CN115270202A - Privacy calculation method and device based on multi-party cooperation - Google Patents

Privacy calculation method and device based on multi-party cooperation Download PDF

Info

Publication number
CN115270202A
CN115270202A CN202210872158.2A CN202210872158A CN115270202A CN 115270202 A CN115270202 A CN 115270202A CN 202210872158 A CN202210872158 A CN 202210872158A CN 115270202 A CN115270202 A CN 115270202A
Authority
CN
China
Prior art keywords
data
operator
collaboration
instantiation
privacy
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210872158.2A
Other languages
Chinese (zh)
Inventor
马超
王天雨
孙善禄
杨仁慧
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ant Blockchain Technology Shanghai Co Ltd
Original Assignee
Ant Blockchain Technology Shanghai Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ant Blockchain Technology Shanghai Co Ltd filed Critical Ant Blockchain Technology Shanghai Co Ltd
Priority to CN202210872158.2A priority Critical patent/CN115270202A/en
Publication of CN115270202A publication Critical patent/CN115270202A/en
Priority to PCT/CN2022/135217 priority patent/WO2024016549A1/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Business, Economics & Management (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Accounting & Taxation (AREA)
  • Computer Security & Cryptography (AREA)
  • Databases & Information Systems (AREA)
  • Software Systems (AREA)
  • Finance (AREA)
  • Development Economics (AREA)
  • Mathematical Physics (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Strategic Management (AREA)
  • Technology Law (AREA)
  • General Business, Economics & Management (AREA)
  • Computing Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Data Mining & Analysis (AREA)
  • Storage Device Security (AREA)

Abstract

One or more embodiments of the present specification provide a privacy computing method and apparatus based on multi-party collaboration. The method comprises the following steps: obtaining a computing process which is specified by a user and carries out privacy computation on data maintained by at least part of a plurality of cooperation participants; the computing process comprises a computing process formed by at least one functional operator which is specified by a user and is related to the privacy computation; acquiring data security requirements of data maintained by at least part of cooperation participants, selecting at least one instantiation operator corresponding to at least one functional operator and meeting the data security requirements from an instantiation operator library related to privacy computation, and generating an instantiation computation process corresponding to the computation process based on the at least one instantiation operator; an intelligent contract containing private computing logic corresponding to the instantiated computing process is created, and the created intelligent contract is deployed into a blockchain network interfaced with the data collaboration platform.

Description

Privacy calculation method and device based on multi-party cooperation
Technical Field
Embodiments of the present disclosure relate to the field of block chain technologies, and in particular, to a privacy computing method and apparatus based on multi-party collaboration.
Background
Privacy computing (Privacy computing) refers to a technology for realizing data analysis and computation on the premise of protecting data from being leaked outside. For example, currently mainstream privacy computing technologies may generally include FL (federal Learning) technology, MPC (Multi-party Secure computing) technology, TEE (Trusted execution Environment) technology, and the like. In practical applications, data participating in privacy calculation may come from a plurality of different data sources, and therefore, how to perform privacy calculation by using data of the plurality of different data sources is a long-standing focus in the industry.
Disclosure of Invention
The specification provides a privacy computation method based on multi-party collaboration, wherein a data collaboration platform based on a block chain is connected with a plurality of collaboration participants; the method is applied to a server corresponding to any target collaboration party in the multiple collaboration parties; wherein the plurality of collaboration participants respectively maintain data for participating in privacy calculations; the method comprises the following steps:
obtaining a computing process specified by a user and used for carrying out privacy computation on data maintained by at least part of the plurality of cooperation participants; wherein the computing process comprises a computing process composed of at least one functional operator specified by the user in relation to the private computation;
acquiring data security requirements of data maintained by at least part of collaboration participants, selecting at least one instantiation operator corresponding to at least one functional operator and meeting the data security requirements from an instantiation operator library related to the privacy computation, and generating an instantiation computation process corresponding to the computation process based on the at least one instantiation operator;
and creating an intelligent contract containing private computing logic corresponding to the instantiated computing process, and deploying the created intelligent contract into a blockchain network interfaced with the data collaboration platform for the user to call.
The specification also provides a privacy calculation method based on multi-party cooperation, which is applied to a data cooperation platform based on a block chain; wherein the data collaboration platform interfaces a plurality of collaboration participants; the plurality of collaboration participants maintain data for participating in privacy calculations, respectively; the method comprises the following steps:
acquiring a calculation flow which is uploaded by a server corresponding to any target cooperation party in the plurality of cooperation parties and is specified by a user to carry out privacy calculation on data maintained by at least part of the plurality of cooperation parties; wherein the computing process comprises a computing process composed of at least one functional operator specified by the user in relation to the private computation;
acquiring data security requirements of data maintained by at least part of collaboration participants, selecting at least one instantiation operator corresponding to at least one functional operator and meeting the data security requirements from an instantiation operator library related to the privacy computation, and generating an instantiation computation process corresponding to the computation process based on the at least one instantiation operator;
and creating an intelligent contract containing private computing logic corresponding to the instantiated computing process, and deploying the created intelligent contract into a blockchain network interfaced with the data collaboration platform for the user to call.
The specification also provides a privacy computing device based on multi-party collaboration, wherein a data collaboration platform based on a block chain is connected with a plurality of collaboration participants; the method is applied to a server corresponding to any target collaboration party in the multiple collaboration parties; wherein the plurality of collaboration participants respectively maintain data for participating in privacy calculations; the device comprises:
the first acquisition module is used for acquiring a calculation process which is specified by a user and used for carrying out privacy calculation on data maintained by at least part of the plurality of cooperation participants; wherein the computing process comprises a computing process composed of at least one functional operator specified by the user in relation to the private computation;
the first generation module is used for acquiring data security requirements of data maintained by at least part of collaboration participants, selecting at least one instantiation operator corresponding to at least one functional operator and meeting the data security requirements from an instantiation operator library related to the privacy computation, and generating an instantiation computation process corresponding to the computation process based on the at least one instantiation operator;
and the first deployment module is used for creating an intelligent contract containing private computing logic corresponding to the instantiated computing process and deploying the created intelligent contract into a blockchain network in butt joint with the data collaboration platform so as to be called by the user.
The specification also provides a privacy computing device based on multi-party collaboration, which is applied to a data collaboration platform based on a block chain; wherein the data collaboration platform interfaces with a plurality of collaboration participants; the plurality of collaboration participants maintain data for participating in privacy calculations, respectively; the device comprises:
the second acquisition module is used for acquiring a calculation process which is uploaded by a server corresponding to any target collaboration party in the multiple collaboration parties and is specified by a user to carry out privacy calculation on at least part of data maintained by the collaboration parties in the multiple collaboration parties; wherein the computing process comprises a computing process composed of at least one functional operator specified by the user in relation to the private computation;
the second generation module is used for acquiring data security requirements of data maintained by at least part of collaboration participants, selecting at least one instantiation operator corresponding to at least one functional operator and meeting the data security requirements from an instantiation operator library related to the privacy computation, and generating an instantiation computation process corresponding to the computation process based on the at least one instantiation operator;
and the second deployment module creates an intelligent contract containing private computing logic corresponding to the instantiated computing process, and deploys the created intelligent contract to a blockchain network in butt joint with the data collaboration platform so as to be called by the user.
In the technical scheme above, when privacy calculation is performed on data from a plurality of data sources, the calculation process of the privacy calculation is more transparent and credible, and is convenient to trace; moreover, on the premise that the user does not know the security requirements of each cooperation participant on data use, different instantiation computing processes capable of meeting the security requirements of each cooperation participant on data use are planned according to different computing requirements of the user based on the privacy computing capability of the data cooperation platform, so that the data cooperation platform can be flexibly adapted to different data privacy scenes, and more privacy computing scenes can be activated.
Drawings
FIG. 1 is a system architecture diagram of a data collaboration platform shown in an exemplary embodiment of the present description.
FIG. 2 is a flow chart illustrating a multi-party collaboration based privacy computation method according to an exemplary embodiment of the present specification.
FIG. 3 is a schematic diagram illustrating a process for virtualizing data maintained by a plurality of cooperating parties, according to an example embodiment.
FIG. 4 is a flow diagram illustrating another multi-party collaboration based privacy computation method according to an example embodiment.
Fig. 5 is a schematic block diagram of an electronic device according to an exemplary embodiment.
FIG. 6 is a block diagram of a privacy computing device based on multi-party collaboration as illustrated in accordance with an example embodiment.
FIG. 7 is a block diagram of another multi-party collaboration based privacy computing device illustrated in accordance with an example embodiment.
Detailed Description
In order to make those skilled in the art better understand the technical solutions in the present specification, the technical solutions in the embodiments of the present specification will be clearly and completely described below with reference to the drawings in the embodiments of the present specification, and it is obvious that the described embodiments are only a part of the embodiments of the present specification, and not all of the embodiments. All other embodiments obtained by a person skilled in the art based on the embodiments in the present specification without any inventive step should fall within the scope of protection of the present specification.
It should be noted that: in other embodiments, the steps of the corresponding methods are not necessarily performed in the order shown and described herein. In some other embodiments, the methods may include more or fewer steps than those described herein. Moreover, a single step described in this specification may be broken down into multiple steps for description in other embodiments; multiple steps described in this specification may be combined into a single step in other embodiments.
In a scenario of performing privacy computation on data from a plurality of different data sources, in order to break an information island between the data sources and achieve sufficient data fusion, a centralized data collaboration platform is usually built. The centralized data collaboration platform is generally responsible for scheduling and managing data of each data source. When privacy calculation is required to be performed on data from a plurality of different data sources, the data collaboration platform can respectively query data from the different data sources, and perform privacy calculation processing on the queried data based on the privacy calculation capability of the data collaboration platform.
However, in practical applications, different data sources often have different security requirements for the use of the data they maintain; for example, some data sources may prohibit the data from being exported to the data domain for use, or disallow the data maintained by the data sources to be aggregated with the data maintained by other data sources for use, for privacy protection, and so on.
The difference in security requirements of different data sources for data may derive a large number of scenarios of data query and privacy computation. Therefore, how to flexibly adapt to the scenes of the data query and the privacy calculation is of great significance to the data collaboration platform.
Based on the above, the present specification proposes a technical solution for flexibly planning instantiated computing processes corresponding to computing processes customized by a user and meeting the security requirements of each data source on the premise that the user does not know the security requirements of each collaboration participant on data use based on the privacy computing capability of a data collaboration platform in a scenario of performing privacy computing based on data maintained by a plurality of data sources.
When the method is implemented, a data cooperation platform based on the block chain can be built, and the data cooperation platform can be used for docking a plurality of cooperation participants. Where each collaboration participant may maintain data for participating in privacy calculations.
For any target cooperative participant in the plurality of cooperative participants, when a user accessing the server corresponding to the target cooperative participant has a calculation requirement for performing privacy calculation on data maintained by at least part of the plurality of cooperative participants, a calculation process corresponding to the calculation requirement of the user may be specified based on a functional operator in a functional operator library related to the privacy calculation.
After the server corresponding to the target cooperation party obtains the calculation process designated by the user, the server can further obtain the data security requirement of the data maintained by at least part of the cooperation parties, select at least one instantiation operator corresponding to the at least one functional operator, which meets the data security requirement, from an instantiation operator library related to privacy calculation, and generate an instantiation calculation process corresponding to the calculation process based on the at least one instantiation operator.
Then, an intelligent contract may be created that includes private computing logic corresponding to the instantiated computing process, and the created intelligent contract may be deployed to a blockchain network that interfaces with the data collaboration platform for invocation by the user.
In the technical scheme, when the privacy calculation is carried out on the data from a plurality of data sources, the calculation process of the privacy calculation is more transparent and credible, and the tracing is convenient;
moreover, on the premise that the user does not know the security requirements of each cooperation participant on data use, different instantiation computing processes capable of meeting the security requirements of each cooperation participant on data use are planned according to different computing requirements of the user based on the privacy computing capability of the data cooperation platform, so that the data cooperation platform can be flexibly adapted to different data privacy scenes, and more privacy computing scenes can be activated.
Referring to fig. 1, fig. 1 is a system architecture diagram of a data collaboration platform according to an exemplary embodiment of the present disclosure.
As shown in fig. 1, the data collaboration platform, which may be specifically a privacy collaboration platform based on a blockchain, may interface a blockchain network and a plurality of collaboration participants (i.e., a plurality of data sources). The data collaboration platform can perform computation scheduling on data maintained by the multiple collaboration participants, and completes privacy computation from a global data perspective.
For example, on the premise of meeting the security requirements of each cooperative participant on data, the data maintained by each cooperative participant as a whole is subjected to privacy calculation.
A data set and a computation result set may be maintained separately for each collaboration participant. The data set is used for storing data participating in privacy calculation. And the calculation result set is used for storing calculation results obtained by performing privacy calculation on the data in the data set. The calculation result may be specifically an intermediate calculation result or a final calculation result.
It should be noted that, the data set and the calculation result set may be specifically a database. For different collaboration participants, the databases used may be homogeneous databases or heterogeneous databases, and are not particularly limited in this specification.
In addition to the data set and the computation result set, each cooperative participant can carry a plurality of instantiation operators and functional components related to privacy computation.
As shown in fig. 1, the instantiation operators carried by the respective collaboration participants and related to the privacy computation may specifically include an MPC-based instantiation operator, a TEE-based instantiation operator, and a TL-based instantiation operator, among others. Each instantiation operator corresponds to a computing operation or a computing function realized based on a specific privacy computing technology. And for a specific computing operation or computing function, the method can correspond to various instantiation operators realized based on various privacy computing technologies.
For example, taking the calculation function to be implemented as the intersection calculation as an example, the instantiation operator corresponding to the intersection calculation function may specifically include an instantiation operator for the intersection calculation based on MPC, an instantiation operator for the intersection calculation based on TEE, and the like. That is, for the intersection calculation function, two instantiation operators can be implemented based on the MPC technique and the TEE technique, respectively.
As shown in fig. 1, the functional components carried by each collaboration participant may specifically include the following:
and the application execution planning component is used for selecting at least one instantiation operator corresponding to at least one functional operator contained in the computing process designated by the user from an instantiation operator library managed by the data collaboration platform based on the data security requirement of each collaboration participant for the data maintained by the collaboration participant, and planning the instantiation computing process corresponding to the computing process based on the instantiation operator, wherein the instantiation computing process meets the data security requirement of each collaboration participant. At this time, the instantiated calculation process is a specific data cooperation application which is planned based on the calculation process specified by the user and is used for carrying out privacy calculation.
And the application contract management component is used for generating execution codes related to the privacy computing logic corresponding to the instantiated computing process, compiling the generated execution codes into intelligent contract codes, and deploying the intelligent contracts containing the intelligent contract codes in a blockchain network in butt joint with the data collaboration platform.
And the execution scheduling component is used for interacting with the intelligent contract, further calling a local instantiation operator through monitoring the calling result of the intelligent contract stored on the block chain to complete related privacy calculation, and submitting the calculation result to the intelligent contract.
It should be noted that the functional components shown above are merely schematic, and in practical applications, some of the components may be integrated or further separated based on actual needs, and are not limited in this specification.
It should be further noted that, in addition to the execution scheduling component, other components of the above-described functional components may be distributed and deployed on each collaboration party by the data collaboration platform (fig. 1 shows that such distributed and deployed on each collaboration party is the case of being distributed and deployed on each collaboration party), or may be centrally deployed on the data collaboration platform, which is not particularly limited in this specification. For example, it may be centrally deployed on a blockchain service platform (not shown in fig. 1) for managing the above-described blockchain network.
With continued reference to fig. 1, each collaboration participant may also provide an application execution client to the user.
The application execution client is specifically used for providing access service of a data collaboration platform for a user, the user can specify a computing process corresponding to the private computing requirement of the user through the application execution client based on a functional operator managed by the data collaboration platform, and can also initiate contract calling aiming at the intelligent contract through the execution client and inquire a calling result of the intelligent contract through the application execution client.
Referring to fig. 2, fig. 2 is a flowchart illustrating a privacy computation method based on multi-party collaboration according to an exemplary embodiment, where the method may be applied to a server corresponding to any target collaboration party in a plurality of collaboration parties shown in fig. 1; the method comprises the following steps:
step 202, obtaining a computing process specified by a user and used for carrying out privacy computation on data maintained by at least part of the plurality of cooperation participants; wherein the computing process comprises a computing process composed of at least one functional operator specified by the user in relation to the private computation;
the cooperation participants can specifically access a data provider of the data cooperation platform. For example, in one example, the plurality of collaboration participants may specifically include a plurality of data centers distributed in different regions.
Operators described in this specification refer to various calculation operations/calculation functions involved in performing privacy calculations for data maintained by each collaboration participant. That is, any computing operation/computing function involved in the process of performing private computation on data maintained by each cooperative participant can be referred to as an operator.
The functional operator refers to a calculation function or a calculation operation to be implemented. Any one of the calculation operation/calculation functions to be realized, which are involved in the process of performing the private calculation on the data maintained by each cooperative participant, may be referred to as a functional operator. The instantiation operator refers to a computing function or a computing operation that has been implemented based on a specific privacy computing technology.
For example, currently mainstream privacy computing technologies can generally include FL technology, MPC technology, TEE technology, and the like, and thus the instantiation operators in the instantiation operator library can include instantiation operators implemented based on FL technology, instantiation operators implemented based on MPC technology, and operators implemented based on TEE technology, and the like.
For another example, if the functional operator is "intersection calculation", and the calculation function to be implemented is "intersection calculation", then the instantiation operator corresponding to the functional operator may specifically include an instantiation operator for intersection calculation implemented based on the MPC technique, an instantiation operator for intersection calculation implemented based on the TEE technique, and so on. That is, for the intersection calculation function, two instantiation operators can be implemented based on the MPC technique and the TEE technique, respectively.
In practical application, the private computing capacity of the data collaboration platform is usually determined by an instantiated operator library managed by the data collaboration platform, and the richer the types of instantiated operators contained in the instantiated operator library, the stronger the private computing capacity of the data collaboration platform itself is.
In an illustrated embodiment, the instantiation operators in the instantiation operator library managed by the data collaboration platform may specifically be based on the operators implemented by the privacy computing technology supported by the data collaboration platform, and may further include the operators implemented by the privacy computing technology supported by each collaboration participant. In this way, the data collaboration platform can cover the private computing power of each collaboration participant who is accessed. In this specification, each collaboration participant may maintain a collection of data locally thereto for participating in privacy calculations. In order to break through information islands among the cooperation participants, the data cooperation platform can perform data virtualization processing on data sets respectively maintained by the cooperation participants based on a data virtualization technology.
The data virtualization technology is a technology for mapping physical data maintained by a plurality of data sources into virtual data at a logical level, and further integrating the physical data maintained by the plurality of data sources into a logical virtual data set (also called a logical view) for use by an upper layer application. By performing data virtualization processing on the data sets maintained by the cooperation participants, the data sets maintained by the cooperation participants can be integrated into a virtual data set for a user to use.
Here, mapping physical data maintained by a plurality of data sources into virtual data generally refers to a process of mapping physical data attributes included in the physical data into virtual data attributes. When mapping physical data attributes included in physical data into virtual data attributes, one physical data attribute included in the physical data may be mapped into one corresponding virtual data attribute in a one-to-one mapping manner, or a plurality of physical data attributes included in the physical data may be mapped into one corresponding virtual data attribute in a many-to-one mapping manner.
For example, referring to fig. 3, fig. 3 is a schematic diagram illustrating an exemplary embodiment of the present disclosure for performing data virtualization processing on data maintained by multiple collaboration participants.
As shown in FIG. 3, assume that the data stored in data set 1 maintained by collaboration participant 1 includes attributes 1-3, the data stored in data set 2 maintained by collaboration participant 2 includes attributes 4-7, and the data stored in data set 3 maintained by collaboration participant 3 includes attributes 8-11. Where each attribute may represent a field in the data table. The virtual data table obtained after performing data virtualization processing on the data stored in the data sets 1 to 3 may include attributes a to F.
As can be seen from the data virtualization processing method shown in fig. 3, the attribute 1 in the data set 1, the attribute 4 in the data set 2, and the attribute 8 in the data set 3 are mapped to the attribute a in the virtual data table in a many-to-one mapping manner; the attribute 2 in the data set 1, the attribute 5 in the data set 2 and the attribute 9 in the data set 3 are mapped into the attribute B in the virtual data table in a many-to-one mapping mode; the attribute 3 in the data set 1 and the attribute 6 in the data set 2 are mapped into the attribute C in the virtual data table in a many-to-one mapping manner. The attribute 10 in the data set 3 is mapped into an attribute D in the virtual data table in a one-to-one mapping manner; the attribute 7 in the data set 2 is mapped into an attribute E in the virtual data table in a one-to-one mapping mode; the attributes 11 in the data set 3 are mapped to the attributes F in the virtual data table in a one-to-one mapping manner.
It should be emphasized that the data mapping manner shown in fig. 3 is merely exemplary, and in practical applications, the data mapping manner adopted when performing data virtualization on data maintained by multiple collaboration participants generally depends on the data semantics of the data itself, and is not particularly limited in this specification; for example, when data mapping is performed, if data semantics of a plurality of data fields distributed in different collaboration participants are related, a manner of mapping the plurality of data fields into one virtual data attribute may be adopted.
After the data virtualization processing is completed on the data sets maintained by the cooperation participants, the obtained virtual data table can be issued to the cooperation participants, and the cooperation participants further take the virtual data table as a data view capable of globally reflecting the data conditions maintained by the cooperation participants and output and display the data view to users.
When a user accessing the target cooperation participant through the client has a privacy calculation requirement, the data query can be initiated in a global data view by inputting a data query request aiming at the virtual data table through the client.
The data query request is specifically used for expressing a data query requirement of a user to a data collaboration platform, and a specific form of the data query request is not particularly limited in this specification. For example, in an example, the data query request may specifically be a data query statement (such as an SQL statement) input by a user.
After the data query is completed, the user can specify a computing process corresponding to the private computing requirement of the user based on the functional operator managed by the data collaboration platform.
It should be noted that specific contents of the above-mentioned computation flow generally depend on the requirement of the user for private computation, and are not particularly limited in this specification, and in practical applications, the user can customize the computation flow corresponding to the own computation requirement by combining the functional operators in any form in the functional operator library. The user specifies the operation of the computing process corresponding to the private computing requirement of the user based on the functional operator managed by the data collaboration platform, and the operation can be specifically completed on the client.
For example, the virtual data set is a user information table storing personal information of a user, and the information table includes a gender field and an age field. In this scenario, if the privacy calculation requirement of the user for the user information table is "query the average value of the age data of the male user stored in the user information table", then at this time, the user may select a functional operator in the functional operator library corresponding to the calculation function "query calculation is performed on the user information of the male user in the user information table", a functional operator corresponding to the calculation function "filtering calculation is performed on the age data of the user information of the male user in the user information table", and a functional operator corresponding to the calculation function "average value operator operation is performed on the filtered age data", and then customize the calculation flow corresponding to the privacy calculation requirement of the user based on the three selected functional operators.
For another example, if the privacy calculation requirement of the user for the user information table is "training a machine learning model based on the user data in the user information table," the user may select the functional operator corresponding to the calculation function "machine learning training" in the functional operator library to customize the calculation process corresponding to the privacy calculation requirement.
In an embodiment shown in the present disclosure, the server corresponding to the target collaboration party may specifically output, to the user, a functional operator library managed by the data collaboration platform and related to privacy computation through the client, acquire at least one functional operator selected by the user from the output functional operator library, and then generate a computation flow for performing privacy computation on data maintained by at least part of the collaboration parties among the multiple collaboration parties based on the at least one functional operator.
In an implementation shown in the foregoing, a server corresponding to the target collaboration party may specifically output a computing process planning interface to a user through the client; wherein, the computing process planning interface can comprise the function operator library. The user can interact with the client through the computing process planning interface to express the privacy computing requirement of the user. For example, a user may operate in the computing flow planning interface, select at least one functional operator from the functional operator library, and express a computing requirement of the user to the client according to a logic sequence specified for the at least one functional operator in the computing flow planning interface. For example, in one example, the user may configure the at least one functional operator into a DAG (Directed Acyclic Graph) Graph structure by specifying a unidirectional logical order for the at least one functional operator in the computational flow planning interface.
It should be noted that the operation mode of the user in the calculation flow planning interface is not particularly limited in this specification. For example, in one example, functional operators included in the functional operator library may be input to a user through the computing process planning interface in the form of options, and the user may select at least one functional operator from the functional operators, and set a unidirectional connection line between the selected functional operators in the computing process planning interface to express a logical order between the functional operators, and then based on the unidirectional logical order, concatenate the at least one functional operator into a DAG graph structure as a computing process specified by the user.
Step 204, acquiring data security requirements of data maintained by at least part of collaboration participants, selecting at least one instantiation operator corresponding to the at least one functional operator, which meets the data security requirements, from an instantiation operator library related to the privacy computation, and generating an instantiation computation flow corresponding to the computation flow based on the at least one instantiation operator;
after a computation flow, which is specified by a user and used for performing privacy computation on data maintained by at least part of the multiple cooperation participants, is obtained, the server corresponding to the target cooperation participant may select at least one instantiation operator corresponding to the at least one functional operator from the managed instantiation operator library, and generate an instantiation query flow corresponding to the computation flow based on the selected at least one instantiation operator.
It should be noted that, in practical applications, different data sources generally have different security requirements for the use of the data maintained by the data sources; for example, some data sources may prohibit data from being exported from the data domain for use, or disallow data maintained by some data sources to be aggregated with data maintained by other data sources for use, for privacy protection. Therefore, in order to ensure that the selected instantiation operator can meet the security requirement of each collaboration participant on the data use, the appropriate instantiation operator can be selected from the instantiation operator library by referring to the security requirement of each collaboration participant on the data use.
In this case, after obtaining a computation flow for performing privacy computation on data maintained by at least some of the multiple collaboration participants specified by a user, a server corresponding to the target collaboration participant may specifically obtain data security requirements of the data maintained by each collaboration participant, and then select at least one instantiation operator corresponding to the at least one functional operator, which meets the data security requirements, from the instantiation operator library.
By the method, the data collaboration platform can still automatically select the instantiation operator which can meet the safety requirements of each collaboration party on data use for the user based on the privacy calculation requirements of the user on the premise that the user does not know the safety requirements of each collaboration party on data use.
The data security policy configured by each cooperation party for the maintained data can reflect the security requirement of each cooperation party on the data use to some extent; therefore, when the data security requirement of each collaboration party for the data maintained by the collaboration party is obtained, the data security policy configured by each collaboration party for the data maintained by the collaboration party may be specifically obtained first, and after the data security policy configured by each collaboration party for the data maintained by the collaboration party is obtained, the data security requirement of each collaboration party for the data maintained by the collaboration party may be further determined based on the data security policy.
The specific content of the data security policy configured by each cooperative party for the data maintained by each cooperative party generally depends on the specific security requirement of each cooperative party for the data usage, and therefore, no specific limitation is made in this specification.
In an embodiment, the data security policy may specifically include one or more of the following combinations:
a security level configured for the data;
a security protection level configured for the data;
data trust relationships with other collaboration participants;
corresponding to the above data security policy, the security requirement of each cooperative participant on the data usage may specifically include one or more of the following combinations:
determining whether to allow the data to be exported out of the security requirement of the data domain on which the data is positioned based on the security level;
determining whether to allow the security requirement of data desensitization processing on the data and the privacy calculation result aiming at the data based on the security protection level;
and determining whether to allow the data to be aggregated with the data maintained by other cooperative participants based on the data trust relationship.
In one embodiment shown, instantiated operator libraries contained in the instantiated operator library may also be configured with corresponding data security requirements. The data security requirement configured for the instantiation operator library is specifically used for indicating the data security requirement which can be met by the instantiation operator.
In this case, at least one instantiation operator corresponding to the at least one functional operator may be searched in an instantiation operator library; the instantiation operators found at this time may not meet the security requirement.
Then, the data security requirement of the data maintained by the at least part of cooperation participants for the cooperation participants can be matched with the data security requirement corresponding to the at least one instantiation operator; an instantiation operator matching the data security requirements of the data maintained by the at least partially cooperative participant may then be further selected from the at least one instantiation operator based on the matching result.
In an embodiment shown, the data collaboration platform may specifically be configured to deploy, on a server corresponding to the multiple collaboration participants, a process planning component in a distributed manner, where the process planning component is specifically configured to obtain data security requirements of data maintained by at least some of the collaboration participants for the data, select, from a library of instantiation operators managed by the at least some of the collaboration participants, at least one instantiation operator corresponding to the at least one functional operator, which meets the data security requirements, and generate, based on the at least one instantiation operator, an instantiation computation process corresponding to the computation process. The instantiated operator library managed by the data collaboration platform can be specifically and respectively issued to the server corresponding to each collaboration party, and is respectively maintained by each collaboration party.
In this case, after obtaining the computing process specified by the user, the server corresponding to the target collaboration participant may invoke the process planning component, obtain data security requirements of the data maintained by at least some collaboration participants for the server, select, from a locally maintained instantiated operator library associated with the privacy computing, at least one instantiated operator corresponding to the at least one functional operator that meets the data security requirements, and generate an instantiated query process corresponding to the computing process based on the at least one instantiated operator.
For example, continuing to refer to fig. 1, the flow planning component may specifically include the application execution planning component shown in fig. 1. At this time, the instantiated calculation process is a specific data cooperation application for privacy calculation, which is planned based on a calculation process which is specified by a user and is composed of functional operators.
In an embodiment shown, when the instantiated computing process corresponding to the computing process is generated based on the at least one instantiation operator, a plurality of instantiated computing processes may be generated based on the at least one instantiation operator, and then the instantiated computing processes are output and displayed to a user, so that the user selects an optimal query process from the instantiated computing processes. Of course, in practical applications, an optimal instantiation calculation process may be generated based on the instantiation operator by default.
And step 208, creating an intelligent contract containing private computing logic corresponding to the instantiated computing process, and deploying the created intelligent contract into a blockchain network interfaced with the data collaboration platform for the user to call.
After the instantiated computing process is generated based on the at least one instantiation operator, the server corresponding to the target collaboration participant can further compile the instantiated computing process into an intelligent contract form and deploy the intelligent contract form into a blockchain network interfaced with the data collaboration platform.
For example, in one example, the server may automatically generate an execution code related to the private computing logic corresponding to the instantiated computing process, and compile the generated execution code into an intelligent contract code; then, intelligent contracts containing the intelligent contract codes are deployed in a blockchain network interfaced with the data collaboration platform. The specific process of deploying the intelligent contract is not detailed in this specification. For example, in a real application, the intelligent contract creation transaction is published into the blockchain network by packaging an intelligent contract creation transaction based on the intelligent contract code. And the node equipment in the blockchain network can perform consensus check on the intelligent contract creation transaction, execute the intelligent contract calling transaction after the consensus check is passed, create an intelligent contract account in the blockchain, and anchor the intelligent contract code into the intelligent contract account to complete the creation of the intelligent contract.
In an illustrated embodiment, the data collaboration platform may specifically deploy, on the service side corresponding to the plurality of collaboration participants, an intelligent contract management component in a distributed manner, where the intelligent contract management component may specifically be configured to generate execution code related to the privacy computation logic corresponding to the instantiated computation process, compile the generated execution code into intelligent contract code, and deploy an intelligent contract containing the intelligent contract code in a blockchain network interfacing with the data collaboration platform.
In this case, after the instantiated computing process is generated based on the at least one instantiation operator, the server corresponding to the target collaboration participant may invoke the intelligent contract management component, further generate an execution code related to the private computing logic corresponding to the instantiated computing process, compile the generated execution code into an intelligent contract code, and deploy an intelligent contract containing the intelligent contract code in a blockchain network interfacing with the data collaboration platform.
For example, with continued reference to fig. 1, the intelligent contract management component may specifically include the application contract management component shown in fig. 1.
In this specification, when the intelligent contract deployment is completed, the user may initiate a contract invocation for the intelligent contract through the client to complete the privacy calculation for the data maintained by the at least part of the collaboration participants.
For example, with continued reference to fig. 1, when the intelligent contract deployment is completed, a user may initiate a contract invocation for the intelligent contract through the application execution client shown in fig. 1, and query the invocation result of the intelligent contract through the application execution client.
In an illustrated embodiment, the privacy computation logic corresponding to the instantiated computation process may specifically be a computation scheduling logic corresponding to the instantiated computation process; the computation scheduling logic is specifically configured to perform computation scheduling for the at least one instantiation operator to perform privacy computation for data maintained by the at least part of collaboration participants.
In this case, the intelligent contract may be an intelligent contract for performing computation scheduling for the private computation logic. In addition to the calculation scheduling sequence corresponding to each instantiation operator in the instantiation calculation flow, the intelligent contract also needs to maintain the calculation state corresponding to each instantiation operator, and the calculation state is used for indicating whether each instantiation operator completes the calculation.
After the user triggers and calls the intelligent contract through the client, the intelligent contract can determine an instantiation operator needing to be called first according to a calculation scheduling sequence, and then generates a calculation event corresponding to the instantiation operator. And after monitoring the computing event, the execution scheduling component on the server side where the instantiation operator is located may further call the instantiation operator to perform data privacy computation, and after the computation is completed, mention the computation result to the intelligent contract. And after receiving the calculation result, the intelligent contract triggers the calculation state of the instantiation operator to be updated to the completed calculation state. And after the instantiated calculation state is updated to the completed calculation state, the intelligent contract can continuously determine the next instantiated operator which needs to be called at the moment, and execute the same execution flow as described above, and so on until each instantiated operator in the instantiated calculation flow sequentially completes the data privacy calculation according to the calculation scheduling sequence.
Referring to FIG. 4, FIG. 4 is a flow chart illustrating a privacy-based computation method for multi-party collaboration, which may be applied to the data collaboration platform shown in FIG. 1, according to an example embodiment; for example, the data collaboration platform may specifically be a blockchain service platform for managing the blockchain network; for example, a BaaS (block chain as a Service) platform; the method comprises the following steps:
step 402, acquiring a calculation process which is uploaded by a server corresponding to any target cooperation party in the plurality of cooperation parties and is specified by a user to carry out privacy calculation on data maintained by at least part of the plurality of cooperation parties; wherein the computing process comprises a computing process composed of at least one functional operator specified by the user in relation to the private computation;
in this embodiment, after obtaining a calculation flow specified by a user for performing privacy calculation on data maintained by at least some of the multiple collaboration participants, the server corresponding to the target collaboration participant may upload the data query request to the data collaboration platform, and perform centralized processing by the data collaboration platform.
Step 404, obtaining data security requirements of data maintained by the at least part of collaboration participants, selecting at least one instantiation operator corresponding to the at least one functional operator, which meets the data security requirements, from an instantiation operator library related to the privacy computation, and generating an instantiation computation process corresponding to the computation process based on the at least one instantiation operator;
step 406, creating an intelligent contract containing private computing logic corresponding to the instantiated computing process, and deploying the created intelligent contract into a blockchain network interfaced with the data collaboration platform for the user to call.
After receiving the instantiated computing process uploaded by the target collaboration participant, the data collaboration platform may execute the execution logic shown in steps 404 to 406 to perform centralized processing on the instantiated computing process, and details of specific implementation refer to the description of the embodiment shown in fig. 2, which is not described in detail in this specification.
In the technical scheme, the data use complexity can be reduced when privacy calculation is carried out on data from a plurality of data sources, and the data use process can be more transparent and credible and is convenient to trace.
For example, data maintained by each cooperation party is subjected to data virtualization processing through a data virtualization processing technology to obtain a virtual data set, so that not only can full data fusion of multiple data sources be realized, but also a user can use data from a global data perspective on the basis of the virtual data set without needing the data storage condition of the data at each cooperation party, and therefore, the complexity of data use can be remarkably reduced. The generated query process is deployed in the block chain in the form of the intelligent contract and is called by the user, so that the characteristics of the intelligent contract can be fully utilized, and each query is transparent and credible and is convenient to trace.
Moreover, on the premise that a user does not know the security requirements of each cooperation participant on data use, different instantiation calculation processes capable of meeting the security requirements of each cooperation participant on the data use are planned according to different calculation requirements of the user based on the privacy calculation capability of the data cooperation platform, so that the data cooperation platform can be flexibly adapted to different data privacy scenes, and more privacy calculation scenes can be activated.
For example, different data sources typically have different security requirements for the use of the data they maintain. As for a user side with data use requirements, the user side usually does not know the security requirements of each data source for the use of data, which makes it difficult for the user to plan a set of calculation flow that perfectly meets the security requirements of each data source for the use of data based on his own private calculation requirements.
According to the technical scheme, since the instantiation calculation process capable of meeting the data use safety requirements of each cooperation participant is automatically planned for the user by taking the data use safety requirements of each data source as reference based on the privacy calculation capability of the data cooperation platform, the user does not need to pay attention to the data use safety requirements of each data source, and the adaptation capability of the data cooperation platform to the privacy calculation scene is obviously improved, so that the data assistance platform can activate more data privacy calculation scenes capable of meeting the safety requirements of different data sources.
The present specification also provides embodiments of an apparatus, an electronic device, and a storage medium, corresponding to embodiments of the foregoing method.
Fig. 5 is a schematic block diagram of an electronic device according to an exemplary embodiment. Referring to fig. 5, at the hardware level, the apparatus includes a processor 502, an internal bus 504, a network interface 506, a memory 508 and a non-volatile memory 510, but may also include hardware required for other services. One or more embodiments of the present description may be implemented in software, such as by processor 502 reading corresponding computer programs from non-volatile storage 510 into memory 508 and then running. Of course, besides the software implementation, the one or more embodiments in this specification do not exclude other implementations, such as logic devices or combination of software and hardware, and so on, that is, the execution subject of the following processing flow is not limited to each logic unit, and may also be hardware or logic devices.
Fig. 6 is a block diagram of a privacy computing apparatus based on multi-party collaboration according to an exemplary embodiment, which may be applied to the electronic device shown in fig. 5 to implement the technical solution of the present specification, as shown in fig. 6. The apparatus 600 comprises:
a first obtaining module 601, configured to obtain a calculation process, which is specified by a user and performs privacy calculation on data maintained by at least some of the multiple collaboration participants; wherein the computing process comprises a computing process composed of at least one functional operator specified by the user in relation to the private computation;
a first generation module 602, configured to obtain a data security requirement of data maintained by the at least part of collaboration participants, select, from an instantiation operator library associated with the privacy computation, at least one instantiation operator corresponding to the at least one functional operator that meets the data security requirement, and generate, based on the at least one instantiation operator, an instantiation computation process corresponding to the computation process;
the first deployment module 603 creates an intelligent contract including private computing logic corresponding to the instantiated computing process, and deploys the created intelligent contract into a blockchain network interfaced with the data collaboration platform, so as to be called by the user.
The specific details of the modules of the apparatus 600 have been described in detail in the method flow described above, and therefore are not described herein again.
Fig. 7 is a block diagram of another user service using apparatus shown in this specification according to an exemplary embodiment, and the apparatus may also be applied to the electronic device shown in fig. 5 to implement the technical solution of this specification. The apparatus 700 comprises:
a second obtaining module 701, configured to obtain a calculation process, which is uploaded by a server corresponding to any target collaboration party of the multiple collaboration parties and is specified by a user to perform privacy calculation on data maintained by at least some collaboration parties of the multiple collaboration parties; wherein the computing process comprises a computing process composed of at least one functional operator specified by the user in relation to the private computation;
a second parsing module 702, configured to obtain a data security requirement of the data maintained by the at least part of collaboration participants, select, from an instantiation operator library associated with the privacy computation, at least one instantiation operator corresponding to the at least one functional operator that meets the data security requirement, and generate, based on the at least one instantiation operator, an instantiation computation process corresponding to the computation process;
the second generating module 703 is configured to create an intelligent contract that includes the private computing logic corresponding to the instantiated computing process, and deploy the created intelligent contract to a blockchain network that is interfaced with the data collaboration platform, so as to be invoked by the user.
The specific details of the modules of the apparatus 700 are described in detail in the method flow described above, and therefore are not described herein again.
Correspondingly, the present specification also provides an electronic device, which includes a processor; a memory for storing processor-executable instructions; wherein the processor is configured to implement the steps of all of the method flows described previously.
Accordingly, the present specification also provides a computer readable storage medium having executable instructions stored thereon; wherein the instructions, when executed by a processor, implement steps of all of the method flows previously described.
For the device embodiment, since it basically corresponds to the method embodiment, reference may be made to the partial description of the method embodiment for relevant points. The above-described embodiments of the apparatus are merely illustrative, wherein the modules described as separate parts may or may not be physically separate, and the parts displayed as modules may or may not be physical modules, may be located in one place, or may be distributed on a plurality of network modules. Some or all of the modules can be selected according to actual needs to achieve the purpose of the solution in the specification. One of ordinary skill in the art can understand and implement it without inventive effort.
The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. A typical implementation device is a computer, which may take the form of a personal computer, laptop computer, cellular telephone, camera phone, smart phone, personal digital assistant, media player, navigation device, email messaging device, game console, tablet computer, wearable device, or a combination of any of these devices.
In a typical configuration, a computer includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Disks (DVD) or other optical storage, magnetic cassettes, magnetic disk storage, quantum memory, graphene-based storage media or other magnetic storage devices, or any other non-transmission medium, that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising a … …" does not exclude the presence of another identical element in a process, method, article, or apparatus that comprises the element.
The foregoing description has been directed to specific embodiments of this disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
The terminology used in the description of the one or more embodiments is for the purpose of describing the particular embodiments only and is not intended to be limiting of the description of the one or more embodiments. As used in one or more embodiments of the present specification and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It should be understood that although the terms first, second, third, etc. may be used in one or more embodiments of the present description to describe various information, such information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of one or more embodiments herein. The word "if," as used herein, may be interpreted as "at … …" or "at … …" or "in response to a determination," depending on the context.
The above description is only for the purpose of illustrating the preferred embodiments of the one or more embodiments of the present disclosure, and is not intended to limit the scope of the one or more embodiments of the present disclosure, and any modifications, equivalent substitutions, improvements, etc. made within the spirit and principle of the one or more embodiments of the present disclosure should be included in the scope of the one or more embodiments of the present disclosure.

Claims (20)

1. A privacy computation method based on multi-party collaboration is characterized in that a data collaboration platform based on a block chain is connected with a plurality of collaboration participants; the method is applied to a server corresponding to any target collaboration party in the multiple collaboration parties; wherein the plurality of collaboration participants respectively maintain data for participating in privacy calculations; the method comprises the following steps:
obtaining a computing process specified by a user and used for carrying out privacy computation on data maintained by at least part of the plurality of cooperation participants; wherein the computing process comprises a computing process composed of at least one functional operator specified by the user in relation to the private computation;
acquiring data security requirements of data maintained by at least part of collaboration participants, selecting at least one instantiation operator corresponding to at least one functional operator and meeting the data security requirements from an instantiation operator library related to the privacy computation, and generating an instantiation computation process corresponding to the computation process based on the at least one instantiation operator;
and creating an intelligent contract containing private computing logic corresponding to the instantiated computing process, and deploying the created intelligent contract into a blockchain network interfaced with the data collaboration platform for the user to call.
2. The method of claim 1, obtaining a user-specified computational flow for privacy calculations for data maintained by at least some of the plurality of collaboration participants, comprising:
and outputting the functional operator library related to the privacy calculation to the user through a user client corresponding to the target cooperative participant, acquiring at least one functional operator selected by the user in the output functional operator library, and generating a calculation flow for performing the privacy calculation on data maintained by at least part of the cooperative participants in the plurality of cooperative participants based on the at least one functional operator.
3. The method of claim 2, wherein the functional operator library is output to the user through a user client corresponding to the target collaboration party, at least one functional operator selected by the user in the output functional operator library is obtained, and a computation flow for performing privacy computation on data maintained by at least part of the collaboration parties in the plurality of collaboration parties is generated based on the at least one functional operator, and the computation flow comprises:
outputting a calculation process planning interface to the user through a user client corresponding to the target cooperation party; wherein the computing process planning interface comprises the functional operator library;
acquiring at least one functional operator selected from the functional operator library by the user in the calculation flow planning interface, and a logic sequence appointed for the at least one functional operator in the calculation flow planning interface;
generating a computational flow for performing privacy calculations on data maintained by at least some of the plurality of collaboration participants based on the at least one functional operator and a logical order specified for the at least one functional operator.
4. The method of claim 3, the computing flow comprising a DAG graph structure comprised of the at least one functional operator.
5. The method of claim 1, obtaining data security requirements for data maintained by the at least some collaboration participants for, comprising:
acquiring a data security policy configured by the at least part of cooperation participants for the data maintained by the cooperation participants;
determining data security requirements for data maintained by the at least partially collaborative participant based on the data security policy.
6. The method of claim 5, the data security policy comprising a combination of one or more of:
a security level configured for the data;
a security protection level configured for the data;
data trust relationships with other collaboration participants;
accordingly, the data security requirements include one or a combination of more of the following:
determining whether to allow the data to be exported out of the security requirement of the data domain in which the data is located based on the security level;
determining, based on the security protection level, whether to allow a security requirement for data desensitization processing of the data and privacy computation results for the data;
and determining whether to allow the data to be aggregated with the data maintained by other cooperative participants based on the data trust relationship.
7. The method of claim 1, wherein the data collaboration platform deploys a process planning component in a distributed manner on the server corresponding to the plurality of collaboration participants; the instantiation operator libraries are respectively maintained on the server sides corresponding to the multiple cooperation participants;
obtaining data security requirements of data maintained by at least part of collaboration participants, selecting at least one instantiation operator corresponding to at least one functional operator from an instantiation operator library related to the privacy computation, wherein the instantiation operator meets the data security requirements, and generating an instantiation computation process corresponding to the computation process based on the at least one instantiation operator, wherein the data security requirements of the data maintained by the at least part of collaboration participants comprise:
calling the flow planning component, acquiring data security requirements of the data maintained by at least part of the cooperation participants, selecting at least one instantiation operator corresponding to the at least one functional operator and meeting the data security requirements from the instantiation operator library maintained locally, and generating an instantiation calculation flow corresponding to the calculation flow based on the at least one instantiation operator.
8. The method of claim 7, the instantiation operator library comprising a number of instantiation operators and data security requirements corresponding to the instantiation operators;
selecting at least one instantiation operator corresponding to the at least one functional operator from the instantiation operator library, which satisfies the data security requirement, comprising:
searching at least one instantiation operator corresponding to the at least one functional operator in the instantiation operator library;
matching the data security requirement of the data maintained by the at least part of cooperation participants aiming at the cooperation participants with the data security requirement corresponding to the at least one instantiation operator;
based on the matching result, selecting an instantiation operator from the at least one instantiation operator that matches the data security requirements of the data maintained by the at least partial collaboration party for the instantiation operator.
9. The method of claim 8, the instantiation operator comprising an operator implemented based on private computing techniques supported by the data collaboration platform and the collaboration participant.
10. The method of claim 9, the instantiation operator comprising a combination of one or more of:
instantiation operators implemented based on TEE;
an instantiation operator realized based on MPC;
instantiation operators based on TL implementation.
11. The method of claim 1, generating an instantiated computing process corresponding to the computing process based on the at least one instantiation operator, comprising:
generating a plurality of instantiated computing processes based on the at least one instantiation operator;
and outputting and displaying the plurality of instantiated calculation flows to the user so that the user selects the instantiated calculation flow corresponding to the calculation flow from the plurality of instantiated calculation flows.
12. The method of claim 1, wherein the data collaboration platform deploys intelligent contract management components in a distributed manner on the servers corresponding to the plurality of collaboration participants;
creating an intelligent contract containing private computing logic corresponding to the instantiated computing process, and deploying the created intelligent contract into a blockchain network interfacing with the data collaboration platform, including:
calling the intelligent contract management component, generating an execution code related to the privacy computation logic corresponding to the instantiation computation process, and compiling the generated execution code into an intelligent contract code;
deploying an intelligent contract comprising the intelligent contract code in a blockchain network that interfaces with the data collaboration platform.
13. The method of claim 12, private computing logic corresponding to the instantiated computing process, comprising computing scheduling logic corresponding to the instantiated computing process; wherein the computational scheduling logic is to perform computational scheduling for the at least one instantiation operator to complete privacy computations for data maintained by the at least partially collaborative participant.
14. The method of claim 1, the plurality of collaboration participants comprising a plurality of data centers distributed over different geographies.
15. The method of claim 1, the data collaboration platform comprising a blockchain services platform corresponding to the blockchain network.
16. A privacy computation method based on multi-party collaboration is applied to a data collaboration platform based on a block chain; wherein the data collaboration platform interfaces with a plurality of collaboration participants; the plurality of collaboration participants maintain data for participating in privacy calculations, respectively; the method comprises the following steps:
acquiring a calculation process which is uploaded by a server corresponding to any target cooperation party in the plurality of cooperation parties and is specified by a user to perform privacy calculation on at least part of data maintained by the cooperation parties; wherein the computing process comprises a computing process composed of at least one functional operator specified by the user in relation to the private computation;
acquiring data security requirements of data maintained by at least part of collaboration participants, selecting at least one instantiation operator corresponding to at least one functional operator and meeting the data security requirements from an instantiation operator library related to the privacy computation, and generating an instantiation computation process corresponding to the computation process based on the at least one instantiation operator;
and creating an intelligent contract containing private computing logic corresponding to the instantiated computing process, and deploying the created intelligent contract into a blockchain network interfaced with the data collaboration platform for the user to call.
17. A privacy computation device based on multi-party collaboration is characterized in that a data collaboration platform based on a block chain is used for interfacing a plurality of collaboration participants; the device is applied to a server corresponding to any target collaboration party in the multiple collaboration parties; wherein the plurality of collaborative participants have respectively maintained data for participating in privacy calculations; the device comprises:
the first acquisition module is used for acquiring a calculation process which is specified by a user and used for carrying out privacy calculation on data maintained by at least part of the plurality of cooperation participants; wherein the computing process comprises a computing process composed of at least one functional operator specified by the user in relation to the private computation;
the first generation module is used for acquiring data security requirements of data maintained by at least part of collaboration participants, selecting at least one instantiation operator corresponding to at least one functional operator and meeting the data security requirements from an instantiation operator library related to the privacy computation, and generating an instantiation computation process corresponding to the computation process based on the at least one instantiation operator;
and the first deployment module is used for creating an intelligent contract containing private computing logic corresponding to the instantiated computing process and deploying the created intelligent contract into a blockchain network in butt joint with the data collaboration platform so as to be called by the user.
18. A privacy computing device based on multi-party collaboration, the device is applied to a data collaboration platform based on a block chain; wherein the data collaboration platform interfaces a plurality of collaboration participants; the plurality of cooperative participants maintain data for participating in privacy calculations, respectively; the device comprises:
the second acquisition module is used for acquiring a calculation process which is uploaded by a server corresponding to any target collaboration party in the multiple collaboration parties and is specified by a user to carry out privacy calculation on at least part of data maintained by the collaboration parties in the multiple collaboration parties; wherein the computing process comprises a computing process composed of at least one functional operator specified by the user in relation to the private computation;
the second generation module is used for acquiring data security requirements of data maintained by at least part of collaboration participants, selecting at least one instantiation operator corresponding to at least one functional operator and meeting the data security requirements from an instantiation operator library related to the privacy computation, and generating an instantiation computation process corresponding to the computation process based on the at least one instantiation operator;
and the second deployment module is used for creating an intelligent contract containing private computing logic corresponding to the instantiated computing process and deploying the created intelligent contract into a blockchain network in butt joint with the data collaboration platform so as to be called by the user.
19. An electronic device, comprising:
a processor;
a memory for storing processor-executable instructions;
wherein the processor implements the method of any one of claims 1-16 by executing the executable instructions.
20. A computer readable storage medium having stored thereon computer instructions which, when executed by a processor, carry out the steps of the method according to any one of claims 1-16.
CN202210872158.2A 2022-07-22 2022-07-22 Privacy calculation method and device based on multi-party cooperation Pending CN115270202A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202210872158.2A CN115270202A (en) 2022-07-22 2022-07-22 Privacy calculation method and device based on multi-party cooperation
PCT/CN2022/135217 WO2024016549A1 (en) 2022-07-22 2022-11-30 Multi-party collaboration-based privacy computing method and apparatus

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210872158.2A CN115270202A (en) 2022-07-22 2022-07-22 Privacy calculation method and device based on multi-party cooperation

Publications (1)

Publication Number Publication Date
CN115270202A true CN115270202A (en) 2022-11-01

Family

ID=83768121

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210872158.2A Pending CN115270202A (en) 2022-07-22 2022-07-22 Privacy calculation method and device based on multi-party cooperation

Country Status (2)

Country Link
CN (1) CN115270202A (en)
WO (1) WO2024016549A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116257303A (en) * 2023-05-04 2023-06-13 支付宝(杭州)信息技术有限公司 Data security processing method and device, storage medium and electronic equipment
WO2024016549A1 (en) * 2022-07-22 2024-01-25 蚂蚁区块链科技(上海)有限公司 Multi-party collaboration-based privacy computing method and apparatus

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110335037A (en) * 2019-04-19 2019-10-15 矩阵元技术(深圳)有限公司 Method of commerce, device and the storage medium calculated based on block chain and Secure
CN110298190A (en) * 2019-04-19 2019-10-01 矩阵元技术(深圳)有限公司 Decentralization Secure data processing method, device and storage medium
CN110414272A (en) * 2019-08-08 2019-11-05 北京芯际科技有限公司 A kind of block chain method for secret protection calculated based on Secure
US11695543B2 (en) * 2019-08-22 2023-07-04 Myndshft Technologies, Inc. Blockchain network control system and methods
CN115270202A (en) * 2022-07-22 2022-11-01 蚂蚁区块链科技(上海)有限公司 Privacy calculation method and device based on multi-party cooperation

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2024016549A1 (en) * 2022-07-22 2024-01-25 蚂蚁区块链科技(上海)有限公司 Multi-party collaboration-based privacy computing method and apparatus
CN116257303A (en) * 2023-05-04 2023-06-13 支付宝(杭州)信息技术有限公司 Data security processing method and device, storage medium and electronic equipment
CN116257303B (en) * 2023-05-04 2023-08-15 支付宝(杭州)信息技术有限公司 Data security processing method and device, storage medium and electronic equipment

Also Published As

Publication number Publication date
WO2024016549A1 (en) 2024-01-25

Similar Documents

Publication Publication Date Title
CN115270202A (en) Privacy calculation method and device based on multi-party cooperation
CN110032599B (en) Data structure reading and updating method and device, and electronic equipment
CN115269683A (en) Data query method and device based on multi-party cooperation
Pokahr et al. The active components approach for distributed systems development
KR20180129850A (en) Method and device for outputting risk information and building risk information
CN112395483B (en) Page rendering method and device based on tree structure
CN108345511A (en) A kind of application data verification method, device and electronic equipment
US20170147332A1 (en) System and method for providing supplemental functionalities to a computer program
US8769439B2 (en) Method for creation, management, and presentation of user-scoped navigation topologies for web applications
CN108664644A (en) A kind of question answering system construction method, question and answer processing method and processing device
CN109710613A (en) Management method, device, server and the storage medium of field
US8296725B2 (en) Framework for variation oriented analysis for service-oriented architecture
US10776180B1 (en) Expression-based feature toggle in an application programming interface (API)
US20200152336A1 (en) Automated personalized annotation of clinical guidelines
WO2021063104A1 (en) Method and apparatus for constructing knowledge graph
Scott Fast Track UML 2.0
US11093566B2 (en) Router based query results
US20180107723A1 (en) Content oriented analysis of dumps
US20220358237A1 (en) Secure data analytics
US20190005213A1 (en) Automated authentication and access
US11790263B2 (en) Program synthesis using annotations based on enumeration patterns
US9886520B2 (en) Exposing relationships between universe objects
CN110837367B (en) User interface processing method and device and electronic equipment
US10540187B2 (en) User-initiated dynamic data application programming interface creation
US20200175051A1 (en) Breaking down a high-level business problem statement in a natural language and generating a solution from a catalog of assets

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination