groups of messages, and each selective message index is an index corresponding to a target message selected by the receiver in each group of messages, as shown in fig. 5, the apparatus includes: a receiving module 31, a processing module 32, and a transmitting module 33.
A receiving module 31, configured to receive a first parameter for negotiating a key sent by the sender.
A processing module 32, configured to, if the first parameter belongs to a predefined addition group, input a selection message index corresponding to any one group of messages in multiple groups of messages owned by a sender, and select a random number corresponding to the any one group of messages; determining a second parameter for negotiating a key according to the first parameter, the selection message index, the random number, and a generator of the addition group; determining a first verification parameter according to the selected plurality of random numbers corresponding to the plurality of groups of messages and the first parameter; and determining a second verification parameter according to the sum of the number of target selection message indexes in a plurality of input selection message indexes corresponding to the plurality of groups of messages.
A sending module 33, configured to send the second parameter to the sender; and sending the first verification parameter and the second verification parameter to the sender, so that the sender receives the first verification parameter and the second verification parameter when determining that the second parameter belongs to the addition group, and generates a ciphertext of any group of messages when determining that the first verification parameter and the second verification parameter meet verification conditions.
The receiving module 31 is further configured to receive the ciphertext sent by the sender.
The processing module 32 is further configured to decrypt, from the ciphertext, a target message selected from the plurality of messages in the any group of messages by using the target key generated for the any group of messages.
Optionally, the processing module 32 is specifically configured to determine a first product value of the first parameter and the selection message index, and a second product value of the random number and the generator of the addition group; determining a sum of the first product value and the second product value as a second parameter for negotiating a key.
Optionally, the processing module 32 is further specifically configured to determine, as the first verification parameter, a product of a summation result of the selected multiple random numbers corresponding to the multiple groups of messages and the first parameter.
Optionally, the processing module 32 is further specifically configured to sum up a plurality of input selection message indexes corresponding to the plurality of groups of messages to obtain a sum of the numbers of target selection message indexes, and determine the second verification parameter, if the number of messages included in each group of messages is less than or equal to a preset value.
Optionally, the processing module 32 is further specifically configured to generate a target key corresponding to any one group of messages based on the first parameter, the second parameter, the random number, and a preset key generation function; and decrypting the target message selected from the plurality of messages in any group of messages from the ciphertext through the target key.
The apparatus shown in fig. 5 may perform the steps described in the foregoing embodiments, and the detailed performing process and technical effects refer to the descriptions in the foregoing embodiments, which are not described herein again.
In one possible design, the structure of the data governance device shown in fig. 5 may be implemented as an electronic device, as shown in fig. 6, which may include: memory 41, processor 42, communication interface 43. Wherein the memory 41 has stored thereon executable code which, when executed by the processor 42, makes the processor 42 at least capable of implementing the data transmission method as provided in the preceding embodiments.
In addition, an embodiment of the present invention provides a non-transitory machine-readable storage medium having stored thereon executable code, which, when executed by a processor of an electronic device, causes the processor to implement at least the data transmission method as provided in the foregoing embodiments.
The above-described apparatus embodiments are merely illustrative, wherein the units described as separate components may or may not be physically separate. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by adding a necessary general hardware platform, and of course, can also be implemented by a combination of hardware and software. With this understanding in mind, the above-described aspects and portions of the present technology which contribute substantially or in part to the prior art may be embodied in the form of a computer program product, which may be embodied on one or more computer-usable storage media having computer-usable program code embodied therein, including without limitation disk storage, CD-ROM, optical storage, and the like.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, and not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (10)
1. A data transmission method is characterized in that the method is applied to a sender, the sender has a plurality of groups of messages, and each group of messages comprises a plurality of messages; a receiver corresponding to the sender has multiple selective message indexes, the multiple selective message indexes are in one-to-one correspondence with the multiple groups of messages, and each selective message index is an index corresponding to a target message selected by the receiver in each group of messages, and the method comprises the following steps:
selecting a first random number according to a predefined addition group;
determining a first parameter for negotiating a key according to the first random number and the generator of the addition group, and sending the first parameter to a receiving party so that the receiving party determines a plurality of second parameters for negotiating the key based on the first parameter, wherein the plurality of second parameters are in one-to-one correspondence with the plurality of groups of messages;
receiving the plurality of second parameters sent by the receiving party;
if the plurality of second parameters belong to the addition group, receiving a first verification parameter and a second verification parameter sent by the receiving party; wherein the first authentication parameter is determined by the first parameter and a plurality of second random numbers selected by the receiver when determining the plurality of second parameters, respectively; the second verification parameter is the sum of the number of target selection message indexes in the plurality of selection message indexes;
if the first verification parameter belongs to the addition group, the second verification parameter is smaller than or equal to a preset threshold value, and the second verification parameter is credible, aiming at any group of messages in the multiple groups of messages, multiple secret keys corresponding to multiple messages in any group of messages are generated;
and encrypting a plurality of messages in any group of messages based on the plurality of keys, and sending encrypted ciphertexts to the receiving party so that the receiving party decrypts the ciphertexts to obtain the target message selected in any group of messages.
