CN115333721A - Privacy set intersection calculation method, device and system - Google Patents

Privacy set intersection calculation method, device and system Download PDF

Info

Publication number
CN115333721A
CN115333721A CN202211250813.7A CN202211250813A CN115333721A CN 115333721 A CN115333721 A CN 115333721A CN 202211250813 A CN202211250813 A CN 202211250813A CN 115333721 A CN115333721 A CN 115333721A
Authority
CN
China
Prior art keywords
matrix
sender
target position
intersection
function
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202211250813.7A
Other languages
Chinese (zh)
Other versions
CN115333721B (en
Inventor
丁晓慧
田�健
陈剑
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Rongshulianzhi Technology Co ltd
Original Assignee
Beijing Rongshulianzhi Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Rongshulianzhi Technology Co ltd filed Critical Beijing Rongshulianzhi Technology Co ltd
Priority to CN202211250813.7A priority Critical patent/CN115333721B/en
Publication of CN115333721A publication Critical patent/CN115333721A/en
Application granted granted Critical
Publication of CN115333721B publication Critical patent/CN115333721B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F17/00Digital computing or data processing equipment or methods, specially adapted for specific functions
    • G06F17/10Complex mathematical operations
    • G06F17/16Matrix or vector computation, e.g. matrix-matrix or matrix-vector multiplication, matrix factorization
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
    • H04L9/0656Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/50Oblivious transfer

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Physics (AREA)
  • Data Mining & Analysis (AREA)
  • Theoretical Computer Science (AREA)
  • Mathematical Optimization (AREA)
  • Signal Processing (AREA)
  • Pure & Applied Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Computational Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Algebra (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Databases & Information Systems (AREA)
  • Computing Systems (AREA)
  • Power Engineering (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a method, a device and a system for calculating an intersection set of a privacy set, wherein the method comprises the following steps: generating a first matrix and a random key; encoding the first data set by adopting a pseudo-random number function, a first hash function and a random key to obtain a second matrix; determining a corresponding plurality of first target position vectors according to the plurality of second matrices; obtaining a third matrix according to the target position vectors and the first moment; generating a fourth matrix; performing exclusive or calculation on the third matrix and the fourth matrix to obtain a fifth matrix; performing an inadvertent transmission, sending a column of a fourth matrix or a column of a fifth matrix to the sender; sending the random key to a sender; receiving a first set of hash values; obtaining a second hash value set according to the second hash function and the fourth matrix: obtaining a first intersection of the first and second hash value sets; and obtaining a second intersection according to the first intersection, and sending the second intersection to the sender. The method can reduce the calculation cost.

Description

Privacy set intersection calculation method, device and system
Technical Field
The invention relates to the field of privacy computation, in particular to a privacy set intersection computation method, device and system.
Background
With the development of big data technology, sharing multi-organization data and mining the potential value contained in the data become objective requirements of the big data era. The existing data centralized processing mode can not well meet the requirement of a user on privacy protection. Therefore, privacy computing technology has been developed and is currently the mainstream means for data protection.
The Privacy Set Intersection (PSI) protocol is a typical privacy-oriented distributed set computation technique. As an important application of secure multiparty computing, the PSI protocol allows participants to enter their private sets, compute the intersection of the sets together, and not reveal any information other than the intersection. The PSI protocol is widely applied to the field of privacy computing, and is receiving more and more attention from academic and industrial circles. Gene sequencing, disease screening, crime prediction, advertisement recommendation, financial credit, are all scenarios in which PSI technology can be applied.
The biggest obstacle of the current PSI technology implementation is communication overhead and calculation overhead, so that the optimization route is divided into two types, namely optimization from the communication perspective and optimization from the calculation perspective.
The communication overhead of the PSI protocol refers to the communication traffic involved in the whole process of the protocol operation, and if the communication traffic is large, the communication traffic will have a large influence on the network environment with low bandwidth, resulting in low transmission efficiency. The PSI protocol optimized from the communication point of view has huge calculation amount due to a large amount of hash functions, and can hardly be used as a realization protocol. In the prior art, a PSI protocol based on polynomial interpolation method over a finite field is provided, which reduces the calculation amount to a certain extent while optimizing the communication overhead, but the calculation amount is still many times larger than the PSI protocol for calculating the optimization angle.
The calculation overhead of the PSI protocol refers to the total time required for calculating the result of the cryptographic primitive in the whole running process of the PSI protocol, and if the calculation overhead is high, the requirement on hardware equipment is higher, so that the PSI protocol cannot be realized on lightweight equipment. The second prior art proposes a PSI protocol that only uses a simple cryptographic operation that is transmitted unintentionally, and implements data exchange by matching with cuckoo hash structures. Compared with the former two, the protocol optimizes the calculation amount, but has the problem of communication optimization. The use of cuckoo hash structures allows the inadvertent pseudorandom function of this protocol to be repeatedly computed and transmitted at the final stage of the exchange, further increasing communication overhead.
Disclosure of Invention
In view of the above, embodiments of the present invention provide a method, an apparatus, and a system for calculating a privacy set intersection, so as to solve the above problems in the prior art.
To achieve the above object, in a first aspect, an embodiment of the present invention provides a privacy set intersection calculation method, where the method is applied to a receiving party, where the receiving party holds a first data set, and the method includes:
negotiating with a sender to determine a sharing function, wherein the sharing function comprises: a first hash function, a second hash function, and a pseudo-random number function;
generating a first matrix with elements of 1;
generating a random key as an input to the pseudo random number function;
encoding each element in the first data set by adopting the pseudo-random number function, the first hash function and the random key to obtain a second matrix, wherein each data corresponds to one second matrix;
determining a corresponding plurality of first target position vectors according to the plurality of second matrices;
obtaining a third matrix according to the target position vectors and the first matrix;
generating a random fourth matrix;
performing exclusive-or calculation on the third matrix and the fourth matrix to obtain a fifth matrix;
executing the careless transmission, and sending the column of the fourth matrix or the column of the fifth matrix to the sender according to the selection vector randomly generated by the sender;
sending the random key to the sender;
calculating to obtain a first hash value set according to the second hash function, the fourth matrix and the plurality of first target position vectors;
receiving a second hash value set sent by the sender;
evaluating a first intersection of the first set of hash values and the second set of hash values;
and obtaining a second intersection of the first data set and a second data set held by the sender according to the first intersection, and sending the second intersection to the sender.
In a second aspect, an embodiment of the present invention provides another privacy set intersection calculation method, where the method is performed by a receiver and a sender, where the receiver holds a first data set and the sender holds a second data set, and the method includes:
the receiver and the sender negotiate to determine a sharing function and sharing parameters, wherein the sharing function comprises: a first hash function, a second hash function, and a pseudo-random number function, the shared parameters including: a width of the first matrix and a height of the first matrix;
the receiving party generates a first matrix with elements of 1;
the receiver generating a random key as an input to the pseudo-random number function;
the receiver encodes each element in the first data set by adopting the pseudo-random number function, the first hash function and the random key to obtain a second matrix, wherein each data corresponds to one second matrix;
the receiver determines a plurality of corresponding first target position vectors according to the plurality of second matrixes;
obtaining a third matrix according to the target position vectors and the first matrix;
the receiving party generates a random fourth matrix;
the receiving party carries out exclusive or calculation on the third matrix and the fourth matrix to obtain a fifth matrix;
the sender generates a selection vector;
the sender initiates an inadvertent transmission to the receiver according to the selection vector;
the receiver performs the careless transmission and sends the column of the fourth matrix or the column of the fifth matrix to the sender according to the selection vector;
the sender obtains a sixth matrix after the execution of the inadvertent transmission is finished;
the receiver sends the random key to the sender;
the receiving party calculates a first hash value set according to the second hash function, the fourth matrix and the plurality of first target position vectors;
the sender receives the random key;
the sender encodes each data in the second data set according to the pseudo-random number function, the first hash function and the random key to obtain a plurality of seventh matrixes;
the sender obtains a plurality of second target position vectors according to the seventh matrix;
the sender obtains a second hash value set according to the sixth matrix, the plurality of second target position vectors and the second hash function, and sends the second hash value set to a receiver;
the receiver obtaining a first intersection of the first set of hash values and the second set of hash values;
and the receiving party obtains a second intersection of the first data set and the second data set according to the first intersection and sends the second intersection to the sending party.
In a third aspect, an embodiment of the present invention provides a privacy set intersection calculation apparatus, where the apparatus is applied to a receiving party, where the receiving party holds a first data set, and the apparatus includes:
a negotiation module, configured to negotiate with a sender to determine a sharing function, where the sharing function includes: a first hash function, a second hash function, and a pseudo-random number function;
the first matrix generation module is used for generating a first matrix with elements of 1;
a random key generation module for generating a random key as an input to the pseudo-random number function;
a second matrix generation module, configured to encode each data in the first data set by using the pseudo-random number function, the first hash function, and the random key to obtain a plurality of second matrices, where each data corresponds to one second matrix;
a target location vector determination module for determining a corresponding plurality of first target location vectors from the plurality of second matrices;
a third matrix generation module, configured to obtain a third matrix according to the multiple target position vectors and the first matrix;
the fourth matrix generation module is used for generating a random fourth matrix;
a fifth matrix generation module, configured to perform exclusive or calculation on the third matrix and the fourth matrix to obtain a fifth matrix;
an oblivious transmission module, configured to perform oblivious transmission, and send a column of the fourth matrix or a column of the fifth matrix to a sender according to a selection vector randomly generated by the sender;
the sending module is used for sending the random key to a sender;
a first hash value set generating module, configured to calculate a first hash value set according to the second hash function, the fourth matrix, and the multiple first target position vectors:
the receiving module is used for receiving the second hash value set sent by the sender;
a first intersection obtaining module for obtaining a first intersection of the first set of hash values and the second set of hash values;
a second intersection obtaining module, configured to obtain, according to the first intersection, a second intersection between the first data set and a second data set that the sender holds;
the sending module is further configured to send the second intersection to the sender.
In a fourth aspect, an embodiment of the present invention provides a privacy set intersection calculation system, where the system includes a receiver and a sender, where the receiver holds a first data set, and the sender holds a second data set;
the receiver is configured to negotiate with the sender to determine a sharing function and a sharing parameter, where the sharing function includes: a first hash function, a second hash function, and a pseudo-random number function, the shared parameters including: a width of the first matrix and a height of the first matrix; generating a first matrix with elements of 1; generating a random key as an input to the pseudo random number function; encoding each data in the first data set by adopting the pseudo-random number function, the first hash function and the random key to obtain a plurality of second matrixes, wherein each data corresponds to one second matrix; determining a corresponding plurality of first target position vectors according to the plurality of second matrices; obtaining a third matrix according to the target position vectors and the first matrix; generating a random fourth matrix; performing exclusive-or calculation on the third matrix and the fourth matrix to obtain a fifth matrix;
the sender is used for generating a selection vector; initiating an inadvertent transmission to the recipient according to the selection vector;
the receiver is further configured to perform the unintentional transmission, and send a column of the fourth matrix or a column of the fifth matrix to the sender according to the selection vector;
the sender is further configured to obtain a sixth matrix after the execution of the unintentional transmission is completed;
the receiving party is also used for sending the random key to the sending party;
the receiver is further configured to calculate a first hash value set according to the second hash function, the fourth matrix, and the plurality of first target position vectors:
the sender is also used for receiving the random key; encoding each data in the second data set according to the pseudo-random number function, the first hash function and the random key to obtain a plurality of seventh matrixes; obtaining a plurality of second target position vectors according to the seventh matrix; obtaining a second hash value set according to the sixth matrix, the plurality of second target position vectors and the second hash function, and sending the second hash value set to a receiving party;
the receiver further configured to obtain a first intersection of the first set of hash values and the second set of hash values; and obtaining a second intersection of the first data set and the second data set according to the first intersection, and sending the second intersection to the sender.
In a fifth aspect, an embodiment of the present invention provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the privacy set intersection calculation method according to the first aspect or the second aspect.
In a sixth aspect, an embodiment of the present invention provides a computer device, including:
one or more processors;
storage means for storing one or more programs;
the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the privacy set intersection calculation method of the first aspect.
The technical scheme has the following beneficial effects:
the PSI method for privacy set intersection calculation provided by the embodiment of the invention uses simple symmetric or asymmetric encryption, XOR operation and a small amount of hash function generation to replace a hybrid circuit with relatively large calculation overhead, so that the calculation amount is reduced, the calculation speed is optimized, and the calculation overhead is reduced. In the embodiment of the invention, the output of the random function is the position in the matrix, so that the calculation and communication are very convenient for light-weight use.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the prior art descriptions will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
FIG. 1 is a flow diagram of a privacy set intersection calculation method performed by a recipient according to an embodiment of the present invention;
FIG. 2 is a flow diagram of a privacy set intersection calculation method performed jointly by a receiver and a sender in accordance with an embodiment of the present invention;
fig. 3 is a schematic diagram of an inadvertent transmission spread transmission matrix conversion according to an embodiment of the present invention;
FIG. 4 is a flow diagram of an inadvertent pseudorandom number function calculation phase of an embodiment of the present invention;
FIG. 5 is a functional block diagram of a privacy set intersection calculation apparatus applied to a recipient according to an embodiment of the present invention;
FIG. 6 is a functional block diagram of a computer-readable storage medium of an embodiment of the present invention;
FIG. 7 is a functional block diagram of a computer device of an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without making any creative effort based on the embodiments in the present invention, belong to the protection scope of the present invention.
The embodiment of the invention takes a lightweight multipoint OPRF-PSI protocol (Private set interaction in the internet setting from lighting weight elementary PRF. Advances in cryptography-CRYPTO 2020, 34-63) proposed by Chase and Miao in 2020 as a basis, and takes an Oblivious Transfer (OT) as a main password component to construct an Oblivious function (OPRF) privacy set intersection calculation PSI scheme, thereby greatly reducing the calculation amount from the calculation angle. And aiming at the conditions of different bandwidths of the metropolitan area network and the local area network, the OPRF suitable for the corresponding bandwidth can be selected by adjusting the OPRF parameters, and the running time and the bandwidth utilization rate are optimized.
Fig. 1 is a flowchart of a privacy set intersection calculation method performed by a receiving party according to an embodiment of the present invention. As shown in fig. 1, the privacy set intersection calculation method is applied to a receiving party, where the receiving party holds a first data set, and the method includes the following steps:
s101, negotiating with a sender to determine a sharing function, wherein the sharing function can comprise: a first hash function, a second hash function, and a pseudo-random number function.
S102, generating a first matrix with elements of 1. Wherein the width of the first matrix is w columns and the height is m rows.
And S103, generating a random key as an input of a pseudo-random number function. In some embodiments, the random key may include: the key itself for the calculator mode of the advanced encryption standard algorithm and the initial value of the block cipher.
S104, encoding each data in the first data set by adopting a pseudo-random number function, a first hash function and a random key to obtain a plurality of second matrixes, wherein each data corresponds to one second matrix.
And S105, determining a plurality of corresponding first target position vectors according to the plurality of second matrixes.
In some embodiments, the method may further comprise the steps of: negotiating with a sender to determine a sharing parameter, wherein the sharing parameter comprises: a width of the first matrix and a height of the first matrix. The first matrix, the third matrix, the fourth matrix and the fifth matrix have the same height and the same width, and the first matrix and the second matrix have the same width.
This step S105 may specifically include:
performing a plurality of vector conversion processes in series or in parallel to convert the plurality of second matrices into a corresponding plurality of first target position vectors, wherein each vector conversion process comprises:
dividing the second matrix into w column vectors, each column vector having a height log 2 m, w represents the width of the first matrix, m represents the height of the first matrix;
determining an integer corresponding to each column vector, thereby obtaining w integers indicating target positions corresponding to a plurality of column vectors respectively; the determining the integer corresponding to each column vector specifically includes: converting the binary bit string in each column vector into a decimal integer;
determining the first target position vector according to the w integers indicating the target positions; and the arrangement sequence of the w integers in the first target position vector is the same as the arrangement sequence of the w vectors in the second matrix.
The following exemplifies a specific processing procedure of step S105:
dividing the second matrix into w matrices of length log 2 m bit long parts, obtaining w integers in the range of [0, m), wherein the w integers form w column vectors, each column vector corresponds to an integer, the integer is obtained by converting a column binary bit string in the column vector into decimal, w represents the width of the first matrix, and m represents the height of the first matrix; a first target position for each column in the first matrix is determined from each integer corresponding to each column vector.
For example, assume w is 609 and m is 2 to the power of 16. The second matrix is a 609 column, 16 row binary matrix. Since each column consists of 16 bits, 16 bits can be converted from binary to decimal to an integer, ranging between [0,m). Thus, there are 609 columns, and 609 integers are obtained accordingly. Each of the 609 integers represents the position of an element in the data set in the first matrix.
And S106, obtaining a third matrix according to the target position vectors and the first matrix.
Specifically, the third matrix is obtained by sequentially searching corresponding positions in the first matrix by a plurality of target position vectors, and replacing 1 with 0. The method specifically comprises the following steps: and determining a plurality of target row numbers corresponding to each column in the first matrix according to the plurality of target position vectors, and setting elements corresponding to the plurality of target row numbers in each column of the first matrix to be 0. In other embodiments, this may also be performed by: performing batch element replacement processing for multiple times in series or in parallel to obtain a third matrix; each batch element replacement process includes: determining w target line numbers corresponding to w columns in the first matrix according to w integers in the current target position vector in a left-to-right sequence; and setting the element of the position where the target row number corresponding to each column in the first matrix is located as 0. Wherein the width of the third matrix is w columns and the height is m rows.
And S107, generating a random fourth matrix. Wherein the width of the fourth matrix is w columns and the height is m rows.
And S108, carrying out XOR calculation on the third matrix and the fourth matrix to obtain a fifth matrix. Wherein the width of the fifth matrix is w columns and the height is m rows.
And S109, executing the careless transmission, and sending the column of the fourth matrix or the column of the fifth matrix to the sender according to the selection vector randomly generated by the sender. And the sender obtains a sixth matrix after the execution of the inadvertent transmission is finished.
And S110, sending the random key to a sender.
And S111, calculating to obtain a first hash value set according to the second hash function, the fourth matrix and the plurality of first target position vectors.
Specifically, the method specifically comprises the following steps:
taking out multiple groups of first target elements corresponding to the multiple first target position vectors from the fourth matrix, wherein each group of first target elements corresponds to one first target position vector;
splicing each group of first target elements into a first binary string, thereby obtaining a plurality of first binary strings corresponding to the plurality of groups of first target elements one to one;
and respectively inputting the plurality of first binary strings into a second hash function for calculation to obtain a plurality of first byte strings, wherein the plurality of first byte strings form a first hash value set.
In some embodiments, step S111 may specifically include: extracting an element A [ i ] [ vi ] in the fourth matrix; all the elements A [ i ] [ vi ] are spliced to obtain a first binary string. And calculating to obtain byte strings according to the second hash function and the first binary string, and forming a first hash value set by all the byte strings. In this embodiment, A [ i ] [ vi ] is used to represent the element in matrix A that is positioned at the ith column and the vi ] row. For each element in each data set, a byte string may be computed based on the second hash function and the first binary string. All the byte strings obtained or corresponding to all the elements constitute a first set of hash values.
And S112, receiving the second hash value set sent by the sender.
The sender generates a second hash value set by the following method:
the sender receives the random key sent by the receiver; coding each data in the second data set according to the pseudo-random number function, the first hash function and the random key to obtain a seventh matrix; obtaining a plurality of second target positions according to the seventh matrix; the sender acquires a plurality of second target elements corresponding to the plurality of second target positions in a sixth matrix, splices the plurality of second target elements to obtain a second binary string, acquires a second hash value set according to the second hash function and the second binary string, and sends the second hash value set to a receiver.
Specifically, the multiple second target elements corresponding to the multiple second target positions are elements c [ i ] corresponding to the ith column and the ν [ i ] row, all the elements c [ i ] are spliced to obtain a w-bit second binary string, and a second hash value set is obtained according to a second hash function and the second binary string. And the transmitting party performs the careless transmission with the receiving party, and obtains a sixth matrix according to the selection vector, the fourth matrix and the fifth matrix. Since the matrix width is w, there are w columns in the matrix, so each column takes its v [ i ] th row element.
S113, a first intersection of the first hash value set and the second hash value set is obtained.
S114, obtaining a second intersection of a first data set held by the receiving party and a second data set held by the sending party according to the first intersection, and sending the second intersection to the sending party.
Specifically, the first intersection includes the same byte string after the second hash. And the receiver finds the original data in the data sets corresponding to the byte strings to obtain a second intersection, the second intersection is the intersection of the original data sets, and the second intersection is sent to the sender.
Fig. 2 is a flowchart of a privacy set intersection calculation method jointly performed by a receiver and a sender according to an embodiment of the present invention. As shown in fig. 2, a sender P1 and a receiver P2 form a privacy set intersection calculation system, the sender P1 holds a second data set X, the receiver P2 holds a first data set Y, the process executed by the system includes a parameter sharing stage, a pre-calculation stage, an inadvertent transmission stage, and a privacy set intersection calculation stage, and specific steps included in each stage are described in detail below.
1. Shared parameter phase
Step S11, the sender P1 and the receiver P2 negotiate together to determine the following sharing parameters and sharing functions:
the sharing parameters comprise the width w and the height m of the first matrix, a first output length L1 corresponding to a first hash function H1 () and a second output length L2 corresponding to a second hash function H2 (); the heights and the widths of a first matrix, a third matrix, a fourth matrix, a fifth matrix and a sixth matrix are all the same, the heights of the matrixes are all m rows, and the widths of the matrixes are all w columns; the second matrix and the seventh matrix described below are the same in height and width, and the matrix heights are log 2 m rows and w columns of matrix widths;
the shared function includes a pseudo random number function PRF (), a first hash function H1 () and a second hash function H2 ();
the initial key corresponding to the pseudo random number function PRF () is randomly generated by the receiving party P2, a protocol parameter m and a parameter w are jointly determined by both parties, and the both parties negotiate to determine the height m and the width w of a matrix respectively by taking the parameter m and the parameter w as the height m and the width w of the matrix. The output of the pseudo-random number function PRF () is w columns wide and log high 2 The binary matrix of m rows can be further converted into an integer vector with the value range of [0, m), and the number of elements is w.
2. Precomputation phase
The sender P1 performs the following step S21: and generating a selection vector s, namely randomly selecting a bit string s with the length of w bits.
The receiving side P2 may perform the following steps S22 to S27 before or simultaneously with the transmitting side performing the above step S21:
s22, the receiver P2 generates a binary matrix D whose elements are all 1, which is used as a first matrix, i.e., an initialized binary matrix D.
Specifically, a binary matrix D of w columns and m rows is generated in this step, and all elements in the binary matrix D are set to 1.
S23, the receiving side P2 generates a random key of the pseudo random number function PRF () for use as an input to or to construct the pseudo random number function PRF ().
Specifically, the present embodiment uses a calculator mode (AES-CTR) of an AES (Advanced Encryption Standard) algorithm as a pseudo random number generator, and generates a random key, which is composed of two parts: the key itself and the initial value of the block cipher. Transmitted together as a random key of a pseudo random number function PRF () to the sender P1.
S24, the receiving party P2 encodes each data Y in the first data set Y by adopting the common action of the pseudo-random number function PRF (), the first hash function H1 () and the random key to obtain a plurality of binary matrixes V, wherein each data Y corresponds to one binary matrix V.
Specifically, for each data (element) Y in the first data set Y of the receiving party P2, a binary matrix V is calculated according to the following formula or function, and serves as the second matrix: v = PRF (key, H1 (y)).
Wherein V is a width of w rows and a height of log 2 A binary matrix of m rows. The first hash function H1 () may extend the length of the element y to a specific length L1, for example, specifying it as 128 bits when actually applied.
The following examples illustrate:
assume that there are 3 elements or data in the first data set Y: y1, y2, y3;
assume that there are 3 elements or data in the second data set X: x1, x2, x3;
then, the following 3 second matrices are obtained, and the data in each first data set Y corresponds to one matrix V one by one:
V1=PRF(key,H1(y1));
V2=PRF(key,H1(y2));
V3=PRF(key,H1(y3))。
and S25, the receiving party P2 correspondingly obtains a plurality of first target position vectors according to the binary matrixes V. Each first target position vector comprises a plurality of integers v [ i ] indicative of a first target position.
This step performs the following processing for each binary matrix V:
the receiving party P2 transforms the binary matrix V into a plurality of column vectors and then determines a plurality of first target positions according to the plurality of column vectors. Specifically, this step divides the binary matrix V into w length logs 2 m bit long parts and truncating the extra bits that may occur during the byte conversion of bits to obtain w integers in the range 0, m, signed by v i]I =1,2 \ 8230and w.
This step is converted from the binary matrix V into w column vectors. The w column vectors correspond to w integers which range between 0, m). The integer corresponding to the column vector is converted from each column bit string of the binary matrix. The integers vi associated with the column vectors represent specific target positions of each column of the binary matrix D, which first target positions in turn represent elements of the PRF () encoded first data set Y.
The PRF function is characterized by pseudo-randomness, with the same input, the same output, and different inputs, the input cannot be inferred from the output. The present embodiment uses an AES-CTR pseudo random number generator as a core device of the PRF function, and inputs a key agreed for both parties and a hash value of each element.
Taking V1 and V1' as an example, suppose P2 has y1, P1 has x1, and y1= x1;
then
Figure DEST_PATH_IMAGE001
Using a simple example here, it should actually be the wide w height log 2 m。
Each column can be regarded as a binary string from which a first target position vector can be generated:
v=[v[1],v[2],v[3],v[4],v[5]]=[21,44,58,85,81]。
s26, the receiving side P2 sets the elements corresponding to the multiple first target position vectors in the binary matrix D to 0, and obtains a third matrix, that is, a binary matrix D', as the third matrix.
Specifically, the step sets D [ i ] [ vi ] to 0, that is, the positions of D [ i ] [ vi ] are all replaced by 0, so as to obtain a new binary matrix D'. The symbol D [ i ] [ vi ] represents the value corresponding to the ith column and the ν i row of the binary matrix D.
For example, assuming that there are 3 data Y1, Y2, Y3 in the first data set Y, three second matrices V1, V2, V3 are obtained, and the following three first target position vectors are generated according to the three second matrices V1, V2, V3:
v1=[3,4,5,7,6];
v2=[2,3,6,4,1];
v3=[5,7,1,3,2];
according to the three first target position vectors described above, the following multiple element replacement processing is performed for each column to obtain a new binary matrix D':
replacing elements of the 2 nd row, the 3 rd row and the 5 th row of the first column in the binary matrix D with 0 in all 1;
replacing elements of a3 rd row, a 4 th row and a 7 th row of a second column in the binary matrix D with all 1 by 0;
replacing elements of the 1 st row, the 5 th row and the 6 th row of the third column in the binary matrix D with all 1's by 0;
replacing elements of the 3 rd row, the 4 th row and the 7 th row of the fourth column in the binary matrix D with 0 in all 1;
the elements of the 1 st row, the 2 nd row and the 6 th row of the fifth column in the binary matrix D of all 1 are replaced with 0.
S27, the receiver P2 generates a random binary matrix A, and performs exclusive-or calculation according to the binary matrix A and the binary matrix D' to obtain a related binary matrix B:
specifically, a binary matrix a with w columns and m rows is randomly generated and used as a fourth matrix, and an exclusive-or calculation is performed according to the binary matrix a and the binary matrix D' to obtain a binary matrix B used as a fifth matrix, so that the requirements of the binary matrix B are met:
b = a xor D', reference may be made in particular to the example shown in fig. 3.
3. Inadvertent transmission of OT phase
The inadvertent transmission OT is a core component of secure multiparty computation, and consists of two parts, namely base OT and OT extension. The OT expansion can reduce n-round OT to w-round OT under the condition of ensuring the same effect, wherein w is far smaller than n, and therefore the number of communication rounds is reduced. In the stage of OT expansion, a sender is used as a receiver of OT to select a random bit string s E (0, 1) } w The receiver, as the OT sender, prepares two sets of column vectors: a. The 1 ,A 2 , …,A w ∈{0,1} m ,B 1 ,B 2 , …,B w ∈{0,1} m . The two parties execute w OT's, and the sender of the final OPRF-PSI as the OT receiver gets w column vectors, and thus the binary matrix C. The process of this inadvertent OT phase is described in detail below.
The sender P1 performs the following steps:
s31, the sending party P1 sends selection bits S [ i ] to the receiving party P2 according to the selection vector S, and each selection bit S [ i ] is 0 or 1.
Specifically, in this step, for each selection bit s [ i ] in the selection vector s, a base oblivious transfer (base OT) query is initiated according to the selection vector s generated in the pre-calculation stage. Each time a selection bit is sent, w times of base OT transmissions are completed.
S33, the sender P1 obtains a binary matrix C after base OT execution is finished, and a column vector C [ i ] of the matrix C is determined to be A [ i ] or B [ i ] according to the selection bits S [ i ]. A [ i ] denotes the ith column of the binary matrix A, and B [ i ] denotes the ith column of the binary matrix B.
Specifically, after the base OT is executed, a binary matrix C is obtained as a sixth matrix, and the binary matrix C is composed of w columns and m rows.
The receiving side P2 performs the following steps:
and S32, the receiving party P2 executes the base inadvertent transmission and sends the column vector of the binary matrix A or the binary matrix B to the sending party P1 according to the selection vector S.
Specifically, each column in the binary matrix C is associated with a random number s [ i ], and if s [ i ] =0, the i-th column of the binary matrix a is selected as the i-th column of the binary matrix C; if s [ i ] =1, the i-th column of the binary matrix B is selected as the i-th column of the binary matrix C. i ranges from [0, 1, \ 8230;, w-1].
A diagram of OT extended transmission of binary matrix a, binary matrix B to receiver P1 is shown in fig. 3.
In the OT process, the value range of the row number m of the binary matrix A and the binary matrix B is 2 10 To 2 30 And the number of columns w ranges from 300 to 800. The column vector with the length of m completes transmission in an OT expansion mode, and only w times of base OT operation are needed.
After this stage is completed, the binary matrix C obtained by the sender P1 and the binary matrix a held by the receiver P2 satisfy the following conditions:
the elements in the first data set Y of the receiving party P2 map to all element positions of 0 on the binary matrix D ', i.e. are encoded into the positions of the underline marks in the binary matrix D'. The corresponding coded position A [ i ] [ vi ] in the binary matrix A is identical to the corresponding position C [ i ] [ vi ] in the binary matrix C.
4. Privacy set intersection calculation PSI phase
FIG. 4 is a flow chart of the inadvertent pseudo random number function calculation phase of an embodiment of the present invention, which is explained in further detail in conjunction with FIG. 4 for the PSI phase. In the example of fig. 4, the receiver P2 takes out a [ i ] [ v [ i ] ] elements in the binary matrix a, and the sender P1 takes out C [ i ] [ v [ i ]' ] elements in the binary matrix C, if there is x = y; then v [ i ] = v [ i ] ', then the same a [ i ] [ v [ i ] ] = C [ i ] [ v [ i ]'; when x = y, it can be derived: h2 (PRF (x)) = H2 (PRF (y)).
The receiving side P2 performs the following steps:
it should be noted that, in step S24, the receiving party P2 has encoded each element Y in the first data set Y by using a pseudo-random number function PRF (), so as to obtain a binary matrix V. In particular, the amount of the solvent to be used,in step S24, for each element Y in the first data set Y, a binary matrix V is calculated according to the following function or formula: v = PRF (key, H1 (y)), where H1 () is a first hash function and V is a width of w columns and a height of log 2 A matrix with m rows, each column is regarded as a binary string, and then each column of binary string is converted into a decimal integer by binary decimal conversion, so as to obtain w integers, and a target position vector v = [ v [1] is formed], v[2] …, v[w]]。
S41, the receiving party P2 sends the randomly generated random key to the sending party P1.
S42, the receiving party P2 takes out a plurality of groups of A [ i ] [ vi ] elements of the binary matrix A according to the first position vectors and splices the A [ i ] [ vi ] elements into a plurality of binary strings a.
In this step, according to the plurality of first target position vectors, a plurality of groups of first target elements corresponding to the plurality of first target position vectors are taken out from the fourth matrix, wherein each group of first target elements corresponds to one first target position vector; and splicing each group of first target elements into a first binary string a, and repeatedly executing the step to obtain a plurality of groups of first binary strings a corresponding to the first target elements one by one.
Specifically, for each first target position vector, the receiving party P2 respectively fetches a plurality of elements (a [ i ] [ vi ] ] of the binary matrix a at the ith column and vi [ i ] line position, and splices the fetched plurality of elements into a binary string a. Where A [ i ] denotes the ith column of the binary matrix A and [ vi ] denotes the vi row of the binary matrix A. And aiming at each first target position vector, counting a [ i ] [ v [ i ] ] of a plurality of binary elements A [ i ] [ v [ i ] ] in the binary matrix A as a [ i ], wherein the value of a [ i ] is 0 or 1, and splicing a [1], a [2] \ 8230 ], a [ w ] to obtain a binary string a.
Taking fig. 4 as an example, if x = y exists, the receiving side P2 and the transmitting side P1 can calculate the same v [ i ], that is, v [ i ] = v [ i ]', and thus compose the same target position vector v. In FIG. 4 is a target position vector v = [ v [1], v [2], v [3], v [4], v [5] ] = [3,4,5,2,4]. a [1] is the column 1, row 3 element 0, a [2] is the column 2, row 4 element 1, a [3] is the column 3, row 5 element 0, a [4] is the column 4, row 2 element 1, a [5] is the column 5, row 4 element 1. The column is determined according to the order from 1 to w, and the element is the position pointed to by v [ i ]. The elements at these positions are extracted in binary matrix a and binary matrix C, respectively, because of the previous calculation, the elements at these positions can be made identical, and thus have the same binary string {01011}. Finally, in this embodiment, comparing the results after H2 () processing, if the results are consistent, there is the original data x = y, that is, the data is in the intersection of the two data.
S43, the receiving party P2 calculates H2 (a), and the calculation results of all the elements form a first hash value set AY.
Specifically, the receiving side P2 calculates a mapping hash value of each element Y in the first data set Y to obtain a hash value set AY. That is, the receiving party P2 calculates H2 (a) to obtain a byte string with a length of L2 bits or a byte string with a length of L2 divided by 8, and all byte strings form the hash value set AY. Wherein one element corresponds to one hashed byte string.
The detailed description of the treatment process in this step is as follows:
specifically, the receiving party P2 calculates the above-mentioned integer v [ i ] indicating the target position and the target position vector v corresponding to each element Y in the first data set Y, and then takes the target position vector v to find the corresponding position in the matrix to form the binary string a. The receiving party P2 calculates the hash value H2 (a) of the binary string a to obtain a byte string with the length L2 divided by 8, and all the byte strings form a first hash value set AY. That is, each string of bytes in the first set of hash values AY corresponds to an element Y in the first set of data Y.
S44, the receiving side P2 receives the second hash value set CX sent by the sending side P1.
S45, the receiving party P2 obtains the intersection of the second hash value set CX and the first hash value set AY to obtain a first intersection indicating the intersection of the mapping hash values, determines a second intersection of the corresponding second data set X and the first data set Y according to the intersection of the mapping hash values, and sends the final result of the second intersection to the sending party P1.
The sender P1 performs the following steps:
s46, the sender P1 receives the random key.
S47, the sender P1 encodes each element in the second data set X by using a pseudo-random number function PRF () to obtain a plurality of seventh matrices V ', and correspondingly obtains a plurality of second target position vectors according to the plurality of seventh matrices V ', wherein each second target position vector comprises a plurality of integers V [ i ] ', which indicate second target positions.
Specifically, for each element X in the second data set X, a binary matrix V' is calculated according to the following function or formula, and is used as the seventh matrix: v' = PRF (key, H1 (x)).
Assume that there are 3 elements in the second data set X: x1, x2, x3;
the following 3 second matrices are obtained, one for each data x:
V1’=PRF(key,H1(x1));
V2’=PRF(key,H1(x2));
V3’=PRF(key,H1(x3))。
the transmitting side P1 obtains three second object position vectors, each including a plurality of integers V [ i ] ', indicating second object positions, based on the seventh matrix V'. In this step, the sender P1 transforms the binary matrix V' into a plurality of column vectors, and then determines a plurality of second target positions according to the plurality of column vectors.
Specifically, this step divides the binary matrix V' into w length logs 2 m bit long parts and truncating the extra bits that may occur during the byte conversion of bits to obtain w integers in the range 0, m, signed by v i]', i =1,2 \8230andw indicates.
This step is converted from the binary matrix V' into w column vectors. The w column vectors correspond to w integers which range between 0, m). The integer corresponding to the column vector is converted from each column bit string of the column vector. The integer v [ i ] represents certain second target positions, which in turn represent elements in the PRF () encoded second data set X.
S48, taking out the elements of the matrix C [ i ] [ v [ i ]' ] according to the plurality of second position vectors, and splicing the elements into a plurality of binary strings C.
Specifically, in this step, for each second target position vector, the sender P1 correspondingly extracts binary elements C [ i ] [ v [ i ] ') corresponding to the ith column and the vth [ i ] row in the binary matrix C, and splices all the extracted binary elements C [ i ] [ v [ i ]') into a binary string C. C [ i ] [ v [ i ] '] denotes the ith column, v [ i ]' row of the binary matrix C. This step is repeatedly performed, whereby a plurality of binary strings c corresponding one-to-one to the plurality of second target position vectors can be obtained.
For example, assume that the plurality of second target position vectors are: v1', v2', v3', the correspondingly obtained binary strings are: c1, c2 and c3.
S49, H2 (c) is calculated, and the calculation results of all elements form a second hash value set CX.
Specifically, the sender P1 searches for C [ i ] [ v [ i ] '] corresponding to each data in the second data set X, concatenates the binary elements C [ i ] [ v [ i ]' ] into binary strings C, thereby obtaining a plurality of binary strings C corresponding to a plurality of data, and then performs hash processing on the concatenated plurality of binary strings C by using a second hash function, i.e., calculates H2 (C) to obtain a second hash value set CX. For example, assume that the obtained binary strings are: c1, c2, c3, a plurality of second hash values H2 (c 1), H2 (c 2), H2 (c 3) are obtained through this step to form a second hash value set CX.
Specifically, a unique element will result in a unique V matrix, and a unique V matrix will result in a unique target position vector V. The elements of the target position vector v at the corresponding positions in the matrix a and the matrix C are consistent, as shown in fig. 4, so that the elements at the target positions can be extracted from the matrices of both sides by using the target position vector v and spliced into a binary string, and the binary string is converted into a byte string by using a second hash function.
The multiple elements follow the same flow to generate their corresponding hash values, which constitute a hash value set. For example, if the receiving side P2 has three elements y1, y2, and y3, then there are three matrices V1, V2, and V3, then there are three position vectors V1, V2, and V3, then the element at the position indicated by the position vector can be found in the matrix a to be spliced and converted to obtain the byte strings a1, a2, and a3, and finally the byte strings are input to the hash function H2 to obtain hash values H2 (a 1), H2 (a 2), and H2 (a 3).
The same procedure is used for the sender P1, which is to find in the matrix C. Finally, if both have the same element y = x, then there will be the same corresponding byte string a = c, and further there will be H2 (a) = H2 (c), thus obtaining the elements of intersection in the set.
S50, the sender P1 sends the second hash value set CX to the receiver P2.
S51, the sender P1 receives the intersection of the first data set Y and the second data set X, i.e. the second intersection.
The embodiment of the invention has the beneficial technical effects that:
the PSI method provided by the embodiment of the invention uses simple symmetric or asymmetric encryption, XOR operation and a small amount of hash function generation to replace a hybrid circuit with higher calculation cost, so that the calculation amount is reduced, and the calculation speed is optimized. In addition, the embodiment of the invention abandons the adoption of a cuckoo hash structure, and uses the matrix position conversion as the output of an accidental pseudorandom function, thereby reducing the traffic volume while ensuring the correct verification result.
In the application process, the embodiment of the invention is suitable for being applied to a network environment with medium bandwidth, and the technical scheme of the embodiment of the invention can still smoothly operate even under a common network environment.
In the embodiment of the invention, the output of the random function is the position in the matrix, so the invention is very convenient for light weight use in computation and communication.
In the embodiment of the invention, the intermediate base inadvertently transmits and uses the byte string instead of the bit string, directly calls the existing cryptography library, and is safe and easy to develop.
In the embodiment of the invention, a mixed mode of the block cipher and the stream cipher is used when the accidental pseudorandom function is calculated, so that the whole calculation process can be parallel, and the calculation speed is accelerated.
Fig. 5 is a functional block diagram of a privacy set intersection calculation apparatus applied to a receiving party according to an embodiment of the present invention. As shown in fig. 5, the apparatus is applied to a receiving party, the receiving party holds a first data set, and the privacy set intersection calculation apparatus 200 includes:
a negotiation module 202, configured to negotiate with a sender to determine a sharing function, where the sharing function includes: a first hash function, a second hash function, and a pseudo-random number function;
a first matrix generating module 204, configured to generate a first matrix with 1 element;
a random key generation module 206, configured to generate a random key as an input of the pseudo-random number function;
a second matrix generation module 208, configured to encode each data in the first data set by using the pseudo-random number function, the first hash function, and the random key to obtain a plurality of second matrices, where each data corresponds to one second matrix;
a target location vector determining module 210, configured to determine a corresponding plurality of first target location vectors according to the plurality of second matrices;
a third matrix generating module 212, configured to obtain a third matrix according to the target position vectors and the first matrix;
a fourth matrix generation module 214, configured to generate a random fourth matrix;
a fifth matrix generating module 216, configured to perform xor calculation on the third matrix and the fourth matrix to obtain a fifth matrix;
an oblivious transmission module 218, configured to perform oblivious transmission, and send a column of the fourth matrix or a column of the fifth matrix to a sender according to a selection vector randomly generated by the sender;
a sending module 220, configured to send the random key to a sender;
a first hash value set generating module 222, configured to calculate, according to the second hash function, the fourth matrix, and the plurality of first target position vectors, a first hash value set:
a receiving module 224, configured to receive the second hash value set sent by the sender;
a first intersection obtaining module 226, configured to obtain a first intersection of the first hash value set and the second hash value set;
a second intersection obtaining module 228, configured to obtain, according to the first intersection, a second intersection of the first data set and a second data set that the sender holds;
the sending module 220 is further configured to send the second intersection to the sender.
In some embodiments, the negotiation module 202 is further configured to negotiate with the sender to determine a sharing parameter, where the sharing parameter includes: a width of the first matrix and a height of the first matrix; wherein the first matrix, the third matrix, the fourth matrix, and the fifth matrix have the same height and the same width, and the first matrix and the second matrix have the same width;
the target position vector determining module 210 is specifically configured to perform a plurality of vector conversion processes in series or in parallel to convert the plurality of second matrices into a corresponding plurality of first target position vectors, where each vector conversion process includes: dividing the second matrix into w column vectors, each column vector having a height log 2 m, w represents the width of the first matrix, m represents the height of the first matrix; determining an integer corresponding to each column vector, thereby obtaining w integers indicating target positions corresponding to a plurality of column vectors respectively; determining the first target position vector according to the w integers indicating the target positions; and the arrangement sequence of the w integers in the first target position vector is the same as the arrangement sequence of the w vectors in the second matrix.
In some embodiments, the third matrix generating module 212 is specifically configured to determine, according to the target position vectors, a plurality of target rows corresponding to each column in the first matrix, and set an element, corresponding to the target rows, in each column of the first matrix to 0. In other embodiments, the third matrix generating module 212 may be further configured to execute multiple element replacement processes in series or in parallel to obtain a third matrix; each element replacement process includes: determining w target row numbers corresponding to w columns in the first matrix according to w integers in the current target position vector and a left-to-right sequence; and setting the element of the position where the target row number corresponding to each column in the first matrix is located as 0.
In some embodiments, the first hash value set generating module 222 is specifically configured to:
extracting a plurality of groups of first target elements respectively corresponding to the plurality of first target position vectors from the fourth matrix, wherein each group of first target elements corresponds to one first target position vector;
splicing each group of first target elements into a first binary string, thereby obtaining a plurality of first binary strings corresponding to the plurality of groups of first target elements one to one;
and respectively inputting the first binary strings into the second hash function for calculation to obtain a plurality of byte strings, wherein the byte strings form a first hash value set.
In some embodiments, the random key generation module, in particular for using a calculator mode of the advanced encryption standard algorithm, AES, as a pseudo-random number generator, generates a random key as an input to the pseudo-random number function;
the target position determining module is specifically configured to convert the binary bit string in each column vector into a decimal integer.
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-mentioned division of the functional units and modules is illustrated, and in practical applications, the above-mentioned function distribution may be performed by different functional units and modules according to needs, that is, the internal structure of the apparatus is divided into different functional units or modules to perform all or part of the above-mentioned functions. Each functional unit and module in the embodiments may be integrated in one processing unit, or each unit may exist alone physically, or two or more units are integrated in one unit, and the integrated unit may be implemented in a form of hardware, or in a form of software functional unit. In addition, specific names of the functional units and modules are only used for distinguishing one functional unit from another, and are not used for limiting the protection scope of the present application. The specific working processes of the units and modules in the system may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
The embodiment of the invention also provides a privacy set intersection calculation system, which comprises a receiving party and a sending party, wherein the receiving party holds a first data set, and the sending party holds a second data set;
the receiver is configured to negotiate with the sender to determine a sharing function and a sharing parameter, where the sharing function includes: a first hash function, a second hash function, and a pseudo-random number function, the shared parameters including: a width of the first matrix and a height of the first matrix; generating a first matrix with elements of 1; generating a random key as an input to the pseudo random number function; encoding each data in the first data set by adopting the pseudo-random number function, the first hash function and the random key to obtain a plurality of second matrixes, wherein each data corresponds to one second matrix; determining a corresponding plurality of first target position vectors according to the plurality of second matrices; obtaining a third matrix according to the target position vectors and the first matrix; generating a random fourth matrix; performing exclusive-or calculation on the third matrix and the fourth matrix to obtain a fifth matrix;
the sender is used for generating a selection vector; initiating an inadvertent transmission to the recipient according to the selection vector;
the receiver is further configured to perform an inadvertent transmission, and send a column of the fourth matrix or a column of the fifth matrix to the sender according to the selection vector;
the sender is further used for obtaining a sixth matrix after the execution of the inadvertent transmission is finished;
the receiver is also used for sending the random key to the sender;
the receiver is further configured to calculate a first hash value set according to the second hash function, the fourth matrix, and the plurality of first target location vectors:
the sender is also used for receiving the random key; encoding each data in the second data set according to the pseudo-random number function, the first hash function and the random key to obtain a plurality of seventh matrixes; obtaining a plurality of second target position vectors according to the seventh matrix; obtaining a second hash value set according to the sixth matrix, the plurality of second target position vectors and the second hash function, and sending the second hash value set to a receiving party;
the receiver further configured to obtain a first intersection of the first set of hash values and the second set of hash values; and obtaining a second intersection of the first data set and the second data set according to the first intersection, and sending the second intersection to the sender.
FIG. 6 is a functional block diagram of a computer-readable storage medium of an embodiment of the present invention. As shown in fig. 6, an embodiment of the present invention further provides a computer-readable storage medium 300, where a computer program 310 is stored in the computer-readable storage medium 300, and when executed by a processor, the computer program 310 implements the steps of the above-mentioned privacy set intersection calculation method.
The integrated module/unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, all or part of the flow of the method according to the embodiments of the present invention may also be implemented by a computer program, which may be stored in a computer-readable storage medium, and when the computer program is executed by a processor, the steps of the method embodiments described above may be implemented. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc. The computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, usb disk, removable hard disk, magnetic disk, optical disk, computer Memory, read-Only Memory (ROM), random Access Memory (RAM), electrical carrier wave signals, telecommunications signals, software distribution medium, and the like. Of course, there are other ways of storing media that can be read, such as quantum memory, graphene memory, and so forth. It should be noted that the computer readable medium may contain content that is subject to appropriate increase or decrease as required by legislation and patent practice in jurisdictions, for example, in some jurisdictions, computer readable media does not include electrical carrier signals and telecommunications signals as is required by legislation and patent practice.
Fig. 7 is a functional block diagram of a computer device according to an embodiment of the present invention, as shown in fig. 7, which is applied to a receiving party and includes one or more processors 401, a communication interface 402, a memory 403 and a communication bus 404, wherein the processors 401, the communication interface 402 and the memory 403 complete communication with each other through the communication bus 404.
A memory 403 for storing a computer program;
the processor 401 is configured to implement the steps of the above-described privacy set intersection calculation method when executing the program stored in the memory 403.
Processor 401 may be a general-purpose Processor including a Central Processing Unit (CPU), a Network Processor (NP), etc.; but also Digital Signal Processors (DSPs), application Specific Integrated Circuits (ASICs), field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components.
Memory 403 may include mass storage for data or instructions. By way of example, and not limitation, memory 403 may include a Hard Disk Drive (HDD), a floppy Disk Drive, flash memory, an optical Disk, a magneto-optical Disk, tape, or a Universal Serial Bus (USB) Drive or a combination of two or more of these. In a particular embodiment, the memory 403 includes Read Only Memory (ROM). Where appropriate, the ROM may be mask-programmed ROM, programmable ROM (PROM), erasable PROM (EPROM), electrically Erasable PROM (EEPROM), electrically rewritable ROM (EAROM), or flash memory, or a combination of two or more of these.
The communication bus 404 comprises hardware, software, or both for coupling the aforementioned components to one another. For example, a bus may include an Accelerated Graphics Port (AGP) or other graphics bus, an Enhanced Industry Standard Architecture (EISA) bus, a Front Side Bus (FSB), a Hyper Transport (HT) interconnect, an Industry Standard Architecture (ISA) bus, an infiniband interconnect, a Low Pin Count (LPC) bus, a memory bus, a Micro Channel Architecture (MCA) bus, a Peripheral Component Interconnect (PCI) bus, a PCI-Express (PCI-X) bus, a Serial Advanced Technology Attachment (SATA) bus, a video electronics standards association local (VLB) bus, or other suitable bus or a combination of two or more of these. A bus may include one or more buses, where appropriate. Although specific buses have been described and shown in the embodiments of the invention, any suitable buses or interconnects are contemplated by the invention.
The foregoing description has been directed to specific embodiments of this disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims can be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
Although the present application provides method steps as in an embodiment or a flowchart, more or fewer steps may be included based on conventional or non-inventive labor. The sequence of steps recited in this embodiment is only one of many steps performed and does not represent a unique order of execution. When an actual apparatus or client product executes, it may execute sequentially or in parallel (e.g., in the context of parallel processors or multi-threaded processing) according to the embodiments or methods shown in the figures.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The principle and the implementation mode of the invention are explained by applying specific embodiments in the invention, and the description of the embodiments is only used for helping to understand the method and the core idea of the invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.

Claims (16)

1. A privacy set intersection calculation method applied to a recipient holding a first data set, the method comprising:
negotiating with a sender to determine a sharing function, wherein the sharing function comprises: a first hash function, a second hash function, and a pseudo-random number function;
generating a first matrix with elements of 1;
generating a random key as an input to the pseudo random number function;
encoding each data in the first data set by adopting the pseudo-random number function, the first hash function and the random key to obtain a plurality of second matrixes, wherein each data corresponds to one second matrix;
determining a corresponding plurality of first target position vectors from the plurality of second matrices;
obtaining a third matrix according to the target position vectors and the first matrix;
generating a random fourth matrix;
performing exclusive-or calculation on the third matrix and the fourth matrix to obtain a fifth matrix;
executing the careless transmission, and sending the column of the fourth matrix or the column of the fifth matrix to the sender according to the selection vector randomly generated by the sender;
sending the random key to the sender;
calculating to obtain a first hash value set according to the second hash function, the fourth matrix and the plurality of first target position vectors;
receiving a second hash value set sent by the sender;
evaluating a first intersection of the first set of hash values and the second set of hash values;
and obtaining a second intersection of the first data set and a second data set held by the sender according to the first intersection, and sending the second intersection to the sender.
2. The method of claim 1, further comprising: negotiating with a sender to determine a sharing parameter, wherein the sharing parameter comprises: a width of the first matrix and a height of the first matrix; wherein the first matrix, the third matrix, the fourth matrix, and the fifth matrix have the same height and the same width, and the first matrix and the second matrix have the same width;
the determining a plurality of corresponding first target position vectors according to the plurality of second matrices specifically includes:
performing a plurality of vector conversion processes in series or in parallel to convert the plurality of second matrices into a corresponding plurality of first target position vectors, wherein each vector conversion process comprises:
dividing the second matrix into w column vectors, each column vector having a height log 2 m, w represents the width of the first matrix, m represents the height of the first matrix;
determining an integer corresponding to each column vector, thereby obtaining w integers indicating target positions corresponding to a plurality of column vectors respectively;
determining the first target position vector according to the w integers indicating the target positions; and the arrangement sequence of the w integers in the first target position vector is the same as the arrangement sequence of the w vectors in the second matrix.
3. The method according to claim 1, wherein obtaining a third matrix based on the plurality of target position vectors and the first matrix specifically comprises:
determining a plurality of target row numbers corresponding to each column in the first matrix according to the plurality of target position vectors, and setting elements corresponding to the plurality of target row numbers in each column of the first matrix to be 0, so as to obtain a third matrix.
4. The method according to claim 1, wherein the calculating a first set of hash values according to the second hash function, the fourth matrix, and the plurality of first target position vectors specifically includes:
taking out multiple groups of first target elements respectively corresponding to the multiple first target position vectors from the fourth matrix, wherein each group of first target elements corresponds to one first target position vector;
splicing each group of first target elements into a first binary string, thereby obtaining a plurality of first binary strings in which a plurality of groups of first target elements are in one-to-one correspondence;
and respectively inputting the plurality of first binary strings into the second hash function for calculation to obtain a plurality of first byte strings, wherein the plurality of first byte strings form a first hash value set.
5. The method according to claim 1, wherein said generating a random key as an input to said pseudo random number function comprises:
and using a calculator mode of an advanced encryption standard Algorithm (AES) as a pseudo-random number generator to generate a random key, and taking the random key as an input of the pseudo-random number function.
6. The method according to claim 2, wherein the determining the integer corresponding to each column vector comprises:
the binary bit string in each column vector is converted to a decimal integer.
7. A privacy set intersection calculation method, performed by a receiver and a sender, the receiver holding a first set of data and the sender holding a second set of data, the method comprising:
the receiver and the sender negotiate to determine a sharing function and sharing parameters, wherein the sharing function comprises: a first hash function, a second hash function, and a pseudo-random number function, the shared parameters including: a width of the first matrix and a height of the first matrix;
the receiving party generates a first matrix with elements of 1;
the receiver generating a random key as an input to the pseudo-random number function;
the receiver encodes each data in the first data set by adopting the pseudo-random number function, the first hash function and the random key to obtain a plurality of second matrixes, wherein each data corresponds to one second matrix;
the receiver determines a plurality of corresponding first target position vectors according to the plurality of second matrixes;
obtaining a third matrix according to the target position vectors and the first matrix;
the receiving party generates a random fourth matrix;
the receiver performs exclusive-or calculation on the third matrix and the fourth matrix to obtain a fifth matrix;
the sender generates a selection vector;
the sender initiates an inadvertent transmission to the receiver according to the selection vector;
the receiver performs the careless transmission and sends the column of the fourth matrix or the column of the fifth matrix to the sender according to the selection vector;
the sender obtains a sixth matrix after the execution of the inadvertent transmission is finished;
the receiver sends the random key to the sender;
the receiving party calculates a first hash value set according to the second hash function, the fourth matrix and the plurality of first target position vectors;
the sender receives the random key;
the sender encodes each data in the second data set according to the pseudo-random number function, the first hash function and the random key to obtain a plurality of seventh matrixes;
the sender obtains a plurality of second target position vectors according to the seventh matrix;
the sender obtains a second hash value set according to the sixth matrix, the plurality of second target position vectors and the second hash function, and sends the second hash value set to a receiver;
the receiver obtaining a first intersection of the first set of hash values and the second set of hash values;
and the receiving party obtains a second intersection of the first data set and the second data set according to the first intersection and sends the second intersection to the sending party.
8. The method according to claim 7, wherein the obtaining, by the sender, a second hash value set according to the sixth matrix, the plurality of second target position vectors, and the second hash function specifically includes:
extracting a plurality of groups of second target elements respectively corresponding to the plurality of second target position vectors from the sixth matrix, wherein each group of second target elements corresponds to one second target position vector;
splicing each group of second target elements into a second binary string, thereby obtaining a plurality of second binary strings in which a plurality of groups of second target elements are in one-to-one correspondence;
and respectively inputting the plurality of second binary strings into the second hash function for calculation to obtain a plurality of second byte strings, wherein the plurality of second byte strings form a second hash value set.
9. A privacy set intersection calculation apparatus, the apparatus being applied to a recipient, the recipient holding a first set of data, the apparatus comprising:
a negotiation module, configured to negotiate with a sender to determine a sharing function, where the sharing function includes: a first hash function, a second hash function, and a pseudo-random number function;
the first matrix generation module is used for generating a first matrix with elements of 1;
a random key generation module for generating a random key as an input to the pseudo-random number function;
a second matrix generation module, configured to encode each data in the first data set by using the pseudo-random number function, the first hash function, and the random key to obtain a plurality of second matrices, where each data corresponds to one second matrix;
a target location vector determination module for determining a corresponding plurality of first target location vectors from the plurality of second matrices;
a third matrix generation module, configured to obtain a third matrix according to the multiple target position vectors and the first matrix;
the fourth matrix generation module is used for generating a random fourth matrix;
a fifth matrix generation module, configured to perform xor calculation on the third matrix and the fourth matrix to obtain a fifth matrix;
an oblivious transmission module, configured to perform oblivious transmission, and send a column of the fourth matrix or a column of the fifth matrix to a sender according to a selection vector randomly generated by the sender;
the sending module is used for sending the random key to a sender;
a first hash value set generating module, configured to calculate a first hash value set according to the second hash function, the fourth matrix, and the plurality of first target position vectors:
the receiving module is used for receiving the second hash value set sent by the sender;
a first intersection obtaining module for obtaining a first intersection of the first set of hash values and the second set of hash values;
a second intersection obtaining module, configured to obtain, according to the first intersection, a second intersection between the first data set and a second data set that the sender holds;
the sending module is further configured to send the second intersection to the sender.
10. The apparatus of claim 9, wherein the negotiating module is further configured to negotiate with a sender to determine a sharing parameter, and the sharing parameter includes: a width of the first matrix and a height of the first matrix; wherein the first matrix, the third matrix, the fourth matrix, and the fifth matrix have the same height and the same width, and the first matrix and the second matrix have the same width;
the target position vector determining module is specifically configured to perform a plurality of vector conversion processes in series or in parallel to convert the plurality of second matrices into a corresponding plurality of first target position vectors, where each vector conversion process includes: dividing the second matrix into w column vectors, each column vector having a height log 2 m, w represents the width of the first matrix, m represents the height of the first matrix; an integer corresponding to each column vector is determined,thereby obtaining w integers indicating target positions respectively corresponding to the plurality of column vectors; determining the first target position vector according to the w integers indicating the target positions; and the arrangement sequence of the w integers in the first target position vector is the same as the arrangement sequence of the w vectors in the second matrix.
11. The apparatus of claim 9, wherein the third matrix generation module is specifically configured to determine a plurality of target rows corresponding to each column in the first matrix according to the plurality of target position vectors, and set an element corresponding to the plurality of target rows in each column of the first matrix to 0, so as to obtain a third matrix.
12. The apparatus according to claim 9, wherein the first set of hash values generating module is specifically configured to:
extracting a plurality of groups of first target elements respectively corresponding to the plurality of first target position vectors from the fourth matrix, wherein each group of first target elements corresponds to one first target position vector;
splicing each group of first target elements into a first binary string, thereby obtaining a plurality of first binary strings corresponding to the plurality of groups of first target elements one to one;
and respectively inputting the first binary strings into the second hash function for calculation to obtain a plurality of byte strings, wherein the byte strings form a first hash value set.
13. The apparatus according to claim 9, wherein the random key generation module is configured to generate a random key using a calculator mode of advanced encryption standard algorithm, AES, as a pseudo-random number generator, with the random key as an input to the pseudo-random number function;
the target position determination module is specifically configured to convert the binary bit string in each column vector into a decimal integer.
14. A privacy set intersection computing system, the system comprising a receiver and a sender, the receiver holding a first set of data and the sender holding a second set of data;
the receiver is configured to negotiate with the sender to determine a sharing function and a sharing parameter, where the sharing function includes: a first hash function, a second hash function, and a pseudo-random number function, the shared parameters including: a width of the first matrix and a height of the first matrix; generating a first matrix with elements of 1; generating a random key as an input to the pseudo random number function; encoding each data in the first data set by adopting the pseudo-random number function, the first hash function and the random key to obtain a plurality of second matrixes, wherein each data corresponds to one second matrix; determining a corresponding plurality of first target position vectors according to the plurality of second matrices; obtaining a third matrix according to the target position vectors and the first matrix; generating a random fourth matrix; performing exclusive-or calculation on the third matrix and the fourth matrix to obtain a fifth matrix;
the sender is used for generating a selection vector; initiating an inadvertent transmission to the recipient according to the selection vector;
the receiver is further configured to perform the unintentional transmission, and send a column of the fourth matrix or a column of the fifth matrix to the sender according to the selection vector;
the sender is further configured to obtain a sixth matrix after the execution of the unintentional transmission is completed;
the receiver is also used for sending the random key to the sender;
the receiver is further configured to calculate a first hash value set according to the second hash function, the fourth matrix, and the plurality of first target location vectors:
the sender is also used for receiving the random key; encoding each data in the second data set according to the pseudo-random number function, the first hash function and the random key to obtain a plurality of seventh matrixes; obtaining a plurality of second target position vectors according to the seventh matrix; obtaining a second hash value set according to the sixth matrix, the plurality of second target position vectors and the second hash function, and sending the second hash value set to a receiving party;
the receiver further configured to obtain a first intersection of the first set of hash values and the second set of hash values; and obtaining a second intersection of the first data set and the second data set according to the first intersection, and sending the second intersection to the sender.
15. A computer-readable storage medium having stored thereon a computer program, wherein the computer, when executed by a processor, implements the privacy set intersection calculation method of any one of claims 1-7.
16. A computer device, comprising:
one or more processors;
storage means for storing one or more programs;
the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the privacy set intersection calculation method of any one of claims 1-6.
CN202211250813.7A 2022-10-13 2022-10-13 Privacy set intersection calculation method, device and system Active CN115333721B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211250813.7A CN115333721B (en) 2022-10-13 2022-10-13 Privacy set intersection calculation method, device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211250813.7A CN115333721B (en) 2022-10-13 2022-10-13 Privacy set intersection calculation method, device and system

Publications (2)

Publication Number Publication Date
CN115333721A true CN115333721A (en) 2022-11-11
CN115333721B CN115333721B (en) 2023-02-03

Family

ID=83913991

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211250813.7A Active CN115333721B (en) 2022-10-13 2022-10-13 Privacy set intersection calculation method, device and system

Country Status (1)

Country Link
CN (1) CN115333721B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115967491A (en) * 2023-03-07 2023-04-14 华控清交信息科技(北京)有限公司 Privacy intersection method, system and readable storage medium
CN115987512A (en) * 2023-03-09 2023-04-18 北京数牍科技有限公司 Data processing method, device, system and medium based on oblivious transmission protocol
CN117439732A (en) * 2023-10-30 2024-01-23 浙江大学 Circuit privacy set intersection method applied to privacy calculation and electronic equipment

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107124268A (en) * 2017-04-01 2017-09-01 中国人民武装警察部队工程大学 A kind of privacy set common factor computational methods for resisting malicious attack
CN109121134A (en) * 2018-09-12 2019-01-01 滁州学院 A kind of secret protection that more applying data fusion suitable for wireless sense network and integrality detection method
US20190342270A1 (en) * 2018-05-07 2019-11-07 Microsoft Technology Licensing, Llc Computing a private set intersection
CN111125736A (en) * 2019-12-25 2020-05-08 暨南大学 Pathogenic gene detection method based on privacy protection intersection calculation protocol
CN112800478A (en) * 2021-04-07 2021-05-14 支付宝(杭州)信息技术有限公司 Method, device and system for determining shared data for protecting private data
CN113158232A (en) * 2021-03-26 2021-07-23 北京融数联智科技有限公司 Private data calculation method and device and computer equipment
WO2022076038A1 (en) * 2020-10-08 2022-04-14 Visa International Service Association Updatable private set intersection
CN115051791A (en) * 2022-05-12 2022-09-13 上海海洋大学 Efficient three-party privacy set transaction method and system based on key agreement
CN115065459A (en) * 2022-06-13 2022-09-16 青岛大学 Multi-party privacy set intersection method, device, equipment and storage medium
CN115098649A (en) * 2022-08-25 2022-09-23 北京融数联智科技有限公司 Keyword search method and system based on double-key accidental pseudorandom function

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107124268A (en) * 2017-04-01 2017-09-01 中国人民武装警察部队工程大学 A kind of privacy set common factor computational methods for resisting malicious attack
US20190342270A1 (en) * 2018-05-07 2019-11-07 Microsoft Technology Licensing, Llc Computing a private set intersection
CN109121134A (en) * 2018-09-12 2019-01-01 滁州学院 A kind of secret protection that more applying data fusion suitable for wireless sense network and integrality detection method
CN111125736A (en) * 2019-12-25 2020-05-08 暨南大学 Pathogenic gene detection method based on privacy protection intersection calculation protocol
WO2022076038A1 (en) * 2020-10-08 2022-04-14 Visa International Service Association Updatable private set intersection
CN113158232A (en) * 2021-03-26 2021-07-23 北京融数联智科技有限公司 Private data calculation method and device and computer equipment
CN112800478A (en) * 2021-04-07 2021-05-14 支付宝(杭州)信息技术有限公司 Method, device and system for determining shared data for protecting private data
CN115051791A (en) * 2022-05-12 2022-09-13 上海海洋大学 Efficient three-party privacy set transaction method and system based on key agreement
CN115065459A (en) * 2022-06-13 2022-09-16 青岛大学 Multi-party privacy set intersection method, device, equipment and storage medium
CN115098649A (en) * 2022-08-25 2022-09-23 北京融数联智科技有限公司 Keyword search method and system based on double-key accidental pseudorandom function

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
程楠 等: "一种高效的关于两方集合并/交集基数的隐私计算方法", 《密码学报》 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115967491A (en) * 2023-03-07 2023-04-14 华控清交信息科技(北京)有限公司 Privacy intersection method, system and readable storage medium
CN115967491B (en) * 2023-03-07 2023-05-23 华控清交信息科技(北京)有限公司 Privacy intersection method, system and readable storage medium
CN115987512A (en) * 2023-03-09 2023-04-18 北京数牍科技有限公司 Data processing method, device, system and medium based on oblivious transmission protocol
CN115987512B (en) * 2023-03-09 2023-06-20 北京数牍科技有限公司 Data processing method, device, system and medium based on careless transmission protocol
CN117439732A (en) * 2023-10-30 2024-01-23 浙江大学 Circuit privacy set intersection method applied to privacy calculation and electronic equipment

Also Published As

Publication number Publication date
CN115333721B (en) 2023-02-03

Similar Documents

Publication Publication Date Title
CN115333721B (en) Privacy set intersection calculation method, device and system
Schneider et al. GMW vs. Yao? Efficient secure two-party computation with low depth circuits
CN112152794A (en) Efficient post-quantum anonymous attestation with signature-based join protocol and infinite signatures
CN111008863B (en) Lottery drawing method and system based on block chain
CN111934889B (en) Key generation method, signature and signature verification method, device, equipment and medium
US20030081769A1 (en) Non-algebraic method of encryption and decryption
KR102154164B1 (en) Method for generating a pseudorandom sequence, and method for coding or decoding a data stream
CN112152786A (en) Fast XMSS signature verification and nonce sampling process without signature extension
WO2021239006A1 (en) Secret sharing-based training method and apparatus, electronic device, and storage medium
JP2011164607A (en) Method and system for privacy-preserving computation of edit distance of symbol sequence
CN116204912B (en) Data processing method and device based on isomorphic encryption
CN115098649B (en) Keyword search method and system based on double-key accidental pseudorandom function
JP2022020067A (en) Digital signature method, signature information verification method, related device, and electronic device
CN112152784A (en) Parallel processing techniques for hash-based signature algorithms
JP2022095852A (en) Digital signature method, signature information verification method, related device, and electronic device
Luo et al. SVFL: Efficient secure aggregation and verification for cross-silo federated learning
CN115982424A (en) Privacy keyword query method and device and electronic equipment
US20190294417A1 (en) Method and system for deriving deterministic prime number
JP7023584B2 (en) Public key cryptosystem, public key cryptosystem, public key crypto program
Sun et al. A Novel Chaotic Image Encryption Algorithm Based on Coordinate Descent and SHA-256
CN114448613B (en) Physical layer key generation method and device of communication system and electronic equipment
TWI776416B (en) Threshold signature scheme system for hierarchical deterministic wallet and method thereof
WO2022026755A1 (en) Secure massively parallel computation for dishonest majority
CN114065233A (en) Digital signature aggregation method for big data and block chain application
CN109450618B (en) MD 5-based encryption method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant