CN115225367A - Data processing method, device, computer equipment, storage medium and product - Google Patents
Data processing method, device, computer equipment, storage medium and product Download PDFInfo
- Publication number
- CN115225367A CN115225367A CN202210835257.3A CN202210835257A CN115225367A CN 115225367 A CN115225367 A CN 115225367A CN 202210835257 A CN202210835257 A CN 202210835257A CN 115225367 A CN115225367 A CN 115225367A
- Authority
- CN
- China
- Prior art keywords
- data
- index
- candidate
- encryption
- character string
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/901—Indexing; Data structures therefor; Storage structures
Abstract
The embodiment of the application discloses a data processing method, a data processing device, computer equipment, a storage medium and a product, wherein an index, a first character string used for encryption and a negation character string of the first character string are obtained through the embodiment of the application; performing AND calculation on the index to obtain first index hidden data; performing AND calculation on the inverted index to obtain second index hidden data; performing data encryption on the first index hidden data through the first character string to obtain first encrypted index data, and performing data encryption on the second index hidden data through the negation character string to obtain second encrypted index data; sending the first encryption index data and the second encryption index data to a second data end so that the second data end can predict a second character string conveniently, and encrypting each piece of data to obtain candidate encryption data; and receiving the encrypted candidate data, decrypting the encrypted candidate data according to the first character string to obtain target data corresponding to the index, and improving the data processing efficiency.
Description
Technical Field
The present application relates to the field of communications technologies, and in particular, to a data processing method, apparatus, computer device, storage medium, and product, where the storage medium is a computer-readable storage medium, and the product is a computer program product.
Background
With the development of computer technology and increasing importance on data security, it is a current problem how to perform data interaction on the premise of ensuring data security, and it is assumed that an a-party needs to obtain k pieces of data from n pieces of data of a B-party and does not let the B-party know which k pieces of data it specifically obtains, which can be generally achieved by inadvertent transmission (OT). However, when k is larger, the amount of data transmitted by the party a is larger, and the amount of data required to be processed by the party B is larger, so that the data processing time is longer, more computer resources are occupied, and the data processing efficiency is low.
Disclosure of Invention
The embodiment of the application provides a data processing method, a data processing device, computer equipment, a storage medium and a product, the index can be hidden by performing data and calculation on the index, so that a second data end cannot acquire the index of a first data end, the second data end predicts a second character string of each candidate data for data encryption according to the first encrypted index data and the second encrypted index data, the candidate encrypted data is obtained by encrypting the candidate data based on the second character string, when the candidate data is target data corresponding to the index, the second character string predicted by the second data end is the same as the first character string, the first data end can decrypt the candidate encrypted data sent by the second data end according to the first character string to obtain the target data corresponding to the index, and the first data end only needs to send the first encrypted index data and the second encrypted index data, so that the required target data can be obtained from the second data end without revealing index information.
The data processing method provided by the embodiment of the application comprises the following steps:
acquiring indexes of a plurality of pieces of data which need to be received from a second data end at the second data end, a first character string used for encrypting the plurality of pieces of data and an inverted character string of the first character string;
performing AND calculation on the index to obtain first index hidden data;
performing AND calculation on the inverted index to obtain second index hidden data, wherein the inverted index is obtained by performing logic inversion processing on the index;
performing data encryption on the first index hidden data through the first character string to obtain first encrypted index data, and performing data encryption on the second index hidden data through the negation character string to obtain second encrypted index data;
sending the first encryption index data and the second encryption index data to a second data end, so that the second data end can predict a second character string used for encrypting each candidate data in the second data end according to the first encryption index data and the second encryption index data, and encrypt each data according to the second character string to obtain candidate encryption data;
and receiving the encrypted candidate data, and decrypting the encrypted candidate data according to the first character string to obtain target data corresponding to the index.
Correspondingly, another data processing method provided in the embodiments of the present application includes:
receiving first encryption index data and second encryption index data sent by a first data end;
respectively performing AND calculation on the negation index corresponding to each candidate data in the second data end and the first encryption index data to obtain first decryption data corresponding to the candidate data, wherein the negation index is obtained by performing logic negation processing on the index;
respectively carrying out AND calculation on the index corresponding to each candidate data and the second encrypted index data to obtain second decrypted data corresponding to each candidate data;
performing data calculation on the first decrypted data and the second decrypted data corresponding to each candidate data to obtain a second character string for performing data encryption on each candidate data;
performing XOR calculation on each candidate data and the corresponding second character string to obtain encrypted candidate data of each candidate data;
and sending the encrypted candidate data to the first data end so that the first data end can decrypt the encrypted candidate data based on the first character string to obtain target data.
Correspondingly, an embodiment of the present application further provides a data processing apparatus, including:
the device comprises an acquisition unit, a storage unit and a processing unit, wherein the acquisition unit is used for acquiring indexes of a plurality of pieces of data needing to be received from a second data end at the second data end, and a first character string used for encrypting the plurality of pieces of data and an inverted character string of the first character string;
the first calculation unit is used for carrying out AND calculation on the index to obtain first index hidden data;
the second computing unit is used for performing AND computation on the inverted index to obtain second index hidden data, wherein the inverted index is obtained by performing logic inversion processing on the index;
the encryption unit is used for carrying out data encryption on the first index hidden data through the first character string to obtain first encrypted index data, and carrying out data encryption on the second index hidden data through the negation character string to obtain second encrypted index data;
a sending unit, configured to send the first encryption index data and the second encryption index data to a second data end, so that the second data end predicts a second character string used for encrypting each candidate data in the second data end according to the first encryption index data and the second encryption index data, and encrypts each data according to the second character string to obtain candidate encrypted data;
and the decryption unit is used for receiving the encrypted candidate data and decrypting the encrypted candidate data according to the first character string to obtain target data corresponding to the index.
In one embodiment, the pieces of data are included in a second data set, and the data processing apparatus further includes:
a set acquiring unit, configured to acquire a first data set of the first data end;
a data acquisition unit, configured to acquire query data from the first data set;
a data generating unit configured to generate sample alignment data between the first data set and the second data set according to the target data and the query data.
In one embodiment, the encryption unit includes:
the first or calculation subunit is configured to perform or calculation on the first character string and the first index hidden data to obtain first encrypted index data;
and the second or calculation subunit is used for carrying out or calculation on the negation character string and the second index hidden data to obtain second encryption index data.
In one embodiment, the obtaining unit includes:
a first data acquisition subunit, configured to acquire a first initial character string and key data;
the encryption processing subunit is configured to encrypt the first initial character string through the key data to obtain the first character string;
and the logic negation subunit is used for performing logic negation processing on the first character string to obtain a negation character string of the first character string.
In one embodiment, the obtaining unit includes:
the second data acquisition subunit is configured to receive a second encryption candidate index and set xor data sent by the second data terminal based on a second index set;
the first abstract mapping subunit is configured to perform data abstract mapping on a first candidate index in a first index set of the first data end to obtain first abstract data corresponding to the first candidate index;
the first hiding subunit is configured to perform data hiding processing on the first digest data based on the set exclusive or data to obtain a first encryption candidate index;
a comparing subunit, configured to compare the first encryption candidate index and the second encryption candidate index to determine an index intersection between the first index set and the second index set, and obtain the index from the index intersection.
In one embodiment, the first hidden subunit includes:
the first key acquisition module is used for acquiring a first key of the first data end;
the first key encryption module is used for carrying out key encryption on the first summary data based on the first key to obtain a first initial encryption candidate index;
and the first data encryption module is used for carrying out data encryption calculation on the first summary data based on the set exclusive-or data and the first initial encryption candidate index to obtain a first encryption candidate index.
Correspondingly, another data processing apparatus provided in an embodiment of the present application includes:
the receiving unit is used for receiving first encryption index data and second encryption index data sent by a first data end;
a third calculating unit, configured to perform and calculation on an inverted index corresponding to each candidate data in the second data end and the first encrypted index data, respectively, to obtain first decrypted data corresponding to the candidate data, where the inverted index is obtained by performing logical inversion processing on the index;
the fourth calculation unit is used for respectively and calculating the index corresponding to each candidate data and the second encrypted index data to obtain second decrypted data corresponding to each candidate data;
the data calculation unit is used for performing data calculation on the first decrypted data and the second decrypted data corresponding to each candidate data to obtain a second character string used for performing data encryption on each candidate data;
the exclusive OR calculation unit is used for performing exclusive OR calculation on each piece of candidate data and the corresponding second character string to obtain encrypted candidate data of each piece of candidate data;
and the second sending unit is used for sending the encrypted candidate data to the first data end so that the first data end can decrypt the encrypted candidate data based on the first character string to obtain target data.
In one embodiment, the receiving unit includes:
a set acquisition subunit configured to acquire a second index set regarding the candidate data;
a second digest mapping subunit, configured to perform data digest mapping on a second candidate index in the second index set to obtain second digest data corresponding to the second candidate index;
the set exclusive or calculation subunit is configured to perform exclusive or calculation on the second digest data corresponding to the second candidate index to obtain set exclusive or data of the second index set;
the second hiding subunit is configured to hide each piece of the second digest data and perform data hiding processing based on the set exclusive or data to obtain a second encryption candidate index;
the data sending subunit is configured to send the second encrypted candidate index and the set exclusive or data to the first data end, so that the first data performs index encryption on a first candidate index in a first index set to obtain a first encrypted candidate index, and determine an index intersection between the first index set and the second index set by comparing the first encrypted candidate index and the second encrypted candidate index;
and the index acquisition subunit is configured to receive the first encrypted index data and the second encrypted index data, where the first data end acquires an index from the index intersection and performs index hiding processing on the index.
In one embodiment, the second hidden subunit includes:
the second key acquisition module is used for acquiring a second key of the second data end;
the second key encryption module is used for carrying out key encryption on the second digest data based on the second key to obtain a second initial encryption candidate index;
and the second data encryption module is used for carrying out data encryption calculation on the second initial encryption candidate index based on the set exclusive-OR data to obtain a second encryption candidate index.
In one embodiment, the data calculation unit includes:
the data decryption subunit is used for performing or calculating on the first decrypted data and the second decrypted data to obtain target decrypted data of the candidate data;
the encrypted character string subunit is used for carrying out XOR calculation on the index of the candidate data and the target decryption data to obtain an encrypted second character string;
and the character string decryption subunit is used for decrypting the encrypted second character string based on the key data of the second data end to obtain the second character string.
Correspondingly, the embodiment of the application also provides computer equipment which comprises a memory and a processor; the memory stores a computer program, and the processor is used for operating the computer program in the memory to execute any data processing method provided by the embodiment of the application.
Accordingly, embodiments of the present application further provide a computer-readable storage medium for storing a computer program, where the computer program is loaded by a processor to execute any one of the data processing methods provided in the embodiments of the present application.
Correspondingly, the embodiment of the present application further provides a computer program product, which includes a computer program, and when the computer program is executed by a processor, the computer program implements any one of the data processing methods provided by the embodiment of the present application.
According to the embodiment of the application, the index of a plurality of pieces of data which need to be received from a second data end at the second data end, a first character string used for encrypting the plurality of pieces of data and an inverse character string of the first character string are obtained; performing AND calculation on the index to obtain first index hidden data; performing AND calculation on the inverted index to obtain second index hidden data, wherein the inverted index is obtained by performing logic inversion processing on the index; performing data encryption on the first index hidden data through the first character string to obtain first encrypted index data, and performing data encryption on the second index hidden data through the negation character string to obtain second encrypted index data; sending the first encryption index data and the second encryption index data to a second data terminal so that the second data terminal can predict a second character string used for encrypting each candidate data in the second data terminal according to the first encryption index data and the second encryption index data and encrypt each data according to the second character string to obtain candidate encrypted data; and receiving the encrypted candidate data, and decrypting the encrypted candidate data according to the first character string to obtain target data corresponding to the index.
According to the embodiment of the application, the index can be hidden by performing data and calculation on the index, so that the second data end cannot know the index of the first data end, the second data end predicts the second character string of each candidate data subjected to data encryption according to the first encrypted index data and the second encrypted index data, the candidate encrypted data obtained by encrypting the candidate data based on the second character string is obtained, when the candidate data are the target data corresponding to the index, the second character string predicted by the second data end is the same as the first character string, the first data end can decrypt the candidate encrypted data sent by the second data end according to the first character string to obtain the target data corresponding to the index, the first data end only needs to send the first encrypted index data and the second encrypted index data, the required target data can be obtained from the second data end, and index information is not leaked.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a flowchart of a data processing method provided in an embodiment of the present application;
FIG. 2 is a flow chart of another data processing method provided by an embodiment of the present application;
FIG. 3 is another flow chart of a data processing method provided by an embodiment of the present application;
FIG. 4 is a flowchart of a data processing method provided in an embodiment of the present application;
FIG. 5 is a schematic diagram of a data processing apparatus provided in an embodiment of the present application;
FIG. 6 is a schematic diagram of another data processing apparatus according to an embodiment of the present application;
fig. 7 is a schematic structural diagram of a computer device provided in an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The embodiment of the application provides a data processing method, a data processing device, computer equipment and a computer readable storage medium. The data processing apparatus may be integrated into a computer device, and the computer device may be a server or a terminal.
The terminal may include a mobile phone, a wearable smart device, a tablet Computer, a notebook Computer, a Personal Computer (PC), a vehicle-mounted Computer, and the like.
The server may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server providing basic cloud computing services such as cloud service, a cloud database, cloud computing, a cloud function, cloud storage, network service, cloud communication, middleware service, domain name service, security service, CDN, big data and artificial intelligence platform.
The following are detailed descriptions. It should be noted that the following description of the embodiments is not intended to limit the preferred order of the embodiments.
The present embodiment will be described from the perspective of a data processing apparatus, which may be specifically integrated in a computer device, and the computer device may be a server, or may be a terminal or other devices.
The data processing method provided in the embodiment of the application can be applied to a scenario in which data is obtained from an opposite party on the premise of protecting data of two interactive parties from being leaked, for example, the data processing method can be applied to federal machine Learning (fed machine Learning/fed Learning), which can also be referred to as federal Learning, joint Learning or league Learning. Federal machine learning is a machine learning framework, and can effectively help a plurality of organizations to perform data use and machine learning modeling under the condition of meeting the requirements of user privacy protection, data safety and government regulations. The federated learning is used as a distributed machine learning paradigm, the data island problem can be effectively solved, participators can jointly model on the basis of not sharing data, the data island can be technically broken, and AI cooperation is realized.
Specifically, assuming that the organization a and the organization a cooperate to perform federal learning, the organization a may acquire k pieces of data from the organization B to perform training on the premise that the organization B does not know the specific data acquired by the organization B, so as to prevent the organization a from revealing data owned by itself. For example, if organization a owns data about items a, B, and c in the x-dimension, and organization B owns data about items a, B, c, and d in the y-dimension, and if organization B knows that organization a has acquired data about items a, B, and c in the y-dimension, then organization B may speculate that organization a may later market items a, B, and c, etc., and if organization B does not know the data acquired by organization a, then the data of organization a itself will not be leaked.
In the data processing method provided in the embodiment of the present application, the first data end and the second data end may be different computer devices, for example, the first data end is a terminal a, and the second data end is a server B; or the first data terminal is a terminal A, and the second data terminal is a terminal B. The second data end is provided with a second data set, the second data set comprises n (n is more than or equal to 2) pieces of data, the first data end is to acquire k (k is less than or equal to 2) pieces of data from the data set of the second data end, the first data end does not know the data acquired by the first data end, and meanwhile, the first data end cannot acquire other data except the k pieces of data from the second data end.
Where the and-computation is bitwise and-computation, when the data participating in the and-computation is not a binary string, the data may be converted into a binary string before being computed, and the symbol & may represent and-computation, e.g., a & b represents a and b for and-computation, or the symbol &, a & b = ab,101&011=001 may be omitted.
Or as bits or calculations, symbols & can represent and calculations, e.g., a | b represents a and b,101 | 011=111.
The XOR computation is a bitwise XOR computation, and the symbol ^ can represent the XOR computation, e.g., a ^ b represents a and b XOR computation, 101^011=110.
The logical inversion is a bitwise inversion calculation, and the sign-may represent a logical inversion, e.g. a - Denotes logical inversion of a, 101 - =010。
As shown in fig. 1, the specific flow of the data processing method may be as follows:
101. and acquiring the index of the plurality of pieces of data which need to be received from the second data terminal at the second data terminal, and a first character string used for encrypting the plurality of pieces of data and an inverted character string of the first character string.
The index may be used to include information of the acquisition target data, each index may correspond to a piece of data, for example, the index may be information such as a number and an ID, and the corresponding data may be queried according to the number or the ID, and the data has a corresponding relationship with the number or the ID, for example, the achievement (data) of a student with a school number of 12345 (index).
The first character string may include a string of characters consisting of numbers, letters and underlines, and the negation character string is a character string a obtained by logically negating the first character string a - For example, the first character string is 1011011, and logical negation is performed on the first character string, that is, negation is performed on each bit in the first character string, so as to obtain a negated character string 0100100100.
For example, the second data end has a second data set, and the first data end has an index for querying all or part of data in the second data set. The first data end may obtain an index according to a preset rule, for example, randomly obtain an index of any data from the indexes existing in the first data end, or obtain an index selected by a user in response to a selection operation of the user, or obtain all indexes of the first data end, and obtain a first character string and an inverted character string, where the first character string may be a preset character string or a randomly generated character string.
For example, a first data end and a second data end cooperate with model training, the second data set comprises data of prices, pictures, descriptions, sales volumes, comments and the like of a plurality of commodities, indexes of all or part of the commodities in the second data set, such as commodity IDs, are arranged in the first data end, and the first data end can acquire data of corresponding commodities from the second data end through the commodity IDs so as to increase training data for model training, perform model training according to the acquired commodity data, and improve the training speed of the model. In the process, the second data end cannot acquire the specific data acquired by the first data end.
Suppose that the second data end has n candidate data X = (X) 1 ,X 2 ,X 3 ,…,X n-1 ,X n ) And X corresponds to the index R = (R) 1 ,R R ,R 3 ,…,R n-1 ,R n And the first data end needs to obtain k data from the second data endData, then there are k indexes
First string A, negation string A - . This example can be exemplified as follows.
The index R acquired by the first data end may be sent by the second data end, or may be acquired from an index intersection between a first data set of the first data end and a second data set of the second data end, that is, in an embodiment, the step "acquiring an index of multiple pieces of data that need to be received from the second data end at the second data end" may specifically include:
receiving a second encryption candidate index and set exclusive or data sent by a second data terminal based on a second index set;
performing data summary mapping on a first candidate index in a first index set of a first data end to obtain first summary data corresponding to the first candidate index;
based on the set exclusive-or data, performing data hiding processing on the first abstract data to obtain a first encryption candidate index;
the first encryption candidate index and the second encryption candidate index are compared to determine an index intersection between the first index set and the second index set, and an index is obtained from the index intersection.
The first index set may include at least one candidate index, the second index set may include at least one candidate index, the first candidate index and the second candidate index may both be information such as a number and an ID, and data having a corresponding relationship may be queried according to the number or the ID.
For example, the second data end sets the second index through the hash function
Performing data abstract mapping on each second candidate index to obtain a hash value, namely second abstract data of the second candidate index
The hash function has irreversibility, and even if the hash function adopted by data digest mapping and the obtained hash value cannot be restored to obtain the second candidate index, data are guaranteed not to be leaked.
Performing XOR calculation on the second abstract data corresponding to each second candidate index to obtain set XOR data
The second data terminal performs data hiding processing based on the set exclusive-or data and the second digest data to obtain a second encryption candidate index E = (E) 1 ,E 2 ,E 3 ,…,E N1 ,). The data hiding process may include performing a logical calculation on the set exclusive or data and the second digest data, such as an and calculation, or calculation, exclusive or calculation, and negation calculation, and so on.
And the second data end sends the second encryption candidate index E and the set exclusive-or data Xor to the first data end.
And the first data terminal receives the second encryption candidate index and the set exclusive-OR data sent by the second data terminal.
Performing data summary mapping on a first candidate index in a first index set of a first data end to obtain first summary data corresponding to the first candidate index; then, data hiding processing is carried out on the first summary data of the first candidate index based on the set exclusive-or data to obtain a first encryption candidate index, the data hiding processing mode of the first data terminal is the same as that of the second data terminal, and when the first candidate index is the same as that of the second candidate index, the first encryption candidate index is the same as that of the second encryption candidate index, so that the index intersection between the first index set and the second index set can be determined by comparing whether the first encryption candidate index is the same as that of the second encryption candidate index.
And acquiring all or part of indexes from the index intersection, and acquiring target data from the second data end based on the indexes.
The first data end determines an index intersection by comparing the first encryption candidate index with the second encryption candidate index, only the index in the second data end which is the same as the first data end can be known, but other indexes except the index intersection cannot be known, and the second data end is guaranteed not to leak data.
Since the digest data obtained by performing data digest mapping on the same data are the same, in order to prevent digest data leakage and to enable the data owned by the first data end and the second data end to be obtained through digest data comparison, in an embodiment, the digest data may be encrypted, that is, the step "performing data hiding processing on the first digest data based on set exclusive-or data to obtain a first encryption candidate index" may specifically include:
acquiring a first key of a first data end;
performing key encryption on the first abstract data based on the first key to obtain a first initial encryption candidate index;
and performing data encryption calculation on the first summary data based on the set exclusive-or data and the first initial encryption candidate index to obtain a first encryption candidate index.
The first key may be a key of the first data end, and the first key is a symmetric key.
And performing key encryption on the first digest data based on the first key to obtain a first initial encryption candidate index, and performing logic calculation on the set candidate XOR data and the first initial candidate encryption index to obtain a first encryption candidate index.
102. And performing AND calculation on the index to obtain first index hidden data.
For example, for the index
And calculating to obtain the first index hidden data
If the index comprises an index
(1111) Rope for preventing and curing fractureGuiding device
(0011) Index, and recording medium
(1011) Index, and recording medium
(1110) And an index
(1001) Then to the index
Index
Index
Index
And indexes
And the first index hidden data can be obtained by calculation, namely
1010 is the first index hidden data obtained by the calculation.
103. And performing AND calculation on the inverted index to obtain second index hidden data, wherein the inverted index is obtained by performing logic inversion processing on the index.
For example, for the index R S The logical inversion processing can obtain the inversion index
And calculating the inverted index to obtain the first index hidden data
If the indexes are respectively matched
(1111) Index, and recording medium
(0011) Index, and recording medium
(1011) Index, and recording medium
(1110) And indexes
(1001) Performing logical inversion to obtain
(0000)、
(1100)、
(0100)、
(0001) And
(0100) And performing AND calculation on the inverted index to obtain second index hidden data, namely
0000 is the second index hidden data obtained by the calculation.
104. And performing data encryption on the first index hidden data through the first character string to obtain first encrypted index data, and performing data encryption on the second index hidden data through the negation character string to obtain second encrypted index data.
Specifically, step 104 may specifically include:
performing OR calculation on the first character string and the first index hidden data to obtain first encrypted index data;
and performing OR calculation on the negation character string and the second index hidden data to obtain second encryption index data.
For example, the specific example may be to hide data from the first string a and the first index
Performing OR operation to obtain first encrypted index data
For negation character string A - And second index hidden data
Performing OR operation to obtain second encrypted index data
105. And sending the first encryption index data and the second encryption index data to a second data terminal so that the second data terminal can predict a second character string used for encrypting each candidate data in the second data terminal according to the first encryption index data and the second encryption index data, and encrypt each data according to the second character string to obtain the candidate encrypted data.
The second character string may include a character string predicted by the second data terminal, and the second character string may be used to encrypt each candidate data in the second data terminal.
For example, the first data end sends the first encryption index data and the second encryption index data to the second data end.
The second data terminal predicts a second character string B = (B) corresponding to each candidate data in the second data terminal according to the first encryption index data and the second encryption index data 1 ,B 2 ,B 3 ,…,B n-1 ,B n ) And encrypting each candidate data according to the second character string to obtain candidate encrypted data.
Specifically, the predicting of the second character string may be to perform and calculation on an index corresponding to each candidate data and second encrypted index data to obtain second decrypted data N = Ry corresponding to each candidate data - =(N 1 ,N 2 ,N 3 ,…,N n-1 ,N n )。
Wherein, the first and the second end of the pipe are connected with each other,
and performing AND calculation on the inverted index of the index corresponding to each candidate data and the first encryption index data to obtain first decryption data M = R corresponding to each candidate data - y=(M 1 ,M 2 ,M 3 ,…,M n-1 ,M n ) Wherein, in the process,
after the first decrypted data and the second decrypted data are subjected to OR calculation, the first decrypted data and the second decrypted data are compared with the index R of the candidate data i Performing exclusive OR calculation to obtain a second character string B = (M | N) ^ R = (B) for performing data encryption on each candidate data 1 ,B 2 ,B 3 ,…,B n-1 ,B n ). Wherein, B i =(M i |N i )^R i ,
Performing XOR calculation on each candidate data and the corresponding second character string to obtain encrypted candidate data X' = B ^ X = (B) of each candidate data 1 ^X 1 ,B 2 ^X 2 ,B 3 ^X 3 ,…,B n ^X n )。
And sending the encrypted candidate data to the first data end so that the first data end can decrypt the encrypted candidate data to obtain the target data.
When X is present i R is data in k pieces of data to be acquired by the first data end S In existence of
And R i Are identical, i.e.
Then
And
to represent
And
and (5) performing and calculation.
Then, X i First decrypted data of
X i Second decrypted data of
X i Second character string B i =(M i |N i )^R i =R i ^R i A = A, i.e. X i Is the same as the first character string.
X i Of the encrypted candidate data X i ′=X i ^A。
When X is i And when the data is not the data in the k pieces of data to be acquired by the first data end, the second character string predicted by the second data end is not equal to the first character string.
And the second data terminal sends the encrypted candidate data to the first data terminal.
In order to avoid that other devices steal the first encryption index data and the second encryption index data and crack to obtain the second character string, and perform malicious attack on the first data end based on the second character string, the first character string a may be an encrypted character string, for example, the first character string a is encrypted by using a symmetric public key, the second data end may decrypt to obtain the second character string based on the symmetric public key, and other devices cannot obtain a correct second character string because of no public key, the encrypted first character string a may improve the security of data, and further ensure the security of the first data end, that is, in an embodiment, the step 101 "obtaining a negation character string for encrypting the first character string and the first character string for encrypting a plurality of pieces of data" may specifically include:
acquiring a first initial character string and key data;
encrypting the first initial character string through the key data to obtain a first character string;
and performing logic negation processing on the first character string to obtain a negation character string of the first character string.
The key data may include keys such as a symmetric key and an asymmetric key.
The first initial character string may be a string of characters including numbers, letters, and underlines, and the first character string is obtained by encrypting the first character string with key data.
For example, the method may specifically include obtaining a first initial character string and key data, encrypting the first initial character string through the key data to obtain a first character string, and performing logical negation on the first character string to obtain a negated character string.
106. And receiving the encrypted candidate data, and decrypting the encrypted candidate data according to the first character string to obtain target data corresponding to the index.
For example, the first data end receives the encrypted candidate data sent by the second data end, the encrypted candidate data is decrypted through the first character string, and the decrypted data X is obtained through performing exclusive or calculation on the first character string and the confidential candidate data A = X' ^ A = B ^ X ^ A, it can be known that when A = B, the target data X can be obtained by decryption, and it can be known from the content in step 105 that when X is i When the data is data in the k pieces of data to be acquired by the first data end, a = B, and therefore the first data end can acquire the desired k pieces of data but cannot acquire other data.
After obtaining the target data, the target data may be applied according to application scenario requirements, for example, during model training, the target data may be sample data of model training, and data alignment is performed on the target data and data on the first data end to obtain more sample data to train the model, that is, in an embodiment, a plurality of pieces of data to be obtained by the first data terminal are included in the second data set, and after the step "receiving the encrypted candidate data, decrypting the encrypted character string according to the first character string to obtain the target data corresponding to the index", the data processing method provided in the embodiment of the present application may further specifically include:
acquiring a first data set of a first data end;
acquiring query data from a first data set;
sample alignment data between the first data set and the second data set is generated from the target data and the query data.
The first data end may obtain the first data set, for example, the first data end stores the first data set, or the first data end may obtain the first data set from a blockchain, and the first data set may include query data corresponding to an index.
The query data and the target data may be data of the same dimension or data of different dimensions, for example, the query data may include price, description information, and data corresponding to a group of purchasing users of a commodity, the target data may also include price, description information, and data corresponding to a group of purchasing users of a commodity different from the query data, and optionally, the target data may include sales volume, comments, and corresponding data of a commodity identical to the query data.
For example, a first data set may be obtained from a first data end, query data is obtained from the first data set, and if the query data and the target data are data with the same dimension, the target data may be structured based on the query data, so that the data structure of the target data is the same as the query data, and sample alignment data is obtained. For example, the query data may include price and description information of the product a and data corresponding to a group of purchasing users, and the target data may also include data that needs to be structurally changed in the target data, where the dimension of the target data is aligned with the dimension of the query data, that is, the obtained target data includes price and description information of the product B and data corresponding to a group of purchasing users.
If the query data and the target data are data with different dimensions, the query data can be obtained from the first data set based on the index, and the query data and the target data are spliced to obtain data with more dimensions corresponding to the index.
As can be seen from the above, in the embodiment of the present application, the index of a plurality of pieces of data that need to be received from the second data end at the second data end, and the first character string used for encrypting the plurality of pieces of data and the inverted character string of the first character string are obtained; performing AND calculation on the index to obtain first index hidden data; performing AND calculation on the inverted index to obtain second index hidden data, wherein the inverted index is obtained by performing logic inversion processing on the index; performing data encryption on the first index hidden data through the first character string to obtain first encrypted index data, and performing data encryption on the second index hidden data through the negation character string to obtain second encrypted index data; sending the first encryption index data and the second encryption index data to a second data terminal so that the second data terminal can predict a second character string used for encrypting each candidate data in the second data terminal according to the first encryption index data and the second encryption index data and encrypt each data according to the second character string to obtain candidate encrypted data; and receiving the encrypted candidate data, and decrypting the encrypted candidate data according to the first character string to obtain target data corresponding to the index.
According to the embodiment of the application, the index can be hidden by performing data and calculation on the index, so that the second data end cannot acquire the index of the first data end, the second data end predicts the second character string of each candidate data subjected to data encryption according to the first encrypted index data and the second encrypted index data, the candidate encrypted data obtained by encrypting the candidate data is encrypted based on the second character string, when the candidate data is the target data corresponding to the index, the second character string predicted by the second data end is the same as the first character string, the first data end can decrypt the candidate encrypted data sent by the second data end according to the first character string to obtain the target data corresponding to the index, the first data end only needs to send the first encrypted index data and the second encrypted index data, the required target data can be acquired from the second data end, index information is not leaked, the data sending amount of the first data end is reduced, the data processing amount of the second data end is reduced, and the data processing efficiency is improved.
On the basis of the above-described embodiments, further details will be given below by way of example.
The present embodiment will be described from the perspective of a data processing apparatus, which may be specifically integrated in a computer device, and the computer device may be a server, or may be a device such as a terminal.
As shown in fig. 2, a specific flow of the data processing method provided in the embodiment of the present application may be as follows:
201. and receiving first encryption index data and second encryption index data sent by a first data end.
Wherein the first encryption index data and the second encryption index data may be obtained based on the above steps 101-106.
For example, first encryption index data and second encryption index data sent by a first data end are received.
Optionally, the first encryption index data and the second encryption index data sent by the first data end may be sent based on an index intersection between a first index set of the first data end and a second index set of the second data end, and the second data end may send a second candidate index in the second index set to the first data end after encrypting, so that the first data end determines the index intersection between the first index set and the second index set according to the second encryption candidate index, that is, in an embodiment, the step "receiving the first encryption index data and the second encryption index data sent by the first data end" may specifically include:
acquiring a second index set related to the candidate data;
performing data summary mapping on a second candidate index in the second index set to obtain second summary data corresponding to the second candidate index;
performing XOR calculation on second abstract data corresponding to the second candidate index to obtain set XOR data of the second index set;
based on the set exclusive or data, performing data hiding processing on each piece of second abstract data to obtain a second encryption candidate index;
sending the second encryption candidate index and the set exclusive OR data to a first data end so that the first data end conducts index encryption on the first candidate index in the first index set to obtain a first encryption candidate index, and determining an index intersection between the first index set and the second index set by comparing the first encryption candidate index and the second encryption candidate index;
and receiving first encryption index data and second encryption index data which are sent by a first data end through obtaining the index from the index intersection and performing index hiding processing on the index.
The second index set may be an index set corresponding to the candidate data, and the second index set may include a plurality of second candidate indexes, and the corresponding candidate data may be queried according to the first candidate index.
For example, the second data end uses the hash function to set the second index
Performing data abstract mapping on each second candidate index to obtain a hash value, namely second abstract data of the second candidate index
The hash function has irreversibility, even if the hash function adopted by the data summary mapping and the obtained hash value cannot be restored to obtain the second candidate index, and data are guaranteed not to be leaked.
Performing XOR calculation on the second abstract data corresponding to each second candidate index to obtain set XOR data
The second data terminal performs data hiding processing based on the set exclusive-or data and the second digest data to obtain a second encryption candidate index E = (E) 1 ,E 2 ,E 3 ,…,E N1 ,). The data hiding process may include performing a logical calculation on the set exclusive or data and the second digest data, for example, an and calculation, or calculation, exclusive or calculation, inversion calculation, and the like.
And the second data end sends the second encryption candidate index E and the set exclusive-or data Xor to the first data end.
After the first data end receives the second encrypted candidate index and the set exclusive OR data sent by the second data end, performing data summary mapping on a first candidate index in a first index set of the first data end to obtain first summary data corresponding to the first candidate index; then, data hiding processing is carried out on the first candidate index based on set exclusive OR so as to encrypt the first candidate index to obtain a first encrypted candidate index, the data hiding processing mode of the first data terminal is the same as that of the second data terminal, and when the first candidate index is the same as that of the second candidate index, the first encrypted candidate index is the same as that of the second encrypted candidate index, so that the index intersection between the first index set and the second index set can be determined by comparing whether the first encrypted candidate index is the same as that of the second encrypted candidate index.
Since the digest data obtained by performing data digest mapping on the same data are the same, in order to prevent digest data leakage and to enable the data owned by the first data end and the second data end to be known through digest data comparison, in an embodiment, the digest data may be encrypted, that is, the step "hiding each piece of second digest data and data based on set exclusive-or data to obtain a second encryption candidate index" may specifically include:
acquiring a second key of a second data terminal;
performing key encryption on the second digest data based on the second key to obtain a second initial encryption candidate index;
and carrying out data encryption calculation on the second initial encryption candidate index data based on the set exclusive OR data to obtain a second encryption candidate index.
The second key may be a key of the second data end, the second key is a symmetric key, the first key exists in the first data end, and the first key and the second key are symmetric keys.
And carrying out key encryption on the second digest data based on a second key to obtain a second initial encryption candidate index, and carrying out logic calculation on the set candidate XOR data and the first initial candidate encryption index to obtain a second encryption candidate index.
202. And respectively performing AND calculation on the negation index and the first encryption index data corresponding to each candidate data in the second data end to obtain first decryption data corresponding to the candidate data, wherein the negation index is obtained by performing logic negation processing on the index.
For example, the second data end has n candidate data X =9X 1 ,X 2 ,X 3 ,…,X n-1 ,X n ) And X corresponds to the index R = (R) 1 ,R 2 ,R 3 ,…,R n-1 ,R n (, inverted index)
And calculating the index corresponding to each candidate data and the second encrypted index data to obtain the second decrypted data N = Ry corresponding to each candidate data - =(N 1 ,N 2 ,N 3 ,…,N n-1 ,N n )。
Wherein, the first and the second end of the pipe are connected with each other,
203. and respectively carrying out AND calculation on the index corresponding to each candidate data and the second encrypted index data to obtain second decrypted data corresponding to each candidate data.
For example, the inverse index of the index corresponding to each candidate data is summed with the first encrypted index data to obtain the first decrypted data M = R corresponding to each candidate data - y=(M 1 ,M 2 ,M 3 ,…,M n-1 ,M n ) Wherein, in the process,
204. and performing data calculation on the first decrypted data and the second decrypted data corresponding to each candidate data to obtain a second character string for performing data encryption on each candidate data.
For example, the first decrypted data and the second decrypted data are processed or calculated and then are compared with the index R of the candidate data i Performing exclusive or calculation to obtain a second character string B = M | N = (B) for performing data encryption on each candidate data 1 ,B 2 ,B 3 ,…,B n-1 ,B n ). Wherein the content of the first and second substances,B i =(M i |N i )^R i ,
in an embodiment, the first character string of the first data end may be a character string encrypted by key data, and the second data end needs to decrypt based on the key data corresponding to the first data end to obtain a correct second character string, that is, the step "performing data calculation on the first decrypted data and the second decrypted data corresponding to each candidate data to obtain the second character string used for performing data encryption on each candidate data" may specifically include:
performing OR calculation on the first decrypted data and the second decrypted data to obtain target decrypted data of the candidate data;
performing exclusive or calculation on the index of the candidate data and the target decryption data to obtain an encrypted second character string;
and decrypting the encrypted second character string based on the key data of the second data terminal to obtain the second character string.
The key data may be a symmetric key or an asymmetric key, for example, the key data of the second data end may be a private key, and the key data of the first data end may be a public key.
For example, the first decrypted data and the second decrypted data may be specifically subjected to or calculated to obtain the target decrypted data M of the candidate data i |N i (ii) a Performing XOR calculation on the index of the candidate data and the target decryption data to obtain an encrypted second character string B i =(M i |N i )^R i And decrypting the encrypted second character string through the key data to obtain the second character string.
205. And performing XOR calculation on each candidate data and the corresponding second character string to obtain the encrypted candidate data of each candidate data.
For example, in the case of a liquid,performing exclusive or calculation on each candidate data and the corresponding second character string to obtain encrypted candidate data X' = B ^ X = (B) of each candidate data 1 ^X 1 ,B 2 ^X 2 ,B 3 ^X 3 ,…,B n ^X n )。
206. And sending the encrypted candidate data to the first data end so that the first data end can decrypt the encrypted candidate data to obtain the target data.
For example, the encrypted candidate data is sent to the first data end, so that the first data end decrypts the encrypted candidate data based on the first character string to obtain the target data.
As can be seen from the above, in the embodiment of the present application, the first encryption index data and the second encryption index data sent by the first data end are received; respectively performing AND calculation on the negation index and the first encryption index data corresponding to each candidate data in the second data end to obtain first decryption data corresponding to the candidate data, wherein the negation index is obtained by performing logic negation processing on the index; respectively carrying out AND calculation on the index corresponding to each candidate data and the second encrypted index data to obtain second decrypted data corresponding to each candidate data; performing data calculation on the first decrypted data and the second decrypted data corresponding to each candidate data to obtain a second character string used for performing data encryption on each candidate data; performing XOR calculation on each candidate data and the corresponding second character string to obtain encrypted candidate data of each candidate data; and sending the encrypted candidate data to the first data end so that the first data end can decrypt the encrypted candidate data based on the first character string to obtain the target data.
According to the embodiment of the application, the second character string of each candidate data for data encryption is predicted according to the first encryption index data and the second encryption index data, the candidate encryption data is obtained by encrypting the candidate data based on the second character string, when the candidate data is the target data corresponding to the index, the second character string predicted by the second data end is the same as the first character string, the first data end can decrypt the candidate encryption data sent by the second data end according to the first character string to obtain the target data corresponding to the index, the first data end sends the first encryption index data and the second encryption index data, the second data end only needs to process the first encryption index data and the second encryption index data, the required target data can be obtained from the second data end, index information is not leaked, the data sending amount of the first data end is reduced, the data processing amount of the second data end is reduced, and the data processing efficiency is improved.
On the basis of the above-described embodiments, further details will be given below by way of example.
In this embodiment, the data processing system will be described from the perspective of a data processing system, and the data processing system may specifically include a first data end and a second data end, where the second data end has a second data set, the second data set includes n (n is greater than or equal to 2) pieces of data, the first data end is to acquire k (k is less than or equal to 2) pieces of data from the data set of the second data end, and the first data end does not know the data acquired by the first data end, and meanwhile, the first data end cannot acquire other data than the k pieces of data from the second data end.
As shown in fig. 3, a specific flow of the data processing method provided in the embodiment of the present application may be as follows:
301. the first data terminal obtains the index of a plurality of pieces of data which need to be received from the second data terminal at the second data terminal, and a first character string used for encrypting the plurality of pieces of data and an inverted character string of the first character string.
For example, obtain an index
A first character string A, a negation character string A obtained by performing logic negation processing on the first character string A - The first character string a is obtained by encrypting the first initial character string a according to the public key of the second data terminal.
302. And the first data end performs AND calculation on the index to obtain first index hidden data, and performs AND calculation on the inverted index to obtain second index hidden data.
For example, for the index
And calculating to obtain the first index hidden data
303. And the first data end performs OR calculation on the first character string and the first index hidden data to obtain first encryption index data, and performs OR calculation on the negation character string and the second index hidden data to obtain second encryption index data.
For example, for the index R S The logical inversion processing can obtain the inversion index
And calculating the inverted index to obtain the first index hidden data
304. And the first data end sends the first encryption index data and the second encryption index data to the second data end.
305. And the second data end receives the first encryption index data and the second encryption index data sent by the first data end.
306. And the second data end respectively carries out AND calculation on the inverted index and the first encryption index data corresponding to each candidate data to obtain first decryption data corresponding to the candidate data.
For example, the second data set of the second data terminal corresponds to a second index set R = (R) 1 ,R 2 ,R 3 ,…,R n-1 ,R n And, the second index set comprises a second candidate index corresponding to each candidate data. Negating the second candidate index in the second index set to obtain the second candidate index
The second data end inverts the index corresponding to each candidate data into the first addition indexAnd carrying out calculation on the secret index data to obtain first decryption data M = R corresponding to each candidate data - y=(M 1 ,M 2 ,M 3 ,…,M n-1 ,M n ) Wherein, in the step (A),
307. and the second data end respectively performs AND calculation on the index corresponding to each candidate data and the second encrypted index data to obtain second decrypted data corresponding to each candidate data.
For example, the second data end performs and calculation on the index corresponding to each candidate data and the second encrypted index data to obtain the second decrypted data N = Ry corresponding to each candidate data - =(N 1 ,N 2 ,N 3 ,…,N n-1 ,N n ). Wherein the content of the first and second substances,
308. and the second data terminal performs or calculates the first decrypted data and the second decrypted data to obtain target decrypted data of the candidate data.
For example, the second data end performs or calculates the first decrypted data and the second decrypted data to obtain the target decrypted data M | N.
309. And the second data terminal performs exclusive or calculation on the index of the candidate data and the target decryption data to obtain an encrypted second character string.
For example, the second data end combines the target decryption data M | N with the index R of the candidate data i Performing exclusive OR calculation to obtain an encrypted second character string B = (M | N) ^ R = (B) 1 ,B 2 ,B 3 ,…,B n-1 ,B n ). Wherein, B i =(M i |N i )^R i 。
310. And the second data terminal decrypts the encrypted second character string based on the key data of the second data terminal to obtain the second character string.
The second data terminal decrypts the encrypted second character string based on the key data of the second data terminal to obtain a second character string B 0 。
311. And the second data end carries out XOR calculation on each candidate data and the corresponding second character string to obtain the encrypted candidate data of each candidate data.
For example, the second data end may specifically perform exclusive or calculation on each candidate data and the corresponding second character string to obtain encrypted candidate data X' = B of each candidate data 0 ^X。
When X is present i R is data in k pieces of data to be acquired by the first data terminal S In existence of
And R i Are identical, i.e.
Then
Then, X i First decrypted data M of i =(R i &A - )|=(R i &A - )|0=(R i &A - );X i Second decrypted data of
B i =R i ^A^R i =A;B 0 =a;X i ′=a^X i 。
312. And the second data terminal sends the encrypted candidate data to the first data terminal.
313. And the first data terminal receives the encrypted candidate data, and performs exclusive OR calculation on the first initial character string and the encrypted candidate data to obtain target data corresponding to the index.
For example, it may be specifically the secondThe data end carries out XOR calculation on each candidate data and the corresponding second character string to obtain the encrypted candidate data X' = a ^ B of each candidate data 0 ^X。
Due to, when X is i X is the data in k pieces of data to be acquired by the first data terminal i ′=a^X i The first data end carries out XOR calculation on the first character string and the encrypted candidate data to obtain target data X i 。
When X is present i When the data is not the k pieces of data to be acquired by the first data terminal, B 0 And (b) not equal to a, the first data end carries out XOR calculation on the first character string and the encryption candidate data, and target data cannot be obtained.
As can be seen from the above, the first data end obtains the index of the plurality of pieces of data that need to be received from the second data end at the second data end, and the first character string used for encrypting the plurality of pieces of data and the negation character string of the first character string; performing AND calculation on the index to obtain first index hidden data, and performing AND calculation on the inverted index to obtain second index hidden data; performing OR calculation on the first character string and the first index hidden data to obtain first encrypted index data, and performing OR calculation on the negation character string and the second index hidden data to obtain second encrypted index data; and sending the first encryption index data and the second encryption index data to a second data terminal.
The second data end receives the first encryption index data and the second encryption index data sent by the first data end; respectively carrying out AND calculation on the negation index and the first encryption index data corresponding to each candidate data to obtain first decryption data corresponding to the candidate data; respectively carrying out AND calculation on the index corresponding to each candidate data and the second encrypted index data to obtain second decrypted data corresponding to each candidate data; performing OR calculation on the first decrypted data and the second decrypted data to obtain target decrypted data of the candidate data; performing exclusive or calculation on the index of the candidate data and the target decryption data to obtain an encrypted second character string; decrypting the encrypted second character string based on the key data of the second data terminal to obtain a second character string; performing XOR calculation on each candidate data and the corresponding second character string to obtain encrypted candidate data of each candidate data; and sending the encrypted candidate data to the first data terminal.
And the first data terminal receives the encrypted candidate data, and performs exclusive OR calculation on the first initial character string and the encrypted candidate data to obtain target data corresponding to the index.
According to the embodiment of the application, the index can be hidden by performing data and calculation on the index, so that the second data end cannot know the index of the first data end, the second data end predicts the second character string of each candidate data subjected to data encryption according to the first encrypted index data and the second encrypted index data, the candidate encrypted data obtained by encrypting the candidate data based on the second character string is obtained, when the candidate data are the target data corresponding to the index, the second character string predicted by the second data end is the same as the first character string, the first data end can decrypt the candidate encrypted data sent by the second data end according to the first character string to obtain the target data corresponding to the index, the first data end only needs to send the first encrypted index data and the second encrypted index data, the required target data can be obtained from the second data end, and index information is not leaked.
On the basis of the above-described embodiments, further details will be given below by way of example.
This embodiment will be described from the perspective of a data processing system, which may specifically include a first data end and a second data end, where the first data end corresponds to a first data set, and the second data end corresponds to a second data set. The first index set may include an index corresponding to each piece of data in the first data set; the second index set may include an index corresponding to each piece of data in the second data set, for example, a number or an ID of each piece of data.
The data processing method provided by the embodiment of the application can be applied to federal learning, and specifically, assuming that a mechanism a and a mechanism B are provided, the mechanism a and the mechanism B cooperate with each other to conduct federal learning, and a model is trained by using common data, wherein the mechanism a has a first data set, the mechanism B has a second data set, and the mechanism a and the mechanism B only exchange relevant data (such as index or complete data) of an intersection part, for example, the mechanism a has data of commodities a, B and c about x, and the mechanism B has data of commodities a, B, c and d about y, so that the mechanism a and the mechanism B only exchange data about commodities a, B and c, but not exchange data about commodity d, data leakage is avoided, and the mechanism a and the mechanism B conduct model training based on the exchanged data, and model training speed and training effect are improved.
As shown in fig. 4, a specific flow of the data processing method according to the embodiment of the present application is as follows:
401. and the second data end performs data summary mapping on a second candidate index in the second index set to obtain second summary data corresponding to the second candidate index.
For example, the index may be a number or an ID of each piece of data in the data set, for example, the first data set and the second data set may contain achievements of students, and then the index may be a number of the students, each student corresponding to a number of the student, and the achievements of the students contained in the first data set and the second data set may be determined according to the number of the student.
For example, the second data end sets the second index through the hash function
Performing data abstract mapping on each second candidate index to obtain a hash value, namely second abstract data of the second candidate index
The hash function has irreversibility, and even if the hash function adopted by data digest mapping and the obtained hash value cannot be restored to obtain the second candidate index, data are guaranteed not to be leaked.
402. And the second data end carries out XOR calculation on the second abstract data to obtain set XOR data of the second index set.
The second data end carries out XOR calculation on the second abstract data corresponding to each second candidate index to obtain set XOR data
403. And the second data terminal hides each piece of second abstract data and data based on the set exclusive-OR data to obtain a second encryption candidate index.
For example, the second data end performs key encryption on the second digest data based on the second key to obtain a second initial encryption candidate index, and performs or calculation on the set candidate xor data and the first initial candidate encryption index to obtain a second encryption candidate index E = (E) 1 ,E 2 ,E 3 ,…,E N1 )。
404. And the second data terminal sends the second encryption candidate index and the set exclusive OR data to the first data terminal.
405. The first data end performs data summary mapping on a first candidate index in the first index set to obtain first summary data corresponding to the first candidate index.
For example, a first data pair is paired with a first set of indices
Performing data abstract mapping on the first candidate index to obtain first abstract data corresponding to the first candidate index
406. And the first data base performs data hiding processing on the first abstract data based on the set exclusive-OR data to obtain a first encryption candidate index.
For example, the first data end performs data hiding processing on the set xor data and the first candidate index to obtain a first encrypted candidate index F = (F) 1 ,F 2 ,F 3 ,…,F N2 )。
407. The first data end compares the first encryption candidate index with the second encryption candidate index to determine an index intersection between the first index set and the second index set, and obtains an index from the index intersection.
Since the first data terminal performs the data hiding process in the same manner as the second data terminal, and the first encryption candidate index and the second encryption candidate index are the same when the first candidate index and the second candidate index are the same, it is possible to determine the index intersection J = (J) between the first index set and the second index set by comparing whether the first encryption candidate index and the second encryption candidate index are the same or not 1 ,J 2 ,J 3 ,…,J N3 ) The first data end obtains the index from the index intersection and obtains the target data from the second data end based on the index, so that the first data end can only obtain the data corresponding to the index intersection from the second data end and cannot obtain other data, the data safety of the second data end is ensured, meanwhile, the second data end cannot obtain the data obtained by the first data end, and the privacy safety of the first data end is ensured.
In an embodiment, a first data set corresponding to a first index is provided in a first data end, and data in the first data set corresponding to an index intersection can be sent to a second data end, so that the second data end obtains data of the intersection part with the first data end, and trains a model by combining the data in the second data set, and training data for model training is added, so that the training speed and the training effect of the model can be improved.
As can be seen from the above, in the embodiment of the present application, data summary mapping is performed on the second candidate index in the second index set through the second data end, so as to obtain second summary data corresponding to the second candidate index; performing XOR calculation on second abstract data corresponding to the second candidate index to obtain set XOR data of the second index set; performing data hiding processing on each piece of second abstract data based on the set exclusive or data to obtain a second encryption candidate index; and sending the second encryption candidate index and the set exclusive OR data to the first data terminal.
The first data end performs data summary mapping on a first candidate index in the first index set to obtain first summary data corresponding to the first candidate index; the first data base carries out data hiding processing on the first abstract data based on the set exclusive-or data to obtain a first encryption candidate index; the first data end compares the first encryption candidate index with the second encryption candidate index to determine an index intersection between the first index set and the second index set, and obtains an index from the index intersection.
In the embodiment of the application, the first data end can only acquire the data corresponding to the index intersection from the second data end, and cannot acquire other data, so that the data security of the second data end is ensured, and meanwhile, the second data end cannot acquire the data acquired by the first data end, so that the privacy security of the first data end is ensured.
In order to better implement the data processing method provided by the embodiment of the present application, in an embodiment, a data processing apparatus is further provided. The terms are the same as those in the data processing method, and details of implementation can be referred to the description in the method embodiment.
The data processing apparatus may be specifically integrated in a computer device, as shown in fig. 5, and the data processing apparatus may include: the acquiring unit 501, the first calculating unit 502, the second calculating unit 503, the encrypting unit 504, the sending unit 505, and the decrypting unit 506 are specifically as follows:
(1) The acquisition unit 501: the index acquisition module is used for acquiring the index of a plurality of pieces of data to be received from the second data terminal at the second data terminal, and a first character string and a negation character string of the first character string which are used for encrypting the plurality of pieces of data.
In an embodiment, the obtaining unit 501 may include a first data obtaining subunit, an encryption processing subunit, and a logic negation subunit, specifically:
the first data acquisition subunit: the method comprises the steps of obtaining a first initial character string and key data;
an encryption processing subunit: the first initial character string is encrypted through the key data to obtain a first character string;
a logic negation subunit: and the logical negation processing is carried out on the first character string to obtain a negation character string of the first character string.
In an embodiment, the obtaining unit 501 may include a second data obtaining subunit, a first digest mapping subunit, a first hiding subunit, and a comparing subunit, specifically:
a second data acquisition subunit: the first data terminal is used for receiving a first encryption candidate index and set exclusive or data sent by the first data terminal based on the first index set;
a first digest mapping subunit: the data summarization mapping method comprises the steps of performing data summarization mapping on a first candidate index in a first index set of a first data end to obtain first summarized data corresponding to the first candidate index;
a first hidden subunit: the first summary data are subjected to data hiding processing based on the set exclusive-or data to obtain a first encryption candidate index;
a comparison subunit: for comparing the first encryption candidate index and the second encryption candidate index to determine an index intersection between the first index set and the second index set, and obtaining an index from the index intersection.
In an embodiment, the first hiding subunit may include a first key obtaining module, a first key encrypting module, and a first data encrypting module, specifically:
the first key acquisition module: the first key is used for acquiring a first data end;
the first key encryption module: the key encryption device is used for carrying out key encryption on the first abstract data based on a first key to obtain a first initial encryption candidate index;
the first data encryption module: and the first encryption candidate index is obtained by performing data encryption calculation on the first digest data based on the set exclusive-or data and the first initial encryption candidate index.
(2) The first calculation unit 502: and the index is used for performing AND calculation to obtain first index hidden data.
(3) The second calculation unit 503: and the device is used for performing AND calculation on the inverted index to obtain second index hidden data, and the inverted index is obtained by performing logic inversion processing on the index.
(4) The encryption unit 504: the first character string is used for carrying out data encryption on the first index hidden data to obtain first encrypted index data, and the negation character string is used for carrying out data encryption on the second index hidden data to obtain second encrypted index data.
In an embodiment, the encryption unit 504 may comprise a first or computation subunit and a second or computation subunit, in particular:
the first or computation subunit: the first character string and the first index hidden data are subjected to OR calculation to obtain first encryption index data;
a second or calculation subunit: and the encryption module is used for performing OR calculation on the negation character string and the second index hidden data to obtain second encryption index data.
(5) The transmission unit 505: the first encryption index data and the second encryption index data are sent to the second data terminal, so that the second data terminal can predict a second character string used for encrypting each candidate data in the second data terminal according to the first encryption index data and the second encryption index data, and encrypt each data according to the second character string to obtain the candidate encrypted data.
(6) The decryption unit 506: and the data processing module is used for receiving the encrypted candidate data and decrypting the encrypted candidate data according to the first character string to obtain target data corresponding to the index.
In an embodiment, the plurality of pieces of data are included in the second data set, and the data processing apparatus may further include a set acquiring unit, a data acquiring unit, and a data generating unit, specifically:
a set acquisition unit: the data acquisition device is used for acquiring a first data set of a first data end;
a data acquisition unit: the query data acquisition module is used for acquiring query data from a first data set;
a data generation unit: for generating sample alignment data between the first data set and the second data set based on the target data and the query data.
The data processing apparatus according to the embodiment of the present application obtains, by the obtaining unit 501, indexes of a plurality of pieces of data that need to be received from a second data end at the second data end, and a first character string used for encrypting the plurality of pieces of data and a negation character string of the first character string; the first computing unit 502 performs an and computation on the index to obtain first index hidden data; the inverted index is subjected to and calculation through a second calculating unit 503 to obtain second index hidden data, and the inverted index is obtained by performing logical inversion processing on the index; the encryption unit 504 performs data encryption on the first index hidden data through the first character string to obtain first encrypted index data, and performs data encryption on the second index hidden data through the negation character string to obtain second encrypted index data; sending the first encryption index data and the second encryption index data to the second data terminal through the sending unit 505, so that the second data terminal predicts a second character string used for encrypting each piece of candidate data in the second data terminal according to the first encryption index data and the second encryption index data, and encrypts each piece of data according to the second character string to obtain candidate encrypted data; the encrypted candidate data is received by the decryption unit 506, and the encrypted candidate data is decrypted according to the first character string to obtain the target data corresponding to the index.
According to the data processing method and device, the data sending amount of the first data end is reduced, the data processing amount of the second data end is reduced, and the data processing efficiency is improved.
In order to better implement the data processing method provided in the embodiment of the present application, in an embodiment, a data processing apparatus is further provided. The terms are the same as those in the data processing method, and details of implementation can be referred to the description in the method embodiment.
The data processing apparatus may be specifically integrated in a computer device, as shown in fig. 6, and the data processing apparatus may include: the receiving unit 601, the third calculating unit 602, the fourth calculating unit 603, the data calculating unit 604, the exclusive or calculating unit 605, and the second sending unit 606 are as follows:
(1) The receiving unit 601: the index encryption device is used for receiving first encryption index data and second encryption index data sent by a first data end.
In an embodiment, the receiving unit 601 may include a set obtaining subunit, a second digest mapping subunit, a set exclusive or calculating subunit, a second hiding subunit, a data sending subunit, and an index obtaining subunit, specifically:
a set acquisition subunit: a second index set for obtaining data about the candidate data;
a second digest mapping subunit: the data summarization mapping module is used for performing data summarization mapping on a second candidate index in the second index set to obtain second summarized data corresponding to the second candidate index;
set exclusive or calculation subunit: the second abstract data corresponding to the second candidate index is subjected to exclusive OR calculation to obtain set exclusive OR data of a second index set;
a second hidden subunit: the data hiding device is used for hiding each piece of second abstract data based on the set exclusive-or data to obtain a second encryption candidate index;
a data transmission subunit: the first data end is used for sending the second encryption candidate index and the set exclusive OR data to a first data end so that the first data can carry out index encryption on the first candidate index in the first index set to obtain a first encryption candidate index, and the index intersection between the first index set and the second index set is determined by comparing the first encryption candidate index with the second encryption candidate index;
an index acquisition subunit: and the first encryption index data and the second encryption index data are used for receiving the first encryption index data and the second encryption index data, wherein the first data end acquires the index from the index intersection and carries out index hiding processing on the index.
In an embodiment, the second hiding subunit may include a second key obtaining module, a second key encrypting module, and a second data encrypting module, specifically:
a second key acquisition module: the second key is used for acquiring a second data end;
a second key encryption module: the second key encryption module is used for carrying out key encryption on the second digest data based on the second key to obtain a second initial encryption candidate index;
the second data encryption module: and the second encryption candidate index is obtained by performing data encryption calculation on the second initial encryption candidate index based on the set exclusive-or data.
(2) The third calculation unit 602: and the first encryption index data and the negation index data corresponding to each candidate data in the second data end are respectively subjected to AND calculation to obtain first decryption data corresponding to the candidate data, and the negation index is obtained by performing logic negation processing on the index.
(3) The fourth calculation unit 603: and the second encryption index data and the index corresponding to each candidate data are respectively subjected to AND calculation to obtain second decryption data corresponding to each candidate data.
(4) The data calculation unit 604: and the data calculation module is used for performing data calculation on the first decrypted data and the second decrypted data corresponding to each candidate data to obtain a second character string used for performing data encryption on each candidate data.
In an embodiment, the data calculation unit 604 may include a data decryption subunit, an encrypted string subunit, and a string decryption subunit, specifically:
a data decryption subunit: the first decryption data and the second decryption data are used for carrying out or calculation to obtain target decryption data of the candidate data;
encryption string subunit: the index of the candidate data and the target decryption data are subjected to XOR calculation to obtain an encrypted second character string;
a string decryption subunit: and the second data terminal is used for decrypting the encrypted second character string based on the key data of the second data terminal to obtain the second character string.
(5) Exclusive or calculation unit 605: and the encryption candidate data of each candidate data is obtained by performing exclusive-or calculation on each candidate data and the corresponding second character string.
(6) Second transmitting section 606: and the first data end is used for sending the encrypted candidate data to the first data end so that the first data end can decrypt the encrypted candidate data based on the first character string to obtain the target data.
As can be seen from the above, the data processing apparatus according to the embodiment of the present application receives, by the receiving unit 601, the first encrypted index data and the second encrypted index data sent by the first data end; respectively performing and calculation on the inverted index and the first encrypted index data corresponding to each candidate data in the second data end by the third calculation unit 602 to obtain first decrypted data corresponding to the candidate data, wherein the inverted index is obtained by performing logical inversion processing on the index; the fourth calculating unit 603 respectively performs and calculation on the index corresponding to each candidate data and the second encrypted index data to obtain second decrypted data corresponding to each candidate data; performing data calculation on the first decrypted data and the second decrypted data corresponding to each candidate data through a data calculation unit 604 to obtain a second character string used for performing data encryption on each candidate data; performing exclusive-or calculation on each candidate data and the corresponding second character string through an exclusive-or calculation unit 605 to obtain encrypted candidate data of each candidate data; the encrypted candidate data is sent to the first data end through the second sending unit 606, so that the first data end decrypts the encrypted candidate data based on the first character string to obtain the target data.
According to the embodiment of the application, the data sending amount of the first data end is reduced, the data processing amount of the second data end is reduced, and the data processing efficiency is improved.
An embodiment of the present application further provides a computer device, where the computer device may be a terminal or a server, as shown in fig. 7, which shows a schematic structural diagram of the computer device according to the embodiment of the present application, and specifically:
the computer device may include components such as a processor 1001 of one or more processing cores, memory 1002 of one or more computer-readable storage media, a power supply 1003, and an input unit 1004. Those skilled in the art will appreciate that the computer device configuration illustrated in FIG. 7 does not constitute a limitation of computer devices, and may include more or fewer components than those illustrated, or some components may be combined, or a different arrangement of components. Wherein:
the processor 1001 is a control center of the computer device, connects various parts of the entire computer device using various interfaces and lines, and performs various functions of the computer device and processes data by running or executing software programs and/or modules stored in the memory 1002 and calling data stored in the memory 1002, thereby monitoring the computer device as a whole. Optionally, processor 1001 may include one or more processing cores; preferably, the processor 1001 may integrate an application processor, which mainly handles operating systems, user interfaces, computer programs, etc., and a modem processor, which mainly handles wireless communications. It will be appreciated that the modem processor described above may not be integrated into the processor 1001.
The memory 1002 may be used to store software programs and modules, and the processor 1001 executes various functional applications and data processing by operating the software programs and modules stored in the memory 1002. The memory 1002 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, a computer program required by at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may store data created according to use of the computer device, and the like. Further, the memory 1002 may include high-speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device. Accordingly, the memory 1002 may also include a memory controller to provide the processor 1001 access to the memory 1002.
The computer device further includes a power source 1003 for supplying power to each component, and preferably, the power source 1003 may be logically connected to the processor 1001 through a power management system, so that functions of managing charging, discharging, power consumption, and the like are implemented through the power management system. The power source 1003 may also include any component including one or more of a dc or ac power source, a recharging system, a power failure detection circuit, a power converter or inverter, a power status indicator, and the like.
The computer device may also include an input unit 1004, and the input unit 1004 may be used to receive input numeric or character information and generate keyboard, mouse, joystick, optical or trackball signal inputs related to user settings and function control.
Although not shown, the computer device may further include a display unit and the like, which are not described in detail herein. Specifically, in this embodiment, the processor 1001 in the computer device loads the executable file corresponding to the process of one or more computer programs into the memory 1002 according to the following instructions, and the processor 1001 runs the computer programs stored in the memory 1002, thereby implementing various functions as follows:
acquiring indexes of a plurality of pieces of data which need to be received from a second data end at the second data end, and a first character string and a negation character string of the first character string which are used for encrypting the plurality of pieces of data;
performing AND calculation on the index to obtain first index hidden data; performing AND calculation on the inverted index to obtain second index hidden data, wherein the inverted index is obtained by performing logic inversion processing on the index;
performing data encryption on the first index hidden data through the first character string to obtain first encrypted index data, and performing data encryption on the second index hidden data through the negation character string to obtain second encrypted index data;
sending the first encryption index data and the second encryption index data to a second data terminal so that the second data terminal can predict a second character string used for encrypting each candidate data in the second data terminal according to the first encryption index data and the second encryption index data, and encrypt each data according to the second character string to obtain candidate encrypted data;
and receiving the encrypted candidate data, and decrypting the encrypted candidate data according to the first character string to obtain target data corresponding to the index.
And
receiving first encryption index data and second encryption index data sent by a first data end;
respectively performing AND calculation on the negation index and the first encryption index data corresponding to each candidate data in the second data end to obtain first decryption data corresponding to the candidate data, wherein the negation index is obtained by performing logic negation processing on the index;
respectively carrying out AND calculation on the index corresponding to each candidate data and the second encrypted index data to obtain second decrypted data corresponding to each candidate data; performing data calculation on the first decrypted data and the second decrypted data corresponding to each candidate data to obtain a second character string used for performing data encryption on each candidate data;
performing XOR calculation on each candidate data and the corresponding second character string to obtain encrypted candidate data of each candidate data;
and sending the encrypted candidate data to the first data end so that the first data end can decrypt the encrypted candidate data based on the first character string to obtain the target data.
The above operations can be implemented in the foregoing embodiments, and are not described herein.
Therefore, the computer device in the embodiment of the application can reduce the data sending amount of the first data end, reduce the data processing amount of the second data end and improve the data processing efficiency.
According to an aspect of the present application, there is provided a computer program product comprising a computer program containing computer instructions stored in a computer readable storage medium. The processor of the computer device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions to cause the computer device to perform the method provided in the various alternative implementations of the above embodiments.
It will be understood by those skilled in the art that all or part of the steps of the methods of the above embodiments may be implemented by a computer program, which may be stored in a computer-readable storage medium and loaded and executed by a processor, or by a computer program controlling associated hardware.
To this end, the present application provides a computer-readable storage medium, in which a computer program is stored, where the computer program can be loaded by a processor to execute any one of the data processing methods provided in the present application.
The above operations can be implemented in the foregoing embodiments, and are not described in detail herein.
Wherein the computer-readable storage medium may include: read Only Memory (ROM), random Access Memory (RAM), magnetic or optical disks, and the like.
Since the computer program stored in the computer-readable storage medium can execute any data processing method provided in the embodiments of the present application, beneficial effects that can be achieved by any data processing method provided in the embodiments of the present application can be achieved, and detailed descriptions are omitted here for the foregoing embodiments.
The foregoing detailed description has provided a data processing method, an apparatus, a computer device, and a computer-readable storage medium according to embodiments of the present application, and specific examples are applied herein to explain the principles and implementations of the present application, and the descriptions of the foregoing embodiments are only used to help understand the method and the core ideas of the present application; meanwhile, for those skilled in the art, according to the idea of the present application, the specific implementation manner and the application scope may be changed, and in summary, the content of the present specification should not be construed as a limitation to the present application.
Claims (15)
1. A data processing method is applied to a first data end and comprises the following steps:
acquiring indexes of a plurality of pieces of data which need to be received from a second data end at the second data end, and a first character string used for encrypting the plurality of pieces of data and a negation character string of the first character string;
performing AND calculation on the index to obtain first index hidden data;
performing AND calculation on the inverted index to obtain second index hidden data, wherein the inverted index is obtained by performing logic inversion processing on the index;
performing data encryption on the first index hidden data through the first character string to obtain first encrypted index data, and performing data encryption on the second index hidden data through the negation character string to obtain second encrypted index data;
sending the first encryption index data and the second encryption index data to a second data end, so that the second data end can predict a second character string used for encrypting each candidate data in the second data end according to the first encryption index data and the second encryption index data, and encrypt each data according to the second character string to obtain candidate encryption data;
and receiving the encrypted candidate data, and decrypting the encrypted candidate data according to the first character string to obtain target data corresponding to the index.
2. The method of claim 1, wherein the plurality of pieces of data are included in a second set of data, and wherein after receiving the candidate encrypted data, decrypting an encrypted string according to the first string to obtain target data corresponding to the index, the method further comprises:
acquiring a first data set of the first data terminal;
obtaining query data from the first data set;
generating sample alignment data between the first data set and the second data set according to the target data and the query data.
3. The method according to claim 1, wherein the data encrypting the first index hidden data by the first character string to obtain first encrypted index data, and the data encrypting the second index hidden data by the negating character string to obtain second encrypted index data comprises:
performing OR calculation on the first character string and the first index hidden data to obtain first encrypted index data;
and performing OR calculation on the negation character string and the second index hidden data to obtain second encryption index data.
4. The method according to any one of claims 1, wherein the obtaining a first character string used for encrypting the pieces of data and an inverted character string of the first character string comprises:
acquiring a first initial character string and key data;
encrypting the first initial character string through the key data to obtain the first character string;
and performing logic negation processing on the first character string to obtain a negation character string of the first character string.
5. The method according to any one of claims 1 to 4, wherein the obtaining the index of the plurality of pieces of data required to be received from the second data terminal at the second data terminal comprises:
receiving a second encryption candidate index and set exclusive or data sent by the second data terminal based on a second index set;
performing data summary mapping on a first candidate index in a first index set of the first data end to obtain first summary data corresponding to the first candidate index;
based on the set exclusive-or data, performing data hiding processing on the first abstract data to obtain a first encryption candidate index;
comparing the first encrypted candidate index and the second encrypted candidate index to determine an index intersection between the first index set and the second index set, and obtaining the index from the index intersection.
6. The method of claim 5, wherein the performing data hiding processing on the first digest data based on the set exclusive-or data to obtain a first encryption candidate index comprises:
acquiring a first key of the first data end;
performing key encryption on the first digest data based on the first key to obtain a first initial encryption candidate index;
and performing data encryption calculation on the first summary data based on the set exclusive-or data and the first initial encryption candidate index to obtain a first encryption candidate index.
7. A data processing method is applied to a second data terminal and comprises the following steps:
receiving first encryption index data and second encryption index data sent by a first data end;
respectively performing AND calculation on the negation index corresponding to each candidate data in the second data end and the first encryption index data to obtain first decryption data corresponding to the candidate data, wherein the negation index is obtained by performing logic negation processing on the index;
respectively carrying out AND calculation on the index corresponding to each candidate data and the second encryption index data to obtain second decryption data corresponding to each candidate data;
performing data calculation on the first decrypted data and the second decrypted data corresponding to each candidate data to obtain a second character string used for performing data encryption on each candidate data;
performing XOR calculation on each candidate data and the corresponding second character string to obtain encrypted candidate data of each candidate data;
and sending the encrypted candidate data to the first data end so that the first data end can decrypt the encrypted candidate data based on the first character string to obtain target data.
8. The method according to claim 7, wherein the receiving the first encryption index data and the second encryption index data sent by the first data end comprises:
obtaining a second index set related to the candidate data;
performing data summary mapping on a second candidate index in the second index set to obtain second summary data corresponding to the second candidate index;
performing exclusive-or calculation on second summary data corresponding to the second candidate index to obtain set exclusive-or data of the second index set;
based on the set exclusive-or data, performing data hiding processing on each piece of second abstract data to obtain a second encryption candidate index;
sending the second encryption candidate index and the set exclusive OR data to the first data end so that the first data can carry out index encryption on the first candidate index in the first index set to obtain a first encryption candidate index, and determining an index intersection between the first index set and the second index set by comparing the first encryption candidate index and the second encryption candidate index;
and receiving first encryption index data and second encryption index data sent by the first data end, wherein the first encryption index data and the second encryption index data are obtained by acquiring an index from the index intersection by the first data end and hiding the index.
9. The method according to claim 8, wherein the performing data hiding processing on each piece of the second digest data based on the set xor data to obtain a second encryption candidate index comprises:
acquiring a second key of the second data end;
performing key encryption on the second digest data based on the second key to obtain a second initial encryption candidate index;
and performing data encryption calculation on the second initial encryption candidate index based on the set exclusive-or data to obtain a second encryption candidate index.
10. The method according to any one of claims 7 to 9, wherein performing data calculation on the first decrypted data and the second decrypted data corresponding to each candidate data to obtain a second character string used for performing data encryption on each candidate data includes:
performing or calculating on the first decrypted data and the second decrypted data to obtain target decrypted data of the candidate data;
performing exclusive-or calculation on the index of the candidate data and the target decryption data to obtain an encrypted second character string;
and decrypting the encrypted second character string based on the key data of the second data terminal to obtain the second character string.
11. A data processing apparatus, comprising:
the device comprises an acquisition unit, a storage unit and a processing unit, wherein the acquisition unit is used for acquiring indexes of a plurality of pieces of data needing to be received from a second data end at the second data end, and a first character string used for encrypting the plurality of pieces of data and an inverted character string of the first character string;
the first calculation unit is used for carrying out AND calculation on the index to obtain first index hidden data;
the second computing unit is used for performing AND computation on the inverted index to obtain second index hidden data, wherein the inverted index is obtained by performing logic inversion processing on the index;
the encryption unit is used for carrying out data encryption on the first index hidden data through the first character string to obtain first encrypted index data, and carrying out data encryption on the second index hidden data through the negation character string to obtain second encrypted index data;
a first sending unit, configured to send the first encryption index data and the second encryption index data to a second data end, so that the second data end predicts a second character string used for encrypting each piece of candidate data in the second data end according to the first encryption index data and the second encryption index data, and encrypts each piece of data according to the second character string to obtain candidate encrypted data;
and the decryption unit is used for receiving the encrypted candidate data and decrypting the encrypted candidate data according to the first character string to obtain target data corresponding to the index.
12. A data processing apparatus, comprising:
the receiving unit is used for receiving first encryption index data and second encryption index data sent by a first data end;
a third calculating unit, configured to perform and calculation on an inverted index corresponding to each candidate data in the second data end and the first encrypted index data, respectively, to obtain first decrypted data corresponding to the candidate data, where the inverted index is obtained by performing logical inversion processing on the index;
the fourth calculation unit is used for respectively and calculating the index corresponding to each candidate data and the second encrypted index data to obtain second decrypted data corresponding to each candidate data;
the data calculation unit is used for performing data calculation on the first decrypted data and the second decrypted data corresponding to each candidate data to obtain a second character string used for performing data encryption on each candidate data;
the exclusive OR calculation unit is used for performing exclusive OR calculation on each piece of candidate data and the corresponding second character string to obtain encrypted candidate data of each piece of candidate data;
and the second sending unit is used for sending the encrypted candidate data to the first data end so that the first data end can decrypt the encrypted candidate data based on the first character string to obtain target data.
13. A computer device comprising a memory and a processor; the memory stores a computer program, and the processor is configured to execute the computer program in the memory to perform the data processing method according to any one of claims 1 to 6 or 7 to 10.
14. A computer-readable storage medium for storing a computer program which is loaded by a processor to perform the data processing method of any one of claims 1 to 6 or 7 to 10.
15. A computer program product comprising a computer program, characterized in that the computer program, when being executed by a processor, carries out the data processing method of any one of claims 1 to 6 or 7 to 10.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210835257.3A CN115225367A (en) | 2022-07-15 | 2022-07-15 | Data processing method, device, computer equipment, storage medium and product |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210835257.3A CN115225367A (en) | 2022-07-15 | 2022-07-15 | Data processing method, device, computer equipment, storage medium and product |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115225367A true CN115225367A (en) | 2022-10-21 |
Family
ID=83612659
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210835257.3A Pending CN115225367A (en) | 2022-07-15 | 2022-07-15 | Data processing method, device, computer equipment, storage medium and product |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115225367A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117010002A (en) * | 2023-09-28 | 2023-11-07 | 腾讯科技(深圳)有限公司 | Sample identifier alignment method and device, electronic equipment and storage medium |
-
2022
- 2022-07-15 CN CN202210835257.3A patent/CN115225367A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117010002A (en) * | 2023-09-28 | 2023-11-07 | 腾讯科技(深圳)有限公司 | Sample identifier alignment method and device, electronic equipment and storage medium |
| CN117010002B (en) * | 2023-09-28 | 2024-01-05 | 腾讯科技(深圳)有限公司 | Sample identifier alignment method and device, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8898478B2 (en) | Method for querying data in privacy preserving manner using attributes | |
| US10608811B2 (en) | Private set intersection encryption techniques | |
| CN111784001B (en) | Model training method and device and computer readable storage medium | |
| US20230014599A1 (en) | Data processing method and apparatus for blockchain system | |
| CN104967693B (en) | Towards the Documents Similarity computational methods based on full homomorphism cryptographic technique of cloud storage | |
| CN109214201B (en) | Data sharing method, terminal equipment and computer readable storage medium | |
| Zuo et al. | BCAS: A blockchain-based ciphertext-policy attribute-based encryption scheme for cloud data security sharing | |
| Liu et al. | New provable data transfer from provable data possession and deletion for secure cloud storage | |
| Sun et al. | A searchable personal health records framework with fine-grained access control in cloud-fog computing | |
| CN112287379B (en) | Service data using method, device, equipment, storage medium and program product | |
| US8220040B2 (en) | Verifying that group membership requirements are met by users | |
| US9641328B1 (en) | Generation of public-private key pairs | |
| Thilakanathan et al. | SafeProtect: Controlled data sharing with user-defined policies in cloud-based collaborative environment | |
| Yan et al. | A lightweight authentication and key agreement scheme for smart grid | |
| CN107528830A (en) | account login method, system and storage medium | |
| Yu et al. | Traceable and undeniable ciphertext-policy attribute-based encryption for cloud storage service | |
| Alemami et al. | Cloud data security and various cryptographic algorithms | |
| CN112149174A (en) | Model training method, device, equipment and medium | |
| CN111555880A (en) | Data collision method and device, storage medium and electronic equipment | |
| CN113609781A (en) | Automobile production mold optimization method, system, equipment and medium based on federal learning | |
| CN115225367A (en) | Data processing method, device, computer equipment, storage medium and product | |
| CN114726512A (en) | Data processing method and device | |
| Shivaramakrishna et al. | A novel hybrid cryptographic framework for secure data storage in cloud computing: Integrating AES-OTP and RSA with adaptive key management and Time-Limited access control | |
| JP2014137474A (en) | Tamper detection device, tamper detection method, and program | |
| US20120155641A1 (en) | Non-interactive verifiable, delegated computation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 40075305 Country of ref document: HK |