2. The method of claim 1, wherein determining a first parameter for negotiating a key based on the first random number and a generator of the additive group comprises:
determining a product of the first random number and a generator of the addition group as a first parameter for negotiating a key.
3. The method of claim 1, wherein the second authentication parameter is trusted, comprising:
determining a first product value of the first authentication parameter and an inverse of the first random number;
determining a result of summing the plurality of second parameters;
determining a second product value of the second verification parameter and the first parameter;
and if the first product value is equal to the difference value of the summation result and the second product value, determining that the second verification parameter is authentic.
4. The method of claim 1, wherein determining a first parameter for negotiating a key based on the first random number and a generator of the additive group comprises:
determining a first parameter and a third parameter for negotiating a key according to the first random number and a generator of the addition group, wherein the third parameter is a product of the first random number and the first parameter;
the generating, for any one of the plurality of groups of messages, a plurality of keys corresponding to a plurality of messages of the any one group of messages includes:
for any group of messages in the plurality of groups of messages, generating a plurality of keys corresponding to a plurality of messages in the any group of messages based on the first random number, the first parameter, a second parameter corresponding to the any group of messages, the third parameter, a plurality of indexes corresponding to the plurality of messages in the any group of messages, and a preset key generation function.
5. A data transmission method is characterized in that the method is applied to a receiver, a sender corresponding to the receiver has a plurality of groups of messages, and each group of messages comprises a plurality of messages; the receiver has a plurality of selective message indexes, the selective message indexes are in one-to-one correspondence with the plurality of groups of messages, and each selective message index is an index corresponding to a target message selected by the receiver in each group of messages, and the method comprises the following steps:
receiving a first parameter used for negotiating a key and sent by the sender;
if the first parameter belongs to a predefined addition group, aiming at any group of messages in a plurality of groups of messages owned by a sender, inputting a selection message index corresponding to the any group of messages, and selecting a random number corresponding to the any group of messages;
determining a second parameter for negotiating a key according to the first parameter, the selection message index, the random number and the generator of the addition group, and sending the second parameter to the sender;
determining a first verification parameter according to the selected plurality of random numbers corresponding to the plurality of groups of messages and the first parameter;
determining a second verification parameter according to the sum of the number of target selection message indexes in a plurality of input selection message indexes corresponding to the plurality of groups of messages;
sending the first verification parameter and the second verification parameter to the sender, so that the sender receives the first verification parameter and the second verification parameter when determining that the second parameter belongs to the addition group, and generates a ciphertext of any group of messages when determining that the first verification parameter and the second verification parameter meet verification conditions;
receiving the ciphertext sent by the sender;
and decrypting the target message selected from the plurality of messages in the any group of messages from the ciphertext by using the target key generated for the any group of messages.
6. The method of claim 5, wherein determining a second parameter for negotiating a key based on the first parameter, the selection message index, the nonce, and a generator of the addition group comprises:
determining a first product value of the first parameter and the selection message index, a second product value of the random number and a generator of the addgroup;
determining a sum of the first product value and the second product value as a second parameter for negotiating a key.
7. The method of claim 5, wherein determining a first authentication parameter based on the selected plurality of random numbers corresponding to the plurality of groups of messages and the first parameter comprises:
and determining a product of a summation result of the selected plurality of random numbers corresponding to the plurality of groups of messages and the first parameter as a first authentication parameter.
8. The method of claim 5, wherein determining the second authentication parameter according to a sum of numbers of target selective message indexes in a plurality of selective message indexes corresponding to the plurality of groups of messages comprises:
and if the number of the messages contained in each group of messages is less than or equal to a preset value, summing a plurality of input selection message indexes corresponding to the plurality of groups of messages to obtain the sum of the number of the target selection message indexes, and determining a second verification parameter.
9. The method of claim 5, wherein decrypting the selected target message from the ciphertext using the target key generated for the any one of the sets of messages comprises:
generating a target key corresponding to any group of messages based on the first parameter, the second parameter, the random number and a preset key generation function;
and decrypting a target message selected from the plurality of messages in any group of messages from the ciphertext by using the target key.
10. An electronic device, comprising: a memory, a processor, a communication interface; wherein the memory has stored thereon executable code which, when executed by the processor, causes the processor to carry out the data transmission method of any one of claims 1 to 4 or 5 to 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210939672.3A CN115065470B (en) | 2022-08-05 | 2022-08-05 | Data transmission method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210939672.3A CN115065470B (en) | 2022-08-05 | 2022-08-05 | Data transmission method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115065470A CN115065470A (en) | 2022-09-16 |
| CN115065470B true CN115065470B (en) | 2022-11-11 |
Family
ID=83207938
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210939672.3A Active CN115065470B (en) | 2022-08-05 | 2022-08-05 | Data transmission method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115065470B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111064583A (en) * | 2020-03-17 | 2020-04-24 | 北京信安世纪科技股份有限公司 | Threshold SM2 digital signature method and device, electronic equipment and storage medium |
| CN113259329A (en) * | 2021-04-26 | 2021-08-13 | 北京信安世纪科技股份有限公司 | Method and device for data inadvertent transmission, electronic equipment and storage medium |
| CN114301594A (en) * | 2022-03-01 | 2022-04-08 | 华控清交信息科技(北京)有限公司 | Inadvertent transmission method, multi-party secure computing platform and device for inadvertent transmission |
| CN114301609A (en) * | 2022-03-01 | 2022-04-08 | 华控清交信息科技(北京)有限公司 | Inadvertent transmission method, multi-party secure computing platform and device for inadvertent transmission |
| CN114422135A (en) * | 2022-01-20 | 2022-04-29 | 山东多次方半导体有限公司 | Verifiable accidental transmission method based on elliptic curve |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR100581440B1 (en) * | 2003-07-04 | 2006-05-23 | 학교법인 한국정보통신학원 | Apparatus and method for generating and verifying id-based proxy signature by using bilinear parings |
-
2022
- 2022-08-05 CN CN202210939672.3A patent/CN115065470B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111064583A (en) * | 2020-03-17 | 2020-04-24 | 北京信安世纪科技股份有限公司 | Threshold SM2 digital signature method and device, electronic equipment and storage medium |
| CN113259329A (en) * | 2021-04-26 | 2021-08-13 | 北京信安世纪科技股份有限公司 | Method and device for data inadvertent transmission, electronic equipment and storage medium |
| CN114422135A (en) * | 2022-01-20 | 2022-04-29 | 山东多次方半导体有限公司 | Verifiable accidental transmission method based on elliptic curve |
| CN114301594A (en) * | 2022-03-01 | 2022-04-08 | 华控清交信息科技(北京)有限公司 | Inadvertent transmission method, multi-party secure computing platform and device for inadvertent transmission |
| CN114301609A (en) * | 2022-03-01 | 2022-04-08 | 华控清交信息科技(北京)有限公司 | Inadvertent transmission method, multi-party secure computing platform and device for inadvertent transmission |
Non-Patent Citations (1)
| Title |
|---|
| 面向车联网高效安全的消息认证方案;吴黎兵等;《通信学报》;20161130;正文第1-10页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115065470A (en) | 2022-09-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| TWI760149B (en) | Determining a common secret for the secure exchange of information and hierarchical, deterministic cryptographic keys | |
| CN109309569B (en) | SM2 algorithm-based collaborative signature method and device and storage medium | |
| Wang et al. | Privacy-preserving public auditing for data storage security in cloud computing | |
| CN110235409B (en) | Method for protected RSA signature or decryption using homomorphic encryption | |
| CN112751665A (en) | Secure multi-party computing method, device, system and storage medium | |
| JP6763378B2 (en) | Cryptographic information creation device, cryptographic information creation method, cryptographic information creation program, and verification system | |
| CN113162752B (en) | Data processing method and device based on hybrid homomorphic encryption | |
| CN111989891A (en) | Data processing method, related device and block chain system | |
| CN109245903B (en) | Signature method and device for cooperatively generating SM2 algorithm by two parties and storage medium | |
| EP3035585B1 (en) | S-box selection in white-box cryptographic implementation | |
| CN111783129A (en) | Data processing method and system for protecting privacy | |
| WO2021129470A1 (en) | Polynomial-based system and method for fully homomorphic encryption of binary data | |
| CN112580072A (en) | Data set intersection method and device | |
| CN110719172B (en) | Signature method, signature system and related equipment in block chain system | |
| CN111478911A (en) | Instant messaging encryption method adopting lightweight key exchange algorithm | |
| EP3709561A1 (en) | Method for generating a digital signature of an input message | |
| CN111565108B (en) | Signature processing method, device and system | |
| CN114362912A (en) | Identification password generation method based on distributed key center, electronic device and medium | |
| CN115065470B (en) | Data transmission method and device | |
| CN115809459A (en) | Data protection and decryption method, system, device and medium for software cryptographic module | |
| CN115412246A (en) | Method, device, equipment and storage medium for inadvertent transmission | |
| CN109450625B (en) | Safe outsourcing method of large-scale polynomial expansion Euclidean algorithm | |
| CN115277064A (en) | Data encryption method, data decryption method, data encryption device, data decryption device, electronic equipment and medium | |
| US20130058483A1 (en) | Public key cryptosystem and technique | |
| CN114866312A (en) | Common data determination method and device for protecting data privacy |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |