CN115292729A - Privacy-protecting multi-party data processing method, device and equipment - Google Patents
Privacy-protecting multi-party data processing method, device and equipment Download PDFInfo
- Publication number
- CN115292729A CN115292729A CN202210871917.3A CN202210871917A CN115292729A CN 115292729 A CN115292729 A CN 115292729A CN 202210871917 A CN202210871917 A CN 202210871917A CN 115292729 A CN115292729 A CN 115292729A
- Authority
- CN
- China
- Prior art keywords
- data
- condition
- field
- field value
- statistical
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/22—Indexing; Data structures therefor; Storage structures
- G06F16/2228—Indexing structures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
- G06F16/2458—Special types of queries, e.g. statistical queries, fuzzy queries or distributed queries
- G06F16/2462—Approximate or statistical queries
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Software Systems (AREA)
- Health & Medical Sciences (AREA)
- Databases & Information Systems (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Data Mining & Analysis (AREA)
- Probability & Statistics with Applications (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computational Linguistics (AREA)
- Mathematical Physics (AREA)
- Fuzzy Systems (AREA)
- Medical Informatics (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the invention provides a privacy-protecting multi-party data processing method, a device and equipment, relating to the technical field of data processing and having the following scheme: obtaining information of each second field value of identification fields in second table data stored in second equipment, and determining a first data row with the first field value being the same as the second field value; splitting a third field value of a condition field in the first data row to obtain a first data fragment and a second data fragment; generating a ciphertext condition of the data statistical condition; sending the ciphertext condition, the second data fragment and the condition field to the second device, so that the second device splits the fourth field value to obtain a third data fragment and a fourth data fragment; receiving a third data fragment and a second statistical result; counting the first data fragment and the third data fragment to obtain a first counting result; and determining a third data line according to the first statistical result and the second statistical result to obtain a combined statistical result. The privacy disclosure can be reduced by applying the scheme.
Description
Technical Field
The present invention relates to the field of data processing technologies, and in particular, to a privacy-protected multiparty data processing method, apparatus, and device.
Background
In a scenario where multiple devices work in conjunction, different devices may store different table data. Since the table data stored in each device is not completely the same, when performing data statistics on the table data stored in multiple devices in a combined manner, the table data stored in each device needs to be combined to complete data statistics together.
However, table data stored in each device relates to a large amount of privacy information, and in order to reduce leakage of privacy information, a scheme suitable for joint data processing of multiple devices needs to be provided.
Disclosure of Invention
The embodiment of the invention aims to provide a multi-party data processing method, a multi-party data processing device and multi-party data processing equipment for privacy protection, so as to reduce the risk of privacy disclosure in the data processing process. The specific technical scheme is as follows:
the embodiment of the invention provides a privacy-protecting multi-party data processing method, which is applied to first equipment and comprises the following steps:
obtaining information of each second field value of an identification field in second table data stored in second equipment, wherein the identification field is a field existing in both the second table data and first table data stored in first equipment;
determining a first data row of which the first field value of the identification field in the first table data is the same as the second field value in the second table data according to the obtained information of the second field value;
splitting a third field value of a condition field in a data statistical condition in a first data row to obtain a first data fragment and a second data fragment;
generating a ciphertext condition of the data statistical condition;
sending the ciphertext condition, the second data fragment and the condition field existing in the second table data to the second device, so that the second device splits a fourth field value of the condition field in the second table data to obtain a third data fragment and a fourth data fragment;
receiving a third data fragment and a second statistical result fed back by the second device, wherein the second statistical result is as follows: the second equipment counts whether the second data fragment and the fourth data fragment meet the statistical result of the ciphertext condition or not;
whether the first data fragment and the third data fragment meet ciphertext conditions or not is counted to obtain a first statistical result;
determining a third data row which meets the data statistical condition in the second table data according to the first statistical result and the second statistical result;
and obtaining information of the field value of the result field in the data statistical condition in the third data row from the second equipment to obtain a joint statistical result aiming at the data statistical condition.
The embodiment of the invention also provides a privacy-protecting multi-party data processing method, which is applied to second equipment and comprises the following steps:
sending information of each second field value of the identification field in second table data stored in the second equipment to the first equipment;
receiving a ciphertext condition of the data statistics condition, a second data fragment and a condition field of the data statistics condition in second table data, wherein the ciphertext condition of the data statistics condition, the second data fragment and the condition field of the data statistics condition exist in the second table data are sent by the first device, and the second data fragment is as follows: splitting a third field value of a condition field in the data statistical condition in the first data row to obtain data fragments, wherein the first data row is as follows: the data rows are provided with identification fields, wherein the first field value of the identification fields in the first table data is the same as the second field value in the second data rows, and the identification fields are fields existing in both the second table data and the first table data stored in the first equipment;
splitting a fourth field value of the condition field in the second table data to obtain a third data fragment and a fourth data fragment;
whether the second data fragment and the fourth data fragment meet the ciphertext condition or not is counted to obtain a second statistical result;
sending a third data fragment and a second statistical result to the first device, so that the first device can perform statistics on whether the first data fragment and the third data fragment meet ciphertext conditions or not to obtain a first statistical result, and determining a third data row in the second table data, which meets the data statistical conditions, according to the first statistical result and the second statistical result;
a result field to obtain a statistical condition from the first device;
and sending the information of the field value of the result field to the first equipment, so that the first equipment obtains a joint statistical result aiming at the data statistical condition according to the information of the field value of the result field in the data statistical condition in the third data row.
The embodiment of the invention also provides a privacy-protecting multi-party data processing device, which is applied to the first equipment, and comprises the following components:
the information acquisition module is used for acquiring information of each second field value of an identification field in second table data stored in second equipment, wherein the identification field is a field existing in both the second table data and first table data stored in first equipment;
the first data row determining module is used for determining a first data row with the same first field value of the identification field in the first table data and the same second field value in the second table data according to the obtained information of the second field value;
the first splitting module is used for splitting a third field value of a condition field in the data statistical condition in the first data row to obtain a first data fragment and a second data fragment;
the ciphertext condition generating module is used for generating ciphertext conditions of the data statistical conditions;
the first sending module is used for sending the ciphertext condition, the second data fragment and the condition field existing in the second table data to the second device, so that the second device splits a fourth field value of the condition field in the second table data to obtain a third data fragment and a fourth data fragment;
a first receiving module, configured to receive a third data fragment and a second statistical result fed back by a second device, where the second statistical result is: the second equipment counts whether the second data fragment and the fourth data fragment meet the counting result of the ciphertext condition or not;
the first statistical module is used for counting whether the first data fragment and the third data fragment meet the ciphertext condition or not to obtain a first statistical result;
the data row determining module is used for determining a third data row which meets the data statistical conditions in the second table data according to the first statistical result and the second statistical result;
and the joint statistical module is used for obtaining the information of the field value of the result field in the data statistical condition in the third data row from the second equipment to obtain a joint statistical result aiming at the data statistical condition.
The embodiment of the invention also provides a privacy-protecting multi-party data processing device, which is applied to second equipment, and comprises:
the information sending module is used for sending information of each second field value of the identification field in the second table data stored in the second equipment to the first equipment;
a second receiving module, configured to receive a ciphertext condition of the data statistics condition, a second data fragment, and a condition field of the data statistics condition existing in second table data, where the second data fragment is: splitting a third field value of a condition field in the data statistical condition in the first data row to obtain data fragments, wherein the first data row is as follows: the data rows are provided with identification fields, wherein the first field value of the identification fields in the first table data is the same as the second field value in the second data rows, and the identification fields are fields existing in both the second table data and the first table data stored in the first equipment;
the second splitting module is used for splitting a fourth field value of the condition field in the second table data to obtain a third data fragment and a fourth data fragment;
the second statistical module is used for counting whether the second data fragment and the fourth data fragment meet the ciphertext condition or not to obtain a second statistical result;
the second sending module is used for sending the third data fragment and the second statistical result to the first device so that the first device can count whether the first data fragment and the third data fragment meet the ciphertext condition to obtain a first statistical result, and determining a third data row which meets the data statistical condition in the second tabular data according to the first statistical result and the second statistical result;
a result field obtaining module, configured to obtain a result field of the statistical condition from the first device;
and the third sending module is used for sending the information of the field value of the result field to the first equipment, so that the first equipment obtains a joint statistical result aiming at the data statistical condition according to the information of the field value of the result field in the data statistical condition in the third data row.
The embodiment of the invention also provides electronic equipment which comprises a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory complete mutual communication through the communication bus;
a memory for storing a computer program;
and the processor is used for realizing the steps of the privacy-protecting multi-party data processing method when the program stored on the memory is executed.
An embodiment of the present invention further provides a computer-readable storage medium, where a computer program is stored in the computer-readable storage medium, and when the computer program is executed by a processor, the method for processing multi-party data with privacy protection as described above is implemented.
Embodiments of the present invention further provide a computer program product containing instructions, which when run on a computer, cause the computer to perform any of the above described privacy-preserving multi-party data processing method steps.
The embodiment of the invention has the following beneficial effects:
in the solution provided in the embodiment of the present invention, the first device performing statistics obtains the joint statistical result through the statistical results of the third data fragment and the first data fragment, and the second data fragment and the fourth data fragment without directly obtaining the table data on the second device. When statistics is carried out, the first device acquires the data fragment of the second device, the data fragment comprises split partial recovery information instead of complete recovery information, and cannot be used for directly obtaining the field value of the form data in the second device, namely the first device does not acquire actual form data on the second device, so that the acquisition of the first device to the data of other devices in the statistical process is reduced, and the risk of privacy disclosure in the data statistical process is reduced.
In the process, each data fragment is obtained by splitting the field value of the first table data and the field value of the second table data, and the data fragments are adopted for statistics, which is equivalent to the statistics of the first table data and the second table data of a plaintext according to data statistics conditions.
Of course, not all of the advantages described above need to be achieved at the same time in the practice of any one product or method of the invention.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other embodiments can be obtained by referring to these drawings.
Fig. 1 is a flowchart illustrating a first privacy-preserving multiparty data processing method according to an embodiment of the present invention.
Fig. 2 is a flowchart illustrating a second privacy-preserving multi-party data processing method according to an embodiment of the present invention.
Fig. 3 is a signaling flowchart of a first privacy-preserving multiparty data processing method according to an embodiment of the present invention.
Fig. 4 is a schematic structural diagram of a first privacy-preserving multi-party data processing apparatus according to an embodiment of the present invention.
Fig. 5 is a schematic structural diagram of a second privacy-preserving multi-party data processing apparatus according to an embodiment of the present invention.
Fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived from the embodiments given herein by one of ordinary skill in the art, are within the scope of the invention.
The following describes an execution body of an embodiment of the present invention.
The first device is a device that needs to perform data processing and obtain a processing result of the data processing, for example, a device that needs to obtain a statistical result when data statistics is performed. Accordingly, the second device is a participating device of the data processing process, provides data to support data processing, and does not need to obtain the processing result.
In the embodiment of the present invention, a plurality of second devices may exist, and data processing may be performed between each second device and the first device according to the steps of the subsequent embodiments.
The first device and the second device may be various types of electronic devices, such as a desktop computer, a server, and the like.
In order to reduce private information leakage generated when multiple devices perform data processing jointly, embodiments of the present invention provide a privacy-protected multiparty data processing method, apparatus, device, and storage medium.
In an embodiment of the present invention, referring to fig. 1, a flowchart of a first privacy-preserving multi-party data processing method is provided, which is applied to a first device, and includes the following steps S101 to S109.
Step S101: and obtaining information of each second field value of the identification field in the second table data stored in the second equipment, wherein the identification field is a field existing in both the second table data and the first table data stored in the first equipment.
The identification field is a field shared by the second table data and the first table data, and is used for indicating an object to which the table data belongs, for example, the object may be a user, that is, different field values under the identification field may uniquely correspond to different users, and indicate users to which data rows in which the field values belong respectively belong.
For example, in the examples shown in table 1 and table 2 below, the id (identity document) field is an identification field.
TABLE 1
| id | Sex | Age (age) |
| 1 | 0 | 34 |
| 2 | 1 | 40 |
| 3 | 1 | 32 |
| 4 | 0 | 53 |
| 5 | 0 | 42 |
TABLE 2
| id | Amount of consumption | Number of consumption | vip information |
| 1 | 400 | 4 | 0 |
| 4 | 200 | 5 | 1 |
| 5 | 100 | 5 | 1 |
| 7 | 800 | 7 | 0 |
| 8 | 1000 | 19 | 0 |
Wherein, table 1 is the first table data, and table 2 is the second table data.
Fields of the first table data include id, gender, age; the field value of each row under the sex field is 0 or 1,0 to represent sex female, and 1 to represent sex male; the fields of the second table include id, amount of consumption, number of consumption, vip information, and a field value of 0 or 1,0 in each row under the vip information field indicates whether vip is present or not, and 1 indicates vip.
The information of each second field value is information generated from each field value under the identification field, for example, information generated from each field value <1,4,5,7,8> under the id field in table 2.
The information of the second field value may be identification information generated based on the second field value, and the original second field value is not included in the identification information. In one embodiment of the present invention, the information of the second field value may be pseudo random information generated from each second field value. The specific way of generating the pseudo-random information can be referred to as OPRF-PSI in the subsequent implementation, which is not detailed here. By adopting the mode, if an attacker exists in the pseudorandom information of the second field value sent to the first equipment by the second equipment, the second field value cannot be directly determined by intercepting the pseudorandom information, so that the privacy security of the second equipment is protected.
In another embodiment of the present invention, the information of the second field may also be a hash value obtained by performing a hash operation on each second field value.
Sending a field value directly from the second device to the first device results in the first device learning the data information stored on the second device. For example, a user of a first device may infer a user to which data stored on a second device belongs based on a field value under the identification field of the second device. The information of the second field value is sent instead according to the implementation manner, so that the first device cannot directly obtain the field value in the second device, and the privacy information of the second device is protected.
Step S102: and determining a first data row of the first table data, wherein the first field value of the identification field is the same as the second field value of the second table data, according to the obtained information of the second field value.
Comparing each first field value under the identification field with the information of the second field value, the first field value identical to the second field value can be determined, and the data line where the determined first field value is located is the first data line.
In one embodiment of the invention, the first data line may be determined as follows:
obtaining a first field value of an identification field in first table data; determining a first field value intersected with the second field value according to the obtained information of the second field value; and determining a data row of the determined first field value in the first table data as a first data row.
In one embodiment of the present invention, information of a first field value may be generated, and the information of the first field value is of the same type as that of information of a second field value. In this case, the same portion of the information of the first field value and the information of the second field value corresponds to an intersection of the first field value and the second field value. The objects to which the data rows in the first table and the second table corresponding to each field value in the intersection belong are consistent, for example, belong to the same user. In this case, only the data row corresponding to the identification field existing in the intersection is needed to be adopted in the subsequent condition statistics, and the first table data and the second table data corresponding to the identification field values outside the intersection are not needed to be subjected to data processing, so that the calculation resources required by the data statistics are reduced.
In the above process, the step of determining the first field value having an intersection with the second field value may be implemented in various ways, which is exemplified below.
In one implementation, the Intersection may be determined based on an OPRF-PSI (Oblivious Pseudo Random Function-Private Set Intersection) protocol. In this case, the information of the second field value is: pseudo random parameters output by the inadvertent pseudo random function with each second field value as an input parameter; the information of the first field is: and each first field value is taken as a pseudo-random parameter of an input parameter, and the pseudo-random parameter is output by the same accidental pseudo-random function.
In this case, the second field values and the pseudo-random parameters generated by the first field values are compared to obtain an intersection of the pseudo-random parameters, and the first field value corresponding to the pseudo-random parameter existing in the intersection is the first field value having the intersection with the second field value.
In another implementation manner, the information of the second field value is a hash value of each second field value. And performing hash operation on each first field value according to the same hash algorithm for obtaining the hash value of the second field value, comparing the obtained hash value of the first field value with the hash value of the second field value in pairs, wherein the first field value corresponding to the same hash value obtained by comparison is the first field value with the intersection of the second field value.
Step S103: and splitting a third field value of the condition field in the data statistical condition in the first data row to obtain a first data fragment and a second data fragment.
The data statistical conditions are as follows: the conditions for realizing the data statistics requirement of the first device correspond to the examples described in table 1 and table 2, for example, the data statistics conditions are: and counting the total consumption amount of the female population and the vip client.
The condition field is a field where a field value to be screened in the data statistical condition is located; the result field is a field in which a field value required for obtaining a statistical result is located. For example, the data statistics are: counting the total consumption amount of the female population which is a vip client, wherein the screening conditions are as follows: the field value under the "gender" field is 0 and the field value under the "vip information" field is 1; the result field is a "spending amount" field.
And splitting the third field value to obtain recovery information of the third field value, and randomly dividing the obtained recovery information into two groups, wherein the two groups of information are the first data fragment and the second data fragment.
In an embodiment of the present invention, the first data fragment and the second data fragment respectively include: and part of input parameters of the secret recovery function with the third field value as an output parameter.
In this case, the restoration information may be a split value of each third field value by splitting the third field value. The numerical relationship between any of the split values and the third field value is uncertain, and the split third field value can be restored by using a predetermined number of split values or more. In this case, the secret recovery function is a function for implementing the restoration process, and the split value is an input parameter of the secret recovery function.
The way of using the secret recovery function to achieve restoration corresponds to the way of splitting each data fragment, for example, the split value may be a solution of an n-order linear equation set constructed by taking the third field value as a parameter. According to the characteristics of the equation set, the equation set can be solved by the n split values, so that a third field value is obtained, and a secret recovery function is formed based on a calculation process for solving the equation set; on the contrary, if only n-1 split values exist, the equation set cannot be solved and a third field value is reduced, namely the preset number is n. In this case, the single split value is a solution to the system of equations, and the numerical relationship between the parameters of the system of equations is uncertain, i.e., the third field value cannot be determined from the single split value.
The first data fragments may include a number of split values smaller than the preset number, and following the above example, when the first data fragments are formed, it may be limited that each first data fragment includes at most n-1 split values, and each first data fragment cannot be used to restore the third field value.
The second data slice is similar to the first data slice, and differs from the first data slice only in the conceptual substitution of names for the second data slice, and is not described in detail here.
In this case, when the first device sends the data fragment to the second device, the data fragment does not contain any original table data, so that the privacy and security of the first device in the data transmission process are ensured.
In the embodiment of the present invention, splitting based on an n-th order linear equation is only an example, and similarly, splitting may also be performed in other manners such as performing an exclusive or operation on a third field value by using a random character string, which is not limited in the embodiment of the present invention.
Step S104: and generating a ciphertext condition of the data statistical condition.
The ciphertext condition is a statistical condition for performing data statistics on the split values in the data fragments, and the statistical condition and the data statistical condition have the same statistical mode. For example, if the data statistics condition is to sum up the field value a, and the corresponding generated ciphertext condition is an addition condition, the statistics method is as follows: and performing addition operation on the split values, wherein the obtained result is a statistical result on the data fragments.
Under the same statistical approach, the ciphertext condition may include: splitting a sub-relationship formed by an original numerical relationship in a data statistical condition randomly; for example, after the data statistics condition of a >10 is judged to be split, a plurality of ciphertext conditions of a > X can be formed, wherein X is a random number split by 10.
Thus, the ciphertext condition is random relative to the data statistical condition, and the second device cannot accurately infer the data statistical condition directly from the ciphertext condition when acquiring the ciphertext condition.
The specific ciphertext condition is generated based on an MPC (Multi-Party Secure computing) protocol, and plaintext information of the data statistics condition can be hidden by adopting the ciphertext condition for statistics, so that the data statistics process is safer. Therefore, when the ciphertext condition is used for statistics of each data fragment, the device for statistics cannot obtain the data statistics condition according to the ciphertext condition, condition hiding of the data statistics condition is achieved, if the data statistics condition has sensitive information of the first device, the sensitive information cannot be obtained by the second device, and information safety of the first device is guaranteed.
Step S105: the ciphertext condition, the second data fragment, and a condition field present within the second tabular data are transmitted to a second device.
After receiving the information sent by the first device, the second device may split a fourth field value of the condition field in the second table data to obtain a third data fragment and a fourth data fragment.
The information contained in the condition field only contains the field name, and does not contain data on the specific second device, so that the risk of privacy leakage is low.
Before executing the solution provided by the embodiment of the present invention, the first device may obtain the field name of the condition field of the second device in advance, and accordingly determine the condition field existing in the second table data from the data statistical condition.
In an embodiment of the present invention, the third data segment and the fourth data segment respectively include: and a part of input parameters of the secret recovery function with the fourth field value as an output parameter.
The specific splitting to obtain the third data fragment and the fourth data fragment is similar to the first data fragment and the second data fragment in step S103, and the difference is only that the third data fragment is conceptually replaced with the first data fragment, the second data fragment is conceptually replaced with the fourth data fragment, and the field values involved in the splitting are different: and the second equipment splits all field values under the condition field, and the first equipment splits the field value of the first data line under the condition field.
Therefore, when the second device sends the data fragment to the first device, the data fragment does not contain any table data, and therefore privacy and safety of the second device in the data transmission process are guaranteed.
Step S106: and receiving a third data fragment and a second statistical result fed back by the second device.
The second statistical result is: and the second equipment counts the statistical result of whether the second data fragment and the fourth data fragment meet the ciphertext condition.
The screening mode specified in the ciphertext condition may be an expression corresponding to the judgment logic representing the data statistical condition, and the expression may be generated based on a generation mode specified by the MPC protocol.
The expression may use split values belonging to the same identification field in the first data fragment and the third data fragment as input parameters to obtain output parameters, where the output parameters may be parameter values indicating whether the second data fragment and the fourth data fragment satisfy ciphertext conditions.
In step S102, an intersection of the first field value and the second field value is determined, a third field value and a fourth field value belonging to the same identification field in the first data fragment and the third data fragment may be determined according to a corresponding position relationship between the first data line and the second data line in the intersection, and a split value obtained by splitting the determined field values also belongs to the identification field. Compared with the way that the first device directly acquires the data line of the field value of the second device under the identification field in the intersection, only by adopting the position relation of the intersection, the field value information contained in the intersection is hidden, for example, the id information in the example shown in table 2 in table 1 includes the field value information in the second device, so that the information acquisition of the first device to the second device is reduced, and the risk of privacy disclosure of the second device is also reduced.
Step S107: and counting whether the first data fragment and the third data fragment meet the ciphertext condition or not to obtain a first statistical result.
The obtaining manner of the first statistical result is the same as the obtaining manner of the second statistical result in step S106, the difference is only that the first data fragment and the second data fragment, the third data fragment and the fourth data fragment, and the like are conceptually replaced, and the execution subject obtaining the first statistical result is the first device, which is not described in detail herein.
Step S108: and determining a third data row which meets the data statistical condition in the second table data according to the first statistical result and the second statistical result.
Since the secret recovery function can use the split value as an input parameter, the split value can be used as an input parameter. For example, the split value 1 and the split value 2 may be used as input parameters of the secret recovery function a, and the sum, the average, and other statistical results formed in other statistical manners of the split value 1 and the split value 2 may be the same as the split value types, or may also be used as input parameters.
The first statistical result and the second statistical result are the same as the split value number type, the first statistical result and the second statistical result are used as input parameters of the secret recovery function, and the obtained output parameters represent the statistical result of the plain text. In the process, the intersection of the first field value and the second field value obtained in the previous step is only used for providing a position relation, and ciphertext conditions rather than data statistical conditions are actually adopted during statistics, so that neither intersection information nor condition information of the data statistical conditions is exposed, and the safety of joint statistics is improved.
Step S109: and obtaining information of the field value of the result field in the data statistical condition in the third data row from the second equipment to obtain a joint statistical result aiming at the data statistical condition.
In the above process, the first device obtains information of all field values in the result field from the second device, and in this case, the second device does not know a specific field value that the first device needs to use to obtain the joint statistical result, and accordingly does not know how the data statistical condition filters the field values.
In one embodiment of the present invention, the joint statistics may be obtained as follows:
generating position information representing the position of the third data row in the second table data; obtaining information of a fifth field value of a result field in the second table data from the second device; and performing joint statistics based on the generated position information and the information of the fifth field value to obtain a joint statistical result aiming at the data statistical condition.
The position information may be represented by a vector, and a numerical sequence included in the vector corresponds to a data row sequence in the second table data, where a position where the third data row is located may be represented by 1 in the vector, and positions where other data rows than the third data row are located may be represented by 0. For example, in the examples shown in tables 1 and 2, the third data behavior of table 2: the id is 4,5 data line, the corresponding position information may be: <0,1,1,0,0>.
Similarly, the information of the fifth field value may be a vector representing all field values under the result field, and the numerical order in the vector also corresponds to the data row order in the second table data. For example, in the aforementioned table 2, information of the fifth field value may be represented as a spending amount vector <400, 200, 100, 800, 1000>.
The position information and the information of the fifth field value both correspond to the same data line data, in this case, the fifth field value corresponding to the position indicated by the value 1 in the vector may be determined, and a joint statistical result meeting the data statistical condition is obtained, in the embodiments of table 1 and table 2, the obtained joint statistical result is 300, that is, the total amount of the consumption amounts of the users with id 4 and id 5, which are women and vip, meets the data statistical condition. Therefore, the fifth field value meeting the statistical condition in the second table data can be obtained through the position information, and the data statistical result is obtained.
The position information and the information of the fifth field value may be split into data fragments in the manner shown in the foregoing step S103, and an MPC protocol is used to generate an expression of a ciphertext condition for calculating a joint statistical result, so as to perform statistics, which is similar to the foregoing steps S103-108 and will not be described in detail here. This can ensure correctness and privacy of the statistical process based on the MPC protocol.
In the solution provided in the embodiment of the present invention, the first device performing statistics obtains the joint statistical result through the statistical results of the third data fragment and the first data fragment, and the second data fragment and the fourth data fragment without directly obtaining the table data on the second device. When statistics is carried out, the first device acquires the data fragment of the second device, the data fragment comprises split partial recovery information instead of complete recovery information, and cannot be used for directly obtaining the field value of the form data in the second device, namely the first device does not acquire actual form data on the second device, so that the acquisition of the first device to the data of other devices in the statistical process is reduced, and the risk of privacy disclosure in the data statistical process is reduced.
In the process, each data fragment is obtained by splitting the field value of the first table data and the field value of the second table data, and the data fragments are adopted for statistics, which is equivalent to the statistics of the first table data and the second table data of a plaintext according to data statistics conditions.
In an embodiment of the present invention, referring to fig. 2, a flowchart of a second privacy-preserving multi-party data processing method is provided, which is applied to a second device, and the method includes the following steps S201 to S207.
Step S201: and sending information of each second field value of the identification fields in the second table data stored by the second device to the first device.
Step S202: and receiving a ciphertext condition of the data statistical condition, the second data fragment and a condition field of the data statistical condition existing in the second table data, which are sent by the first equipment.
The second data fragmentation is as follows: splitting a third field value of a condition field in the data statistical condition in the first data row to obtain data fragments, wherein the first data row is as follows: and identifying a data row of the first table data, wherein a first field value of the identification field is the same as a second field value in the second data row, and the identification field is a field existing in both the second table data and the first table data stored by the first device.
Step S203: and splitting a fourth field value of the condition field in the second table data to obtain a third data fragment and a fourth data fragment.
Step S204: and counting whether the second data fragment and the fourth data fragment meet the ciphertext condition to obtain a second statistical result.
Step S205: and sending the third data fragment and the second statistical result to the first device.
The first device counts whether the first data fragment and the third data fragment meet the ciphertext condition or not to obtain a first statistical result, and determines a third data row in the second table data, which meets the data statistical condition, according to the first statistical result and the second statistical result.
Step S206: a result field of the statistical condition is obtained from the first device.
Step S207: information of a field value of the result field is transmitted to the first device.
In this step, the first device obtains a joint statistical result for the data statistical condition according to the information of the field value of the result field in the data statistical condition in the third data row.
The concept of each name in steps S201-S207 is the same as that in steps S101-S109, and will not be described in detail here.
As can be seen from the above, when the second device participates in the data statistics process, the third data fragment and the second statistics result are sent to the first device, where specific data obtained when the data row is screened according to the data statistics condition is not included, and it can be known by combining with the foregoing embodiment of the first device that data included in the third data fragment and the second statistics result are both statistics results of split values or split values of field values, and do not include information of original field values, so that the acquisition of data of the second device by the first device in the data statistics process is minimized, and privacy information of the second device is included.
In an embodiment of the present invention, sending information of a field value of the result field to the first device, so that the first device obtains a joint statistical result for the data statistical condition according to the information of the field value of the result field in the data statistical condition in the third data row, includes:
generating information of a fifth field value of a result field in the second table data; and sending information of the fifth field value to the first equipment, so that the first equipment performs joint statistics based on the position characteristics and the information of the fifth field value to obtain a joint statistical result aiming at the data statistical condition.
The information of the fifth field value is generated, and the method of performing the joint statistics is referred to the step S109, which is not described in detail here.
In this case, the first device may obtain, through the location information, a fifth field value in the second table data that meets the statistical condition, and obtain a data statistical result.
The following describes the overall flow of privacy-preserving multiparty data processing by the embodiment shown in fig. 3.
In one embodiment of the present invention, referring to fig. 3, a signaling flow diagram of a privacy-preserving multiparty data processing method is provided. For convenience of explanation, the data processing is performed in this embodiment using the above tables 1 and 2.
Wherein, the id column extracted in step S301 is the first field value under the identification field. Because the first device holds the data statistical conditions, the field values meeting the conditions can be selected in advance by adopting the data statistical conditions during extraction, and the calculation amount of intersection solving in the subsequent steps is reduced. For example, if the data statistics condition is that the total amount of consumption of the female population is counted and the vip client, the first device may pre-select the first field value of sex =0 from table 1, i.e., id =1,4, 5.
The id column extracted in step S302 is a second field value under the identification field of the second table data.
Step S303 runs the PSI protocol, the first device may set an implementation for determining an intersection of the first field value and the second field value according to the PSI protocol, and step S304 is similar to step S303.
In step S305, the second device as the sender sends id information, i.e., information of the second field value, to the first device as the receiver;
the intersection vector of step S306 is obtained based on the intersection of the first field value and the second field value, and indicates the position of the data line in the second table data of the second field value in the intersection, see table 2, where the intersection is id =1,4,5, which is the first three rows in the second table data, and corresponds to the position where 1 appears in the vector <1,1,1,0,0 >.
Step S307: synchronizing information to the second device. The synchronized information includes a ciphertext condition, a condition field present within the second table data, and a result field.
Step S308 splits the data fragment to obtain a first data fragment and a second data fragment, step S309 splits the data fragment to obtain a third data fragment and a fourth data fragment, and exchanges the data fragments according to the MPC protocol to obtain a first statistical result and a second statistical result, as shown in steps S104 to S107.
The screening result obtained in step S310 is a third data line determined based on the first statistical result and the second statistical result, that is, the data line id =4 and 5 in table 2, and the corresponding position information is: <0,1,1,0,0>
The spending amount vector <400, 200, 100, 800, 1000> generated at step S311.
Based on the MPC protocol, the position information and the consumption amount vector are calculated, so as to obtain a joint statistical result, that is, the consumption amount of the user satisfying the data statistical condition according to step S312, and calculate the total consumption amount as 300 according to step S313.
Referring to fig. 3, if there are multiple devices and a data table on each device has a partial condition field in a data statistical condition, the first device and each second device may communicate according to the above procedure. The difference from the existence of one second device is that when the information is synchronized to the second device in S307, the synchronized condition field is different, and is a condition field actually possessed by the data table in each second device, and when the data fragments are split, if the first device and the second device have n total devices, and n >2, each device can split n data fragments, and send n-1 data fragments to the other n-1 devices, respectively, so that each device obtains a fragment statistical result according to the data fragments which are not sent by itself and the received data fragments, and then obtains a joint statistical result according to all fragment statistical results of the mobile phone of the first device. The specific implementation is the same as the previous embodiment and will not be described in detail here.
In correspondence with the above privacy-preserving multi-party data processing method, in an embodiment of the present invention, referring to fig. 4, a schematic structural diagram of a first privacy-preserving multi-party data processing apparatus is provided, where the apparatus includes:
an information obtaining module 401, configured to obtain information of each second field value of an identification field in second table data stored in a second device, where the identification field is a field existing in both the second table data and first table data stored in a first device;
a first data row determining module 402, configured to determine, according to the obtained information of the second field value, a first data row in which a first field value of the identification field in the first table data is the same as a second field value in the second table data;
a first splitting module 403, configured to split a third field value of a conditional field in a data statistics condition in a first data row to obtain a first data fragment and a second data fragment;
a ciphertext condition generating module 404, configured to generate a ciphertext condition of the data statistics condition;
a first sending module 405, configured to send the ciphertext condition, the second data fragment, and the condition field existing in the second table data to the second device, so that the second device splits a fourth field value of the condition field in the second table data to obtain a third data fragment and a fourth data fragment;
a first receiving module 406, configured to receive the third data fragment and a second statistical result fed back by the second device, where the second statistical result is: the second equipment counts whether the second data fragment and the fourth data fragment meet the counting result of the ciphertext condition or not;
the first statistics module 407 is configured to count whether the first data fragment and the third data fragment satisfy a ciphertext condition, so as to obtain a first statistics result;
a data row determining module 408, configured to determine, according to the first statistical result and the second statistical result, a third data row in the second table data that meets the data statistical condition;
the joint statistics module 409 is configured to obtain, from the second device, information of a field value of a result field in the data statistics condition in the third data row, and obtain a joint statistics result for the data statistics condition.
In the solution provided in the embodiment of the present invention, the first device performing statistics obtains the joint statistical result through the statistical results of the third data fragment and the first data fragment, and the second data fragment and the fourth data fragment without directly obtaining the table data on the second device. When the statistics is carried out, the first device acquires the data fragment of the second device, the data fragment comprises split partial recovery information instead of complete recovery information, and cannot be used for directly obtaining the field value of the table data in the second device, namely the first device does not acquire actual table data on the second device, so that the acquisition of the first device to the data of other devices in the statistics process is reduced, and the risk of privacy disclosure in the data statistics process is reduced.
In the process, each data fragment is obtained by splitting the field value of the first table data and the field value of the second table data, and the data fragments are adopted for statistics, which is equivalent to the statistics of the first table data and the second table data of a plaintext according to data statistics conditions.
In an embodiment of the present invention, the joint statistics module 409 is specifically configured to generate position information representing a position of the third data row in the second table data; obtaining information of a fifth field value of a result field in the second table data from the second device; and performing joint statistics based on the generated position information and the information of the fifth field value to obtain a joint statistical result aiming at the data statistical condition.
Therefore, the fifth field value meeting the statistical condition in the second table data can be obtained through the position information, and the data statistical result is obtained.
In an embodiment of the present invention, the first data row determining module 402 is specifically configured to obtain a first field value of an identification field in first table data; determining a first field value intersected with the second field value according to the obtained information of the second field value; and determining a data row of the determined first field value in the first table data as a first data row.
In this case, when performing conditional statistics subsequently, only the data row corresponding to the identifier field existing in the intersection is needed to be used, and the first table data and the second table data corresponding to the identifier field values outside the intersection are not needed to be processed, so that the computational resources required by data statistics are reduced.
In an embodiment of the present invention, the information of each second field value is: generating pseudo-random information according to each second field value;
or the like, or, alternatively,
the first data fragment and the second data fragment respectively comprise: partial input parameters of the secret recovery function with the second field value as the output parameters;
or the like, or, alternatively,
the third data segment and the fourth data segment respectively include: and a part of input parameters of the secret recovery function with the fourth field value as an output parameter.
By adopting the mode, if an attacker exists in the pseudorandom information of the second field value sent to the first equipment by the second equipment, the second field value cannot be directly determined by intercepting the pseudorandom information, so that the privacy and the safety of the first equipment are protected.
When the first device sends the data fragment to the second device, the data fragment does not contain any original table data, so that the privacy and safety of the first device in the data transmission process are ensured.
When the second device sends the data fragment to the first device, the data fragment does not contain any original table data, so that the privacy and safety of the second device in the data transmission process are ensured.
Referring to fig. 5, there is provided a schematic structural diagram of a second privacy-preserving multi-party data processing apparatus, applied to a second device, the apparatus including:
an information sending module 501, configured to send, to the first device, information of each second field value of the identification field in the second table data stored in the second device;
a second receiving module 502, configured to receive a ciphertext condition of the data statistics condition, a second data fragment, and a condition field of the data statistics condition existing in the second table data, where the second data fragment is: splitting a third field value of a condition field in the data statistical condition in the first data row to obtain data fragments, wherein the first data row is as follows: the data rows are provided with identification fields, wherein the first field value of the identification fields in the first table data is the same as the second field value in the second data rows, and the identification fields are fields existing in both the second table data and the first table data stored in the first equipment;
the second splitting module 503 is configured to split a fourth field value of the condition field in the second table data to obtain a third data fragment and a fourth data fragment;
the second statistical module 504 is configured to count whether the second data fragment and the fourth data fragment satisfy a ciphertext condition, so as to obtain a second statistical result;
a second sending module 505, configured to send the third data fragment and the second statistical result to the first device, so that the first device counts whether the first data fragment and the third data fragment satisfy a ciphertext condition, to obtain a first statistical result, and determines, according to the first statistical result and the second statistical result, a third data row in the second tabular data that satisfies the data statistical condition;
a result field obtaining module 506, configured to obtain a result field of the statistical condition from the first device;
the third sending module 507 is configured to send information of a field value of the result field to the first device, so that the first device obtains a joint statistical result for the data statistical condition according to the information of the field value of the result field in the data statistical condition in the third data row.
As can be seen from the above, when the second device participates in the data statistics process, the third data fragment and the second statistics result are sent to the first device, where specific data obtained when the data row is screened according to the data statistics condition is not included, and it can be known by combining with the foregoing embodiment of the first device that data included in the third data fragment and the second statistics result are both statistics results of split values or split values of field values, and do not include information of original field values, so that the acquisition of data of the second device by the first device in the data statistics process is minimized, and privacy information of the second device is included.
In an embodiment of the present invention, the third sending module 507 is specifically configured to: generating information of a fifth field value of a result field in the second table data; and sending the information of the fifth field value to the first equipment, so that the first equipment performs joint statistics based on the position characteristics and the information of the fifth field value to obtain a joint statistical result aiming at the data statistical condition.
In this case, the first device may obtain, through the location information, a fifth field value in the second table data that meets the statistical condition, and obtain a data statistical result.
An embodiment of the present invention further provides an electronic device, as shown in fig. 6, including a processor 601, a communication interface 602, a memory 603, and a communication bus 604, where the processor 601, the communication interface 602, and the memory 603 complete mutual communication through the communication bus 604,
a memory 603 for storing a computer program;
the processor 601 is configured to implement the multi-party data processing method applied to the privacy protection of the first device or the multi-party data processing method applied to the privacy protection of the second device in the foregoing embodiments when executing the program stored in the memory 603.
The communication bus mentioned in the electronic device may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The communication bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown, but this does not mean that there is only one bus or one type of bus.
The communication interface is used for communication between the electronic equipment and other equipment.
The Memory may include a Random Access Memory (RAM) or a Non-Volatile Memory (NVM), such as at least one disk Memory. Optionally, the memory may also be at least one memory device located remotely from the processor.
The Processor may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; but also Digital Signal Processors (DSPs), application Specific Integrated Circuits (ASICs), field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components.
In yet another embodiment provided by the present invention, a computer-readable storage medium is further provided, in which a computer program is stored, and the computer program, when executed by a processor, implements the foregoing embodiments of the multi-party data processing method applied to the privacy protection of the first device or the multi-party data processing method applied to the privacy protection of the second device.
In a further embodiment provided by the present invention, there is also provided a computer program product comprising instructions which, when run on a computer, cause the computer to perform the foregoing embodiments of the method for multi-party data processing with privacy protection applied to a first device or the method for multi-party data processing with privacy protection applied to a second device.
In the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, cause the processes or functions described in accordance with the embodiments of the invention to be performed in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, from one website site, computer, server, or data center to another website site, computer, server, or data center via wired (e.g., coaxial cable, fiber optic, digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device, such as a server, a data center, etc., that incorporates one or more of the available media. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., solid State Disk (SSD)), among others.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising a … …" does not exclude the presence of another identical element in a process, method, article, or apparatus that comprises the element.
All the embodiments in the present specification are described in a related manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on differences from other embodiments. In particular, as for the apparatus, device and storage medium embodiments, since they are substantially similar to the method embodiments, the description is relatively simple, and reference may be made to some descriptions of the method embodiments for relevant points.
The above description is only for the preferred embodiment of the present invention, and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention shall fall within the protection scope of the present invention.
Claims (10)
1. A privacy preserving multi-party data processing method applied to a first device, the method comprising:
obtaining information of each second field value of an identification field in second table data stored in second equipment, wherein the identification field is a field existing in both the second table data and first table data stored in first equipment;
determining a first data row of which the first field value of the identification field in the first table data is the same as the second field value in the second table data according to the obtained information of the second field value;
splitting a third field value of a condition field in the data statistical condition in the first data row to obtain a first data fragment and a second data fragment;
generating a ciphertext condition of the data statistical condition;
sending the ciphertext condition, the second data fragment and the condition field existing in the second table data to the second device, so that the second device splits a fourth field value of the condition field in the second table data to obtain a third data fragment and a fourth data fragment;
receiving a third data fragment and a second statistical result fed back by the second device, wherein the second statistical result is as follows: the second equipment counts whether the second data fragment and the fourth data fragment meet the counting result of the ciphertext condition or not;
whether the first data fragment and the third data fragment meet ciphertext conditions or not is counted to obtain a first statistical result;
determining a third data row which meets the data statistical condition in the second table data according to the first statistical result and the second statistical result;
and obtaining the information of the field value of the result field in the data statistical condition in the third data line from the second equipment to obtain a joint statistical result aiming at the data statistical condition.
2. The method of claim 1, wherein obtaining a field value of a result field in a data statistic in a third data row from the second device, and obtaining a joint statistic result for the data statistic comprises:
generating position information representing the position of the third data row in the second table data;
obtaining information of a fifth field value of a result field in the second table data from the second device;
and performing joint statistics based on the generated position information and the information of the fifth field value to obtain a joint statistical result aiming at the data statistical condition.
3. The method according to claim 1, wherein said determining a first data row of a first table data having a first field value of an identification field identical to a second field value of a second table data according to the obtained information of the second field value comprises:
obtaining a first field value of an identification field in first table data;
determining a first field value intersected with the second field value according to the obtained information of the second field value;
and determining a data row of the determined first field value in the first table data as a first data row.
4. The method according to any one of claims 1 to 3,
the information of each second field value is as follows: generating pseudo-random information according to each second field value;
or the like, or, alternatively,
the first data fragment and the second data fragment respectively comprise: partial input parameters of the secret recovery function with the third field value as the output parameters;
or the like, or, alternatively,
the third data segment and the fourth data segment respectively include: and a part of input parameters of the secret recovery function with the fourth field value as an output parameter.
5. A privacy preserving multi-party data processing method applied to a second device, the method comprising:
sending information of each second field value of the identification field in second table data stored by the second equipment to the first equipment;
receiving a ciphertext condition of the data statistics condition, a second data fragment and a condition field of the data statistics condition in second table data, wherein the ciphertext condition of the data statistics condition, the second data fragment and the condition field of the data statistics condition exist in the second table data are sent by the first device, and the second data fragment is as follows: splitting a third field value of a condition field in the data statistical condition in the first data row to obtain data fragments, wherein the first data row is as follows: the data rows are provided with identification fields, wherein the first field value of the identification fields in the first table data is the same as the second field value in the second data rows, and the identification fields are fields existing in both the second table data and the first table data stored in the first equipment;
splitting a fourth field value of the condition field in the second table data to obtain a third data fragment and a fourth data fragment;
whether the second data fragment and the fourth data fragment meet the ciphertext condition or not is counted to obtain a second statistical result;
sending a third data fragment and a second statistical result to the first device, so that the first device can perform statistics on whether the first data fragment and the third data fragment meet ciphertext conditions or not to obtain a first statistical result, and determining a third data row in the second table data, which meets the data statistical conditions, according to the first statistical result and the second statistical result;
a result field to obtain a statistical condition from the first device;
and sending the information of the field value of the result field to the first equipment, so that the first equipment obtains a joint statistical result aiming at the data statistical condition according to the information of the field value of the result field in the data statistical condition in the third data row.
6. The method of claim 5, wherein sending information of a field value of the result field to the first device, so that the first device obtains a joint statistical result for the data statistical condition according to the information of the field value of the result field in the data statistical condition in the third data row, comprises:
generating information of a fifth field value of a result field in the second table data;
and sending the information of the fifth field value to the first equipment, so that the first equipment performs joint statistics based on the position characteristics and the information of the fifth field value to obtain a joint statistical result aiming at the data statistical condition.
7. A privacy-preserving multi-party data processing apparatus for application to a first device, the apparatus comprising:
the information acquisition module is used for acquiring information of each second field value of an identification field in second table data stored in second equipment, wherein the identification field is a field existing in both the second table data and first table data stored in first equipment;
the first data row determining module is used for determining a first data row with the same first field value of the identification field in the first table data and the same second field value in the second table data according to the obtained information of the second field value;
the first splitting module is used for splitting a third field value of a condition field in the data statistical condition in the first data row to obtain a first data fragment and a second data fragment;
the ciphertext condition generating module is used for generating ciphertext conditions of the data statistical conditions;
the first sending module is used for sending the ciphertext condition, the second data fragment and the condition field existing in the second table data to the second device, so that the second device splits a fourth field value of the condition field in the second table data to obtain a third data fragment and a fourth data fragment;
a first receiving module, configured to receive a third data fragment and a second statistical result fed back by a second device, where the second statistical result is: the second equipment counts whether the second data fragment and the fourth data fragment meet the counting result of the ciphertext condition or not;
the first statistical module is used for counting whether the first data fragment and the third data fragment meet the ciphertext condition or not to obtain a first statistical result;
the data row determining module is used for determining a third data row which meets the data statistical conditions in the second table data according to the first statistical result and the second statistical result;
and the joint statistical module is used for obtaining the information of the field value of the result field in the data statistical condition in the third data line from the second equipment to obtain a joint statistical result aiming at the data statistical condition.
8. A privacy-preserving multi-party data processing apparatus, for application to a second device, the apparatus comprising:
the information sending module is used for sending information of each second field value of the identification field in the second table data stored in the second equipment to the first equipment;
a second receiving module, configured to receive a ciphertext condition of the data statistics condition, a second data fragment, and a condition field of the data statistics condition existing in second table data, where the second data fragment is: splitting a third field value of a condition field in a data statistical condition in a first data row to obtain data fragments, wherein the first data row is as follows: the data rows are provided with identification fields, wherein the first field value of the identification fields in the first table data is the same as the second field value in the second data rows, and the identification fields are fields existing in both the second table data and the first table data stored in the first equipment;
the second splitting module is used for splitting a fourth field value of the condition field in the second table data to obtain a third data fragment and a fourth data fragment;
the second statistical module is used for counting whether the second data fragment and the fourth data fragment meet the ciphertext condition or not to obtain a second statistical result;
the second sending module is used for sending the third data fragment and the second statistical result to the first equipment so that the first equipment can count whether the first data fragment and the third data fragment meet the ciphertext condition to obtain a first statistical result, and determining a third data row which meets the data statistical condition in the second table data according to the first statistical result and the second statistical result;
a result field obtaining module for obtaining a result field of the statistical condition from the first device;
and the third sending module is used for sending the information of the field value of the result field to the first equipment, so that the first equipment obtains a joint statistical result aiming at the data statistical condition according to the information of the field value of the result field in the data statistical condition in the third data row.
9. The electronic equipment is characterized by comprising a processor, a communication interface, a memory and a communication bus, wherein the processor and the communication interface are used for realizing the communication between the processor and the memory through the communication bus;
a memory for storing a computer program;
a processor for implementing the method steps of any of claims 1-4 or 5-6 when executing a program stored in the memory.
10. A computer-readable storage medium, characterized in that a computer program is stored in the computer-readable storage medium, which computer program, when being executed by a processor, carries out the method steps of any one of claims 1-4 or 5-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210871917.3A CN115292729A (en) | 2022-07-22 | 2022-07-22 | Privacy-protecting multi-party data processing method, device and equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210871917.3A CN115292729A (en) | 2022-07-22 | 2022-07-22 | Privacy-protecting multi-party data processing method, device and equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115292729A true CN115292729A (en) | 2022-11-04 |
Family
ID=83824043
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210871917.3A Pending CN115292729A (en) | 2022-07-22 | 2022-07-22 | Privacy-protecting multi-party data processing method, device and equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115292729A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116522402A (en) * | 2023-07-04 | 2023-08-01 | 深圳前海环融联易信息科技服务有限公司 | Customer identification method, device, equipment and medium based on privacy calculation |
-
2022
- 2022-07-22 CN CN202210871917.3A patent/CN115292729A/en active Pending
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116522402A (en) * | 2023-07-04 | 2023-08-01 | 深圳前海环融联易信息科技服务有限公司 | Customer identification method, device, equipment and medium based on privacy calculation |
| CN116522402B (en) * | 2023-07-04 | 2023-10-13 | 深圳前海环融联易信息科技服务有限公司 | Customer identification method, device, equipment and medium based on privacy calculation |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110457912B (en) | Data processing method and device and electronic equipment | |
| CN110414567B (en) | Data processing method and device and electronic equipment | |
| CN108900533B (en) | Shared data privacy protection method, system, terminal and medium | |
| CN108811519B (en) | System and method for establishing a link between identifiers without disclosing specific identification information | |
| KR101843340B1 (en) | Privacy-preserving collaborative filtering | |
| CN108734028B (en) | Data management method based on block chain, block chain link point and storage medium | |
| CN111125727B (en) | Confusion circuit generation method, prediction result determination method, device and electronic equipment | |
| Mandal et al. | Symmetric key image encryption using chaotic Rossler system | |
| CN110427969B (en) | Data processing method and device and electronic equipment | |
| CN111611618A (en) | Data statistical method and device | |
| TWI706362B (en) | Data processing method, device and server based on blockchain | |
| CN111177762A (en) | Data processing method, device, server and federal learning system | |
| CN115525909A (en) | Secure multiparty computation of differential privacy high-frequency hits | |
| CN112073444B (en) | Data set processing method and device and server | |
| CN113836559A (en) | Sample alignment method, device, equipment and storage medium in federated learning | |
| US10049231B2 (en) | Method and system for obfuscating the properties of a web browser | |
| CN114595481A (en) | Method, device, equipment and storage medium for processing response data | |
| Bhuiyan et al. | Maintaining the balance between privacy and data integrity in internet of things | |
| CN107577550B (en) | Method and device for determining whether response of access request is abnormal | |
| CN115292729A (en) | Privacy-protecting multi-party data processing method, device and equipment | |
| CN115242371A (en) | Method, device and system for calculating set intersection and cardinality of differential privacy protection | |
| CN111597584B (en) | Privacy protection and data sharing method, device and equipment based on blockchain | |
| CN112165383A (en) | Encryption method, device, equipment and medium based on shared root key | |
| CN116015840B (en) | Data operation auditing method, system, equipment and storage medium | |
| JP5655718B2 (en) | Conversion processing method, apparatus and program, restoration processing method, apparatus and program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |