CN115114662A - Secure processing method and device for private data - Google Patents
Secure processing method and device for private data Download PDFInfo
- Publication number
- CN115114662A CN115114662A CN202210762917.XA CN202210762917A CN115114662A CN 115114662 A CN115114662 A CN 115114662A CN 202210762917 A CN202210762917 A CN 202210762917A CN 115114662 A CN115114662 A CN 115114662A
- Authority
- CN
- China
- Prior art keywords
- result
- data
- power
- space
- modulus
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
Landscapes
- Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Databases & Information Systems (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Medical Informatics (AREA)
- Telephonic Communication Services (AREA)
- Compression, Expansion, Code Conversion, And Decoders (AREA)
Abstract
The embodiment of the specification provides a method and a device for safely processing private data. The method comprises the following steps: the first party locally calculates a first data fragment of first intermediate data in a first mode space at least based on the local fragment of the private data; the first intermediate data is a non-negative value; a second data fragment of the first intermediate data in the first mode space is held by a second party; constructing a first multiplier in a second mode space according to local power operation taking the first data fragment as an exponent; carrying out safe multiplication operation according to a first multiplier provided by the first party and a second multiplier provided by the second party to obtain a first fragment of a multiplication result; the second party obtains a second fragment of the multiplication result; the second multiplier is constructed by the second party according to the second data slice held by the second party; converting the first fragment of the multiplication result into a first result fragment of the power operation result in a target mode space; the second party obtains a corresponding second result fragment. The secure exponentiation operation can be realized, and the communication traffic is low and the performance is good.
Description
Technical Field
One or more embodiments of the present specification relate to the field of computers, and more particularly, to a method and apparatus for secure processing of private data.
Background
The secure multi-party computation is also called multi-party secure computation, namely, a plurality of parties compute the result of a function together without revealing the input data of each party of the function, and the computed result is disclosed to one or more parties. Where the input data for the parties is often private data.
In secure multiparty computation, sometimes a secure exponentiation operation is required, that is, an exponentiation operation is performed on private data without revealing the private data.
Disclosure of Invention
One or more embodiments of the present specification describe a secure processing method and apparatus for private data, which can implement secure exponentiation and have low traffic and good performance.
In a first aspect, a method for secure processing of private data distributed in a shared manner in an initial modular space between a first party and a second party is provided, the method being used for obtaining a result fragment of a power operation result with public data as a base and the private data as an exponent in a target modular space, the method being performed by the first party and comprising:
locally calculating a first data fragment of the first intermediate data in a first mode space at least based on the local fragment of the private data; the first intermediate data is a non-negative value, and a first modulus corresponding to the first modulus space is determined according to the modulus value of the target modulus space; a second data slice of the first intermediate data in a first modulus space is held by the second party;
constructing a first multiplier in a second mode space according to local power operation taking the first data fragment as an exponent; a second modulus corresponding to the second mode space is determined based on the first modulus;
performing safe multiplication operation according to the first multiplier provided by the first party and the second multiplier provided by the second party to obtain a first fragment of a multiplication result; the second party obtains a second fragment of the multiplication result; wherein the second multiplier is constructed by the second party from a second data slice it holds; the multiplication result has two values;
converting the first partition of the multiplication result into a first result partition of the exponentiation result in the target mode space; the second party obtains a corresponding second result fragment.
In one possible embodiment, the present-side partition is a partition of the private data multiplied by n to the power of d1 in the initial modular space, the result partition is a partition of the power operation result multiplied by n to the power of d2 in the target modular space, the absolute value of the public data is expressed in the form of n to the power of k, k and the private data are integers, the minimum value of k to the target product of the private data is u, u is an integer, and the modular value of the target modular space is n to the power of t 2;
the locally computing a first data slice of first intermediate data in a first modulus space includes:
based on the product of the current fragment and k divided by the d1 power of n, and then rounding down, locally calculating a first data fragment of the first intermediate data in the first mode space; the first intermediate data is the result of the target product minus u; the first modulus is 0 and the larger of-d 2-u plus t 2.
In one possible embodiment, the present-side partition is a partition of the private data multiplied by n to the power of d1 in the initial modular space, the result partition is a partition of the power operation result multiplied by n to the power of d2 in the target modular space, the absolute value of the public data is expressed in the form of n to the power of k, k and the private data are integers, the minimum value of the target product of k and the private data is u, u is an integer and u is greater than or equal to 0, and the modular value of the target modular space is n to the power of t 2;
the locally computing a first data slice of first intermediate data in a first mode space includes:
locally calculating a first data fragment of the first intermediate data in the first mode space based on the product of the local fragment and k divided by the d1 power of n and then rounding down; the first intermediate data is the result of the target product; the first modulus is 0 and the larger of-d 2 plus t 2.
Further, the constructing a first multiplier in a second mode space comprises:
if the public data is positive numbers, determining that the first base number is 1, and if the public data is negative numbers, determining that the first base number is-1;
dividing the current piece by d1 power of n, and rounding down to determine a first power value;
performing power operation by taking the first base number as the base and the first power value as an exponent to obtain a first product term;
taking n as a base, taking the first data fragment as an exponent, and performing power operation to obtain a second product term;
multiplying the first product term by the second product term to obtain a first multiplier in a second mode space; and the second modulus corresponding to the second modulus space is a local power operation result taking n as a base and taking 2 times of the first modulus as an exponent.
Further, the converting the first partition of the multiplication result into a first result partition of the exponentiation result in the target mode space comprises:
regarding the multiplication result as n-ary data, extracting a first segment value of a first modulus bit having a lower order than 0 bits for a first segment of the multiplication result or extracting a second segment value of a first modulus bit having an upper order than 0 bits for a second segment of the multiplication result to determine a first segment of a second intermediate result of a third modulus space;
and multiplying the first fragment of the second intermediate result by the d2+ u power of n, and rounding to obtain the first result fragment of the power operation result in the target mode space.
Further, the determining a first slice of a second intermediate result of a third mode space comprises:
regarding the multiplication result as n-ary data, extracting a first segmentation value of a first lower modulus digit of the multiplication result for a first segmentation of the multiplication result, and extracting a second segmentation value of a first higher modulus digit of the multiplication result;
the first fractional value and the second fractional value are summed to obtain a first fractional of a second intermediate result of the third modulo space.
Further, the determining a first slice of a second intermediate result of a third mode space comprises:
regarding the multiplication result as n-system data, and performing a secure comparison operation according to a first fragment of the multiplication result of the local party and a second fragment of the multiplication result of the second party to obtain a comparison result of whether the multiplication result is greater than or equal to a first modulus;
if the comparison result is that the multiplication result is smaller than the first modulus, extracting a first segmentation numerical value of a first modulus digit at the lower position of the first segmentation numerical value aiming at the first segmentation of the multiplication result, and taking the first segmentation numerical value as a first segmentation of a second intermediate result of a third modulus space;
and if the comparison result is that the multiplication result is greater than or equal to the first modulus, extracting a second segmentation numerical value of the first modulus digit of the high order aiming at the first segmentation of the multiplication result, and taking the second segmentation numerical value as a first segmentation of a second intermediate result of the third modulus space.
In one possible embodiment, the current-side fragment is a fragment of the private data multiplied by n to the power of d1 in the initial modular space, the result fragment is a fragment of the result of the exponentiation multiplied by n to the power of d2 in the target modular space, the public data and the private data are both integers, the minimum value of the private data is u', and the modular value of the target modular space is n to the power of t 2;
the locally computing a first data slice of first intermediate data in a first mode space includes:
dividing the current fragment by d1 power of n, rounding down, and locally calculating a first data fragment of the first intermediate data in the first mode space; first intermediate data is the privacy data minus u'; the first modulus is determined from the d2 power of n, the absolute value of the public data, and the t2 power of n.
In one possible embodiment, the present-side fragment is a fragment of the private data multiplied by n raised to the power d1 in the initial model space, the public data and the private data are integers, the minimum value of the private data is u 'and u' is greater than or equal to 0;
the locally computing a first data slice of first intermediate data in a first mode space includes:
dividing the current fragment by d1 power of n, rounding down, and locally calculating a first data fragment of the first intermediate data in the first mode space; the first intermediate data is the private data.
Further, the constructing a first multiplier in a second mode space comprises:
if the public data is positive numbers, determining that the first base number is 1, and if the public data is negative numbers, determining that the first base number is-1;
dividing the current piece by d1 power of n, and rounding down to determine a first power value;
performing power operation by taking the first base number as the base and the first power value as an exponent to obtain a first product term;
taking the absolute value of the public data as a base, taking the first data fragment as an exponent, and performing power operation to obtain a second product term;
multiplying the first product term by the second product term to obtain a first multiplier in a second mode space; the second modulus corresponding to the second modulus space is a local power operation result with the absolute value of the public data as the bottom and 2 times of the first modulus as the exponent.
Further, the converting the first partition of the multiplication result into a first result partition of the exponentiation result in the target mode space comprises:
regarding the multiplication result as data in an absolute value system of the public data, extracting, for a first slice of the multiplication result, a first segment value of a first modulus bit whose lower bits are not 0 bits or a second segment value of a first modulus bit whose upper bits are not 0 bits to determine a first slice of a second intermediate result of a third modulus space; a third modulus corresponding to the third modulus space is a local power operation result taking the absolute value of the public data as a base and the first modulus as an exponent;
multiplying the first slice of the second intermediate result by the u' th power of the absolute value of the public data, and then multiplying by a scaling term to obtain a first slice of a third intermediate result in a third model space; the scaling item is a numerical value obtained by multiplying the d2 power of n by the t2 power of n divided by the third modulus and then rounding off and rounding up;
and multiplying the first fragment of the third intermediate result by the t2 power of n and dividing the multiplied fragment by a third modulus, and then rounding to obtain the first result fragment of the power operation result in the target mode space.
Further, the determining a first slice of a second intermediate result of a third mode space comprises:
regarding the multiplication result as data of an absolute value scale of the public data, extracting, for a first slice of the multiplication result, a first segment value of a first modulus bit of lower bits thereof, and extracting a second segment value of a first modulus bit of upper bits thereof;
the first fractional value and the second fractional value are summed to obtain a first fractional of a second intermediate result of the third modulo space.
Further, the determining a first slice of a second intermediate result of a third mode space comprises:
taking the multiplication result as the data of the absolute value system of the public data, and carrying out safety comparison operation according to the first fragment of the multiplication result of the party and the second fragment of the multiplication result of the second party to obtain a comparison result of whether the multiplication result is greater than or equal to a first modulus;
if the comparison result is that the multiplication result is smaller than the first modulus, extracting a first segmentation numerical value of a first modulus digit at the lower position of the first segmentation numerical value aiming at the first segmentation of the multiplication result, and taking the first segmentation numerical value as a first segmentation of a second intermediate result of a third modulus space;
if the comparison result is that the multiplication result is larger than or equal to the first modulus, extracting a second segmentation numerical value of the first modulus digit of the high order aiming at the first segmentation of the multiplication result, and taking the second segmentation numerical value as a first segmentation of a second middle result of a third modulus space.
In one possible embodiment, the present-side fragment is a fragment of the private data multiplied by d1 th power of n in the initial modular space, the result fragment is a fragment of the power operation result multiplied by d2 th power of n in the target modular space, the private data is not an integer, the public data is represented in a form of k th power of n, a minimum value of a target product of k and the private data is u, a maximum value thereof is v, u and v are both integers, the supported precision of the target product is d3 bits after a decimal point, and the modular value of the target modular space is t2 th power of n;
the locally computing a first data slice of first intermediate data in a first mode space includes:
locally computing a first data slice of the first intermediate data in the first mode space based on the product of the current slice and k divided by the power of d1 of n, multiplied by the power of d 3' of n, rounded and rounded; the first intermediate data is the result of the target product minus u multiplied by n raised to the power of d 3'; the first modulus is h0 multiplied by n to the power of d3 ', h0 is determined according to d2, u, v, d 2' and t2, d3 'is greater than d3, and d 2' is greater than d 2.
In one possible embodiment, the present shard is a shard of the private data multiplied by d1 th power of n in the initial modular space, the result shard is a shard of the power operation result multiplied by d2 th power of n in the target modular space, the private data is not an integer, the public data is represented in the form of k th power of n, the minimum value of a target product of k and the private data is u, the maximum value is v, u and v are both integers, and u is greater than or equal to 0, the supported precision of the target product is d3 bits after a decimal point, and the modulus value of the target modular space is t2 th power of n;
the locally computing a first data slice of first intermediate data in a first mode space includes:
locally computing a first data slice of the first intermediate data in the first mode space based on the product of the current slice and k divided by the power of d1 of n, multiplied by the power of d 3' of n, rounded and rounded; the first intermediate data is the result of the target product multiplied by n to the power of d 3'; the first modulus is h0 multiplied by n to the power of d3 ', h0 is determined from d2, u, v, d 2' and t2, d3 'is greater than d3, and d 2' is greater than d 2.
Further, the constructing a first multiplier in a second mode space comprises:
dividing the current slice by the power of d 3' of n, and adding d4 to determine a first power value; wherein d4 is determined according to d2, v, d 2';
taking n as a base and the first power value as an exponent, performing power operation, and rounding to obtain a first multiplier in a second mode space; the second modulus corresponding to the second modulus space is a local power operation result with n as a base and 2 times of h0 as an exponent.
Further, the converting the first partition of the multiplication result into a first result partition of the exponentiation result in the target mode space comprises:
taking the multiplication result as n-system data, and multiplying the first fragment of the multiplication result by an amplification item to obtain a first fragment of a second intermediate result; the amplification item is a local power operation result taking n as a base and 2(v-u + d4) as an exponent; wherein d4 is determined according to d2, v, d 2';
extracting, for a first slice of the second intermediate result, a first fractional value of the lower h0 bits whose there are non-0 bits or a second fractional value of the upper h0 bits whose there are non-0 bits to determine a first slice of a third intermediate result of a third modulo space; the third modulus corresponding to the third modulus space is h0 power of 2;
and multiplying the first fragment of the third intermediate result by the d2+3u-4d4-2v power of n, and rounding to obtain the first result fragment of the power operation result in the target mode space.
Further, the determining a first slice of a third intermediate result of a third mode space comprises:
considering the multiplication result as n-ary data, extracting a first segmented value of h0 bits lower than the first segmented value and extracting a second segmented value of h0 bits higher than the first segmented value for the first segment of the second intermediate result;
the first fractional value and the second fractional value are summed to obtain a first fractional of a third intermediate result of the third modulo space.
In one possible embodiment, the present-side fragment is a fragment of the private data multiplied by d1 th power of n in the initial modular space, the result fragment is a fragment of the power operation result multiplied by d2 th power of n in the target modular space, the private data are integers, the absolute value of the public data is expressed in k-th power form of n, the minimum value of the target product of k and the private data is u, the maximum value is v, u and v are integers, the supported precision of the target product is d3 bits after a decimal point, and the modular value of the target modular space is t2 th power of n;
the locally computing a first data slice of first intermediate data in a first mode space includes:
locally calculating a first data fragment of the first intermediate data in the first mode space based on the product of the current fragment and k divided by the d1 power of n, multiplied by the d 3' power of n, and rounded; the first intermediate data is the result of the target product minus u multiplied by n raised to the power of d 3'; the first modulus is h0 multiplied by n to the power of d3 ', h0 is determined according to d2, u, v, d 2' and t2, d3 'is greater than d3, and d 2' is greater than d 2.
In one possible embodiment, the present-side fragment is a fragment of the private data multiplied by d1 th power of n in the initial modular space, the result fragment is a fragment of the result of the power operation multiplied by d2 th power of n in the target modular space, the private data are integers, the absolute value of the public data is expressed in the form of k th power of n, the minimum value of a target product of k and the private data is u, the maximum value is v, u and v are both integers, u is greater than or equal to 0, the supported precision of the target product is d3 bits after the decimal point, and the modular value of the target modular space is t2 th power of n;
the locally computing a first data slice of first intermediate data in a first mode space includes:
locally computing a first data slice of the first intermediate data in the first mode space based on the product of the current slice and k divided by the power of d1 of n, multiplied by the power of d 3' of n, rounded and rounded; the first intermediate data is the result of the target product multiplied by n raised to the power of d 3'; the first modulus is h0 multiplied by n to the power of d3 ', h0 is determined from d2, u, v, d 2' and t2, d3 'is greater than d3, and d 2' is greater than d 2.
Further, the constructing a first multiplier in a second mode space comprises:
if the public data is positive numbers, determining that the first base number is 1, and if the public data is negative numbers, determining that the first base number is-1;
dividing the current piece by d1 power of n, and rounding down to determine a first power value;
performing power operation by taking the first base number as the base and the first power value as an exponent to obtain a first product term;
dividing the current slice by the power of d 3' of n, and adding d4 to determine a second power value; wherein d4 is determined according to d2, v, d 2';
taking n as a base and the second power value as an exponent, performing power operation, and rounding to obtain a second product term;
calculating the first product term multiplied by the second product term to obtain a first multiplier in a second mode space; the second modulus corresponding to the second modulus space is a local power operation result with n as a base and 2 times of h0 as an exponent.
Further, the converting the first partition of the multiplication result into a first result partition of the exponentiation result in the target mode space comprises:
taking the multiplication result as n-system data, and multiplying the first fragment of the multiplication result by an amplification item to obtain a first fragment of a second intermediate result; the amplification item is a local power operation result taking n as a base and 2(v-u + d4) as an exponent; wherein d4 is determined according to d2, v, d 2';
extracting, for a first slice of the second intermediate result, a first fractional value of the lower h0 bits whose there are non-0 bits or a second fractional value of the upper h0 bits whose there are non-0 bits to determine a first slice of a third intermediate result of a third modulo space; the third modulus corresponding to the third modulus space is h0 power of 2;
and multiplying the first fragment of the third intermediate result by the d2+3u-4d4-2v power of n, and rounding to obtain the first result fragment of the power operation result in the target mode space.
Further, the determining a first slice of a third intermediate result of a third mode space comprises:
considering the multiplication result as n-ary data, extracting a first segmented value of h0 bits lower than the first segmented value and extracting a second segmented value of h0 bits higher than the first segmented value for the first segment of the second intermediate result;
the first fractional value and the second fractional value are summed to obtain a first fractional of a third intermediate result of the third modulo space.
In a second aspect, an apparatus for secure processing of private data distributed in a shared manner in an initial modular space between a first party and a second party is provided, the apparatus being configured to obtain a result fragment in a target modular space based on public data and a result of a power operation exponential on the private data, the apparatus being provided at the first party, and including:
the local computing unit is used for locally computing a first data fragment of the first intermediate data in the first mode space at least based on the local fragment of the private data; the first intermediate data is a non-negative value, and a first modulus corresponding to the first modulus space is determined according to the modulus value of the target modulus space; a second data slice of the first intermediate data in a first modulus space is held by the second party;
the multiplier constructing unit is used for constructing a first multiplier in a second mode space according to local power operation taking the first data fragment obtained by the local computing unit as an exponent; a second modulus corresponding to the second mode space is determined based on the first modulus;
the safety multiplication unit is used for carrying out safety multiplication operation according to a first multiplier obtained by the multiplier construction unit provided by the self and a second multiplier provided by a second party to obtain a first fragment of a multiplication result; the second party obtains a second fragment of the multiplication result; wherein the second multiplier is constructed by the second party from a second data slice it holds; the multiplication result has two values;
a result conversion unit, configured to convert the first segment of the multiplication result obtained by the secure multiplication unit into a first result segment of the exponentiation result in the target mode space; the second party obtains a corresponding second result fragment.
In a third aspect, there is provided a computer readable storage medium having stored thereon a computer program which, when executed in a computer, causes the computer to perform the method of the first aspect.
In a fourth aspect, there is provided a computing device comprising a memory having stored therein executable code and a processor that, when executing the executable code, implements the method of the first aspect.
According to the method and the device provided by the embodiment of the specification, the private data are distributed to a first party and a second party in an initial module space in a shared mode, the method is used for obtaining the result fragment of a power operation result taking public data as a base number and taking the private data as an exponent in a target module space, and firstly, the first party locally calculates a first data fragment of first intermediate data in the first module space at least based on the local fragment of the private data; the first intermediate data is a non-negative value, and a first modulus corresponding to the first modulus space is determined according to the modulus value of the target modulus space; a second data slice of the first intermediate data in a first modulus space is held by the second party; then constructing a first multiplier in a second mode space according to local power operation taking the first data fragment as an exponent; a second modulus corresponding to the second mode space is determined based on the first modulus; then, according to the first multiplier provided by the first party and the second multiplier provided by the second party, carrying out safe multiplication operation to obtain a first fragment of a multiplication result; the second party obtains a second fragment of the multiplication result; wherein the second multiplier is constructed by the second party from a second data slice it holds; the multiplication result has two values; finally, the first fragment of the multiplication result is converted into a first result fragment of the power operation result in the target mode space; the second party obtains a corresponding second result fragment. As can be seen from the above, in the embodiments of the present specification, by constructing a multiplier, converting a secure exponentiation operation into a secure multiplication operation, and extracting an exponentiation result from a multiplication result of the secure multiplication operation, the secure exponentiation operation can be implemented, and the secure exponentiation operation has low traffic and good performance.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
FIG. 1 is a schematic diagram illustrating an implementation scenario of an embodiment disclosed herein;
FIG. 2 illustrates a secure multiply operation processing diagram according to one embodiment;
FIG. 3 illustrates a flow diagram of a method for secure processing of private data, according to one embodiment;
fig. 4 shows a schematic block diagram of a secure processing device of private data according to one embodiment.
Detailed Description
The scheme provided by the specification is described below with reference to the accompanying drawings.
Fig. 1 is a schematic view of an implementation scenario of an embodiment disclosed in this specification. The implementation scenario relates to secure processing of private data, the private data are distributed in a shared manner in an initial modular space between a first party and a second party, and the method is used for obtaining result fragments of a power operation result taking public data as a base number and taking the private data as an exponent in a target modular space. As shown in fig. 1, a scenario of secure processing of private data involves party a and party B, or first and second parties, or party a and party B. The various participants may be implemented as any computing, processing capable device, platform, server, or cluster of devices. And the two parties jointly determine the power operation result under the condition of protecting data privacy, and the power operation result is specifically realized by secret sharing.
Secret sharing (secret sharing), also called secret splitting, secret sharing, is a cryptographic technique originally used for the management of secret information. The basic principle of the method is to split the secret into a plurality of shards (shares) and respectively deliver the shards to different participants for storage. Only if each participant exceeding the threshold number combines the respective fragments, the secret can be recovered; no secret information can be recovered from less than a threshold number of slices. In multi-party security computing, the number of thresholds is typically the same as the number of participants. When secret sharing is used for multi-party security calculation, a shard conversion (share conversion) technology is adopted: firstly, input data of each party are respectively split into fragments and the fragments are mutually exchanged; then, each party respectively carries out conversion (conversion) operation on a plurality of local fragments to respectively obtain a new fragment, and the fragment is a fragment of an operation result; and finally, combining all the new fragments by each party to obtain an operation result.
Referring to FIG. 1, party A holds one slice of x<x> 0 The B party holds another slice of x<x> 1 Specifically, parties A and B each hold x n d1 Modulo n of t1 One slice of (1), round (x n) d1 )=<x> 0 +<x> 1 %n t1 . It is to be understood that round can be viewed as a rounding function that operates to round a value by the specified number of bits, which can also be referred to as rounding. Slicing<x> 0 And<x> 1 is an integer, modulo n t1 The space, i.e. the initial mode space. If the integer part of x is much smaller or much larger than t1 bits, it is multiplied by n d1 So as to ensure that the rounded information is not lost. Wherein, the value of n and the adopted system number haveIn general binary representation, n is 2, and in decimal representation, n is 10. In the following examples, the embodiment of the present specification will be described by taking the value of n as 2 as an example.
a is public data, that is, both parties a and B know the value of a.
After A party and B party perform secret sharing-based secure multi-party computation, the A party obtains a x A slice of<a x > 0 Party B obtains a x To another slice<a x > 1 If y is otherwise equal to a x Then party a and party B each hold one shard of y, specifically, party a and party B each hold y × n d2 Modulo n t2 One slice of (1), i.e. round (y × n) d2 )=<y> 0 +<y> 1 %n t2 . Slicing<y> 0 And<y> 1 is an integer, modulo n t2 Space, i.e. target mode space. It will be appreciated that the shards in secret sharing must be integers, secret sharing can only operate on integers, and if the integer portion of a number is much smaller or larger than the modulo digit, it is multiplied by an integer power of n.
In the embodiment of the specification, in the secure multiparty computation based on secret sharing, a can be used x An exponential operation expressed as a base n, in particular a x Base n-transformed exponential sign (a) x ×n kx . Wherein a ═ sign (a) x n k . And z is kx. It will be appreciated that sign can be considered a sign function, acting as a sign of the extracted value, e.g. a>0, sign (a) is 1; when a is 0, sign (a) is 0; a is<0, sign (a) is-1.
The range of z supported in secure multiparty computation is [ u, v ]. u and v are both integers. If z < u, the result is 0; if z > v, the result overflows or intermediate operations overflow. The precision of z supported in secure multi-party computation is d3 bits after the decimal point.
It will be appreciated that the private data may be any data that is not convenient to disclose, and may be, but is not limited to, data representing personal information of the user, or trade secrets or the like.
In the embodiments of the present description, the exponentiation result is obtained based on the secure multiplication under secret sharing, so that the secure exponentiation can be realized, and the secure exponentiation result is low in traffic and excellent in performance.
Secure multiplication under secret sharing has already existed implementations with better performance.
FIG. 2 illustrates a secure multiply operation process diagram according to one embodiment. Referring to fig. 2, in the secure multiplication operation, b and c are two pieces of data that need to be privacy protected, the first party has one piece b0 of b and one piece c0 of c, the second party has another piece b1 of b and another piece c1 of c, and the product bc of the two pieces of data needs to be obtained, so that the first party obtains one piece of the product and the second party obtains another piece of the product. Firstly, a third party sends u0, v0 and z0 to a first party and sends u1, v1 and z1 to a second party, wherein (u0+ u1) x (v0+ v1) is (z0+ z 1); the first party then locally computes e0 as b0-u0 based on its own one slice b0 of b and one slice u0 of u received from the third party; the first party locally calculates f0 as c0-v0 according to one fragment c0 of c held by the first party and one fragment v0 of v received from the third party; the first party sends e0 and f0 to the second party; then the second party locally calculates e1 as b1-u1 according to one slice b1 of b owned by the second party and one slice u1 of u received from the third party; the second party locally calculates f1 as c1-v1 according to one fragment c1 of c owned by the second party and one fragment v1 of v received from the third party; the second party sends e1 and f1 to the first party; finally, the first party and the second party respectively obtain e-b-u and f-c-v through local calculation; the first party locally calculates h0 ═ ef + u0f + ev0+ z0, and takes h0 as a slice of the multiplication result of bc; the second party computes h1 locally, u1f + ev1+ z1, with h1 as one slice of the multiplication result of bc. It can be shown that h0+ h1 ═ ef + uf + ev + uv ═ e + u (f + v) ═ bc.
Wherein u is a first random number generated by a third party, u0 is a first fragment of the first random number, and u1 is a second fragment of the first random number; v is a second random number generated by the third party, v0 is a first fragment of the second random number, and v1 is a second fragment of the second random number.
In the embodiments of the present specification, when the secure multiplication operation is required, all the operations may be based on the above processing procedure.
Fig. 3 is a flowchart illustrating a method for securely processing private data according to an embodiment, where the method may be based on the implementation scenario shown in fig. 1 and the secure multiplication processing procedure shown in fig. 2, where the private data is distributed in a shared manner between a first party and a second party in an initial modular space, and the method is used to obtain a result fragment in a target modular space based on public data and an exponential operation result in an exponent of the private data, where the method is performed by the first party. As shown in fig. 3, the method for securely processing private data in this embodiment includes the following steps:
firstly, in step 31, locally calculating a first data fragment of first intermediate data in a first mode space based on at least a local fragment of the private data; the first intermediate data is a non-negative value, and a first modulus corresponding to the first modulus space is determined according to the modulus value of the target modulus space; a second data slice of the first intermediate data in a first modulus space is held by the second party. It is to be understood that the private data is an index, and the step of transforming the index in the sliced state includes transforming the modulus of its slice from the slice of the initial modulus space to the slice of the first modulus space; further comprising transforming to a non-negative value such that a sum of the first data slice and the second data slice is equal to the first intermediate data or equal to a sum of the first intermediate data and the first modulus.
Then, in step 32, according to a local power operation taking the first data fragment as an exponent, constructing a first multiplier in a second mode space; a second modulus corresponding to the second mode space is determined based on the first modulus. It will be appreciated that the first party constructs a first multiplier and the second party constructs a second multiplier such that the product of the first multiplier and the second multiplier contains information of the result of the aforementioned power operation.
Then, in step 33, a secure multiplication operation is performed according to the first multiplier provided by the present party and the second multiplier provided by the second party to obtain a first segment of a multiplication result; the second party obtains a second fragment of the multiplication result; wherein the second multiplier is constructed by the second party from a second data slice it holds; the multiplication result has two values. It will be appreciated that the multiplication result has two values, since the sum of the first data slice and the second data slice is equal to the first intermediate data, or equal to the sum of the first intermediate data and the first modulus.
Wherein the second modulus is selected such that the non-0 bit of the multiplication result is in the lower first modulus bit or in the upper first modulus bit.
Finally, in step 34, the first partition of the multiplication result is converted into a first result partition of the exponentiation result in the target mode space; the second party obtains a corresponding second result fragment. It will be appreciated that since the multiplication result has two values, the conversion involves determining the only value of the exponentiation result from the two values, and also involves conversion of the modulus.
According to the method provided by the embodiment of the specification, the private data are distributed to a first party and a second party in an initial module space in a shared mode, the method is used for obtaining result fragments of a power operation result taking public data as a base number and taking the private data as an exponent in a target module space, and first, the first party locally calculates a first data fragment of first intermediate data in the first module space at least based on the local fragment of the private data; the first intermediate data is a non-negative value, and a first modulus corresponding to the first modulus space is determined according to the modulus value of the target modulus space; a second data slice of the first intermediate data in a first modulus space is held by the second party; then, according to a local power operation taking the first data fragment as an exponent, constructing a first multiplier in a second modular space; a second modulus corresponding to the second modulus space is determined based on the first modulus; then, according to the first multiplier provided by the party and the second multiplier provided by the second party, carrying out safe multiplication operation to obtain a first fragment of a multiplication result; the second party obtains a second fragment of the multiplication result; wherein the second multiplier is constructed by the second party from a second data slice it holds; the multiplication result has two values; finally, the first fragment of the multiplication result is converted into a first result fragment of the power operation result in the target mode space; the second party obtains a corresponding second result fragment. As can be seen from the above, in the embodiments of the present specification, by constructing a multiplier, converting a secure exponentiation operation into a secure multiplication operation, and extracting an exponentiation result from a multiplication result of the secure multiplication operation, the secure exponentiation operation can be implemented, and the secure exponentiation operation has low traffic and good performance.
Referring to the implementation scenario shown in fig. 1, a represents public data, x represents private data, whether a and x are integers, and when a is sign (a) x n k If k is an integer, the specific execution manner of each step shown in fig. 3 is slightly different.
Specific implementation manners of the above steps are described below for several cases.
The first condition is as follows: k and x are both integers.
In this case, the sign of a may be positive or negative. If d1> -0, x can be recovered exactly from the slice of x. If d1<0, x cannot be recovered exactly from the slice of x, only the sign of a is supported as positive.
In one example, the current-side shard is a shard of the private data multiplied by a power of d1 of n in the initial modular space, the result shard is a shard of the power operation result multiplied by a power of d2 of n in the target modular space, the absolute value of the public data is expressed in a form of a power of k of n, k and the private data are both integers, the minimum value of the target product of k and the private data is u, u is an integer, and the modular value of the target modular space is a power of t2 of n;
the locally computing a first data slice of first intermediate data in a first modulus space includes:
based on the product of the current fragment and k divided by the d1 power of n, and then rounding down, locally calculating a first data fragment of the first intermediate data in the first mode space; the first intermediate data is the result of the target product minus u; the first modulus is 0 and the larger of-d 2-u plus t 2.
For example, a x Base 2 conversion exponent sign (a) x ×2 kx 。a=sign(a)×2 k . And z is kx. z is in the range [ u, v ]]. Both the first party and the second party calculate c kx-u securely, each obtaining a slice of c modulo h 0. Wherein the first party calculates<c> 0 =floor(k<x> 0 /2 d1 ) % h0, second party calculation<c> 1 =ceil(k<x> 1 /2 d1 -u)% h0, i.e. having c ═ kx-u, and the value range is [0, v-u%]And c is a non-negative number. And is provided with<c> 0 +<c> 1 C or c + h0 kx-u or kx-u + h 0.
It will be appreciated that c is the first intermediate data and h0 is the first modulus. floor function, which acts to round down, i.e., return the largest integer no larger than the specified expression. The ceil function, which acts to round up, i.e., return the smallest integer greater than or equal to the specified expression.
If d2+ u > is 0, then h0 is t 2; otherwise, h0 is t2-d 2-u. Namely, the method comprises the following steps: h0 ═ t2+ max (0, -d 2-u).
In one example, the current-side shard is a shard of the private data multiplied by a power of d1 of n in the initial modular space, the result shard is a shard of the power operation result multiplied by a power of d2 of n in the target modular space, the absolute value of the public data is expressed in a form of a power of k of n, k and the private data are integers, the minimum value of the target product of k and the private data is u, u is an integer and u is greater than or equal to 0, and the modular value of the target modular space is a power of t2 of n;
the locally computing a first data slice of first intermediate data in a first mode space includes:
based on the product of the current fragment and k divided by the d1 power of n, and then rounding down, locally calculating a first data fragment of the first intermediate data in the first mode space; the first intermediate data is the result of the target product; the first modulus is 0 and the larger of-d 2 plus t 2.
For example, if u > -0, the aforementioned c-kx-u may be replaced by c-kx, which satisfies that c is a non-negative number.
Further, the constructing a first multiplier in a second mode space comprises:
if the public data is positive numbers, determining that the first base number is 1, and if the public data is negative numbers, determining that the first base number is-1;
dividing the current piece by d1 power of n, and rounding down to determine a first power value;
performing power operation by taking the first base number as the base and the first power value as an exponent to obtain a first product term;
taking n as a base, taking the first data fragment as an exponent, and performing power operation to obtain a second product term;
multiplying the first product term by the second product term to obtain a first multiplier in a second mode space; and the second modulus corresponding to the second modulus space is a local power operation result taking n as a base and taking 2 times of the first modulus as an exponent.
For example, the first party calculates
Second party calculation
If a is a positive number, sign (a) is 1,
and
it may be omitted that if a is negative, sign (a) is-1.
It will be appreciated that w0 is the first multiplier and w1 is the second multiplier, 2 h2 Is the second modulus. Wherein, h2 is 2h 0.
In the embodiment of this specification, the secure multiplication operation of step 33 is a secure computation of two parties
Regardless of the sign of x, if d1>When the value is equal to 0, then<x> 0 +<x> 1 /2 d1 And x% 2 h0 Are the same in parity and therefore have
Therefore, the temperature of the molten metal is controlled,
it is understood that b is the multiplication result and | b | has only one bit of 1, which belongs to the low h0 bit or to the high h0 bit. The first party gets the first slice of the multiplication result, noted as<b> 0 (ii) a The second party gets the second slice of the multiplication result, which is recorded as<b> 1 。
Further, the converting the first partition of the multiplication result into a first result partition of the exponentiation result in the target mode space comprises:
regarding the multiplication result as n-ary data, extracting a first segment value of a first modulus bit having a lower order than 0 bits for a first segment of the multiplication result or extracting a second segment value of a first modulus bit having an upper order than 0 bits for a second segment of the multiplication result to determine a first segment of a second intermediate result of a third modulus space;
and multiplying the first fragment of the second intermediate result by the d2+ u power of n, and then rounding off and rounding to obtain the first result fragment of the power operation result in the target module space.
For example, the multiplication result b has two values, i.e., b ═ sign (a) x 2 kx-u Or sign (a) x 2 kx-u+h0 B' ═ sign (a) is obtained according to b x 2 kx-u . b' is the second intermediate result. One piece with b' held by the first party<b′> 0 The second party having the other of bSlicing<b′> 1 . The first party calculates a first result patch<y> 0 =round(<b′> 0 ×2 d2+u )%2 t2 The second party computing a second result patch<y> 1 =round(<b′> 1 ×2 d2+u )%2 t2 . Where + u is optional, if the aforementioned c ═ kx, then here<y> 0 =round(<b′> 0 ×2 d2 )%2 t2 ,<y> 1 =round(<b′> 1 ×2 d2 )%2 t2 。
Wherein b' can be made approximately equal to sign (a) by an approximation algorithm x 2 kx-u B' can also be made exactly equal to sign (a) by an exact algorithm x 2 kx-u 。
Further, the determining a first slice of a second intermediate result of a third mode space comprises:
regarding the multiplication result as n-ary data, extracting a first segmentation value of a first lower modulus digit of the multiplication result for a first segmentation of the multiplication result, and extracting a second segmentation value of a first higher modulus digit of the multiplication result;
the first fractional value and the second fractional value are summed to obtain a first fractional of a second intermediate result of the third modulo space.
This example pertains to an approximation algorithm. For example, the first party calculates<b′> 0 =<b> 0 +round(<b> 0 /2 h0 )%2 h0 Second party calculation<b′> 1 =<b> 1 +round(<b> 1 /2 h0 )%2 h0 。
It can be verified that if b ═ sign (a) x 2 kx-u Then b% 2 h0 =sign(a) x 2 kx-u And round (<b> 0 /2 h0 )+round(<b> 1 /2 h0 )%2 h0 The value is approximately equal to 0; if b is sign (a) x 2 kx-u+h0 Then b% 2 h0 0 and round: (<b> 0 /2 h0 )+round(<b> 1 /2 h0 )%2 h0 ≈sign(a) x 2 kx-u . Therefore b' ≈ sign (a) x 2 kx-u 。
Further, the determining a first slice of a second intermediate result of a third mode space comprises:
regarding the multiplication result as n-system data, and performing a secure comparison operation according to a first fragment of the multiplication result of the local party and a second fragment of the multiplication result of the second party to obtain a comparison result of whether the multiplication result is greater than or equal to a first modulus;
if the comparison result is that the multiplication result is smaller than the first modulus, extracting a first segmentation numerical value of a first modulus digit at the lower position of the first segmentation numerical value aiming at the first segmentation of the multiplication result, and taking the first segmentation numerical value as a first segmentation of a second intermediate result of a third modulus space;
and if the comparison result is that the multiplication result is greater than or equal to the first modulus, extracting a second segmentation numerical value of the first modulus digit of the high order aiming at the first segmentation of the multiplication result, and taking the second segmentation numerical value as a first segmentation of a second intermediate result of the third modulus space.
This example pertains to a precision algorithm. For example, the first and second parties compare e ═ safely (<c> 0 +<c> 1 H0) and the two parties respectively obtain one fragment of the comparison result e, and the following safety selection protocols of the two parties are carried out according to the comparison result e to obtain:
if e ═ 0, then b ═ b% 2 h0 =sign(a) x 2 kx-u (ii) a If e is equal to 1, then<b′> 0 =floor(<b> 0 /2 h0 );<b′> 1 =ceil(<b> 1 /2 h0 ). Thus b' ═ sign (a) x 2 kx-u 。
Case two: a and x are both integers.
In this case, the sign of a may be positive or negative. If d1> -0, x can be recovered exactly from the slice of x. If d1<0, x cannot be recovered exactly from the slice of x, only the sign of a is supported as positive.
In one example, the current-side shard is a shard of the private data multiplied by a power of d1 of n in the initial modular space, the result shard is a shard of the exponentiation result multiplied by a power of d2 of n in the target modular space, the public data and the private data are both integers, the minimum value of the private data is u', and the modular value of the target modular space is a power of t2 of n;
the locally computing a first data slice of first intermediate data in a first mode space includes:
dividing the current fragment by d1 power of n, rounding down, and locally calculating a first data fragment of the first intermediate data in the first mode space; first intermediate data is the privacy data minus u'; the first modulus is determined from the d2 power of n, the absolute value of the public data, and the t2 power of n.
For example, x can take on a value in the range [ u', v]. And c is safely calculated as x-u' by both the first party and the second party, and a fragment of the modulus h0 of c is obtained respectively. Wherein the first party calculates<c> 0 =floor(<x> 0 /2 d1 ) % h0, second party calculation<c> 1 =ceil(<x> 1 /2 d1 -u ')% h0, i.e. with c ═ x-u ', in the range [0, v ' -u]And c is a non-negative number. And is provided with<c> 0 +<c> 1 C or c + h0 x-u 'or x-u' + h 0.
It will be appreciated that c is the first intermediate data and h0 is the first modulus. The value of h0 is relevant to the subsequent processing and will be described later.
In one example, the present-side shard is a shard of the private data multiplied by n raised to the power of d1 in the initial model space, the public data and the private data are both integers, the minimum value of the private data is u 'and u' is greater than or equal to 0;
the locally computing a first data slice of first intermediate data in a first mode space includes:
dividing the current fragment by d1 power of n, rounding down, and locally calculating a first data fragment of the first intermediate data in the first mode space; the first intermediate data is the private data.
For example, if u '> 0, the aforementioned c-x-u' may be replaced by c-x, which satisfies that c is a non-negative number.
Further, the constructing a first multiplier in a second mode space comprises:
if the public data is positive numbers, determining that the first base number is 1, and if the public data is negative numbers, determining that the first base number is-1;
dividing the current piece by d1 power of n, and rounding down to determine a first power value;
performing power operation by taking the first base number as the base and the first power value as an exponent to obtain a first product term;
taking the absolute value of the public data as a base, taking the first data fragment as an exponent, and performing power operation to obtain a second product term;
multiplying the first product term by the second product term to obtain a first multiplier in a second mode space; the second modulus corresponding to the second modulus space is a local power operation result with the absolute value of the public data as the bottom and 2 times of the first modulus as the exponent.
For example, the first party calculates
Second party calculation
If a is a positive number, sign (a) is 1,
and
it may be omitted that if a is negative, sign (a) is-1.
It is understood that w0 is the first multiplier, w1 is the second multiplier, | a | c h2 Is the second modulus. Wherein, h2 is 2h 0.
In the embodiment of this specification, the secure multiplication operation of step 33 is a secure computation of two parties
Regardless of the sign of x, if d1>When the value is equal to 0, then<x> 0 +<x> 1 /2 d1 Parity of x is the same, and therefore has
Therefore, the number of the first and second electrodes is increased,
it is understood that b is the multiplication result, and in the | a | system, | b | has only one bit of 1, which belongs to the low h0 bit or the high h0 bit. The first party gets the first slice of the multiplication result, which is marked as<b> 0 (ii) a The second party gets the second slice of the multiplication result, which is recorded as<b> 1 。
Further, the converting the first partition of the multiplication result into the first result partition of the exponentiation result in the target mode space comprises:
regarding the multiplication result as data in an absolute value system of the public data, extracting, for a first slice of the multiplication result, a first segment value of a first modulus bit whose lower bits are not 0 bits or a second segment value of a first modulus bit whose upper bits are not 0 bits to determine a first slice of a second intermediate result of a third modulus space; a third modulus corresponding to the third modulus space is a local power operation result taking the absolute value of the public data as a base and the first modulus as an exponent;
multiplying the first slice of the second intermediate result by the u' th power of the absolute value of the public data, and then multiplying by a scaling term to obtain a first slice of a third intermediate result in a third model space; the scaling item is a numerical value obtained by multiplying the d2 power of n by the t2 power of n divided by the third modulus and then rounding off and rounding up;
and multiplying the first fragment of the third intermediate result by the t2 power of n to divide by the third modulus, and then rounding to obtain the first result fragment of the power operation result in the target module space.
For example, the multiplication result b has two values, i.e., b ═ sign (a) x |a| x-u′ Or sign (a) x |a| x-u′+h0 B' ═ sign (a) is obtained according to b x |a| x-u′ . b' is the second intermediate result. One piece with b' held by the first party<b′> 0 The second party holds another slice of b<b′> 1 . Both parties calculate b ″ ═ b' × | a- u′ ×round(2 d2 ×|a| h0 /2 t2 )%|a| h0 . b "is the third intermediate result. One piece of b' held by the first party<b″> 0 The second party holds another slice of b ″<b″> 1 . h0 should be taken large enough so that b "is not overflowed when calculated. | a | h0 ≥2 t2 It can be satisfied. The first party calculates a first result patch<y> 0 =round(<b″> 0 ×2 t2 /|a| h0 )%2 t2 The second party computing a second result patch<y> 1 =round(<b″> 1 ×2 t2 /|a| h0 )%2 t2 . Wherein when b' is calculated x a non-calculation u′ Alternatively, if the aforementioned c ═ x, then b ″ ═ b' × round (2) d2 ×|a| h0 /2 t2 )%|a| h0 . In this example, a conversion process between modes for non-integer division is included. In calculating b' and y, scaling and modulo conversion are involved, requiring round (2) d2 ×|a| h0 /2 t2 )≈2 d2 ×|a| h0 /2 t2 H0 should be taken to be large enough and suitable enough.
Wherein b' can be made approximately equal to sign (a) by an approximation algorithm x |a| x-u′ B' can also be made exactly equal to sign (a) by an exact algorithm x |a| x-u′ 。
Further, the determining a first slice of a second intermediate result of a third mode space comprises:
regarding the multiplication result as data of an absolute value scale of the public data, extracting, for a first slice of the multiplication result, a first segment value of a first modulus bit of lower bits thereof, and extracting a second segment value of a first modulus bit of upper bits thereof;
the first fractional value and the second fractional value are summed to obtain a first fractional of a second intermediate result of the third modulo space.
This example pertains to an approximation algorithm. For example, the first party calculates<b′> 0 =<b> 0 +round(<b> 0 /|a| h0 )%|a| h0 Second party computing<b′> 1 =<b> 1 +round(<b> 1 /|a| h0 )%|a| h0 。
It can be verified that if b ═ sign (a) x |a| x-u′ Then b% | a h0 =sign(a) x |a| x-u′ And round (<b> 0 /|a| h0 )+round(<b> 1 /|a| h0 )%|a| h0 0 is approximately distributed; if b is sign (a) x |a| x-u′+h0 Then b% | a h0 0 and round: (<b> 0 /|a| h0 )+round(<b> 1 /|a| h0 )%|a| h0 ≈sign(a) x |a| x-u′ . Therefore b' ≈ sign (a) x |a| x-u′ 。
Further, the determining a first slice of a second intermediate result of a third mode space comprises:
regarding the multiplication result as the data of the absolute value system of the public data, and performing a secure comparison operation according to the first fragment of the multiplication result of the local party and the second fragment of the multiplication result of the second party to obtain a comparison result of whether the multiplication result is greater than or equal to a first modulus;
if the comparison result is that the multiplication result is smaller than the first modulus, extracting a first segmentation numerical value of a first modulus digit at the lower position of the first segmentation numerical value aiming at the first segmentation of the multiplication result, and taking the first segmentation numerical value as a first segmentation of a second intermediate result of a third modulus space;
if the comparison result is that the multiplication result is larger than or equal to the first modulus, extracting a second segmentation numerical value of the first modulus digit of the high order aiming at the first segmentation of the multiplication result, and taking the second segmentation numerical value as a first segmentation of a second middle result of a third modulus space.
This example pertains to a precision algorithm. For example, the first and second parties compare e ═ safely (<c> 0 +<c> 1 H0) and each of the two parties obtains one fragment of the comparison result e, and the following two safety selections are carried out according to the comparison result e to obtain:
if e ═ 0, then b ═ b% | a | non-conducting light h0 =sign(a) x |a| x-u′ (ii) a If e is equal to 1, then<b′> 0 =floor(<b> 0 /|a| h0 );<b′> 1 =ceil(<b> 1 /|a| h0 ). Thus b' ═ sign (a) x |a| x-u′ 。
Case three: x is a non-integer.
In this case, the sign of a is not negative.
In one example, the current-side shard is a shard of the private data multiplied by a power of d1 of n in the initial modular space, the result shard is a shard of the power operation result multiplied by a power of d2 of n in the target modular space, the private data is not an integer, the public data is represented in a form of a power of k of n, a minimum value of a target product of k and the private data is u, a maximum value thereof is v, u and v are both integers, a precision of the target product supported is d3 bits after a decimal point, and a modular value of the target modular space is a power of t2 of n;
the locally computing a first data slice of first intermediate data in a first mode space includes:
locally computing a first data slice of the first intermediate data in the first mode space based on the product of the current slice and k divided by the power of d1 of n, multiplied by the power of d 3' of n, rounded and rounded; the first intermediate data is the result of the target product minus u multiplied by n raised to the power of d 3'; the first modulus is h0 multiplied by n to the power of d3 ', h0 is determined from d2, u, v, d 2' and t2, d3 'is greater than d3, and d 2' is greater than d 2.
For example, a x Base 2 conversion exponent sign (a) x ×2 kx 。a=sign(a)×2 k . And z is kx. z is in the range [ u, v ]]. Secure calculation of c ═ kx-u x 2 for both the first party and the second party d3′ One slice of modulo h1 is obtained for each c. Wherein the first party calculates<c> 0 =round((k<x> 0 /2 d1 )×2 d3′ ) % h1, second party calculation<c> 1 =round((k<x> 1 /2 d1 -u)×2 d3′ ) % h1, i.e. having c ═ kx-u.times.2 d3′ The value range is [0, (v-u) × 2 d3′ ]And c is a non-negative number. And has a<c> 0 +<c> 1 )/2 d3′ =c/2 d3′ Or (c + h1)/2 d3′ K x-u or k x-u + h 0.
It will be appreciated that c is the first intermediate data and h1 is the first modulus. H 1-h 0 × 2 d3′ . If k is a small number or d3 '-d 1<0, some error is introduced, and the value of d 3' can be increased slightly to reduce the effect.
In one example, the present-side shard is a shard of the private data multiplied by a power of d1 of n in the initial modular space, the result shard is a shard of the power operation result multiplied by a power of d2 of n in the target modular space, the private data is not an integer, the public data is represented in a form of a power of k of n, a minimum value of a target product of k and the private data is u, a maximum value thereof is v, u and v are both integers, u is greater than or equal to 0, supported precision of the target product is d3 bits after a decimal point, and a modular value of the target modular space is a power of t2 of n;
the locally computing a first data slice of first intermediate data in a first mode space includes:
locally computing a first data slice of the first intermediate data in the first mode space based on the product of the current slice and k divided by the power of d1 of n, multiplied by the power of d 3' of n, rounded and rounded; the first intermediate data is the result of the target product multiplied by n raised to the power of d 3'; the first modulus is h0 multiplied by n to the power of d3 ', h0 is determined from d2, u, v, d 2' and t2, d3 'is greater than d3, and d 2' is greater than d 2.
For example, if u>When c is 0, (kx-u) x 2 d3′ Alternatively, c ═ kx × 2 d3′ And c is a non-negative number.
Further, the constructing a first multiplier in a second mode space comprises:
dividing the current slice by the power of d 3' of n, and adding d4 to determine a first power value; wherein d4 is determined according to d2, v, d 2';
taking n as a base and the first power value as an exponent, performing power operation, and rounding to obtain a first multiplier in a second mode space; the second modulus corresponding to the second modulus space is a local power operation result with n as a base and 2 times of h0 as an exponent.
For example, the first party calculates
Making the number of significant digits not exceed v-u + d4, and if the number of significant digits exceeds v-u + d4, rounding off the redundant mantissas and setting the redundant mantissas to 0; second party calculation
And the number of significant digits does not exceed v-u + d4, and if the number exceeds the value, the redundant mantissas are rounded and set to 0.
It will be appreciated that w0 is the first multiplier and w1 is the second multiplier, 2 h2 Is the second modulus. Wherein, h2 is 2h 0.
In the embodiment of the present specification, the secure multiplication operation in step 33 is a simple sum of the secure calculations b ═ w0
Or 2 kx-u+2d4+h0 。
It will be appreciated that b is the multiplication result. The first party gets the first slice of the multiplication result, which is marked as<b> 0 (ii) a The second party gets the second slice of the multiplication result, which is recorded as<b> 1 。
It will be appreciated that y can be derived from
And
the product of (2) is extracted, but since the secure multiplication operation can only be performed on integers, the secure multiplication needs to be performed after scaling and rounding two multipliers. Scaling is on the one hand because the result y requires scaling 2 d2 After doubling, the fragment is split, and as a result, y has at most v + d2 bits to be stored in the fragment. On the other hand, to ensure the accuracy of y, the multiplier needs to be amplified. Due to the fact that
Has a minimum value of 1, and an amplification of 2 d4 =2 d2+(v+d2′) The requirement may be satisfied, where i ═ 0 or 1.
Further, the converting the first partition of the multiplication result into a first result partition of the exponentiation result in the target mode space comprises:
taking the multiplication result as n-system data, and multiplying the first fragment of the multiplication result by an amplification item to obtain a first fragment of a second intermediate result; the amplification item is a local power operation result taking n as a base and 2(v-u + d4) as an exponent; wherein d4 is determined according to d2, v, d 2';
extracting, for a first slice of the second intermediate result, a first fractional value of the lower h0 bits whose there are non-0 bits or a second fractional value of the upper h0 bits whose there are non-0 bits to determine a first slice of a third intermediate result of a third modulo space; the third modulus corresponding to the third modulus space is h0 power of 2;
and multiplying the first fragment of the third intermediate result by the d2+3u-4d4-2v power of n, and rounding to obtain the first result fragment of the power operation result in the target mode space.
For example, the multiplication result b has two values, i.e., b is 2 kx-u+2d4 Or 2 kx-u+2d4+h0 If necessary, b' is b × 2 2(v-u+d4) 。b' is the second intermediate result. One piece with b' held by the first party<b′> 0 The second party holds another slice of b<b′> 1 . Significant numbers of b' have at most the 2(v-u + d4) -1 positions and are located in the low h0 or high h0 positions. Here, h0 > max (kx-u +2d4) +2(v-u + d4) ═ 3v-3u +4d4 is required. B ″ -2 is obtained from b kx-3u+4d4+2v . b "is the third intermediate result. One piece of b' held by the first party<b″> 0 The second party holds another slice of b ″<b″> 1 . The first party calculates a first result patch<y> 0 =round(<b″> 0 ×2 d2+3u-4d4-2v )%2 t2 The second party computing a second result patch<y> 1 =round(<b″> 1 ×2 d2+3u-4d4-2v )%2 t2 . Here it is claimed that h0+ d2+3u-4d4-2v ≧ t2, i.e. h0 ≧ t2- (d2+3u-4d4-2v) ═ t2+4d4+2v-d2-3 u. Another h 0-t 2- (d2+3u-4d4-2v) may satisfy the requirement, wherein, according to the previous analysis, another d 4-d 2+ (v + d2 '), another h 0-t 2- (d2+3u-4d4-2v) ═ t2-d2-3u +2v +4d2+4v +4d2 ═ t2-3u +6v +3d2+4d 2'.
Wherein b' can be made approximately equal to 2 by an approximation algorithm kx-3u+4d4+2v 。
Further, the determining a first slice of a third intermediate result of a third mode space comprises:
considering the multiplication result as n-ary data, extracting a first segmented value of h0 bits lower than the first segmented value and extracting a second segmented value of h0 bits higher than the first segmented value for the first segment of the second intermediate result;
the first fractional value and the second fractional value are summed to obtain a first fractional of a third intermediate result of the third modulo space.
For example, the two-party secure computation b ″ ═ b '+ round (b'/2) h0 )%2 h0 Wherein the round function represents rounding of the slice.
It can be verified that if b is 2 kx-u+2d4 Then b'% 2 h0 =2 kx-u+2d4+2(v-u+d4) =2 kx-3u+4d4+2v And round (b'/2) h0 )%2 h0 0 is approximately distributed; if b is 2 kx-u+2d4+h0 Then b'% 2 h0 0 and round (b'/2) h0 )%2 h0 ≈2 kx-3u+4d4+2v . Thus b ≈ 2 kx-3u+4d4+2v 。
Case four: x is an integer.
In this case, the sign of a may be positive or negative. If d1> -0, x can be recovered exactly from the slice of x. If d1<0, x cannot be recovered exactly from the slice of x, only the sign of a is supported as positive.
Case four is similar to case three, except that the sign is added, and if the sign of a is positive, then the sign does not need to be processed.
In one example, the current-side fragment is a fragment of the private data multiplied by n to the power of d1 in the initial modular space, the result fragment is a fragment of the power operation result multiplied by n to the power of d2 in the target modular space, the private data are integers, the absolute value of the public data is expressed in the form of n to the power of k, the minimum value of the target product of k and the private data is u, the maximum value thereof is v, u and v are both integers, the supported precision of the target product is d3 bits after a decimal point, and the modular value of the target modular space is n to the power of t 2;
the locally computing a first data slice of first intermediate data in a first mode space includes:
locally computing a first data slice of the first intermediate data in the first mode space based on the product of the current slice and k divided by the power of d1 of n, multiplied by the power of d 3' of n, rounded and rounded; the first intermediate data is the result of the target product minus u multiplied by n raised to the power of d 3'; the first modulus is h0 multiplied by n to the power of d3 ', h0 is determined from d2, u, v, d 2' and t2, d3 'is greater than d3, and d 2' is greater than d 2.
For example, a x Base 2 conversion exponent sign (a) x ×2 kx 。a=sign(a)×2 k . And z is kx. z is in the range [ u, v ]]. Secure calculation of c ═ kx-u x 2 for both the first party and the second party d3′ One slice of modulo h1 is obtained for each c. Wherein the first party calculates<c> 0 =round((k<x> 0 /2 d1 )×2 d3′ ) % h1, second party calculation<c> 1 =round((k<x> 1 /2 d1 -u)×2 d3′ ) % h1, i.e. having c ═ kx-u.times.2 d3′ The value range is [0, (v-u) × 2 d3′ ]And c is a non-negative number. And has a<c> 0 +<c> 1 )/2 d3′ =c/2 d3′ Or (c + h1)/2 d3′ K x-u or k x-u + h 0.
It will be appreciated that c is the first intermediate data and h1 is the first modulus. H 1-h 0 × 2 d3′ . If k is a small number or d3 '-d 1<0, some error is introduced, and the value of d 3' can be increased slightly to reduce the effect.
In one example, the current-side shard is a shard of the private data multiplied by a power of d1 of n in the initial modular space, the result shard is a shard of the power operation result multiplied by a power of d2 of n in the target modular space, the private data are integers, the absolute value of the public data is expressed in a form of n to the power of k, the minimum value of a target product of k and the private data is u, the maximum value thereof is v, u and v are both integers, and u is greater than or equal to 0, the supported precision of the target product is d3 bits after the decimal point, and the modular value of the target modular space is a power of t2 of n;
the locally computing a first data slice of first intermediate data in a first mode space includes:
locally computing a first data slice of the first intermediate data in the first mode space based on the product of the current slice and k divided by the power of d1 of n, multiplied by the power of d 3' of n, rounded and rounded; the first intermediate data is the result of the target product multiplied by n raised to the power of d 3'; the first modulus is h0 multiplied by n to the power of d3 ', h0 is determined from d2, u, v, d 2' and t2, d3 'is greater than d3, and d 2' is greater than d 2.
For example, if u>When c is 0, (kx-u) x 2 d3′ Alternatively, c ═ kx × 2 d3′ And c is a non-negative number.
Further, the constructing a first multiplier in a second mode space comprises:
if the public data is positive numbers, determining that the first base number is 1, and if the public data is negative numbers, determining that the first base number is-1;
dividing the current piece by d1 power of n, and rounding down to determine a first power value;
performing power operation by taking the first base number as the base and the first power value as an exponent to obtain a first product term;
dividing the current slice by the power of d 3' of n, and adding d4 to determine a second power value; wherein d4 is determined according to d2, v, d 2';
taking n as a base and the second power value as an exponent, performing power operation, and rounding to obtain a second product term;
calculating the first product term multiplied by the second product term to obtain a first multiplier in a second mode space; the second modulus corresponding to the second modulus space is a local power operation result with n as a base and 2 times of h0 as an exponent.
For example, the first party calculates
Making the number of significant digits not exceed v-u + d4, and if the number of significant digits exceeds v-u + d4, rounding off the redundant mantissas and removing the redundant mantissas; second party calculation
And the number of significant digits does not exceed v-u + d4, and if the number of significant digits exceeds v-u + d4, the redundant mantissas are rounded off and discarded.
It will be appreciated that w0 is the first multiplier and w1 is the second multiplier, 2 h2 Is the second modulus. Wherein, h2 is 2h 0.
In the embodiment of the present specification, the secure multiplication operation in step 33 is a simple sum of the secure calculations b ═ w0
If d1 is not less than 0, (1)<x> 0 +<x> 1 )/2 d1 Parity of x is the same as that of x, having
Therefore, the temperature of the molten metal is controlled,
it will be appreciated that b is the multiplication result. The first party gets the first slice of the multiplication result, which is marked as<b> 0 (ii) a The second party gets the second slice of the multiplication result, which is recorded as<b> 1 。
It will be appreciated that the result y requires a scaling of 2 d2 Splitting the fragments after doubling, and storing v + d2 bits at most in the fragment as a result y; to ensure the accuracy of y, the multiplier needs to be amplified. Due to the fact that
Has a minimum value of 1, and an amplification of 2 d4 =2 d2+(v+d2′) The requirement may be satisfied, where i ═ 0 or 1.
Further, the converting the first partition of the multiplication result into a first result partition of the exponentiation result in the target mode space comprises:
taking the multiplication result as n-system data, and multiplying the first fragment of the multiplication result by an amplification item to obtain a first fragment of a second intermediate result; the amplification item is a local power operation result taking n as a base and 2(v-u + d4) as an exponent; wherein d4 is determined according to d2, v, d 2';
extracting, for a first slice of the second intermediate result, a first fractional value of the lower h0 bits whose there are non-0 bits or a second fractional value of the upper h0 bits whose there are non-0 bits to determine a first slice of a third intermediate result of a third modulo space; the third modulus corresponding to the third modulus space is h0 power of 2;
and multiplying the first fragment of the third intermediate result by the d2+3u-4d4-2v power of n, and rounding to obtain the first result fragment of the power operation result in the target mode space.
For example, the multiplication result b has two values, i.e., b ═ sign (a) x 2 kx-u+2d4 Or sign (a) x 2 kx-u+2d4+h0 If necessary, b' is b × 2 2(v-u+d4) . b' is the second intermediate result. One piece with b' held by the first party<b′> 0 The second party holds another slice of b<b′> 1 . Significant numbers of b' have at most the 2(v-u + d4) -1 positions and are located in the low h0 or high h0 positions. Here, h0 > max (kx-u +2d4) +2(v-u + d4) ═ 3v-3u +4d4 is required. B ═ sign (a) is obtained according to b') x 2 kx-3u+4d4+2v . b "is the third intermediate result. One piece of b' held by the first party<b″> 0 The second party holds another slice of b ″<b″> 1 . The first party calculates a first result patch<y> 0 =round(<b″> 0 ×2 d2+3u-4d4-2v )%2 t2 The second party computing a second result patch<y> 1 =round(<b″> 1 ×2 d2+3u-4d4-2v )%2 t2 . Here it is claimed that h0+ d2+3u-4d4-2v ≧ t2, i.e. h0 ≧ t2- (d2+3u-4d4-2v) ═ t2+4d4+2v-d2-3 u. Another h 0-t 2- (d2+3u-4d4-2v) may satisfy the requirement, wherein, according to the previous analysis, another d 4-d 2+ (v + d2 '), another h 0-t 2- (d2+3u-4d4-2v) ═ t2-d2-3u +2v +4d2+4v +4d2 ═ t2-3u +6v +3d2+4d 2'.
Wherein b' can be made approximately equal to sign (a) by an approximation algorithm x 2 kx-3u+4d4+2v 。
Further, the determining a first slice of a third intermediate result of a third mode space comprises:
considering the multiplication result as n-ary data, extracting a first segmented value of h0 bits lower than the first segmented value and extracting a second segmented value of h0 bits higher than the first segmented value for the first segment of the second intermediate result;
the first fractional value and the second fractional value are summed to obtain a first fractional of a third intermediate result of the third modulo space.
For example, the two-party secure computation b ″ ═ b '+ round (b'/2) h0 )%2 h0 Wherein the round function represents rounding of the slice.
It can be verified that if b ═ sign (a) x 2 kx-u+2d4 Then b'% 2 h0 =sign(a) x 2 kx-u+2d4+2(v-u+d4) =sign(a) x 2 kx-3u+4d4+2v And round (b'/2) h0 )%2 h0 0 is approximately distributed; if b is sign (a) x 2 kx-u+2d4+h0 Then b'% 2 h0 0 and round (b'/2) h0 )%2 h0 ≈sign(a) x 2 kx-3u+4d4+2v . Thus b ≈ sign (a) x 2 kx-3u+4d4+2v 。
According to the method provided by the embodiment of the specification, the private data are distributed to a first party and a second party in an initial module space in a shared mode, the method is used for obtaining result fragments of a power operation result taking public data as a base number and taking the private data as an exponent in a target module space, and first, the first party locally calculates a first data fragment of first intermediate data in the first module space at least based on the local fragment of the private data; the first intermediate data is a non-negative value, and a first modulus corresponding to the first modulus space is determined according to the modulus value of the target modulus space; a second data slice of the first intermediate data in a first modulus space is held by the second party; then constructing a first multiplier in a second mode space according to local power operation taking the first data fragment as an exponent; a second modulus corresponding to the second mode space is determined based on the first modulus; then, according to the first multiplier provided by the first party and the second multiplier provided by the second party, carrying out safe multiplication operation to obtain a first fragment of a multiplication result; the second party obtains a second fragment of the multiplication result; wherein the second multiplier is constructed by the second party from a second data slice it holds; the multiplication result has two values; finally, the first fragment of the multiplication result is converted into a first result fragment of the power operation result in the target mode space; the second party obtains a corresponding second result fragment. As can be seen from the above, in the embodiments of the present specification, by constructing a multiplier, converting a secure exponentiation operation into a secure multiplication operation, and extracting an exponentiation result from a multiplication result of the secure multiplication operation, the secure exponentiation operation can be implemented, and the secure exponentiation operation has low traffic and good performance.
According to an embodiment of another aspect, there is also provided a secure processing apparatus for private data, the apparatus is configured to perform the method provided in the embodiment shown in fig. 3 in this specification, the private data is distributed in a shared manner between a first party and a second party in an initial modular space, the apparatus is configured to obtain a result fragment of a power operation result with public data as a base and with the private data as an exponent in a target modular space, and the apparatus is disposed at the first party. Fig. 4 shows a schematic block diagram of a secure processing device of private data according to one embodiment. As shown in fig. 4, the system 400 includes:
a local computing unit 41, configured to locally compute, based on at least the local segment of the private data, a first data segment of the first intermediate data in the first model space; the first intermediate data is a non-negative value, and a first modulus corresponding to the first modulus space is determined according to the modulus value of the target modulus space; a second data slice of the first intermediate data in a first modulus space is held by the second party;
a multiplier constructing unit 42, configured to construct a first multiplier in a second mode space according to a local power operation taking the first data slice obtained by the local calculating unit 41 as an exponent; a second modulus corresponding to the second mode space is determined based on the first modulus;
a secure multiplication unit 43, configured to perform secure multiplication according to the first multiplier obtained by the multiplier construction unit 42 provided by the present party and the second multiplier provided by the second party, so as to obtain a first slice of a multiplication result; the second party obtains a second fragment of the multiplication result; wherein the second multiplier is constructed by the second party from a second data slice it holds; the multiplication result has two values;
a result conversion unit 44, configured to convert the first slice of the multiplication result obtained by the secure multiplication unit 43 into a first result slice of the exponentiation result in the target mode space; the second party obtains a corresponding second result fragment.
Optionally, as an embodiment, the present-side fragment is a fragment of the private data multiplied by n to the power of d1 in the initial modular space, the result fragment is a fragment of the power operation result multiplied by n to the power of d2 in the target modular space, an absolute value of the public data is expressed in the form of n to the power of k, k and the private data are integers, a minimum value of k and a target product of the private data is u, u is an integer, and a modular value of the target modular space is n to the power of t 2;
the local calculating unit 41 is specifically configured to locally calculate a first data slice of the first intermediate data in the first mode space based on the product of the current slice and k divided by the d1 th power of n, and then rounding down; the first intermediate data is the result of the target product minus u; the first modulus is 0 and the larger of-d 2-u plus t 2.
Optionally, as an embodiment, the present-side fragment is a fragment of the private data multiplied by d1 th power of n in the initial modular space, the result fragment is a fragment of the power operation result multiplied by d2 th power of n in the target modular space, an absolute value of the public data is expressed in k-th power form of n, k and the private data are integers, a minimum value of a target product of k and the private data is u, u is an integer and u is greater than or equal to 0, and a modular value of the target modular space is t2 th power of n;
the local calculating unit 41 is specifically configured to locally calculate a first data slice of the first intermediate data in the first mode space based on the product of the current slice and k divided by the d1 th power of n, and then rounding down; the first intermediate data is the result of the target product; the first modulus is 0 and the larger of-d 2 plus t 2.
Further, the multiplier constructing unit 42 includes:
the first determining subunit is used for determining that the first base number is 1 if the public data is a positive number, and determining that the first base number is-1 if the public data is a negative number;
the second determining subunit is used for dividing the current piece by the d1 th power of n, rounding down and determining a first power value;
the first power operation subunit is used for performing power operation by taking the first base number obtained by the first determining subunit as a base and the first power value obtained by the second determining subunit as an exponent to obtain a first product term;
the second power operation subunit is used for performing power operation by taking n as a base and the first data fragment as an exponent to obtain a second product term;
a multiplier subunit, configured to multiply a first product term obtained by the first power operation subunit with a second product term obtained by the second power operation subunit to obtain a first multiplier in a second model space; and the second modulus corresponding to the second modulus space is a local power operation result taking n as a base and taking 2 times of the first modulus as an exponent.
Further, the result conversion unit 44 includes:
a determining subunit, configured to treat the multiplication result as n-ary data, extract, for a first slice of the multiplication result, a first segment value of a first modulus bit whose lower bits are not 0 bits, or extract a second segment value of the first modulus bit whose upper bits are not 0 bits, to determine a first slice of a second intermediate result of a third modulus space;
and the conversion subunit is configured to multiply the first segment of the second intermediate result obtained by the determination subunit by the d2+ u power of n, and then perform rounding to obtain the first result segment of the power operation result in the target mode space.
Further, the determining subunit is specifically configured to:
regarding the multiplication result as n-ary data, extracting a first segmentation value of a first lower modulus digit of the multiplication result for a first segmentation of the multiplication result, and extracting a second segmentation value of a first higher modulus digit of the multiplication result;
the first fractional value and the second fractional value are summed to obtain a first fractional of a second intermediate result of the third modulo space.
Further, the determining subunit is specifically configured to:
regarding the multiplication result as n-system data, and performing a secure comparison operation according to a first fragment of the multiplication result of the local party and a second fragment of the multiplication result of the second party to obtain a comparison result of whether the multiplication result is greater than or equal to a first modulus;
if the comparison result is that the multiplication result is smaller than the first modulus, extracting a first segmentation numerical value of a first modulus digit at the lower position of the first segmentation numerical value aiming at the first segmentation of the multiplication result, and taking the first segmentation numerical value as a first segmentation of a second intermediate result of a third modulus space;
and if the comparison result is that the multiplication result is greater than or equal to the first modulus, extracting a second segmentation numerical value of the first modulus digit of the high order aiming at the first segmentation of the multiplication result, and taking the second segmentation numerical value as a first segmentation of a second intermediate result of the third modulus space.
By the apparatus provided by the embodiment of the present specification, the private data are distributed in the first and second parties in a shared manner in the initial modular space, and the method is used to obtain a result fragment in the target modular space of a power operation result with public data as a base and the private data as an exponent, first, the local computation unit 41 of the first party locally computes a first data fragment of first intermediate data in the first modular space based on at least the local fragment of the private data; the first intermediate data is a non-negative value, and a first modulus corresponding to the first modulus space is determined according to the modulus value of the target modulus space; a second data slice of the first intermediate data in a first modulus space is held by the second party; then, the multiplier constructing unit 42 constructs a first multiplier in a second modular space according to a local power operation taking the first data fragment as an exponent; a second modulus corresponding to the second mode space is determined based on the first modulus; then, the secure multiplication unit 43 performs secure multiplication according to the first multiplier provided by the first party and the second multiplier provided by the second party to obtain a first slice of the multiplication result; the second party obtains a second fragment of the multiplication result; wherein the second multiplier is constructed by the second party from a second data slice it holds; the multiplication result has two values; a final result conversion unit 44 converts the first fragment of the multiplication result into a first result fragment of the exponentiation result in the target mode space; the second party obtains a corresponding second result fragment. As can be seen from the above, in the embodiments of the present specification, by constructing a multiplier, converting a secure exponentiation operation into a secure multiplication operation, and extracting an exponentiation result from a multiplication result of the secure multiplication operation, the secure exponentiation operation can be implemented, and the secure exponentiation operation has low traffic and good performance.
According to an embodiment of another aspect, there is also provided a computer-readable storage medium having stored thereon a computer program which, when executed in a computer, causes the computer to perform the method described in connection with fig. 3.
According to an embodiment of yet another aspect, there is also provided a computing device comprising a memory having stored therein executable code, and a processor that, when executing the executable code, implements the method described in connection with fig. 3.
Those skilled in the art will recognize that, in one or more of the examples described above, the functions described in this invention may be implemented in hardware, software, firmware, or any combination thereof. When implemented in software, the functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium.
The above-mentioned embodiments, objects, technical solutions and advantages of the present invention are further described in detail, it should be understood that the above-mentioned embodiments are only exemplary embodiments of the present invention, and are not intended to limit the scope of the present invention, and any modifications, equivalent substitutions, improvements and the like made on the basis of the technical solutions of the present invention should be included in the scope of the present invention.
Claims (25)
1. A method of secure processing of private data distributed in a shared manner in an initial modular space to a first party and a second party, the method for deriving a result fragment in a target modular space based on public data and exponential on the private data, the method being performed by the first party and comprising:
locally calculating a first data fragment of the first intermediate data in a first mode space at least based on the local fragment of the private data; the first intermediate data is a non-negative value, and a first modulus corresponding to the first modulus space is determined according to the modulus value of the target modulus space; a second data slice of the first intermediate data in a first modulus space is held by the second party;
constructing a first multiplier in a second mode space according to local power operation taking the first data fragment as an exponent; a second modulus corresponding to the second mode space is determined based on the first modulus;
performing safe multiplication operation according to the first multiplier provided by the first party and the second multiplier provided by the second party to obtain a first fragment of a multiplication result; the second party obtains a second fragment of the multiplication result; wherein the second multiplier is constructed by the second party from a second data slice it holds; the multiplication result has two values;
converting the first partition of the multiplication result into a first result partition of the exponentiation result in the target mode space; the second party obtains a corresponding second result fragment.
2. The method of claim 1, wherein the present-party shard is a shard of the private data raised to the power of d1 of n in the initial modular space, the result shard is a shard of the power-operation result raised to the power of d2 of n in the target modular space, absolute values of the public data are expressed in the form of the power of k of n, k and the private data are both integers, a minimum value of the target product of k and the private data is u, u is an integer, and a modular value of the target modular space is the power of t2 of n;
the locally computing a first data slice of first intermediate data in a first mode space includes:
based on the product of the current fragment and k divided by the d1 power of n, and then rounding down, locally calculating a first data fragment of the first intermediate data in the first mode space; the first intermediate data is the result of the target product minus u; the first modulus is 0 and the larger of-d 2-u plus t 2.
3. The method of claim 1, wherein the present-side shard is a shard of the private data to the d1 th power of n in the initial modular space, the result shard is a shard of the exponentiation result to the d2 th power of n in the target modular space, absolute values of the public data are represented in the form of k-th power of n, k and the private data are both integers, a minimum value of a target product of k and the private data is u, u is an integer and u is greater than or equal to 0, and a modular value of the target modular space is t2 th power of n;
the locally computing a first data slice of first intermediate data in a first mode space includes:
based on the product of the current fragment and k divided by the d1 power of n, and then rounding down, locally calculating a first data fragment of the first intermediate data in the first mode space; the first intermediate data is the result of the target product; the first modulus is 0 and the larger of-d 2 plus t 2.
4. The method of claim 2, wherein said constructing a first multiplier in a second mode space comprises:
if the public data is positive numbers, determining that the first base number is 1, and if the public data is negative numbers, determining that the first base number is-1;
dividing the current piece by d1 power of n, and rounding down to determine a first power value;
performing power operation by taking the first base number as the base and the first power value as an exponent to obtain a first product term;
taking n as a base, taking the first data fragment as an exponent, and performing power operation to obtain a second product term;
multiplying the first product term by the second product term to obtain a first multiplier in a second mode space; and the second modulus corresponding to the second modulus space is a local power operation result taking n as a base and taking 2 times of the first modulus as an exponent.
5. The method of claim 2, wherein the converting the first slice of the multiplication result to the first result slice of the exponentiation result in the target mode space comprises:
regarding the multiplication result as n-ary data, extracting a first segment value of a first modulus bit having a lower order than 0 bits for a first segment of the multiplication result or extracting a second segment value of a first modulus bit having an upper order than 0 bits for a second segment of the multiplication result to determine a first segment of a second intermediate result of a third modulus space;
and multiplying the first fragment of the second intermediate result by the d2+ u power of n, and rounding to obtain the first result fragment of the power operation result in the target mode space.
6. The method of claim 5, wherein the determining the first partition of the second intermediate result for the third modal space comprises:
regarding the multiplication result as n-ary data, extracting a first segmentation value of a first lower modulus digit of the multiplication result for a first segmentation of the multiplication result, and extracting a second segmentation value of a first higher modulus digit of the multiplication result;
the first fractional value and the second fractional value are summed to obtain a first fractional of a second intermediate result of the third modulo space.
7. The method of claim 5, wherein the determining the first partition of the second intermediate result for the third modal space comprises:
regarding the multiplication result as n-system data, and performing a secure comparison operation according to a first fragment of the multiplication result of the local party and a second fragment of the multiplication result of the second party to obtain a comparison result of whether the multiplication result is greater than or equal to a first modulus;
if the comparison result is that the multiplication result is smaller than the first modulus, extracting a first segmentation numerical value of a first modulus digit at the lower position of the first segmentation numerical value aiming at the first segmentation of the multiplication result, and taking the first segmentation numerical value as a first segmentation of a second intermediate result of a third modulus space;
and if the comparison result is that the multiplication result is greater than or equal to the first modulus, extracting a second segmentation numerical value of the first modulus digit of the high order aiming at the first segmentation of the multiplication result, and taking the second segmentation numerical value as a first segmentation of a second intermediate result of the third modulus space.
8. The method of claim 1, wherein the current-side shard is a shard of the private data raised to the power of d1 of n in the initial modular space, the result shard is a shard of the exponentiation result raised to the power of d2 of n in the target modular space, the public data and the private data are both integers, the minimum value of the private data is u', and the modular value of the target modular space is to the power of t2 of n;
the locally computing a first data slice of first intermediate data in a first mode space includes:
dividing the current fragment by d1 power of n, rounding down, and locally calculating a first data fragment of the first intermediate data in the first mode space; first intermediate data is the privacy data minus u'; the first modulus is determined from the d2 power of n, the absolute value of the public data, and the t2 power of n.
9. The method of claim 1, wherein the present-party shard is a shard of the private data multiplied by n raised to the power of d1 in the initial model space, the public data and the private data are both integers, the private data has a minimum value of u 'and u' is greater than or equal to 0;
the locally computing a first data slice of first intermediate data in a first mode space includes:
dividing the current fragment by d1 power of n, rounding down, and locally calculating a first data fragment of the first intermediate data in the first mode space; the first intermediate data is the private data.
10. The method of claim 8, wherein said constructing a first multiplier in a second mode space comprises:
if the public data is positive numbers, determining that the first base number is 1, and if the public data is negative numbers, determining that the first base number is-1;
dividing the current piece by d1 power of n, and rounding down to determine a first power value;
performing power operation by taking the first base number as the base and the first power value as an exponent to obtain a first product term;
taking the absolute value of the public data as a base, taking the first data fragment as an exponent, and performing power operation to obtain a second product term;
multiplying the first product term by the second product term to obtain a first multiplier in a second mode space; the second modulus corresponding to the second modulus space is a local power operation result with the absolute value of the public data as the bottom and 2 times of the first modulus as the exponent.
11. The method of claim 8, wherein the converting the first slice of the multiplication result to the first result slice of the exponentiation result in the target mode space comprises:
regarding the multiplication result as data in an absolute value system of the public data, extracting, for a first slice of the multiplication result, a first segment value of a first modulus bit whose lower bits are not 0 bits or a second segment value of a first modulus bit whose upper bits are not 0 bits to determine a first slice of a second intermediate result of a third modulus space; a third modulus corresponding to the third modulus space is a local power operation result taking the absolute value of the public data as a base and the first modulus as an exponent;
multiplying the first slice of the second intermediate result by the u' th power of the absolute value of the public data, and then multiplying by a scaling term to obtain a first slice of a third intermediate result in a third model space; the scaling item is a numerical value obtained by multiplying the d2 power of n by the t2 power of n divided by the third modulus and then rounding off and rounding up;
and multiplying the first fragment of the third intermediate result by the t2 power of n and dividing the multiplied fragment by a third modulus, and then rounding to obtain the first result fragment of the power operation result in the target mode space.
12. The method of claim 11, wherein the determining a first slice of a second intermediate result of a third mode space comprises:
regarding the multiplication result as data of an absolute value scale of the public data, extracting, for a first slice of the multiplication result, a first segment value of a first modulus bit of lower bits thereof, and extracting a second segment value of a first modulus bit of upper bits thereof;
the first fractional value and the second fractional value are summed to obtain a first fractional of a second intermediate result of the third modulo space.
13. The method of claim 11, wherein the determining a first slice of a second intermediate result of a third mode space comprises:
taking the multiplication result as the data of the absolute value system of the public data, and carrying out safety comparison operation according to the first fragment of the multiplication result of the party and the second fragment of the multiplication result of the second party to obtain a comparison result of whether the multiplication result is greater than or equal to a first modulus;
if the comparison result is that the multiplication result is smaller than the first modulus, extracting a first segmentation numerical value of a first modulus digit at the lower position of the first segmentation numerical value aiming at the first segmentation of the multiplication result, and taking the first segmentation numerical value as a first segmentation of a second intermediate result of a third modulus space;
and if the comparison result is that the multiplication result is greater than or equal to the first modulus, extracting a second segmentation numerical value of the first modulus digit of the high order aiming at the first segmentation of the multiplication result, and taking the second segmentation numerical value as a first segmentation of a second intermediate result of the third modulus space.
14. The method of claim 1, wherein the current-side shard is a shard of the private data in the initial modular space raised to a power of d1 of n, the result shard is a shard of the power operation result raised to a power of d2 of n in the target modular space, the private data are not integers, the public data are represented in the form of a power of k of n, the minimum value of the target product of k and the private data is u, the maximum value is v, u and v are integers, the supported precision of the target product is d3 bits after a decimal point, and the modulus value of the target modular space is t2 of n;
the locally computing a first data slice of first intermediate data in a first mode space includes:
locally computing a first data slice of the first intermediate data in the first mode space based on the product of the current slice and k divided by the power of d1 of n, multiplied by the power of d 3' of n, rounded and rounded; the first intermediate data is the result of the target product minus u multiplied by n raised to the power of d 3'; the first modulus is h0 multiplied by n to the power of d3 ', h0 is determined from d2, u, v, d 2' and t2, d3 'is greater than d3, and d 2' is greater than d 2.
15. The method of claim 1, wherein the present-side shard is a shard of the private data in the initial modular space raised to the power d1 of n, the result shard is a shard of the power operation result raised to the power d2 of n in the target modular space, the private data are not integers, the public data are represented in the form of the power k of n, the minimum value of the target product of k and the private data is u, the maximum value is v, both u and v are integers and u is greater than or equal to 0, the supported precision of the target product is d3 bits after the decimal point, and the target modular space has a modular value of n raised to the power t 2;
the locally computing a first data slice of first intermediate data in a first mode space includes:
locally computing a first data slice of the first intermediate data in the first mode space based on the product of the current slice and k divided by the power of d1 of n, multiplied by the power of d 3' of n, rounded and rounded; the first intermediate data is the result of the target product multiplied by n raised to the power of d 3'; the first modulus is h0 multiplied by n to the power of d3 ', h0 is determined from d2, u, v, d 2' and t2, d3 'is greater than d3, and d 2' is greater than d 2.
16. The method of claim 14, wherein the constructing a first multiplier in a second mode space comprises:
dividing the current slice by the power of d 3' of n, and adding d4 to determine a first power value; wherein d4 is determined according to d2, v, d 2';
taking n as a base and the first power value as an exponent, performing power operation, and rounding to obtain a first multiplier in a second mode space; the second modulus corresponding to the second modulus space is a local power operation result with n as a base and 2 times of h0 as an exponent.
17. The method of claim 14, wherein the converting the first slice of the multiplication result to the first result slice of the exponentiation result in the target mode space comprises:
taking the multiplication result as n-system data, and multiplying the first fragment of the multiplication result by an amplification item to obtain a first fragment of a second intermediate result; the amplification item is a local power operation result taking n as a base and 2(v-u + d4) as an exponent; wherein d4 is determined according to d2, v, d 2';
extracting, for a first slice of the second intermediate result, a first fractional value of the lower h0 bits whose there are non-0 bits or a second fractional value of the upper h0 bits whose there are non-0 bits to determine a first slice of a third intermediate result of a third modulo space; the third modulus corresponding to the third modulus space is h0 power of 2;
and multiplying the first fragment of the third intermediate result by the d2+3u-4d4-2v power of n, and rounding to obtain the first result fragment of the power operation result in the target mode space.
18. The method of claim 17, wherein the determining a first slice of a third intermediate result of a third mode space comprises:
considering the multiplication result as n-ary data, extracting a first segmented value of h0 bits lower than the first segmented value and extracting a second segmented value of h0 bits higher than the first segmented value for the first segment of the second intermediate result;
the first fractional value and the second fractional value are summed to obtain a first fractional of a third intermediate result of the third modulo space.
19. The method of claim 1, wherein the current-side shard is a shard of the private data in the initial modular space raised to the power d1 of n, the result shard is a shard of the power operation result raised to the power d2 of n in the target modular space, the private data are integers, the absolute value of the public data is expressed in the form of the power k of n, the minimum value of the target product of k and the private data is u, the maximum value is v, u and v are integers, the supported precision of the target product is d3 bits after the decimal point, and the modular value of the target modular space is the power t2 of n;
the locally computing a first data slice of first intermediate data in a first mode space includes:
locally computing a first data slice of the first intermediate data in the first mode space based on the product of the current slice and k divided by the power of d1 of n, multiplied by the power of d 3' of n, rounded and rounded; the first intermediate data is the result of the target product minus u multiplied by n raised to the power of d 3'; the first modulus is h0 multiplied by n to the power of d3 ', h0 is determined from d2, u, v, d 2' and t2, d3 'is greater than d3, and d 2' is greater than d 2.
20. The method of claim 1, wherein the present-side shard is a shard of the private data to the power of d1 of n in the initial modular space, the result shard is a shard of the power operation result to the power of d2 of n in the target modular space, the private data are integers, the absolute value of the public data is expressed in the form of the power of k of n, the minimum value of the target product of k and the private data is u, the maximum value of which is v, u and v are both integers, and u is greater than or equal to 0, the supported precision of the target product is d3 bits after the decimal point, and the modular value of the target modular space is the power of t2 of n;
the locally computing a first data slice of first intermediate data in a first mode space includes:
locally computing a first data slice of the first intermediate data in the first mode space based on the product of the current slice and k divided by the power of d1 of n, multiplied by the power of d 3' of n, rounded and rounded; the first intermediate data is the result of the target product multiplied by n raised to the power of d 3'; the first modulus is h0 multiplied by n to the power of d3 ', h0 is determined from d2, u, v, d 2' and t2, d3 'is greater than d3, and d 2' is greater than d 2.
21. The method of claim 19, wherein said constructing a first multiplier in a second mode space comprises:
if the public data is positive numbers, determining that the first base number is 1, and if the public data is negative numbers, determining that the first base number is-1;
dividing the current piece by d1 power of n, and rounding down to determine a first power value;
performing power operation by taking the first base number as the base and the first power value as an exponent to obtain a first product term;
dividing the current slice by the power of d 3' of n, and adding d4 to determine a second power value; wherein d4 is determined according to d2, v, d 2';
taking n as a base and the second power value as an exponent, performing power operation, and rounding to obtain a second product term;
calculating the first product term multiplied by the second product term to obtain a first multiplier in a second mode space; the second modulus corresponding to the second modulus space is a local power operation result with n as a base and 2 times of h0 as an exponent.
22. The method of claim 19, wherein the converting the first slice of the multiplication result to the first result slice of the exponentiation result in the target mode space comprises:
taking the multiplication result as n-system data, and multiplying the first fragment of the multiplication result by an amplification item to obtain a first fragment of a second intermediate result; the amplification item is a local power operation result taking n as a base and 2(v-u + d4) as an exponent; wherein d4 is determined according to d2, v, d 2';
extracting, for a first slice of the second intermediate result, a first fractional value of the lower h0 bits whose there are non-0 bits or a second fractional value of the upper h0 bits whose there are non-0 bits to determine a first slice of a third intermediate result of a third modulo space; the third modulus corresponding to the third modulus space is h0 power of 2;
and multiplying the first fragment of the third intermediate result by the d2+3u-4d4-2v power of n, and rounding to obtain the first result fragment of the power operation result in the target mode space.
23. An apparatus for secure processing of private data distributed in a shared manner in an initial modular space between a first party and a second party, the apparatus being configured to derive a result fragment of a power operation result based on public data and exponential on the private data in a target modular space, the apparatus being configured for the first party, comprising:
the local computing unit is used for locally computing a first data fragment of the first intermediate data in the first mode space at least based on the local fragment of the private data; the first intermediate data is a non-negative value, and a first modulus corresponding to the first modulus space is determined according to the modulus value of the target modulus space; a second data slice of the first intermediate data in a first modulus space is held by the second party;
the multiplier constructing unit is used for constructing a first multiplier in a second mode space according to local power operation taking the first data fragment obtained by the local computing unit as an exponent; a second modulus corresponding to the second mode space is determined based on the first modulus;
the safety multiplication unit is used for carrying out safety multiplication operation according to a first multiplier obtained by the multiplier construction unit provided by the self and a second multiplier provided by a second party to obtain a first fragment of a multiplication result; the second party obtains a second fragment of the multiplication result; wherein the second multiplier is constructed by the second party from a second data slice it holds; the multiplication result has two values;
a result conversion unit, configured to convert the first segment of the multiplication result obtained by the secure multiplication unit into a first result segment of the exponentiation result in the target mode space; the second party obtains a corresponding second result fragment.
24. A computer-readable storage medium, having stored thereon a computer program which, when executed in a computer, causes the computer to perform the method of any of claims 1-22.
25. A computing device comprising a memory having stored therein executable code and a processor that, when executing the executable code, implements the method of any of claims 1-22.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210762917.XA CN115114662A (en) | 2022-06-30 | 2022-06-30 | Secure processing method and device for private data |
| PCT/CN2022/135284 WO2024001023A1 (en) | 2022-06-30 | 2022-11-30 | Method and apparatus for secure processing of private data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210762917.XA CN115114662A (en) | 2022-06-30 | 2022-06-30 | Secure processing method and device for private data |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115114662A true CN115114662A (en) | 2022-09-27 |
Family
ID=83330393
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210762917.XA Pending CN115114662A (en) | 2022-06-30 | 2022-06-30 | Secure processing method and device for private data |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN115114662A (en) |
| WO (1) | WO2024001023A1 (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116244753A (en) * | 2023-05-12 | 2023-06-09 | 建信金融科技有限责任公司 | Method, device, equipment and storage medium for intersection of private data |
| WO2024001023A1 (en) * | 2022-06-30 | 2024-01-04 | 蚂蚁区块链科技(上海)有限公司 | Method and apparatus for secure processing of private data |
| CN117724854A (en) * | 2024-02-08 | 2024-03-19 | 腾讯科技(深圳)有限公司 | Data processing method, device, equipment and readable storage medium |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2013085487A1 (en) * | 2011-12-05 | 2013-06-13 | Intel Corporation | Efficient multiplication, exponentiation and modular reduction implementations |
| CN109521994B (en) * | 2017-09-19 | 2020-11-10 | 华为技术有限公司 | Multiplication hardware circuit, system on chip and electronic equipment |
| CN111737767B (en) * | 2020-07-31 | 2020-11-17 | 支付宝(杭州)信息技术有限公司 | Method and device for performing secure operation on private data |
| CN112506469B (en) * | 2021-02-05 | 2021-04-27 | 支付宝(杭州)信息技术有限公司 | Method and device for processing private data |
| CN113688426A (en) * | 2021-09-14 | 2021-11-23 | 支付宝(杭州)信息技术有限公司 | Method, device and system for performing form conversion aiming at private data fragmentation |
| CN115114662A (en) * | 2022-06-30 | 2022-09-27 | 蚂蚁区块链科技(上海)有限公司 | Secure processing method and device for private data |
-
2022
- 2022-06-30 CN CN202210762917.XA patent/CN115114662A/en active Pending
- 2022-11-30 WO PCT/CN2022/135284 patent/WO2024001023A1/en unknown
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2024001023A1 (en) * | 2022-06-30 | 2024-01-04 | 蚂蚁区块链科技(上海)有限公司 | Method and apparatus for secure processing of private data |
| CN116244753A (en) * | 2023-05-12 | 2023-06-09 | 建信金融科技有限责任公司 | Method, device, equipment and storage medium for intersection of private data |
| CN116244753B (en) * | 2023-05-12 | 2023-08-15 | 建信金融科技有限责任公司 | Method, device, equipment and storage medium for intersection of private data |
| CN117724854A (en) * | 2024-02-08 | 2024-03-19 | 腾讯科技(深圳)有限公司 | Data processing method, device, equipment and readable storage medium |
| CN117724854B (en) * | 2024-02-08 | 2024-05-24 | 腾讯科技(深圳)有限公司 | Data processing method, device, equipment and readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2024001023A1 (en) | 2024-01-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN115114662A (en) | Secure processing method and device for private data | |
| JP3014391B2 (en) | Cryptography and cryptographic processor for implementing the method | |
| US10749671B2 (en) | Secure computation system, server apparatus, secure computation method, and program | |
| CN112765616A (en) | Multi-party security calculation method and device, electronic equipment and storage medium | |
| CN111857649B (en) | Fixed point number coding and operation system for privacy protection machine learning | |
| CN115080615A (en) | Data query method and device based on multi-party security calculation | |
| CN111737757B (en) | Method and device for performing secure operation on private data | |
| CN111737767B (en) | Method and device for performing secure operation on private data | |
| CN111523556B (en) | Model training method, device and system | |
| WO2022156159A1 (en) | Method and device for adjusting model parameters, and storage medium and program product | |
| CN115906137A (en) | Data processing method and device for multi-party secure computing | |
| CN111026359A (en) | Method and device for judging numerical range of private data in multi-party combination manner | |
| CN115906126A (en) | Data processing method and device in multi-party security computing | |
| CN113722734A (en) | Method, device and system for determining selection result fragmentation by two-party security selection | |
| CN115001674A (en) | Execution method of sharing OT protocol, secure multi-party computing method and device | |
| CN111523674B (en) | Model training method, device and system | |
| Liu et al. | Differentially Private Coded Computing | |
| CN114880693B (en) | Method and device for generating activation function, electronic equipment and readable medium | |
| CN115766009A (en) | Method and device for power-of-2 inversion in multi-party security computation | |
| CN112183759A (en) | Model training method, device and system | |
| CN112381163B (en) | User clustering method, device and equipment | |
| US8666076B2 (en) | Method of elliptic curve cryptography using EW-MOF on scalar multiplication | |
| CN114721623A (en) | Multi-party secure division | |
| Selianinau | Efficient implementation of Chinese remainder theorem in minimally redundant residue number system | |
| CN108075889B (en) | Data transmission method and system for reducing complexity of encryption and decryption operation time |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |